[vsftpd] update to 3.0.2.

diff --git a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/01-builddefs.patch b/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/01-builddefs.patch
deleted file mode 100644 (file)
index a757d99..0000000
--- a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/01-builddefs.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Author: Daniel Jacobowitz <dan@debian.org>
-Description: Build with tcpwrapper and SSL support.
-
-diff -Naurp vsftpd.orig/builddefs.h vsftpd/builddefs.h
---- vsftpd.orig/builddefs.h    2009-01-31 00:02:36.000000000 +0000
-+++ vsftpd/builddefs.h 2009-01-31 00:26:34.000000000 +0000
-@@ -1,9 +1,9 @@
- #ifndef VSF_BUILDDEFS_H
- #define VSF_BUILDDEFS_H
- 
--#undef VSF_BUILD_TCPWRAPPERS
-+#define VSF_BUILD_TCPWRAPPERS 1
- #define VSF_BUILD_PAM
--#undef VSF_BUILD_SSL
-+#define VSF_BUILD_SSL
- 
- #endif /* VSF_BUILDDEFS_H */
- 

diff --git a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/02-config.patch b/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/02-config.patch
deleted file mode 100644 (file)
index 6c980c5..0000000
--- a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/02-config.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-Author: Daniel Jacobowitz <dan@debian.org>
-Description: Set default configuration.
-
-diff -Naurp vsftpd.orig/tunables.c vsftpd/tunables.c
---- vsftpd.orig/tunables.c     2009-07-15 22:08:27.000000000 +0200
-+++ vsftpd/tunables.c  2009-11-06 13:33:34.000000000 +0100
-@@ -246,7 +246,7 @@ tunables_load_defaults()
-   /* -rw------- */
-   tunable_chown_upload_mode = 0600;
- 
--  install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
-+  install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
-   install_str_setting("ftp", &tunable_ftp_username);
-   install_str_setting("root", &tunable_chown_username);
-   install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
-@@ -256,7 +256,7 @@ tunables_load_defaults()
-   install_str_setting(0, &tunable_ftpd_banner);
-   install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file);
-   install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file);
--  install_str_setting("ftp", &tunable_pam_service_name);
-+  install_str_setting("vsftpd", &tunable_pam_service_name);
-   install_str_setting("ftp", &tunable_guest_username);
-   install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file);
-   install_str_setting(0, &tunable_anon_root);
-diff -Naurp vsftpd.orig/vsftpd.conf vsftpd/vsftpd.conf
---- vsftpd.orig/vsftpd.conf    2009-11-06 08:41:11.000000000 +0100
-+++ vsftpd/vsftpd.conf 2009-11-06 13:35:37.000000000 +0100
-@@ -8,6 +8,17 @@
- # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
- # capabilities.
- #
-+#
-+# Run standalone?  vsftpd can run either from an inetd or as a standalone
-+# daemon started from an initscript.
-+listen=YES
-+#
-+# Run standalone with IPv6?
-+# Like the listen parameter, except vsftpd will listen on an IPv6 socket
-+# instead of an IPv4 one. This parameter and the listen parameter are mutually
-+# exclusive.
-+#listen_ipv6=YES
-+#
- # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
- anonymous_enable=YES
- #
-@@ -34,6 +45,12 @@ anonymous_enable=YES
- # go into a certain directory.
- dirmessage_enable=YES
- #
-+# If enabled, vsftpd will display directory listings with the time
-+# in  your  local  time  zone.  The default is to display GMT. The
-+# times returned by the MDTM FTP command are also affected by this
-+# option.
-+use_localtime=YES
-+#
- # Activate logging of uploads/downloads.
- xferlog_enable=YES
- #
-@@ -89,6 +106,11 @@ connect_from_port_20=YES
- # (default follows)
- #banned_email_file=/etc/vsftpd.banned_emails
- #
-+# You may restrict local users to their home directories.  See the FAQ for
-+# the possible risks in this before using chroot_local_user or
-+# chroot_list_enable below.
-+#chroot_local_user=YES
-+#
- # You may specify an explicit list of local users to chroot() to their home
- # directory. If chroot_local_user is YES, then this list becomes a list of
- # users to NOT chroot().
-@@ -103,12 +123,22 @@ connect_from_port_20=YES
- # the presence of the "-R" option, so there is a strong case for enabling it.
- #ls_recurse_enable=YES
- #
--# When "listen" directive is enabled, vsftpd runs in standalone mode and
--# listens on IPv4 sockets. This directive cannot be used in conjunction
--# with the listen_ipv6 directive.
--listen=YES
-+# Customization
- #
--# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
--# sockets, you must run two copies of vsftpd with two configuration files.
--# Make sure, that one of the listen options is commented !!
--#listen_ipv6=YES
-+# Some of vsftpd's settings don't fit the filesystem layout by
-+# default.
-+#
-+# This option should be the name of a directory which is empty.  Also, the
-+# directory should not be writable by the ftp user. This directory is used
-+# as a secure chroot() jail at times vsftpd does not require filesystem
-+# access.
-+secure_chroot_dir=/var/run/vsftpd/empty
-+#
-+# This string is the name of the PAM service vsftpd will use.
-+pam_service_name=vsftpd
-+#
-+# This option specifies the location of the RSA certificate to use for SSL
-+# encrypted connections.
-+rsa_cert_file=/etc/ssl/private/vsftpd.pem
-+#
-+local_root=/
-diff -Naurp vsftpd.orig/vsftpd.conf.5 vsftpd/vsftpd.conf.5
---- vsftpd.orig/vsftpd.conf.5  2009-11-06 08:41:11.000000000 +0100
-+++ vsftpd/vsftpd.conf.5       2009-11-06 13:37:10.000000000 +0100
-@@ -940,7 +940,7 @@ Default: nobody
- .B pam_service_name
- This string is the name of the PAM service vsftpd will use.
- 
--Default: ftp
-+Default: vsftpd
- .TP
- .B pasv_address
- Use this option to override the IP address that vsftpd will advertise in
-@@ -969,7 +969,7 @@ This option should be the name of a dire
- directory should not be writable by the ftp user. This directory is used
- as a secure chroot() jail at times vsftpd does not require filesystem access.
- 
--Default: /usr/share/empty
-+Default: /var/run/vsftpd/empty
- .TP
- .B ssl_ciphers
- This option can be used to select which SSL ciphers vsftpd will allow for

