git: 82cb642207a6 - main - ftp/vsftpd: add full dual stack support
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 13 Feb 2023 12:38:42 UTC
The branch main has been updated by dinoex:
URL: https://cgit.FreeBSD.org/ports/commit/?id=82cb642207a679e6bbbd8fe3caea178f00818ffe
commit 82cb642207a679e6bbbd8fe3caea178f00818ffe
Author: Dirk Meyer <dinoex@FreeBSD.org>
AuthorDate: 2023-02-13 12:37:48 +0000
Commit: Dirk Meyer <dinoex@FreeBSD.org>
CommitDate: 2023-02-13 12:37:48 +0000
ftp/vsftpd: add full dual stack support
make option PIDFILE default
add second binary and config for full dual stack support
use @sample
fix build for FreeBSD-14
support: USERS and GROUPS
PR: 257803
---
ftp/vsftpd/Makefile | 29 +++++++++++++++-----------
ftp/vsftpd/files/chroot.conf | 7 +++++++
ftp/vsftpd/files/listen.conf | 5 +++++
ftp/vsftpd/files/listen6.conf | 5 +++++
ftp/vsftpd/files/patch-ssl.c | 22 ++++++++++++++++++++
ftp/vsftpd/files/pidfile.conf | 6 ++++++
ftp/vsftpd/files/vsftpd6.in | 48 +++++++++++++++++++++++++++++++++++++++++++
ftp/vsftpd/pkg-plist | 8 +++-----
8 files changed, 113 insertions(+), 17 deletions(-)
diff --git a/ftp/vsftpd/Makefile b/ftp/vsftpd/Makefile
index 06994ea91785..266693ae4aab 100644
--- a/ftp/vsftpd/Makefile
+++ b/ftp/vsftpd/Makefile
@@ -1,5 +1,6 @@
PORTNAME= vsftpd
PORTVERSION= 3.0.5
+PORTREVISION= 1
CATEGORIES= ftp
MASTER_SITES= https://security.appspot.com/downloads/ \
GENTOO
@@ -11,11 +12,11 @@ WWW= https://security.appspot.com/vsftpd.html
LICENSE= GPLv2
-#USERS= ftp
-#GROUPS= ftp
+USERS= ftp
+GROUPS= ftp
USES= cpe alias
ALL_TARGET= vsftpd
-USE_RC_SUBR= vsftpd
+USE_RC_SUBR= vsftpd vsftpd6
DOCFILES= AUDIT BENCHMARKS BUGS Changelog FAQ INSTALL LICENSE \
README README.security README.ssl REFS REWARD \
SIZE SPEED TODO TUNING
@@ -23,7 +24,7 @@ DOCFILES= AUDIT BENCHMARKS BUGS Changelog FAQ INSTALL LICENSE \
CPE_VENDOR= vsftpd_project
OPTIONS_DEFINE= VSFTPD_SSL PIDFILE STACKPROTECTOR DOCS
-OPTIONS_DEFAULT?= VSFTPD_SSL STACKPROTECTOR
+OPTIONS_DEFAULT?= VSFTPD_SSL PIDFILE STACKPROTECTOR
NO_OPTIONS_SORT=yes
VSFTPD_SSL_DESC=Include support for SSL
@@ -78,17 +79,21 @@ do-configure:
-e "s| -Wl,-s| ${VSFTPD_LIBS}|" \
${WRKSRC}/Makefile
${REINPLACE_CMD} -e '/-lutil/d' ${WRKSRC}/vsf_findlibs.sh
- @${ECHO_CMD} "secure_chroot_dir=${PREFIX}/share/vsftpd/empty" >> \
- ${WRKSRC}/vsftpd.conf
- @${ECHO_CMD} >>${WRKSRC}/vsftpd.conf ""
- @${ECHO_CMD} >>${WRKSRC}/vsftpd.conf \
- "# If using vsftpd in standalone mode, uncomment the next two lines:"
- @${ECHO_CMD} >>${WRKSRC}/vsftpd.conf "# listen=YES"
- @${ECHO_CMD} >>${WRKSRC}/vsftpd.conf "# background=YES"
+ ${CAT} ${FILESDIR}/chroot.conf >> ${WRKSRC}/vsftpd.conf
+ ${CP} ${WRKSRC}/vsftpd.conf ${WRKSRC}/vsftpd6.conf
+.if ${PORT_OPTIONS:MPIDFILE}
+ ${CAT} ${FILESDIR}/pidfile.conf >> ${WRKSRC}/vsftpd.conf
+ ${SED} -e 's|vsftpd.pid|vsftpd6.pid|' ${FILESDIR}/pidfile.conf \
+ >> ${WRKSRC}/vsftpd6.conf
+.endif
+ ${CAT} ${FILESDIR}/listen.conf >> ${WRKSRC}/vsftpd.conf
+ ${CAT} ${FILESDIR}/listen6.conf >> ${WRKSRC}/vsftpd6.conf
