--- vsftpd-2.0.7.orig/debian/watch +++ vsftpd-2.0.7/debian/watch @@ -0,0 +1,2 @@ +version=3 +ftp://vsftpd.beasts.org/users/cevans/vsftpd-([\d.]+)\.tar\.gz --- vsftpd-2.0.7.orig/debian/vsftpd.init.d +++ vsftpd-2.0.7/debian/vsftpd.init.d @@ -0,0 +1,52 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: vsftpd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 1 +### END INIT INFO +# /etc/init.d/vsftpd +# +# Written by Sander Smeenk + +set -e + +# Exit if vsftpd.conf doesn't have listen=yes or listen_ipv6=yes +# (mandatory for standalone operation) +if [ -f /etc/vsftpd.conf ] && ! egrep -iq "^ *listen(_ipv6)? *= *yes" /etc/vsftpd.conf; then + exit 0 +fi + +DAEMON=/usr/sbin/vsftpd +NAME=vsftpd + +test -x $DAEMON || exit 0 +. /lib/lsb/init-functions + +case "$1" in + start) + log_begin_msg "Starting FTP server: $NAME" + [ -d /var/run/vsftpd ] || mkdir -p /var/run/vsftpd + start-stop-daemon --start --background -m --pidfile /var/run/vsftpd/vsftpd.pid --exec $DAEMON && log_end_msg 0 || log_end_msg 1 + ;; + stop) + log_begin_msg "Stopping FTP server: $NAME" + start-stop-daemon --stop --pidfile /var/run/vsftpd/vsftpd.pid --oknodo --exec $DAEMON && log_end_msg 0 || log_end_msg 1 + rm -f /var/run/vsftpd/vsftpd.pid + ;; + restart) + $0 stop + $0 start + ;; + reload|force-reload) + log_begin_msg "Reloading $NAME configuration files" + start-stop-daemon --stop --pidfile /var/run/vsftpd/vsftpd.pid --signal 1 --exec $DAEMON && log_end_msg 0 || log_end_msg 1 + ;; + *) + log_success_msg "Usage: /etc/init.d/$NAME {start|stop|restart|reload}" + exit 1 + ;; +esac + +exit 0 --- vsftpd-2.0.7.orig/debian/vsftpd.dirs +++ vsftpd-2.0.7/debian/vsftpd.dirs @@ -0,0 +1 @@ +var/run/vsftpd --- vsftpd-2.0.7.orig/debian/ftpusers +++ vsftpd-2.0.7/debian/ftpusers @@ -0,0 +1,14 @@ +# /etc/ftpusers: list of users disallowed FTP access. See ftpusers(5). + +root +daemon +bin +sys +sync +games +man +lp +mail +news +uucp +nobody --- vsftpd-2.0.7.orig/debian/vsftpd.postinst +++ vsftpd-2.0.7/debian/vsftpd.postinst @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +case "$1" in + configure) + if [ -z "$2" ]; then + if ! getent passwd ftp > /dev/null 2>/dev/null; then + adduser --no-create-home --system ftp + if ! [ -d /home/ftp ]; then + install -o root -g nogroup -m 0755 -d /home/ftp + fi + fi + fi + + # In 1.2.1-1, the default changed to standalone mode. If the + # configuration file contains the options for standalone operation, + # make sure to disable inetd operation. + if [ -f /etc/vsftpd.conf ] && egrep -iq "^ *listen(_ipv6)? *= *yes" /etc/vsftpd.conf; then + update-inetd --disable --pattern vsftpd ftp + fi + + # Remove shutdown and reboot links; this init script does not need them. + if dpkg --compare-versions "$2" lt "2.0.4-0ubuntu5"; then + rm -f /etc/rc0.d/K20vsftpd /etc/rc6.d/K20vsftpd + fi + ;; +esac + +#DEBHELPER# --- vsftpd-2.0.7.orig/debian/control +++ vsftpd-2.0.7/debian/control @@ -0,0 +1,21 @@ +Source: vsftpd +Section: net +Priority: extra +Maintainer: Ubuntu Core Developers +XSBC-Original-Maintainer: Matej Vela +Build-Depends: cdbs, debhelper (>= 4.2.0), libpam0g-dev, libcap-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], libwrap0-dev, libssl-dev, quilt (>= 0.40) +Standards-Version: 3.8.0 +Homepage: http://vsftpd.beasts.org/ + +Package: vsftpd +Architecture: any +Depends: ${shlibs:Depends}, libpam-modules, adduser, netbase, lsb-base (>= 1.3-9ubuntu3), ssl-cert (>= 1.0-11ubuntu1), sysv-rc (>= 2.86.ds1-14.1ubuntu2), update-inetd +Recommends: logrotate +Provides: ftp-server +Conflicts: ftp-server +Description: The Very Secure FTP Daemon + A lightweight, efficient FTP server written from the ground up with + security in mind. + . + vsftpd supports both anonymous and non-anonymous FTP, PAM authentication, + bandwidth limiting, and the Linux sendfile() facility. --- vsftpd-2.0.7.orig/debian/compat +++ vsftpd-2.0.7/debian/compat @@ -0,0 +1 @@ +4 --- vsftpd-2.0.7.orig/debian/rules +++ vsftpd-2.0.7/debian/rules @@ -0,0 +1,15 @@ +#!