diff --git a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/03-db-doc.patch b/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/03-db-doc.patch
deleted file mode 100644 (file)
index d544ef0..0000000
--- a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/03-db-doc.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Author: shaul Karl <shaulkarl@yahoo.com>
-Description:
- A short explanation how to find out the right db version (Closes: #478282).
-
-diff -Naurp vsftpd.orig/EXAMPLE/VIRTUAL_USERS/README vsftpd/EXAMPLE/VIRTUAL_USERS/README
---- vsftpd.orig/EXAMPLE/VIRTUAL_USERS/README   2009-01-31 00:02:36.000000000 +0000
-+++ vsftpd/EXAMPLE/VIRTUAL_USERS/README        2009-01-31 01:38:11.000000000 +0000
-@@ -21,7 +21,10 @@ NOTE: Many systems have multiple version
- need to use e.g. db3_load for correct operation. This is known to affect
- some Debian systems. The core issue is that pam_userdb expects its login
- database to be a specific db version (often db3, whereas db4 may be installed
--on your system).
-+on your system). You might check ahead what specific db version you'll need
-+by looking at the dependcies of the pam module. Some methods to do that is to
-+run ldd on the pam_userdb.so or look at the dependencies of the package with
-+the pam modules.
- 
- This will create /etc/vsftpd_login.db. Obviously, you may want to make sure
- the permissions are restricted:

diff --git a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/04-link-local.patch b/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/04-link-local.patch
deleted file mode 100644 (file)
index 53b3735..0000000
--- a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/04-link-local.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-Author: Michael Stapelberg <michael@stapelberg.de>
-Description:
- vsftpd does not accept IPv6 scope identifier in listen_address6
- (Closes: #544993).
- .
- When specifying a link-local address, you need a scope identifier (tha name of
- the index usually), thus you cannot use the following:
- listen_address6=fe80::21f:16ff:fe06:3aab
- but you have to use:
- listen_address6=fe80::21f:16ff:fe06:3aab%eth0
- so that it is clear on which interface this link-local address should be used.
- .
- Unfortunately, vsftpd does not correctly parse the address mentioned above and
- thus fails to be useful in link-local-only environments.
- .
- This patch fixes it.
-
-diff -Naurp vsftpd.orig/standalone.c vsftpd/standalone.c
---- vsftpd.orig/standalone.c   2009-10-02 14:15:18.000000000 +0200
-+++ vsftpd/standalone.c        2009-10-17 17:10:02.000000000 +0200
-@@ -7,6 +7,8 @@
-  * Code to listen on the network and launch children servants.
-  */
- 
-+#include <net/if.h>
-+
- #include "standalone.h"
- 
- #include "parseconf.h"
-@@ -111,8 +113,17 @@ vsf_standalone_main(void)
-     else
-     {
-       struct mystr addr_str = INIT_MYSTR;
-+      struct mystr scope_id = INIT_MYSTR;
-       const unsigned char* p_raw_addr;
-+      unsigned int if_index = 0;
-+
-+      /* See if we got a scope id */
-       str_alloc_text(&addr_str, tunable_listen_address6);
-+      str_split_char(&addr_str, &scope_id, '%');
-+      if (str_getlen(&scope_id) > 0) {
-+        if_index = if_nametoindex(str_getbuf(&scope_id));
-+        str_free(&scope_id);
-+      }
-       p_raw_addr = vsf_sysutil_parse_ipv6(&addr_str);
-       str_free(&addr_str);
-       if (!p_raw_addr)
-@@ -120,6 +131,7 @@ vsf_standalone_main(void)
-         die2("bad listen_address6: ", tunable_listen_address6);
-       }
-       vsf_sysutil_sockaddr_set_ipv6addr(p_sockaddr, p_raw_addr);
-+      vsf_sysutil_sockaddr_set_ipv6scope(p_sockaddr, if_index);
-     }
-     retval = vsf_sysutil_bind(listen_sock, p_sockaddr);
-     vsf_sysutil_free(p_sockaddr);
-diff -Naurp vsftpd.orig/sysutil.c vsftpd/sysutil.c
---- vsftpd.orig/sysutil.c      2009-10-02 14:15:18.000000000 +0200
-+++ vsftpd/sysutil.c   2009-10-17 17:10:02.000000000 +0200
-@@ -2039,6 +2039,19 @@ vsf_sysutil_sockaddr_set_ipv6addr(struct
-   }
- }
- 
-+int
-+vsf_sysutil_sockaddr_get_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr)
-+{
-+  return p_sockptr->u.u_sockaddr_in6.sin6_scope_id;
-+}
-+
-+void
-+vsf_sysutil_sockaddr_set_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr,
-+                                  const int scope_id)
-+{
-+  p_sockptr->u.u_sockaddr_in6.sin6_scope_id = scope_id;
-+}
-+
- const void*
- vsf_sysutil_sockaddr_ipv6_v4(const struct vsf_sysutil_sockaddr* p_addr)
- {
-diff -Naurp vsftpd.orig/sysutil.h vsftpd/sysutil.h
---- vsftpd.orig/sysutil.h      2009-10-02 14:15:18.000000000 +0200
-+++ vsftpd/sysutil.h   2009-10-17 17:10:02.000000000 +0200
-@@ -228,6 +228,9 @@ void vsf_sysutil_sockaddr_set_ipv4addr(s
-                                        const unsigned char* p_raw);
- void vsf_sysutil_sockaddr_set_ipv6addr(struct vsf_sysutil_sockaddr* p_sockptr,
-                                        const unsigned char* p_raw);
-+void vsf_sysutil_sockaddr_set_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr,
-+                                      const int scope_id);
-+int vsf_sysutil_sockaddr_get_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr);
- void vsf_sysutil_sockaddr_set_any(struct vsf_sysutil_sockaddr* p_sockaddr);
- unsigned short vsf_sysutil_sockaddr_get_port(
-     const struct vsf_sysutil_sockaddr* p_sockptr);

