From f0c7d3cb136b30eeeb61a518c2c36fdaab6f1cfa Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Tue, 30 Oct 2018 17:08:16 +0000 Subject: main/vsftpd: rebuild afainst openssl 1.1 --- main/vsftpd/APKBUILD | 56 ++++++++++++++-------------------------------- main/vsftpd/findlibs.patch | 30 +++++++++++++++++++++++++ main/vsftpd/strip.patch | 13 +++++++++++ 3 files changed, 60 insertions(+), 39 deletions(-) create mode 100644 main/vsftpd/findlibs.patch create mode 100644 main/vsftpd/strip.patch diff --git a/main/vsftpd/APKBUILD b/main/vsftpd/APKBUILD index 3021d2c01f1..3fa2ff3a9b9 100644 --- a/main/vsftpd/APKBUILD +++ b/main/vsftpd/APKBUILD @@ -2,45 +2,35 @@ # Maintainer: Natanael Copa pkgname=vsftpd pkgver=3.0.3 -pkgrel=5 +pkgrel=6 pkgdesc="Very secure ftpd" url="http://vsftpd.beasts.org" arch="all" license="GPL-2.0" depends="" -makedepends="libressl-dev libcap-dev linux-pam-dev linux-headers" +makedepends="openssl-dev libcap-dev linux-pam-dev linux-headers" subpackages="$pkgname-doc" install="$pkgname.pre-install" source="https://security.appspot.com/downloads/vsftpd-${pkgver}.tar.gz + vsftpd.initd + vsftpd.confd vsftpd-enable-ssl.patch vsftpd-clearenv.patch CVE-2015-1419.patch - vsftpd.initd - vsftpd.confd - wtmpx_file.patch" + wtmpx_file.patch + findlibs.patch + strip.patch + " -_builddir="$srcdir/$pkgname-$pkgver" -prepare() { - cd $_builddir - local i - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done - # we dont have libnsl - sed -i -e '/-lnsl/d' vsf_findlibs.sh || return 1 - # Let abuild control stripping - sed -i '/^LINK[[:space:]]*=[[:space:]]*/ s/-Wl,-s//' Makefile -} +builddir="$srcdir/$pkgname-$pkgver" build() { - cd $_builddir - make CFLAGS="$CFLAGS -D_GNU_SOURCE" || return 1 + cd $builddir + make CFLAGS="$CFLAGS -D_GNU_SOURCE" } package() { - cd "$srcdir/$pkgname-$pkgver" + cd $builddir install -m755 -D vsftpd "$pkgdir"/usr/sbin/vsftpd install -m644 -D vsftpd.8 "$pkgdir"/usr/share/man/man8/vsftpd.8 install -m644 -D vsftpd.conf.5 "$pkgdir"/usr/share/man/man5/vsftpd.conf.5 @@ -52,24 +42,12 @@ package() { chown root:ftp "$pkgdir"/var/lib/ftp } -md5sums="da119d084bd3f98664636ea05b5bb398 vsftpd-3.0.3.tar.gz -018ee421c56dd1b6f21bdfdf3628b97e vsftpd-enable-ssl.patch -a97b6a7c69d872393dc993f6eb291bfa vsftpd-clearenv.patch -9ee92ccdf8e9a7db7e668617dc269def CVE-2015-1419.patch -ef469d0931980ec510c595ac2da5744f vsftpd.initd -9e495776096c78c3f9d9e6756a8c3003 vsftpd.confd -a8ca7b0680a76bbb79b0fd978a6b5d0f wtmpx_file.patch" -sha256sums="9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7 vsftpd-3.0.3.tar.gz -4cce385d98f0ddd76ab6bb07703d4ca6b6cab7f2b3c6f44da993b9df77e626db vsftpd-enable-ssl.patch -7c29e61c1fbb8881fc252c2b79c242a084b628299f7963f9c43d6e8162ed776e vsftpd-clearenv.patch -fb50d1e24ee65bab005007179b8d128ca84decc93222f790ab3fd6eca5237180 CVE-2015-1419.patch -b20a6d20494589524e52b80f5d69425e9c865f5749085ab937ed0ad5e41c29ac vsftpd.initd -5ed45cbe507676fd1252427016047e02b775acfb3dd0f3e44fe61410a8e7a1ba vsftpd.confd -5ea711e43ae4dff6ca110432dec27af9cbea4b697920ba5ea0a254b2642e3e41 wtmpx_file.patch" sha512sums="5a4410a88e72ecf6f60a60a89771bcec300c9f63c2ea83b219bdf65fd9749b9853f9579f7257205b55659aefcd5dab243eba878dbbd4f0ff8532dd6e60884df7 vsftpd-3.0.3.tar.gz +99d02ed2a91ea967d6e907c07bbe89e2ced3f919e659be3e8ab90d95d87648cb9fc7224e1c8879b94b6d364810624165db1333020b602f7c42afd2bcc7a2d8e3 