5 Commits

Author SHA1 Message Date
Hongxu Jia af971abbf0 proftpd: fix integer overflow CVE-2013-4359
Integrate a patch from proftpd upstream to fix an integer overflow bug
described in the CVE-2013-4359, which allows remote attachers to cause
a denial of service (memory consumption) attack.

Refer: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4359

Signed-off-by: Shan Hai <shan.hai@windriver.com>

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-09-26 05:41:52 +02:00
Roy Li 3ffe8dbceb proftpd: move the runing created file under /var/run
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Acked-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Joe MacDonald <joe@deserted.net>
2014-02-12 20:09:26 -05:00
Roy Li ac3a5d4301 proftpd: use /bin/false as the login shell and add home-dir
Use /bin/false as the login shell, just like what Ubuntu does,
otherwise there might be secure issue; add /var/lib/ftp as user
ftp home-dir.

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
2013-12-09 16:17:44 -05:00
Roy Li 9b3e284c58 proftpd: move pidfile from /var/ to /var/run/
/var/run/ is more suitable to store pidfile for OE, and this fixes
"/etc/init.d/proftpd stop" failure too, since this script assumes
the pidfile is under /var/run

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
2013-11-27 15:27:36 -05:00
Paul Eggleton 3d851fe4ce proftpd: add from meta-baryon
This was originally from OE-Classic. Improvements over the OE-Classic
recipe for reference:

* Update to 1.3.4b
* Add workaround for proftpd host IP resolution
* Add initscript, borrowed from Debian with some modifications for
  compatibility and handling for hardcoded paths
* Use autotools.bbclass and remove unnecessary configure options
* PARALLEL_MAKE = "" is no longer needed, the bug was fixed in 1.3.3c
* Set SUMMARY (which sets DESCRIPTION) and base it on the short
  description from the website
* Use useradd.bbclass to add ftp user/group
* Add HOMEPAGE
* Add/fix description in some patches and improve recipe indentation
* Make LICENSE more accurate
* Add LIC_FILES_CHKSUM

Some of this work was done by Dexuan Cui <dexuan.cui@intel.com> and
Kevin Strasser <kevin.strasser@linux.intel.com>.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2012-11-27 14:43:59 -05:00