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/vsftpd ${STAGEDIR}${PREFIX}/libexec/
- ${INSTALL_DATA} ${WRKSRC}/vsftpd.conf ${STAGEDIR}${PREFIX}/etc/vsftpd.conf.dist
+ ${LN} ${STAGEDIR}${PREFIX}/libexec/vsftpd ${STAGEDIR}${PREFIX}/libexec/vsftpd6
+ ${INSTALL_DATA} ${WRKSRC}/vsftpd.conf ${STAGEDIR}${PREFIX}/etc/vsftpd.conf.sample
+ ${INSTALL_DATA} ${WRKSRC}/vsftpd6.conf ${STAGEDIR}${PREFIX}/etc/vsftpd6.conf.sample
${INSTALL_MAN} ${WRKSRC}/vsftpd.conf.5 ${STAGEDIR}${PREFIX}/man/man5/
${INSTALL_MAN} ${WRKSRC}/vsftpd.8 ${STAGEDIR}${PREFIX}/man/man8/
${MKDIR} ${STAGEDIR}/var/ftp ${STAGEDIR}${PREFIX}/share/vsftpd/empty
diff --git a/ftp/vsftpd/files/chroot.conf b/ftp/vsftpd/files/chroot.conf
new file mode 100644
index 000000000000..6756a5256231
--- /dev/null
+++ b/ftp/vsftpd/files/chroot.conf
@@ -0,0 +1,7 @@
+
+# This option should be the name of a directory which is empty.
+# Also, the directory should not be writable by the ftp user. This
+# directory is used as a secure chroot() jail at times vsftpd does
+# not require filesystem access.
+secure_chroot_dir=/usr/local/share/vsftpd/empty
+
diff --git a/ftp/vsftpd/files/listen.conf b/ftp/vsftpd/files/listen.conf
new file mode 100644
index 000000000000..4af4d079c871
--- /dev/null
+++ b/ftp/vsftpd/files/listen.conf
@@ -0,0 +1,5 @@
+
+# If using vsftpd in standalone mode, uncomment the next two lines:
+# listen=YES
+# background=YES
+
diff --git a/ftp/vsftpd/files/listen6.conf b/ftp/vsftpd/files/listen6.conf
new file mode 100644
index 000000000000..85ec034a61ee
--- /dev/null
+++ b/ftp/vsftpd/files/listen6.conf
@@ -0,0 +1,5 @@
+
+# If using vsftpd6 in standalone mode, uncomment the next two lines:
+listen_ipv6=YES
+background=YES
+
diff --git a/ftp/vsftpd/files/patch-ssl.c b/ftp/vsftpd/files/patch-ssl.c
index c5d1cb7be75f..5ff044dab8d5 100644
--- a/ftp/vsftpd/files/patch-ssl.c
+++ b/ftp/vsftpd/files/patch-ssl.c
@@ -1,5 +1,18 @@
--- ssl.c.orig 2021-08-02 06:24:35 UTC
+++ ssl.c
+@@ -31,10 +31,10 @@
+ #include <errno.h>
+ #include <limits.h>
+
+-static char* get_ssl_error();
++static char* get_ssl_error(void);
+ static SSL* get_ssl(struct vsf_session* p_sess, int fd);
+ static int ssl_session_init(struct vsf_session* p_sess);
+-static void setup_bio_callbacks();
++static void setup_bio_callbacks(SSL* p_ssl);
+ static long bio_callback(
+ BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval);
+ static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx);
@@ -93,10 +93,12 @@ ssl_init(struct vsf_session* p_sess)
{
options |= SSL_OP_NO_TLSv1_2;
@@ -13,3 +26,12 @@
SSL_CTX_set_options(p_ctx, options);
if (tunable_rsa_cert_file)
{
+@@ -683,7 +685,7 @@ ssl_cert_digest(SSL* p_ssl, struct vsf_session* p_sess
+ }
+
+ static char*
+-get_ssl_error()
++get_ssl_error(void)
+ {
+ SSL_load_error_strings();
+ return ERR_error_string(ERR_get_error(), NULL);
diff --git a/ftp/vsftpd/files/pidfile.conf b/ftp/vsftpd/files/pidfile.conf
new file mode 100644
index 000000000000..71288a9035a3
--- /dev/null
+++ b/ftp/vsftpd/files/pidfile.conf
@@ -0,0 +1,6 @@
+
+# This option has efect only if background is set.
