Received: by mail.netbsd.org (Postfix, from userid 605) id 2A35F84E61; Fri, 9 Feb 2018 16:46:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id A8DDF84E60 for ; Fri, 9 Feb 2018 16:46:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id lFsQIeaUtYmR for ; Fri, 9 Feb 2018 16:46:42 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id C4C2184E54 for ; Fri, 9 Feb 2018 16:46:42 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id BBC76FB40; Fri, 9 Feb 2018 16:46:42 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_151819480234740" MIME-Version: 1.0 Date: Fri, 9 Feb 2018 16:46:42 +0000 From: =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= Subject: CVS commit: pkgsrc/net/vsftpd To: pkgsrc-changes@NetBSD.org Reply-To: triaxx@netbsd.org X-Mailer: log_accum Message-Id: <20180209164642.BBC76FB40@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_151819480234740 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Module Name: pkgsrc Committed By: triaxx Date: Fri Feb 9 16:46:42 UTC 2018 Modified Files: pkgsrc/net/vsftpd: Makefile distinfo pkgsrc/net/vsftpd/patches: patch-aa patch-ac patch-ad patch-ae patch-af Log Message: vsftpd: updated to 3.0.3 v2.3.5 ====== - Try and force glibc to cache zoneinfo files in an attempt to work around glibc parsing vulnerability. Thanks to Kingcope. - Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke . - Some simple fixes and cleanups from Thorsten Brehm . - Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to steve willing . - Handle connect() failures properly. Thanks to Takayuki Nagata . - Add stronger checks for the configuration error of running with a writeable root directory inside a chroot(). This may bite people who carelessly turned on chroot_local_user but such is life. v3.0.0 ====== - Update vsf_findlibs.sh to work on Ubuntu 11.10+ - Make listen mode the default. - Add -Werror to build flags. - Fix missing "const" in ssl.c - Add seccompsandbox.c to support a seccomp filter sandbox; works against Ubuntu 12.04 ABI. - Rearrange ftppolicy.c a bit so the syscall list is easily comparable with seccompsandbox.c - Rename deprecated "sandbox" to "ptrace_sandbox". - Add a few more state checks to the privileged helper processes. - Add tunable "seccomp_sandbox", default on. - Use hardened build flags. Distros of course override these and provide their own build flags but no harm in showing how it could be done. - Retry creating a PASV socket upon port reuse race between bind() and listen(), patch from Ralph Wuerthner . - Don't die() if recv() indicates a closed remote connection. Problem report on a Windows client from Herbert van den Bergh, . - Add new config setting "allow_writeable_chroot" to help people in a bit of a spot with the v2.3.5 defensive change. Only applies to non-anonymous. - Remove a couple of fixed things from BUGS. - strlen() trunction fix -- no particular impact. - Apply some tidyups from mmoufid@yorku.ca. (vsftpd-3.0.0-pre1) - Fix delete_failed_uploads if there is a timeout. Report from Alejandro Hernández Hdez . - Fix other data channel bugs such as failure to log failure upon timeout. - Use exit codes a bit more consistently. - Fix bad interaction between SSL and trans_chunk_size. - Redo data timeout to fire properly for SSL sessions. - Redo idle timeout to fire properly for SSL sessions. - Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing. - Use 10 minutes as a max linger time just in case an alarm gets lost. (vsftpd-3.0.0-pre2) - Change