/usr/bin/make -f + +DEB_UPDATE_RCD_PARAMS := start 20 2 3 4 5 . stop 80 1 . + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/patchsys-quilt.mk +include /usr/share/cdbs/1/class/langcore.mk + +CFLAGS += -W -Wshadow + +build/vsftpd:: + $(MAKE) CFLAGS="$(CFLAGS)" LINK="" + +clean:: + $(MAKE) clean --- vsftpd-2.0.7.orig/debian/vsftpd.install +++ vsftpd-2.0.7/debian/vsftpd.install @@ -0,0 +1,2 @@ +vsftpd usr/sbin +vsftpd.conf debian/ftpusers etc --- vsftpd-2.0.7.orig/debian/vsftpd.docs +++ vsftpd-2.0.7/debian/vsftpd.docs @@ -0,0 +1,14 @@ +AUDIT +BENCHMARKS +BUGS +EXAMPLE +FAQ +README +README.security +README.ssl +REWARD +SECURITY +SIZE +SPEED +TODO +TUNING --- vsftpd-2.0.7.orig/debian/changelog +++ vsftpd-2.0.7/debian/changelog @@ -0,0 +1,347 @@ +vsftpd (2.0.7-0ubuntu1) intrepid; urgency=low + + * New upstream release + - Fixes SSL shutdown bug (LP: #254905) + + -- Adrien Cunin Tue, 16 Sep 2008 19:20:32 +0200 + +vsftpd (2.0.6-1.1ubuntu2) intrepid; urgency=low + + * Removed update-rc.d "multiuser" option and updated init info (LP: #254273) + http://lists.ubuntu.com/archives/ubuntu-devel-announce/2008-June/000430.html + * Added Homepage field on debian/control + * Upgrade standards to 3.8.0 + + -- Nicolas Valcárcel Tue, 12 Aug 2008 20:23:05 -0500 + +vsftpd (2.0.6-1.1ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - lsb init script + - use snakeoil ssl certs + - add update-inetd dependency + - Modify Maintainer value to match DebianMaintainerField spec. + * Dropped: + - remove stop links from rc0 and rc6: pre-hardy upgrades. + + -- Mathias Gug Fri, 09 May 2008 18:27:41 -0400 + +vsftpd (2.0.6-1.1) unstable; urgency=low + + * Non-maintainer upload to solve release goal. + * Add LSB dependency header to init.d scripts (Closes: #460211) + + -- Petter Reinholdtsen Mon, 17 Mar 2008 09:46:02 +0100 + +vsftpd (2.0.6-1ubuntu1) hardy; urgency=low + + * Merge from Debian unstable, remaining changes: + - remove stop links from rc0 and rc6 + - lsb init script + - use snakeoil ssl certs + - add update-inetd dependency + * debian/control: + - Modify Maintainer value to match DebianMaintainerField spec. + + -- Matti Lindell Mon, 25 Feb 2008 09:53:13 +0200 + +vsftpd (2.0.6-1) unstable; urgency=low + + * New upstream release. Closes: #467128. + - Adds a chown_upload_mode option. Closes: #269193. + - Supports UTF8. Closes: #445393. + * man-typo.patch: Integrated upstream. + * unused-libs.patch: Remove `-lnsl -ldl -lresolv -lutil' since we + don't use any of their symbols. + * debian/copyright: Add upstream copyright. + * debian/copyright: Update upstream e-mail. + * debian/control: Build-depend on quilt (>= 0.40) rather than + (>= 0.40-1) to placate Lintian. + * Conforms to Standards version 3.7.3. + + -- Matej Vela Sat, 23 Feb 2008 11:39:37 +0100 + +vsftpd (2.0.5-2ubuntu2) feisty; urgency=low + + * debian/control: Add update-inetd dependency (Ubuntu netbase + drops inetd dependency but update-inetd is needed in postinst, + Closes Ubuntu: #75432). + + -- Lionel Porcheron Wed, 13 Dec 2006 11:02:41 +0100 + +vsftpd (2.0.5-2ubuntu1) feisty; urgency=low + + * Merge from debian unstable, remaining changes: + - remove stop links from rc0 