+# It writes pid of running daemon to file at the specified path.
+# Default: (none) (no pidfile is created)
+#pid_file=/var/run/vsftpd.pid
+
diff --git a/ftp/vsftpd/files/vsftpd6.in b/ftp/vsftpd/files/vsftpd6.in
new file mode 100644
index 000000000000..a9ed8625b043
--- /dev/null
+++ b/ftp/vsftpd/files/vsftpd6.in
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+# PROVIDE: vsftpd6
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+#
+# To enable 'vsftpd' in standalone mode, you need to edit two files.
+# 1. add the following line(s) to /etc/rc.conf to enable `vsftpd':
+#
+# vsftpd6_enable="YES"
+# vsftpd6_flags="-ooption=value" # Not required
+# vsftpd6_config="/some/path/conf.file" # Not required
+#
+
+. /etc/rc.subr
+
+name="vsftpd6"
+desc="Vsftpd FTP IPv6 Server"
+rcvar="vsftpd6_enable"
+
+load_rc_config "$name"
+
+: ${vsftpd6_enable:="NO"}
+: ${vsftpd6_config:="%%PREFIX%%/etc/$name.conf"}
+: ${vsftpd6_flags:=-olisten_ipv6=YES -obackground=YES}
+command="%%PREFIX%%/libexec/$name"
+required_files="${vsftpd6_config}"
+start_precmd="vsftpd6_check"
+extra_commands="reload"
+vsftpd6_flags="${vsftpd6_config} ${vsftpd6_flags}"
+
+vsftpd6_check()
+{
+ if grep -q "^ftp[ ]" /etc/inetd.conf
+ then
+ err 1 "ftp is already activated in /etc/inetd.conf"
+ fi
+ if ! egrep -q -i -E "^listen_ipv6.*=.*YES$" ${vsftpd6_config}
+ then
+ err 1 'vsftpd6 script need "listen=YES" in config file'
+ fi
+ if ! egrep -q -i -E "^background.*=.*YES$" ${vsftpd6_config}
+ then
+ err 1 'vsftpd6 script need "background=YES" in config file'
+ fi
+}
+
+run_rc_command "$1"
diff --git a/ftp/vsftpd/pkg-plist b/ftp/vsftpd/pkg-plist
index 0f3c55c7d8ea..830b1c012748 100644
--- a/ftp/vsftpd/pkg-plist
+++ b/ftp/vsftpd/pkg-plist
@@ -1,11 +1,9 @@
libexec/vsftpd
+libexec/vsftpd6
man/man5/vsftpd.conf.5.gz
man/man8/vsftpd.8.gz
-@preexec if ! pw groupshow ftp 2>/dev/null; then pw groupadd ftp -g 14; fi
-@preexec if ! pw usershow ftp 2>/dev/null; then pw useradd ftp -g ftp -u 14 -h - -d /var/ftp -s /nonexistent -c "Anonymous FTP"; fi
-@preunexec if diff -q %D/etc/vsftpd.conf %D/etc/vsftpd.conf.dist; then rm %D/etc/vsftpd.conf; fi
-etc/vsftpd.conf.dist
-@postexec if [ ! -f %B/vsftpd.conf ]; then cp %B/vsftpd.conf.dist %B/vsftpd.conf; fi
+@sample etc/vsftpd.conf.sample
+@sample etc/vsftpd6.conf.sample
@postunexec rmdir /var/ftp 2>/dev/null || true
@postexec if [ ! -d /var/ftp ]; then mkdir /var/ftp ; fi
@dir %%DATADIR%%/empty