- vsftp: bump version to 3.0.5; rework build

3 years ago · 0710b8d8a8
7 changed files with 156 additions and 91 deletions
--- a/package/vsftpd/patches/0001-utmpx-builddef.patch
+++ b/package/vsftpd/patches/0001-utmpx-builddef.patch
@ -0,0 +1,49 @@
 Add build option to disable utmpx update code
 On some embedded systems the libc may have utmpx support, but the
 feature would be redundant. So add a build switch to disable utmpx
 updating, similar to compiling on systems without utmpx support.
 Signed-off-by: Maarten ter Huurne <maarten@treewalker.org>
 diff -ru vsftpd-3.0.2.orig/builddefs.h vsftpd-3.0.2/builddefs.h
 --- vsftpd-3.0.2.orig/builddefs.h	2012-04-05 05:24:56.000000000 +0200
 +++ vsftpd-3.0.2/builddefs.h	2014-09-16 14:23:36.128003245 +0200
@@ -4,6 +4,7 @@
 #undef VSF_BUILD_TCPWRAPPERS
 #define VSF_BUILD_PAM
 #undef VSF_BUILD_SSL
 +#define VSF_BUILD_UTMPX
 #endif /* VSF_BUILDDEFS_H */
 diff -ru vsftpd-3.0.2.orig/sysdeputil.c vsftpd-3.0.2/sysdeputil.c
 --- vsftpd-3.0.2.orig/sysdeputil.c	2012-09-16 06:18:04.000000000 +0200
 +++ vsftpd-3.0.2/sysdeputil.c	2014-09-16 14:26:42.686887724 +0200
@@ -1158,7 +1158,7 @@
 #endif /* !VSF_SYSDEP_NEED_OLD_FD_PASSING */
 -#ifndef VSF_SYSDEP_HAVE_UTMPX
 +#if !defined(VSF_BUILD_UTMPX) || !defined(VSF_SYSDEP_HAVE_UTMPX)
 void
 vsf_insert_uwtmp(const struct mystr* p_user_str,
@@ -1173,7 +1173,7 @@
 {
 }
 -#else /* !VSF_SYSDEP_HAVE_UTMPX */
 +#else /* !VSF_BUILD_UTMPX || !VSF_SYSDEP_HAVE_UTMPX */
 /* IMHO, the pam_unix module REALLY should be doing this in its SM component */
 /* Statics */
@@ -1238,7 +1238,7 @@
   updwtmpx(WTMPX_FILE, &s_utent);
 }
 -#endif /* !VSF_SYSDEP_HAVE_UTMPX */
 +#endif /* !VSF_BUILD_UTMPX || !VSF_SYSDEP_HAVE_UTMPX */
 void
 vsf_set_die_if_parent_dies()
--- a/package/vsftpd/patches/vsftpd-fix-CVE-2015-1419.patch
+++ b/package/vsftpd/patches/vsftpd-fix-CVE-2015-1419.patch
@ -73,7 +73,7 @@ Index: vsftpd-3.0.2/str.c
 ===================================================================
 --- vsftpd-3.0.2.orig/str.c
 +++ vsftpd-3.0.2/str.c
-@@ -770,3 +770,14 @@ str_replace_unprintable(struct mystr* p_
+@@ -711,3 +711,14 @@ str_replace_unprintable(struct mystr* p_
   }
 }
@ -92,7 +92,7 @@ Index: vsftpd-3.0.2/str.h
 ===================================================================
 --- vsftpd-3.0.2.orig/str.h
 +++ vsftpd-3.0.2/str.h
-@@ -101,6 +101,7 @@ void str_replace_unprintable(struct myst
+@@ -100,6 +100,7 @@ void str_replace_unprintable(struct myst
 int str_atoi(const struct mystr* p_str);
 filesize_t str_a_to_filesize_t(const struct mystr* p_str);
 unsigned int str_octal_to_uint(const struct mystr* p_str);
--- a/package/vsftpd/patches/0003-Prevent-hang-in-SIGCHLD-handler.patch
+++ b/package/vsftpd/patches/0003-Prevent-hang-in-SIGCHLD-handler.patch
@ -0,0 +1,87 @@
 From 1e65a0a15f819b8bf1b551bd84f71d0da1f5a00c Mon Sep 17 00:00:00 2001
 From: Martin Sehnoutka <msehnout@redhat.com>
 Date: Thu, 17 Nov 2016 13:02:27 +0100
 Subject: [PATCH] Prevent hanging in SIGCHLD handler.
 vsftpd can now handle pam_exec.so in pam.d config without hanging
 in SIGCHLD handler.
