Squashed 'import-layers/meta-openembedded/' content from commit 247b126
Change-Id: I40827e9ce5fba63f1cca2a0be44976ae8383b4c0
git-subtree-dir: import-layers/meta-openembedded
git-subtree-split: 247b1267bbe95719cd4877d2d3cfbaf2a2f4865a
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/CVE-2016-3125.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/CVE-2016-3125.patch
new file mode 100644
index 0000000..69c9be0
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/CVE-2016-3125.patch
@@ -0,0 +1,247 @@
+From 7a8f683cedf9b0d1024a80362693c9f8b93a0f2b Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj@castaglia.org>
+Date: Thu, 10 Mar 2016 15:07:58 -0800
+Subject: [PATCH] Backport of fix for Bug#4230 to 1.3.5 branch.
+
+Upstream-Status: Backport
+CVE: CVE-2016-3125
+
+Author: TJ Saunders <tj@castaglia.org>
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ contrib/mod_tls.c | 167 +++++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 147 insertions(+), 20 deletions(-)
+
+diff --git a/contrib/mod_tls.c b/contrib/mod_tls.c
+index df92658..5883cc7 100644
+--- a/contrib/mod_tls.c
++++ b/contrib/mod_tls.c
+@@ -411,6 +411,13 @@ static int tls_required_on_ctrl = 0;
+ static int tls_required_on_data = 0;
+ static unsigned char *tls_authenticated = NULL;
+
++/* Define the minimum DH group length we allow (unless the AllowWeakDH
++ * TLSOption is used). Ideally this would be 2048, per https://weakdh.org,
++ * but for compatibility with older Java versions, which only support up to
++ * 1024, we'll use 1024. For now.
++ */
++#define TLS_DH_MIN_LEN 1024
++
+ /* mod_tls session flags */
+ #define TLS_SESS_ON_CTRL 0x0001
+ #define TLS_SESS_ON_DATA 0x0002
+@@ -438,6 +445,7 @@ static unsigned char *tls_authenticated = NULL;
+ #define TLS_OPT_USE_IMPLICIT_SSL 0x0200
+ #define TLS_OPT_ALLOW_CLIENT_RENEGOTIATIONS 0x0400
+ #define TLS_OPT_VERIFY_CERT_CN 0x0800
++#define TLS_OPT_ALLOW_WEAK_DH 0x1000
+
+ /* mod_tls SSCN modes */
+ #define TLS_SSCN_MODE_SERVER 0
+@@ -2417,24 +2425,139 @@ static int tls_ctrl_renegotiate_cb(CALLBACK_FRAME) {
+
+ static DH *tls_dh_cb(SSL *ssl, int is_export, int keylength) {
+ DH *dh = NULL;
++ EVP_PKEY *pkey;
++ int pkeylen = 0, use_pkeylen = FALSE;
++
++ /* OpenSSL will only ever call us (currently) with a keylen of 512 or 1024;
++ * see the SSL_EXPORT_PKEYLENGTH macro in ssl_locl.h. Sigh.
++ *
++ * Thus we adjust the DH parameter length according to the size of the
++ * RSA/DSA private key used for the current connection.
++ *
++ * NOTE: This MAY cause interoperability issues with some clients, notably
++ * Java 7 (and earlier) clients, since Java 7 and earlier supports
++ * Diffie-Hellman only up to 1024 bits. More sighs. To deal with these
++ * clients, then, you need to configure a certificate/key of 1024 bits.