and rc6 + - lsb init script + - use snakeoil ssl certs + + -- Scott James Remnant Tue, 28 Nov 2006 15:56:37 +0000 + +vsftpd (2.0.5-2) unstable; urgency=low + + * New maintainer. Closes: #385929. + * Acknowledge NMU. Thanks, Martin! + * vsftpd-debian.patch: Split into individual patches. + * wifexited-const.patch: Quiltify fix from 2.0.5-1.1. + * man-typo.patch: Remove trailing `s' from `delay_failed_login' and + `delay_successful_login' in vsftpd.conf.5. Closes: #382154. + * Switch to cdbs. + * Remove dependency on libpam-runtime (>= 0.76-13.1) since we have + 0.76-22 in sarge (and an unversioned dependency is already provided + by libpam0g). + * debian/copyright: Update upstream URL. + * debian/vsftpd.files: Remove cruft. + * debian/vsftpd.init.d: Remove pidfile on stop. + * debian/vsftpd.postinst, debian/vsftpd.postrm: Use `set -e'. + * debian/watch: Add. + * Conforms to Standards version 3.7.2. + + -- Matej Vela Thu, 26 Oct 2006 10:55:25 +0200 + +vsftpd (2.0.5-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Applied patch by Martin Michlmayr to fix compilation problem on 64bit + architectures (closes: #386267). + * Added dependency on netbase because of update-inetd call (closes: #386719) + + -- martin f. krafft Sat, 9 Sep 2006 18:25:37 +0200 + +vsftpd (2.0.5-1) unstable; urgency=low + + * New upstream release. + - Added support for certificate chains (Closes: #307498). + * Use quilt.make to manage changes to the upstream source. + * Exclude libcap-dev build dependency for non-Linux architectures + (Closes: #375026). + * Mention trouble with background=yes in vsftpd.conf in the + README file. + * Create /var/run/vsftpd if necessary (Closes: #350996). + + -- Daniel Jacobowitz Sun, 23 Jul 2006 18:46:23 -0400 + +vsftpd (2.0.4-0ubuntu5) edgy; urgency=low + + * Remove stop script symlinks from rc0 and rc6. + + -- Scott James Remnant Mon, 18 Sep 2006 16:34:57 +0100 + +vsftpd (2.0.4-0ubuntu4) dapper; urgency=low + + * Switch default config to use ssl-cert-snakeoil certificates. + * Add Depends on ssl-cert. + + -- Fabio M. Di Nitto Fri, 03 Feb 2006 17:05:04 +0100 + +vsftpd (2.0.4-0ubuntu3) dapper; urgency=low + + * Create /var/run/vsftpd if necessary before starting the daemon. + + -- Colin Watson Thu, 2 Feb 2006 09:13:03 +0000 + +vsftpd (2.0.4-0ubuntu2) dapper; urgency=low + + * Upload as upstream version. + + -- Matthias Klose Thu, 19 Jan 2006 15:27:31 +0000 + +vsftpd (2.0.4-0ubuntu1) dapper; urgency=low + + * New upstream version. + + -- Matthias Klose Thu, 19 Jan 2006 16:19:35 +0100 + +vsftpd (2.0.3-1ubuntu1) breezy; urgency=low + + * Resynchronise with Debian. + + -- Adam Conrad Thu, 21 Apr 2005 08:43:37 +0000 + +vsftpd (2.0.3-1) unstable; urgency=low + + * New upstream release (Closes: #300132). + * Search for SSL certificates in /etc by default. + * Improved documentation for SSL support (Closes: #266664). + + -- Daniel Jacobowitz Fri, 1 Apr 2005 22:47:55 -0500 + +vsftpd (2.0.1-1ubuntu1) hoary; urgency=low + + * pretty init scriptage + + -- LaMont Jones Wed, 23 Mar 2005 15:52:34 -0700 + +vsftpd (2.0.1-1) unstable; urgency=low + + * New upstream release (Closes: #249977, #257773). + - Includes SSL support. + * Document that the capability module must be loaded if capabilities + were built as a module (Closes: #252241, #257774). + * Include an /etc/ftpusers to quiet a syslog warning (Closes: #249974). + * Conflict with other FTP daemons now that we provide /etc/ftpusers. + * Correct output formatting of init.d script (patch from + Adeodato Simó ) (Closes: #246437). + * Use common-auth and common-account PAM