From aff2e9e76448a59782585605c9fbfbdba8fd5203 Mon Sep 17 00:00:00 2001 From: Hannu Nyman Date: Mon, 21 Jul 2014 19:40:36 +0300 Subject: [PATCH 1/2] vsftpd: import from oldpackages. No changes. --- net/vsftpd/Makefile | 85 +++++++++++++++++++ net/vsftpd/files/vsftpd.conf | 17 ++++ net/vsftpd/files/vsftpd.init | 13 +++ net/vsftpd/patches/001-destdir.patch | 47 ++++++++++ net/vsftpd/patches/002-find_libs.patch | 13 +++ net/vsftpd/patches/003-chroot.patch | 11 +++ .../patches/004-disable-capabilities.patch | 12 +++ net/vsftpd/patches/005-disable-pam.patch | 11 +++ 8 files changed, 209 insertions(+) create mode 100644 net/vsftpd/Makefile create mode 100644 net/vsftpd/files/vsftpd.conf create mode 100644 net/vsftpd/files/vsftpd.init create mode 100644 net/vsftpd/patches/001-destdir.patch create mode 100644 net/vsftpd/patches/002-find_libs.patch create mode 100644 net/vsftpd/patches/003-chroot.patch create mode 100644 net/vsftpd/patches/004-disable-capabilities.patch create mode 100644 net/vsftpd/patches/005-disable-pam.patch diff --git a/net/vsftpd/Makefile b/net/vsftpd/Makefile new file mode 100644 index 0000000000..e1633e953d --- /dev/null +++ b/net/vsftpd/Makefile @@ -0,0 +1,85 @@ +# +# Copyright (C) 2006-2013 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=vsftpd +PKG_VERSION:=3.0.2 +PKG_RELEASE:=3 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://security.appspot.com/downloads/ +PKG_MD5SUM:=8b00c749719089401315bd3c44dddbb2 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) + +include $(INCLUDE_DIR)/package.mk + +define Package/vsftpd/Default + SUBMENU:=File Transfer + SECTION:=net + CATEGORY:=Network + TITLE:=A fast and secure FTP server + URL:=http://vsftpd.beasts.org/ + MAINTAINER:=Cezary Jackiewicz +endef + + +define Package/vsftpd +$(call Package/vsftpd/Default) + VARIANT:=notls + TITLE+= (no TLS) +endef + +define Package/vsftpd-tls +$(call Package/vsftpd/Default) + VARIANT:=tls + TITLE+= (TLS) + DEPENDS+=+libopenssl +endef + +define Package/vsftpd/conffiles +/etc/vsftpd.conf +endef + +Package/vsftpd-tls/conffiles=$(Package/vsftpd/conffiles) + +ifeq ($(BUILD_VARIANT),notls) + define Build/Compile + $(MAKE) -C $(PKG_BUILD_DIR) \ + CC="$(TARGET_CC)" \ + CFLAGS="$(TARGET_CFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" \ + vsftpd + endef +endif + +ifeq ($(BUILD_VARIANT),tls) + define Build/Compile + $(SED) 's/#undef VSF_BUILD_SSL/#define VSF_BUILD_SSL/' $(PKG_BUILD_DIR)/builddefs.h + $(SED) 's/-lcrypt -lnsl/-lcrypt -lnsl -lssl -lcrypto/' $(PKG_BUILD_DIR)/Makefile + $(MAKE) -C $(PKG_BUILD_DIR) \ + CC="$(TARGET_CC)" \ + CFLAGS="$(TARGET_CFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" \ + vsftpd + endef +endif + +define Package/vsftpd/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/$(PKG_NAME) $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc + $(INSTALL_CONF) ./files/$(PKG_NAME).conf $(1)/etc/$(PKG_NAME).conf + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME) +endef + +Package/vsftpd-tls/install=$(Package/vsftpd/install) + +$(eval $(call BuildPackage,vsftpd)) +$(eval $(call BuildPackage,vsftpd-tls)) diff --git a/net/vsftpd/files/vsftpd.conf b/net/vsftpd/files/vsftpd.conf new file mode 100644 index 0000000000..f3ba34f507 --- /dev/null +++ b/net/vsftpd/files/vsftpd.conf @@ -0,0 +1,17 @@ +background=YES +listen=YES +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +check_shell=NO +#dirmessage_enable=YES +#ftpd_banner=Welcome to blah FTP service. +session_support=NO +#syslog_enable=YES +#userlist_enable=YES +#userlist_deny=NO +#userlist_file=/etc/vsftpd.users +#xferlog_enable=YES +#xferlog_file=/var/log/vsftpd.log +#xferlog_std_format=YES diff --git a/net/vsftpd/files/vsftpd.init b/net/vsftpd/files/vsftpd.init new file mode 100644 index 0000000000..ad3e23da5f --- /dev/null +++ b/net/vsftpd/files/vsftpd.init @@ -0,0 +1,13 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2006-2011 OpenWrt.org + +START=50 + +start() { + mkdir -m 0755 -p /var/run/vsftpd + service_start /usr/sbin/vsftpd +} + +stop() { + service_stop /usr/sbin/vsftpd +} diff --git a/net/vsftpd/patches/001-destdir.patch b/net/vsftpd/patches/001-destdir.patch new file mode 100644 index 0000000000..70d95927f0 --- /dev/null +++ b/net/vsftpd/patches/001-destdir.patch @@ -0,0 +1,47 @@ +--- a/Makefile ++++ b/Makefile +@@ -22,6 +22,8 @@ OBJS = main.o utility.o prelogin.o ftpcm + seccompsandbox.o + + ++DESTDIR = ++ + .c.o: + $(CC) -c $*.c $(CFLAGS) $(IFLAGS) + +@@ -29,21 +31,20 @@ vsftpd: $(OBJS) + $(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS) + + install: +- if [ -x /usr/local/sbin ]; then \ +- $(INSTALL) -m 755 vsftpd /usr/local/sbin/vsftpd; \ +- else \ +- $(INSTALL) -m 755 vsftpd /usr/sbin/vsftpd; fi +- if [ -x /usr/local/man ]; then \ +- $(INSTALL) -m 644 vsftpd.8 /usr/local/man/man8/vsftpd.8; \ +- $(INSTALL) -m 644 vsftpd.conf.5 /usr/local/man/man5/vsftpd.conf.5; \ +- elif [ -x /usr/share/man ]; then \ +- $(INSTALL) -m 644 vsftpd.8 /usr/share/man/man8/vsftpd.8; \ +- $(INSTALL) -m 644 vsftpd.conf.5 /usr/share/man/man5/vsftpd.conf.5; \ +- else \ +- $(INSTALL) -m 644 vsftpd.8 /usr/man/man8/vsftpd.8; \ +- $(INSTALL) -m 644 vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5; fi +- if [ -x /etc/xinetd.d ]; then \ +- $(INSTALL) -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi ++ mkdir -p $(DESTDIR)/usr/sbin ++ $(INSTALL) -m 755 vsftpd $(DESTDIR)/usr/sbin/ ++ mkdir -p $(DESTDIR)/usr/share/man/man8 ++ $(INSTALL) -m 644 vsftpd.8 $(DESTDIR)/usr/share/man/man8/ ++ mkdir -p $(DESTDIR)/usr/share/man/man5 ++ $(INSTALL) -m 644 vsftpd.conf.5 $(DESTDIR)/usr/share/man/man5/ ++ mkdir -p $(DESTDIR)/etc/xinetd.d ++ $(INSTALL) -m 644 xinetd.d/vsftpd $(DESTDIR)/etc/xinetd.d/ ++ ++uninstall: ++ rm -f $(DESTDIR)/usr/sbin/vsftpd ++ rm -f $(DESTDIR)/usr/share/man/man8/vsftpd.8 ++ rm -f $(DESTDIR)/usr/share/man/man5/vsftpd.conf.5 ++ rm -f $(DESTDIR)/etc/xinetd.d/vsftpd + + clean: + rm -f *.o *.swp vsftpd diff --git a/net/vsftpd/patches/002-find_libs.patch b/net/vsftpd/patches/002-find_libs.patch new file mode 100644 index 0000000000..daf83efabd --- /dev/null +++ b/net/vsftpd/patches/002-find_libs.patch @@ -0,0 +1,13 @@ +--- a/Makefile ++++ b/Makefile +@@ -8,8 +8,8 @@ CFLAGS = -O2 -fPIE -fstack-protector --p + -D_FORTIFY_SOURCE=2 \ + #-pedantic -Wconversion + +-LIBS = `./vsf_findlibs.sh` +-LINK = -Wl,-s ++LIBS = -lcrypt -lnsl ++LINK = + LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now + + OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \ diff --git a/net/vsftpd/patches/003-chroot.patch b/net/vsftpd/patches/003-chroot.patch new file mode 100644 index 0000000000..8965da4179 --- /dev/null +++ b/net/vsftpd/patches/003-chroot.patch @@ -0,0 +1,11 @@ +--- a/tunables.c ++++ b/tunables.c +@@ -254,7 +254,7 @@ tunables_load_defaults() + /* -rw------- */ + tunable_chown_upload_mode = 0600; + +- install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir); ++ install_str_setting("/var/run/vsftpd", &tunable_secure_chroot_dir); + install_str_setting("ftp", &tunable_ftp_username); + install_str_setting("root", &tunable_chown_username); + install_str_setting("/var/log/xferlog", &tunable_xferlog_file); diff --git a/net/vsftpd/patches/004-disable-capabilities.patch b/net/vsftpd/patches/004-disable-capabilities.patch new file mode 100644 index 0000000000..7aa6330b81 --- /dev/null +++ b/net/vsftpd/patches/004-disable-capabilities.patch @@ -0,0 +1,12 @@ +--- a/sysdeputil.c ++++ b/sysdeputil.c +@@ -165,6 +165,9 @@ + #endif + /* END config */ + ++#undef VSF_SYSDEP_HAVE_CAPABILITIES ++#undef VSF_SYSDEP_HAVE_LIBCAP ++ + /* PAM support - we include our own dummy version if the system lacks this */ + #include + diff --git a/net/vsftpd/patches/005-disable-pam.patch b/net/vsftpd/patches/005-disable-pam.patch new file mode 100644 index 0000000000..ebb72447f5 --- /dev/null +++ b/net/vsftpd/patches/005-disable-pam.patch @@ -0,0 +1,11 @@ +--- a/builddefs.h ++++ b/builddefs.h +@@ -2,7 +2,7 @@ + #define VSF_BUILDDEFS_H + + #undef VSF_BUILD_TCPWRAPPERS +-#define VSF_BUILD_PAM ++#undef VSF_BUILD_PAM + #undef VSF_BUILD_SSL + + #endif /* VSF_BUILDDEFS_H */ From add53caa84b5d994585b36fb2c2131ca9f75ed48 Mon Sep 17 00:00:00 2001 From: Hannu Nyman Date: Mon, 21 Jul 2014 19:46:34 +0300 Subject: [PATCH 2/2] vsftpd: Add TLS/SSL example options. Bump PKG_RELEASE and copyright year. I did not define myself as the maintainer, as the package already had one. Signed-off-by: Hannu Nyman --- net/vsftpd/Makefile | 4 ++-- net/vsftpd/files/vsftpd.conf | 13 +++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/net/vsftpd/Makefile b/net/vsftpd/Makefile index e1633e953d..e1a4de0174 100644 --- a/net/vsftpd/Makefile +++ b/net/vsftpd/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2013 OpenWrt.org +# Copyright (C) 2006-2014 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=vsftpd PKG_VERSION:=3.0.2 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://security.appspot.com/downloads/ diff --git a/net/vsftpd/files/vsftpd.conf b/net/vsftpd/files/vsftpd.conf index f3ba34f507..7d46506e92 100644 --- a/net/vsftpd/files/vsftpd.conf +++ b/net/vsftpd/files/vsftpd.conf @@ -15,3 +15,16 @@ session_support=NO #xferlog_enable=YES #xferlog_file=/var/log/vsftpd.log #xferlog_std_format=YES +### +### TLS/SSL options +### example key generation: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/config/vsftpd_privkey.pem -out /etc/config/vsftpd_cert.pem -subj /C="DE"/ST="Saxony"/L="Leipzig"/CN="OpenWrt" +#ssl_enable=YES +#allow_anon_ssl=NO +#force_local_data_ssl=NO +#force_local_logins_ssl=NO +#ssl_tlsv1=YES +#ssl_sslv2=NO +#ssl_sslv3=NO +#rsa_cert_file=/etc/config/vsftpd_cert.pem +#rsa_private_key_file=/etc/config/vsftpd_privkey.pem +