2012-04-10 17:38:41 +02:00
|
|
|
diff -Nru vsftpd-3.0.0.orig/Makefile vsftpd-3.0.0/Makefile
|
|
|
|
|
--- vsftpd-3.0.0.orig/Makefile 2012-04-10 09:29:08.529670293 +0200
|
|
|
|
|
+++ vsftpd-3.0.0/Makefile 2012-04-10 09:38:01.020463369 +0200
|
2006-02-23 16:26:10 +01:00
|
|
|
@@ -3,7 +3,7 @@
|
|
|
|
|
INSTALL = install
|
|
|
|
|
IFLAGS = -idirafter dummyinc
|
|
|
|
|
#CFLAGS = -g
|
2012-04-10 17:38:41 +02:00
|
|
|
-CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \
|
|
|
|
|
+CFLAGS += -fPIE -fstack-protector --param=ssp-buffer-size=4 \
|
|
|
|
|
-Wall -W -Wshadow -Werror -Wformat-security \
|
|
|
|
|
-D_FORTIFY_SOURCE=2 \
|
|
|
|
|
#-pedantic -Wconversion
|
|
|
|
|
@@ -29,21 +29,10 @@
|
|
|
|
|
$(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS)
|
2006-02-23 16:26:10 +01:00
|
|
|
|
|
|
|
|
install:
|
|
|
|
|
- if [ -x /usr/local/sbin ]; then \
|
|
|
|
|
- $(INSTALL) -m 755 vsftpd /usr/local/sbin/vsftpd; \
|
|
|
|
|
- else \
|
|
|
|
|
- $(INSTALL) -m 755 vsftpd /usr/sbin/vsftpd; fi
|
|
|
|
|
- if [ -x /usr/local/man ]; then \
|
|
|
|
|
- $(INSTALL) -m 644 vsftpd.8 /usr/local/man/man8/vsftpd.8; \
|
|
|
|
|
- $(INSTALL) -m 644 vsftpd.conf.5 /usr/local/man/man5/vsftpd.conf.5; \
|
|
|
|
|
- elif [ -x /usr/share/man ]; then \
|
|
|
|
|
- $(INSTALL) -m 644 vsftpd.8 /usr/share/man/man8/vsftpd.8; \
|
|
|
|
|
- $(INSTALL) -m 644 vsftpd.conf.5 /usr/share/man/man5/vsftpd.conf.5; \
|
|
|
|
|
- else \
|
|
|
|
|
- $(INSTALL) -m 644 vsftpd.8 /usr/man/man8/vsftpd.8; \
|
|
|
|
|
- $(INSTALL) -m 644 vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5; fi
|
|
|
|
|
- if [ -x /etc/xinetd.d ]; then \
|
|
|
|
|
- $(INSTALL) -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi
|
|
|
|
|
+ $(INSTALL) -D -m 755 vsftpd $(DESTDIR)/usr/sbin/vsftpd
|
|
|
|
|
+ $(INSTALL) -D -m 644 vsftpd.8 $(DESTDIR)/usr/man/man8/vsftpd.8
|
|
|
|
|
+ $(INSTALL) -D -m 644 vsftpd.conf.5 $(DESTDIR)/usr/man/man5/vsftpd.conf.5
|
|
|
|
|
+ $(INSTALL) -D -m 600 vsftpd.conf $(DESTDIR)/etc/vsftpd.conf
|
|
|
|
|
|
|
|
|
|
clean:
|
|
|
|
|
rm -f *.o *.swp vsftpd
|
2012-04-10 17:38:41 +02:00
|
|
|
diff -Nru vsftpd-3.0.0.orig/builddefs.h vsftpd-3.0.0/builddefs.h
|
|
|
|
|
