Patchwork [meta-oe] vsftpd: add new package

login
register
mail settings
Submitter Andreas Oberritter
Date Feb. 20, 2012, 6:29 p.m.
Message ID <4F429115.3070907@opendreambox.org>
Download mbox | patch
Permalink /patch/21439/
State Superseded, archived
Headers show

Comments

Andreas Oberritter - Feb. 20, 2012, 6:29 p.m.
Hello Eric,

On 20.02.2012 14:51, Eric Bénard wrote:
> - imported 2.0.5 from oe-classic
> - upgrade to 2.3.5 which is latest stable
> - tested on ARMv5 with Angstrom

I created a recipe for vsftpd, too. Here's my version for your 
reference. All patches were taken from the Debian or Ubuntu package.

It differs from your recipe in these ways:
- uses openssl
- uses pam if available
- uses xinetd
- allows to set custom default configuration options in bbappends
- only build-tested with OE-core, no runtime tests so far.

Regards,
Andreas
Khem Raj - Feb. 20, 2012, 8:15 p.m.
On Mon, Feb 20, 2012 at 10:29 AM, Andreas Oberritter
<obi@opendreambox.org> wrote:
> +LICENSE = "GPL-2.0-with-OpenSSL-exception"

there might be a different way to represent that
Andreas Oberritter - Feb. 20, 2012, 9:46 p.m.
On 20.02.2012 21:15, Khem Raj wrote:
> On Mon, Feb 20, 2012 at 10:29 AM, Andreas Oberritter
> <obi@opendreambox.org> wrote:
>> +LICENSE = "GPL-2.0-with-OpenSSL-exception"
> 
> there might be a different way to represent that

Obviously. And maybe someone will eventually find out which different
way there is and why it's preferred over any other way.

Anyway, this was inspired by OE-core's socat recipe, which uses
"GPL-2.0+-with-OpenSSL-exception".

Any other useful comments?

Regards,
Andreas
Eric BENARD - Feb. 20, 2012, 10:22 p.m.
Hi Andreas,

Le Mon, 20 Feb 2012 19:29:41 +0100,
Andreas Oberritter <obi@opendreambox.org> a écrit :
> On 20.02.2012 14:51, Eric Bénard wrote:
> > - imported 2.0.5 from oe-classic
> > - upgrade to 2.3.5 which is latest stable
> > - tested on ARMv5 with Angstrom
> 
> I created a recipe for vsftpd, too. Here's my version for your 
> reference. All patches were taken from the Debian or Ubuntu package.
> 
> It differs from your recipe in these ways:
> - uses openssl
> - uses pam if available
> - uses xinetd

I'm not sure that depending on xinetd is a good point, I've no strong
opinion concerning the other points (except I don't need openssl, pam
& xinetd in my image in the project where I'm using vsftp).

> - allows to set custom default configuration options in bbappends

Isn't that also possible by simply providing a custom vsftpd.conf in
the project's layer ?

Eric
Andreas Oberritter - Feb. 20, 2012, 10:43 p.m.
On 20.02.2012 23:22, Eric Bénard wrote:
> Hi Andreas,
> 
> Le Mon, 20 Feb 2012 19:29:41 +0100,
> Andreas Oberritter <obi@opendreambox.org> a écrit :
>> On 20.02.2012 14:51, Eric Bénard wrote:
>>> - imported 2.0.5 from oe-classic
>>> - upgrade to 2.3.5 which is latest stable
>>> - tested on ARMv5 with Angstrom
>>
>> I created a recipe for vsftpd, too. Here's my version for your 
>> reference. All patches were taken from the Debian or Ubuntu package.
>>
>> It differs from your recipe in these ways:
>> - uses openssl
>> - uses pam if available
>> - uses xinetd
> 
> I'm not sure that depending on xinetd is a good point, I've no strong
> opinion concerning the other points (except I don't need openssl, pam
> & xinetd in my image in the project where I'm using vsftp).

I'm not sure either. All of this should probably be made optional.

>> - allows to set custom default configuration options in bbappends
> 
> Isn't that also possible by simply providing a custom vsftpd.conf in
> the project's layer ?

Yes, that would be possible, too. The way I implemented just makes it
easier to use OE's variables in configuration items and to override only
few options like the ftp banner. And to keep an up-to-date configuration
example with increasing versions.

Regards,
Andreas
Eric BENARD - Feb. 22, 2012, 9:12 a.m.
Hi Andreas,

Le Mon, 20 Feb 2012 19:29:41 +0100,
Andreas Oberritter <obi@opendreambox.org> a écrit :
> On 20.02.2012 14:51, Eric Bénard wrote:
> > - imported 2.0.5 from oe-classic
> > - upgrade to 2.3.5 which is latest stable
> > - tested on ARMv5 with Angstrom
> 
> I created a recipe for vsftpd, too. Here's my version for your 
> reference. All patches were taken from the Debian or Ubuntu package.
> 
> It differs from your recipe in these ways:
> - uses openssl
> - uses pam if available
> - uses xinetd
> - allows to set custom default configuration options in bbappends
> - only build-tested with OE-core, no runtime tests so far.
> 
your recipe was just pushed (with this email as the commit message ...).
I think it would have need a little rework, at least to not depend on
xinetd by default and be runtime tested before being pushed.

