diff options
author | Mike Gilbert <floppym@gentoo.org> | 2022-04-15 23:29:31 -0400 |
---|---|---|
committer | Mike Gilbert <floppym@gentoo.org> | 2022-04-15 23:30:42 -0400 |
commit | c4366c87fde09f81468bc51975a6261cdc26c9bb (patch) | |
tree | e9f8b9844b8bdba93b43407e7bf6ea468ff0d1eb | |
parent | dev-libs/libpcre2: add 10.40 (diff) | |
download | gentoo-c4366c87fde09f81468bc51975a6261cdc26c9bb.tar.gz gentoo-c4366c87fde09f81468bc51975a6261cdc26c9bb.tar.bz2 gentoo-c4366c87fde09f81468bc51975a6261cdc26c9bb.zip |
net-ftp/vsftpd: drop 3.0.3-r4, 3.0.4-r1
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
-rw-r--r-- | net-ftp/vsftpd/Manifest | 2 | ||||
-rw-r--r-- | net-ftp/vsftpd/files/vsftpd-2.1.0-caps.patch | 15 | ||||
-rw-r--r-- | net-ftp/vsftpd/files/vsftpd-2.2.0-dont-link-caps.patch | 21 | ||||
-rw-r--r-- | net-ftp/vsftpd/files/vsftpd-2.3.5-gentoo.patch | 207 | ||||
-rw-r--r-- | net-ftp/vsftpd/files/vsftpd-3.0.0-Makefile.patch | 34 | ||||
-rw-r--r-- | net-ftp/vsftpd/files/vsftpd-3.0.2-remove-legacy-cap.patch | 57 | ||||
-rw-r--r-- | net-ftp/vsftpd/files/vsftpd-3.0.4-dont-link-caps.patch | 17 | ||||
-rw-r--r-- | net-ftp/vsftpd/files/vsftpd-checkconfig.sh | 29 | ||||
-rw-r--r-- | net-ftp/vsftpd/files/vsftpd-disable-seccomp-sandbox.patch | 15 | ||||
-rw-r--r-- | net-ftp/vsftpd/files/vsftpd.conf | 104 | ||||
-rw-r--r-- | net-ftp/vsftpd/files/vsftpd.init | 50 | ||||
-rw-r--r-- | net-ftp/vsftpd/files/vsftpd.service | 11 | ||||
-rw-r--r-- | net-ftp/vsftpd/files/vsftpd_at.service | 10 | ||||
-rw-r--r-- | net-ftp/vsftpd/vsftpd-3.0.3-r4.ebuild | 146 | ||||
-rw-r--r-- | net-ftp/vsftpd/vsftpd-3.0.4-r1.ebuild | 152 |
15 files changed, 0 insertions, 870 deletions
diff --git a/net-ftp/vsftpd/Manifest b/net-ftp/vsftpd/Manifest index 9ebd3e6c3fa8..ee4ec8971871 100644 --- a/net-ftp/vsftpd/Manifest +++ b/net-ftp/vsftpd/Manifest @@ -1,3 +1 @@ -DIST vsftpd-3.0.3.tar.gz 196649 BLAKE2B dbf96e788494c29d78ca49fad6a03641c9725f9a5b01a4059ad009870fdc28520cd467cd8288a8a9a520c411c495a42c3fff57ee1069efc65840adb245792dca SHA512 5a4410a88e72ecf6f60a60a89771bcec300c9f63c2ea83b219bdf65fd9749b9853f9579f7257205b55659aefcd5dab243eba878dbbd4f0ff8532dd6e60884df7 -DIST vsftpd-3.0.4.tar.gz 197637 BLAKE2B 3a2457bd74076de8ffba7ad2861009157c80dd9f38cdb63033804c72d7482666f7e1a400777e2cff4170f0999d79f9d384339ade3ad48f2a7567b2e684e48817 SHA512 a4c3b28ef7bd762dcfe53f5c9b68fc1bb371d2eb61dc88038959cc9f5efba8cc2c45a15956a7fddbac3b1ce03d8555df8fb7b86300e273a78e632f3dac15c2e3 DIST vsftpd-3.0.5.tar.gz 197778 BLAKE2B c197a070f7eef8c97ef0adc1ebb883520e7613d67ba0eabb1380b3adaae272f4ef79110e79ce4aad5ddebd6100fb059308d905203249c5445d3ea64c29dc5ec2 SHA512 9e9f9bde8c460fbc6b1d29ca531327fb2e40e336358f1cc19e1da205ef81b553719a148ad4613ceead25499d1ac3f03301a0ecd3776e5c228acccb7f9461a7ee diff --git a/net-ftp/vsftpd/files/vsftpd-2.1.0-caps.patch b/net-ftp/vsftpd/files/vsftpd-2.1.0-caps.patch deleted file mode 100644 index bd29762e9f48..000000000000 --- a/net-ftp/vsftpd/files/vsftpd-2.1.0-caps.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -ur vsftpd-2.1.0.orig/sysdeputil.c vsftpd-2.1.0/sysdeputil.c ---- vsftpd-2.1.0.orig/sysdeputil.c 2009-02-23 18:23:26.000000000 +0100 -+++ vsftpd-2.1.0/sysdeputil.c 2009-02-23 18:23:51.000000000 +0100 -@@ -160,10 +160,8 @@ - #include <sys/capability.h> - - #if defined(VSF_SYSDEP_HAVE_CAPABILITIES) && !defined(VSF_SYSDEP_HAVE_LIBCAP) --#include <linux/unistd.h> - #include <linux/capability.h> --#include <errno.h> --#include <syscall.h> -+#include <sys/syscall.h> - int capset(cap_user_header_t header, const cap_user_data_t data) - { - return syscall(__NR_capset, header, data); diff --git a/net-ftp/vsftpd/files/vsftpd-2.2.0-dont-link-caps.patch b/net-ftp/vsftpd/files/vsftpd-2.2.0-dont-link-caps.patch deleted file mode 100644 index debcf06279e3..000000000000 --- a/net-ftp/vsftpd/files/vsftpd-2.2.0-dont-link-caps.