++ */
++ pkey = SSL_get_privatekey(ssl);
++ if (pkey != NULL) {
++ if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA ||
++ EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
++ pkeylen = EVP_PKEY_bits(pkey);
++
++ if (pkeylen < TLS_DH_MIN_LEN) {
++ if (!(tls_opts & TLS_OPT_ALLOW_WEAK_DH)) {
++ pr_trace_msg(trace_channel, 11,
++ "certificate private key length %d less than %d bits, using %d "
++ "(see AllowWeakDH TLSOption)", pkeylen, TLS_DH_MIN_LEN,
++ TLS_DH_MIN_LEN);
++ pkeylen = TLS_DH_MIN_LEN;
++ }
++ }
++
++ if (pkeylen != keylen) {
++ pr_trace_msg(trace_channel, 13,
++ "adjusted DH parameter length from %d to %d bits", keylen, pkeylen);
++ use_pkeylen = TRUE;
++ }
++ }
++ }
+
+ if (tls_tmp_dhs != NULL &&
+ tls_tmp_dhs->nelts > 0) {
+ register unsigned int i;
+- DH **dhs;
++ DH *best_dh = NULL, **dhs;
++ int best_dhlen = 0;
+
+ dhs = tls_tmp_dhs->elts;
++
++ /* Search the configured list of DH parameters twice: once for any sizes
++ * matching the actual requested size (usually 1024), and once for any
++ * matching the certificate private key size (pkeylen).
++ *
++ * This behavior allows site admins to configure a TLSDHParamFile that
++ * contains 1024-bit parameters, for e.g. Java 7 (and earlier) clients.
++ */
++
++ /* Note: the keylen argument is in BITS, but DH_size() returns the number
++ * of BYTES.
++ */
+ for (i = 0; i < tls_tmp_dhs->nelts; i++) {
+- /* Note: the keylength argument is in BITS, but DH_size() returns
+- * the number of BYTES.
++ int dhlen;
++
++ dhlen = DH_size(dhs[i]) * 8;
++ if (dhlen == keylen) {
++ pr_trace_msg(trace_channel, 11,
++ "found matching DH parameter for key length %d", keylen);
++ return dhs[i];
++ }
++
++ /* Try to find the next "best" DH to use, where "best" means
++ * the smallest DH that is larger than the necessary keylen.
+ */
+- if (DH_size(dhs[i]) == (keylength / 8)) {
++ if (dhlen > keylen) {
++ if (best_dh != NULL) {
++ if (dhlen < best_dhlen) {
++ best_dh = dhs[i];
++ best_dhlen = dhlen;
++ }
++
++ } else {
++ best_dh = dhs[i];
++ best_dhlen = dhlen;
++ }
++ }
++ }
++
++ for (i = 0; i < tls_tmp_dhs->nelts; i++) {
++ int dhlen;
++
++ dhlen = DH_size(dhs[i]) * 8;
++ if (dhlen == pkeylen) {
++ pr_trace_msg(trace_channel, 11,
++ "found matching DH parameter for certificate private key length %d",
++ pkeylen);
+ return dhs[i];
+ }
++
++ if (dhlen > pkeylen) {
++ if (best_dh != NULL) {
++ if (dhlen < best_dhlen) {
++ best_dh = dhs[i];
++ best_dhlen = dhlen;
++ }
++
++ } else {
++ best_dh = dhs[i];
++ best_dhlen = dhlen;
++ }
++ }
++ }
++
++ if (best_dh != NULL) {
++ pr_trace_msg(trace_channel, 11,
++ "using best DH parameter for key length %d (length %d)", keylen,
++ best_dhlen);
++ return best_dh;
+ }
+ }
+
+- switch (keylength) {
++ /* Still no DH parameters found? Use the built-in ones. */
++
++ if (keylen < TLS_DH_MIN_LEN) {
++ if (!(tls_opts & TLS_OPT_ALLOW_WEAK_DH)) {
++ pr_trace_msg(trace_channel, 11,
++ "requested key length %d less than %d bits, using %d "
++ "(see AllowWeakDH TLSOption)", keylen, TLS_DH_MIN_LEN, TLS_DH_MIN_LEN);
++ keylen = TLS_DH_MIN_LEN;
++ }
++ }
++
++ if (use_pkeylen) {
++ keylen = pkeylen;
++ }
++
++ switch (keylen) {
+ case 512:
+ dh = get_dh512();
+ break;
+@@ -2443,32 +2566,33 @@ static DH *tls_dh_cb(SSL *ssl, int is_export, int keylength) {
+ dh = get_dh768();
+ break;
+
+- case 1024:
+- dh = get_dh1024();
+- break;
++ case 1024:
++ dh = get_dh1024();
++ break;
+
+- case 1536:
+- dh = get_dh1536();
+- break;
++ case 1536:
++ dh = get_dh1536();
++ break;
+
+- case 2048:
+- dh = get_dh2048();
+- break;
++ case 2048:
++ dh = get_dh2048();
++ break;
+
+- default:
+- tls_log("unsupported DH key length %d requested, returning 1024 bits",
+- keylength);
+- dh = get_dh1024();
+- break;
++ default:
++ tls_log("unsupported DH key length %d requested, returning 1024 bits",
++ keylen);
++ dh = get_dh1024();
++ break;
+ }
+
++ pr_trace_msg(trace_channel, 11, "using builtin DH for %d bits", keylen);
++
+ /* Add this DH to the list, so that it can be freed properly later. */
+ if (tls_tmp_dhs == NULL) {
+ tls_tmp_dhs = make_array(session.pool, 1, sizeof(DH *));
+ }
+
+ *((DH **) push_array(tls_tmp_dhs)) = dh;
+-
+ return dh;
+ }
+
+@@ -8445,6 +8569,9 @@ MODRET set_tlsoptions(cmd_rec *cmd) {
+ strcmp(cmd->argv[i], "AllowClientRenegotiations") == 0) {
+ opts |= TLS_OPT_ALLOW_CLIENT_RENEGOTIATIONS;
+
++ } else if (strcmp(cmd->argv[i], "AllowWeakDH") == 0) {
++ opts |= TLS_OPT_ALLOW_WEAK_DH;
++
+ } else if (strcmp(cmd->argv[i], "EnableDiags") == 0) {
+ opts |= TLS_OPT_ENABLE_DIAGS;
+
+--
+2.7.4
+
diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/basic.conf.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/basic.conf.patch
new file mode 100644
index 0000000..4967bed
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/basic.conf.patch
@@ -0,0 +1,21 @@
+Upstream-Status: Inappropriate [configuration]
+
+proftpd tries to get the IP address from the hostname.
+Unluckily now the hostname is not properly configured in /etc/hosts.
+We can use this patch as a workaround.
+
+Author: Dexuan Cui <dexuan.cui@intel.com>
+Tue Oct 25 12:59:27 CST 2011
+
+--- proftpd-1.3.3c.orig/sample-configurations/basic.conf
++++ proftpd-1.3.3c/sample-configurations/basic.conf
+@@ -7,6 +7,9 @@
+ ServerType standalone
+ DefaultServer on
+
++#By default we bind to all interfaces.
++DefaultAddress 0.0.0.0
++
+ # Port 21 is the standard FTP port.
+ Port 21
+
diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/build_fixup.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/build_fixup.patch
new file mode 100644
index 0000000..19617a6
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/build_fixup.patch
@@ -0,0 +1,112 @@
+Upstream-Status: Inappropriate [configuration]
+
+combined the following patches into one:
+make, move-pidfile-to-var-run, move-runfile-to-var-run
+
+move pidfile to /var/run
+redefine PR_RUN_DIR as ${localstatedir}/run
+
+Signed-off-By: Armin Kuster <akuster808@gmail.com>
+
+
+Index: proftpd-1.3.5/Make.rules.in
+===================================================================
+--- proftpd-1.3.5.orig/Make.rules.in
++++ proftpd-1.3.5/Make.rules.in
+@@ -29,9 +29,9 @@ INSTALL=@INSTALL@
+ INSTALL_STRIP=@INSTALL_STRIP@
+ INSTALL_USER=@install_user@
+ INSTALL_GROUP=@install_group@
+-INSTALL_BIN=$(INSTALL) $(INSTALL_STRIP) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755
+-INSTALL_SBIN=$(INSTALL) $(INSTALL_STRIP) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755
+-INSTALL_MAN=$(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644
++INSTALL_BIN=$(INSTALL) -m 0755
++INSTALL_SBIN=$(INSTALL) -m 0755
++INSTALL_MAN=$(INSTALL) -m 0644
+
+ RM=rm -f
+ SHELL=@CONFIG_SHELL@
+Index: proftpd-1.3.5/Makefile.in
+===================================================================