diff --git a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/05-whitespaces.patch b/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/05-whitespaces.patch
deleted file mode 100644 (file)
index 569ce38..0000000
--- a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/05-whitespaces.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-Author: Jiri Skala <jskala@redhat.com>
-Description: trim white spaces from option values (Closes: #419857, #536803).
-
-diff -Naurp vsftpd.orig/parseconf.c vsftpd/parseconf.c
---- vsftpd.orig/parseconf.c    2009-10-02 14:15:18.000000000 +0200
-+++ vsftpd/parseconf.c 2009-10-18 11:28:31.000000000 +0200
-@@ -275,7 +275,7 @@ vsf_parseconf_load_setting(const char* p
-         }
-         else
-         {
--          *p_curr_setting = str_strdup(&s_value_str);
-+          *p_curr_setting = str_strdup_trimmed(&s_value_str);
-         }
-         return;
-       }
-diff -Naurp vsftpd.orig/str.c vsftpd/str.c
---- vsftpd.orig/str.c  2009-10-02 14:15:18.000000000 +0200
-+++ vsftpd/str.c       2009-10-18 11:28:31.000000000 +0200
-@@ -89,6 +89,18 @@ str_strdup(const struct mystr* p_str)
-   return vsf_sysutil_strdup(str_getbuf(p_str));
- }
- 
-+const char*
-+str_strdup_trimmed(const struct mystr* p_str)
-+{
-+  const char* p_trimmed = str_getbuf(p_str);
-+  int h, t, newlen;
-+
-+  for (h = 0; h < (int)str_getlen(p_str) && vsf_sysutil_isspace(p_trimmed[h]); h++) ;
-+  for (t = str_getlen(p_str) - 1; t >= 0 && vsf_sysutil_isspace(p_trimmed[t]); t--) ;
-+  newlen = t - h + 1;
-+  return newlen ? vsf_sysutil_strndup(p_trimmed+h, (unsigned int)newlen) : 0L;
-+}
-+
- void
- str_alloc_alt_term(struct mystr* p_str, const char* p_src, char term)
- {
-diff -Naurp vsftpd.orig/str.h vsftpd/str.h
---- vsftpd.orig/str.h  2009-10-02 14:15:18.000000000 +0200
-+++ vsftpd/str.h       2009-10-18 11:28:31.000000000 +0200
-@@ -31,6 +31,7 @@ void str_alloc_ulong(struct mystr* p_str
- void str_alloc_filesize_t(struct mystr* p_str, filesize_t the_filesize);
- void str_copy(struct mystr* p_dest, const struct mystr* p_src);
- const char* str_strdup(const struct mystr* p_str);
-+const char* str_strdup_trimmed(const struct mystr* p_str);
- void str_empty(struct mystr* p_str);
- void str_free(struct mystr* p_str);
- void str_trunc(struct mystr* p_str, unsigned int trunc_len);
-diff -Naurp vsftpd.orig/sysutil.c vsftpd/sysutil.c
---- vsftpd.orig/sysutil.c      2009-10-02 14:15:18.000000000 +0200
-+++ vsftpd/sysutil.c   2009-10-18 11:28:31.000000000 +0200
-@@ -1033,6 +1033,18 @@ vsf_sysutil_strdup(const char* p_str)
-   return strdup(p_str);
- }
- 
-+char*
-+vsf_sysutil_strndup(const char* p_str, unsigned int p_len)
-+{
-+  char *new = (char *)malloc(p_len+1);
-+
-+  if (new == NULL)
-+    return NULL;
-+
-+  new[p_len]='\0';
-+  return (char *)memcpy(new, p_str, p_len);
-+}
-+
- void
- vsf_sysutil_memclr(void* p_dest, unsigned int size)
- {
-diff -Naurp vsftpd.orig/sysutil.h vsftpd/sysutil.h
---- vsftpd.orig/sysutil.h      2009-10-02 14:15:18.000000000 +0200
-+++ vsftpd/sysutil.h   2009-10-18 11:28:31.000000000 +0200
-@@ -186,6 +186,7 @@ int vsf_sysutil_wait_get_exitcode(
- /* Various string functions */
- unsigned int vsf_sysutil_strlen(const char* p_text);
- char* vsf_sysutil_strdup(const char* p_str);
-+char* vsf_sysutil_strndup(const char* p_str, unsigned int p_len);
- void vsf_sysutil_memclr(void* p_dest, unsigned int size);
- void vsf_sysutil_memcpy(void* p_dest, const void* p_src,
-                         const unsigned int size);

diff --git a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/06-greedy.patch b/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/06-greedy.patch
deleted file mode 100644 (file)
index ff73c9c..0000000
--- a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/06-greedy.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Author: Martin Nagy <mnagy@redhat.com>
-Description: Fix file listing issue with wildcard (Bugzilla: #392181).
-
-diff -Naurp vsftpd.orig/ls.c vsftpd/ls.c
---- vsftpd.orig/ls.c   2009-10-02 14:15:18.000000000 +0200
-+++ vsftpd/ls.c        2009-10-18 11:48:29.000000000 +0200
-@@ -281,6 +281,25 @@ vsf_filename_passes_filter(const struct 
-       {
-         goto out;
-       }
-+      if (!must_match_at_current_pos)
-+      {
-+        struct mystr scan_fwd = INIT_MYSTR;
-+
-+        str_mid_to_end(&name_remain_str, &scan_fwd,
-+                        indexx + str_getlen(&s_match_needed_str));
-+        /* We're allowed to be greedy, test if it match further along
-+         * keep advancing indexx while we can still match.
-+         */
-+        while( (locate_result = str_locate_str(&scan_fwd, &s_match_needed_str)),
-+            locate_result.found )
-+        {
-+          indexx += locate_result.index + str_getlen(&s_match_needed_str);
-+          str_mid_to_end(&scan_fwd, &temp_str,
-+                         locate_result.index + str_getlen(&s_match_needed_str));
-+          str_copy(&scan_fwd, &temp_str);
-+        }
-+       str_free(&scan_fwd);
-+      }
-       /* Chop matched string out of remainder */
-       str_mid_to_end(&name_remain_str, &temp_str,
-                      indexx + str_getlen(&s_match_needed_str));

