summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-daemons/vsftpd
Commit message (Collapse)AuthorAgeFilesLines
* recipes: Fix variable assignment whitespaceRichard Purdie2025-03-201-2/+2
| | | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Start WORKDIR -> UNPACKDIR transitionKhem Raj2024-05-231-6/+6
| | | | | | | Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* *.patch: add Upstream-Status to all patchesMartin Jansa2023-06-211-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is new patch-status QA check in oe-core: https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a This is temporary work around just to hide _many_ warnings from optional patch-status (if you add it to WARN_QA). This just added Upstream-Status: Pending everywhere without actually investigating what's the proper status. This is just to hide current QA warnings and to catch new .patch files being added without Upstream-Status, but the number of Pending patches is now terrible: 5 (26%) meta-xfce 6 (50%) meta-perl 15 (42%) meta-webserver 21 (36%) meta-gnome 25 (57%) meta-filesystems 26 (43%) meta-initramfs 45 (45%) meta-python 47 (55%) meta-multimedia 312 (63%) meta-networking 756 (61%) meta-oe Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vsftpd_3.0.5.bb: Define _LARGEFILE64_SOURCE on muslKhem Raj2022-12-311-1/+1
| | | | | | Needed for F_SETLKW64 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update LICENSE variable to use SPDX license identifiersKhem Raj2022-03-041-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vsftpd: Upgrade to 3.0.5Mingli Yu2021-08-2311-101/+1
| | | | | | | | | Drop 2 seccomp patches as seccomp sandbox policy tweaks in new version [1]. [1] https://security.appspot.com/vsftpd/Changelog.txt Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-031-10/+10
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* vsftpd: allow newfstatat and pselect6 syscalls in the seccomp sandboxYi Zhao2021-02-282-0/+52
| | | | | | | | | | | | | | | | | | | | Allow newfstatat and pselect6 in the seccomp sanbox for glibc 2.33. Fixes the following OOPS error: root@qemux86-64:~# tnftp 192.168.1.1 Connected to 192.168.1.1. 220 (vsFTPd 3.0.3) Name (192.168.1.1:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls OOPS: priv_sock_get_cmd Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vsftpd: allow getdents64 in the seccomp sandboxMingli Yu2018-11-293-44/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | seccomp is activated by default in vsftpd and this has caused compatibility issues with some kernel versions. This was fixed as one can see as https://bugzilla.redhat.com/show_bug.cgi?id=845980, but can still cause issues with newer kernels with kernel 4.18+. And there is even a patch 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch in fedora[https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Everything/source/tree/Packages/v/vsftpd-3.0.3-28.fc29.src.rpm] turning off seccomp sandbox for vsftpd by default as below which means fedora doesn't limit the syscall any more by default. [snip] - tunable_seccomp_sandbox = 1; + tunable_seccomp_sandbox = 0; tunable_allow_writeable_chroot = 0; tunable_accept_timeout = 60; [snip] Refresh 0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch to allow one more syscall getdents64 in the seccomp sandbox apart from the previous one in below commit: fbffcf3f3 vsftpd: allow sysinfo() in the seccomp sandbox before this patch: root@qemux86-64:~# tnftp 127.0.0.1 Connected to 127.0.0.1. 220 (vsFTPd 3.0.3) Name (127.0.0.1:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 229 Entering Extended Passive Mode (|||8352|) 150 Here comes the directory listing. 500 OOPS: priv_sock_get_cmd ftp> after this patch: root@qemux86-64:~# tnftp 127.0.0.1 Connected to 127.0.0.1. 220 (vsFTPd 3.0.3) Name (127.0.0.1:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 229 Entering Extended Passive Mode (|||22610|) 150 Here comes the directory listing. 226 Directory send OK. ftp> Reference: https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon#vsftpd:_Error_500_with_kernel_4.18+ Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vsftpd: Fix build with musl/x86Khem Raj2018-09-241-1/+1
| | | | | | | | | | | | F_SETLKW64 and F_SETLK64 are defined in include/asm-generic/fcntl.h on musl target but just including this header does not work since both include/asm-generic/fcntl.h and include/fcntl.h define same structures resulting in conflicting declaration of structs. Having local definitions of these values seems reasonable here. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vsftpd: add UPSTREAM_CHECK_URIYi Zhao2018-05-291-0/+3