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -ur vsftpd-2.2.0.orig/vsf_findlibs.sh vsftpd-2.2.0/vsf_findlibs.sh ---- vsftpd-2.2.0.orig/vsf_findlibs.sh 2009-08-23 22:15:39.000000000 -0700 -+++ vsftpd-2.2.0/vsf_findlibs.sh 2009-08-23 22:16:31.000000000 -0700 -@@ -44,17 +44,6 @@ - # For older HP-UX... - locate_library /usr/lib/libsec.sl && echo "-lsec"; - --# Look for libcap (capabilities) --if locate_library /lib/libcap.so.1; then -- echo "/lib/libcap.so.1"; --elif locate_library /lib/libcap.so.2; then -- echo "/lib/libcap.so.2"; --else -- locate_library /usr/lib/libcap.so && echo "-lcap"; -- locate_library /lib/libcap.so && echo "-lcap"; -- locate_library /lib64/libcap.so && echo "-lcap"; --fi -- - # Solaris needs this for nanosleep().. - locate_library /lib/libposix4.so && echo "-lposix4"; - locate_library /usr/lib/libposix4.so && echo "-lposix4"; diff --git a/net-ftp/vsftpd/files/vsftpd-2.3.5-gentoo.patch b/net-ftp/vsftpd/files/vsftpd-2.3.5-gentoo.patch deleted file mode 100644 index 7f1af4beb8c7..000000000000 --- a/net-ftp/vsftpd/files/vsftpd-2.3.5-gentoo.patch +++ /dev/null @@ -1,207 +0,0 @@ -Index: vsftpd-2.3.5/defs.h -=================================================================== ---- vsftpd-2.3.5.orig/defs.h -+++ vsftpd-2.3.5/defs.h -@@ -1,7 +1,7 @@ - #ifndef VSF_DEFS_H - #define VSF_DEFS_H - --#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf" -+#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf" - - #define VSFTP_COMMAND_FD 0 - -Index: vsftpd-2.3.5/tunables.c -=================================================================== ---- vsftpd-2.3.5.orig/tunables.c -+++ vsftpd-2.3.5/tunables.c -@@ -250,7 +250,7 @@ tunables_load_defaults() - /* -rw------- */ - tunable_chown_upload_mode = 0600; - -- install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir); -+ install_str_setting("/usr/share/vsftpd/empty", &tunable_secure_chroot_dir); - install_str_setting("ftp", &tunable_ftp_username); - install_str_setting("root", &tunable_chown_username); - install_str_setting("/var/log/xferlog", &tunable_xferlog_file); -@@ -258,11 +258,11 @@ tunables_load_defaults() - install_str_setting(".message", &tunable_message_file); - install_str_setting("nobody", &tunable_nopriv_user); - install_str_setting(0, &tunable_ftpd_banner); -- install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file); -- install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file); -+ install_str_setting("/etc/vsftpd/vsftpd.banned_emails", &tunable_banned_email_file); -+ install_str_setting("/etc/vsftpd/vsftpd.chroot_list", &tunable_chroot_list_file); - install_str_setting("ftp", &tunable_pam_service_name); - install_str_setting("ftp", &tunable_guest_username); -- install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file); -+ install_str_setting("/etc/vsftpd/vsftpd.user_list", &tunable_userlist_file); - install_str_setting(0, &tunable_anon_root); - install_str_setting(0, &tunable_local_root); - install_str_setting(0, &tunable_banner_file); -@@ -275,7 +275,7 @@ tunables_load_defaults() - install_str_setting(0, &tunable_hide_file); - install_str_setting(0, &tunable_deny_file); - install_str_setting(0, &tunable_user_sub_token); -- install_str_setting("/etc/vsftpd.email_passwords", -+ install_str_setting("/etc/vsftpd/vsftpd.email_passwords", - &tunable_email_password_file); - install_str_setting("/usr/share/ssl/certs/vsftpd.pem", - &tunable_rsa_cert_file); -Index: vsftpd-2.3.5/vsftpd.8 -=================================================================== ---- vsftpd-2.3.5.orig/vsftpd.8 -+++ vsftpd-2.3.5/vsftpd.8 -@@ -21,7 +21,7 @@ itself will listen on the network. This - recommended. It is activated by setting - .Pa listen=YES - in --.Pa /etc/vsftpd.conf . -+.Pa /etc/vsftpd/vsftpd.conf . - Direct execution of the - .Nm vsftpd - binary will then launch the FTP service ready for immediate client connections. -@@ -33,7 +33,7 @@ as root. Any command line option not sta - as a config file that will be loaded. Note that config files are loaded in the - strict order that they are encountered on the command line. - If no config files are specified, the default configuration file of --.Pa /etc/vsftpd.conf -+.Pa /etc/vsftpd/vsftpd.conf - will be loaded, after all other command line options are processed. - .Pp - Supported options are: -@@ -47,14 +47,14 @@ their appearance on the command line, in - config files. - .El - .Sh EXAMPLES --vsftpd -olisten=NO /etc/vsftpd.conf -oftpd_banner=blah -+vsftpd -olisten=NO /etc/vsftpd/vsftpd.conf -oftpd_banner=blah - .Pp - That example overrides vsftpd's built-in default for the "listen" option to be --NO, but then loads /etc/vsftpd.conf which may override that setting. Finally, -+NO, but then loads /etc/vsftpd/vsftpd.conf which may override that setting. Finally, - the "ftpd_banner" setting is set to "blah", which overrides any default vsftpd - setting and any identical setting that was in the config file. - .Sh FILES --.Pa /etc/vsftpd.conf -+.Pa /etc/vsftpd/vsftpd.conf - .Sh SEE ALSO - .Xr vsftpd.conf 5 - .end -Index: vsftpd-2.3.5/vsftpd.conf -=================================================================== ---- vsftpd-2.3.5.orig/vsftpd.conf -+++ vsftpd-2.3.5/vsftpd.conf -@@ -1,4 +1,4 @@ --# Example config file /etc/vsftpd.conf -+# Example config file /etc/vsftpd/vsftpd.conf - # - # The default compiled in settings are fairly paranoid. This sample file - # loosens things up a bit, to make the ftp daemon more usable. -@@ -87,7 +87,7 @@ connect_from_port_20=YES - # useful for combatting certain DoS attacks. - #deny_email_enable=YES - # (default follows) --#banned_email_file=/etc/vsftpd.banned_emails -+#banned_email_file=/etc/vsftpd/vsftpd.banned_emails - # - # You may specify an explicit list of local users to chroot() to their home - # directory. If chroot_local_user is YES, then this list becomes a list of -@@ -98,7 +98,7 @@ connect_from_port_20=YES - #chroot_local_user=YES - #chroot_list_enable=YES - # (default follows) --#chroot_list_file=/etc/vsftpd.chroot_list -+#chroot_list_file=/etc/vsftpd/vsftpd.chroot_list - # - # You may activate the "-R" option to the builtin ls. This is disabled by - # default to avoid remote users being able to cause excessive I/O on large -Index: vsftpd-2.3.5/vsftpd.conf.5 -=================================================================== ---- vsftpd-2.3.5.orig/vsftpd.conf.5 -+++ vsftpd-2.3.5/vsftpd.conf.5 -@@ -4,7 +4,7 @@ vsftpd.conf \- config file for vsftpd - .SH DESCRIPTION - vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By - default, vsftpd looks for this file at the location --.BR /etc/vsftpd.conf . -+.BR /etc/vsftpd/vsftpd.conf . - However, you may override this by specifying a command line argument to - vsftpd. The command line argument is the pathname of the configuration file - for vsftpd. This behaviour is useful because you may wish to use an advanced -@@ -138,7 +138,7 @@ chroot() jail in their home directory up - different if chroot_local_user is set to YES. In this case, the list becomes - a list of users which are NOT to be placed in a chroot() jail. - By default, the file containing this list is --/etc/vsftpd.chroot_list, but you may override this with the -+/etc/vsftpd/vsftpd.chroot_list, but you may override this with the - .BR chroot_list_file - setting. - -@@ -177,7 +177,7 @@ Default: NO - .B deny_email_enable - If activated, you may provide a list of anonymous password e-mail responses - which cause login to be denied. By default, the file containing this list is --/etc/vsftpd.banned_emails, but you may override this with the -+/etc/vsftpd/vsftpd.banned_emails, but you may override this with the - .BR banned_email_file - setting. - -@@ -433,7 +433,7 @@ anonymous logins are prevented unless th - file specified by the - .BR email_password_file - setting. The file format is one password per line, no extra whitespace. The --default filename is /etc/vsftpd.email_passwords. -+default filename is /etc/vsftpd/vsftpd.email_passwords. - - Default: NO - .TP -@@ -764,7 +764,7 @@ passwords which are not permitted. This - .BR deny_email_enable - is enabled. - --Default: /etc/vsftpd.banned_emails -+Default: /etc/vsftpd/vsftpd.banned_emails - .TP - .B banner_file - This option is the name of a file containing text to display when someone -@@ -803,7 +803,7 @@ is enabled. If the option - is enabled, then the list file becomes a list of users to NOT place in a - chroot() jail. - --Default: /etc/vsftpd.chroot_list -+Default: /etc/vsftpd/vsftpd.chroot_list - .TP - .B cmds_allowed - This options specifies a comma separated list of allowed FTP commands (post -@@ -864,7 +864,7 @@ This option can be used to provide an al - .BR secure_email_list_enable - setting. - --Default: /etc/vsftpd.email_passwords -+Default: /etc/vsftpd/vsftpd.email_passwords - .TP - .B ftp_username - This is the name of the user we use for handling anonymous FTP. The