vsftpd.initd +7bd138cf66356db55d00796f99b327e9aedf45a48b6fc9b464801fd17a69949ca1296131513c289b0293d27b29c1add08e601068501591108ed7fb13efeeacf3 vsftpd.confd 842c1bd972f710e4ba15e1d62a4c8ebf133dc279607b844710ad6484834b6f3a43f9f3296a53e3176df2cec129b0d96b30f0610042ee66b3263d821e1efda398 vsftpd-enable-ssl.patch 13a3949695ad904c5389513206b9db71b6a4f5d35cd0c37484d9a8d8db1cd7a10c023b005661241a2e6b993fdd9c93eb7b3faaaf2542bf68a1520cf869abd710 vsftpd-clearenv.patch 73023176872a60a60ea72dc370c13617b5113ff9eb8df8f56c4efc709ca9f7752aed4c7e19530927ea6fe9ccb52dbd8ec128ec898cc8177c6d62ad41c4f281f1 CVE-2015-1419.patch -99d02ed2a91ea967d6e907c07bbe89e2ced3f919e659be3e8ab90d95d87648cb9fc7224e1c8879b94b6d364810624165db1333020b602f7c42afd2bcc7a2d8e3 vsftpd.initd -7bd138cf66356db55d00796f99b327e9aedf45a48b6fc9b464801fd17a69949ca1296131513c289b0293d27b29c1add08e601068501591108ed7fb13efeeacf3 vsftpd.confd -bb1bcb97df769d658e3d99a1ed1b585250a84ecfb7371adc17dff85732eee0bdc53442725c91e7563dda250d3c0b1cea1f3a5e805f3abc36aa7d27a7ba237742 wtmpx_file.patch" +bb1bcb97df769d658e3d99a1ed1b585250a84ecfb7371adc17dff85732eee0bdc53442725c91e7563dda250d3c0b1cea1f3a5e805f3abc36aa7d27a7ba237742 wtmpx_file.patch +d3c8943a23a3c6a36642c8f9e133637bf27a3c5dd70f05d8a2d0bdf62cb0584a42fcfd67831bc2c89286b634cce529ec83ca3253d2eb4d79e15b9f6e98a46d5b findlibs.patch +c7d1a188abd3136d973b8f6381512152ddbbfd1d86218b46b1707b7df23ce7a0ad37b6e29c8b6ec940aa0dfe959b31cecf1dbc34f55a220e85d255e0671cb291 strip.patch" diff --git a/main/vsftpd/findlibs.patch b/main/vsftpd/findlibs.patch new file mode 100644 index 00000000000..4806470d3ad --- /dev/null +++ b/main/vsftpd/findlibs.patch @@ -0,0 +1,30 @@ +diff --git a/vsf_findlibs.sh b/vsf_findlibs.sh +index f5d485d..baf167b 100755 +--- a/vsf_findlibs.sh ++++ b/vsf_findlibs.sh +@@ -6,8 +6,6 @@ find_func() { egrep $1 $2 >/dev/null; } + + if find_func hosts_access tcpwrap.o; then + echo "-lwrap"; +- locate_library /lib/libnsl.so && echo "-lnsl"; +- locate_library /lib64/libnsl.so && echo "-lnsl"; + fi + + # Look for PAM (done weirdly due to distribution bugs (e.g. Debian) or the +@@ -36,7 +34,6 @@ locate_library /lib/libdl.so && echo "-ldl"; + locate_library /lib/libsocket.so && echo "-lsocket"; + + # Look for libnsl. Solaris needs this. +-locate_library /lib/libnsl.so && echo "-lnsl"; + + # Look for libresolv. Solaris needs this. + locate_library /lib/libresolv.so && echo "-lresolv"; +@@ -69,7 +66,7 @@ locate_library /usr/shlib/librt.so && echo "-lrt"; + locate_library /usr/lib/libsendfile.so && echo "-lsendfile"; + + # OpenSSL +-if find_func SSL_library_init ssl.o; then ++if find_func SSL_CTX_new ssl.o; then + echo "-lssl -lcrypto"; + fi + diff --git a/main/vsftpd/strip.patch b/main/vsftpd/strip.patch new file mode 100644 index 00000000000..3983173c22a --- /dev/null +++ b/main/vsftpd/strip.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile b/Makefile +index c63ed1b..a02f3c1 100644 +--- a/Makefile ++++ b/Makefile +@@ -9,7 +9,7 @@ CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \ + #-pedantic -Wconversion + + LIBS = `./vsf_findlibs.sh` +-LINK = -Wl,-s ++LINK = + LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now + + OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \ -- cgit v1.2.3