ASR_BASE
Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1
diff --git a/external/subpack/net/vsftpd/patches/001-destdir.patch b/external/subpack/net/vsftpd/patches/001-destdir.patch
new file mode 100644
index 0000000..b0274ac
--- /dev/null
+++ b/external/subpack/net/vsftpd/patches/001-destdir.patch
@@ -0,0 +1,47 @@
+--- a/Makefile
++++ b/Makefile
+@@ -22,6 +22,8 @@ OBJS = main.o utility.o prelogin.o ftpcm
+ seccompsandbox.o
+
+
++DESTDIR =
++
+ .c.o:
+ $(CC) -c $*.c $(CFLAGS) $(IFLAGS)
+
+@@ -29,21 +31,20 @@ vsftpd: $(OBJS)
+ $(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS)
+
+ install:
+- if [ -x /usr/local/sbin ]; then \
+- $(INSTALL) -m 755 vsftpd /usr/local/sbin/vsftpd; \
+- else \
+- $(INSTALL) -m 755 vsftpd /usr/sbin/vsftpd; fi
+- if [ -x /usr/local/man ]; then \
+- $(INSTALL) -m 644 vsftpd.8 /usr/local/man/man8/vsftpd.8; \
+- $(INSTALL) -m 644 vsftpd.conf.5 /usr/local/man/man5/vsftpd.conf.5; \
+- elif [ -x /usr/share/man ]; then \
+- $(INSTALL) -m 644 vsftpd.8 /usr/share/man/man8/vsftpd.8; \
+- $(INSTALL) -m 644 vsftpd.conf.5 /usr/share/man/man5/vsftpd.conf.5; \
+- else \
+- $(INSTALL) -m 644 vsftpd.8 /usr/man/man8/vsftpd.8; \
+- $(INSTALL) -m 644 vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5; fi
+- if [ -x /etc/xinetd.d ]; then \
+- $(INSTALL) -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi
++ mkdir -p $(DESTDIR)/usr/sbin
++ $(INSTALL) -m 755 vsftpd $(DESTDIR)/usr/sbin/
++ mkdir -p $(DESTDIR)/usr/share/man/man8
++ $(INSTALL) -m 644 vsftpd.8 $(DESTDIR)/usr/share/man/man8/
++ mkdir -p $(DESTDIR)/usr/share/man/man5
++ $(INSTALL) -m 644 vsftpd.conf.5 $(DESTDIR)/usr/share/man/man5/
++ mkdir -p $(DESTDIR)/etc/xinetd.d
++ $(INSTALL) -m 644 xinetd.d/vsftpd $(DESTDIR)/etc/xinetd.d/
++
++uninstall:
++ rm -f $(DESTDIR)/usr/sbin/vsftpd
++ rm -f $(DESTDIR)/usr/share/man/man8/vsftpd.8
++ rm -f $(DESTDIR)/usr/share/man/man5/vsftpd.conf.5
++ rm -f $(DESTDIR)/etc/xinetd.d/vsftpd
+
+ clean:
+ rm -f *.o *.swp vsftpd
diff --git a/external/subpack/net/vsftpd/patches/002-find_libs.patch b/external/subpack/net/vsftpd/patches/002-find_libs.patch
new file mode 100644
index 0000000..daf83ef
--- /dev/null
+++ b/external/subpack/net/vsftpd/patches/002-find_libs.patch
@@ -0,0 +1,13 @@
+--- a/Makefile
++++ b/Makefile
+@@ -8,8 +8,8 @@ CFLAGS = -O2 -fPIE -fstack-protector --p
+ -D_FORTIFY_SOURCE=2 \
+ #-pedantic -Wconversion
+
+-LIBS = `./vsf_findlibs.sh`
+-LINK = -Wl,-s
++LIBS = -lcrypt -lnsl
++LINK =
+ LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now
+
+ OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \
diff --git a/external/subpack/net/vsftpd/patches/003-chroot.patch b/external/subpack/net/vsftpd/patches/003-chroot.patch
new file mode 100644
index 0000000..8965da4
--- /dev/null
+++ b/external/subpack/net/vsftpd/patches/003-chroot.patch
@@ -0,0 +1,11 @@