home -@@ -987,10 +987,10 @@ the manual page, on a per-user basis. Us - with an example. If you set - .BR user_config_dir - to be --.BR /etc/vsftpd_user_conf -+.BR /etc/vsftpd/vsftpd_user_conf - and then log on as the user "chris", then vsftpd will apply the settings in - the file --.BR /etc/vsftpd_user_conf/chris -+.BR /etc/vsftpd/vsftpd_user_conf/chris - for the duration of the session. The format of this file is as detailed in - this manual page! PLEASE NOTE that not all settings are effective on a - per-user basis. For example, many settings only prior to the user's session -@@ -1026,7 +1026,7 @@ This option is the name of the file load - .BR userlist_enable - option is active. - --Default: /etc/vsftpd.user_list -+Default: /etc/vsftpd/vsftpd.user_list - .TP - .B vsftpd_log_file - This option is the name of the file to which we write the vsftpd style diff --git a/net-ftp/vsftpd/files/vsftpd-3.0.0-Makefile.patch b/net-ftp/vsftpd/files/vsftpd-3.0.0-Makefile.patch deleted file mode 100644 index 5df3b03f3fa9..000000000000 --- a/net-ftp/vsftpd/files/vsftpd-3.0.0-Makefile.patch +++ /dev/null @@ -1,34 +0,0 @@ -Index: vsftpd-3.0.0/Makefile -=================================================================== ---- vsftpd-3.0.0.orig/Makefile -+++ vsftpd-3.0.0/Makefile -@@ -1,16 +1,16 @@ - # Makefile for systems with GNU tools --CC = gcc -+CC ?= gcc - INSTALL = install - IFLAGS = -idirafter dummyinc - #CFLAGS = -g --CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \ -- -Wall -W -Wshadow -Werror -Wformat-security \ -+CFLAGS += -fPIE -fstack-protector --param=ssp-buffer-size=4 \ -+ -Wall -W -Wshadow -Wformat-security \ - -D_FORTIFY_SOURCE=2 \ - #-pedantic -Wconversion - - LIBS = `./vsf_findlibs.sh` - LINK = --LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now -+LDFLAGS += -fPIE -pie -Wl,-z,relro -Wl,-z,now - - OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \ - tunables.o ftpdataio.o secbuf.o ls.o \ -@@ -26,7 +26,7 @@ OBJS = main.o utility.o prelogin.o ftpcm - $(CC) -c $*.c $(CFLAGS) $(IFLAGS) - - vsftpd: $(OBJS) -- $(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS) -+ $(CC) -o vsftpd $(LDFLAGS) $(OBJS) $(LINK) $(LDFLAGS) $(LIBS) - - install: - if [ -x /usr/local/sbin ]; then \ diff --git a/net-ftp/vsftpd/files/vsftpd-3.0.2-remove-legacy-cap.patch b/net-ftp/vsftpd/files/vsftpd-3.0.2-remove-legacy-cap.patch deleted file mode 100644 index 2401f37c7e88..000000000000 --- a/net-ftp/vsftpd/files/vsftpd-3.0.2-remove-legacy-cap.patch +++ /dev/null @@ -1,57 +0,0 @@ -https://bugs.gentoo.org/show_bug.cgi?id=450536 -Patch by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> - -Probe the preferred version ---- vsftpd-3.0.2/sysdeputil.c.org 2013-01-05 18:32:13.241288839 +0100 -+++ vsftpd-3.0.2/sysdeputil.c 2013-01-05 19:41:53.038148078 +0100 -@@ -561,11 +561,17 @@ - } - - #ifndef VSF_SYSDEP_HAVE_LIBCAP -+static struct __user_cap_header_struct sys_cap_head; - static int - do_checkcap(void) - { -+ int retval; -+ -+ /* Store preferred version in sys_cap_head */ -+ vsf_sysutil_memclr(&sys_cap_head, sizeof(sys_cap_head)); - /* EFAULT (EINVAL if page 0 mapped) vs. ENOSYS */ -- int retval = capset(0, 0); -+ retval = capset(&sys_cap_head, 0); -+ - if (!vsf_sysutil_retval_is_error(retval) || - vsf_sysutil_get_error() != kVSFSysUtilErrNOSYS) - { -@@ -579,17 +585,13 @@ - { - /* n.b. yes I know I should be using libcap!! */ - int retval; -- struct __user_cap_header_struct cap_head; -- struct __user_cap_data_struct cap_data; -+ struct __user_cap_data_struct cap_data[2]; - __u32 cap_mask = 0; - if (!caps) - { - bug("asked to adopt no capabilities"); - } -- vsf_sysutil_memclr(&cap_head, sizeof(cap_head)); - vsf_sysutil_memclr(&cap_data, sizeof(cap_data)); -- cap_head.version = _LINUX_CAPABILITY_VERSION; -- cap_head.pid = 0; - if (caps & kCapabilityCAP_CHOWN) - { - cap_mask |= (1 << CAP_CHOWN); -@@ -598,9 +600,9 @@ - { - cap_mask |= (1 << CAP_NET_BIND_SERVICE); - } -- cap_data.effective = cap_data.permitted = cap_mask; -- cap_data.inheritable = 0; -- retval = capset(&cap_head, &cap_data); -+ cap_data[0].effective = cap_data[0].permitted = cap_mask; -+ cap_data[0].inheritable = 0; -+ retval = capset(&sys_cap_head, &cap_data[0]); - if (retval != 0) - { - die("capset"); diff --git a/net-ftp/vsftpd/files/vsftpd-3.0.4-dont-link-caps.patch b/net-ftp/vsftpd/files/vsftpd-3.0.4-dont-link-caps.patch deleted file mode 100644 index 75e0e3e7cfd3..000000000000 --- a/net-ftp/vsftpd/files/vsftpd-3.0.4-dont-link-caps.