iiiypuk/buildroot
1
0
Fork 0
mirror of https://github.com/MiyooCFW/buildroot.git synced 2025-09-27 22:24:19 +03:00
Code Issues Projects Releases Wiki Activity

Merge from bittboy/buildroot@db180c0

Browse Source
This commit is contained in:
TriForceX
2019-09-25 20:51:37 -03:00
commit 6203ff3e7c
11215 changed files with 428258 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
package/vsftpd/0001-utmpx-builddef.patch Normal file
View File

@@ -0,0 +1,49 @@
Add build option to disable utmpx update code
On some embedded systems the libc may have utmpx support, but the
feature would be redundant. So add a build switch to disable utmpx
updating, similar to compiling on systems without utmpx support.
Signed-off-by: Maarten ter Huurne <maarten@treewalker.org>
diff -ru vsftpd-3.0.2.orig/builddefs.h vsftpd-3.0.2/builddefs.h
--- vsftpd-3.0.2.orig/builddefs.h 2012-04-05 05:24:56.000000000 +0200
+++ vsftpd-3.0.2/builddefs.h 2014-09-16 14:23:36.128003245 +0200
@@ -4,6 +4,7 @@
#undef VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
#undef VSF_BUILD_SSL
+#define VSF_BUILD_UTMPX
#endif /* VSF_BUILDDEFS_H */
diff -ru vsftpd-3.0.2.orig/sysdeputil.c vsftpd-3.0.2/sysdeputil.c
--- vsftpd-3.0.2.orig/sysdeputil.c 2012-09-16 06:18:04.000000000 +0200
+++ vsftpd-3.0.2/sysdeputil.c 2014-09-16 14:26:42.686887724 +0200
@@ -1158,7 +1158,7 @@
#endif /* !VSF_SYSDEP_NEED_OLD_FD_PASSING */
-#ifndef VSF_SYSDEP_HAVE_UTMPX
+#if !defined(VSF_BUILD_UTMPX) || !defined(VSF_SYSDEP_HAVE_UTMPX)
void
vsf_insert_uwtmp(const struct mystr* p_user_str,
@@ -1173,7 +1173,7 @@
{
}
-#else /* !VSF_SYSDEP_HAVE_UTMPX */
+#else /* !VSF_BUILD_UTMPX || !VSF_SYSDEP_HAVE_UTMPX */
/* IMHO, the pam_unix module REALLY should be doing this in its SM component */
/* Statics */
@@ -1238,7 +1238,7 @@
updwtmpx(WTMPX_FILE, &s_utent);
}
-#endif /* !VSF_SYSDEP_HAVE_UTMPX */
+#endif /* !VSF_BUILD_UTMPX || !VSF_SYSDEP_HAVE_UTMPX */
void
vsf_set_die_if_parent_dies()

102
package/vsftpd/0003-fix-CVE-2015-1419.patch Normal file
View File

@@ -0,0 +1,102 @@
Fix CVE-2015-1419 - config option deny_file is not handled correctly.
From SUSE: https://bugzilla.suse.com/show_bug.cgi?id=915522
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Index: vsftpd-3.0.2/ls.c
===================================================================
--- vsftpd-3.0.2.orig/ls.c
+++ vsftpd-3.0.2/ls.c
@@ -7,6 +7,7 @@
* Would you believe, code to handle directory listing.
*/
+#include <stdlib.h>
#include "ls.h"
#include "access.h"
#include "defs.h"
@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct
struct mystr temp_str = INIT_MYSTR;
struct mystr brace_list_str = INIT_MYSTR;
struct mystr new_filter_str = INIT_MYSTR;
+ struct mystr normalize_filename_str = INIT_MYSTR;
+ const char *normname;
+ const char *path;
int ret = 0;
char last_token = 0;
int must_match_at_current_pos = 1;
+
str_copy(&filter_remain_str, p_filter_str);
- str_copy(&name_remain_str, p_filename_str);
+
+ /* normalize filepath */
+ path = str_strdup(p_filename_str);
+ normname = realpath(path, NULL);
+ if (normname == NULL)
+ goto out;
+ str_alloc_text(&normalize_filename_str, normname);
+
+ if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) {
+ if (str_get_char_at(p_filter_str, 0) == '/') {
+ if (str_get_char_at(&normalize_filename_str, 0) != '/') {
+ str_getcwd (&name_remain_str);
+
+ if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
+ str_append_char (&name_remain_str, '/');
+
+ str_append_str (&name_remain_str, &normalize_filename_str);
+ }
+ else
+ str_copy (&name_remain_str, &normalize_filename_str);
+ } else {
+ if (str_get_char_at(p_filter_str, 0) != '{')
+ str_basename (&name_remain_str, &normalize_filename_str);
+ else
+ str_copy (&name_remain_str, &normalize_filename_str);
+ }
+ } else
+ str_copy(&name_remain_str, &normalize_filename_str);
while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
{
@@ -360,6 +392,9 @@ vsf_filename_passes_filter(const struct
ret = 0;
}
out:
+ free(normname);
+ free(path);
+ str_free(&normalize_filename_str);
str_free(&filter_remain_str);
str_free(&name_remain_str);
str_free(&temp_str);
Index: vsftpd-3.0.2/str.c
===================================================================
--- vsftpd-3.0.2.orig/str.c
+++ vsftpd-3.0.2/str.c
@@ -770,3 +770,14 @@ str_replace_unprintable(struct mystr* p_
}
}
+void
+str_basename (struct mystr* d_str, const struct mystr* path)
+{
+ static struct mystr tmp;
+
+ str_copy (&tmp, path);
+ str_split_char_reverse(&tmp, d_str, '/');
+
+ if (str_isempty(d_str))
+ str_copy (d_str, path);
+}
Index: vsftpd-3.0.2/str.h
===================================================================
--- vsftpd-3.0.2.orig/str.h
+++ vsftpd-3.0.2/str.h
@@ -101,6 +101,7 @@ void str_replace_unprintable(struct myst
int str_atoi(const struct mystr* p_str);
filesize_t str_a_to_filesize_t(const struct mystr* p_str);
unsigned int str_octal_to_uint(const struct mystr* p_str);
+void str_basename (struct mystr* d_str, const struct mystr* path);
/* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
* buffer, starting at character position 'p_pos'. The extracted line will