+--- a/tunables.c
++++ b/tunables.c
+@@ -254,7 +254,7 @@ tunables_load_defaults()
+ /* -rw------- */
+ tunable_chown_upload_mode = 0600;
+
+- install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
++ install_str_setting("/var/run/vsftpd", &tunable_secure_chroot_dir);
+ install_str_setting("ftp", &tunable_ftp_username);
+ install_str_setting("root", &tunable_chown_username);
+ install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
diff --git a/external/subpack/net/vsftpd/patches/004-disable-capabilities.patch b/external/subpack/net/vsftpd/patches/004-disable-capabilities.patch
new file mode 100644
index 0000000..7aa6330
--- /dev/null
+++ b/external/subpack/net/vsftpd/patches/004-disable-capabilities.patch
@@ -0,0 +1,12 @@
+--- a/sysdeputil.c
++++ b/sysdeputil.c
+@@ -165,6 +165,9 @@
+ #endif
+ /* END config */
+
++#undef VSF_SYSDEP_HAVE_CAPABILITIES
++#undef VSF_SYSDEP_HAVE_LIBCAP
++
+ /* PAM support - we include our own dummy version if the system lacks this */
+ #include <security/pam_appl.h>
+
diff --git a/external/subpack/net/vsftpd/patches/005-disable-pam.patch b/external/subpack/net/vsftpd/patches/005-disable-pam.patch
new file mode 100644
index 0000000..ebb7244
--- /dev/null
+++ b/external/subpack/net/vsftpd/patches/005-disable-pam.patch
@@ -0,0 +1,11 @@
+--- a/builddefs.h
++++ b/builddefs.h
+@@ -2,7 +2,7 @@
+ #define VSF_BUILDDEFS_H
+
+ #undef VSF_BUILD_TCPWRAPPERS
+-#define VSF_BUILD_PAM
++#undef VSF_BUILD_PAM
+ #undef VSF_BUILD_SSL
+
+ #endif /* VSF_BUILDDEFS_H */
diff --git a/external/subpack/net/vsftpd/patches/006-musl-compatibility.patch b/external/subpack/net/vsftpd/patches/006-musl-compatibility.patch
new file mode 100644
index 0000000..9eefec7
--- /dev/null
+++ b/external/subpack/net/vsftpd/patches/006-musl-compatibility.patch
@@ -0,0 +1,13 @@
+--- a/sysdeputil.c
++++ b/sysdeputil.c
+@@ -58,7 +58,9 @@
+ #define VSF_SYSDEP_HAVE_SHADOW
+ #define VSF_SYSDEP_HAVE_USERSHELL
+ #define VSF_SYSDEP_HAVE_LIBCAP
+-#define VSF_SYSDEP_HAVE_UTMPX
++#if defined(__GLIBC__) || defined(__UCLIBC__)
++ #define VSF_SYSDEP_HAVE_UTMPX
++#endif
+
+ #define __USE_GNU
+ #include <utmpx.h>
diff --git a/external/subpack/net/vsftpd/patches/007-CVE-2015-1419.patch b/external/subpack/net/vsftpd/patches/007-CVE-2015-1419.patch
new file mode 100644
index 0000000..173027a
--- /dev/null
+++ b/external/subpack/net/vsftpd/patches/007-CVE-2015-1419.patch
@@ -0,0 +1,98 @@
+Description: CVE-2015-1419: config option deny_file is not handled correctly
+Author: Marcus Meissner <meissner@suse.com>
+Origin: https://bugzilla.novell.com/show_bug.cgi?id=CVE-2015-1419
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776922
+Last-Update: 2015-02-24
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/ls.c
++++ b/ls.c
+@@ -7,6 +7,7 @@
+ * Would you believe, code to handle directory listing.