+--- proftpd-1.3.5.orig/Makefile.in
++++ proftpd-1.3.5/Makefile.in
+@@ -105,7 +105,6 @@ check: proftpd$(EXEEXT)
+ $(DESTDIR)$(localedir) $(DESTDIR)$(includedir) $(DESTDIR)$(includedir)/proftpd $(DESTDIR)$(libdir) $(DESTDIR)$(pkgconfigdir) $(DESTDIR)$(libdir)/proftpd $(DESTDIR)$(libexecdir) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir) $(DESTDIR)$(bindir) $(DESTDIR)$(sbindir) $(DESTDIR)$(mandir) $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(mandir)/man5 $(DESTDIR)$(mandir)/man8:
+ @if [ ! -d $@ ]; then \
+ mkdir -p $@; \
+- chown $(INSTALL_USER):$(INSTALL_GROUP) $@; \
+ chmod 0755 $@; \
+ fi
+
+@@ -115,7 +114,6 @@ install-proftpd: proftpd $(DESTDIR)$(inc
+ rm -f $(DESTDIR)$(sbindir)/in.proftpd ; \
+ fi
+ ln -s proftpd $(DESTDIR)$(sbindir)/in.proftpd
+- -chown -h $(INSTALL_USER):$(INSTALL_GROUP) $(DESTDIR)$(sbindir)/in.proftpd
+
+ install-libs: $(DESTDIR)$(libdir)/proftpd
+ cd lib/ && $(MAKE) install
+@@ -152,11 +150,11 @@ install-utils: $(DESTDIR)$(sbindir) $(DE
+ $(INSTALL_SBIN) ftpshut $(DESTDIR)$(sbindir)/ftpshut
+ $(INSTALL_BIN) ftptop $(DESTDIR)$(bindir)/ftptop
+ $(INSTALL_BIN) ftpwho $(DESTDIR)$(bindir)/ftpwho
+- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755 src/prxs $(DESTDIR)$(bindir)/prxs
++ $(INSTALL) -m 0755 src/prxs $(DESTDIR)$(bindir)/prxs
+
+ install-conf: $(DESTDIR)$(sysconfdir)
+ if [ ! -f $(DESTDIR)$(sysconfdir)/proftpd.conf ] ; then \
+- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 \
++ $(INSTALL) -m 0644 \
+ $(top_srcdir)/sample-configurations/basic.conf \
+ $(DESTDIR)$(sysconfdir)/proftpd.conf ; \
+ fi
+Index: proftpd-1.3.5/configure
+===================================================================
+--- proftpd-1.3.5.orig/configure
++++ proftpd-1.3.5/configure
+@@ -38255,7 +38255,7 @@ _ACEOF
+
+
+ cat >>confdefs.h <<_ACEOF
+-#define PR_RUN_DIR "`eval echo "${localstatedir}"`"
++#define PR_RUN_DIR "`eval echo "${localstatedir}"/run/`"
+ _ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+@@ -38263,7 +38263,7 @@ cat >>confdefs.h <<_ACEOF
+ _ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+-#define PR_PID_FILE_PATH "`eval echo "${localstatedir}/proftpd.pid"`"
++#define PR_PID_FILE_PATH "`eval echo "${localstatedir}/run/proftpd.pid"`"
+ _ACEOF
+
+
+Index: proftpd-1.3.5/configure.in
+===================================================================
+--- proftpd-1.3.5.orig/configure.in
++++ proftpd-1.3.5/configure.in
+@@ -2971,8 +2971,8 @@ locale_dir="`eval echo ${locale_dir}`"
+ AC_DEFINE_UNQUOTED(PR_LOCALE_DIR, "`eval echo "${locale_dir}"`")
+
+ AC_DEFINE_UNQUOTED(PR_RUN_DIR, "`eval echo "${localstatedir}"`")
+-AC_DEFINE_UNQUOTED(PR_CONFIG_FILE_PATH, "`eval echo "${sysconfdir}/proftpd.conf"`")
+-AC_DEFINE_UNQUOTED(PR_PID_FILE_PATH, "`eval echo "${localstatedir}/proftpd.pid"`")
++AC_DEFINE_UNQUOTED(PR_CONFIG_FILE_PATH, "`eval echo "${sysconfdir}/run/proftpd.conf"`")
++AC_DEFINE_UNQUOTED(PR_PID_FILE_PATH, "`eval echo "${localstatedir}/run/proftpd.pid"`")
+
+ prefix="$pr_saved_prefix"
+ exec_prefix="$pr_saved_exec_prefix"
+Index: proftpd-1.3.5/lib/libcap/Makefile
+===================================================================
+--- proftpd-1.3.5.orig/lib/libcap/Makefile
++++ proftpd-1.3.5/lib/libcap/Makefile
+@@ -26,7 +26,7 @@ OBJS=$(addsuffix .o, $(FILES))
+ all: $(LIBNAME)
+
+ _makenames: _makenames.c cap_names.sed
+- $(CC) $(CFLAGS) $(LDFLAGS) $< -o $@