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vsftpd: refresh patchesArmin Kuster2018-04-139-55/+105
| | | | | | | | | | | | | | | | | | | | | | | WARNING: Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. The context lines in the patches can be updated with devtool: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Then the updated patches and the source tree (in devtool's workspace) should be reviewed to make sure the patches apply in the correct place and don't introduce duplicate lines (which can, and does happen when some of the context is ignored). Further information: http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Details: checking file Makefile Hunk #1 succeeded at 29 with fuzz 1 (offset 5 lines). and others Signed-off-by: Armin Kuster <akuster808@gmail.com>
* vsftpd: link with wrap when tcp-wrappers configuredAthanasios Oikonomou2017-09-121-1/+2
| | | | | | | | | By default we do not build vsftpd with tcp-wrappers, so we should not include lib wrap. Make lib wrap optional depending on tcp-wrappers PACKAGECONFIG. Signed-off-by: Athanasios Oikonomou <athoik@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* vsftpd: Fix build with muslKhem Raj2017-04-252-3/+32
| | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* vsftpd: allow sysinfo() in the seccomp sandboxMingli Yu2016-09-122-0/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Allow sysinfo() in the seccomp sandbox otherwise comes below OOPS: priv_sock_get_cmd as the syscall sysinfo() not allowed tnftp 192.168.1.1 Connected to 192.168.1.1. 220 (vsFTPd 3.0.3) Name (192.168.1.1:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> prompt Interactive mode off. ftp> mget small* OOPS: priv_sock_get_cmd * use "strace -ff /usr/sbin/vsftpd" to track in both seccomp sandbox on and seccomp sandbox off (add seccomp_sandbox=NO in /etc/vsftpd.conf) scenarios when type the commands at ftp client as above, the ftp connection at server side ends up each time with SIGSYS when call sysinfo() syscall in seccomp sandbox on case, so we need to add sysinfo() in the seccomp sandbox if still use seccomp sandbox for vsftpd * The issue still exists in other distribution, Please check https://bugzilla.redhat.com/show_bug.cgi?id=845980 for details And check ftp://195.220.108.108/linux/fedora/linux/updates/\ 24/SRPMS/p/proftpd-1.3.5b-2.fc24.src.rpm for fedora, there is even a patch vsftpd-3.0.2-seccomp.patch as below to turn off seccomp sandbox for vsftpd by default which also means fedora doesn't limit the syscall any more by default. From dd86a1c28f11fa67b1263d5dc79fa9953629d30d Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka <msehnout@redhat.com> Date: Fri, 8 Apr 2016 15:03:16 +0200 Subject: [PATCH 1/7] vsftpd-3.0.2-seccomp --- tunables.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tunables.c b/tunables.c index 93f85b1..b024be4 100644 --- a/tunables.c +++ b/tunables.c @@ -232,7 +232,7 @@ tunables_load_defaults() tunable_isolate_network = 1; tunable_ftp_enable = 1; tunable_http_enable = 0; - tunable_seccomp_sandbox = 1; + tunable_seccomp_sandbox = 0; tunable_allow_writeable_chroot = 0; tunable_accept_timeout = 60; Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* meta-oe: fix indentationMartin Jansa2016-08-221-5/+5
| | | | | | | | * remove tabs which sneaked in since last cleanup * meta-oe layers are using consistent indentation with 4 spaces, see http://www.openembedded.org/wiki/Styleguide Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* meta-networking: use bb.utils.contains() instead of base_contains()Ross Burton2016-05-051-7/+7
| | | | | | | | | base_contains() is a compatibility wrapper and may warn in the future, so replace all instances with bb.utils.contains(). Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* vsftpd: Explicitly set EXTRA_OEMAKE as requiredMike Crowe2016-02-221-0/+2
| | | | | | | | | | This recipe currently relies on EXTRA_OEMAKE having been to set to "-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make this explicit so that the default in bitbake.conf can be changed. Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* vsftpd: upgrade 3.0.2->3.0.3leimaohui2015-08-068-2/+2
| | | | | | Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* meta-networking: standardize SECTION valuesJoe MacDonald2015-06-051-1/+1