Eric
Andrea Adami - Feb. 22, 2012, 9:52 a.m.
On Wed, Feb 22, 2012 at 10:12 AM, Eric Bénard <eric@eukrea.com> wrote:
> Hi Andreas,
>
> Le Mon, 20 Feb 2012 19:29:41 +0100,
> Andreas Oberritter <obi@opendreambox.org> a écrit :
>> On 20.02.2012 14:51, Eric Bénard wrote:
>> > - imported 2.0.5 from oe-classic
>> > - upgrade to 2.3.5 which is latest stable
>> > - tested on ARMv5 with Angstrom
>>
>> I created a recipe for vsftpd, too. Here's my version for your
>> reference. All patches were taken from the Debian or Ubuntu package.
>>
>> It differs from your recipe in these ways:
>> - uses openssl
>> - uses pam if available
>> - uses xinetd
>> - allows to set custom default configuration options in bbappends
>> - only build-tested with OE-core, no runtime tests so far.
>>
> your recipe was just pushed (with this email as the commit message ...).
> I think it would have need a little rework, at least to not depend on
> xinetd by default and be runtime tested before being pushed.
>
> Eric

And preferably should be committed in meta-oe/recipes-connectivity/vsftpd/
Now is in root of meta-openembedded.
Cheers
Andrea

> --
> http://eukrea.com/en/news/104-2012
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
Andreas Oberritter - Feb. 22, 2012, 10:35 a.m.
On 22.02.2012 10:52, Andrea Adami wrote:
> On Wed, Feb 22, 2012 at 10:12 AM, Eric Bénard <eric@eukrea.com> wrote:
>> Hi Andreas,
>>
>> Le Mon, 20 Feb 2012 19:29:41 +0100,
>> Andreas Oberritter <obi@opendreambox.org> a écrit :
>>> On 20.02.2012 14:51, Eric Bénard wrote:
>>>> - imported 2.0.5 from oe-classic
>>>> - upgrade to 2.3.5 which is latest stable
>>>> - tested on ARMv5 with Angstrom
>>>
>>> I created a recipe for vsftpd, too. Here's my version for your
>>> reference. All patches were taken from the Debian or Ubuntu package.
>>>
>>> It differs from your recipe in these ways:
>>> - uses openssl
>>> - uses pam if available
>>> - uses xinetd
>>> - allows to set custom default configuration options in bbappends
>>> - only build-tested with OE-core, no runtime tests so far.
>>>
>> your recipe was just pushed (with this email as the commit message ...).
>> I think it would have need a little rework, at least to not depend on
>> xinetd by default and be runtime tested before being pushed.
>>
>> Eric
> 
> And preferably should be committed in meta-oe/recipes-connectivity/vsftpd/
> Now is in root of meta-openembedded.
> Cheers
> Andrea

Yes. That was definitely not meant to be applied as is. Koen, did you by
accident pick the wrong patch? Please revert and commit
http://patches.openembedded.org/patch/21437/ instead.

Regards,
Andreas
Koen Kooi - Feb. 22, 2012, 11:25 a.m.
Op 22 feb. 2012, om 11:35 heeft Andreas Oberritter het volgende geschreven:

> On 22.02.2012 10:52, Andrea Adami wrote:
>> On Wed, Feb 22, 2012 at 10:12 AM, Eric Bénard <eric@eukrea.com> wrote:
>>> Hi Andreas,
>>> 
>>> Le Mon, 20 Feb 2012 19:29:41 +0100,
>>> Andreas Oberritter <obi@opendreambox.org> a écrit :
>>>> On 20.02.2012 14:51, Eric Bénard wrote:
>>>>> - imported 2.0.5 from oe-classic
>>>>> - upgrade to 2.3.5 which is latest stable
>>>>> - tested on ARMv5 with Angstrom
>>>> 
>>>> I created a recipe for vsftpd, too. Here's my version for your
>>>> reference. All patches were taken from the Debian or Ubuntu package.
>>>> 
>>>> It differs from your recipe in these ways:
>>>> - uses openssl
>>>> - uses pam if available
>>>> - uses xinetd
>>>> - allows to set custom default configuration options in bbappends
>>>> - only build-tested with OE-core, no runtime tests so far.
>>>> 
>>> your recipe was just pushed (with this email as the commit message ...).
>>> I think it would have need a little rework, at least to not depend on
>>> xinetd by default and be runtime tested before being pushed.
>>> 
>>> Eric
>> 
>> And preferably should be committed in meta-oe/recipes-connectivity/vsftpd/
>> Now is in root of meta-openembedded.
>> Cheers
>> Andrea
> 
> Yes. That was definitely not meant to be applied as is. Koen, did you by
> accident pick the wrong patch? Please revert and commit
> http://patches.openembedded.org/patch/21437/ instead.

Right, I picked the wrong patch, sorry about that. The "was that path intentional?" remark in patchwork suddenly makes sense, I couldn't figure it out while I was reading through the discussion.
Anyway, my bad, the 21437 patch is in now.

