You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

94 lines
2.2 KiB

vsftpd: update to 3.0.3 Update vsftpd to 3.0.3 released in July 2015. Changelog: https://security.appspot.com/vsftpd/Changelog.txt Release blog: http://scarybeastsecurity.blogspot.fi/2015/07/vsftpd-303-released-and-horrors-of-ftp.html - Increase VSFTP_AS_LIMIT to 200MB; various reports. - Make the PWD response more RFC compliant; report from Barry Kelly <barry@modeltwozero.com>. - Remove the trailing period from EPSV response to work around BT Internet issues; report from Tim Bishop <tdb@mirrorservice.org>. - Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil <mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now. - Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I probably have a different distro / libc / etc. and there are multiple reports. - Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle this case gracefully. Report from Vasily Averin <vvs@odin.com>. - List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. - Make some compile-time SSL defaults (such as correct client shutdown handling) stricter. - Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms delays. From Tim Kosse <tim.kosse@filezilla-project.org>. - Kill the FTP session if we see HTTP protocol commands, to avoid cross-protocol attacks. A report from Jann Horn <jann@thejh.net>. - Kill the FTP session if we see session re-use failure. A report from Tim Kosse <tim.kosse@filezilla-project.org>. (vsftpd-3.0.3pre1) - Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>. - Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384. - Minor SSL logging improvements. - Un-default tunable_strict_ssl_write_shutdown again. We still have tunable_strict_ssl_read_eof defaulted now, which is the important one to prove upload integrity. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
10 years ago
vsftpd: update to 3.0.3 Update vsftpd to 3.0.3 released in July 2015. Changelog: https://security.appspot.com/vsftpd/Changelog.txt Release blog: http://scarybeastsecurity.blogspot.fi/2015/07/vsftpd-303-released-and-horrors-of-ftp.html - Increase VSFTP_AS_LIMIT to 200MB; various reports. - Make the PWD response more RFC compliant; report from Barry Kelly <barry@modeltwozero.com>. - Remove the trailing period from EPSV response to work around BT Internet issues; report from Tim Bishop <tdb@mirrorservice.org>. - Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil <mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now. - Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I probably have a different distro / libc / etc. and there are multiple reports. - Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle this case gracefully. Report from Vasily Averin <vvs@odin.com>. - List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. - Make some compile-time SSL defaults (such as correct client shutdown handling) stricter. - Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms delays. From Tim Kosse <tim.kosse@filezilla-project.org>. - Kill the FTP session if we see HTTP protocol commands, to avoid cross-protocol attacks. A report from Jann Horn <jann@thejh.net>. - Kill the FTP session if we see session re-use failure. A report from Tim Kosse <tim.kosse@filezilla-project.org>. (vsftpd-3.0.3pre1) - Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>. - Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384. - Minor SSL logging improvements. - Un-default tunable_strict_ssl_write_shutdown again. We still have tunable_strict_ssl_read_eof defaulted now, which is the important one to prove upload integrity. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
10 years ago
  1. #
  2. # Copyright (C) 2006-2015 OpenWrt.org
  3. #
  4. # This is free software, licensed under the GNU General Public License v2.
  5. # See /LICENSE for more information.
  6. #
  7. include $(TOPDIR)/rules.mk
  8. PKG_NAME:=vsftpd
  9. PKG_VERSION:=3.0.3
  10. PKG_RELEASE:=1
  11. PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
  12. PKG_SOURCE_URL:=https://security.appspot.com/downloads/
  13. PKG_MD5SUM:=da119d084bd3f98664636ea05b5bb398
  14. PKG_LICENSE:=GPLv2
  15. PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
  16. include $(INCLUDE_DIR)/package.mk
  17. define Package/vsftpd/Default
  18. SUBMENU:=File Transfer
  19. SECTION:=net
  20. CATEGORY:=Network
  21. TITLE:=A fast and secure FTP server
  22. URL:=http://vsftpd.beasts.org/
  23. MAINTAINER:=Cezary Jackiewicz <cezary@eko.one.pl>
  24. endef
  25. define Package/vsftpd
  26. $(call Package/vsftpd/Default)
  27. VARIANT:=notls
  28. TITLE+= (no TLS)
  29. endef
  30. define Package/vsftpd-tls
  31. $(call Package/vsftpd/Default)
  32. VARIANT:=tls
  33. TITLE+= (TLS)
  34. DEPENDS+=+libopenssl
  35. endef
  36. define Package/vsftpd/conffiles
  37. /etc/vsftpd.conf
  38. endef
  39. Package/vsftpd-tls/conffiles=$(Package/vsftpd/conffiles)
  40. ifneq ($(CONFIG_USE_MUSL),)
  41. NLSSTRING:=-lcrypt
  42. else
  43. NLSSTRING:=-lcrypt -lnsl
  44. endif
  45. ifeq ($(BUILD_VARIANT),notls)
  46. define Build/Compile
  47. $(SED) 's/-lcrypt -lnsl/$(NLSSTRING)/' $(PKG_BUILD_DIR)/Makefile
  48. $(MAKE) -C $(PKG_BUILD_DIR) \
  49. CC="$(TARGET_CC)" \
  50. CFLAGS="$(TARGET_CFLAGS)" \
  51. LDFLAGS="$(TARGET_LDFLAGS)" \
  52. vsftpd
  53. endef
  54. endif
  55. ifeq ($(BUILD_VARIANT),tls)
  56. define Build/Compile
  57. $(SED) 's/#undef VSF_BUILD_SSL/#define VSF_BUILD_SSL/' $(PKG_BUILD_DIR)/builddefs.h
  58. $(SED) 's/-lcrypt -lnsl/-lcrypt -lnsl -lssl -lcrypto/' $(PKG_BUILD_DIR)/Makefile
  59. $(SED) 's/-lcrypt -lnsl/$(NLSSTRING)/' $(PKG_BUILD_DIR)/Makefile
  60. $(MAKE) -C $(PKG_BUILD_DIR) \
  61. CC="$(TARGET_CC)" \
  62. CFLAGS="$(TARGET_CFLAGS)" \
  63. LDFLAGS="$(TARGET_LDFLAGS)" \
  64. vsftpd
  65. endef
  66. endif
  67. define Package/vsftpd/install
  68. $(INSTALL_DIR) $(1)/usr/sbin
  69. $(INSTALL_BIN) $(PKG_BUILD_DIR)/$(PKG_NAME) $(1)/usr/sbin/
  70. $(INSTALL_DIR) $(1)/etc
  71. $(INSTALL_CONF) ./files/$(PKG_NAME).conf $(1)/etc/$(PKG_NAME).conf
  72. $(INSTALL_DIR) $(1)/etc/init.d
  73. $(INSTALL_BIN) ./files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME)
  74. endef
  75. Package/vsftpd-tls/install=$(Package/vsftpd/install)
  76. $(eval $(call BuildPackage,vsftpd))
  77. $(eval $(call BuildPackage,vsftpd-tls))