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- a/vsf_findlibs.sh -+++ b/vsf_findlibs.sh -@@ -47,14 +47,6 @@ - # For older HP-UX... - locate_library /usr/lib/libsec.sl && echo "-lsec"; - --# Look for libcap (capabilities) --# Note that link may fail with: --# /usr/bin/ld: cannot find -lcap --# If the libcap-devel package isn't installed. --locate_library /usr/lib/libcap.so && echo "-lcap"; --locate_library /lib/libcap.so && echo "-lcap"; --locate_library /lib64/libcap.so && echo "-lcap"; -- - # Solaris needs this for nanosleep().. - locate_library /lib/libposix4.so && echo "-lposix4"; - locate_library /usr/lib/libposix4.so && echo "-lposix4"; diff --git a/net-ftp/vsftpd/files/vsftpd-checkconfig.sh b/net-ftp/vsftpd/files/vsftpd-checkconfig.sh deleted file mode 100644 index e1d1e5231b67..000000000000 --- a/net-ftp/vsftpd/files/vsftpd-checkconfig.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -VSFTPD_CONF="${VSFTPD_CONF:-/etc/vsftpd/vsftpd.conf}" - -if [ ! -e ${VSFTPD_CONF} ] ; then - echo "Please setup ${VSFTPD_CONF} before starting vsftpd" >&2 - echo "There are sample configurations in /usr/share/doc/vsftpd" >&2 - exit 1 -fi - -if egrep -iq "^ *background *= *yes" "${VSFTPD_CONF}" ; then - echo "${VSFTPD_CONF} must not set background=YES" >&2 - exit 1 -fi - -has_ip=false has_ipv6=false ip_error=true -egrep -iq "^ *listen *= *yes" "${VSFTPD_CONF}" && has_ip=true -egrep -iq "^ *listen_ipv6 *= *yes" "${VSFTPD_CONF}" && has_ipv6=true -if ${has_ip} && ! ${has_ipv6} ; then - ip_error=false -elif ! ${has_ip} && ${has_ipv6} ; then - ip_error=false -fi -if ${ip_error} ; then - echo "${VSFTPD_CONF} must contain listen=YES or listen_ipv6=YES" >&2 - echo "but not both" >&2 - exit 1 -fi - diff --git a/net-ftp/vsftpd/files/vsftpd-disable-seccomp-sandbox.patch b/net-ftp/vsftpd/files/vsftpd-disable-seccomp-sandbox.patch deleted file mode 100644 index 10266e36a87e..000000000000 --- a/net-ftp/vsftpd/files/vsftpd-disable-seccomp-sandbox.patch +++ /dev/null @@ -1,15 +0,0 @@ -Disable buggy seccomp sandbox code by default - -Bug: https://bugs.gentoo.org/443898 - ---- a/tunables.c -+++ b/tunables.c -@@ -226,7 +226,7 @@ - tunable_isolate_network = 1; - tunable_ftp_enable = 1; - tunable_http_enable = 0; -- tunable_seccomp_sandbox = 1; -+ tunable_seccomp_sandbox = 0; - tunable_allow_writeable_chroot = 0; - - tunable_accept_timeout = 60; diff --git a/net-ftp/vsftpd/files/vsftpd.conf b/net-ftp/vsftpd/files/vsftpd.conf deleted file mode 100644 index 3f2658e772ab..000000000000 --- a/net-ftp/vsftpd/files/vsftpd.conf +++ /dev/null @@ -1,104 +0,0 @@ -# -# Example vsftpd config file -# -# See man 5 vsftpd.conf for more information. -# - -# Enable vsftpd to run as a standalone daemon -# Comment these two out to run under inetd or xinetd -background=YES -listen=YES - -# Allow anonymous FTP? -anonymous_enable=YES - -# Uncomment this to allow local users to log in. -#local_enable=YES - -# Uncomment this to enable any form of FTP write command. -#write_enable=YES - -# Default umask for local users is 077. You may wish to change this to 022, -# if your users expect that (022 is used by most other ftpd's) -#local_umask=022 - -# Uncomment this to allow the anonymous FTP user to upload files. This only -# has an effect if the above global write enable is activated. Also, you will -# obviously need to create a directory writable by the FTP user. -#anon_upload_enable=YES - -# Uncomment this if you want the anonymous FTP user to be able to create -# new directories. -#anon_mkdir_write_enable=YES - -# Activate directory messages - messages given to remote users when they -# go into a certain directory. -dirmessage_enable=YES - -# Make sure PORT transfer connections originate from port 20 (ftp-data). -connect_from_port_20=YES - -# If you want, you can arrange for uploaded anonymous files to be owned by -# a different user. Note! Using "root" for uploaded files is not -# recommended! -#chown_uploads=YES -#chown_username=whoever - -# Activate logging of uploads/downloads. -xferlog_enable=YES - -# If you want, you can have your log file in standard ftpd xferlog format -#xferlog_std_format=YES - -# You may override where the log file goes if you like. -xferlog_file=/var/log/vsftpd.log - -# You may change the default value for timing out an idle session. -#idle_session_timeout=600 - -# You may change the default value for timing out a data connection. -#data_connection_timeout=120 - -# It is recommended that you define on your system a unique user which the -# ftp server can use as a totally isolated and unprivileged user. -nopriv_user=nobody - -# Enable this and the server will recognise asynchronous ABOR requests. Not -# recommended for security (the code is non-trivial). Not enabling it, -# however, may confuse older FTP clients. -#async_abor_enable=YES - -# By default the server will pretend to allow ASCII mode but in fact ignore -# the request. Turn on the below options to have the server actually do ASCII -# mangling on files when in ASCII mode. -# Beware that turning on ascii_download_enable enables malicious remote parties -# to consume your I/O resources, by issuing the command "SIZE /big/file" in -# ASCII mode. -# These ASCII options are split into upload and download because you may wish -# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking), -# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be -# on the client anyway.. -#ascii_upload_enable=YES -#ascii_download_enable=YES - -# You may fully customise the login banner string: -#ftpd_banner=Welcome to blah FTP service. - -# You may specify a file of disallowed anonymous e-mail addresses. Apparently -# useful for combatting certain DoS attacks. -#deny_email_enable=YES -# (default follows) -#banned_email_file=/etc/vsftpd/banned_emails - -# You may specify an explicit list of local users to chroot() to their home -# directory. If chroot_local_user is YES, then this list becomes a list of -# users to NOT chroot(). -#chroot_list_enable=YES -# (default follows) -#chroot_list_file=/etc/vsftpd/chroot_list - -# You may activate the "-R" option to the builtin ls. This is disabled by -# default to avoid remote users being able to cause excessive I/O on large -# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume -# the presence of the "-R" option, so there is a strong case for enabling it. -#ls_recurse_enable=YES diff --git a/net-ftp/vsftpd/files/vsftpd.init b/net-ftp/vsftpd/files/vsftpd.init deleted file mode 100644 index d49dc001404e..000000000000 --- a/net-ftp/vsftpd/files/vsftpd.init +++ /dev/null @@ -1,50 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License, v2 - -VSFTPD_NAME=${SVCNAME##*.} -if [ -n "${VSFTPD_NAME}" -a "${SVCNAME}" != "vsftpd" ]; then - VSFTPD_PID="/var/run/vsftpd.${VSFTPD_NAME}.pid" - VSFTPD_CONF_DEFAULT="/etc/vsftpd/${VSFTPD_NAME}.conf" -else - VSFTPD_PID="/var/run/vsftpd.pid" - VSFTPD_CONF_DEFAULT="/etc/vsftpd/vsftpd.conf" -fi -VSFTPD_CONF=${VSFTPD_CONF:-${VSFTPD_CONF_DEFAULT}} -VSFTPD_EXEC=${VSFTPD_EXEC:-/usr/sbin/vsftpd} - -depend() { - need net - use dns logger -} - -checkconfig() { - VSFTPD_CONF="${VSFTPD_CONF}" \ - /usr/libexec/vsftpd-checkconfig.sh || return 1 -} - -start() { - checkconfig || return 1 - ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --exec ${VSFTPD_EXEC} \ - --background --make-pidfile --pidfile "${VSFTPD_PID}" \ - -- "${VSFTPD_CONF}" - eend $? -} - -stop() { - ebegin "Stopping ${SVCNAME}" - local retval=0 - if [ -f ${VSFTPD_PID} ]; then - start-stop-daemon --stop --pidfile ${VSFTPD_PID} || retval=1 - pkill --full ${VSFTPD_CONF} - else - ewarn "Couldn't find ${VSFTPD_PID} trying to stop using the config filename ${VSFTPD_CONF}" - pgrep --full ${VSFTPD_CONF} > ${VSFTPD_PID} - start-stop-daemon --stop --pidfile ${VSFTPD_PID} || retval=1 - pkill --full ${VSFTPD_CONF} - fi - eend ${retval} -} - -# vim: ts=4 diff --git a/net-ftp/vsftpd/files/vsftpd.service b/net-ftp/vsftpd/files/vsftpd.service deleted file mode 100644 index 1445f2769861..000000000000 --- a/net-ftp/vsftpd/files/vsftpd.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Vsftpd ftp daemon -After=network.target - -[Service] -Type=simple -ExecStartPre=/usr/libexec/vsftpd-checkconfig.sh -ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf - -[Install] -WantedBy=multi-user.target diff --git a/net-ftp/vsftpd/files/vsftpd_at.service b/net-ftp/vsftpd/files/vsftpd_at.service deleted file mode 100644 index 5380b83ffcfe..000000000000 --- a/net-ftp/vsftpd/files/vsftpd_at.