regards,

Koen

Patch

diff -Naur empty/vsftpd/01-builddefs.patch vsftpd/vsftpd/01-builddefs.patch
--- empty/vsftpd/01-builddefs.patch	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd/01-builddefs.patch	2012-01-26 14:12:34.564586767 +0100
@@ -0,0 +1,18 @@ 
+Author: Daniel Jacobowitz <dan@debian.org>
+Description: Build with tcpwrapper and SSL support.
+
+diff -Naurp vsftpd.orig/builddefs.h vsftpd/builddefs.h
+--- vsftpd.orig/builddefs.h	2009-01-31 00:02:36.000000000 +0000
++++ vsftpd/builddefs.h	2009-01-31 00:26:34.000000000 +0000
+@@ -1,9 +1,9 @@
+ #ifndef VSF_BUILDDEFS_H
+ #define VSF_BUILDDEFS_H
+ 
+-#undef VSF_BUILD_TCPWRAPPERS
++#define VSF_BUILD_TCPWRAPPERS 1
+ #define VSF_BUILD_PAM
+-#undef VSF_BUILD_SSL
++#define VSF_BUILD_SSL
+ 
+ #endif /* VSF_BUILDDEFS_H */
+ 
diff -Naur empty/vsftpd/02-config.patch vsftpd/vsftpd/02-config.patch
--- empty/vsftpd/02-config.patch	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd/02-config.patch	2012-01-26 14:12:34.564586767 +0100
@@ -0,0 +1,120 @@ 
+Author: Daniel Jacobowitz <dan@debian.org>
+Description: Set default configuration.
+
+diff -Naurp vsftpd.orig/tunables.c vsftpd/tunables.c
+--- vsftpd.orig/tunables.c	2009-07-15 22:08:27.000000000 +0200
++++ vsftpd/tunables.c	2009-11-06 13:33:34.000000000 +0100
+@@ -246,7 +246,7 @@ tunables_load_defaults()
+   /* -rw------- */
+   tunable_chown_upload_mode = 0600;
+ 
+-  install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
++  install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
+   install_str_setting("ftp", &tunable_ftp_username);
+   install_str_setting("root", &tunable_chown_username);
+   install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
+@@ -256,7 +256,7 @@ tunables_load_defaults()
+   install_str_setting(0, &tunable_ftpd_banner);
+   install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file);
+   install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file);
+-  install_str_setting("ftp", &tunable_pam_service_name);
++  install_str_setting("vsftpd", &tunable_pam_service_name);
+   install_str_setting("ftp", &tunable_guest_username);
+   install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file);
+   install_str_setting(0, &tunable_anon_root);
+diff -Naurp vsftpd.orig/vsftpd.conf vsftpd/vsftpd.conf
+--- vsftpd.orig/vsftpd.conf	2009-11-06 08:41:11.000000000 +0100
++++ vsftpd/vsftpd.conf	2009-11-06 13:35:37.000000000 +0100
+@@ -8,6 +8,17 @@
+ # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
+ # capabilities.
+ #
++#
++# Run standalone?  vsftpd can run either from an inetd or as a standalone
++# daemon started from an initscript.
++listen=YES
++#
++# Run standalone with IPv6?
++# Like the listen parameter, except vsftpd will listen on an IPv6 socket
++# instead of an IPv4 one. This parameter and the listen parameter are mutually
++# exclusive.
++#listen_ipv6=YES
++#
+ # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+ anonymous_enable=YES
+ #
+@@ -34,6 +45,12 @@ anonymous_enable=YES
+ # go into a certain directory.
+ dirmessage_enable=YES
+ #
++# If enabled, vsftpd will display directory listings with the time
++# in  your  local  time  zone.  The default is to display GMT. The
++# times returned by the MDTM FTP command are also affected by this
++# option.
++use_localtime=YES
++#
+ # Activate logging of uploads/downloads.
+ xferlog_enable=YES
+ #
+@@ -89,6 +106,11 @@ connect_from_port_20=YES
+ # (default follows)
+ #banned_email_file=/etc/vsftpd.banned_emails
+ #
++# You may restrict local users to their home directories.  See the FAQ for
++# the possible risks in this before using chroot_local_user or
++# chroot_list_enable below.
++#chroot_local_user=YES
++#
+ # You may specify an explicit list of local users to chroot() to their home
+ # directory. If chroot_local_user is YES, then this list becomes a list of
+ # users to NOT chroot().
+@@ -103,12 +125,20 @@ connect_from_port_20=YES
+ # the presence of the "-R" option, so there is a strong case for enabling it.
+ #ls_recurse_enable=YES
+ #
+-# When "listen" directive is enabled, vsftpd runs in standalone mode and
+-# listens on IPv4 sockets. This directive cannot be used in conjunction
+-# with the listen_ipv6 directive.
+-listen=YES
++# Customization
+ #
+-# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
+-# sockets, you must run two copies of vsftpd with two configuration files.
+-# Make sure, that one of the listen options is commented !!
+-#listen_ipv6=YES
++# Some of vsftpd's settings don't fit the filesystem layout by
++# default.
++#
++# This option should be the name of a directory which is empty.  Also, the
++# directory should not be writable by the ftp user. This directory is used
++# as a secure chroot() jail at times vsftpd does not require filesystem
++# access.
++secure_chroot_dir=/var/run/vsftpd/empty
++#
++# This string is the name of the PAM service vsftpd will use.
++pam_service_name=vsftpd
++#
++# This option specifies the location of the RSA certificate to use for SSL
++# encrypted connections.
++rsa_cert_file=/etc/ssl/private/vsftpd.pem
