From nobody Mon Feb 13 12:38:42 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PFkR71WxQz3qSXZ; Mon, 13 Feb 2023 12:38:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PFkR711Ytz3yYh; Mon, 13 Feb 2023 12:38:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676291923; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=frTFLc2RgtabWnfiXIVdVzbH1AQmtl9TGh7mqwFglK8=; b=qpaLMdgZMqa1czYOVZGoTe49CVSQBrlsbe7d36VhuP1O/F0m79AQuSzu1n+90UXyQ1oYCa c7s7Xw0m0aCUMaRx970z2Y6bcXlG6VbIJJwNTN1hrXQysgBtMRS4BvFTkd961PzIKo+DsH q0Wf80UbMOq9c9EvwuVj3xFoSiVcGnLwCVypqGLAQw4Quwn5ReZ1K9Ro29rHcIIaKQLObQ hH+q+bhmfn2U2MPOndP62o53YIgqtA3lpUNWJvZB+h7uCWg4c8FfL1bpQnt04Aa7XvXX6p 3hGZ8odozBfsI8reitnIzyB1tDHqyIudhpZcLsy9K4k/zlu9Guplkga7rEGm4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676291923; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=frTFLc2RgtabWnfiXIVdVzbH1AQmtl9TGh7mqwFglK8=; b=pF6mfcjyZqC5gXTwkyl84Eq4TIPIE+vvTd/Rtghca2mfP94b5Lnelh3dTU6B7Kcxc2ojX4 4P0w1Eg1wAplqfYCWnAngKv2SDNaGClbxG3oVqSUhRTNpLXC/OcFGoJSY2vbb6O3qFvuSG MdTEPE6BctxCropXwyNoMuOkkt+2K5vaTpDJMqcDk++gbfV7UZ1WPRIeM2WTnFh/JDUiYw p13McbTjk9MCwcSlk4CjW2m3+4mCLps85A41FWuzkNQUq5cBpfHVvu7Ljilqw/jrjagThu 5tLIjnWYhh50ENX+IFDU2zqMsFc5OqScG4cFOoNJYajHODj+3RSik+jS2Imb3w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1676291923; a=rsa-sha256; cv=none; b=TjP0Ahzi8Wa2uDk+XKRf0Qkazx5yNTMGAHB8NqYIQlR7ctz4hQy519wlbYoj9VcAz5ZJiX aNaa0jIrfKYzE603w/lFcWrEh0S5kOvYct7iHFnmb6+qmRnm1qu3Dr1eodLVerOELMS6Rr 1Ura9Jpr6K942dDkMy7x5aZ05YEFMy1jUw19AJabyBJmAvCmoqD0CLPawKEBAkxkqAxi1A 9DwDTSX3MAAavwdUck5IlzFP/B4uV7v8reddtMS/xVb/I6ypDsgDVuFgg2BUIbDaXCACWj RnXTkzRqrOifOrKzAxLrmm5LqtC8TkhiH7WO2BBGOjPqx9orPao2DLPiP4xdNg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PFkR675R1zJHq; Mon, 13 Feb 2023 12:38:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 31DCcgbL023814; Mon, 13 Feb 2023 12:38:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 31DCcgKJ023813; Mon, 13 Feb 2023 12:38:42 GMT (envelope-from git) Date: Mon, 13 Feb 2023 12:38:42 GMT Message-Id: <202302131238.31DCcgKJ023813@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Dirk Meyer Subject: git: 82cb642207a6 - main - ftp/vsftpd: add full dual stack support List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: dinoex X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 82cb642207a679e6bbbd8fe3caea178f00818ffe Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by dinoex: URL: https://cgit.FreeBSD.org/ports/commit/?id=82cb642207a679e6bbbd8fe3caea178f00818ffe commit 82cb642207a679e6bbbd8fe3caea178f00818ffe Author: Dirk Meyer AuthorDate: 2023-02-13 12:37:48 +0000 Commit: Dirk Meyer CommitDate: 2023-02-13 12:37:48 +0000 ftp/vsftpd: add full dual stack support make option PIDFILE default add second binary and config for full dual stack support use @sample fix build for FreeBSD-14 support: USERS and GROUPS PR: 257803 --- ftp/vsftpd/Makefile | 29 +++++++++++++++----------- ftp/vsftpd/files/chroot.conf | 7 +++++++ ftp/vsftpd/files/listen.conf | 5 +++++ ftp/vsftpd/files/listen6.conf | 5 +++++ ftp/vsftpd/files/patch-ssl.c | 22 ++++++++++++++++++++ ftp/vsftpd/files/pidfile.conf | 6 ++++++ ftp/vsftpd/files/vsftpd6.in | 48 +++++++++++++++++++++++++++++++++++++++++++ ftp/vsftpd/pkg-plist | 8 +++----- 8 files changed, 113 insertions(+), 17 deletions(-) diff --git a/ftp/vsftpd/Makefile b/ftp/vsftpd/Makefile index 06994ea91785..266693ae4aab 100644 --- a/ftp/vsftpd/Makefile +++ b/ftp/vsftpd/Makefile @@ -1,5 +1,6 @@ PORTNAME= vsftpd PORTVERSION= 3.0.5 +PORTREVISION= 1 CATEGORIES= ftp MASTER_SITES= https://security.appspot.com/downloads/ \ GENTOO @@ -11,11 +12,11 @@ WWW= https://security.appspot.com/vsftpd.html LICENSE= GPLv2 -#USERS= ftp -#GROUPS= ftp +USERS= ftp +GROUPS= ftp USES= cpe alias ALL_TARGET= vsftpd -USE_RC_SUBR= vsftpd +USE_RC_SUBR= vsftpd vsftpd6 DOCFILES= AUDIT BENCHMARKS BUGS Changelog FAQ INSTALL LICENSE \ README README.security README.ssl REFS REWARD \ SIZE SPEED TODO TUNING @@ -23,7 +24,7 @@ DOCFILES= AUDIT BENCHMARKS BUGS Changelog FAQ INSTALL LICENSE \ CPE_VENDOR= vsftpd_project OPTIONS_DEFINE= VSFTPD_SSL PIDFILE STACKPROTECTOR DOCS -OPTIONS_DEFAULT?= VSFTPD_SSL STACKPROTECTOR +OPTIONS_DEFAULT?= VSFTPD_SSL PIDFILE STACKPROTECTOR NO_OPTIONS_SORT=yes VSFTPD_SSL_DESC=Include support for SSL @@ -78,17 +79,21 @@ do-configure: -e "s| -Wl,-s| ${VSFTPD_LIBS}|" \ ${WRKSRC}/Makefile ${REINPLACE_CMD} -e '/-lutil/d' ${WRKSRC}/vsf_findlibs.sh - @${ECHO_CMD} "secure_chroot_dir=${PREFIX}/share/vsftpd/empty" >> \ - ${WRKSRC}/vsftpd.conf - @${ECHO_CMD} >>${WRKSRC}/vsftpd.conf "" - @${ECHO_CMD} >>${WRKSRC}/vsftpd.conf \ - "# If using vsftpd in standalone mode, uncomment the next two lines:" - @${ECHO_CMD} >>${WRKSRC}/vsftpd.conf "# listen=YES" - @${ECHO_CMD} >>${WRKSRC}/vsftpd.conf "# background=YES" + ${CAT} ${FILESDIR}/chroot.conf >> ${WRKSRC}/vsftpd.conf + ${CP} ${WRKSRC}/vsftpd.conf ${WRKSRC}/vsftpd6.conf +.if ${PORT_OPTIONS:MPIDFILE} + ${CAT} ${FILESDIR}/pidfile.conf >> ${WRKSRC}/vsftpd.conf + ${SED} -e 's|vsftpd.pid|vsftpd6.pid|' ${FILESDIR}/pidfile.conf \ + >> ${WRKSRC}/vsftpd6.conf +.endif + ${CAT} ${FILESDIR}/listen.conf >> ${WRKSRC}/vsftpd.conf + ${CAT} ${FILESDIR}/listen6.conf >> ${WRKSRC}/vsftpd6.conf do-install: ${INSTALL_PROGRAM} ${WRKSRC}/vsftpd ${STAGEDIR}${PREFIX}/libexec/ - ${INSTALL_DATA} ${WRKSRC}/vsftpd.conf ${STAGEDIR}${PREFIX}/etc/vsftpd.conf.dist + ${LN} ${STAGEDIR}${PREFIX}/libexec/vsftpd ${STAGEDIR}${PREFIX}/libexec/vsftpd6 + ${INSTALL_DATA} ${WRKSRC}/vsftpd.conf ${STAGEDIR}${PREFIX}/etc/vsftpd.conf.sample + ${INSTALL_DATA} ${WRKSRC}/vsftpd6.conf ${STAGEDIR}${PREFIX}/etc/vsftpd6.conf.sample ${INSTALL_MAN} ${WRKSRC}/vsftpd.conf.5 ${STAGEDIR}${PREFIX}/man/man5/ ${INSTALL_MAN} ${WRKSRC}/vsftpd.8 ${STAGEDIR}${PREFIX}/man/man8/ ${MKDIR} ${STAGEDIR}/var/ftp ${STAGEDIR}${PREFIX}/share/vsftpd/empty diff --git a/ftp/vsftpd/files/chroot.conf b/ftp/vsftpd/files/chroot.conf new file mode 100644 index 000000000000..6756a5256231 --- /dev/null +++ b/ftp/vsftpd/files/chroot.conf @@ -0,0 +1,7 @@ + +# This option should be the name of a directory which is empty. +# Also, the directory should not be writable by the ftp user. This +# directory is used as a secure chroot() jail at times vsftpd does +# not require filesystem access. +secure_chroot_dir=/usr/local/share/vsftpd/empty + diff --git a/ftp/vsftpd/files/listen.conf b/ftp/vsftpd/files/listen.conf new file mode 100644 index 000000000000..4af4d079c871 --- /dev/null +++ b/ftp/vsftpd/files/listen.conf @@ -0,0 +1,5 @@ + +# If using vsftpd in standalone mode, uncomment the next two lines: +# listen=YES +# background=YES + diff --git a/ftp/vsftpd/files/listen6.conf b/ftp/vsftpd/files/listen6.conf new file mode 100644 index 000000000000..85ec034a61ee --- /dev/null +++ b/ftp/vsftpd/files/listen6.conf @@ -0,0 +1,5 @@ + +# If using vsftpd6 in standalone mode, uncomment the next two lines: +listen_ipv6=YES +background=YES + diff --git a/ftp/vsftpd/files/patch-ssl.c b/ftp/vsftpd/files/patch-ssl.c index c5d1cb7be75f..5ff044dab8d5 100644 --- a/ftp/vsftpd/files/patch-ssl.c +++ b/ftp/vsftpd/files/patch-ssl.c @@ -1,5 +1,18 @@ --- ssl.c.orig 2021-08-02 06:24:35 UTC +++ ssl.c +@@ -31,10 +31,10 @@ + #include + #include + +-static char* get_ssl_error(); ++static char* get_ssl_error(void); + static SSL* get_ssl(struct vsf_session* p_sess, int fd); + static int ssl_session_init(struct vsf_session* p_sess); +-static void setup_bio_callbacks(); ++static void setup_bio_callbacks(SSL* p_ssl); + static long bio_callback( + BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval); + static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx); @@ -93,10 +93,12 @@ ssl_init(struct vsf_session* p_sess) { options |= SSL_OP_NO_TLSv1_2; @@ -13,3 +26,12 @@ SSL_CTX_set_options(p_ctx, options); if (tunable_rsa_cert_file) { +@@ -683,7 +685,7 @@ ssl_cert_digest(SSL* p_ssl, struct vsf_session* p_sess + } + + static char* +-get_ssl_error() ++get_ssl_error(void) + { + SSL_load_error_strings(); + return