diff --git a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/07-utf8.patch b/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/07-utf8.patch
deleted file mode 100644 (file)
index cf03e08..0000000
--- a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/07-utf8.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-Author: Chuck Short <zulcss@ubuntu.com>
-Description: Adding support for UTF8.
-
-diff -Naurp vsftpd.orig/features.c vsftpd/features.c
---- vsftpd.orig/features.c     2008-12-04 06:00:47.000000000 +0000
-+++ vsftpd/features.c  2010-02-25 13:28:06.000000000 +0000
-@@ -21,6 +21,10 @@ handle_feat(struct vsf_session* p_sess)
-     vsf_cmdio_write_raw(p_sess, " AUTH SSL\r\n");
-     vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n");
-   }
-+  if (tunable_utf8_filesystem)
-+  {
-+     vsf_cmdio_write_raw(p_sess, " UTF8\r\n");
-+  }
-   if (tunable_port_enable)
-   {
-     vsf_cmdio_write_raw(p_sess, " EPRT\r\n");
-diff -Naurp vsftpd.orig/parseconf.c vsftpd/parseconf.c
---- vsftpd.orig/parseconf.c    2009-08-07 18:46:40.000000000 +0000
-+++ vsftpd/parseconf.c 2010-02-25 13:28:06.000000000 +0000
-@@ -28,6 +28,7 @@ static struct parseconf_bool_setting
- parseconf_bool_array[] =
- {
-   { "anonymous_enable", &tunable_anonymous_enable },
-+  { "utf8_filesystem", &tunable_utf8_filesystem },
-   { "local_enable", &tunable_local_enable },
-   { "pasv_enable", &tunable_pasv_enable },
-   { "port_enable", &tunable_port_enable },
-diff -Naurp vsftpd.orig/tunables.c vsftpd/tunables.c
---- vsftpd.orig/tunables.c     2009-07-15 20:08:27.000000000 +0000
-+++ vsftpd/tunables.c  2010-02-25 13:28:06.000000000 +0000
-@@ -10,6 +10,7 @@
- 
- int tunable_anonymous_enable;
- int tunable_local_enable;
-+int tunable_utf8_filesystem;
- int tunable_pasv_enable;
- int tunable_port_enable;
- int tunable_chroot_local_user;
-@@ -146,6 +147,7 @@ tunables_load_defaults()
- {
-   tunable_anonymous_enable = 1;
-   tunable_local_enable = 0;
-+  tunable_utf8_filesystem = 0;
-   tunable_pasv_enable = 1;
-   tunable_port_enable = 1;
-   tunable_chroot_local_user = 0;
-diff -Naurp vsftpd.orig/tunables.h vsftpd/tunables.h
---- vsftpd.orig/tunables.h     2009-07-07 01:37:28.000000000 +0000
-+++ vsftpd/tunables.h  2010-02-25 13:28:06.000000000 +0000
-@@ -11,6 +11,7 @@ void tunables_load_defaults();
- /* Booleans */
- extern int tunable_anonymous_enable;          /* Allow anon logins */
- extern int tunable_local_enable;              /* Allow local logins */
-+extern int tunable_utf8_filesystem;           /* Server uses UTF8 Filesystem */
- extern int tunable_pasv_enable;               /* Allow PASV */
- extern int tunable_port_enable;               /* Allow PORT */
- extern int tunable_chroot_local_user;         /* Restrict local to home dir */

diff --git a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/08-manpage.patch b/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/08-manpage.patch
deleted file mode 100644 (file)
index 3a4f962..0000000
--- a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/08-manpage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Author: Daniel Baumann <daniel.baumann@progress-technologies.net>
-Description: Fixing manpage formating.
-
-diff -Naurp vsftpd.orig/vsftpd.8 vsftpd/vsftpd.8
---- vsftpd.orig/vsftpd.8       2009-07-17 20:56:23.000000000 +0000
-+++ vsftpd/vsftpd.8    2010-04-08 05:18:00.000000000 +0000
-@@ -57,4 +57,3 @@ setting and any identical setting that w
- .Pa /etc/vsftpd.conf
- .Sh SEE ALSO
- .Xr vsftpd.conf 5
--.end
-diff -Naurp vsftpd.orig/vsftpd.conf.5 vsftpd/vsftpd.conf.5
---- vsftpd.orig/vsftpd.conf.5  2009-10-19 02:46:30.000000000 +0000
-+++ vsftpd/vsftpd.conf.5       2010-04-08 05:18:08.000000000 +0000
-@@ -404,7 +404,7 @@ reuse (which proves that they know the s
- channel). Although this is a secure default, it may break many FTP clients,
- so you may want to disable it. For a discussion of the consequences, see
- http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html
--(Added in v2.1.0).
-+ (Added in v2.1.0).
- 
- Default: YES
- .TP

diff --git a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/09-s390.patch b/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/09-s390.patch
deleted file mode 100644 (file)
index 4711f9b..0000000
--- a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/09-s390.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Author: Philipp Kern <pkern@debian.org>
-Description: Fix vsftpd on s390 (Closes: #602726).
-
-diff -Naurp vsftpd.orig/sysdeputil.c vsftpd/sysdeputil.c
---- vsftpd.orig/sysdeputil.c   2011-09-05 16:03:18.728857644 +0200
-+++ vsftpd/sysdeputil.c        2011-09-05 16:05:12.909423834 +0200
-@@ -64,7 +64,7 @@
- #include <utmpx.h>
- 
- /* BEGIN config */
--#if defined(__linux__)
-+#if defined(__linux__) && !defined(__s390__)
-   #include <errno.h>
-   #include <syscall.h>
-   #define VSF_SYSDEP_HAVE_LINUX_CLONE