+diff -Naurp vsftpd.orig/vsftpd.conf.5 vsftpd/vsftpd.conf.5
+--- vsftpd.orig/vsftpd.conf.5	2009-11-06 08:41:11.000000000 +0100
++++ vsftpd/vsftpd.conf.5	2009-11-06 13:37:10.000000000 +0100
+@@ -940,7 +940,7 @@ Default: nobody
+ .B pam_service_name
+ This string is the name of the PAM service vsftpd will use.
+ 
+-Default: ftp
++Default: vsftpd
+ .TP
+ .B pasv_address
+ Use this option to override the IP address that vsftpd will advertise in
+@@ -969,7 +969,7 @@ This option should be the name of a dire
+ directory should not be writable by the ftp user. This directory is used
+ as a secure chroot() jail at times vsftpd does not require filesystem access.
+ 
+-Default: /usr/share/empty
++Default: /var/run/vsftpd/empty
+ .TP
+ .B ssl_ciphers
+ This option can be used to select which SSL ciphers vsftpd will allow for
diff -Naur empty/vsftpd/03-db-doc.patch vsftpd/vsftpd/03-db-doc.patch
--- empty/vsftpd/03-db-doc.patch	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd/03-db-doc.patch	2012-01-26 14:12:34.564586767 +0100
@@ -0,0 +1,19 @@ 
+Author: shaul Karl <shaulkarl@yahoo.com>
+Description:
+ A short explanation how to find out the right db version (Closes: #478282).
+
+diff -Naurp vsftpd.orig/EXAMPLE/VIRTUAL_USERS/README vsftpd/EXAMPLE/VIRTUAL_USERS/README
+--- vsftpd.orig/EXAMPLE/VIRTUAL_USERS/README	2009-01-31 00:02:36.000000000 +0000
++++ vsftpd/EXAMPLE/VIRTUAL_USERS/README	2009-01-31 01:38:11.000000000 +0000
+@@ -21,7 +21,10 @@ NOTE: Many systems have multiple version
+ need to use e.g. db3_load for correct operation. This is known to affect
+ some Debian systems. The core issue is that pam_userdb expects its login
+ database to be a specific db version (often db3, whereas db4 may be installed
+-on your system).
++on your system). You might check ahead what specific db version you'll need
++by looking at the dependcies of the pam module. Some methods to do that is to
++run ldd on the pam_userdb.so or look at the dependencies of the package with
++the pam modules.
+ 
+ This will create /etc/vsftpd_login.db. Obviously, you may want to make sure
+ the permissions are restricted:
diff -Naur empty/vsftpd/04-link-local.patch vsftpd/vsftpd/04-link-local.patch
--- empty/vsftpd/04-link-local.patch	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd/04-link-local.patch	2012-01-26 14:12:34.564586767 +0100
@@ -0,0 +1,91 @@ 
+Author: Michael Stapelberg <michael@stapelberg.de>
+Description:
+ vsftpd does not accept IPv6 scope identifier in listen_address6
+ (Closes: #544993).
+ .
+ When specifying a link-local address, you need a scope identifier (tha name of
+ the index usually), thus you cannot use the following:
+ listen_address6=fe80::21f:16ff:fe06:3aab
+ but you have to use:
+ listen_address6=fe80::21f:16ff:fe06:3aab%eth0
+ so that it is clear on which interface this link-local address should be used.
+ .
+ Unfortunately, vsftpd does not correctly parse the address mentioned above and
+ thus fails to be useful in link-local-only environments.
+ .
+ This patch fixes it.
+
+diff -Naurp vsftpd.orig/standalone.c vsftpd/standalone.c
+--- vsftpd.orig/standalone.c	2009-10-02 14:15:18.000000000 +0200
++++ vsftpd/standalone.c	2009-10-17 17:10:02.000000000 +0200
+@@ -7,6 +7,8 @@
+  * Code to listen on the network and launch children servants.
+  */
+ 
++#include <net/if.h>
++
+ #include "standalone.h"
+ 
+ #include "parseconf.h"
+@@ -111,8 +113,17 @@ vsf_standalone_main(void)
+     else
+     {
+       struct mystr addr_str = INIT_MYSTR;
++      struct mystr scope_id = INIT_MYSTR;
+       const unsigned char* p_raw_addr;
++      unsigned int if_index = 0;
++
++      /* See if we got a scope id */
+       str_alloc_text(&addr_str, tunable_listen_address6);
++      str_split_char(&addr_str, &scope_id, '%');
++      if (str_getlen(&scope_id) > 0) {
++        if_index = if_nametoindex(str_getbuf(&scope_id));
++        str_free(&scope_id);
++      }
+       p_raw_addr = vsf_sysutil_parse_ipv6(&addr_str);
+       str_free(&addr_str);
+       if (!p_raw_addr)
+@@ -120,6 +131,7 @@ vsf_standalone_main(void)
+         die2("bad listen_address6: ", tunable_listen_address6);
+       }
+       vsf_sysutil_sockaddr_set_ipv6addr(p_sockaddr, p_raw_addr);
++      vsf_sysutil_sockaddr_set_ipv6scope(p_sockaddr, if_index);
+     }
+     retval = vsf_sysutil_bind(listen_sock, p_sockaddr);
+     vsf_sysutil_free(p_sockaddr);
+diff -Naurp vsftpd.orig/sysutil.c vsftpd/sysutil.c
+--- vsftpd.orig/sysutil.c	2009-10-02 14:15:18.000000000 +0200
++++ vsftpd/sysutil.c	2009-10-17 17:10:02.000000000 +0200
+@@ -2039,6 +2039,19 @@ vsf_sysutil_sockaddr_set_ipv6addr(struct
+   }
+ }
+ 
++int
++vsf_sysutil_sockaddr_get_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr)
++{
++  return p_sockptr->u.u_sockaddr_in6.sin6_scope_id;
++}
++
++void
++vsf_sysutil_sockaddr_set_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr,
++                                  const int scope_id)
++{
++  p_sockptr->u.u_sockaddr_in6.sin6_scope_id = scope_id;
++}
++
+ const void*
