helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

atftp,tftp-hpa,vsftpd,dante,stunnel: Disable and remove tcp-wrapper support

Browse Source 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Khem Raj 2025-11-05 19:25:06 -08:00
parent 844f1213d2
commit 64f7fef439
No known key found for this signature in database
GPG Key ID: BB053355919D3314
8 changed files with 11 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
meta-networking/recipes-daemons/atftp/atftp_0.8.0.bb
View File

@ -14,9 +14,8 @@ SRC_URI = "git://git.code.sf.net/p/atftp/code;branch=master;protocol=https \
inherit autotools update-rc.d systemd inherit autotools update-rc.d systemd
PACKAGECONFIG ??= "tcp-wrappers" PACKAGECONFIG ??= ""
PACKAGECONFIG[pcre] = "--enable-libpcre,--disable-libpcre,libpcre" PACKAGECONFIG[pcre] = "--enable-libpcre,--disable-libpcre,libpcre"
PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
PACKAGECONFIG[readline] = "--enable-libreadline,--disable-libreadline,readline" PACKAGECONFIG[readline] = "--enable-libreadline,--disable-libreadline,readline"
INITSCRIPT_PACKAGES = "${PN}d" INITSCRIPT_PACKAGES = "${PN}d"

2
meta-networking/recipes-daemons/tftp-hpa/tftp-hpa_5.2.bb
View File

@ -5,7 +5,7 @@ booting diskless workstations. The tftp package provides the user \
interface for TFTP, which allows users to transfer files to and from a \ interface for TFTP, which allows users to transfer files to and from a \
remote machine. This program and TFTP provide very little security, \ remote machine. This program and TFTP provide very little security, \
and should not be enabled unless it is expressly needed." and should not be enabled unless it is expressly needed."
DEPENDS = "tcp-wrappers readline" DEPENDS = "readline"
SECTION = "net" SECTION = "net"
HOMEPAGE = "http://freecode.com/projects/tftp-hpa" HOMEPAGE = "http://freecode.com/projects/tftp-hpa"
LICENSE = "BSD-4-Clause" LICENSE = "BSD-4-Clause"

12
meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf
View File

@ -110,14 +110,14 @@ xferlog_std_format=YES
pam_service_name=vsftpd pam_service_name=vsftpd
# #
# This option is examined if userlist_enable is activated. If you set this # This option is examined if userlist_enable is activated. If you set this
# setting to NO, then users will be denied login unless they are explicitly # setting to NO, then users will be denied login unless they are explicitly
# listed in the file specified by userlist_file. When login is denied, the # listed in the file specified by userlist_file. When login is denied, the
# denial is issued before the user is asked for a password. # denial is issued before the user is asked for a password.
userlist_deny=YES userlist_deny=YES
# #
# If enabled, vsftpd will load a list of usernames, from the filename given by # If enabled, vsftpd will load a list of usernames, from the filename given by
# userlist_file. If a user tries to log in using a name in this file, they # userlist_file. If a user tries to log in using a name in this file, they
# will be denied before they are asked for a password. This may be useful in # will be denied before they are asked for a password. This may be useful in
# preventing cleartext passwords being transmitted. See also userlist_deny. # preventing cleartext passwords being transmitted. See also userlist_deny.
userlist_enable=YES userlist_enable=YES
# #
@ -127,13 +127,13 @@ userlist_enable=YES
use_localtime=YES use_localtime=YES
# #
# If set to YES, local users will be (by default) placed in a chroot() jail in # If set to YES, local users will be (by default) placed in a chroot() jail in
# their home directory after login. Warning: This option has security # their home directory after login. Warning: This option has security
# implications, especially if the users have upload permission, or shell access. # implications, especially if the users have upload permission, or shell access.
# Only enable if you know what you are doing. Note that these security implications # Only enable if you know what you are doing. Note that these security implications
# are not vsftpd specific. They apply to all FTP daemons which offer to put # are not vsftpd specific. They apply to all FTP daemons which offer to put
# local users in chroot() jails. # local users in chroot() jails.
chroot_local_user=YES chroot_local_user=YES
# #
allow_writeable_chroot=YES allow_writeable_chroot=YES
# #
tcp_wrappers=YES tcp_wrappers=NO

26
meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/nopam-with-tcp_wrappers.patch
View File