ERR_error_string(ERR_get_error(), NULL); diff --git a/ftp/vsftpd/files/pidfile.conf b/ftp/vsftpd/files/pidfile.conf new file mode 100644 index 000000000000..71288a9035a3 --- /dev/null +++ b/ftp/vsftpd/files/pidfile.conf @@ -0,0 +1,6 @@ + +# This option has efect only if background is set. +# It writes pid of running daemon to file at the specified path. +# Default: (none) (no pidfile is created) +#pid_file=/var/run/vsftpd.pid + diff --git a/ftp/vsftpd/files/vsftpd6.in b/ftp/vsftpd/files/vsftpd6.in new file mode 100644 index 000000000000..a9ed8625b043 --- /dev/null +++ b/ftp/vsftpd/files/vsftpd6.in @@ -0,0 +1,48 @@ +#!/bin/sh + +# PROVIDE: vsftpd6 +# REQUIRE: DAEMON +# KEYWORD: shutdown +# +# To enable 'vsftpd' in standalone mode, you need to edit two files. +# 1. add the following line(s) to /etc/rc.conf to enable `vsftpd': +# +# vsftpd6_enable="YES" +# vsftpd6_flags="-ooption=value" # Not required +# vsftpd6_config="/some/path/conf.file" # Not required +# + +. /etc/rc.subr + +name="vsftpd6" +desc="Vsftpd FTP IPv6 Server" +rcvar="vsftpd6_enable" + +load_rc_config "$name" + +: ${vsftpd6_enable:="NO"} +: ${vsftpd6_config:="%%PREFIX%%/etc/$name.conf"} +: ${vsftpd6_flags:=-olisten_ipv6=YES -obackground=YES} +command="%%PREFIX%%/libexec/$name" +required_files="${vsftpd6_config}" +start_precmd="vsftpd6_check" +extra_commands="reload" +vsftpd6_flags="${vsftpd6_config} ${vsftpd6_flags}" + +vsftpd6_check() +{ + if grep -q "^ftp[ ]" /etc/inetd.conf + then + err 1 "ftp is already activated in /etc/inetd.conf" + fi + if ! egrep -q -i -E "^listen_ipv6.*=.*YES$" ${vsftpd6_config} + then + err 1 'vsftpd6 script need "listen=YES" in config file' + fi + if ! egrep -q -i -E "^background.*=.*YES$" ${vsftpd6_config} + then + err 1 'vsftpd6 script need "background=YES" in config file' + fi +} + +run_rc_command "$1" diff --git a/ftp/vsftpd/pkg-plist b/ftp/vsftpd/pkg-plist index 0f3c55c7d8ea..830b1c012748 100644 --- a/ftp/vsftpd/pkg-plist +++ b/ftp/vsftpd/pkg-plist @@ -1,11 +1,9 @@ libexec/vsftpd +libexec/vsftpd6 man/man5/vsftpd.conf.5.gz man/man8/vsftpd.8.gz -@preexec if ! pw groupshow ftp 2>/dev/null; then pw groupadd ftp -g 14; fi -@preexec if ! pw usershow ftp 2>/dev/null; then pw useradd ftp -g ftp -u 14 -h - -d /var/ftp -s /nonexistent -c "Anonymous FTP"; fi -@preunexec if diff -q %D/etc/vsftpd.conf %D/etc/vsftpd.conf.dist; then rm %D/etc/vsftpd.conf; fi -etc/vsftpd.conf.dist -@postexec if [ ! -f %B/vsftpd.conf ]; then cp %B/vsftpd.conf.dist %B/vsftpd.conf; fi +@sample etc/vsftpd.conf.sample +@sample etc/vsftpd6.conf.sample @postunexec rmdir /var/ftp 2>/dev/null || true @postexec if [ ! -d /var/ftp ]; then mkdir /var/ftp ; fi @dir %%DATADIR%%/empty