[arch-commits] Commit in vsftpd/repos (11 files)
Evangelos Foutras
foutrelis at archlinux.org
Tue Jul 7 19:25:43 UTC 2020
Date: Tuesday, July 7, 2020 @ 19:25:42
Author: foutrelis
Revision: 660157
archrelease: copy trunk to community-staging-x86_64
Added:
vsftpd/repos/community-staging-x86_64/
vsftpd/repos/community-staging-x86_64/PKGBUILD
(from rev 660156, vsftpd/trunk/PKGBUILD)
vsftpd/repos/community-staging-x86_64/vsftpd-conf-pam.patch
(from rev 660156, vsftpd/trunk/vsftpd-conf-pam.patch)
vsftpd/repos/community-staging-x86_64/vsftpd-disable-anonymous-access-by-default.patch
(from rev 660156, vsftpd/trunk/vsftpd-disable-anonymous-access-by-default.patch)
vsftpd/repos/community-staging-x86_64/vsftpd-fix-seccomp.patch
(from rev 660156, vsftpd/trunk/vsftpd-fix-seccomp.patch)
vsftpd/repos/community-staging-x86_64/vsftpd-ssl.service
(from rev 660156, vsftpd/trunk/vsftpd-ssl.service)
vsftpd/repos/community-staging-x86_64/vsftpd-ssl.socket
(from rev 660156, vsftpd/trunk/vsftpd-ssl.socket)
vsftpd/repos/community-staging-x86_64/vsftpd-ssl at .service
(from rev 660156, vsftpd/trunk/vsftpd-ssl at .service)
vsftpd/repos/community-staging-x86_64/vsftpd.service
(from rev 660156, vsftpd/trunk/vsftpd.service)
vsftpd/repos/community-staging-x86_64/vsftpd.socket
(from rev 660156, vsftpd/trunk/vsftpd.socket)
vsftpd/repos/community-staging-x86_64/vsftpd at .service
(from rev 660156, vsftpd/trunk/vsftpd at .service)
--------------------------------------------------+
PKGBUILD | 81 +++++++++++++++++++++
vsftpd-conf-pam.patch | 12 +++
vsftpd-disable-anonymous-access-by-default.patch | 26 ++++++
vsftpd-fix-seccomp.patch | 37 +++++++++
vsftpd-ssl.service | 10 ++
vsftpd-ssl.socket | 9 ++
vsftpd-ssl at .service | 9 ++
vsftpd.service | 11 ++
vsftpd.socket | 9 ++
vsftpd at .service | 8 ++
10 files changed, 212 insertions(+)
Copied: vsftpd/repos/community-staging-x86_64/PKGBUILD (from rev 660156, vsftpd/trunk/PKGBUILD)
===================================================================
--- community-staging-x86_64/PKGBUILD (rev 0)
+++ community-staging-x86_64/PKGBUILD 2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,81 @@
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Contributor: Jonathan Steel <jsteel at archlinux.org>
+# Contributor: Bartłomiej Piotrowski <nospam at bpiotrowski.pl>
+# Contributor: Andreas Radke <andyrtr at archlinux.org>
+# Contributor: judd <jvinet at zeroflux.org>
+
+pkgname=vsftpd
+pkgver=3.0.3
+pkgrel=7
+pkgdesc='Very Secure FTP daemon'
+url='https://security.appspot.com/vsftpd.html'
+arch=('x86_64')
+license=('GPL2')
+depends=('glibc' 'openssl' 'libcap' 'pam' 'libnsl')
+optdepends=('logrotate')
+backup=('etc/vsftpd.conf'
+ 'etc/xinetd.d/vsftpd'
+ "etc/logrotate.d/vsftpd")
+source=(https://security.appspot.com/downloads/${pkgname}-${pkgver}.tar.gz{,.asc}
+ vsftpd-ssl.socket
+ vsftpd.socket
+ vsftpd.service
+ vsftpd at .service
+ vsftpd-ssl.service
+ vsftpd-ssl at .service
+ vsftpd-fix-seccomp.patch
+ vsftpd-conf-pam.patch
+ vsftpd-disable-anonymous-access-by-default.patch)
+sha256sums=('9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7'
+ 'SKIP'
+ 'd5185e48fffc6253499a55e0fe0f90a3424fc639640af11a9d38df33fb145afe'
+ '9fdbfd2ec0207170371ca3cf2b0ddca2dc2fe3d062e5792e0d3e51474c3198c9'
+ '0597e571718ba0f4dc4b32a4ddd148103758c48c7d65dcb8bbedafc9e810e83d'
+ 'd7b8e4827d4f6bafcbf52f9d2d7380958c7b08bb3f757806aa89d4bc06c9671c'
+ 'b88a50fc68b3bf746d13c9a777df77791cd3eac6eb7c2df655418071c2adf422'
+ '4a55c2468b08d858f71bacf1f4885847bec8e548b0e92088068d9bdd3884af84'
+ '8bb7e4e4640137d38a2944859c2f443eea559ecb7f594c0fa4e962539107af66'
+ '751715726c4b888d5c96846ac0bd0d64238cceb28ef3c2ef447af85cdc2b79f1'
