aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-daemons/vsftpd
AgeCommit message (Collapse)Author
2017-04-25vsftpd: Fix build with muslKhem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-09-12vsftpd: allow sysinfo() in the seccomp sandboxMingli Yu
* Allow sysinfo() in the seccomp sandbox otherwise comes below OOPS: priv_sock_get_cmd as the syscall sysinfo() not allowed tnftp 192.168.1.1 Connected to 192.168.1.1. 220 (vsFTPd 3.0.3) Name (192.168.1.1:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> prompt Interactive mode off. ftp> mget small* OOPS: priv_sock_get_cmd * use "strace -ff /usr/sbin/vsftpd" to track in both seccomp sandbox on and seccomp sandbox off (add seccomp_sandbox=NO in /etc/vsftpd.conf) scenarios when type the commands at ftp client as above, the ftp connection at server side ends up each time with SIGSYS when call sysinfo() syscall in seccomp sandbox on case, so we need to add sysinfo() in the seccomp sandbox if still use seccomp sandbox for vsftpd * The issue still exists in other distribution, Please check https://bugzilla.redhat.com/show_bug.cgi?id=845980 for details And check ftp://195.220.108.108/linux/fedora/linux/updates/\ 24/SRPMS/p/proftpd-1.3.5b-2.fc24.src.rpm for fedora, there is even a patch vsftpd-3.0.2-seccomp.patch as below to turn off seccomp sandbox for vsftpd by default which also means fedora doesn't limit the syscall any more by default. From dd86a1c28f11fa67b1263d5dc79fa9953629d30d Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka <msehnout@redhat.com> Date: Fri, 8 Apr 2016 15:03:16 +0200 Subject: [PATCH 1/7] vsftpd-3.0.2-seccomp --- tunables.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tunables.c b/tunables.c index 93f85b1..b024be4 100644 --- a/tunables.c +++ b/tunables.c @@ -232,7 +232,7 @@ tunables_load_defaults() tunable_isolate_network = 1; tunable_ftp_enable = 1; tunable_http_enable = 0; - tunable_seccomp_sandbox = 1; + tunable_seccomp_sandbox = 0; tunable_allow_writeable_chroot = 0; tunable_accept_timeout = 60; Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-08-22meta-oe: fix indentationMartin Jansa
* remove tabs which sneaked in since last cleanup * meta-oe layers are using consistent indentation with 4 spaces, see http://www.openembedded.org/wiki/Styleguide Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-05-05meta-networking: use bb.utils.contains() instead of base_contains()Ross Burton
base_contains() is a compatibility wrapper and may warn in the future, so replace all instances with bb.utils.contains(). Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-02-22vsftpd: Explicitly set EXTRA_OEMAKE as requiredMike Crowe
This recipe currently relies on EXTRA_OEMAKE having been to set to "-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make this explicit so that the default in bitbake.conf can be changed. Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2015-08-06vsftpd: upgrade 3.0.2->3.0.3leimaohui
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2015-06-05meta-networking: standardize SECTION valuesJoe MacDonald
SECTION has been used inconsistently throughout the recipes in this layer. Convert them to all use the same convention. Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2015-05-08vsftpd: fix the CVE-2015-1419Roy Li
Taken Patch from fedora to fix CVE-2015-1419, deny_file parsing to do more what is expected. Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2015-04-15vsftpd / init: add LSB init infosWenzong Fan
Keep compatibility with chkconfig tool. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2014-10-04vsftpd: add systemd service fileChen Qi
Add systemd service for vsftpd. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-10-04vsftpd: fix pkg_postinstChen Qi
Fix pkg_postinst to not exit if "$D" is not empty. Otherwise, postinsts from update-rc.d.bbclass would not run and the symlinks under /etc/rc?.d/ would not be created. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-09-23vftpd: update to version 3.0.2Joe Slater
No changes other than source checksum. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2014-07-22vsftpd: fix install warningWenzong Fan
WARNING: QA Issue: vsftpd: Files/directories were installed but not shipped /run /run/vsftpd /run/vsftpd/empty Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2013-11-29ntp: comment out the invalid serverRoy Li
When ntpd starts, it will create a daemon to connect this invalid server, and fail, then ntpd will create other daemon to connect the local-only (127.127.1.0) server. The users should be aware that they need to configure the correct ntp servers, a invalid server will lead to a redundant daemon, so it is better to comment this example server to wait user to configure Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2013-10-18vsftpd: use quotes to wrap variableRoy Li
"test -z ${PAMLIB}" in do_install() may report error if ${PAMLIB} has space chars. This commit added double quotes to wrap it in case of errors. Signed-off-by: Qiang Chen <qiang.chen@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2013-09-23vsftpd: change default secure_chroot_dirMing Liu
Change default value of secure_chroot_dir to /var/run/vsftpd/empty, add volatiles entry for it, to ensure it won't fail to start with error: "500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/var/share/empty" This shows up in both standalone mode or started by xined. Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2013-07-19Upgrade vsftpd to 3.0.0Roy.Li
Upgrade vsftpd to 3.0.0 with below modification: 1. more strict access limitation, like: do not allow anonymous access 2. use vsftpd.ftpusers and vsftpd.user_list to confine user access 3. enable pam if DISTRO_FEATURE includes pam 4. enable tcp-wrapper 5. install vsftpd.conf with 0600 permission, not 0755 Signed-off-by: Roy.Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
2013-07-02vsftpd: add missing dependency on opensslMartin Jansa
* Fails without openssl in sysroot: | i586-webos-linux-gcc -m32 -march=i586 --sysroot=/OE/sysroots/qemux86 -o vsftpd main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o tunables.o ftpdataio.o secbuf.o ls.o postprivparent.o logging.o str.o netstr.o sysstr.o strlist.o banner.o filestr.o parseconf.o secutil.o ascii.o oneprocess.o twoprocess.o privops.o standalone.o hash.o tcpwrap.o ipaddrparse.o access.o features.o readwrite.o opts.o ssl.o sslslave.o ptracesandbox.o ftppolicy.o sysutil.o sysdeputil.o -lssl -lcrypto -lnsl -lresolv -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -lcrypt -lcap | /OE/sysroots/x86_64-linux/usr/libexec/i586-webos-linux/gcc/i586-webos-linux/4.7.2/ld: cannot find -lssl | /OE/sysroots/x86_64-linux/usr/libexec/i586-webos-linux/gcc/i586-webos-linux/4.7.2/ld: cannot find -lcrypto | collect2: error: ld returned 1 exit status Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
2013-04-19vsftpd: move from meta-oe to meta-networking and tweakPaul Eggleton
* Fix stripped file QA warning * Add proper headers to patches (and split makefile.patch into two parts, one of which may be upstreamable) * Use PV in SRC_URI instead of hardcoded version * Move SRC_URI checksums up next to SRC_URI * Set SUMMARY instead of DESCRIPTION Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>