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Very Secure FTP Daemon - -[Service] -Type=simple -# Note: Do not use ExecStartPre=/usr/libexec/vsftpd-checkconfig.sh, as it -# requires one of the listen options to be enabled. -ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf -obackground=NO -olisten=NO -olisten_ipv6=NO -StandardInput=socket -SuccessExitStatus=2 diff --git a/net-ftp/vsftpd/vsftpd-3.0.3-r4.ebuild b/net-ftp/vsftpd/vsftpd-3.0.3-r4.ebuild deleted file mode 100644 index e3ad887f7e16..000000000000 --- a/net-ftp/vsftpd/vsftpd-3.0.3-r4.ebuild +++ /dev/null @@ -1,146 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit eutils systemd toolchain-funcs - -DESCRIPTION="Very Secure FTP Daemon written with speed, size and security in mind" -HOMEPAGE="http://vsftpd.beasts.org/" -SRC_URI="http://security.appspot.com/downloads/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 arm ~hppa ~ia64 ppc ppc64 ~s390 sparc x86" -IUSE="caps pam tcpd ssl selinux xinetd" - -DEPEND="caps? ( >=sys-libs/libcap-2 ) - pam? ( sys-libs/pam ) - !pam? ( virtual/libcrypt:= ) - tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) - ssl? ( - dev-libs/openssl:0= - )" -RDEPEND="${DEPEND} - net-ftp/ftpbase - selinux? ( sec-policy/selinux-ftp ) - xinetd? ( sys-apps/xinetd )" - -src_prepare() { - local PATCHES=( - # kerberos patch. bug #335980 - "${FILESDIR}/${PN}-2.3.2-kerberos.patch" - - # Patch the source, config and the manpage to use /etc/vsftpd/ - "${FILESDIR}/${PN}-2.3.5-gentoo.patch" - - # Fix building without the libcap - "${FILESDIR}/${PN}-2.1.0-caps.patch" - - # Fix building on alpha. Bug #405829 - "${FILESDIR}/${PN}-3.0.2-alpha.patch" - - #Bug #335977 - "${FILESDIR}"/${PN}-3.0.0-Makefile.patch - - #Bug #450536 - "${FILESDIR}"/${PN}-3.0.2-remove-legacy-cap.patch - - #Bug #630704 - "${FILESDIR}"/${PN}-3.0.3-sparc.patch - - # https://bugs.gentoo.org/443898 - "${FILESDIR}"/vsftpd-disable-seccomp-sandbox.patch - ) - - # Configure vsftpd build defaults - use tcpd && echo "#define VSF_BUILD_TCPWRAPPERS" >> builddefs.h - use ssl && echo "#define VSF_BUILD_SSL" >> builddefs.h - use pam || echo "#undef VSF_BUILD_PAM" >> builddefs.h - - # Ensure that we don't link against libcap unless asked - if ! use caps ; then - sed -i '/^#define VSF_SYSDEP_HAVE_LIBCAP$/ d' sysdeputil.c || die - eapply "${FILESDIR}"/${PN}-2.2.0-dont-link-caps.patch - fi - - # Let portage control stripping - sed -i '/^LINK[[:space:]]*=[[:space:]]*/ s/-Wl,-s//' Makefile || die - - default -} - -src_compile() { - # Override LIBS variable. Bug #508192 - LIBS= - use caps && LIBS+=" -lcap" - if use pam; then - LIBS+=" -lpam" - else - LIBS+=" -lcrypt" - fi - use tcpd && LIBS+=" -lwrap" - use ssl && LIBS+=" -lssl -lcrypto" - - CFLAGS="${CFLAGS}" \ - CC="$(tc-getCC)" \ - emake LIBS="${LIBS}" -} - -src_install() { - into /usr - doman ${PN}.conf.5 ${PN}.8 - dosbin ${PN} - - dodoc AUDIT BENCHMARKS BUGS Changelog FAQ \ - README README.security REWARD SIZE \ - SPEED TODO TUNING || die "dodoc failed" - newdoc ${PN}.conf ${PN}.conf.example - - docinto security - dodoc SECURITY/* - - insinto "/usr/share/doc/${PF}/examples" - doins -r EXAMPLE/* - - insinto /etc/${PN} - newins ${PN}.conf{,.example} - - insinto /etc/logrotate.d - newins "${FILESDIR}/${PN}.logrotate" ${PN} - - if use xinetd ; then - insinto /etc/xinetd.d - newins "${FILESDIR}/${PN}.xinetd" ${PN} - fi - - newinitd "${FILESDIR}/${PN}.init" ${PN} - - keepdir /usr/share/${PN}/empty - - exeinto /usr/libexec - doexe "${FILESDIR}/vsftpd-checkconfig.sh" - systemd_dounit "${FILESDIR}/${PN}.service" - systemd_newunit "${FILESDIR}/${PN}_at.service" "${PN}@.service" - systemd_dounit "${FILESDIR}/${PN}.socket" -} - -pkg_preinst() { - # If we use xinetd, then we set listen=NO - # so that our default config works under xinetd - fixes #78347 - if use xinetd ; then - sed -i 's/listen=YES/listen=NO/g' "${D}"/etc/${PN}/${PN}.conf.example - fi -} - -pkg_postinst() { - einfo "vsftpd openRC init script can now be multiplexed." - einfo "The default init script forces /etc/vsftpd/vsftpd.conf to exist." - einfo "If you symlink the init script to another one, say vsftpd.foo" - einfo "then that uses /etc/vsftpd/foo.conf instead." - einfo - einfo "Example:" - einfo " cd /etc/init.d" - einfo " ln -s vsftpd vsftpd.foo" - einfo "You can now treat vsftpd.foo like any other service" -} diff --git a/net-ftp/vsftpd/vsftpd-3.0.4-r1.ebuild b/net-ftp/vsftpd/vsftpd-3.0.4-r1.ebuild deleted file mode 100644 index d68b28925225..000000000000 --- a/net-ftp/vsftpd/vsftpd-3.0.4-r1.ebuild +++ /dev/null @@ -1,152 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit systemd toolchain-funcs - -DESCRIPTION="Very Secure FTP Daemon written with speed, size and security in mind" -HOMEPAGE="http://vsftpd.beasts.org/" -SRC_URI="http://security.appspot.com/downloads/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86" -IUSE="caps pam tcpd ssl selinux xinetd" - -DEPEND="caps? ( >=sys-libs/libcap-2 ) - pam? ( sys-libs/pam ) - !pam? ( virtual/libcrypt:= ) - tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) - ssl? ( dev-libs/openssl:0= )" -RDEPEND="${DEPEND} - net-ftp/ftpbase - selinux? ( sec-policy/selinux-ftp ) - xinetd? ( sys-apps/xinetd )" - -PATCHES=( - # kerberos patch. bug #335980 - "${FILESDIR}/${PN}-2.3.2-kerberos.patch" - - # Patch the source, config and the manpage to use /etc/vsftpd/ - "${FILESDIR}/${PN}-2.3.5-gentoo.patch" - - # Fix building without the libcap - "${FILESDIR}/${PN}-2.1.0-caps.patch" - - # Fix building on alpha. Bug #405829 - "${FILESDIR}/${PN}-3.0.2-alpha.patch" - - # Bug #335977 - "${FILESDIR}"/${PN}-3.0.0-Makefile.patch - - # Bug #450536 - "${FILESDIR}"/${PN}-3.0.2-remove-legacy-cap.patch - - # Bug #630704 - "${FILESDIR}"/${PN}-3.0.3-sparc.patch - - # https://bugs.gentoo.org/443898 - #"${FILESDIR}"/vsftpd-disable-seccomp-sandbox.patch -) - -src_prepare() { - # Configure vsftpd build defaults - if use tcpd ; then - echo "#define VSF_BUILD_TCPWRAPPERS" >> builddefs.h || die - fi - - if use ssl ; then - echo "#define VSF_BUILD_SSL" >> builddefs.h || die - fi - - if ! use pam; then - echo "#undef VSF_BUILD_PAM" >> builddefs.h || die - fi - - # Ensure that we don't link against libcap unless asked - if ! use caps ; then - sed -i '/^#define VSF_SYSDEP_HAVE_LIBCAP$/ d' sysdeputil.c || die - eapply "${FILESDIR}"/${PN}-3.0.4-dont-link-caps.patch - fi - - # Let portage control stripping - sed -i '/^LINK[[:space:]]*=[[:space:]]*/ s/-Wl,-s//' Makefile || die - - default -} - -src_compile() { - # Override LIBS variable. Bug #508192 - LIBS= - use caps && LIBS+=" -lcap" - if use pam; then - LIBS+=" -lpam" - else - LIBS+=" -lcrypt" - fi - use tcpd && LIBS+=" -lwrap" - use ssl && LIBS+=" -lssl -lcrypto" - - tc-export CC - - CFLAGS="${CFLAGS}" emake LIBS="${LIBS}" -} - -src_install() { - into /usr - doman ${PN}.conf.5 ${PN}.8 - dosbin ${PN} - - dodoc AUDIT BENCHMARKS BUGS Changelog FAQ \ - README README.security REWARD SIZE \ - SPEED TODO TUNING - newdoc ${PN}.conf ${PN}.conf.example - - docinto security - dodoc SECURITY/* - - docinto examples - dodoc -r EXAMPLE/* - - insinto /etc/${PN} - newins ${PN}.conf{,.example} - - insinto /etc/logrotate.d - newins "${FILESDIR}"/${PN}.logrotate ${PN} - - if use xinetd ; then - insinto /etc/xinetd.d - newins "${FILESDIR}"/${PN}.xinetd ${PN} - fi - - newinitd "${FILESDIR}"/${PN}.init ${PN} - - keepdir /usr/share/${PN}/empty - - exeinto /usr/libexec - doexe "${FILESDIR}"/vsftpd-checkconfig.sh - systemd_dounit "${FILESDIR}"/${PN}.service - systemd_newunit "${FILESDIR}"/${PN}_at.service "${PN}@.service" - systemd_dounit "${FILESDIR}"/${PN}.socket -} - -pkg_preinst() { - # If we use xinetd, then we set listen=NO - # so that our default config works under xinetd - fixes #78347 - if use xinetd ; then - sed -i 's/listen=YES/listen=NO/g' "${D}"/etc/${PN}/${PN}.conf.example || die - fi -} - -pkg_postinst() { - einfo "vsftpd openRC init script can now be multiplexed." - einfo "The default init script forces /etc/vsftpd/vsftpd.conf to exist." - einfo "If you symlink the init script to another one, say vsftpd.foo" - einfo "then that uses /etc/vsftpd/foo.conf instead." - einfo - einfo "Example:" - einfo " cd /etc/init.d" - einfo " ln -s vsftpd vsftpd.foo" - einfo "You can now treat vsftpd.foo like any other service" -} |