87
package/vsftpd/0004-Prevent-hang-in-SIGCHLD-handler.patch Normal file
View File

@@ -0,0 +1,87 @@
From 1e65a0a15f819b8bf1b551bd84f71d0da1f5a00c Mon Sep 17 00:00:00 2001
From: Martin Sehnoutka <msehnout@redhat.com>
Date: Thu, 17 Nov 2016 13:02:27 +0100
Subject: [PATCH] Prevent hanging in SIGCHLD handler.
vsftpd can now handle pam_exec.so in pam.d config without hanging
in SIGCHLD handler.
[Abdelmalek:
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1198259
Fetched from:
https://src.fedoraproject.org/cgit/rpms/vsftpd.git/plain/0026-Prevent-hanging-in-SIGCHLD-handler.patch]
Signed-off-by: Abdelmalek Benelouezzane <abdelmalek.benelouezzane@savoirfairelinux.com>
---
sysutil.c | 4 ++--
sysutil.h | 2 +-
twoprocess.c | 13 +++++++++++--
3 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/sysutil.c b/sysutil.c
index 6d7cb3f..099748f 100644
--- a/sysutil.c
+++ b/sysutil.c
@@ -608,13 +608,13 @@ vsf_sysutil_exit(int exit_code)
}
struct vsf_sysutil_wait_retval
-vsf_sysutil_wait(void)
+vsf_sysutil_wait(int hang)
{
struct vsf_sysutil_wait_retval retval;
vsf_sysutil_memclr(&retval, sizeof(retval));
while (1)
{
- int sys_ret = wait(&retval.exit_status);
+ int sys_ret = waitpid(-1, &retval.exit_status, hang ? 0 : WNOHANG);
if (sys_ret < 0 && errno == EINTR)
{
vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0);
diff --git a/sysutil.h b/sysutil.h
index c145bdf..13153cd 100644
--- a/sysutil.h
+++ b/sysutil.h
@@ -177,7 +177,7 @@ struct vsf_sysutil_wait_retval
int PRIVATE_HANDS_OFF_syscall_retval;
int PRIVATE_HANDS_OFF_exit_status;
};
-struct vsf_sysutil_wait_retval vsf_sysutil_wait(void);
+struct vsf_sysutil_wait_retval vsf_sysutil_wait(int hang);
int vsf_sysutil_wait_reap_one(void);
int vsf_sysutil_wait_get_retval(
const struct vsf_sysutil_wait_retval* p_waitret);
diff --git a/twoprocess.c b/twoprocess.c
index 33d84dc..b1891e7 100644
--- a/twoprocess.c
+++ b/twoprocess.c
@@ -47,8 +47,17 @@ static void
handle_sigchld(void* duff)
{
- struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait();
+ struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(0);
(void) duff;
+ if (!vsf_sysutil_wait_get_exitcode(&wait_retval) &&
+ !vsf_sysutil_wait_get_retval(&wait_retval))
+ /* There was nobody to wait for, possibly caused by underlying library
+ * which created a new process through fork()/vfork() and already picked
+ * it up, e.g. by pam_exec.so or integrity check routines for libraries
+ * when FIPS mode is on (nss freebl), which can lead to calling prelink
+ * if the prelink package is installed.
+ */
+ return;
/* Child died, so we'll do the same! Report it as an error unless the child
* exited normally with zero exit code
*/
@@ -390,7 +399,7 @@ common_do_login(struct vsf_session* p_sess, const struct mystr* p_user_str,
priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK);
if (!p_sess->control_use_ssl)
{
- (void) vsf_sysutil_wait();
+ (void) vsf_sysutil_wait(1);
}
else
{
--
2.14.4