--- vsftpd-3.0.0.orig/builddefs.h 2012-04-10 09:29:08.533003507 +0200
|
|
|
|
|
+++ vsftpd-3.0.0/builddefs.h 2012-04-10 09:37:33.624784735 +0200
|
2006-02-23 16:26:10 +01:00
|
|
|
@@ -1,9 +1,9 @@
|
|
|
|
|
#ifndef VSF_BUILDDEFS_H
|
|
|
|
|
#define VSF_BUILDDEFS_H
|
|
|
|
|
|
|
|
|
|
-#undef VSF_BUILD_TCPWRAPPERS
|
|
|
|
|
-#define VSF_BUILD_PAM
|
|
|
|
|
-#undef VSF_BUILD_SSL
|
|
|
|
|
+#define VSF_BUILD_TCPWRAPPERS
|
|
|
|
|
+#undef VSF_BUILD_PAM
|
|
|
|
|
+#define VSF_BUILD_SSL
|
|
|
|
|
|
|
|
|
|
#endif /* VSF_BUILDDEFS_H */
|
|
|
|
|
|
2012-04-10 17:38:41 +02:00
|
|
|
diff -Nru vsftpd-3.0.0.orig/tunables.c vsftpd-3.0.0/tunables.c
|
|
|
|
|
--- vsftpd-3.0.0.orig/tunables.c 2012-04-10 09:29:08.529670293 +0200
|
|
|
|
|
+++ vsftpd-3.0.0/tunables.c 2012-04-10 09:39:55.196345553 +0200
|
|
|
|
|
@@ -254,7 +254,7 @@
|
2009-02-20 15:10:37 +01:00
|
|
|
/* -rw------- */
|
|
|
|
|
tunable_chown_upload_mode = 0600;
|
2006-02-23 16:26:10 +01:00
|
|
|
|
2009-02-20 15:10:37 +01:00
|
|
|
- install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
|
|
|
|
|
+ install_str_setting("/var/empty", &tunable_secure_chroot_dir);
|
|
|
|
|
install_str_setting("ftp", &tunable_ftp_username);
|
|
|
|
|
install_str_setting("root", &tunable_chown_username);
|
|
|
|
|
install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
|
2012-04-10 17:38:41 +02:00
|
|
|
@@ -281,11 +281,11 @@
|
2009-02-20 15:10:37 +01:00
|
|
|
install_str_setting(0, &tunable_user_sub_token);
|
|
|
|
|
install_str_setting("/etc/vsftpd.email_passwords",
|
|
|
|
|
&tunable_email_password_file);
|
|
|
|
|
- install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
|
|
|
|
|
+ install_str_setting("/etc/ssl/certs/vsftpd.crt",
|
|
|
|
|
&tunable_rsa_cert_file);
|
|
|
|
|
install_str_setting(0, &tunable_dsa_cert_file);
|
2012-04-10 17:38:41 +02:00
|
|
|
install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers);
|
2009-02-20 15:10:37 +01:00
|
|
|
- install_str_setting(0, &tunable_rsa_private_key_file);
|
|
|
|
|
+ install_str_setting("/etc/ssl/keys/vsftpd.key", &tunable_rsa_private_key_file);
|
|
|
|
|
install_str_setting(0, &tunable_dsa_private_key_file);
|
|
|
|
|
install_str_setting(0, &tunable_ca_certs_file);
