vsftpd: Fix compilation without ECC or deprecated APIs

Signed-off-by: Rosen Penev <redacted>

diff --git a/net/vsftpd/Makefile b/net/vsftpd/Makefile
index fdd045e296c691b5da96d973935ff657ebe1472a..696ad3602fa4b0ad8d38aefe81495df2a3b16277 100644 (file)
--- a/net/vsftpd/Makefile
+++ b/net/vsftpd/Makefile
@@ -9,15 +9,17 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=vsftpd
 PKG_VERSION:=3.0.3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://security.appspot.com/downloads/
 PKG_HASH:=9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7
-PKG_LICENSE:=GPLv2
-
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 
+PKG_MAINTAINER:=Cezary Jackiewicz <cezary@eko.one.pl>
+PKG_LICENSE:=GPLv2
+PKG_CPE_ID:=cpe:/a:beasts:vsftpd
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/vsftpd/Default
@@ -26,7 +28,6 @@ define Package/vsftpd/Default
   CATEGORY:=Network
   TITLE:=Fast and secure FTP server
   URL:=https://security.appspot.com/vsftpd.html
-  MAINTAINER:=Cezary Jackiewicz <cezary@eko.one.pl>
 endef
 
 

diff --git a/net/vsftpd/patches/010-openssl-deprecated.patch b/net/vsftpd/patches/010-openssl-deprecated.patch
new file mode 100644 (file)
index 0000000..bbbfbe8
--- /dev/null
+++ b/net/vsftpd/patches/010-openssl-deprecated.patch
@@ -0,0 +1,66 @@
+From 0ea55455703eb69d7617968424e4bede59f39b83 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Fri, 23 Nov 2018 18:03:32 -0800
+Subject: [PATCH] ssl: Fix compile without Deprecated APIs and no ECC support
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ ssl.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/ssl.c b/ssl.c
+index c362983..845f77b 100644
+--- a/ssl.c
++++ b/ssl.c
+@@ -28,6 +28,9 @@
+ #include <openssl/err.h>
+ #include <openssl/rand.h>
+ #include <openssl/bio.h>
++#ifndef OPENSSL_NO_EC
++#include <openssl/ec.h>
++#endif
+ #include <errno.h>
+ #include <limits.h>
+ 
+@@ -59,8 +62,12 @@ ssl_init(struct vsf_session* p_sess)
+     SSL_CTX* p_ctx;
+     long options;
+     int verify_option = 0;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     SSL_library_init();
+     p_ctx = SSL_CTX_new(SSLv23_server_method());
++#else
++    p_ctx = SSL_CTX_new(TLS_server_method());
++#endif
+     if (p_ctx == NULL)
+     {
+       die("SSL: could not allocate SSL context");
+@@ -120,6 +127,7 @@ ssl_init(struct vsf_session* p_sess)
+     {
+       die("SSL: RNG is not seeded");
+     }
++#ifndef OPENSSL_NO_EC
+     {
+       EC_KEY* key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+       if (key == NULL)
+@@ -129,6 +137,7 @@ ssl_init(struct vsf_session* p_sess)
+       SSL_CTX_set_tmp_ecdh(p_ctx, key);
+       EC_KEY_free(key);
+     }
++#endif
+     if (tunable_ssl_request_cert)
+     {
+       verify_option |= SSL_VERIFY_PEER;
+@@ -660,7 +669,9 @@ ssl_cert_digest(SSL* p_ssl, struct vsf_session* p_sess, struct mystr* p_str)
+ static char*
+ get_ssl_error()
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   SSL_load_error_strings();
++#endif
+   return ERR_error_string(ERR_get_error(), NULL);
+ }
+ 
+-- 
+2.19.1
+