configuration files + (Closes: #245233). + + -- Daniel Jacobowitz Sun, 11 Jul 2004 23:57:34 -0400 + +vsftpd (1.2.1-1) unstable; urgency=low + + * New upstream release. + * Change default vsftpd.conf to run standalone (listen=YES) instead of + from inetd (Closes: #200159). + * Do not call update-inetd in postinst any more since we default to + standalone operation (Closes: #163163). + + -- Daniel Jacobowitz Sat, 15 Nov 2003 19:42:21 -0500 + +vsftpd (1.2.0-4) unstable; urgency=high + + * Tweaks for init.d script, including starting the server if listen_ipv6 + is specified (from Paul van Tilburg) (Closes: #212210). + * Check for a listen configuration, but not in inetd - let the daemon + start on an alternate port if it's configured to. + + -- Daniel Jacobowitz Tue, 23 Sep 2003 09:28:22 -0400 + +vsftpd (1.2.0-3) unstable; urgency=HIGH + + * Remove pam_ftp.so from the default PAM configuration. + + -- Daniel Jacobowitz Sun, 21 Sep 2003 14:03:39 -0400 + +vsftpd (1.2.0-2) unstable; urgency=low + + * Update for new PAM scheme. + * Include more documentation from the source (Closes: #206312). + + -- Daniel Jacobowitz Tue, 26 Aug 2003 16:53:19 -0400 + +vsftpd (1.2.0-1) unstable; urgency=low + + * New upstream release. + - Oops - make max_per_ip and max_clients work with the two process model + when both connect_from_port_20 and chown_uploads are false + (Closes: #171350). + - Add ability for virtual users to use local privs non anon privs, via + virtual_use_local_privs=YES (Closes: #172829). + * Update README.Debian to describe virtual_use_local_privs. + * Depend on adduser (Closes: #195277). + * Include the FAQ. + * Mention chroot_local_user in the sample configuration file. + + -- Daniel Jacobowitz Sun, 17 Aug 2003 11:47:35 -0400 + +vsftpd (1.1.3-3) unstable; urgency=low + + * Add /etc/init.d/vsftpd script for standalone mode, from Sander Smeenk. + * Document the interaction between guest_enable and anonymous user + configuration in README.Debian. + + -- Daniel Jacobowitz Mon, 27 Jan 2003 12:21:13 -0500 + +vsftpd (1.1.3-2) unstable; urgency=low + + * Brown bag. Fix install invocation in postinst (Closes: #168973). + + -- Daniel Jacobowitz Wed, 13 Nov 2002 13:51:24 -0500 + +vsftpd (1.1.3-1) unstable; urgency=low + + * New upstream release. + - Adds tcpwrappers support (off by default, see vsftpd.conf(5)). + + -- Daniel Jacobowitz Mon, 11 Nov 2002 11:30:23 -0500 + +vsftpd (1.1.2-1) unstable; urgency=low + + * New upstream release. + - Fixes port_promiscuous option (Closes: #167104). + * Create /home/ftp owned by root (Closes: #163164). + * Change the default value of pam_service_name to "vsftpd". + If you had a custom configuration in /etc/pam.d/ftpd, you should + either specify pam_service_name=ftp in vsftpd.conf or copy it to the + new file. + * Provide a default PAM configuration. + * Update Standards-Version (no changes required, yay!). + + -- Daniel Jacobowitz Mon, 4 Nov 2002 17:36:33 -0500 + +vsftpd (1.1.0-2) unstable; urgency=low + + * Add FTP username on initial installation (Closes: #155353). + * Rewrite README.Debian. + * Use the included vsftpd(8) manual page. + + -- Daniel Jacobowitz Sun, 18 Aug 2002 14:59:02 -0400 + +vsftpd (1.1.0-1) unstable; urgency=low + + * New upstream release. + - Fix for kernel warning about MSG_PEEK. + - Change the meaning of anon_root and local_root (Closes: #140713). + * Upstream removed the kernel 2.4.0 warning, so I've also removed the + kernel 2.4.0 sanity check. 