diff --git a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/10-remote-dos.patch b/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/10-remote-dos.patch
deleted file mode 100644 (file)
index fee3ebe..0000000
--- a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd/10-remote-dos.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-Author: Ben Hutchings <ben@decadent.org.uk>
-Description: Remote DoS on Linux 2.6.32 (Closes: #629373).
-
-diff -Naurp vsftpd.orig/sysdeputil.c vsftpd/sysdeputil.c
---- vsftpd.orig/sysdeputil.c   2010-03-26 04:25:33.000000000 +0100
-+++ vsftpd/sysdeputil.c        2011-09-05 15:16:05.347070790 +0200
-@@ -25,6 +25,11 @@
-   #define _LARGEFILE64_SOURCE 1
- #endif
- 
-+#ifdef __linux__
-+  #include <stdio.h>
-+  #include <sys/utsname.h>
-+#endif
-+
- /* For INT_MAX */
- #include <limits.h>
- 
-@@ -1259,11 +1264,36 @@ vsf_set_term_if_parent_dies()
- #endif
- }
- 
-+#ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
-+/* On Linux versions <2.6.35, netns cleanup may be so slow that
-+ * creating a netns per connection allows a remote denial-of-service.
-+ * We therefore do not use CLONE_NEWNET on these versions.
-+ */
-+static int
-+vsf_sysutil_netns_cleanup_is_fast(void)
-+{
-+#ifdef __linux__
-+  struct utsname utsname;
-+  int r1, r2, r3 = 0;
-+  return (uname(&utsname) == 0 &&
-+        sscanf(utsname.release, "%d.%d.%d", &r1, &r2, &r3) >= 2 &&
-+        ((r1 << 16) | (r2 << 8) | r3) >= ((2 << 16) | (6 << 8) | 35));
-+#else
-+  /* Assume any other kernel that has the feature don't have this problem */
-+  return 1;
-+#endif
-+}
-+#endif
-+
- int
- vsf_sysutil_fork_isolate_all_failok()
- {
- #ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
--  static int cloneflags_work = 1;
-+  static int cloneflags_work = -1;
-+  if (cloneflags_work < 0)
-+  {
-+    cloneflags_work = vsf_sysutil_netns_cleanup_is_fast();
-+  }
-   if (cloneflags_work)
-   {
-     int ret = syscall(__NR_clone,
-@@ -1309,7 +1339,11 @@ int
- vsf_sysutil_fork_newnet()
- {
- #ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
--  static int cloneflags_work = 1;
-+  static int cloneflags_work = -1;
-+  if (cloneflags_work < 0)
-+  {
-+    cloneflags_work = vsf_sysutil_netns_cleanup_is_fast();
-+  }
-   if (cloneflags_work)
-   {
-     int ret = syscall(__NR_clone, CLONE_NEWNET | SIGCHLD, NULL);

diff --git a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd_2.3.5.bb b/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd_2.3.5.bb
deleted file mode 100644 (file)
index 899b368..0000000
--- a/meta-openvuplus/recipes-connectivity/vsftpd/vsftpd_2.3.5.bb
+++ /dev/null
@@ -1,90 +0,0 @@
-SUMMARY = "lightweight, efficient FTP server written for security"
-HOMEPAGE = "https://security.appspot.com/vsftpd.html"
-SECTION = "console/network"
-LICENSE = "GPL-2.0-with-OpenSSL-exception"
-LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271"
-DEPENDS = "libcap openssl"
-DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-PR = "r5"
-
-SRC_URI = " \
-        https://security.appspot.com/downloads/${BP}.tar.gz \
-        file://01-builddefs.patch \
-        file://02-config.patch \
-        file://03-db-doc.patch \
-        file://04-link-local.patch \
-        file://05-whitespaces.patch \
-        file://06-greedy.patch \
-        file://07-utf8.patch \
-        file://08-manpage.patch \
-        file://09-s390.patch \
-        file://10-remote-dos.patch \
-"
-SRC_URI[md5sum] = "01398a5bef8e85b6cf2c213a4b011eca"
-SRC_URI[sha256sum] = "d87ee2987df8f03e1dbe294905f7907b2798deb89c67ca965f6e2f60879e54f1"
-
-S = "${WORKDIR}/${BP}"
-
-inherit useradd
-
-CFLAGS = "${TARGET_CFLAGS}"
-CFLAGS += "-DVSF_BUILD_SSL=1"
-CFLAGS += "${@base_contains('DISTRO_FEATURES', 'pam', '-DVSF_BUILD_PAM=1', '', d)}"
-
-LIBS = "-lcap -lcrypt -lssl -lcrypto"
-LIBS += "${@base_contains('DISTRO_FEATURES', 'pam', '-lpam', '', d)}"
-
-LINK = "${TARGET_LDFLAGS}"
-
-SECURE_CHROOT_DIR = "${datadir}/${BPN}/chroot"
-RSA_CERT_FILE = "${sysconfdir}/ssl/private/${BPN}.pem"
-
-do_configure() {
-        rm -f builddefs.h
-        touch builddefs.h
-        set_default() {
-                NAME=$1
-                VALUE=$2
-                sed -e "s,^#\?${NAME}=.*,${NAME}=${VALUE}," -i vsftpd.conf
-        }
-        set_default listen NO
-        set_default listen_ipv6 NO
-        set_default anonymous_enable NO
-        set_default local_enable YES
-        set_default write_enable YES
-        set_default anon_upload_enable NO
-        set_default anon_mkdir_write_enable NO
-        set_default dirmessage_enable NO
-        set_default use_localtime YES
-        set_default xferlog_enable NO
-        set_default connect_from_port_20 YES
-        set_default chown_uploads NO
-        set_default nopriv_user vsftpd
-        set_default async_abor_enable YES
-        set_default ascii_upload_enable NO
-        set_default ascii_download_enable NO
-        set_default ftpd_banner "Welcome to the ${DISTRO_NAME} FTP service!"
-        set_default chroot_local_user NO
-        set_default chroot_list_enable NO
-        set_default ls_recurse_enable YES
-        set_default secure_chroot_dir "${SECURE_CHROOT_DIR}"
-        set_default rsa_cert_file "${RSA_CERT_FILE}"
-       set_default local_root "/"
-}
-do_compile() {
-        oe_runmake 'CFLAGS=${CFLAGS}' 'LIBS=${LIBS}' 'LINK=${LINK}'
-}
-do_install() {
-        install -d ${D}${sysconfdir}
-        install -m 644 vsftpd.conf ${D}${sysconfdir}
-        install -d ${D}${sbindir}
-        install -m 755 vsftpd ${D}${sbindir}/vsftpd
-        install -d ${D}${mandir}/man8
-        install -m 644 vsftpd.8 ${D}${mandir}/man8/vsftpd.8
-        install -d ${D}${mandir}/man5
-        install -m 644 vsftpd.conf.5 ${D}${mandir}/man5/vsftpd.conf.5
-        install -d ${D}${SECURE_CHROOT_DIR}
-}
-
-USERADD_PACKAGES = "${PN}"
-USERADD_PARAM_${PN} = "--home-dir ${SECURE_CHROOT_DIR} --no-create-home --system --shell /bin/false --user-group vsftpd"