|
|
|
|
|
}
|
2012-04-10 17:38:41 +02:00
|
|
|
diff -Nru vsftpd-3.0.0.orig/vsftpd.conf vsftpd-3.0.0/vsftpd.conf
|
|
|
|
|
--- vsftpd-3.0.0.orig/vsftpd.conf 2012-04-10 09:29:08.529670293 +0200
|
|
|
|
|
+++ vsftpd-3.0.0/vsftpd.conf 2012-04-10 09:37:33.624784735 +0200
|
2009-11-19 11:56:39 +01:00
|
|
|
@@ -8,11 +8,21 @@
|
2006-02-23 16:26:10 +01:00
|
|
|
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
|
|
|
|
|
# capabilities.
|
|
|
|
|
#
|
|
|
|
|
+#
|
|
|
|
|
+# Use tcp_wrappers library
|
|
|
|
|
+tcp_wrappers=YES
|
|
|
|
|
+#
|
|
|
|
|
+# Enable SSL support
|
2006-07-04 09:12:31 +02:00
|
|
|
+#ssl_enable=YES
|
|
|
|
|
+#ssl_sslv3=YES
|
2006-02-23 16:26:10 +01:00
|
|
|
+#
|
|
|
|
|
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
|
|
|
|
|
anonymous_enable=YES
|
|
|
|
|
#
|
|
|
|
|
# Uncomment this to allow local users to log in.
|
|
|
|
|
#local_enable=YES
|
|
|
|
|
+#force_local_logins_ssl=YES
|
2006-07-04 09:12:31 +02:00
|
|
|
+#force_local_data_ssl=YES
|
2006-02-23 16:26:10 +01:00
|
|
|
#
|
|
|
|
|
# Uncomment this to enable any form of FTP write command.
|
|
|
|
|
#write_enable=YES
|
2012-01-06 15:56:07 +01:00
|
|
|
@@ -110,6 +120,7 @@
|
2009-11-19 11:56:39 +01:00
|
|
|
# listens on IPv4 sockets. This directive cannot be used in conjunction
|
|
|
|
|
# with the listen_ipv6 directive.
|
|
|
|
|
listen=YES
|
|
|
|
|
+background=YES
|
|
|
|
|
#
|
|
|
|
|
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
|
|
|
|
|
# sockets, you must run two copies of vsftpd with two configuration files.
|
2012-04-10 17:38:41 +02:00
|
|
|
diff -Nru vsftpd-3.0.0.orig/vsftpd.conf.5 vsftpd-3.0.0/vsftpd.conf.5
|
|
|
|
|
--- vsftpd-3.0.0.orig/vsftpd.conf.5 2012-04-10 09:29:08.533003507 +0200
|
|
|
|
|
+++ vsftpd-3.0.0/vsftpd.conf.5 2012-04-10 09:37:33.624784735 +0200
|
2009-10-20 12:05:11 +02:00
|
|
|
@@ -955,21 +955,21 @@
|
2006-02-23 16:26:10 +01:00
|
|
|
This option specifies the location of the RSA certificate to use for SSL
|
|
|
|
|
encrypted connections.
|
|
|
|
|
|
|
|
|
|
-Default: /usr/share/ssl/certs/vsftpd.pem
|
2006-07-04 09:12:31 +02:00
|
|
|
+Default: /etc/ssl/certs/vsftpd.crt
|
2006-02-23 16:26:10 +01:00
|
|
|
.TP
|
|
|
|
|
.B rsa_private_key_file
|
|
|
|
|
This option specifies the location of the RSA private key to use for SSL
|
2006-07-04 09:12:31 +02:00
|
|
|
encrypted connections. If this option is not set, the private key is expected
|
|
|
|
|
to be in the same file as the certificate.
|
|
|
|
|
|
|
|
|
|
-Default: (none)
|
|
|
|
|
+Default: /etc/ssl/keys/vsftpd.key
|
|
|
|
|
.TP
|
|
|
|
|
.B secure_chroot_dir
|
|
|
|
|
This option should be the name of a directory which is empty. Also, the
|
2006-02-23 16:26:10 +01:00
|
|
|
directory should not be writable by the ftp user. This directory is used
|
|
|
|
|
as a secure chroot() jail at times vsftpd does not require filesystem access.
|
|
|
|
|
|
|
|
|
|
-Default: /usr/share/empty
|
|
|
|
|
+Default: /var/empty
|
|
|
|
|
.TP
|
|
|
|
|
.B ssl_ciphers
|
|
|
|
|
This option can be used to select which SSL ciphers vsftpd will allow for
|