2.4.0 and 2.4.1 had plenty of other nasty + bugs besides this one, so everyone should update if they haven't yet. + * Update upstream URLs in debian/copyright (Closes: #142525). + + -- Daniel Jacobowitz Tue, 6 Aug 2002 15:06:30 -0400 + +vsftpd (1.0.0-2) unstable; urgency=low + + * Provide ftp-server, even though we do not conflict with others + like the other ftp-servers do (Closes: #120354). + + -- Daniel Jacobowitz Sun, 27 Jan 2002 20:07:08 -0500 + +vsftpd (1.0.0-1) unstable; urgency=low + + * New upstream release; no code changes from 0.9.4pre4. + * Change priority to extra. + + -- Daniel Jacobowitz Wed, 14 Nov 2001 10:21:02 -0500 + +vsftpd (0.9.4.0pre4-1) unstable; urgency=low + + * New upstream release. + * Now uses libcap instead of direct kernel includes (Closes: #105168, + #89424). + + -- Daniel Jacobowitz Mon, 12 Nov 2001 14:12:27 -0500 + +vsftpd (0.9.2-2) unstable; urgency=low + + * Brown bag fix; 2.4.[01] check objected to 2.4.10 (Closes: #113808). + + -- Daniel Jacobowitz Fri, 28 Sep 2001 15:21:19 -0400 + +vsftpd (0.9.2-1) unstable; urgency=low + + * New upstream version, with nifty features like bandwidth limiting. + + -- Daniel Jacobowitz Sat, 22 Sep 2001 12:47:38 -0400 + +vsftpd (0.9.1-1) unstable; urgency=low + + * New upstream version. + * Add missingok to /etc/logrotate.d/vsftpd (Closes: #89736). + + -- Daniel Jacobowitz Thu, 31 May 2001 09:58:07 -0700 + +vsftpd (0.0.14-2) unstable; urgency=low + + * Add build dependency on libpam0g-dev. Oops. + + -- Daniel Jacobowitz Fri, 9 Mar 2001 01:07:26 -0500 + +vsftpd (0.0.14-1) unstable; urgency=low + + * Initial Release. + * Create a man page for vsftpd(8). + * Suggest logrotate and provide a logrotate.d entry. + * Abort if kernel 2.4.0 or 2.4.1 is running. + + -- Daniel Jacobowitz Thu, 8 Mar 2001 01:24:06 -0500 + --- vsftpd-2.0.7.orig/debian/vsftpd.logrotate +++ vsftpd-2.0.7/debian/vsftpd.logrotate @@ -0,0 +1,8 @@ +/var/log/vsftpd.log { + # ftpd doesn't handle SIGHUP properly + nocompress + missingok + notifempty + rotate 4 + weekly +} --- vsftpd-2.0.7.orig/debian/vsftpd.pam +++ vsftpd-2.0.7/debian/vsftpd.pam @@ -0,0 +1,13 @@ +# Standard behaviour for ftpd(8). +auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed + +# Note: vsftpd handles anonymous logins on its own. Do not enable +# pam_ftp.so. + +# Standard blurb. +@include common-account +@include common-session + +@include common-auth +auth required pam_shells.so + --- vsftpd-2.0.7.orig/debian/README.Debian +++ vsftpd-2.0.7/debian/README.Debian @@ -0,0 +1,69 @@ +Notes on the Debian vsftpd package +================================== + +If you want to allow local users to log in via FTP (not a good option +on any public network, since FTP relies upon cleartext passwords), you +should uncomment the "local_enable" line in /etc/vsftpd.conf. + + + +The PAM configuration file for vsftpd, unlike for some other FTP daemons, +should not include pam_ftp.so. pam_ftp is only for anonymous logins, and +vsftpd has its own handling of anonymous users. + + + +Anonymous FTP by default uses the home diretory and privileges of the "ftp" +user for its root directory. Installing the vsftpd package for the first +time will create this user. If you want to use a different user account, +change the value of "ftp_username" in /etc/vsftpd.conf. You can also change +the root directory by setting anon_root. + + + +If you use virtual users (via PAM and the guest_enable configuration option +in vsftpd.conf), you may want to investigate the virtual_use_local_privs +option. By default (without this option), guest users (and thus all virtual +users) are treated as anonymous users by the configuration. For instance, to +allow guest users to upload