++ $(BUILD_CC) $(CFLAGS) $(LDFLAGS) $< -o $@
+
+ cap_names.h: _makenames
+ ./_makenames > cap_names.h
diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
new file mode 100644
index 0000000..c64535c
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
@@ -0,0 +1,27 @@
+close RequireValidShell check
+
+Upstream-Status: Inappropriate [configuration]
+
+close RequireValidShell check since we like to make /bin/false as shell
+for ftp user
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ sample-configurations/basic.conf | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/sample-configurations/basic.conf b/sample-configurations/basic.conf
+index 314eb79..abcb284 100644
+--- a/sample-configurations/basic.conf
++++ b/sample-configurations/basic.conf
+@@ -53,6 +53,7 @@ AllowOverwrite on
+ # We want clients to be able to login with "anonymous" as well as "ftp"
+ UserAlias anonymous ftp
+
++ RequireValidShell off
+ # Limit the maximum number of anonymous logins
+ MaxClients 10
+
+--
+1.7.10.4
+
diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/contrib.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/contrib.patch
new file mode 100644
index 0000000..7e2a8e3
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/contrib.patch
@@ -0,0 +1,42 @@
+The contrib directory now contains its own Makefile which is
+used during installation. It was required to pass DESTDIR through
+when it gets called from the base Makefile.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kevin Strasser <kevin.strasser@linux.intel.com>
+---
+ Makefile.in | 2 +-
+ contrib/Makefile.in | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 5b2e683..ee72fe1 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -120,7 +120,7 @@ install-modules: $(DESTDIR)$(libexecdir) $(DESTDIR)$(sysconfdir)
+ test -z "$(SHARED_MODULE_OBJS)" -a -z "$(SHARED_MODULE_DIRS)" -a -z "$(STATIC_MODULE_DIRS)" || (cd modules/ && $(MAKE) install)
+
+ install-utils: $(DESTDIR)$(sbindir) $(DESTDIR)$(bindir)
+- cd contrib/ && $(MAKE) install-utils
++ cd contrib/ && $(MAKE) DESTDIR=${DESTDIR} install-utils
+ $(INSTALL_BIN) ftpcount $(DESTDIR)$(bindir)/ftpcount
+ $(INSTALL_BIN) ftpdctl $(DESTDIR)$(bindir)/ftpdctl
+ $(INSTALL_SBIN) ftpscrub $(DESTDIR)$(sbindir)/ftpscrub
+diff --git a/contrib/Makefile.in b/contrib/Makefile.in
+index 5bcc038..51d248c 100644
+--- a/contrib/Makefile.in
++++ b/contrib/Makefile.in
+@@ -18,6 +18,6 @@ Makefile: Makefile.in ../config.status
+ cd ../ && ./config.status
+
+ install-utils:
+- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755 ftpasswd $(DESTDIR)$(bindir)/ftpasswd
+- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755 ftpmail $(DESTDIR)$(bindir)/ftpmail
+- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755 ftpquota $(DESTDIR)$(bindir)/ftpquota
++ $(INSTALL) -m 0755 ftpasswd $(DESTDIR)$(bindir)/ftpasswd
++ $(INSTALL) -m 0755 ftpmail $(DESTDIR)$(bindir)/ftpmail
++ $(INSTALL) -m 0755 ftpquota $(DESTDIR)$(bindir)/ftpquota
+--
+1.7.9.5
+
diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/default b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/default
new file mode 100644
index 0000000..b31f36c
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/default
@@ -0,0 +1,9 @@
+# Defaults for proftpd initscript
+
+# Master system-wide proftpd switch. The initscript
+# will not run if it is not set to yes.
