1 diff -Nru vsftpd-3.0.3.orig/Makefile vsftpd-3.0.3/Makefile
2 --- vsftpd-3.0.3.orig/Makefile 2015-07-25 10:46:48.976048527 +0200
3 +++ vsftpd-3.0.3/Makefile 2015-07-25 10:47:10.025301281 +0200
4 @@ -3,7 +3,7 @@
5 INSTALL = install
6 IFLAGS = -idirafter dummyinc
7 #CFLAGS = -g
8 -CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \
9 +CFLAGS += -fPIE -fstack-protector --param=ssp-buffer-size=4 \
10 -Wall -W -Wshadow -Werror -Wformat-security \
11 -D_FORTIFY_SOURCE=2 \
12 #-pedantic -Wconversion
13 @@ -29,21 +29,10 @@
14 $(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS)
15
16 install:
17 - if [ -x /usr/local/sbin ]; then \
18 - $(INSTALL) -m 755 vsftpd /usr/local/sbin/vsftpd; \
19 - else \
20 - $(INSTALL) -m 755 vsftpd /usr/sbin/vsftpd; fi
21 - if [ -x /usr/local/man ]; then \
22 - $(INSTALL) -m 644 vsftpd.8 /usr/local/man/man8/vsftpd.8; \
23 - $(INSTALL) -m 644 vsftpd.conf.5 /usr/local/man/man5/vsftpd.conf.5; \
24 - elif [ -x /usr/share/man ]; then \
25 - $(INSTALL) -m 644 vsftpd.8 /usr/share/man/man8/vsftpd.8; \
26 - $(INSTALL) -m 644 vsftpd.conf.5 /usr/share/man/man5/vsftpd.conf.5; \
27 - else \
28 - $(INSTALL) -m 644 vsftpd.8 /usr/man/man8/vsftpd.8; \
29 - $(INSTALL) -m 644 vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5; fi
30 - if [ -x /etc/xinetd.d ]; then \
31 - $(INSTALL) -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi
32 + $(INSTALL) -D -m 755 vsftpd $(DESTDIR)/usr/sbin/vsftpd
33 + $(INSTALL) -D -m 644 vsftpd.8 $(DESTDIR)/usr/share/man/man8/vsftpd.8
34 + $(INSTALL) -D -m 644 vsftpd.conf.5 $(DESTDIR)/usr/share/man/man5/vsftpd.conf.5
35 + $(INSTALL) -D -m 600 vsftpd.conf $(DESTDIR)/etc/vsftpd.conf
36
37 clean:
38 rm -f *.o *.swp vsftpd
39 diff -Nru vsftpd-3.0.3.orig/builddefs.h vsftpd-3.0.3/builddefs.h
40 --- vsftpd-3.0.3.orig/builddefs.h 2015-07-25 10:46:48.976048527 +0200
41 +++ vsftpd-3.0.3/builddefs.h 2015-07-25 10:51:14.686615834 +0200
42 @@ -2,8 +2,8 @@
43 #define VSF_BUILDDEFS_H
44
45 #undef VSF_BUILD_TCPWRAPPERS
46 -#define VSF_BUILD_PAM
47 -#undef VSF_BUILD_SSL
48 +#undef VSF_BUILD_PAM
49 +#define VSF_BUILD_SSL
50
51 #endif /* VSF_BUILDDEFS_H */
52
53 diff -Nru vsftpd-3.0.3.orig/tunables.c vsftpd-3.0.3/tunables.c
54 --- vsftpd-3.0.3.orig/tunables.c 2015-07-25 10:46:48.976048527 +0200
55 +++ vsftpd-3.0.3/tunables.c 2015-07-25 10:48:46.175221304 +0200
56 @@ -254,7 +254,7 @@
57 /* -rw------- */
58 tunable_chown_upload_mode = 0600;
59
60 - install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
61 + install_str_setting("/var/empty", &tunable_secure_chroot_dir);
62 install_str_setting("ftp", &tunable_ftp_username);
63 install_str_setting("root", &tunable_chown_username);
64 install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
65 @@ -281,11 +281,10 @@
66 install_str_setting(0, &tunable_user_sub_token);
67 install_str_setting("/etc/vsftpd.email_passwords",
68 &tunable_email_password_file);
69 - install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
70 - &tunable_rsa_cert_file);
71 + install_str_setting("/etc/ssl/certs/vsftpd.crt", &tunable_rsa_cert_file);
72 install_str_setting(0, &tunable_dsa_cert_file);
73 install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers);
74 - install_str_setting(0, &tunable_rsa_private_key_file);
75 + install_str_setting("/etc/ssl/keys/vsftpd.key", &tunable_rsa_private_key_file);
76 install_str_setting(0, &tunable_dsa_private_key_file);
77 install_str_setting(0, &tunable_ca_certs_file);
78 }
79 diff -Nru vsftpd-3.0.3.orig/vsftpd.conf vsftpd-3.0.3/vsftpd.conf
80 --- vsftpd-3.0.3.orig/vsftpd.conf 2015-07-25 10:46:48.976048527 +0200
81 +++ vsftpd-3.0.3/vsftpd.conf 2015-07-25 10:50:10.758885261 +0200
82 @@ -8,11 +8,18 @@
83 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
84 # capabilities.
85 #
86 +#
87 +# Enable SSL support
88 +#ssl_enable=YES
89 +#ssl_sslv3=YES
90 +#
91 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
92 anonymous_enable=YES
93 #
94 # Uncomment this to allow local users to log in.
95 #local_enable=YES
96 +#force_local_logins_ssl=YES
97 +#force_local_data_ssl=YES
98 #
99 # Uncomment this to enable any form of FTP write command.
100 #write_enable=YES
101 @@ -110,6 +117,7 @@
102 # listens on IPv4 sockets. This directive cannot be used in conjunction
103 # with the listen_ipv6 directive.
104 listen=YES
105 +background=YES
106 #
107 # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
108 # sockets, you must run two copies of vsftpd with two configuration files.
109 diff -Nru vsftpd-3.0.3.orig/vsftpd.conf.5 vsftpd-3.0.3/vsftpd.conf.5
110 --- vsftpd-3.0.3.orig/vsftpd.conf.5 2015-07-25 10:46:48.976048527 +0200
111 +++ vsftpd-3.0.3/vsftpd.conf.5 2015-07-25 10:47:10.025301281 +0200
112 @@ -955,21 +955,21 @@
113 This option specifies the location of the RSA certificate to use for SSL
114 encrypted connections.
115
116 -Default: /usr/share/ssl/certs/vsftpd.pem
117 +Default: /etc/ssl/certs/vsftpd.crt
118 .TP
119 .B rsa_private_key_file
120 This option specifies the location of the RSA private key to use for SSL
121 encrypted connections. If this option is not set, the private key is expected
122 to be in the same file as the certificate.
123
124 -Default: (none)
125 +Default: /etc/ssl/keys/vsftpd.key
126 .TP
127 .B secure_chroot_dir
128 This option should be the name of a directory which is empty. Also, the
129 directory should not be writable by the ftp user. This directory is used
130 as a secure chroot() jail at times vsftpd does not require filesystem access.
131
132 -Default: /usr/share/empty
133 +Default: /var/empty
134 .TP
135 .B ssl_ciphers
136 This option can be used to select which SSL ciphers vsftpd will allow for
|