| | | | | | | SECTION has been used inconsistently throughout the recipes in this layer. Convert them to all use the same convention. Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* vsftpd: fix the CVE-2015-1419Roy Li2015-05-082-0/+78
| | | | | | | | | Taken Patch from fedora to fix CVE-2015-1419, deny_file parsing to do more what is expected. Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* vsftpd / init: add LSB init infosWenzong Fan2015-04-151-0/+9
| | | | | | | | Keep compatibility with chkconfig tool. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* vsftpd: add systemd service fileChen Qi2014-10-042-1/+18
| | | | | | | Add systemd service for vsftpd. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* vsftpd: fix pkg_postinstChen Qi2014-10-041-5/+4
| | | | | | | | | Fix pkg_postinst to not exit if "$D" is not empty. Otherwise, postinsts from update-rc.d.bbclass would not run and the symlinks under /etc/rc?.d/ would not be created. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* vftpd: update to version 3.0.2Joe Slater2014-09-237-2/+3
| | | | | | | | No changes other than source checksum. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* vsftpd: fix install warningWenzong Fan2014-07-221-1/+15
| | | | | | | | | | WARNING: QA Issue: vsftpd: Files/directories were installed but not shipped /run /run/vsftpd /run/vsftpd/empty Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* ntp: comment out the invalid serverRoy Li2013-11-291-0/+1
| | | | | | | | | | | | | When ntpd starts, it will create a daemon to connect this invalid server, and fail, then ntpd will create other daemon to connect the local-only (127.127.1.0) server. The users should be aware that they need to configure the correct ntp servers, a invalid server will lead to a redundant daemon, so it is better to comment this example server to wait user to configure Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* vsftpd: use quotes to wrap variableRoy Li2013-10-181-1/+1
| | | | | | | | | | "test -z ${PAMLIB}" in do_install() may report error if ${PAMLIB} has space chars. This commit added double quotes to wrap it in case of errors. Signed-off-by: Qiang Chen <qiang.chen@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* vsftpd: change default secure_chroot_dirMing Liu2013-09-233-1/+61
| | | | | | | | | | | Change default value of secure_chroot_dir to /var/run/vsftpd/empty, add volatiles entry for it, to ensure it won't fail to start with error: "500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/var/share/empty" This shows up in both standalone mode or started by xined. Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* Upgrade vsftpd to 3.0.0Roy.Li2013-07-1911-63/+199
| | | | | | | | | | | | Upgrade vsftpd to 3.0.0 with below modification: 1. more strict access limitation, like: do not allow anonymous access 2. use vsftpd.ftpusers and vsftpd.user_list to confine user access 3. enable pam if DISTRO_FEATURE includes pam 4. enable tcp-wrapper 5. install vsftpd.conf with 0600 permission, not 0755 Signed-off-by: Roy.Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
* vsftpd: add missing dependency on opensslMartin Jansa2013-07-021-1/+1
| | | | | | | | | | | * Fails without openssl in sysroot: | i586-webos-linux-gcc -m32 -march=i586 --sysroot=/OE/sysroots/qemux86 -o vsftpd main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o tunables.o ftpdataio.o secbuf.o ls.o postprivparent.o logging.o str.o netstr.o sysstr.o strlist.o banner.o filestr.o parseconf.o secutil.o ascii.o oneprocess.o twoprocess.o privops.o standalone.o hash.o tcpwrap.o ipaddrparse.o access.o features.o readwrite.o opts.o ssl.o sslslave.o ptracesandbox.o ftppolicy.o sysutil.o sysdeputil.o -lssl -lcrypto -lnsl -lresolv -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -lcrypt -lcap | /OE/sysroots/x86_64-linux/usr/libexec/i586-webos-linux/gcc/i586-webos-linux/4.7.2/ld: cannot find -lssl | /OE/sysroots/x86_64-linux/usr/libexec/i586-webos-linux/gcc/i586-webos-linux/4.7.2/ld: cannot find -lcrypto | collect2: error: ld returned 1 exit status Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
* vsftpd: move from meta-oe to meta-networking and tweakPaul Eggleton2013-04-197-0/+298
* Fix stripped file QA warning * Add proper headers to patches (and split makefile.patch into two parts, one of which may be upstreamable) * Use PV in SRC_URI instead of hardcoded version * Move SRC_URI checksums up next to SRC_URI * Set SUMMARY instead of DESCRIPTION Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-19 10:04:45 +0000