PR_SET_NO_NEW_PRIVS define, from Kees Cook. - Add AES128-SHA to default SSL cipher suites for FileZilla compatibility. Unfortunately the default vsftpd SSL confiuration still doesn't fully work with FileZilla, because FileZilla has a data connection security problem: no client certificate presentation and no session reuse. At least the error message is now very clear. - Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst a data transfer is in progress. - Fix delete_failed_uploads for anonymous sessions. - Don't listen for urgent data if the control connection is SSL, due to possible protocol synchronization issues. v3.0.1 ====== - Fix some seccomp related build errors on certain CentOS and Debian versions. - Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort() opens and maps /proc/meminfo but only for larger item counts? - Seccomp filter sandbox: deny socket() gracefully for text_userdb_names. - Fix various NULL crashes with nonsensical config settings. Noted by Tianyin Xu . - Force cast to unsigned char in is* char functions. - Fix harmless integer issues in strlist.c. - Started on a (possibly ill-advised?) crusade to compile cleanly with Wconversion. Decided to suspend the effort half-way through. v3.0.2 ====== - One more seccomp policy fix: mremap (denied). - Support STOU with no filename, uses a STOU. prefix. v3.0.3 ====== - Increase VSFTP_AS_LIMIT to 200MB; various reports. - Make the PWD response more RFC compliant; report from Barry Kelly . - Remove the trailing period from EPSV response to work around BT Internet issues; report from Tim Bishop . - Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil . At least, syslogging seems to work on my Fedora now. - Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I probably have a different distro / libc / etc. and there are multiple reports. - Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle this case gracefully. Report from Vasily Averin . - List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. - Make some compile-time SSL defaults (such as correct client shutdown handling) stricter. - Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms delays. From Tim Kosse . - Kill the FTP session if we see HTTP protocol commands, to avoid cross-protocol attacks. A report from Jann Horn . - Kill the FTP session if we see session re-use failure. A report from Tim Kosse . (vsftpd-3.0.3pre1) - Enable ECDHE, Tim Kosse . - Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384. - Minor SSL logging improvements. - Un-default tunable_strict_ssl_write_shutdown again. We still have tunable_strict_ssl_read_eof defaulted now, which is the important one to prove upload integrity. (vsftpd-3.0.3pre2) To generate a diff of this commit: cvs rdiff -u -r1.43 -r1.44 pkgsrc/net/vsftpd/Makefile cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/vsftpd/distinfo cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/vsftpd/patches/patch-aa \ pkgsrc/net/vsftpd/patches/patch-ad pkgsrc/net/vsftpd/patches/patch-ae cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/vsftpd/patches/patch-ac cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/vsftpd/patches/patch-af Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_151819480234740 Content-Disposition: inline Content-Length: 14852 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/net/vsftpd/Makefile diff -u pkgsrc/net/vsftpd/Makefile:1.43 pkgsrc/net/vsftpd/Makefile:1.44 --- pkgsrc/net/vsftpd/Makefile:1.43 