+ '4baa5a2db122974fa2a9603d335aed59dee5ad4217615fbe247301d129281d20')
+validpgpkeys=('8660FD3291B184CDBC2F6418AA62EC463C0E751C') # Chris Evans
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+ # build-time config
+ sed -e 's|^#undef VSF_BUILD_SSL$|#define VSF_BUILD_SSL|' -i builddefs.h
+ sed -e 's|/usr/share/empty|/var/empty|g' -i tunables.c vsftpd.conf.5 INSTALL
+ sed -e 's|/usr/local/sbin/vsftpd|/usr/bin/vsftpd|' -i EXAMPLE/INTERNET_SITE/${pkgname}.xinetd
+
+ # fix linking to openssl 1.1
+ sed -e 's|SSL_library_init|SSL_CTX_new|' -i vsf_findlibs.sh
+
+ patch -Np1 < ../vsftpd-fix-seccomp.patch
+ patch -Np1 < ../vsftpd-conf-pam.patch
+ patch -Np1 < ../vsftpd-disable-anonymous-access-by-default.patch
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ make LINK='' CFLAGS="${CFLAGS} ${CPPFLAGS}" LDFLAGS="${LDFLAGS}"
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+
+ install -Dm 755 ${pkgname} -t "${pkgdir}/usr/bin"
+ install -dm 755 "${pkgdir}/var/empty"
+ install -Dm 644 "${srcdir}"/{*.service,*.socket} -t "${pkgdir}/usr/lib/systemd/system"
+
+ install -Dm 644 ${pkgname}.conf -t "${pkgdir}/etc"
+ install -Dm 644 EXAMPLE/INTERNET_SITE/${pkgname}.xinetd "${pkgdir}/etc/xinetd.d/${pkgname}"
+ install -Dm 644 RedHat/vsftpd.log "${pkgdir}/etc/logrotate.d/${pkgname}"
+ install -Dm 644 RedHat/vsftpd.pam "${pkgdir}/etc/pam.d/${pkgname}"
+ # TODO: check pam /etc/ftpusers files from debian and redhat, its linked
+
+ install -Dm 644 ${pkgname}.8 -t "${pkgdir}/usr/share/man/man8"
+ install -Dm 644 ${pkgname}.conf.5 -t "${pkgdir}/usr/share/man/man5"
+ install -Dm 644 BENCHMARKS BUGS Changelog FAQ INSTALL README README.ssl REFS \
+ REWARD SPEED TODO TUNING -t "${pkgdir}/usr/share/doc/${pkgname}"
+}
+
+# vim: ts=2 sw=2 et:
Copied: vsftpd/repos/community-staging-x86_64/vsftpd-conf-pam.patch (from rev 660156, vsftpd/trunk/vsftpd-conf-pam.patch)
===================================================================
--- community-staging-x86_64/vsftpd-conf-pam.patch (rev 0)
+++ community-staging-x86_64/vsftpd-conf-pam.patch 2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,12 @@
+diff --git a/vsftpd.conf b/vsftpd.conf
+index 5868675..9543536 100644
+--- a/vsftpd.conf
++++ b/vsftpd.conf
+@@ -127,3 +127,7 @@ listen=NO
+ # sockets, you must run two copies of vsftpd with two configuration files.
+ # Make sure, that one of the listen options is commented !!
+ #listen_ipv6=YES
++
++# Set own PAM service name to detect authentication settings specified
++# for vsftpd by the system package.
++pam_service_name=vsftpd
Copied: vsftpd/repos/community-staging-x86_64/vsftpd-disable-anonymous-access-by-default.patch (from rev 660156, vsftpd/trunk/vsftpd-disable-anonymous-access-by-default.patch)
===================================================================
--- community-staging-x86_64/vsftpd-disable-anonymous-access-by-default.patch (rev 0)
+++ community-staging-x86_64/vsftpd-disable-anonymous-access-by-default.patch 2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,26 @@
+From ffaeebcfdb56ba75392af21c68c0bac78a226b55 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek at redhat.com>
+Date: Tue, 2 Jan 2018 09:54:43 +0100
+Subject: [PATCH 44/44] Disable anonymous_enable in default config file
+
+Resolves: rhbz#1338637
+---
+ vsftpd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/vsftpd.conf b/vsftpd.conf
+index 39d1955..4626c1b 100644
+--- a/vsftpd.conf
++++ b/vsftpd.conf
+@@ -9,7 +9,7 @@
+ # capabilities.
+ #
+ # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+-anonymous_enable=YES
++anonymous_enable=NO
+ #
+ # Uncomment this to allow local users to log in.