+ vsf_sysutil_sockaddr_ipv6_v4(const struct vsf_sysutil_sockaddr* p_addr)
+ {
+diff -Naurp vsftpd.orig/sysutil.h vsftpd/sysutil.h
+--- vsftpd.orig/sysutil.h	2009-10-02 14:15:18.000000000 +0200
++++ vsftpd/sysutil.h	2009-10-17 17:10:02.000000000 +0200
+@@ -228,6 +228,9 @@ void vsf_sysutil_sockaddr_set_ipv4addr(s
+                                        const unsigned char* p_raw);
+ void vsf_sysutil_sockaddr_set_ipv6addr(struct vsf_sysutil_sockaddr* p_sockptr,
+                                        const unsigned char* p_raw);
++void vsf_sysutil_sockaddr_set_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr,
++                                      const int scope_id);
++int vsf_sysutil_sockaddr_get_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr);
+ void vsf_sysutil_sockaddr_set_any(struct vsf_sysutil_sockaddr* p_sockaddr);
+ unsigned short vsf_sysutil_sockaddr_get_port(
+     const struct vsf_sysutil_sockaddr* p_sockptr);
diff -Naur empty/vsftpd/05-whitespaces.patch vsftpd/vsftpd/05-whitespaces.patch
--- empty/vsftpd/05-whitespaces.patch	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd/05-whitespaces.patch	2012-01-26 14:12:34.564586767 +0100
@@ -0,0 +1,81 @@ 
+Author: Jiri Skala <jskala@redhat.com>
+Description: trim white spaces from option values (Closes: #419857, #536803).
+
+diff -Naurp vsftpd.orig/parseconf.c vsftpd/parseconf.c
+--- vsftpd.orig/parseconf.c	2009-10-02 14:15:18.000000000 +0200
++++ vsftpd/parseconf.c	2009-10-18 11:28:31.000000000 +0200
+@@ -275,7 +275,7 @@ vsf_parseconf_load_setting(const char* p
+         }
+         else
+         {
+-          *p_curr_setting = str_strdup(&s_value_str);
++          *p_curr_setting = str_strdup_trimmed(&s_value_str);
+         }
+         return;
+       }
+diff -Naurp vsftpd.orig/str.c vsftpd/str.c
+--- vsftpd.orig/str.c	2009-10-02 14:15:18.000000000 +0200
++++ vsftpd/str.c	2009-10-18 11:28:31.000000000 +0200
+@@ -89,6 +89,18 @@ str_strdup(const struct mystr* p_str)
+   return vsf_sysutil_strdup(str_getbuf(p_str));
+ }
+ 
++const char*
++str_strdup_trimmed(const struct mystr* p_str)
++{
++  const char* p_trimmed = str_getbuf(p_str);
++  int h, t, newlen;
++
++  for (h = 0; h < (int)str_getlen(p_str) && vsf_sysutil_isspace(p_trimmed[h]); h++) ;
++  for (t = str_getlen(p_str) - 1; t >= 0 && vsf_sysutil_isspace(p_trimmed[t]); t--) ;
++  newlen = t - h + 1;
++  return newlen ? vsf_sysutil_strndup(p_trimmed+h, (unsigned int)newlen) : 0L;
++}
++
+ void
+ str_alloc_alt_term(struct mystr* p_str, const char* p_src, char term)
+ {
+diff -Naurp vsftpd.orig/str.h vsftpd/str.h
+--- vsftpd.orig/str.h	2009-10-02 14:15:18.000000000 +0200
++++ vsftpd/str.h	2009-10-18 11:28:31.000000000 +0200
+@@ -31,6 +31,7 @@ void str_alloc_ulong(struct mystr* p_str
+ void str_alloc_filesize_t(struct mystr* p_str, filesize_t the_filesize);
+ void str_copy(struct mystr* p_dest, const struct mystr* p_src);
+ const char* str_strdup(const struct mystr* p_str);
++const char* str_strdup_trimmed(const struct mystr* p_str);
+ void str_empty(struct mystr* p_str);
+ void str_free(struct mystr* p_str);
+ void str_trunc(struct mystr* p_str, unsigned int trunc_len);
+diff -Naurp vsftpd.orig/sysutil.c vsftpd/sysutil.c
+--- vsftpd.orig/sysutil.c	2009-10-02 14:15:18.000000000 +0200
++++ vsftpd/sysutil.c	2009-10-18 11:28:31.000000000 +0200
+@@ -1033,6 +1033,18 @@ vsf_sysutil_strdup(const char* p_str)
+   return strdup(p_str);
+ }
+ 
++char*
++vsf_sysutil_strndup(const char* p_str, unsigned int p_len)
++{
++  char *new = (char *)malloc(p_len+1);
++
++  if (new == NULL)
++    return NULL;
++
++  new[p_len]='\0';
++  return (char *)memcpy(new, p_str, p_len);
++}
++
+ void
+ vsf_sysutil_memclr(void* p_dest, unsigned int size)
+ {
+diff -Naurp vsftpd.orig/sysutil.h vsftpd/sysutil.h
+--- vsftpd.orig/sysutil.h	2009-10-02 14:15:18.000000000 +0200
++++ vsftpd/sysutil.h	2009-10-18 11:28:31.000000000 +0200
+@@ -186,6 +186,7 @@ int vsf_sysutil_wait_get_exitcode(
+ /* Various string functions */
+ unsigned int vsf_sysutil_strlen(const char* p_text);
+ char* vsf_sysutil_strdup(const char* p_str);
++char* vsf_sysutil_strndup(const char* p_str, unsigned int p_len);
+ void vsf_sysutil_memclr(void* p_dest, unsigned int size);
+ void vsf_sysutil_memcpy(void* p_dest, const void* p_src,
+                         const unsigned int size);
diff -Naur empty/vsftpd/06-greedy.patch vsftpd/vsftpd/06-greedy.patch
--- empty/vsftpd/06-greedy.patch	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd/06-greedy.patch	2012-01-26 14:12:34.564586767 +0100
@@ -0,0 +1,32 @@ 
+Author: Martin Nagy <mnagy@redhat.com>
+Description: Fix file listing issue with wildcard (Bugzilla: #392181).
+
+diff -Naurp vsftpd.orig/ls.c vsftpd/ls.c
+--- vsftpd.orig/ls.c	2009-10-02 14:15:18.000000000 +0200
++++ vsftpd/ls.c	2009-10-18 11:48:29.000000000 +0200
+@@ -281,6 +281,25 @@ vsf_filename_passes_filter(const struct 
+       {
+         goto out;
+       }
++      if (!must_match_at_current_pos)
++      {
++        struct mystr scan_fwd = INIT_MYSTR;
++
++        str_mid_to_end(&name_remain_str, &scan_fwd,