Tue Apr 12 08:07:50 2016 +++ pkgsrc/net/vsftpd/Makefile Fri Feb 9 16:46:42 2018 @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.43 2016/04/12 08:07:50 wiz Exp $ +# $NetBSD: Makefile,v 1.44 2018/02/09 16:46:42 triaxx Exp $ -DISTNAME= vsftpd-2.3.4 -PKGREVISION= 5 +DISTNAME= vsftpd-3.0.3 CATEGORIES= net MASTER_SITES= http://security.appspot.com/downloads/ @@ -32,6 +31,7 @@ INSTALLATION_DIRS= libexec ${PKGMANDIR}/ SUBST_CLASSES+= paths SUBST_FILES.paths= vsftpd.8 vsftpd.conf.5 vsftpd.conf SUBST_SED.paths+= -e 's,@PKG_SYSCONFDIR@,${PKG_SYSCONFDIR},g' +SUBST_SED.paths+= -e 's,@VARBASE@,${VARBASE},g' SUBST_STAGE.paths= post-patch MAKE_ENV+= LIBS=${LIBS:Q} @@ -44,6 +44,13 @@ SUBST_STAGE.dirfd= pre-build SUBST_FILES.dirfd= port/solaris_bogons.h SUBST_SED.dirfd= -e '/dirfd_extras/d' .endif +.if ${OPSYS} == "FreeBSD" +SUBST_CLASSES+= idirafter +SUBST_MESSAGE.idirafter=Fix buggy -idirafter for clang +SUBST_STAGE.idirafter= pre-build +SUBST_FILES.idirafter= Makefile +SUBST_SED.idirafter= -e 's,-idirafter ,-I,' +.endif VSFTPD_USER?= vsftpd VSFTPD_GROUP?= vsftpd @@ -53,7 +60,7 @@ PKG_USERS= ${VSFTPD_USER}:${VSFTPD_GROUP PKG_GROUPS_VARS+= VSFTPD_GROUP PKG_USERS_VARS+= VSFTPD_USER -CFLAGS+= -DPKG_SYSCONFDIR="\"${PKG_SYSCONFDIR}\"" +CFLAGS+= -DPKG_SYSCONFDIR="\"${PKG_SYSCONFDIR}\"" -DVARBASE="\"${VARBASE}\"" LIBS.SunOS= -lsocket -lnsl -lrt -lsendfile -lresolv .include "options.mk" Index: pkgsrc/net/vsftpd/distinfo diff -u pkgsrc/net/vsftpd/distinfo:1.15 pkgsrc/net/vsftpd/distinfo:1.16 --- pkgsrc/net/vsftpd/distinfo:1.15 Wed Nov 4 00:35:44 2015 +++ pkgsrc/net/vsftpd/distinfo Fri Feb 9 16:46:42 2018 @@ -1,13 +1,13 @@ -$NetBSD: distinfo,v 1.15 2015/11/04 00:35:44 agc Exp $ +$NetBSD: distinfo,v 1.16 2018/02/09 16:46:42 triaxx Exp $ -SHA1 (vsftpd-2.3.4.tar.gz) = b774cc6b4c50e20f4fe9ca7f6aa74169ce7fe5ea -RMD160 (vsftpd-2.3.4.tar.gz) = 4097b495b5b03833e18b1639931939c3176e498b -SHA512 (vsftpd-2.3.4.tar.gz) = 031e7b93d8acde62595f005ec1329b0404a61b42bfada041417085da02e5d84474c1dc6a7766a52249261a221a96c3840db28c7bf3756f5beb9f6e804735a979 -Size (vsftpd-2.3.4.tar.gz) = 187043 bytes -SHA1 (patch-aa) = ed5c8834137c28c63cf12505969e0500985d5909 +SHA1 (vsftpd-3.0.3.tar.gz) = d5f5a180dbecd0fbcdc92bf0ba2fc001c962b55a +RMD160 (vsftpd-3.0.3.tar.gz) = 0f0fd063661950bd466a818daae51cba3073e3cd +SHA512 (vsftpd-3.0.3.tar.gz) = 5a4410a88e72ecf6f60a60a89771bcec300c9f63c2ea83b219bdf65fd9749b9853f9579f7257205b55659aefcd5dab243eba878dbbd4f0ff8532dd6e60884df7 +Size (vsftpd-3.0.3.tar.gz) = 196649 bytes +SHA1 (patch-aa) = 57fdc476df4b7ada021c7fd6e8bad6db2b2e0c48 SHA1 (patch-ab) = df9252f99d06a4742713c36ce6bff8908da171f7 -SHA1 (patch-ac) = 2dcfae2eb16b2053f07eb3ee8f6d4af4b30d9799 -SHA1 (patch-ad) = 8b09a8fbc84f51c7334d6ab08e0a98b2e31c4fa0 -SHA1 (patch-ae) = ba770387570d202b440593d6c7cbd8d53d411a41 -SHA1 (patch-af) = 3ac549f091e6285298f9508a5fec40bd97b7d9d1 +SHA1 (patch-ac) = fc1d148ea7b83df06f4fb44e20491032a159cfce +SHA1 (patch-ad) = 738c302cd40387216d65ab1abc9ba0eb364320ff +SHA1 (patch-ae) = 2b49d0566d69f9e30ea151c0c52ad139c4517dc8 +SHA1 (patch-af) = 9643860c52e32150d2c6e17c5f7838bfb9df2e67 SHA1 (patch-sysdeputil.c) = 3efe030f66c50a31f6cb5e8565920f5b0eb4e78d Index: pkgsrc/net/vsftpd/patches/patch-aa diff -u pkgsrc/net/vsftpd/patches/patch-aa:1.5 pkgsrc/net/vsftpd/patches/patch-aa:1.6 --- pkgsrc/net/vsftpd/patches/patch-aa:1.5 Mon Nov 8 17:10:55 2010 +++ pkgsrc/net/vsftpd/patches/patch-aa Fri Feb 9 16:46:42 2018 @@ -1,19 +1,23 @@ -$NetBSD: patch-aa,v 1.5 2010/11/08 17:10:55 abs Exp $ +$NetBSD: patch-aa,v 1.6 2018/02/09 16:46:42 triaxx Exp $ Remove unconditional Makefile variable definitions ---- Makefile.orig 2009-05-22 19:44:52.000000000 +0000 +--- Makefile.orig 2012-09-16 07:27:35.000000000 +0000 +++ Makefile -@@ -1,12 +1,6 @@ +@@ -1,16 +1,6 @@ # Makefile for systems with GNU tools -CC = gcc INSTALL = install IFLAGS = -idirafter dummyinc -#CFLAGS = -g --CFLAGS = -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion +-CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \ +- -Wall -W -Wshadow -Werror -Wformat-security \ +- -D_FORTIFY_SOURCE=2 \ +- #-pedantic -Wconversion - -LIBS = `./vsf_findlibs.sh` -LINK = -Wl,-s +-LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \ tunables.o ftpdataio.o secbuf.o ls.o \ Index: pkgsrc/net/vsftpd/patches/patch-ad diff -u pkgsrc/net/vsftpd/patches/patch-ad:1.5 pkgsrc/net/vsftpd/patches/patch-ad:1.6 --- pkgsrc/net/vsftpd/patches/patch-ad:1.5 Mon Nov 8 17:10:55 2010 +++ pkgsrc/net/vsftpd/patches/patch-ad Fri Feb 9 16:46:42 2018 @@ -1,15 +1,15 @@ -$NetBSD: patch-ad,v 1.5 2010/11/08 17:10:55 abs Exp $ +$NetBSD: patch-ad,v 1.6 2018/02/09 16:46:42 triaxx Exp $ Use PKG_SYSCONFDIR instead of hardcoding /etc ---- tunables.c.orig 2010-03-17 02:44:31.000000000 +0000 +--- tunables.c.orig 2015-07-23 04:13:07.000000000 +0000 +++ tunables.c -@@ -250,19 +250,19 @@ tunables_load_defaults() +@@ -254,19 +254,19 @@ tunables_load_defaults() /* -rw------- */ tunable_chown_upload_mode = 0600; - install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir); -+ install_str_setting("/var/chroot/vsftpd", &tunable_secure_chroot_dir); ++ install_str_setting(VARBASE"/chroot/vsftpd", &tunable_secure_chroot_dir); install_str_setting("ftp", &tunable_ftp_username); install_str_setting("root", &tunable_chown_username); install_str_setting("/var/log/xferlog", &tunable_xferlog_file); @@ -29,7 +29,7 @@ Use PKG_SYSCONFDIR instead of hardcoding install_str_setting(0, &tunable_anon_root); install_str_setting(0, &tunable_local_root); install_str_setting(0, &tunable_banner_file); -@@ -275,9 +275,9 @@ tunables_load_defaults() +@@ -279,9 +279,9 @@ tunables_load_defaults() install_str_setting(0, &tunable_hide_file); install_str_setting(0, &tunable_deny_file); install_str_setting(0, &tunable_user_sub_token); @@ -40,4 +40,4 @@ Use PKG_SYSCONFDIR instead of hardcoding + install_str_setting(PKG_SYSCONFDIR"/vsftpd.pem", &tunable_rsa_cert_file); install_str_setting(0, &tunable_dsa_cert_file); - install_str_setting("DES-CBC3-SHA", &tunable_ssl_ciphers); + install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers); Index: pkgsrc/net/vsftpd/patches/patch-ae diff -u pkgsrc/net/vsftpd/patches/patch-ae:1.5 pkgsrc/net/vsftpd/patches/patch-ae:1.6 --- pkgsrc/net/vsftpd/patches/patch-ae:1.5 Mon Nov 8 17:10:55 2010 +++ pkgsrc/net/vsftpd/patches/patch-ae Fri Feb 9 16:46:42 2018 @@ -1,4 +1,4 @@ -$NetBSD: patch-ae,v 1.5 2010/11/08 17:10:55 abs Exp $ +$NetBSD: patch-ae,v 1.6 2018/02/09 16:46:42 triaxx Exp $ Use PKG_SYSCONFDIR instead of hardcoding /etc @@ -9,7 +9,7 @@ Use PKG_SYSCONFDIR instead of hardcoding .Pa listen=YES in -.Pa /etc/vsftpd.conf . -+.Pa @PKG_SYSCONFDIR@/vsftpd.conf . ++.Pa @PKG_SYSCONFDIR@/vsftpd/vsftpd.conf . Direct execution of the .Nm vsftpd binary will then launch the FTP service ready for immediate client connections. @@ -18,7 +18,7 @@ Use PKG_SYSCONFDIR instead of hardcoding strict order that they are encountered on the command line. If no