requires setting anon_upload_enable. However, +with virtual_use_local_privs then write_enable is enough to allow your +virtual users to upload. This option is new in vsftpd 1.2.0. + +If you are using password-protected virtual users you should probably use +virtual_use_local_privs, disable anonymous access, or at least be very +careful of your filesystem layout. Note that guest users and anonymous +users can run as a different user (see guest_username and ftp_username), but +both will be able to access a world-writeable directory, etc. + + + +This package includes SSL support. For information about enabling SSL, see +README.ssl. Be sure to read this file before enabling SSL! + +To use SSL you will need a certificate. You may wish to get a certificate +from a certificate agency; if you only need a self-signed certificate, you +can use the "make-ssl-cert" script from the Debian "ssl-cert" package to +create one, or you can create one manually using the "openssl" command. +The default location for the certificate is /etc/ssl/certs/vsftpd.pem; +set "rsa_cert_file" in /etc/vsftpd.conf to look elsewhere. + +At a minimum you will need the "ssl_enable" option. See the vsftpd.conf +manual page for more SSL-related settings. + + +On Linux systems, if capability support was disabled in the kernel or +built as a module and not loaded, vsftpd will fail to run. You'll see +this error message: + 500 OOPS: cap_set_proc +Build and load the appropriate kernel module to continue. + + +The included init script uses start-stop-daemon's --background option to run +vsftpd in the background. If you have "background=yes" in your configuration, +the wrong PID will be recorded in /var/run/vsftpd/vsftpd.pid, and the init +script may fail to restart or stop vsftpd later. Just remove "background=yes" +from vsftpd.conf. + + +For more information on configuring vsftpd, see the vsftpd.conf(5) manual +page, and the included FAQ. --- vsftpd-2.0.7.orig/debian/vsftpd.postrm +++ vsftpd-2.0.7/debian/vsftpd.postrm @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +case "$1" in + remove) + # Older versions of vsftpd add to inetd.conf, or the user might have + # done so manually, so disable any vsftpd entry. + update-inetd --disable --pattern vsftpd ftp + ;; +esac + +#DEBHELPER# --- vsftpd-2.0.7.orig/debian/vsftpd.manpages +++ vsftpd-2.0.7/debian/vsftpd.manpages @@ -0,0 +1,2 @@ +vsftpd.conf.5 +vsftpd.8 --- vsftpd-2.0.7.orig/debian/copyright +++ vsftpd-2.0.7/debian/copyright @@ -0,0 +1,17 @@ +This package was created on Thu, 8 Mar 2001, by Daniel Jacobowitz +. It's currently maintained by Matej Vela . + +Upstream source: ftp://vsftpd.beasts.org/users/cevans/ +Upstream Author: Chris Evans +More information is available at http://vsftpd.beasts.org/. + +Copyright (C) 2001-2008 Chris Evans + +vsftpd is distributed under the terms of version 2 of the GNU General Public +License, which can be found in /usr/share/common-licenses/GPL. There is an +additional exception from the author permitting linking with OpenSSL: + + As copyright holder, I give permission for vsftpd to be linked to + the OpenSSL libraries. This includes permission for vsftpd binaries to be + distributed linked against the OpenSSL libraries. All other obligations + under the GPL v2 remain intact. --- vsftpd-2.0.7.orig/debian/patches/unused-libs.patch +++ vsftpd-2.0.7/debian/patches/unused-libs.patch @@ -0,0 +1,37 @@ +Index: vsftpd-2.0.6/vsf_findlibs.sh +=================================================================== +--- vsftpd-2.0.6.orig/vsf_findlibs.sh 2008-02-23 11:23:20.000000000 +0100 ++++ vsftpd-2.0.6/vsf_findlibs.sh 2008-02-23 11:25:12.000000000 +0100 +@@ -6,7 +6,7 @@ + + if find_func hosts_access tcpwrap.o; then + echo "-lwrap"; +- locate_library /lib/libnsl.so && echo "-lnsl"; ++ #locate_library /lib/libnsl.so && echo "-lnsl"; + fi + + # Look for PAM (done weirdly due to distribution bugs (e.g. Debian) or the +@@ -25,19 +25,19 @@ + + # Look for the dynamic linker library. Needed by older RedHat when + # you link in PAM +-locate_library /lib/libdl.so && echo "-ldl"; ++#locate_library /lib/libdl.so && echo "-ldl"; + + # Look for libsocket. Solaris needs this. + locate_library /lib/libsocket.so && echo "-lsocket"; + + # Look for libnsl. Solaris needs this. +-locate_library /lib/libnsl.so && echo "-lnsl"; ++#locate_library /lib/libnsl.so && echo "-lnsl"; + + # Look for libresolv. Solaris needs this. +-locate_library /lib/libresolv.so && echo "-lresolv"; ++#locate_library /lib/libresolv.so && echo "-lresolv"; + + # Look for libutil. Older FreeBSD need this for setproctitle(). +-locate_library /usr/lib/libutil.so && echo "-lutil"; ++#locate_library /usr/lib/libutil.so && echo "-lutil"; + + # For older HP-UX... + locate_library /usr/lib/libsec.sl && echo "-lsec"; --- vsftpd-2.0.7.orig/debian/patches/wifexited-const.patch +++ vsftpd-2.0.7/debian/patches/wifexited-const.patch @@ -0,0 +1,20 @@ +--- vsftpd-2.0.5.orig/sysutil.c ++++ vsftpd-2.0.5/sysutil.c +@@ -601,7 +601,7 @@ + vsf_sysutil_wait_exited_normally( + const struct vsf_sysutil_wait_retval* p_waitret) + { +- return WIFEXITED(p_waitret->exit_status); ++ return WIFEXITED(((struct vsf_sysutil_wait_retval *)p_waitret)->exit_status); + } + + int +@@ -611,7 +611,7 @@ + { + bug("not a normal exit in vsf_sysutil_wait_get_exitcode"); + } +- return WEXITSTATUS(p_waitret->exit_status); ++ return WEXITSTATUS(((struct vsf_sysutil_wait_retval *)p_waitret)->exit_status); + } + + void --- vsftpd-2.0.7.orig/debian/patches/config.patch +++ vsftpd-2.0.7/debian/patches/config.patch @@ -0,0 +1,105 @@ +Index: vsftpd-2.0.5/tunables.c +=================================================================== +--- vsftpd-2.0.5.orig/tunables.c 2006-07-01 19:06:56.000000000 -0400 ++++ vsftpd-2.0.5/tunables.c 2006-07-23 18:31:14.000000000 -0400 +@@ -95,7 +95,7 @@ unsigned int tunable_delay_failed_login + unsigned int tunable_delay_successful_login = 0; + unsigned int tunable_max_login_fails = 3; + +-const char* tunable_secure_chroot_dir = "/usr/share/empty"; ++const char* tunable_secure_chroot_dir = "/var/run/vsftpd"; + const char* tunable_ftp_username = "ftp"; + const char* tunable_chown_username = "root"; + const char* tunable_xferlog_file = "/var/log/xferlog"; +@@ -105,7 +105,7 @@ const char* tunable_nopriv_user = "nobod + const char* tunable_ftpd_banner = 0; + const char* tunable_banned_email_file = "/etc/vsftpd.banned_emails"; + const char* tunable_chroot_list_file = "/etc/vsftpd.chroot_list"; +-const char* tunable_pam_service_name = "ftp"; ++const char* tunable_pam_service_name = "vsftpd"; + const char* tunable_guest_username = "ftp"; + const char* tunable_userlist_file = "/etc/vsftpd.user_list"; + const char* tunable_anon_root = 0; +Index: vsftpd-2.0.5/vsftpd.conf +=================================================================== +--- vsftpd-2.0.5.orig/vsftpd.conf 2005-05-20 18:52:54.000000000 -0400 ++++ vsftpd-2.0.5/vsftpd.conf 2006-07-23 18:31:14.000000000 -0400 +@@ -8,6 +8,17 @@ + # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's + # capabilities. + # ++# ++# Run standalone? vsftpd can run either from an inetd or as a standalone ++# daemon started from an