+RUN="yes"
+
+# Default options.
+# For more exhaustive logging, try "-d 3".
+OPTIONS=""
diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd-basic.init b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd-basic.init
new file mode 100644
index 0000000..01c998c
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd-basic.init
@@ -0,0 +1,220 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: proftpd
+# Required-Start: $remote_fs $syslog $local_fs $network
+# Required-Stop: $remote_fs $syslog $local_fs $network
+# Should-Start: $named
+# Should-Stop: $named
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Starts ProFTPD daemon
+# Description: This script runs the FTP service offered
+# by the ProFTPD daemon
+### END INIT INFO
+
+# Start the proftpd FTP daemon.
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+DAEMON=/usr/sbin/proftpd
+NAME=proftpd
+
+# Defaults
+RUN="no"
+OPTIONS=""
+CONFIG_FILE=/etc/proftpd.conf
+
+PIDFILE=`grep -i '^pidfile' $CONFIG_FILE|awk '{ print $2 }'`
+if [ "x$PIDFILE" = "x" ];
+then
+ PIDFILE=/var/run/proftpd.pid
+fi
+
+# Read config (will override defaults)
+[ -r /etc/default/proftpd ] && . /etc/default/proftpd
+
+trap "" 1
+trap "" 15
+
+test -f $DAEMON || exit 0
+
+. /etc/init.d/functions
+
+#
+# Servertype could be inetd|standalone|none.
+# In all cases check against inetd and xinetd support.
+#
+if ! egrep -qi "^[[:space:]]*ServerType.*standalone" $CONFIG_FILE
+then
+ if egrep -qi "server[[:space:]]*=[[:space:]]*/usr/sbin/proftpd" /etc/xinetd.conf 2>/dev/null || \
+ egrep -qi "server[[:space:]]*=[[:space:]]*/usr/sbin/proftpd" /etc/xinetd.d/* 2>/dev/null || \
+ egrep -qi "^ftp.*/usr/sbin/proftpd" /etc/inetd.conf 2>/dev/null
+ then
+ RUN="no"
+ INETD="yes"
+ else
+ if ! egrep -qi "^[[:space:]]*ServerType.*inetd" $CONFIG_FILE
+ then
+ RUN="yes"
+ INETD="no"
+ else
+ RUN="no"
+ INETD="no"
+ fi
+ fi
+fi
+
+# /var/run could be on a tmpfs
+
+[ ! -d /var/run/proftpd ] && mkdir /var/run/proftpd
+
+inetd_check()
+{
+ if [ ! -x /usr/sbin/inetd -a ! -x /usr/sbin/xinetd ]; then
+ echo "Neither inetd nor xinetd appears installed: check your configuration."
+ fi
+}
+
+start()
+{
+ set -e
+ echo -n "Starting ftp server $NAME... "
+ start-stop-daemon --start --quiet --pidfile "$PIDFILE" --oknodo --exec $DAEMON -- -c $CONFIG_FILE $OPTIONS
+ echo "done."
+}
+
+signal()
+{
+
+ if [ "$1" = "stop" ]; then
+ SIGNAL="TERM"
+ echo -n "Stopping ftp server $NAME... "
+ else
+ if [ "$1" = "reload" ]; then
+ SIGNAL="HUP"
+ echo -n "Reloading ftp server $NAME... "
+ else
+ echo "ERR: wrong parameter given to signal()"
+ exit 1
+ fi
+ fi
+ if [ -f "$PIDFILE" ]; then
+ start-stop-daemon --stop --signal $SIGNAL --quiet --pidfile "$PIDFILE"
+ if [ $? = 0 ]; then
+ echo "done."