config files are specified, the default configuration file of -.Pa /etc/vsftpd.conf -+.Pa @PKG_SYSCONFDIR@/vsftpd.conf ++.Pa @PKG_SYSCONFDIR@/vsftpd/vsftpd.conf will be loaded, after all other command line options are processed. .Pp Supported options are: @@ -27,16 +27,16 @@ Use PKG_SYSCONFDIR instead of hardcoding .El .Sh EXAMPLES -vsftpd -olisten=NO /etc/vsftpd.conf -oftpd_banner=blah -+vsftpd -olisten=NO @PKG_SYSCONFDIR@/vsftpd.conf -oftpd_banner=blah ++vsftpd -olisten=NO @PKG_SYSCONFDIR@/vsftpd/vsftpd.conf -oftpd_banner=blah .Pp That example overrides vsftpd's built-in default for the "listen" option to be -NO, but then loads /etc/vsftpd.conf which may override that setting. Finally, -+NO, but then loads @PKG_SYSCONFDIR@/vsftpd.conf which may override that setting. Finally, ++NO, but then loads @PKG_SYSCONFDIR@/vsftpd/vsftpd.conf which may override that setting. Finally, the "ftpd_banner" setting is set to "blah", which overrides any default vsftpd setting and any identical setting that was in the config file. .Sh FILES -.Pa /etc/vsftpd.conf -+.Pa @PKG_SYSCONFDIR@/vsftpd.conf ++.Pa @PKG_SYSCONFDIR@/vsftpd/vsftpd.conf .Sh SEE ALSO .Xr vsftpd.conf 5 .end Index: pkgsrc/net/vsftpd/patches/patch-ac diff -u pkgsrc/net/vsftpd/patches/patch-ac:1.4 pkgsrc/net/vsftpd/patches/patch-ac:1.5 --- pkgsrc/net/vsftpd/patches/patch-ac:1.4 Mon Nov 8 17:10:55 2010 +++ pkgsrc/net/vsftpd/patches/patch-ac Fri Feb 9 16:46:42 2018 @@ -1,12 +1,12 @@ -$NetBSD: patch-ac,v 1.4 2010/11/08 17:10:55 abs Exp $ +$NetBSD: patch-ac,v 1.5 2018/02/09 16:46:42 triaxx Exp $ Use PKG_SYSCONFDIR instead of hardcoding /etc ---- vsftpd.conf.orig 2009-10-19 02:04:23.000000000 +0000 +--- vsftpd.conf.orig 2011-12-17 18:24:40.000000000 +0000 +++ vsftpd.conf @@ -1,4 +1,4 @@ -# Example config file /etc/vsftpd.conf -+# Example config file @PKG_SYSCONFDIR@/vsftpd.conf ++# Example config file @PKG_SYSCONFDIR/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. @@ -15,16 +15,16 @@ Use PKG_SYSCONFDIR instead of hardcoding #deny_email_enable=YES # (default follows) -#banned_email_file=/etc/vsftpd.banned_emails -+#banned_email_file=@PKG_SYSCONFDIR@/vsftpd.banned_emails ++#banned_email_file=@PKG_SYSCONFDIR/vsftpd/vsftpd.banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of -@@ -95,7 +95,7 @@ connect_from_port_20=YES +@@ -98,7 +98,7 @@ connect_from_port_20=YES #chroot_local_user=YES #chroot_list_enable=YES # (default follows) -#chroot_list_file=/etc/vsftpd.chroot_list -+#chroot_list_file=@PKG_SYSCONFDIR@/vsftpd.chroot_list ++#chroot_list_file=@PKG_SYSCONFDIR/vsftpd/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large Index: pkgsrc/net/vsftpd/patches/patch-af diff -u pkgsrc/net/vsftpd/patches/patch-af:1.6 pkgsrc/net/vsftpd/patches/patch-af:1.7 --- pkgsrc/net/vsftpd/patches/patch-af:1.6 Mon Nov 8 17:10:55 2010 +++ pkgsrc/net/vsftpd/patches/patch-af Fri Feb 9 16:46:42 2018 @@ -1,4 +1,4 @@ -$NetBSD: patch-af,v 1.6 2010/11/08 17:10:55 abs Exp $ +$NetBSD: patch-af,v 1.7 2018/02/09 16:46:42 triaxx Exp $ Use PKG_SYSCONFDIR instead of hardcoding /etc @@ -9,7 +9,7 @@ Use PKG_SYSCONFDIR instead of hardcoding vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By default, vsftpd looks for this file at the location -.BR /etc/vsftpd.conf . -+.BR @PKG_SYSCONFDIR@/vsftpd.conf . ++.BR @PKG_SYSCONFDIR@/vsftpd/vsftpd.conf . However, you may override this by specifying a command line argument to vsftpd. The command line argument is the pathname of the configuration file