@ -1,26 +0,0 @@
From 71628ddc91b6efb9b922a3fcf8cc18522f5387be Mon Sep 17 00:00:00 2001
From: "Roy.Li" <rongqing.li@windriver.com>
Date: Mon, 20 Feb 2012 13:51:49 +0000
Subject: [PATCH] Disable PAM
Upstream-Status: Inappropriate [config]
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
---
builddefs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/builddefs.h b/builddefs.h
index 0106d1a..f48a568 100644
--- a/builddefs.h
+++ b/builddefs.h
@@ -2,7 +2,7 @@
#define VSF_BUILDDEFS_H
#define VSF_BUILD_TCPWRAPPERS
-#define VSF_BUILD_PAM
+#undef VSF_BUILD_PAM
#undef VSF_BUILD_SSL
#endif /* VSF_BUILDDEFS_H */

26
meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/vsftpd-tcp_wrappers-support.patch
View File

@ -1,26 +0,0 @@
From c026b0c0de4eebb189bc77b2d4c3b9528454ac04 Mon Sep 17 00:00:00 2001
From: "Roy.Li" <rongqing.li@windriver.com>
Date: Fri, 19 Jul 2013 10:19:25 +0800
Subject: [PATCH] Enable tcp_wrapper.
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
---
builddefs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/builddefs.h b/builddefs.h
index e908352..0106d1a 100644
--- a/builddefs.h
+++ b/builddefs.h
@@ -1,7 +1,7 @@
#ifndef VSF_BUILDDEFS_H
#define VSF_BUILDDEFS_H
-#undef VSF_BUILD_TCPWRAPPERS
+#define VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
#undef VSF_BUILD_SSL

10
meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.5.bb
View File

@ -18,7 +18,6 @@ SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \
file://volatiles.99_vsftpd \ file://volatiles.99_vsftpd \
file://vsftpd.service \ file://vsftpd.service \
file://vsftpd-2.1.0-filter.patch \ file://vsftpd-2.1.0-filter.patch \
${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', 'file://vsftpd-tcp_wrappers-support.patch', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '${NOPAM_SRC}', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '${NOPAM_SRC}', d)} \
file://0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch \ file://0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch \
" "
@ -31,15 +30,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271 \
file://LICENSE;md5=654df2042d44b8cac8a5654fc5be63eb" file://LICENSE;md5=654df2042d44b8cac8a5654fc5be63eb"
SRC_URI[sha256sum] = "26b602ae454b0ba6d99ef44a09b6b9e0dfa7f67228106736df1f278c70bc91d3" SRC_URI[sha256sum] = "26b602ae454b0ba6d99ef44a09b6b9e0dfa7f67228106736df1f278c70bc91d3"
PACKAGECONFIG ??= "tcp-wrappers"
PACKAGECONFIG[tcp-wrappers] = ",,tcp-wrappers"
DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-listfile', '', d)}" RDEPENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-listfile', '', d)}"
PAMLIB = "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-L${STAGING_BASELIBDIR} -lpam', '', d)}" PAMLIB = "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-L${STAGING_BASELIBDIR} -lpam', '', d)}"
WRAPLIB = "${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', '-lwrap', '', d)}" NOPAM_SRC = "file://nopam.patch"
NOPAM_SRC = "${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', 'file://nopam-with-tcp_wrappers.patch', 'file://nopam.patch', d)}"
inherit update-rc.d useradd systemd inherit update-rc.d useradd systemd
@ -56,7 +50,7 @@ do_configure() {
} }
do_compile() { do_compile() {
oe_runmake "LIBS=-L${STAGING_LIBDIR} -lcrypt -lcap ${PAMLIB} ${WRAPLIB}" oe_runmake "LIBS=-L${STAGING_LIBDIR} -lcrypt -lcap ${PAMLIB}"
} }
do_install() { do_install() {

2
meta-networking/recipes-protocols/dante/dante_1.4.3.bb
View File

@ -33,8 +33,6 @@ REQUIRED_DISTRO_FEATURES = "pam"
EXTRA_AUTORECONF = "-I ${S}" EXTRA_AUTORECONF = "-I ${S}"
PACKAGECONFIG[libwrap] = ",--disable-libwrap,tcp-wrappers,libwrap"
PACKAGECONFIG ??= "" PACKAGECONFIG ??= ""
do_install:append() { do_install:append() {

3
meta-networking/recipes-support/stunnel/stunnel_5.76.bb
View File

@ -15,10 +15,9 @@ SRC_URI[sha256sum] = "cda37eb4d0fb1e129718ed27ad77b5735e899394ce040bb2be28bbb937
inherit autotools bash-completion pkgconfig inherit autotools bash-completion pkgconfig
PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} libwrap" PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)}"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[libwrap] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd" PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
EXTRA_OECONF += "--with-ssl='${STAGING_EXECPREFIXDIR}' --disable-fips" EXTRA_OECONF += "--with-ssl='${STAGING_EXECPREFIXDIR}' --disable-fips"