+ */
+
++#include <stdlib.h>
+ #include "ls.h"
+ #include "access.h"
+ #include "defs.h"
+@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct
+ struct mystr temp_str = INIT_MYSTR;
+ struct mystr brace_list_str = INIT_MYSTR;
+ struct mystr new_filter_str = INIT_MYSTR;
++ struct mystr normalize_filename_str = INIT_MYSTR;
++ const char *normname;
++ const char *path;
+ int ret = 0;
+ char last_token = 0;
+ int must_match_at_current_pos = 1;
++
+ str_copy(&filter_remain_str, p_filter_str);
+- str_copy(&name_remain_str, p_filename_str);
++
++ /* normalize filepath */
++ path = str_strdup(p_filename_str);
++ normname = realpath(path, NULL);
++ if (normname == NULL)
++ goto out;
++ str_alloc_text(&normalize_filename_str, normname);
++
++ if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) {
++ if (str_get_char_at(p_filter_str, 0) == '/') {
++ if (str_get_char_at(&normalize_filename_str, 0) != '/') {
++ str_getcwd (&name_remain_str);
++
++ if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
++ str_append_char (&name_remain_str, '/');
++
++ str_append_str (&name_remain_str, &normalize_filename_str);
++ }
++ else
++ str_copy (&name_remain_str, &normalize_filename_str);
++ } else {
++ if (str_get_char_at(p_filter_str, 0) != '{')
++ str_basename (&name_remain_str, &normalize_filename_str);
++ else
++ str_copy (&name_remain_str, &normalize_filename_str);
++ }
++ } else
++ str_copy(&name_remain_str, &normalize_filename_str);
+
+ while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
+ {
+@@ -360,6 +392,9 @@ vsf_filename_passes_filter(const struct
+ ret = 0;
+ }
+ out:
++ free(normname);
++ free(path);
++ str_free(&normalize_filename_str);
+ str_free(&filter_remain_str);
+ str_free(&name_remain_str);
+ str_free(&temp_str);
+--- a/str.c
++++ b/str.c
+@@ -711,3 +711,14 @@ str_replace_unprintable(struct mystr* p_
+ }
+ }
+
++void
++str_basename (struct mystr* d_str, const struct mystr* path)
++{
++ static struct mystr tmp;
++
++ str_copy (&tmp, path);
++ str_split_char_reverse(&tmp, d_str, '/');
++
++ if (str_isempty(d_str))
++ str_copy (d_str, path);
++}
+--- a/str.h
++++ b/str.h
+@@ -100,6 +100,7 @@ void str_replace_unprintable(struct myst
+ int str_atoi(const struct mystr* p_str);
+ filesize_t str_a_to_filesize_t(const struct mystr* p_str);
+ unsigned int str_octal_to_uint(const struct mystr* p_str);
++void str_basename (struct mystr* d_str, const struct mystr* path);
+
+ /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
+ * buffer, starting at character position 'p_pos'. The extracted line will
diff --git a/external/subpack/net/vsftpd/patches/010-openssl-deprecated.patch b/external/subpack/net/vsftpd/patches/010-openssl-deprecated.patch
new file mode 100644
index 0000000..0db80b9
--- /dev/null
+++ b/external/subpack/net/vsftpd/patches/010-openssl-deprecated.patch
@@ -0,0 +1,61 @@
+From 0ea55455703eb69d7617968424e4bede59f39b83 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Fri, 23 Nov 2018 18:03:32 -0800
+Subject: [PATCH] ssl: Fix compile without Deprecated APIs and no ECC support
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ ssl.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/ssl.c
++++ b/ssl.c
+@@ -28,6 +28,9 @@
+ #include <openssl/err.h>
+ #include <openssl/rand.h>
+ #include <openssl/bio.h>
++#ifndef OPENSSL_NO_EC
++#include <openssl/ec.h>
++#endif
+ #include <errno.h>
+ #include <limits.h>
+
+@@ -59,8 +62,12 @@ ssl_init(struct vsf_session* p_sess)
+ SSL_CTX* p_ctx;
+ long options;
+ int verify_option = 0;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ SSL_library_init();
+ p_ctx = SSL_CTX_new(SSLv23_server_method());
++#else
++ p_ctx = SSL_CTX_new(TLS_server_method());
++#endif
+ if (p_ctx == NULL)
+ {
+ die("SSL: could not allocate SSL context");
+@@ -120,6 +127,7 @@ ssl_init(struct vsf_session* p_sess)
+ {
+ die("SSL: RNG is not seeded");
+ }
++#ifndef OPENSSL_NO_EC
+ {
+ EC_KEY* key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ if (key == NULL)
+@@ -129,6 +137,7 @@ ssl_init(struct vsf_session* p_sess)
+ SSL_CTX_set_tmp_ecdh(p_ctx, key);
+ EC_KEY_free(key);
+ }
++#endif
+ if (tunable_ssl_request_cert)
+ {
+ verify_option |= SSL_VERIFY_PEER;
+@@ -660,7 +669,9 @@ ssl_cert_digest(SSL* p_ssl, struct vsf_s
+ static char*
+ get_ssl_error()
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ SSL_load_error_strings();
++#endif
+ return ERR_error_string(ERR_get_error(), NULL);
+ }
+