for vsftpd. This behaviour is useful because you may wish to use an advanced @@ -18,7 +18,7 @@ Use PKG_SYSCONFDIR instead of hardcoding a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is -/etc/vsftpd.chroot_list, but you may override this with the -+@PKG_SYSCONFDIR@/vsftpd.chroot_list, but you may override this with the ++@PKG_SYSCONFDIR@/vsftpd/vsftpd.chroot_list, but you may override this with the .BR chroot_list_file setting. @@ -27,7 +27,7 @@ Use PKG_SYSCONFDIR instead of hardcoding If activated, you may provide a list of anonymous password e-mail responses which cause login to be denied. By default, the file containing this list is -/etc/vsftpd.banned_emails, but you may override this with the -+@PKG_SYSCONFDIR@/vsftpd.banned_emails, but you may override this with the ++@PKG_SYSCONFDIR@/vsftpd/vsftpd.banned_emails, but you may override this with the .BR banned_email_file setting. @@ -36,7 +36,7 @@ Use PKG_SYSCONFDIR instead of hardcoding .BR email_password_file setting. The file format is one password per line, no extra whitespace. The -default filename is /etc/vsftpd.email_passwords. -+default filename is @PKG_SYSCONFDIR@/vsftpd.email_passwords. ++default filename is @PKG_SYSCONFDIR@/vsftpd/vsftpd.email_passwords. Default: NO .TP @@ -45,7 +45,7 @@ Use PKG_SYSCONFDIR instead of hardcoding is enabled. -Default: /etc/vsftpd.banned_emails -+Default: @PKG_SYSCONFDIR@/vsftpd.banned_emails ++Default: @PKG_SYSCONFDIR@/vsftpd/vsftpd.banned_emails .TP .B banner_file This option is the name of a file containing text to display when someone @@ -54,7 +54,7 @@ Use PKG_SYSCONFDIR instead of hardcoding chroot() jail. -Default: /etc/vsftpd.chroot_list -+Default: @PKG_SYSCONFDIR@/vsftpd.chroot_list ++Default: @PKG_SYSCONFDIR@/vsftpd/vsftpd.chroot_list .TP .B cmds_allowed This options specifies a comma separated list of allowed FTP commands (post @@ -63,7 +63,7 @@ Use PKG_SYSCONFDIR instead of hardcoding setting. -Default: /etc/vsftpd.email_passwords -+Default: @PKG_SYSCONFDIR@/vsftpd.email_passwords ++Default: @PKG_SYSCONFDIR@/vsftpd/vsftpd.email_passwords .TP .B ftp_username This is the name of the user we use for handling anonymous FTP. The home @@ -72,7 +72,7 @@ Use PKG_SYSCONFDIR instead of hardcoding as a secure chroot() jail at times vsftpd does not require filesystem access. -Default: /usr/share/empty -+Default: /var/chroot/vsftpd ++Default: @VARBASE@/chroot/vsftpd .TP .B ssl_ciphers This option can be used to select which SSL ciphers vsftpd will allow for @@ -81,11 +81,11 @@ Use PKG_SYSCONFDIR instead of hardcoding .BR user_config_dir to be -.BR /etc/vsftpd_user_conf -+.BR @PKG_SYSCONFDIR@/vsftpd_user_conf ++.BR @PKG_SYSCONFDIR@/vsftpd/vsftpd_user_conf and then log on as the user "chris", then vsftpd will apply the settings in the file -.BR /etc/vsftpd_user_conf/chris -+.BR @PKG_SYSCONFDIR@/vsftpd_user_conf/chris ++.BR @PKG_SYSCONFDIR@/vsftpd/vsftpd_user_conf/chris for the duration of the session. The format of this file is as detailed in this manual page! PLEASE NOTE that not all settings are effective on a per-user basis. For example, many settings only prior to the user's session @@ -94,7 +94,7 @@ Use PKG_SYSCONFDIR instead of hardcoding option is active. -Default: /etc/vsftpd.user_list -+Default: @PKG_SYSCONFDIR@/vsftpd.user_list ++Default: @PKG_SYSCONFDIR@/vsftpd/vsftpd.user_list .TP .B vsftpd_log_file This option is the name of the file to which we write the vsftpd style --_----------=_151819480234740--