commit: 08b7452ea7abf8bfc814520d9b93b39e3b8cdc39 Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Fri Feb 7 17:59:06 2020 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Fri Feb 7 17:59:06 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08b7452e
net-ftp/vsftpd: disable seccomp_sandbox by default Closes: https://bugs.gentoo.org/443898 Package-Manager: Portage-2.3.86_p1, Repoman-2.3.20_p43 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> .../files/vsftpd-disable-seccomp-sandbox.patch | 15 ++++++++ ...ftpd-3.0.3-r2.ebuild => vsftpd-3.0.3-r3.ebuild} | 45 ++++++++++++---------- 2 files changed, 40 insertions(+), 20 deletions(-) diff --git a/net-ftp/vsftpd/files/vsftpd-disable-seccomp-sandbox.patch b/net-ftp/vsftpd/files/vsftpd-disable-seccomp-sandbox.patch new file mode 100644 index 00000000000..10266e36a87 --- /dev/null +++ b/net-ftp/vsftpd/files/vsftpd-disable-seccomp-sandbox.patch @@ -0,0 +1,15 @@ +Disable buggy seccomp sandbox code by default + +Bug: https://bugs.gentoo.org/443898 + +--- a/tunables.c ++++ b/tunables.c +@@ -226,7 +226,7 @@ + tunable_isolate_network = 1; + tunable_ftp_enable = 1; + tunable_http_enable = 0; +- tunable_seccomp_sandbox = 1; ++ tunable_seccomp_sandbox = 0; + tunable_allow_writeable_chroot = 0; + + tunable_accept_timeout = 60; diff --git a/net-ftp/vsftpd/vsftpd-3.0.3-r2.ebuild b/net-ftp/vsftpd/vsftpd-3.0.3-r3.ebuild similarity index 80% rename from net-ftp/vsftpd/vsftpd-3.0.3-r2.ebuild rename to net-ftp/vsftpd/vsftpd-3.0.3-r3.ebuild index 737cd124f08..b5dea09d687 100644 --- a/net-ftp/vsftpd/vsftpd-3.0.3-r2.ebuild +++ b/net-ftp/vsftpd/vsftpd-3.0.3-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="6" @@ -27,17 +27,31 @@ RDEPEND="${DEPEND} xinetd? ( sys-apps/xinetd )" src_prepare() { - # kerberos patch. bug #335980 - epatch "${FILESDIR}/${PN}-2.3.2-kerberos.patch" + local PATCHES=( + # kerberos patch. bug #335980 + "${FILESDIR}/${PN}-2.3.2-kerberos.patch" - # Patch the source, config and the manpage to use /etc/vsftpd/ - epatch "${FILESDIR}/${PN}-2.3.5-gentoo.patch" + # Patch the source, config and the manpage to use /etc/vsftpd/ + "${FILESDIR}/${PN}-2.3.5-gentoo.patch" - # Fix building without the libcap - epatch "${FILESDIR}/${PN}-2.1.0-caps.patch" + # Fix building without the libcap + "${FILESDIR}/${PN}-2.1.0-caps.patch" - # Fix building on alpha. Bug #405829 - epatch "${FILESDIR}/${PN}-3.0.2-alpha.patch" + # Fix building on alpha. Bug #405829 + "${FILESDIR}/${PN}-3.0.2-alpha.patch" + + #Bug #335977 + "${FILESDIR}"/${PN}-3.0.0-Makefile.patch + + #Bug #450536 + "${FILESDIR}"/${PN}-3.0.2-remove-legacy-cap.patch + + #Bug #630704 + "${FILESDIR}"/${PN}-3.0.3-sparc.patch + + # https://bugs.gentoo.org/443898 + "${FILESDIR}"/vsftpd-disable-seccomp-sandbox.patch + ) # Configure vsftpd build defaults use tcpd && echo "#define VSF_BUILD_TCPWRAPPERS" >> builddefs.h @@ -47,22 +61,13 @@ src_prepare() { # Ensure that we don't link against libcap unless asked if ! use caps ; then sed -i '/^#define VSF_SYSDEP_HAVE_LIBCAP$/ d' sysdeputil.c || die - epatch "${FILESDIR}"/${PN}-2.2.0-dont-link-caps.patch + eapply "${FILESDIR}"/${PN}-2.2.0-dont-link-caps.patch fi # Let portage control stripping sed -i '/^LINK[[:space:]]*=[[:space:]]*/ s/-Wl,-s//' Makefile || die - #Bug #335977 - epatch "${FILESDIR}"/${PN}-3.0.0-Makefile.patch - - #Bug #450536 - epatch "${FILESDIR}"/${PN}-3.0.2-remove-legacy-cap.patch - - #Bug #630704 - epatch "${FILESDIR}"/${PN}-3.0.3-sparc.patch - - eapply_user + default } src_compile() {
