Slackware 14.2slackware-14.2

Thu Jun 30 20:26:57 UTC 2016
Slackware 14.2 x86_64 stable is released!

The long development cycle (the Linux community has lately been living in
"interesting times", as they say) is finally behind us, and we're proud to
announce the release of Slackware 14.2.  The new release brings many updates
and modern tools, has switched from udev to eudev (no systemd), and adds
well over a hundred new packages to the system.  Thanks to the team, the
upstream developers, the dedicated Slackware community, and everyone else
who pitched in to help make this release a reality.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided
32-bit/64-bit x86/x86_64 DVD.  Please consider supporting the Slackware
project by picking up a copy from store.slackware.com.  We're taking
pre-orders now, and offer a discount if you sign up for a subscription.

Have fun!  :-)

4 files changed, 39 insertions, 8 deletions

diff --git a/source/n/vsftpd/slack-desc b/source/n/vsftpd/slack-desc
index 82b9f521e..cc4b231ea 100644
--- a/source/n/vsftpd/slack-desc
+++ b/source/n/vsftpd/slack-desc
@@ -13,7 +13,7 @@ vsftpd: Obviously this is not a guarantee, but a reflection that the entire
 vsftpd: codebase was written with security in mind, and carefully designed to
 vsftpd: be resilient to attack (as well as extremely fast and scalable).
 vsftpd:
-vsftpd: The vsftpd homepage is http://vsftpd.beasts.org/
+vsftpd: The vsftpd homepage is https://security.appspot.com/vsftpd.html
 vsftpd:
 vsftpd: The Very Secure FTP Daemon was written by Chris Evans.
 vsftpd:
diff --git a/source/n/vsftpd/vsftpd.SlackBuild b/source/n/vsftpd/vsftpd.SlackBuild
index 9a2e7fc88..f03206b67 100755
--- a/source/n/vsftpd/vsftpd.SlackBuild
+++ b/source/n/vsftpd/vsftpd.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright 2008, 2009, 2010, 2011, 2012  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2010, 2011, 2012, 2016  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -22,14 +22,14 @@
 
 PKGNAM=vsftpd
 VERSION=${VERSION:-$(echo ${PKGNAM}-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-3}
 
 NUMJOBS=${NUMJOBS:-" -j7 "}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
   case "$( uname -m )" in
-    i?86) export ARCH=i486 ;;
+    i?86) export ARCH=i586 ;;
     arm*) export ARCH=arm ;;
     # Unless $ARCH is already set, use uname -m for all other archs:
        *) export ARCH=$( uname -m ) ;;
@@ -62,6 +62,7 @@ find . \
 
 zcat $CWD/vsftpd.builddefs.diff.gz | patch -p1 --verbose || exit 1
 zcat $CWD/vsftpd.conf.diff.gz | patch -p1 --verbose || exit 1
+zcat $CWD/vsftpd.crypt.diff.gz | patch -p1 --verbose || exit 1
 
 make $NUMJOBS || make || exit 1
 
diff --git a/source/n/vsftpd/vsftpd.conf.diff b/source/n/vsftpd/vsftpd.conf.diff
index 1f410a7ac..ac3c6ab24 100644
--- a/source/n/vsftpd/vsftpd.conf.diff
+++ b/source/n/vsftpd/vsftpd.conf.diff
@@ -1,6 +1,5 @@
-diff -Nur vsftpd-2.2.1.orig/vsftpd.conf vsftpd-2.2.1/vsftpd.conf
---- vsftpd-2.2.1.orig/vsftpd.conf	2009-10-18 21:04:23.000000000 -0500
-+++ vsftpd-2.2.1/vsftpd.conf	2009-10-19 10:22:16.609407947 -0500
+--- ./vsftpd.conf.orig	2011-12-17 12:24:40.000000000 -0600
++++ ./vsftpd.conf	2016-04-11 18:34:26.772862375 -0500
 @@ -19,7 +19,7 @@
  #
  # Default umask for local users is 077. You may wish to change this to 022,
@@ -24,7 +23,7 @@ diff -Nur vsftpd-2.2.1.orig/vsftpd.conf vsftpd-2.2.1/vsftpd.conf
  #
  # You may change the default value for timing out an idle session.
  #idle_session_timeout=600
-@@ -101,12 +101,13 @@
+@@ -104,14 +104,24 @@
  # default to avoid remote users being able to cause excessive I/O on large
  # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
  # the presence of the "-R" option, so there is a strong case for enabling it.
@@ -43,3 +42,14 @@ diff -Nur vsftpd-2.2.1.orig/vsftpd.conf vsftpd-2.2.1/vsftpd.conf
  #
  # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
  # sockets, you must run two copies of vsftpd with two configuration files.
+ # Make sure, that one of the listen options is commented !!
+ #listen_ipv6=YES
++#
++# The seccomp sandbox feature adds an additional layer of security, but has
++# been known to cause various problems depending on the kernel version.
++# Problems may include kernel audit warnings in the system logs, or even
++# failure to get a directory listing (or do much of anything in directories
++# with enough files to trigger the issue).
++# If you see errors like "OOPS: priv_sock_get_cmd" make sure this option is
++# set to NO.  We'll set it to NO by default since we want a reliable ftpd.
++seccomp_sandbox=NO
diff --git a/source/n/vsftpd/vsftpd.crypt.diff b/source/n/vsftpd/vsftpd.crypt.diff
new file mode 100644
index 000000000..87503d578
--- /dev/null
+++ b/source/n/vsftpd/vsftpd.crypt.diff
@@ -0,0 +1,20 @@
+--- ./sysdeputil.c.orig	2012-09-15 23:18:04.000000000 -0500
++++ ./sysdeputil.c	2016-06-12 23:49:19.539253144 -0500
+@@ -285,7 +285,7 @@
+         return 0;
+       }
+       p_crypted = crypt(str_getbuf(p_pass_str), p_spwd->sp_pwdp);
+-      if (!vsf_sysutil_strcmp(p_crypted, p_spwd->sp_pwdp))
++      if (p_crypted != NULL && !vsf_sysutil_strcmp(p_crypted, p_spwd->sp_pwdp))
+       {
+         return 1;
+       }
+@@ -293,7 +293,7 @@
+   }
+   #endif /* VSF_SYSDEP_HAVE_SHADOW */
+   p_crypted = crypt(str_getbuf(p_pass_str), p_pwd->pw_passwd);
+-  if (!vsf_sysutil_strcmp(p_crypted, p_pwd->pw_passwd))
++  if (p_crypted != NULL && !vsf_sysutil_strcmp(p_crypted, p_pwd->pw_passwd))
+   {
+     return 1;
+   }