+ return
+ else
+ SIGNAL="KILL"
+ start-stop-daemon --stop --signal $SIGNAL --quiet --pidfile "$PIDFILE"
+ if [ $? != 0 ]; then
+ echo
+ [ $2 != 0 ] || exit 0
+ else
+ echo "done."
+ return
+ fi
+ fi
+ if [ "$SIGNAL" = "KILL" ]; then
+ rm -f "$PIDFILE"
+ fi
+ else
+ echo "done."
+ return
+ fi
+}
+
+case "$1" in
+ start)
+ if [ "x$RUN" = "xyes" ] ; then
+ start
+ else
+ if [ "x$INETD" = "xyes" ] ; then
+ echo "ProFTPD is started from inetd/xinetd."
+ inetd_check
+ else
+ echo "ProFTPD warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration."
+ fi
+ fi
+ ;;
+
+ force-start)
+ if [ "x$INETD" = "xyes" ] ; then
+ echo "Warning: ProFTPD is started from inetd/xinetd (trying to start anyway)."
+ inetd_check
+ fi
+ start
+ ;;
+
+ stop)
+ if [ "x$RUN" = "xyes" ] ; then
+ signal stop 0
+ else
+ if [ "x$INETD" = "xyes" ] ; then
+ echo "ProFTPD is started from inetd/xinetd."
+ inetd_check
+ else
+ echo "ProFTPD warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration."
+ fi
+ fi
+ ;;
+
+ force-stop)
+ if [ "x$INETD" = "xyes" ] ; then
+ echo "Warning: ProFTPD is started from inetd/xinetd (trying to kill anyway)."
+ inetd_check
+ fi
+ signal stop 0
+ ;;
+
+ reload)
+ signal reload 0
+ ;;
+
+ force-reload|restart)
+ if [ "x$RUN" = "xyes" ] ; then
+ signal stop 1
+ sleep 2
+ start
+ else
+ if [ "x$INETD" = "xyes" ] ; then
+ echo "ProFTPD is started from inetd/xinetd."
+ inetd_check
+ else
+ echo "ProFTPD warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration."
+ fi
+ fi
+ ;;
+
+ status)
+ if [ "x$INETD" = "xyes" ] ; then
+ echo "ProFTPD is started from inetd/xinetd."
+ inetd_check
+ exit 0
+ else
+ if [ -f "$PIDFILE" ]; then
+ pid=$(cat $PIDFILE)
+ else
+ pid="x"
+ fi
+ if [ `pidof proftpd|grep "$pid"|wc -l` -ne 0 ] ; then
+ echo "ProFTPD is started in standalone mode, currently running."
+ exit 0
+ else
+ echo "ProFTPD is started in standalone mode, currently not running."