++                        indexx + str_getlen(&s_match_needed_str));
++        /* We're allowed to be greedy, test if it match further along
++         * keep advancing indexx while we can still match.
++         */
++        while( (locate_result = str_locate_str(&scan_fwd, &s_match_needed_str)),
++            locate_result.found )
++        {
++          indexx += locate_result.index + str_getlen(&s_match_needed_str);
++          str_mid_to_end(&scan_fwd, &temp_str,
++                         locate_result.index + str_getlen(&s_match_needed_str));
++          str_copy(&scan_fwd, &temp_str);
++        }
++       str_free(&scan_fwd);
++      }
+       /* Chop matched string out of remainder */
+       str_mid_to_end(&name_remain_str, &temp_str,
+                      indexx + str_getlen(&s_match_needed_str));
diff -Naur empty/vsftpd/07-utf8.patch vsftpd/vsftpd/07-utf8.patch
--- empty/vsftpd/07-utf8.patch	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd/07-utf8.patch	2012-01-26 14:12:34.564586767 +0100
@@ -0,0 +1,58 @@ 
+Author: Chuck Short <zulcss@ubuntu.com>
+Description: Adding support for UTF8.
+
+diff -Naurp vsftpd.orig/features.c vsftpd/features.c
+--- vsftpd.orig/features.c	2008-12-04 06:00:47.000000000 +0000
++++ vsftpd/features.c	2010-02-25 13:28:06.000000000 +0000
+@@ -21,6 +21,10 @@ handle_feat(struct vsf_session* p_sess)
+     vsf_cmdio_write_raw(p_sess, " AUTH SSL\r\n");
+     vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n");
+   }
++  if (tunable_utf8_filesystem)
++  {
++     vsf_cmdio_write_raw(p_sess, " UTF8\r\n");
++  }
+   if (tunable_port_enable)
+   {
+     vsf_cmdio_write_raw(p_sess, " EPRT\r\n");
+diff -Naurp vsftpd.orig/parseconf.c vsftpd/parseconf.c
+--- vsftpd.orig/parseconf.c	2009-08-07 18:46:40.000000000 +0000
++++ vsftpd/parseconf.c	2010-02-25 13:28:06.000000000 +0000
+@@ -28,6 +28,7 @@ static struct parseconf_bool_setting
+ parseconf_bool_array[] =
+ {
+   { "anonymous_enable", &tunable_anonymous_enable },
++  { "utf8_filesystem", &tunable_utf8_filesystem },
+   { "local_enable", &tunable_local_enable },
+   { "pasv_enable", &tunable_pasv_enable },
+   { "port_enable", &tunable_port_enable },
+diff -Naurp vsftpd.orig/tunables.c vsftpd/tunables.c
+--- vsftpd.orig/tunables.c	2009-07-15 20:08:27.000000000 +0000
++++ vsftpd/tunables.c	2010-02-25 13:28:06.000000000 +0000
+@@ -10,6 +10,7 @@
+ 
+ int tunable_anonymous_enable;
+ int tunable_local_enable;
++int tunable_utf8_filesystem;
+ int tunable_pasv_enable;
+ int tunable_port_enable;
+ int tunable_chroot_local_user;
+@@ -146,6 +147,7 @@ tunables_load_defaults()
+ {
+   tunable_anonymous_enable = 1;
+   tunable_local_enable = 0;
++  tunable_utf8_filesystem = 0;
+   tunable_pasv_enable = 1;
+   tunable_port_enable = 1;
+   tunable_chroot_local_user = 0;
+diff -Naurp vsftpd.orig/tunables.h vsftpd/tunables.h
+--- vsftpd.orig/tunables.h	2009-07-07 01:37:28.000000000 +0000
++++ vsftpd/tunables.h	2010-02-25 13:28:06.000000000 +0000
+@@ -11,6 +11,7 @@ void tunables_load_defaults();
+ /* Booleans */
+ extern int tunable_anonymous_enable;          /* Allow anon logins */
+ extern int tunable_local_enable;              /* Allow local logins */
++extern int tunable_utf8_filesystem;           /* Server uses UTF8 Filesystem */
+ extern int tunable_pasv_enable;               /* Allow PASV */
+ extern int tunable_port_enable;               /* Allow PORT */
+ extern int tunable_chroot_local_user;         /* Restrict local to home dir */
diff -Naur empty/vsftpd/08-manpage.patch vsftpd/vsftpd/08-manpage.patch
--- empty/vsftpd/08-manpage.patch	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd/08-manpage.patch	2012-01-26 14:12:34.564586767 +0100
@@ -0,0 +1,23 @@ 
+Author: Daniel Baumann <daniel.baumann@progress-technologies.net>
+Description: Fixing manpage formating.
+
+diff -Naurp vsftpd.orig/vsftpd.8 vsftpd/vsftpd.8
+--- vsftpd.orig/vsftpd.8	2009-07-17 20:56:23.000000000 +0000
++++ vsftpd/vsftpd.8	2010-04-08 05:18:00.000000000 +0000
+@@ -57,4 +57,3 @@ setting and any identical setting that w
+ .Pa /etc/vsftpd.conf
+ .Sh SEE ALSO
+ .Xr vsftpd.conf 5
+-.end
+diff -Naurp vsftpd.orig/vsftpd.conf.5 vsftpd/vsftpd.conf.5
+--- vsftpd.orig/vsftpd.conf.5	2009-10-19 02:46:30.000000000 +0000
++++ vsftpd/vsftpd.conf.5	2010-04-08 05:18:08.000000000 +0000
+@@ -404,7 +404,7 @@ reuse (which proves that they know the s
+ channel). Although this is a secure default, it may break many FTP clients,
+ so you may want to disable it. For a discussion of the consequences, see
+ http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html
+-(Added in v2.1.0).
++ (Added in v2.1.0).
+ 
+ Default: YES
+ .TP
diff -Naur empty/vsftpd/09-s390.patch vsftpd/vsftpd/09-s390.patch
--- empty/vsftpd/09-s390.patch	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd/09-s390.patch	2012-01-26 14:12:34.564586767 +0100
@@ -0,0 +1,15 @@ 
+Author: Philipp Kern <pkern@debian.org>
+Description: Fix vsftpd on s390 (Closes: #602726).
+
+diff -Naurp vsftpd.orig/sysdeputil.c vsftpd/sysdeputil.c