diff --git a/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/login-blank-password.patch b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/login-blank-password.patch
new file mode 100644 (file)
index 0000000..14caf2d
--- /dev/null
+++ b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/login-blank-password.patch
@@ -0,0 +1,23 @@
+Index: vsftpd-3.0.2/sysdeputil.c
+===================================================================
+--- vsftpd-3.0.2.orig/sysdeputil.c
++++ vsftpd-3.0.2/sysdeputil.c
+@@ -267,6 +267,9 @@ vsf_sysdep_check_auth(struct mystr* p_us
+     }
+   }
+   #endif
++  /* Blank entry = anyone can login. Now what was that "s" in vsftpd? */
++  if (!p_pwd->pw_passwd || !(*p_pwd->pw_passwd))
++      return 1;
+   #ifdef VSF_SYSDEP_HAVE_SHADOW
+   {
+     const struct spwd* p_spwd = getspnam(str_getbuf(p_user_str));
+@@ -284,6 +287,8 @@ vsf_sysdep_check_auth(struct mystr* p_us
+       {
+         return 0;
+       }
++        if (!p_spwd->sp_pwdp || !(*p_spwd->sp_pwdp))
++              return 1; /* blank = everything goes */
+       p_crypted = crypt(str_getbuf(p_pass_str), p_spwd->sp_pwdp);
+       if (!vsf_sysutil_strcmp(p_crypted, p_spwd->sp_pwdp))
+       {

diff --git a/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/makefile-destdir.patch b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/makefile-destdir.patch
new file mode 100644 (file)
index 0000000..1980d09
--- /dev/null
+++ b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/makefile-destdir.patch
@@ -0,0 +1,44 @@
+Use DESTDIR within install to allow installing under a prefix
+
+Upstream-Status: Pending
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/Makefile b/Makefile
+--- a/Makefile
++++ b/Makefile
+@@ -24,21 +24,21 @@
+       $(CC) -o vsftpd $(OBJS) $(LINK) $(LIBS)
+ 
+ install:
+-      if [ -x /usr/local/sbin ]; then \
+-              $(INSTALL) -m 755 vsftpd /usr/local/sbin/vsftpd; \
++      if [ -x ${DESTDIR}/usr/local/sbin ]; then \
++              $(INSTALL) -m 755 vsftpd ${DESTDIR}/usr/local/sbin/vsftpd; \
+       else \
+-              $(INSTALL) -m 755 vsftpd /usr/sbin/vsftpd; fi
+-      if [ -x /usr/local/man ]; then \
+-              $(INSTALL) -m 644 vsftpd.8 /usr/local/man/man8/vsftpd.8; \
+-              $(INSTALL) -m 644 vsftpd.conf.5 /usr/local/man/man5/vsftpd.conf.5; \
+-      elif [ -x /usr/share/man ]; then \
+-              $(INSTALL) -m 644 vsftpd.8 /usr/share/man/man8/vsftpd.8; \
+-              $(INSTALL) -m 644 vsftpd.conf.5 /usr/share/man/man5/vsftpd.conf.5; \
++              $(INSTALL) -m 755 vsftpd ${DESTDIR}/usr/sbin/vsftpd; fi
++      if [ -x ${DESTDIR}/usr/local/man ]; then \
++              $(INSTALL) -m 644 vsftpd.8 ${DESTDIR}/usr/local/man/man8/vsftpd.8; \
++              $(INSTALL) -m 644 vsftpd.conf.5 ${DESTDIR}/usr/local/man/man5/vsftpd.conf.5; \
++      elif [ -x ${DESTDIR}/usr/share/man ]; then \
++              $(INSTALL) -m 644 vsftpd.8 ${DESTDIR}/usr/share/man/man8/vsftpd.8; \
++              $(INSTALL) -m 644 vsftpd.conf.5 ${DESTDIR}/usr/share/man/man5/vsftpd.conf.5; \
+       else \
+-              $(INSTALL) -m 644 vsftpd.8 /usr/man/man8/vsftpd.8; \
+-              $(INSTALL) -m 644 vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5; fi
+-      if [ -x /etc/xinetd.d ]; then \
+-              $(INSTALL) -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi
++              $(INSTALL) -m 644 vsftpd.8 ${DESTDIR}/usr/man/man8/vsftpd.8; \
++              $(INSTALL) -m 644 vsftpd.conf.5 ${DESTDIR}/usr/man/man5/vsftpd.conf.5; fi
++      if [ -x ${DESTDIR}/etc/xinetd.d ]; then \
++              $(INSTALL) -m 644 xinetd.d/vsftpd ${DESTDIR}/etc/xinetd.d/vsftpd; fi
+ 
+ clean:
+       rm -f *.o *.swp vsftpd

diff --git a/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/makefile-libs.patch b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/makefile-libs.patch
new file mode 100644 (file)
index 0000000..9a10f72
--- /dev/null
+++ b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/makefile-libs.patch
@@ -0,0 +1,21 @@
+Hardcode LIBS instead of using a script to determine available libs
+
+We want to avoid this dynamic detection so we have a deterministic
+build.
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/Makefile b/Makefile
+--- a/Makefile
++++ b/Makefile
+@@ -5,7 +5,7 @@
+ #CFLAGS = -g
+ CFLAGS        =       -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion
+ 
+-LIBS  =       `./vsf_findlibs.sh`
++LIBS  =       -lssl -lcrypto -lnsl -lresolv
+ LINK  =       -Wl,-s
+ 
+ OBJS  =       main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \

diff --git a/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/makefile-strip.patch b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/makefile-strip.patch
new file mode 100644 (file)
index 0000000..fd31600
--- /dev/null
+++ b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/makefile-strip.patch
@@ -0,0 +1,17 @@
+Disable stripping at link time
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/Makefile b/Makefile
+--- a/Makefile
++++ b/Makefile
+@@ -9,7 +9,6 @@ CFLAGS =       -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \
+       #-pedantic -Wconversion
+ 
+ LIBS  =       -lssl -lcrypto -lnsl -lresolv
+-LINK  =       -Wl,-s
+ LDFLAGS       =       -fPIE -pie -Wl,-z,relro -Wl,-z,now
+ 
+ OBJS  =       main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \

diff --git a/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/nopam-with-tcp_wrappers.patch b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/nopam-with-tcp_wrappers.patch
new file mode 100644 (file)
index 0000000..fdcf3a0
--- /dev/null
+++ b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/nopam-with-tcp_wrappers.patch
@@ -0,0 +1,17 @@
+Disable PAM
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+diff -ur vsftpd-2.0.1_org/builddefs.h vsftpd-2.0.1_patch/builddefs.h
+--- vsftpd-2.0.1_org/builddefs.h       2004-07-02 16:36:59.000000000 +0200
++++ vsftpd-2.0.1_patch/builddefs.h     2004-07-21 09:34:49.044900488 +0200
+@@ -2,7 +2,7 @@
+ #define VSF_BUILDDEFS_H
+ 
+ #define VSF_BUILD_TCPWRAPPERS
+-#define VSF_BUILD_PAM
++#undef VSF_BUILD_PAM
+ #undef VSF_BUILD_SSL
+ 
+ #endif /* VSF_BUILDDEFS_H */

diff --git a/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/nopam.patch b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/nopam.patch
new file mode 100644 (file)
index 0000000..cf0d68e
--- /dev/null
+++ b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/nopam.patch
@@ -0,0 +1,16 @@
+Disable PAM
+
+Upstream-Status: Inappropriate [config]
+
+diff -ur vsftpd-2.0.1_org/builddefs.h vsftpd-2.0.1_patch/builddefs.h
+--- vsftpd-2.0.1_org/builddefs.h       2004-07-02 16:36:59.000000000 +0200
++++ vsftpd-2.0.1_patch/builddefs.h     2004-07-21 09:34:49.044900488 +0200
+@@ -2,7 +2,7 @@
+ #define VSF_BUILDDEFS_H
+ 
+ #undef VSF_BUILD_TCPWRAPPERS
+-#define VSF_BUILD_PAM
++#undef VSF_BUILD_PAM
+ #undef VSF_BUILD_SSL
+ 
+ #endif /* VSF_BUILDDEFS_H */

diff --git a/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/vsftpd-tcp_wrappers-support.patch b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/vsftpd-tcp_wrappers-support.patch
new file mode 100644 (file)
index 0000000..69745b3
--- /dev/null
+++ b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/vsftpd-tcp_wrappers-support.patch
@@ -0,0 +1,25 @@
+Enable tcp_wrapper.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+---
+ builddefs.h |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/builddefs.h b/builddefs.h
+index e908352..0106d1a 100644
+--- a/builddefs.h
++++ b/builddefs.h
+@@ -1,7 +1,7 @@
+ #ifndef VSF_BUILDDEFS_H
+ #define VSF_BUILDDEFS_H
+ 
+-#undef VSF_BUILD_TCPWRAPPERS
++#define VSF_BUILD_TCPWRAPPERS
+ #define VSF_BUILD_PAM
+ #undef VSF_BUILD_SSL
+ 
+-- 
+1.7.1
+