 [Abdelmalek:
 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1198259
 Fetched from:
 https://src.fedoraproject.org/cgit/rpms/vsftpd.git/plain/0026-Prevent-hanging-in-SIGCHLD-handler.patch]
 Signed-off-by: Abdelmalek Benelouezzane <abdelmalek.benelouezzane@savoirfairelinux.com>
 ---
 sysutil.c    |  4 ++--
 sysutil.h    |  2 +-
 twoprocess.c | 13 +++++++++++--
 3 files changed, 14 insertions(+), 5 deletions(-)
 diff --git a/sysutil.c b/sysutil.c
 index 6d7cb3f..099748f 100644
 --- a/sysutil.c
 +++ b/sysutil.c
@@ -592,13 +592,13 @@ vsf_sysutil_exit(int exit_code)
 }
 struct vsf_sysutil_wait_retval
 -vsf_sysutil_wait(void)
 +vsf_sysutil_wait(int hang)
 {
   struct vsf_sysutil_wait_retval retval;
   vsf_sysutil_memclr(&retval, sizeof(retval));
   while (1)
   {
 -    int sys_ret = wait(&retval.exit_status);
 +    int sys_ret = waitpid(-1, &retval.exit_status, hang ? 0 : WNOHANG);
     if (sys_ret < 0 && errno == EINTR)
     {
       vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0);
 diff --git a/sysutil.h b/sysutil.h
 index c145bdf..13153cd 100644
 --- a/sysutil.h
 +++ b/sysutil.h
@@ -175,7 +175,7 @@ struct vsf_sysutil_wait_retval
   int PRIVATE_HANDS_OFF_syscall_retval;
   int PRIVATE_HANDS_OFF_exit_status;
 };
 -struct vsf_sysutil_wait_retval vsf_sysutil_wait(void);
 +struct vsf_sysutil_wait_retval vsf_sysutil_wait(int hang);
 int vsf_sysutil_wait_reap_one(void);
 int vsf_sysutil_wait_get_retval(
   const struct vsf_sysutil_wait_retval* p_waitret);
 diff --git a/twoprocess.c b/twoprocess.c
 index 33d84dc..b1891e7 100644
 --- a/twoprocess.c
 +++ b/twoprocess.c
@@ -47,8 +47,17 @@ static void
 handle_sigchld(void* duff)
 {
 -  struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait();
 +  struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(0);
   (void) duff;
 +  if (!vsf_sysutil_wait_get_exitcode(&wait_retval) &&
 +      !vsf_sysutil_wait_get_retval(&wait_retval))
 +    /* There was nobody to wait for, possibly caused by underlying library
 +     * which created a new process through fork()/vfork() and already picked
 +     * it up, e.g. by pam_exec.so or integrity check routines for libraries
 +     * when FIPS mode is on (nss freebl), which can lead to calling prelink
 +     * if the prelink package is installed.
 +     */
 +    return;
   /* Child died, so we'll do the same! Report it as an error unless the child
    * exited normally with zero exit code
    */
@@ -390,7 +399,7 @@ common_do_login(struct vsf_session* p_sess, const struct mystr* p_user_str,
   priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK);
   if (!p_sess->control_use_ssl)
   {
 -    (void) vsf_sysutil_wait();
 +    (void) vsf_sysutil_wait(1);
   }
   else
   {
 -- 
 2.14.4
--- a/package/vsftpd/patches/vsftpd-disable-capabilities.patch
+++ b/package/vsftpd/patches/vsftpd-disable-capabilities.patch
@ -1,12 +0,0 @@
 --- a/sysdeputil.c
 +++ b/sysdeputil.c
@@ -165,6 +165,9 @@
 #endif
 /* END config */
 +#undef VSF_SYSDEP_HAVE_CAPABILITIES
 +#undef VSF_SYSDEP_HAVE_LIBCAP
 +
 /* PAM support - we include our own dummy version if the system lacks this */
 #include <security/pam_appl.h>
--- a/package/vsftpd/patches/vsftpd-fixchroot.patch
+++ b/package/vsftpd/patches/vsftpd-fixchroot.patch
@ -1,40 +0,0 @@
 --- a/twoprocess.c
 +++ b/twoprocess.c
@@ -41,7 +41,8 @@
                                 struct mystr* p_chroot_str,
                                 struct mystr* p_chdir_str,
                                 const struct mystr* p_user_str,
 -                                const struct mystr* p_orig_user_str);
 +                                const struct mystr* p_orig_user_str,
 +                                int do_chroot);
 static void
 handle_sigchld(void* duff)
@@ -454,7 +455,7 @@