+ # When SELinux is enforcing check for SE bool ftp_home_dir
+--
+2.14.3
+
Copied: vsftpd/repos/community-staging-x86_64/vsftpd-fix-seccomp.patch (from rev 660156, vsftpd/trunk/vsftpd-fix-seccomp.patch)
===================================================================
--- community-staging-x86_64/vsftpd-fix-seccomp.patch (rev 0)
+++ community-staging-x86_64/vsftpd-fix-seccomp.patch 2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,37 @@
+From ecaa07c31a68bca0e4c8159d447e0b9ef7c5b350 Mon Sep 17 00:00:00 2001
+From: Olivier Brunel <jjk at jjacky.com>
+Date: Fri, 14 Apr 2017 22:50:31 +0200
+Subject: [PATCH] Fix unable to list dirs w/ more than 31 items
+
+Trying to list directories with more than 31 items would fail due to seccomp
+filter being too strict:
+
+ftp> ls dir
+200 PORT command successful. Consider using PASV.
+150 Here comes the directory listing.
+500 OOPS: 421 Service not available, remote server has closed connection
+
+This was due to vsftpd calling qsort() and glibc in turn calling
+sysinfo(), which wasn't allowed, hence SIGSYS.
+
+Signed-off-by: Olivier Brunel <jjk at jjacky.com>
+---
+ seccompsandbox.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/seccompsandbox.c b/seccompsandbox.c
+index 2c350a9..13c8c78 100644
+--- a/seccompsandbox.c
++++ b/seccompsandbox.c
+@@ -297,6 +297,8 @@ seccomp_sandbox_setup_base()
+ allow_nr_1_arg_mask(__NR_mprotect, 3, PROT_READ);
+ allow_nr(__NR_munmap);
+ allow_nr(__NR_brk);
++ allow_nr(__NR_sysinfo);
++ allow_nr(__NR_getdents64);
+ /* glibc falls back gracefully if mremap() fails during realloc(). */
+ reject_nr(__NR_mremap, ENOSYS);
+
+--
+2.12.2
+
Copied: vsftpd/repos/community-staging-x86_64/vsftpd-ssl.service (from rev 660156, vsftpd/trunk/vsftpd-ssl.service)
===================================================================
--- community-staging-x86_64/vsftpd-ssl.service (rev 0)
+++ community-staging-x86_64/vsftpd-ssl.service 2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,10 @@
+[Unit]
+Description=vsftpd daemon (legacy implicit SSL)
+
+[Service]
+ExecStart=/usr/bin/vsftpd -oimplicit_ssl=yes
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target
Copied: vsftpd/repos/community-staging-x86_64/vsftpd-ssl.socket (from rev 660156, vsftpd/trunk/vsftpd-ssl.socket)
===================================================================
--- community-staging-x86_64/vsftpd-ssl.socket (rev 0)
+++ community-staging-x86_64/vsftpd-ssl.socket 2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,9 @@
+[Unit]
+Conflicts=vsftpd.service
+
+[Socket]
+ListenStream=990
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
Copied: vsftpd/repos/community-staging-x86_64/vsftpd-ssl at .service (from rev 660156, vsftpd/trunk/vsftpd-ssl at .service)
===================================================================
--- community-staging-x86_64/vsftpd-ssl at .service (rev 0)
+++ community-staging-x86_64/vsftpd-ssl at .service 2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,9 @@
+[Unit]
+Description=vsftpd per-connection server (legacy implicit SSL)
+
+[Service]
+ExecStart=-/usr/bin/vsftpd -oimplicit_ssl=yes
+ExecReload=/bin/kill -HUP $MAINPID
+StandardInput=socket
+StandardOutput=socket
+StandardError=syslog
Copied: vsftpd/repos/community-staging-x86_64/vsftpd.service (from rev 660156, vsftpd/trunk/vsftpd.service)
===================================================================
--- community-staging-x86_64/vsftpd.service (rev 0)
+++ community-staging-x86_64/vsftpd.service 2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,11 @@
+[Unit]
+Description=vsftpd daemon
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/vsftpd
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target
Copied: vsftpd/repos/community-staging-x86_64/vsftpd.socket (from rev 660156, vsftpd/trunk/vsftpd.socket)
===================================================================
--- community-staging-x86_64/vsftpd.socket (rev 0)
+++ community-staging-x86_64/vsftpd.socket 2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,9 @@
+[Unit]
+Conflicts=vsftpd.service
+
+[Socket]
+ListenStream=21
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
Copied: vsftpd/repos/community-staging-x86_64/vsftpd at .service (from rev 660156, vsftpd/trunk/vsftpd at .service)
===================================================================
--- community-staging-x86_64/vsftpd at .service (rev 0)
+++ community-staging-x86_64/vsftpd at .service 2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,8 @@
+[Unit]
+Description=vsftpd per-connection server
+
+[Service]
+ExecStart=-/usr/bin/vsftpd
+ExecReload=/bin/kill -HUP $MAINPID
+StandardInput=socket
+StandardError=syslog
More information about the arch-commits
mailing list