18
package/vsftpd/Config.in Normal file
View File

@@ -0,0 +1,18 @@
config BR2_PACKAGE_VSFTPD
bool "vsftpd"
depends on BR2_USE_MMU # fork()
help
vsftpd is an ftp daemon written with security in mind.
http://vsftpd.beasts.org/
if BR2_PACKAGE_VSFTPD
config BR2_PACKAGE_VSFTPD_UTMPX
bool "log vsftpd access to utmpx"
# musl 1.1.4 has an empty utmpx implementation and no WTMPX_FILE
depends on !BR2_TOOLCHAIN_USES_MUSL
help
Enable logging of vsftpd access to utmpx.
Note that Buildroot does not generate utmpx by default.
endif

33
package/vsftpd/S70vsftpd Normal file
View File

@@ -0,0 +1,33 @@
#! /bin/sh
set -e
DESC="vsftpd"
NAME=vsftpd
DAEMON=/usr/sbin/$NAME
case "$1" in
start)
printf "Starting $DESC: "
start-stop-daemon -S -b -x $NAME
echo "OK"
;;
stop)
printf "Stopping $DESC: "
start-stop-daemon -K -x $NAME
echo "OK"
;;
restart|force-reload)
echo "Restarting $DESC: "
$0 stop
sleep 1
$0 start
echo ""
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0

2
package/vsftpd/vsftpd.hash Normal file
View File

@@ -0,0 +1,2 @@
# Locally calculated after checking pgp signature
sha256 9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7 vsftpd-3.0.3.tar.gz

67
package/vsftpd/vsftpd.mk Normal file
View File

@@ -0,0 +1,67 @@
################################################################################
#
# vsftpd
#
################################################################################
VSFTPD_VERSION = 3.0.3
VSFTPD_SITE = https://security.appspot.com/downloads
VSFTPD_LIBS = -lcrypt
VSFTPD_LICENSE = GPL-2.0
VSFTPD_LICENSE_FILES = COPYING
define VSFTPD_DISABLE_UTMPX
$(SED) 's/.*VSF_BUILD_UTMPX/#undef VSF_BUILD_UTMPX/' $(@D)/builddefs.h
endef
define VSFTPD_ENABLE_SSL
$(SED) 's/.*VSF_BUILD_SSL/#define VSF_BUILD_SSL/' $(@D)/builddefs.h
endef
ifeq ($(BR2_PACKAGE_VSFTPD_UTMPX),)
VSFTPD_POST_CONFIGURE_HOOKS += VSFTPD_DISABLE_UTMPX
endif
ifeq ($(BR2_PACKAGE_OPENSSL),y)
VSFTPD_DEPENDENCIES += openssl host-pkgconf
VSFTPD_LIBS += `$(PKG_CONFIG_HOST_BINARY) --libs libssl libcrypto`
VSFTPD_POST_CONFIGURE_HOOKS += VSFTPD_ENABLE_SSL
endif
ifeq ($(BR2_PACKAGE_LIBCAP),y)
VSFTPD_DEPENDENCIES += libcap
VSFTPD_LIBS += -lcap
endif
ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
VSFTPD_DEPENDENCIES += linux-pam
VSFTPD_LIBS += -lpam
endif
define VSFTPD_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) CC="$(TARGET_CC)" CFLAGS="$(TARGET_CFLAGS)" \
LDFLAGS="$(TARGET_LDFLAGS)" LIBS="$(VSFTPD_LIBS)" -C $(@D)
endef
define VSFTPD_USERS
ftp -1 ftp -1 * /home/ftp - - Anonymous FTP User
endef
define VSFTPD_INSTALL_INIT_SYSV
$(INSTALL) -D -m 755 package/vsftpd/S70vsftpd $(TARGET_DIR)/etc/init.d/S70vsftpd
endef
# vsftpd won't work if the jail directory is writable, it has to be
# readable only otherwise you get the following error:
# 500 OOPS: vsftpd: refusing to run with writable root inside chroot()
# That's why we have to adjust the permissions of /home/ftp
define VSFTPD_INSTALL_TARGET_CMDS
$(INSTALL) -D -m 755 $(@D)/vsftpd $(TARGET_DIR)/usr/sbin/vsftpd
test -f $(TARGET_DIR)/etc/vsftpd.conf || \
$(INSTALL) -D -m 644 $(@D)/vsftpd.conf \
$(TARGET_DIR)/etc/vsftpd.conf
$(INSTALL) -d -m 700 $(TARGET_DIR)/usr/share/empty
$(INSTALL) -d -m 555 $(TARGET_DIR)/home/ftp
endef
$(eval $(generic-package))