From 1a75a25262b20b9213dac8b2ebdd0c4938323b4b Mon Sep 17 00:00:00 2001 From: Mike Gilbert Date: Mon, 16 Aug 2021 14:09:43 -0400 Subject: net-ftp/vsftpd: fix seccomp failures Signed-off-by: Mike Gilbert --- net-ftp/vsftpd/files/vsftpd-3.0.5-seccomp.patch | 25 +++++ net-ftp/vsftpd/vsftpd-3.0.5-r1.ebuild | 116 ++++++++++++++++++++++++ net-ftp/vsftpd/vsftpd-3.0.5.ebuild | 115 ----------------------- 3 files changed, 141 insertions(+), 115 deletions(-) create mode 100644 net-ftp/vsftpd/files/vsftpd-3.0.5-seccomp.patch create mode 100644 net-ftp/vsftpd/vsftpd-3.0.5-r1.ebuild delete mode 100644 net-ftp/vsftpd/vsftpd-3.0.5.ebuild (limited to 'net-ftp') diff --git a/net-ftp/vsftpd/files/vsftpd-3.0.5-seccomp.patch b/net-ftp/vsftpd/files/vsftpd-3.0.5-seccomp.patch new file mode 100644 index 000000000000..cd23e6b35c6a --- /dev/null +++ b/net-ftp/vsftpd/files/vsftpd-3.0.5-seccomp.patch @@ -0,0 +1,25 @@ +From 8a0ec911c17b64747b7cb2ff6e912c7cbb87d39f Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Sat, 14 Aug 2021 09:31:04 -0400 +Subject: [PATCH] Fix seccomp failures in the postlogin broker + +--- + seccompsandbox.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/seccompsandbox.c b/seccompsandbox.c +index bcd96a0..5411d69 100644 +--- a/seccompsandbox.c ++++ b/seccompsandbox.c +@@ -515,6 +515,8 @@ seccomp_sandbox_setup_postlogin_broker() + seccomp_sandbox_setup_base(); + seccomp_sandbox_setup_data_connections(); + allow_nr_1_arg_match(__NR_sendmsg, 3, 0); ++ allow_nr(__NR_alarm); ++ allow_nr(__NR_wait4); + } + + void +-- +2.32.0 + diff --git a/net-ftp/vsftpd/vsftpd-3.0.5-r1.ebuild b/net-ftp/vsftpd/vsftpd-3.0.5-r1.ebuild new file mode 100644 index 000000000000..707069d713d6 --- /dev/null +++ b/net-ftp/vsftpd/vsftpd-3.0.5-r1.ebuild @@ -0,0 +1,116 @@ +# Copyright 2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd toolchain-funcs + +DESCRIPTION="Very Secure FTP Daemon" +HOMEPAGE="https://security.appspot.com/vsftpd.html" +SRC_URI="https://security.appspot.com/downloads/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86" +IUSE="elibc_musl pam ssl tcpd" + +DEPEND=" + >=sys-libs/libcap-2 + pam? ( sys-libs/pam ) + !pam? ( virtual/libcrypt:= ) + ssl? ( dev-libs/openssl:0= ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) +" + +RDEPEND="${DEPEND} + net-ftp/ftpbase +" + +src_prepare() { + local PATCHES=( + "${FILESDIR}"/vsftpd-2.3.2-kerberos.patch + "${FILESDIR}"/vsftpd-3.0.2-alpha.patch + "${FILESDIR}"/vsftpd-3.0.3-sparc.patch + "${FILESDIR}"/vsftpd-3.0.5-seccomp.patch + ) + default +} + +define() { + sed -i -e "/#undef $2/c#define $2${3:+ }$3" "$1" || die +} + +undef() { + sed -i -e "/#define $2/c#undef $2" "$1" || die +} + +src_configure() { + libs=( -lcap ) + + if use pam; then + libs+=( -lpam ) + else + undef builddefs.h VSF_BUILD_PAM + libs+=( -lcrypt ) + fi + + if use ssl; then + define builddefs.h VSF_BUILD_SSL + libs+=( -lcrypto -lssl ) + fi + + if use tcpd; then + define builddefs.h VSF_BUILD_TCPWRAPPERS + libs+=( -lwrap ) + fi + + if use elibc_musl; then + # musl does not support utmp/wtmp + # https://bugs.gentoo.org/713952 + undef sysdeputil.c VSF_SYSDEP_HAVE_UTMPX + fi +} + +src_compile() { + local args=( + CC="$(tc-getCC)" + CFLAGS="${CFLAGS}" + LDFLAGS="${LDFLAGS}" + LIBS="${libs[*]}" + LINK= + ) + emake "${args[@]}" +} + +src_install() { + into /usr + dosbin vsftpd + + doman vsftpd.conf.5 vsftpd.8 + + insinto /etc/logrotate.d + newins "${FILESDIR}"/vsftpd.logrotate vsftpd + + insinto /etc/xinetd.d + newins "${FILESDIR}"/vsftpd.xinetd vsftpd + + newinitd "${FILESDIR}"/vsftpd.init-3.0.5 vsftpd + + systemd_newunit "${FILESDIR}"/vsftpd.service-3.0.5 vsftpd.service + systemd_newunit "${FILESDIR}"/vsftpd_at.service-3.0.5 vsftpd@.service + systemd_dounit "${FILESDIR}"/vsftpd.socket + + keepdir /usr/share/empty + + dodoc vsftpd.conf + dodoc -r EXAMPLE SECURITY + + einstalldocs +} + +pkg_preinst() { + if [[ ! -e ${EROOT}/etc/vsftpd.conf && -e ${EROOT}/etc/vsftpd/vsftpd.conf ]]; then + elog "Moving ${EROOT}/etc/vsftpd/vsftpd.conf to ${EROOT}/etc/vsftpd.conf" + mv "${EROOT}"/etc/{vsftpd/,}vsftpd.conf || die + fi +} diff --git a/net-ftp/vsftpd/vsftpd-3.0.5.ebuild b/net-ftp/vsftpd/vsftpd-3.0.5.ebuild deleted file mode 100644 index b63d380bf321..000000000000 --- a/net-ftp/vsftpd/vsftpd-3.0.5.ebuild +++ /dev/null @@ -1,115 +0,0 @@ -# Copyright 2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit systemd toolchain-funcs - -DESCRIPTION="Very Secure FTP Daemon" -HOMEPAGE="https://security.appspot.com/vsftpd.html" -SRC_URI="https://security.appspot.com/downloads/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86" -IUSE="elibc_musl pam ssl tcpd" - -DEPEND=" - >=sys-libs/libcap-2 - pam? ( sys-libs/pam ) - !pam? ( virtual/libcrypt:= ) - ssl? ( dev-libs/openssl:0= ) - tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) -" - -RDEPEND="${DEPEND} - net-ftp/ftpbase -" - -src_prepare() { - local PATCHES=( - "${FILESDIR}"/vsftpd-2.3.2-kerberos.patch - "${FILESDIR}"/vsftpd-3.0.2-alpha.patch - "${FILESDIR}"/vsftpd-3.0.3-sparc.patch - ) - default -} - -define() { - sed -i -e "/#undef $2/c#define $2${3:+ }$3" "$1" || die -} - -undef() { - sed -i -e "/#define $2/c#undef $2" "$1" || die -} - -src_configure() { - libs=( -lcap ) - - if use pam; then - libs+=( -lpam ) - else - undef builddefs.h VSF_BUILD_PAM - libs+=( -lcrypt ) - fi - - if use ssl; then - define builddefs.h VSF_BUILD_SSL - libs+=( -lcrypto -lssl ) - fi - - if use tcpd; then - define builddefs.h VSF_BUILD_TCPWRAPPERS - libs+=( -lwrap ) - fi - - if use elibc_musl; then - # musl does not support utmp/wtmp - # https://bugs.gentoo.org/713952 - undef sysdeputil.c VSF_SYSDEP_HAVE_UTMPX - fi -} - -src_compile() { - local args=( - CC="$(tc-getCC)" - CFLAGS="${CFLAGS}" - LDFLAGS="${LDFLAGS}" - LIBS="${libs[*]}" - LINK= - ) - emake "${args[@]}" -} - -src_install() { - into /usr - dosbin vsftpd - - doman vsftpd.conf.5 vsftpd.8 - - insinto /etc/logrotate.d - newins "${FILESDIR}"/vsftpd.logrotate vsftpd - - insinto /etc/xinetd.d - newins "${FILESDIR}"/vsftpd.xinetd vsftpd - - newinitd "${FILESDIR}"/vsftpd.init-3.0.5 vsftpd - - systemd_newunit "${FILESDIR}"/vsftpd.service-3.0.5 vsftpd.service - systemd_newunit "${FILESDIR}"/vsftpd_at.service-3.0.5 vsftpd@.service - systemd_dounit "${FILESDIR}"/vsftpd.socket - - keepdir /usr/share/empty - - dodoc vsftpd.conf - dodoc -r EXAMPLE SECURITY - - einstalldocs -} - -pkg_preinst() { - if [[ ! -e ${EROOT}/etc/vsftpd.conf && -e ${EROOT}/etc/vsftpd/vsftpd.conf ]]; then - elog "Moving ${EROOT}/etc/vsftpd/vsftpd.conf to ${EROOT}/etc/vsftpd.conf" - mv "${EROOT}"/etc/{vsftpd/,}vsftpd.conf || die - fi -} -- cgit v1.2.3-65-gdbad