diff options
| author |   Mike Gilbert <floppym@gentoo.org> | 2020-02-07 12:59:06 -0500 |
|---|---|---|
| committer | Mike Gilbert <floppym@gentoo.org> | 2020-02-07 12:59:06 -0500 |
| commit | 08b7452ea7abf8bfc814520d9b93b39e3b8cdc39 (patch) | |
| tree | 0b3fe53fe39cc50626008e4720d58ee88efc1743 /net-ftp/vsftpd | |
| parent | app-text/calibre: Bump to version 4.10.1 (diff) | |
| download | gentoo-08b7452ea7abf8bfc814520d9b93b39e3b8cdc39.tar.gz gentoo-08b7452ea7abf8bfc814520d9b93b39e3b8cdc39.tar.bz2 gentoo-08b7452ea7abf8bfc814520d9b93b39e3b8cdc39.zip | |
net-ftp/vsftpd: disable seccomp_sandbox by default
Closes: https://bugs.gentoo.org/443898
Package-Manager: Portage-2.3.86_p1, Repoman-2.3.20_p43
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Diffstat (limited to 'net-ftp/vsftpd')
| -rw-r--r-- | net-ftp/vsftpd/files/vsftpd-disable-seccomp-sandbox.patch | 15 | ||||
| -rw-r--r-- | net-ftp/vsftpd/vsftpd-3.0.3-r3.ebuild (renamed from net-ftp/vsftpd/vsftpd-3.0.3-r2.ebuild) | 45 |
2 files changed, 40 insertions, 20 deletions
diff --git a/net-ftp/vsftpd/files/vsftpd-disable-seccomp-sandbox.patch b/net-ftp/vsftpd/files/vsftpd-disable-seccomp-sandbox.patch new file mode 100644 index 000000000000..10266e36a87e --- /dev/null +++ b/net-ftp/vsftpd/files/vsftpd-disable-seccomp-sandbox.patch @@ -0,0 +1,15 @@ +Disable buggy seccomp sandbox code by default + +Bug: https://bugs.gentoo.org/443898 + +--- a/tunables.c ++++ b/tunables.c +@@ -226,7 +226,7 @@ + tunable_isolate_network = 1; + tunable_ftp_enable = 1; + tunable_http_enable = 0; +- tunable_seccomp_sandbox = 1; ++ tunable_seccomp_sandbox = 0; + tunable_allow_writeable_chroot = 0; + + tunable_accept_timeout = 60; diff --git a/net-ftp/vsftpd/vsftpd-3.0.3-r2.ebuild b/net-ftp/vsftpd/vsftpd-3.0.3-r3.ebuild index 737cd124f08e..b5dea09d6877 100644 --- a/net-ftp/vsftpd/vsftpd-3.0.3-r2.ebuild +++ b/net-ftp/vsftpd/vsftpd-3.0.3-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="6" @@ -27,17 +27,31 @@ RDEPEND="${DEPEND} xinetd? ( sys-apps/xinetd )" src_prepare() { - # kerberos patch. bug #335980 - epatch "${FILESDIR}/${PN}-2.3.2-kerberos.patch" + local PATCHES=( + # kerberos patch. bug #335980 + "${FILESDIR}/${PN}-2.3.2-kerberos.patch" - # Patch the source, config and the manpage to use /etc/vsftpd/ - epatch "${FILESDIR}/${PN}-2.3.5-gentoo.patch" + # Patch the source, config and the manpage to use /etc/vsftpd/ + "${FILESDIR}/${PN}-2.3.5-gentoo.patch" - # Fix building without the libcap - epatch "${FILESDIR}/${PN}-2.1.0-caps.patch" + # Fix building without the libcap + "${FILESDIR}/${PN}-2.1.0-caps.patch" - # Fix building on alpha. Bug #405829 - epatch "${FILESDIR}/${PN}-3.0.2-alpha.patch" + # Fix building on alpha. Bug #405829 + "${FILESDIR}/${PN}-3.0.2-alpha.patch" + + #Bug #335977 + "${FILESDIR}"/${PN}-3.0.0-Makefile.patch + + #Bug #450536 + "${FILESDIR}"/${PN}-3.0.2-remove-legacy-cap.patch + + #Bug #630704 + "${FILESDIR}"/${PN}-3.0.3-sparc.patch + + # https://bugs.gentoo.org/443898 + "${FILESDIR}"/vsftpd-disable-seccomp-sandbox.patch + ) # Configure vsftpd build defaults use tcpd && echo "#define VSF_BUILD_TCPWRAPPERS" >> builddefs.h @@ -47,22 +61,13 @@ src_prepare() { # Ensure that we don't link against libcap unless asked if ! use caps ; then sed -i '/^#define VSF_SYSDEP_HAVE_LIBCAP$/ d' sysdeputil.c || die - epatch "${FILESDIR}"/${PN}-2.2.0-dont-link-caps.patch + eapply "${FILESDIR}"/${PN}-2.2.0-dont-link-caps.patch fi # Let portage control stripping sed -i '/^LINK[[:space:]]*=[[:space:]]*/ s/-Wl,-s//' Makefile || die - #Bug #335977 - epatch "${FILESDIR}"/${PN}-3.0.0-Makefile.patch - - #Bug #450536 - epatch "${FILESDIR}"/${PN}-3.0.2-remove-legacy-cap.patch - - #Bug #630704 - epatch "${FILESDIR}"/${PN}-3.0.3-sparc.patch - - eapply_user + default } src_compile() { |