summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb
Commit message (Collapse)AuthorAgeFilesLines
* vsftpd: Upgrade to 3.0.5Mingli Yu2021-08-231-116/+0
| | | | | | | | | Drop 2 seccomp patches as seccomp sandbox policy tweaks in new version [1]. [1] https://security.appspot.com/vsftpd/Changelog.txt Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-031-10/+10
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* vsftpd: allow newfstatat and pselect6 syscalls in the seccomp sandboxYi Zhao2021-02-281-0/+1
| | | | | | | | | | | | | | | | | | | | Allow newfstatat and pselect6 in the seccomp sanbox for glibc 2.33. Fixes the following OOPS error: root@qemux86-64:~# tnftp 192.168.1.1 Connected to 192.168.1.1. 220 (vsFTPd 3.0.3) Name (192.168.1.1:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls OOPS: priv_sock_get_cmd Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vsftpd: allow getdents64 in the seccomp sandboxMingli Yu2018-11-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | seccomp is activated by default in vsftpd and this has caused compatibility issues with some kernel versions. This was fixed as one can see as https://bugzilla.redhat.com/show_bug.cgi?id=845980, but can still cause issues with newer kernels with kernel 4.18+. And there is even a patch 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch in fedora[https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Everything/source/tree/Packages/v/vsftpd-3.0.3-28.fc29.src.rpm] turning off seccomp sandbox for vsftpd by default as below which means fedora doesn't limit the syscall any more by default. [snip] - tunable_seccomp_sandbox = 1; + tunable_seccomp_sandbox = 0; tunable_allow_writeable_chroot = 0; tunable_accept_timeout = 60; [snip] Refresh 0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch to allow one more syscall getdents64 in the seccomp sandbox apart from the previous one in below commit: fbffcf3f3 vsftpd: allow sysinfo() in the seccomp sandbox before this patch: root@qemux86-64:~# tnftp 127.0.0.1 Connected to 127.0.0.1. 220 (vsFTPd 3.0.3) Name (127.0.0.1:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 229 Entering Extended Passive Mode (|||8352|) 150 Here comes the directory listing. 500 OOPS: priv_sock_get_cmd ftp> after this patch: root@qemux86-64:~# tnftp 127.0.0.1 Connected to 127.0.0.1. 220 (vsFTPd 3.0.3) Name (127.0.0.1:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 229 Entering Extended Passive Mode (|||22610|) 150 Here comes the directory listing. 226 Directory send OK. ftp> Reference: https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon#vsftpd:_Error_500_with_kernel_4.18+ Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vsftpd: Fix build with musl/x86Khem Raj2018-09-241-1/+1
| | | | | | | | | | | | F_SETLKW64 and F_SETLK64 are defined in include/asm-generic/fcntl.h on musl target but just including this header does not work since both include/asm-generic/fcntl.h and include/fcntl.h define same structures resulting in conflicting declaration of structs. Having local definitions of these values seems reasonable here. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vsftpd: add UPSTREAM_CHECK_URIYi Zhao2018-05-291-0/+3
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vsftpd: link with wrap when tcp-wrappers configuredAthanasios Oikonomou2017-09-121-1/+2
| | | | | | | | | By default we do not build vsftpd with tcp-wrappers, so we should not include lib wrap. Make lib wrap optional depending on tcp-wrappers PACKAGECONFIG. Signed-off-by: Athanasios Oikonomou <athoik@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* vsftpd: Fix build with muslKhem Raj2017-04-251-3/+4
| | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* vsftpd: allow sysinfo() in the seccomp sandboxMingli Yu2016-09-121-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Allow sysinfo() in the seccomp sandbox otherwise comes below OOPS: priv_sock_get_cmd as the syscall sysinfo() not allowed tnftp 192.168.1.1 Connected to 192.168.1.1. 220 (vsFTPd 3.0.3) Name (192.168.1.1:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> prompt Interactive mode off. ftp> mget small* OOPS: priv_sock_get_cmd * use "strace -ff /usr/sbin/vsftpd" to track in both seccomp sandbox on and seccomp sandbox off (add seccomp_sandbox=NO in /etc/vsftpd.conf) scenarios when type the commands at ftp client as above, the ftp connection at server side ends up each time with SIGSYS when call sysinfo() syscall in seccomp sandbox on case, so we need to add sysinfo() in the seccomp sandbox if still use seccomp sandbox for vsftpd * The issue still exists in other distribution, Please check https://bugzilla.redhat.com/show_bug.cgi?id=845980 for details And check ftp://195.220.108.108/linux/fedora/linux/updates/\ 24/SRPMS/p/proftpd-1.3.5b-2.fc24.src.rpm for fedora, there is even a patch vsftpd-3.0.2-seccomp.patch as below to turn off seccomp sandbox for vsftpd by default which also means fedora doesn't limit the syscall any more by default. From dd86a1c28f11fa67b1263d5dc79fa9953629d30d Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka <msehnout@redhat.com> Date: Fri, 8 Apr 2016 15:03:16 +0200 Subject: [PATCH 1/7] vsftpd-3.0.2-seccomp --- tunables.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tunables.c b/tunables.c index 93f85b1..b024be4 100644 --- a/tunables.c +++ b/tunables.c @@ -232,7 +232,7 @@ tunables_load_defaults() tunable_isolate_network = 1; tunable_ftp_enable = 1; tunable_http_enable = 0; - tunable_seccomp_sandbox = 1; + tunable_seccomp_sandbox = 0; tunable_allow_writeable_chroot = 0; tunable_accept_timeout = 60; Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* meta-oe: fix indentationMartin Jansa2016-08-221-5/+5
| | | | | | | | * remove tabs which sneaked in since last cleanup * meta-oe layers are using consistent indentation with 4 spaces, see http://www.openembedded.org/wiki/Styleguide Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* meta-networking: use bb.utils.contains() instead of base_contains()Ross Burton2016-05-051-7/+7
| | | | | | | | | base_contains() is a compatibility wrapper and may warn in the future, so replace all instances with bb.utils.contains(). Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* vsftpd: Explicitly set EXTRA_OEMAKE as requiredMike Crowe2016-02-221-0/+2
| | | | | | | | | | This recipe currently relies on EXTRA_OEMAKE having been to set to "-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make this explicit so that the default in bitbake.conf can be changed. Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* vsftpd: upgrade 3.0.2->3.0.3leimaohui2015-08-061-0/+107
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>