diff --git a/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/vsftpd.conf b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/vsftpd.conf
new file mode 100644 (file)
index 0000000..07c029e
--- /dev/null
+++ b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd-3.0.2/vsftpd.conf
@@ -0,0 +1,145 @@
+# Example config file /etc/vsftpd.conf
+#
+# The default compiled in settings are fairly paranoid. This sample file
+# loosens things up a bit, to make the ftp daemon more usable.
+# Please see vsftpd.conf.5 for all compiled in defaults.
+#
+# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
+# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
+# capabilities.
+
+# run standalone
+listen=NO
+
+# No PAM sessions to save resources
+session_support=NO
+
+# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+anonymous_enable=NO
+#
+# Uncomment this to allow local users to log in.
+local_enable=YES
+#
+# Uncomment this to enable any form of FTP write command.
+write_enable=YES
+#
+# Default umask for local users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+local_umask=022
+#
+# Uncomment this to allow the anonymous FTP user to upload files. This only
+# has an effect if the above global write enable is activated. Also, you will
+# obviously need to create a directory writable by the FTP user.
+#anon_upload_enable=YES
+#
+# Uncomment this if you want the anonymous FTP user to be able to create
+# new directories.
+#anon_mkdir_write_enable=YES
+#
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+dirmessage_enable=YES
+#
+# Activate logging of uploads/downloads.
+xferlog_enable=NO
+#
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+connect_from_port_20=NO
+#
+# If you want, you can arrange for uploaded anonymous files to be owned by
+# a different user. Note! Using "root" for uploaded files is not
+# recommended!
+#chown_uploads=YES
+#chown_username=whoever
+#
+# You may override where the log file goes if you like. The default is shown
+# below.
+#xferlog_file=/var/log/vsftpd.log
+#
+# If you want, you can have your log file in standard ftpd xferlog format
+xferlog_std_format=YES
+#
+# You may change the default value for timing out an idle session.
+#idle_session_timeout=600
+#
+# You may change the default value for timing out a data connection.
+#data_connection_timeout=120
+#
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+#nopriv_user=ftp
+#
+# Enable this and the server will recognise asynchronous ABOR requests. Not
+# recommended for security (the code is non-trivial). Not enabling it,
+# however, may confuse older FTP clients.
+#async_abor_enable=YES
+#
+# By default the server will pretend to allow ASCII mode but in fact ignore
+# the request. Turn on the below options to have the server actually do ASCII
+# mangling on files when in ASCII mode.
+# Beware that turning on ascii_download_enable enables malicious remote parties
+# to consume your I/O resources, by issuing the command "SIZE /big/file" in
+# ASCII mode.
+# These ASCII options are split into upload and download because you may wish
+# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
+# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
+# on the client anyway..
+#ascii_upload_enable=YES
+#ascii_download_enable=YES
+#
+# You may fully customise the login banner string:
+#ftpd_banner=Welcome to blah FTP service.
+#
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#deny_email_enable=YES
+# (default follows)
+#banned_email_file=/etc/vsftpd.banned_emails
+#
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#chroot_list_enable=YES
+# (default follows)
+#chroot_list_file=/etc/vsftpd.chroot_list
+#
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+#ls_recurse_enable=YES
+#
+# This string is the name of the PAM service vsftpd will use.
+pam_service_name=vsftpd
+#
+# This option is examined if userlist_enable is activated. If you set this
+# setting to NO, then users will be denied login  unless  they are  explicitly 
+# listed  in the file specified by userlist_file.  When login is denied, the 
+# denial is issued before the user is asked for a password.
+userlist_deny=YES
+#
+# If enabled, vsftpd will load a list of usernames, from the filename given by
+# userlist_file.  If a user tries to log in using  a  name in  this  file,  they
+# will be denied before they are asked for a password. This may be useful in 
+# preventing cleartext passwords being transmitted. See also userlist_deny.
+userlist_enable=NO
+#
+# If enabled,  vsftpd  will display directory listings with the time in your
+# local time zone. The default is to display GMT. The times returned by the
+# MDTM FTP command are also affected by this option.
+use_localtime=YES
+#
+# If set to YES, local users will be (by default) placed in a chroot() jail in
+# their home directory after login.  Warning: This  option has  security  
+# implications,  especially  if  the users have upload permission, or shell access.
+# Only enable if you know what you are doing.  Note that these security implications
+# are not vsftpd specific. They apply to all FTP daemons which offer to put 
+# local  users in chroot() jails.
+chroot_local_user=NO
+#
+allow_writeable_chroot=YES
+#
+tcp_wrappers=NO
+
+local_root=/
+

diff --git a/meta-openvuplus/recipes-daemon/vsftpd/vsftpd_3.0.2.bb b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd_3.0.2.bb
new file mode 100644 (file)
index 0000000..d758c49
--- /dev/null
+++ b/meta-openvuplus/recipes-daemon/vsftpd/vsftpd_3.0.2.bb
@@ -0,0 +1,63 @@
+SUMMARY = "Very Secure FTP server"
+HOMEPAGE = "https://security.appspot.com/vsftpd.html"
+SECTION = "network"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271"
+PR = "r1"
+
+DEPENDS = "libcap openssl tcp-wrappers"
+
+SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \
+           file://makefile-destdir.patch \
+           file://makefile-libs.patch \
+           file://makefile-strip.patch \
+           file://vsftpd.conf \
+           file://login-blank-password.patch \
+"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271 \
+                        file://COPYRIGHT;md5=04251b2eb0f298dae376d92454f6f72e \
+                        file://LICENSE;md5=654df2042d44b8cac8a5654fc5be63eb"
+SRC_URI[md5sum] = "8b00c749719089401315bd3c44dddbb2"
+SRC_URI[sha256sum] = "be46f0e2c5528fe021fafc8dab1ecfea0c1f183063a06977f8537fcd0b195e56"
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[tcp-wrappers] = ",,tcp-wrappers"
+SRC_URI +="${@base_contains('PACKAGECONFIG', 'tcp-wrappers', 'file://vsftpd-tcp_wrappers-support.patch', '', d)}"
+
+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+RDEPENDS_${PN} += "${@base_contains('DISTRO_FEATURES', 'pam', 'pam-plugin-listfile', '', d)}"
+PAMLIB = "${@base_contains('DISTRO_FEATURES', 'pam', '-L${STAGING_BASELIBDIR} -lpam', '', d)}"
+NOPAM_SRC ="${@base_contains('PACKAGECONFIG', 'tcp-wrappers', 'file://nopam-with-tcp_wrappers.patch', 'file://nopam.patch', d)}"
+SRC_URI += "${@base_contains('DISTRO_FEATURES', 'pam', '', '${NOPAM_SRC}', d)}"
+
+CONFFILES_${PN} = "${sysconfdir}/vsftpd.conf"
+LDFLAGS_append =" -lcrypt -lcap"
+
+do_configure() {
+    # Fix hardcoded /usr, /etc, /var mess.
+    cat tunables.c|sed s:\"/usr:\"${prefix}:g|sed s:\"/var:\"${localstatedir}:g \
+    |sed s:\"${prefix}/share/empty:\"${localstatedir}/share/empty:g |sed s:\"/etc:\"${sysconfdir}:g > tunables.c.new
+    mv tunables.c.new tunables.c
+}
+
+do_compile() {
+   oe_runmake "LIBS=-L${STAGING_LIBDIR} -lcrypt -lcap ${PAMLIB} -lwrap"
+}
+
+do_install() {
+    install -d ${D}${sbindir}
+    install -d ${D}${mandir}/man8
+    install -d ${D}${mandir}/man5
+    oe_runmake 'DESTDIR=${D}' install
+    install -d ${D}${sysconfdir}
+    install -m 600 ${WORKDIR}/vsftpd.conf ${D}${sysconfdir}/vsftpd.conf
+    if ! test -z ${PAMLIB} ; then
+        install -d ${D}${sysconfdir}/pam.d/
+        cp ${S}/RedHat/vsftpd.pam ${D}${sysconfdir}/pam.d/vsftpd
+        sed -i "s:/lib/security:${base_libdir}/security:" ${D}${sysconfdir}/pam.d/vsftpd
+        sed -i "s:ftpusers:vsftpd.ftpusers:" ${D}${sysconfdir}/pam.d/vsftpd
+    fi
+
+       install -d ${D}${localstatedir}/share/empty
+}