+--- vsftpd.orig/sysdeputil.c	2011-09-05 16:03:18.728857644 +0200
++++ vsftpd/sysdeputil.c	2011-09-05 16:05:12.909423834 +0200
+@@ -64,7 +64,7 @@
+ #include <utmpx.h>
+ 
+ /* BEGIN config */
+-#if defined(__linux__)
++#if defined(__linux__) && !defined(__s390__)
+   #include <errno.h>
+   #include <syscall.h>
+   #define VSF_SYSDEP_HAVE_LINUX_CLONE
diff -Naur empty/vsftpd/10-remote-dos.patch vsftpd/vsftpd/10-remote-dos.patch
--- empty/vsftpd/10-remote-dos.patch	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd/10-remote-dos.patch	2012-01-26 14:12:34.564586767 +0100
@@ -0,0 +1,69 @@ 
+Author: Ben Hutchings <ben@decadent.org.uk>
+Description: Remote DoS on Linux 2.6.32 (Closes: #629373).
+
+diff -Naurp vsftpd.orig/sysdeputil.c vsftpd/sysdeputil.c
+--- vsftpd.orig/sysdeputil.c	2010-03-26 04:25:33.000000000 +0100
++++ vsftpd/sysdeputil.c	2011-09-05 15:16:05.347070790 +0200
+@@ -25,6 +25,11 @@
+   #define _LARGEFILE64_SOURCE 1
+ #endif
+ 
++#ifdef __linux__
++  #include <stdio.h>
++  #include <sys/utsname.h>
++#endif
++
+ /* For INT_MAX */
+ #include <limits.h>
+ 
+@@ -1259,11 +1264,36 @@ vsf_set_term_if_parent_dies()
+ #endif
+ }
+ 
++#ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
++/* On Linux versions <2.6.35, netns cleanup may be so slow that
++ * creating a netns per connection allows a remote denial-of-service.
++ * We therefore do not use CLONE_NEWNET on these versions.
++ */
++static int
++vsf_sysutil_netns_cleanup_is_fast(void)
++{
++#ifdef __linux__
++  struct utsname utsname;
++  int r1, r2, r3 = 0;
++  return (uname(&utsname) == 0 &&
++	  sscanf(utsname.release, "%d.%d.%d", &r1, &r2, &r3) >= 2 &&
++	  ((r1 << 16) | (r2 << 8) | r3) >= ((2 << 16) | (6 << 8) | 35));
++#else
++  /* Assume any other kernel that has the feature don't have this problem */
++  return 1;
++#endif
++}
++#endif
++
+ int
+ vsf_sysutil_fork_isolate_all_failok()
+ {
+ #ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
+-  static int cloneflags_work = 1;
++  static int cloneflags_work = -1;
++  if (cloneflags_work < 0)
++  {
++    cloneflags_work = vsf_sysutil_netns_cleanup_is_fast();
++  }
+   if (cloneflags_work)
+   {
+     int ret = syscall(__NR_clone,
+@@ -1309,7 +1339,11 @@ int
+ vsf_sysutil_fork_newnet()
+ {
+ #ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
+-  static int cloneflags_work = 1;
++  static int cloneflags_work = -1;
++  if (cloneflags_work < 0)
++  {
++    cloneflags_work = vsf_sysutil_netns_cleanup_is_fast();
++  }
+   if (cloneflags_work)
+   {
+     int ret = syscall(__NR_clone, CLONE_NEWNET | SIGCHLD, NULL);
diff -Naur empty/vsftpd/vsftpd.conf vsftpd/vsftpd/vsftpd.conf
--- empty/vsftpd/vsftpd.conf	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd/vsftpd.conf	2011-01-20 19:03:00.234171002 +0100
@@ -0,0 +1,105 @@ 
+# Opendreambox /etc/vsftpd.conf
+#
+# Please see vsftpd.conf.5 for all compiled in defaults.
+#
+# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
+# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
+# capabilities.
+#
+# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+anonymous_enable=NO
+#
+# Uncomment this to allow local users to log in.
+local_enable=YES
+#
+# Uncomment this to enable any form of FTP write command.
+write_enable=YES
+#
+# Default umask for local users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+#local_umask=022
+#
+# Uncomment this to allow the anonymous FTP user to upload files. This only
+# has an effect if the above global write enable is activated. Also, you will
+# obviously need to create a directory writable by the FTP user.
+#anon_upload_enable=YES
+#
+# Uncomment this if you want the anonymous FTP user to be able to create
+# new directories.
+#anon_mkdir_write_enable=YES
+#
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+dirmessage_enable=YES
+#
+# Activate logging of uploads/downloads.
+#xferlog_enable=YES
+#
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+connect_from_port_20=YES
+#
+# If you want, you can arrange for uploaded anonymous files to be owned by
+# a different user. Note! Using "root" for uploaded files is not
+# recommended!
+#chown_uploads=YES
+#chown_username=whoever
+#
+# You may override where the log file goes if you like. The default is shown
+# below.
+#xferlog_file=/var/log/vsftpd.log
+#
+# If you want, you can have your log file in standard ftpd xferlog format
+#xferlog_std_format=YES
+#
+# You may change the default value for timing out an idle session.
+#idle_session_timeout=600
+#
+# You may change the default value for timing out a data connection.
+#data_connection_timeout=120
+#
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+#nopriv_user=ftpsecure
+#
+# Enable this and the server will recognise asynchronous ABOR requests. Not
+# recommended for security (the code is non-trivial). Not enabling it,
+# however, may confuse older FTP clients.
+async_abor_enable=YES
+#
+# By default the server will pretend to allow ASCII mode but in fact ignore
+# the request. Turn on the below options to have the server actually do ASCII
+# mangling on files when in ASCII mode.
