1 diff -Nru vsftpd-3.0.0.orig/Makefile vsftpd-3.0.0/Makefile
2 --- vsftpd-3.0.0.orig/Makefile 2012-04-10 09:29:08.529670293 +0200
3 +++ vsftpd-3.0.0/Makefile 2012-04-10 09:38:01.020463369 +0200
4 @@ -3,7 +3,7 @@
5 INSTALL = install
6 IFLAGS = -idirafter dummyinc
7 #CFLAGS = -g
8 -CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \
9 +CFLAGS += -fPIE -fstack-protector --param=ssp-buffer-size=4 \
10 -Wall -W -Wshadow -Werror -Wformat-security \
11 -D_FORTIFY_SOURCE=2 \
12 #-pedantic -Wconversion
13 @@ -29,21 +29,10 @@
14 $(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS)
15
16 install:
17 - if [ -x /usr/local/sbin ]; then \
18 - $(INSTALL) -m 755 vsftpd /usr/local/sbin/vsftpd; \
19 - else \
20 - $(INSTALL) -m 755 vsftpd /usr/sbin/vsftpd; fi
21 - if [ -x /usr/local/man ]; then \
22 - $(INSTALL) -m 644 vsftpd.8 /usr/local/man/man8/vsftpd.8; \
23 - $(INSTALL) -m 644 vsftpd.conf.5 /usr/local/man/man5/vsftpd.conf.5; \
24 - elif [ -x /usr/share/man ]; then \
25 - $(INSTALL) -m 644 vsftpd.8 /usr/share/man/man8/vsftpd.8; \
26 - $(INSTALL) -m 644 vsftpd.conf.5 /usr/share/man/man5/vsftpd.conf.5; \
27 - else \
28 - $(INSTALL) -m 644 vsftpd.8 /usr/man/man8/vsftpd.8; \
29 - $(INSTALL) -m 644 vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5; fi
30 - if [ -x /etc/xinetd.d ]; then \
31 - $(INSTALL) -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi
32 + $(INSTALL) -D -m 755 vsftpd $(DESTDIR)/usr/sbin/vsftpd
33 + $(INSTALL) -D -m 644 vsftpd.8 $(DESTDIR)/usr/man/man8/vsftpd.8
34 + $(INSTALL) -D -m 644 vsftpd.conf.5 $(DESTDIR)/usr/man/man5/vsftpd.conf.5
35 + $(INSTALL) -D -m 600 vsftpd.conf $(DESTDIR)/etc/vsftpd.conf
36
37 clean:
38 rm -f *.o *.swp vsftpd
39 diff -Nru vsftpd-3.0.0.orig/builddefs.h vsftpd-3.0.0/builddefs.h
40 --- vsftpd-3.0.0.orig/builddefs.h 2012-04-10 09:29:08.533003507 +0200
41 +++ vsftpd-3.0.0/builddefs.h 2012-04-10 09:37:33.624784735 +0200
42 @@ -1,9 +1,9 @@
43 #ifndef VSF_BUILDDEFS_H
44 #define VSF_BUILDDEFS_H
45
46 -#undef VSF_BUILD_TCPWRAPPERS
47 -#define VSF_BUILD_PAM
48 -#undef VSF_BUILD_SSL
49 +#define VSF_BUILD_TCPWRAPPERS
50 +#undef VSF_BUILD_PAM
51 +#define VSF_BUILD_SSL
52
53 #endif /* VSF_BUILDDEFS_H */
54
55 diff -Nru vsftpd-3.0.0.orig/tunables.c vsftpd-3.0.0/tunables.c
56 --- vsftpd-3.0.0.orig/tunables.c 2012-04-10 09:29:08.529670293 +0200
57 +++ vsftpd-3.0.0/tunables.c 2012-04-10 09:39:55.196345553 +0200
58 @@ -254,7 +254,7 @@
59 /* -rw------- */
60 tunable_chown_upload_mode = 0600;
61
62 - install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
63 + install_str_setting("/var/empty", &tunable_secure_chroot_dir);
64 install_str_setting("ftp", &tunable_ftp_username);
65 install_str_setting("root", &tunable_chown_username);
66 install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
67 @@ -281,11 +281,11 @@
68 install_str_setting(0, &tunable_user_sub_token);
69 install_str_setting("/etc/vsftpd.email_passwords",
70 &tunable_email_password_file);
71 - install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
72 + install_str_setting("/etc/ssl/certs/vsftpd.crt",
73 &tunable_rsa_cert_file);
74 install_str_setting(0, &tunable_dsa_cert_file);
75 install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers);
76 - install_str_setting(0, &tunable_rsa_private_key_file);
77 + install_str_setting("/etc/ssl/keys/vsftpd.key", &tunable_rsa_private_key_file);
78 install_str_setting(0, &tunable_dsa_private_key_file);
79 install_str_setting(0, &tunable_ca_certs_file);
80 }
81 diff -Nru vsftpd-3.0.0.orig/vsftpd.conf vsftpd-3.0.0/vsftpd.conf
82 --- vsftpd-3.0.0.orig/vsftpd.conf 2012-04-10 09:29:08.529670293 +0200
83 +++ vsftpd-3.0.0/vsftpd.conf 2012-04-10 09:37:33.624784735 +0200
84 @@ -8,11 +8,21 @@
85 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
86 # capabilities.
87 #
88 +#
89 +# Use tcp_wrappers library
90 +tcp_wrappers=YES
91 +#
92 +# Enable SSL support
93 +#ssl_enable=YES
94 +#ssl_sslv3=YES
95 +#
96 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
97 anonymous_enable=YES
98 #
99 # Uncomment this to allow local users to log in.
100 #local_enable=YES
101 +#force_local_logins_ssl=YES
102 +#force_local_data_ssl=YES
103 #
104 # Uncomment this to enable any form of FTP write command.
105 #write_enable=YES
106 @@ -110,6 +120,7 @@
107 # listens on IPv4 sockets. This directive cannot be used in conjunction
108 # with the listen_ipv6 directive.
109 listen=YES
110 +background=YES
111 #
112 # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
113 # sockets, you must run two copies of vsftpd with two configuration files.
114 diff -Nru vsftpd-3.0.0.orig/vsftpd.conf.5 vsftpd-3.0.0/vsftpd.conf.5
115 --- vsftpd-3.0.0.orig/vsftpd.conf.5 2012-04-10 09:29:08.533003507 +0200
116 +++ vsftpd-3.0.0/vsftpd.conf.5 2012-04-10 09:37:33.624784735 +0200
117 @@ -955,21 +955,21 @@
118 This option specifies the location of the RSA certificate to use for SSL
119 encrypted connections.
120
121 -Default: /usr/share/ssl/certs/vsftpd.pem
122 +Default: /etc/ssl/certs/vsftpd.crt
123 .TP
124 .B rsa_private_key_file
125 This option specifies the location of the RSA private key to use for SSL
126 encrypted connections. If this option is not set, the private key is expected
127 to be in the same file as the certificate.
128
129 -Default: (none)
130 +Default: /etc/ssl/keys/vsftpd.key
131 .TP
132 .B secure_chroot_dir
133 This option should be the name of a directory which is empty. Also, the
134 directory should not be writable by the ftp user. This directory is used
135 as a secure chroot() jail at times vsftpd does not require filesystem access.
136
137 -Default: /usr/share/empty
138 +Default: /var/empty
139 .TP
140 .B ssl_ciphers
141 This option can be used to select which SSL ciphers vsftpd will allow for
|
