diff options
Diffstat (limited to 'source/n/vsftpd')
| -rw-r--r-- | source/n/vsftpd/slack-desc | 2 | ||||
| -rwxr-xr-x | source/n/vsftpd/vsftpd.SlackBuild | 7 | ||||
| -rw-r--r-- | source/n/vsftpd/vsftpd.conf.diff | 18 | ||||
| -rw-r--r-- | source/n/vsftpd/vsftpd.crypt.diff | 20 |
4 files changed, 39 insertions, 8 deletions
diff --git a/source/n/vsftpd/slack-desc b/source/n/vsftpd/slack-desc index 82b9f521e..cc4b231ea 100644 --- a/source/n/vsftpd/slack-desc +++ b/source/n/vsftpd/slack-desc @@ -13,7 +13,7 @@ vsftpd: Obviously this is not a guarantee, but a reflection that the entire vsftpd: codebase was written with security in mind, and carefully designed to vsftpd: be resilient to attack (as well as extremely fast and scalable). vsftpd: -vsftpd: The vsftpd homepage is http://vsftpd.beasts.org/ +vsftpd: The vsftpd homepage is https://security.appspot.com/vsftpd.html vsftpd: vsftpd: The Very Secure FTP Daemon was written by Chris Evans. vsftpd: diff --git a/source/n/vsftpd/vsftpd.SlackBuild b/source/n/vsftpd/vsftpd.SlackBuild index 9a2e7fc88..f03206b67 100755 --- a/source/n/vsftpd/vsftpd.SlackBuild +++ b/source/n/vsftpd/vsftpd.SlackBuild @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2008, 2009, 2010, 2011, 2012 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2011, 2012, 2016 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -22,14 +22,14 @@ PKGNAM=vsftpd VERSION=${VERSION:-$(echo ${PKGNAM}-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-3} NUMJOBS=${NUMJOBS:-" -j7 "} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i486 ;; + i?86) export ARCH=i586 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -62,6 +62,7 @@ find . \ zcat $CWD/vsftpd.builddefs.diff.gz | patch -p1 --verbose || exit 1 zcat $CWD/vsftpd.conf.diff.gz | patch -p1 --verbose || exit 1 +zcat $CWD/vsftpd.crypt.diff.gz | patch -p1 --verbose || exit 1 make $NUMJOBS || make || exit 1 diff --git a/source/n/vsftpd/vsftpd.conf.diff b/source/n/vsftpd/vsftpd.conf.diff index 1f410a7ac..ac3c6ab24 100644 --- a/source/n/vsftpd/vsftpd.conf.diff +++ b/source/n/vsftpd/vsftpd.conf.diff @@ -1,6 +1,5 @@ -diff -Nur vsftpd-2.2.1.orig/vsftpd.conf vsftpd-2.2.1/vsftpd.conf ---- vsftpd-2.2.1.orig/vsftpd.conf 2009-10-18 21:04:23.000000000 -0500 -+++ vsftpd-2.2.1/vsftpd.conf 2009-10-19 10:22:16.609407947 -0500 +--- ./vsftpd.conf.orig 2011-12-17 12:24:40.000000000 -0600 ++++ ./vsftpd.conf 2016-04-11 18:34:26.772862375 -0500 @@ -19,7 +19,7 @@ # # Default umask for local users is 077. You may wish to change this to 022, @@ -24,7 +23,7 @@ diff -Nur vsftpd-2.2.1.orig/vsftpd.conf vsftpd-2.2.1/vsftpd.conf # # You may change the default value for timing out an idle session. #idle_session_timeout=600 -@@ -101,12 +101,13 @@ +@@ -104,14 +104,24 @@ # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. @@ -43,3 +42,14 @@ diff -Nur vsftpd-2.2.1.orig/vsftpd.conf vsftpd-2.2.1/vsftpd.conf # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd with two configuration files. + # Make sure, that one of the listen options is commented !! + #listen_ipv6=YES ++# ++# The seccomp sandbox feature adds an additional layer of security, but has ++# been known to cause various problems depending on the kernel version. ++# Problems may include kernel audit warnings in the system logs, or even ++# failure to get a directory listing (or do much of anything in directories ++# with enough files to trigger the issue). ++# If you see errors like "OOPS: priv_sock_get_cmd" make sure this option is ++# set to NO. We'll set it to NO by default since we want a reliable ftpd. ++seccomp_sandbox=NO diff --git a/source/n/vsftpd/vsftpd.crypt.diff b/source/n/vsftpd/vsftpd.crypt.diff new file mode 100644 index 000000000..87503d578 --- /dev/null +++ b/source/n/vsftpd/vsftpd.crypt.diff @@ -0,0 +1,20 @@ +--- ./sysdeputil.c.orig 2012-09-15 23:18:04.000000000 -0500 ++++ ./sysdeputil.c 2016-06-12 23:49:19.539253144 -0500 +@@ -285,7 +285,7 @@ + return 0; + } + p_crypted = crypt(str_getbuf(p_pass_str), p_spwd->sp_pwdp); +- if (!vsf_sysutil_strcmp(p_crypted, p_spwd->sp_pwdp)) ++ if (p_crypted != NULL && !vsf_sysutil_strcmp(p_crypted, p_spwd->sp_pwdp)) + { + return 1; + } +@@ -293,7 +293,7 @@ + } + #endif /* VSF_SYSDEP_HAVE_SHADOW */ + p_crypted = crypt(str_getbuf(p_pass_str), p_pwd->pw_passwd); +- if (!vsf_sysutil_strcmp(p_crypted, p_pwd->pw_passwd)) ++ if (p_crypted != NULL && !vsf_sysutil_strcmp(p_crypted, p_pwd->pw_passwd)) + { + return 1; + } |