+# Beware that turning on ascii_download_enable enables malicious remote parties
+# to consume your I/O resources, by issuing the command "SIZE /big/file" in
+# ASCII mode.
+# These ASCII options are split into upload and download because you may wish
+# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
+# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
+# on the client anyway..
+#ascii_upload_enable=YES
+#ascii_download_enable=YES
+#
+# You may fully customise the login banner string:
+ftpd_banner=Welcome to the OpenDreambox FTP service.
+#
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#deny_email_enable=YES
+# (default follows)
+#banned_email_file=/etc/vsftpd.banned_emails
+#
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#chroot_list_enable=YES
+# (default follows)
+#chroot_list_file=/etc/vsftpd.chroot_list
+#
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+ls_recurse_enable=YES
+#
+secure_chroot_dir=/dev/shm
+local_root=/
diff -Naur empty/vsftpd/vsftpd.xinetd.in vsftpd/vsftpd/vsftpd.xinetd.in
--- empty/vsftpd/vsftpd.xinetd.in	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd/vsftpd.xinetd.in	2012-02-17 15:39:22.120206970 +0100
@@ -0,0 +1,7 @@ 
+service ftp
+{
+	socket_type = stream
+	user = root
+	server = @SBINDIR@/vsftpd
+	wait = no
+}
diff -Naur empty/vsftpd_2.3.5.bb vsftpd/vsftpd_2.3.5.bb
--- empty/vsftpd_2.3.5.bb	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd/vsftpd_2.3.5.bb	2012-02-17 15:41:49.472207488 +0100
@@ -0,0 +1,95 @@ 
+DESCRIPTION = "lightweight, efficient FTP server written for security"
+HOMEPAGE = "https://security.appspot.com/vsftpd.html"
+SECTION = "console/network"
+LICENSE = "GPL-2.0-with-OpenSSL-exception"
+LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271"
+DEPENDS = "libcap openssl"
+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+
+SRC_URI = " \
+        https://security.appspot.com/downloads/${BP}.tar.gz \
+        file://vsftpd.xinetd.in \
+        file://01-builddefs.patch \
+        file://02-config.patch \
+        file://03-db-doc.patch \
+        file://04-link-local.patch \
+        file://05-whitespaces.patch \
+        file://06-greedy.patch \
+        file://07-utf8.patch \
+        file://08-manpage.patch \
+        file://09-s390.patch \
+        file://10-remote-dos.patch \
+"
+SRC_URI[md5sum] = "01398a5bef8e85b6cf2c213a4b011eca"
+SRC_URI[sha256sum] = "d87ee2987df8f03e1dbe294905f7907b2798deb89c67ca965f6e2f60879e54f1"
+
+S = "${WORKDIR}/${BP}"
+
+inherit useradd
+
+CFLAGS = "${TARGET_CFLAGS}"
+CFLAGS += "-DVSF_BUILD_SSL=1"
+CFLAGS += "${@base_contains('DISTRO_FEATURES', 'pam', '-DVSF_BUILD_PAM=1', '', d)}"
+
+LIBS = "-lcap -lcrypt -lssl -lcrypto"
+LIBS += "${@base_contains('DISTRO_FEATURES', 'pam', '-lpam', '', d)}"
+
+LINK = "${TARGET_LDFLAGS}"
+
+SECURE_CHROOT_DIR = "${datadir}/${BPN}/chroot"
+RSA_CERT_FILE = "${sysconfdir}/ssl/private/${BPN}.pem"
+
+do_configure() {
+        rm -f builddefs.h
+        touch builddefs.h
+        set_default() {
+                NAME=$1
+                VALUE=$2
+                sed -e "s,^#\?${NAME}=.*,${NAME}=${VALUE}," -i vsftpd.conf
+        }
+        set_default listen NO
+        set_default listen_ipv6 NO
+        set_default anonymous_enable NO
+        set_default local_enable YES
+        set_default write_enable YES
+        set_default anon_upload_enable NO
+        set_default anon_mkdir_write_enable NO
+        set_default dirmessage_enable NO
+        set_default use_localtime YES
+        set_default xferlog_enable NO
+        set_default connect_from_port_20 YES
+        set_default chown_uploads NO
+        set_default nopriv_user vsftpd
+        set_default async_abor_enable YES
+        set_default ascii_upload_enable NO
+        set_default ascii_download_enable NO
+        set_default ftpd_banner "Welcome to the ${DISTRO_NAME} FTP service!"
+        set_default chroot_local_user NO
+        set_default chroot_list_enable NO
+        set_default ls_recurse_enable YES
+        set_default secure_chroot_dir "${SECURE_CHROOT_DIR}"
+        set_default rsa_cert_file "${RSA_CERT_FILE}"
+
+	sed -e 's,@SBINDIR@,${sbindir},' ${WORKDIR}/vsftpd.xinetd.in > vsftpd.xinetd
+}
+do_compile() {
+        oe_runmake 'CFLAGS=${CFLAGS}' 'LIBS=${LIBS}' 'LINK=${LINK}'
+}
+do_install() {
+        install -d ${D}${sysconfdir}
+        install -m 644 vsftpd.conf ${D}${sysconfdir}
+        install -d ${D}${sbindir}
+        install -m 755 vsftpd ${D}${sbindir}/vsftpd
+        install -d ${D}${mandir}/man8
+        install -m 644 vsftpd.8 ${D}${mandir}/man8/vsftpd.8
+        install -d ${D}${mandir}/man5
+        install -m 644 vsftpd.conf.5 ${D}${mandir}/man5/vsftpd.conf.5
+        install -d ${D}${sysconfdir}/xinetd.d
+        install -m 644 vsftpd.xinetd ${D}${sysconfdir}/xinetd.d/vsftpd
+        install -d ${D}${SECURE_CHROOT_DIR}
+}
+
+RDEPENDS_${PN} = "xinetd"
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--home-dir ${SECURE_CHROOT_DIR} --no-create-home --system --shell /bin/false --user-group vsftpd"