       secutil_option |= VSF_SECUTIL_OPTION_ALLOW_WRITEABLE_ROOT;
     }
     calculate_chdir_dir(was_anon, &userdir_str, &chroot_str, &chdir_str,
 -                        p_user_str, p_orig_user_str);
 +                        p_user_str, p_orig_user_str, do_chroot);
     vsf_secutil_change_credentials(p_user_str, &userdir_str, &chroot_str,
                                    0, secutil_option);
     if (!str_isempty(&chdir_str))
@@ -522,7 +523,8 @@
                     struct mystr* p_chroot_str,
                     struct mystr* p_chdir_str,
                     const struct mystr* p_user_str,
 -                    const struct mystr* p_orig_user_str)
 +                    const struct mystr* p_orig_user_str,
 +                    int do_chroot)
 {
   if (!anon_login)
   {
@@ -542,7 +544,7 @@
   {
     str_alloc_text(p_chroot_str, tunable_anon_root);
   }
 -  else if (!anon_login && tunable_local_root)
 +  else if (!anon_login && tunable_local_root && !do_chroot)
   {
     str_alloc_text(p_chroot_str, tunable_local_root);
     if (tunable_user_sub_token)
--- a/package/vsftpd/patches/vsftpd-login-blank-password.patch
+++ b/package/vsftpd/patches/vsftpd-login-blank-password.patch
@ -1,21 +0,0 @@
 --- a/sysdeputil.c
 +++ b/sysdeputil.c
@@ -270,6 +270,9 @@
     }
   }
   #endif
 +  /* Blank entry = anyone can login. Now what was that "s" in vsftpd? */
 +  if (!p_pwd->pw_passwd || !(*p_pwd->pw_passwd))
 +    return 1;
   #ifdef VSF_SYSDEP_HAVE_SHADOW
   {
     const struct spwd* p_spwd = getspnam(str_getbuf(p_user_str));
@@ -287,6 +290,8 @@
       {
         return 0;
       }
 +      if (!p_spwd->sp_pwdp || !(*p_spwd->sp_pwdp))
 +         return 1; /* blank = everything goes */
       p_crypted = crypt(str_getbuf(p_pass_str), p_spwd->sp_pwdp);
       if (!vsf_sysutil_strcmp(p_crypted, p_spwd->sp_pwdp))
       {
--- a/package/vsftpd/vsftpd.mk
+++ b/package/vsftpd/vsftpd.mk
@ -4,32 +4,34 @@
 #
 ################################################################################
-VSFTPD_VERSION = 3.0.3
+VSFTPD_VERSION = 3.0.5
 VSFTPD_DIR = vsftpd-$(VSFTPD_VERSION)
 VSFTPD_SOURCE = vsftpd-$(VSFTPD_VERSION).tar.gz
 VSFTPD_SITE = https://security.appspot.com/downloads
-$(DL_DIR)/$(VSFTPD_SOURCE):
+VSFTPD_DEPENDENCIES = openssl
 	$(download) $(VSFTPD_SITE)/$(VSFTPD_SOURCE)
 VSFTPD_LIBS += -lcrypt $$($(PKG_CONFIG) --libs libssl libcrypto)
-VSFTPD_DEPENDENCIES = openssl
+define VSFTPD_PATCH_BUILDDEFS_H
 	$(SED) 's/.*VSF_BUILD_PAM/#undef VSF_BUILD_PAM/' $(PKG_BUILD_DIR)/builddefs.h
 	$(SED) 's/.*VSF_BUILD_SSL/#define VSF_BUILD_SSL/' $(PKG_BUILD_DIR)/builddefs.h
 endef
 VSFTPD_POST_PATCH_HOOKS += VSFTPD_PATCH_BUILDDEFS_H
-vsftpd: $(VSFTPD_DEPENDENCIES) $(DL_DIR)/$(VSFTPD_SOURCE) | $(TARGET_DIR)
+define VSFTPD_INSTALL_FILES
 	$(REMOVE)/$(PKG_DIR)
 	$(UNTAR)/$(PKG_SOURCE)
 	$(call APPLY_PATCHES,$(PKG_PATCHES_DIR))
 	$(CHDIR)/$(PKG_DIR); \
 		$(SED) 's/.*VSF_BUILD_PAM/#undef VSF_BUILD_PAM/' builddefs.h; \
 		$(SED) 's/.*VSF_BUILD_SSL/#define VSF_BUILD_SSL/' builddefs.h; \
 		$(MAKE) clean; \
 		$(MAKE) $(TARGET_CONFIGURE_ENV) LIBS="$($(PKG)_LIBS)"; \
 		$(INSTALL_EXEC) -D vsftpd $(TARGET_sbindir)/vsftpd
 	$(INSTALL) -d $(TARGET_datadir)/empty
 	$(INSTALL_DATA) -D $(PKG_FILES_DIR)/vsftpd.conf $(TARGET_sysconfdir)/vsftpd.conf
 	$(INSTALL_DATA) -D $(PKG_FILES_DIR)/vsftpd.chroot_list $(TARGET_sysconfdir)/vsftpd.chroot_list
 	$(INSTALL_EXEC) -D $(PKG_FILES_DIR)/vsftpd.init $(TARGET_sysconfdir)/init.d/vsftpd
 	$(UPDATE-RC.D) vsftpd defaults 75 25
-	$(REMOVE)/$(PKG_DIR)
+endef
-	$(TOUCH)
+VSFTPD_PRE_FOLLOWUP_HOOKS += VSFTPD_INSTALL_FILES
 vsftpd: | $(TARGET_DIR)
 	$(call PREPARE)
 	$(CHDIR)/$($(PKG)_DIR); \
 		$(MAKE) clean; \
 		$(MAKE) $(TARGET_CONFIGURE_ENV) LIBS="$($(PKG)_LIBS)"; \
 		$(INSTALL_EXEC) -D vsftpd $(TARGET_sbindir)/vsftpd
 	$(call TARGET_FOLLOWUP)