initscript. ++listen=YES ++# ++# Run standalone with IPv6? ++# Like the listen parameter, except vsftpd will listen on an IPv6 socket ++# instead of an IPv4 one. This parameter and the listen parameter are mutually ++# exclusive. ++#listen_ipv6=YES ++# + # Allow anonymous FTP? (Beware - allowed by default if you comment this out). + anonymous_enable=YES + # +@@ -88,6 +99,11 @@ connect_from_port_20=YES + # (default follows) + #banned_email_file=/etc/vsftpd.banned_emails + # ++# You may restrict local users to their home directories. See the FAQ for ++# the possible risks in this before using chroot_local_user or ++# chroot_list_enable below. ++#chroot_local_user=YES ++# + # You may specify an explicit list of local users to chroot() to their home + # directory. If chroot_local_user is YES, then this list becomes a list of + # users to NOT chroot(). +@@ -100,4 +116,25 @@ connect_from_port_20=YES + # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume + # the presence of the "-R" option, so there is a strong case for enabling it. + #ls_recurse_enable=YES +- ++# ++# ++# Debian customization ++# ++# Some of vsftpd's settings don't fit the Debian filesystem layout by ++# default. These settings are more Debian-friendly. ++# ++# This option should be the name of a directory which is empty. Also, the ++# directory should not be writable by the ftp user. This directory is used ++# as a secure chroot() jail at times vsftpd does not require filesystem ++# access. ++secure_chroot_dir=/var/run/vsftpd ++# ++# This string is the name of the PAM service vsftpd will use. ++pam_service_name=vsftpd ++# ++# This option specifies the location of the RSA certificate to use for SSL ++# encrypted connections. ++rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem ++# This option specifies the location of the RSA key to use for SSL ++# encrypted connections. ++rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +Index: vsftpd-2.0.5/vsftpd.conf.5 +=================================================================== +--- vsftpd-2.0.5.orig/vsftpd.conf.5 2006-07-01 19:05:57.000000000 -0400 ++++ vsftpd-2.0.5/vsftpd.conf.5 2006-07-23 18:31:14.000000000 -0400 +@@ -848,7 +848,7 @@ Default: nobody + .B pam_service_name + This string is the name of the PAM service vsftpd will use. + +-Default: ftp ++Default: vsftpd + .TP + .B pasv_address + Use this option to override the IP address that vsftpd will advertise in +@@ -877,7 +877,7 @@ This option should be the name of a dire + directory should not be writable by the ftp user. This directory is used + as a secure chroot() jail at times vsftpd does not require filesystem access. + +-Default: /usr/share/empty ++Default: /var/run/vsftpd + .TP + .B ssl_ciphers + This option can be used to select which SSL ciphers vsftpd will allow for --- vsftpd-2.0.7.orig/debian/patches/builddefs.patch +++ vsftpd-2.0.7/debian/patches/builddefs.patch @@ -0,0 +1,16 @@ +Index: vsftpd/vsftpd-2.0.5/builddefs.h +=================================================================== +--- vsftpd-2.0.5.orig/builddefs.h 2006-10-26 09:11:31.000000000 +0200 ++++ vsftpd-2.0.5/builddefs.h 2006-10-26 09:11:36.000000000 +0200 +@@ -1,9 +1,9 @@ + #ifndef VSF_BUILDDEFS_H + #define VSF_BUILDDEFS_H + +-#undef VSF_BUILD_TCPWRAPPERS ++#define VSF_BUILD_TCPWRAPPERS 1 + #define VSF_BUILD_PAM +-#undef VSF_BUILD_SSL ++#define VSF_BUILD_SSL + + #endif /* VSF_BUILDDEFS_H */ + --- vsftpd-2.0.7.orig/debian/patches/series +++ vsftpd-2.0.7/debian/patches/series @@ -0,0 +1,4 @@ +unused-libs.patch +builddefs.patch +config.patch +wifexited-const.patch