+ exit 3
+ fi
+ fi
+ ;;
+
+ check-config)
+ $DAEMON -t >/dev/null && echo "ProFTPD configuration OK" && exit 0
+ exit 1
+ ;;
+
+ *)
+ echo "Usage: /etc/init.d/$NAME {start|status|force-start|stop|force-stop|reload|restart|force-reload|check-config}"
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd.service b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd.service
new file mode 100644
index 0000000..ba97f8e
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=proftpd Daemon
+
+[Service]
+Type=forking
+ExecStart=-@SBINDIR@/proftpd -c @SYSCONFDIR@/proftpd.conf
+StandardError=syslog
diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/proftpd_1.3.5a.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/proftpd_1.3.5a.bb
new file mode 100644
index 0000000..57d4984
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/proftpd_1.3.5a.bb
@@ -0,0 +1,115 @@
+SUMMARY = "Secure and configurable FTP server"
+SECTION = "net"
+HOMEPAGE = "http://www.proftpd.org"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=fb0d1484d11915fa88a6a7702f1dc184"
+
+SRC_URI = "ftp://ftp.proftpd.org/distrib/source/${BPN}-${PV}.tar.gz \
+ file://basic.conf.patch \
+ file://proftpd-basic.init \
+ file://default \
+ file://close-RequireValidShell-check.patch \
+ file://contrib.patch \
+ file://build_fixup.patch \
+ file://proftpd.service \
+ file://CVE-2016-3125.patch \
+ "
+
+SRC_URI[md5sum] = "b9d3092411478415b31d435f8e26d173"
+SRC_URI[sha256sum] = "a1f48df8539c414ec56e0cea63dcf4b8e16e606c05f10156f030a4a67fae5696"
+
+inherit autotools-brokensep useradd update-rc.d systemd
+
+PACKAGECONFIG ??= "sia shadow"
+PACKAGECONFIG += " ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)}"
+PACKAGECONFIG += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}"
+
+PACKAGECONFIG[curses] = "--enable-curses --enable-ncurses, --disable-curses --disable-ncurses, ncurses"
+PACKAGECONFIG[openssl] = "--enable-openssl, --disable-openssl, openssl, openssl"
+PACKAGECONFIG[pam] = "--enable-auth-pam, --disable-auth-pam, libpam, libpam"
+PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6"
+PACKAGECONFIG[shadow] = "--enable-shadow, --disable-shadow"
+PACKAGECONFIG[pcre] = "--enable-pcre, --disable-pcre, libpcre "
+
+# enable POSIX.1e capabilities
+PACKAGECONFIG[cap] = "--enable-cap, --disable-cap, libcap, libcap"
+
+#enable support for POSIX ACLs
+PACKAGECONFIG[acl] = "--enable-facl, --disable-facl"
+
+#enable proftpd controls via ftpdct
+PACKAGECONFIG[ctrls] = "--enable-ctrls, --disable-crtls"
+
+#prevent proftpd from using its bundled getopt implementation.
+PACKAGECONFIG[getopt] = "--with-getopt, --without-getopt"
+
+#do not strip debugging symbols from installed code
+PACKAGECONFIG[strip] = "--enable-strip, --disable-strip"
+
+#enable SIA authentication support (Tru64)
+PACKAGECONFIG[sia] = "--enable-sia, --disable-sia"
+PACKAGECONFIG[sendfile] = "-enable-sendfile, --disable-sendfile"
+
+#enable Native Language Support (NLS)
+PACKAGECONFIG[nls] = "--enable-nls, --disable-nls"
+
+#add mod_dso to core modules
+PACKAGECONFIG[dso] = "--enable-dso, --disable-dso"
+PACKAGECONFIG[largefile] = "--enable-largefile, --disable-largefile"
+
+#omit mod_auth_file from core modules
+PACKAGECONFIG[auth] = "--enable-auth-file, --disable-auth-file"
+
+
+# proftpd uses libltdl which currently makes configuring using
+# autotools.bbclass a pain...
+do_configure () {
+ oe_runconf
+ cp ${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool ${S}/libtool
+}
+
+FTPUSER = "ftp"
+FTPGROUP = "ftp"
+
+do_install () {
+ oe_runmake DESTDIR=${D} install
+ rmdir ${D}${libdir}/proftpd ${D}${datadir}/locale
+ [ -d ${D}${libexecdir} ] && rmdir ${D}${libexecdir}
+ sed -i '/ *User[ \t]*/s/ftp/${FTPUSER}/' ${D}${sysconfdir}/proftpd.conf
+ sed -i '/ *Group[ \t]*/s/ftp/${FTPGROUP}/' ${D}${sysconfdir}/proftpd.conf
+ install -d ${D}${sysconfdir}/init.d
+ install -m 0755 ${WORKDIR}/proftpd-basic.init ${D}${sysconfdir}/init.d/proftpd
+ sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/proftpd
+ sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/proftpd
+ sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/proftpd
+ sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${sysconfdir}/init.d/proftpd
+
+ install -d ${D}${sysconfdir}/default
+ install -m 0755 ${WORKDIR}/default ${D}${sysconfdir}/default/proftpd
+
+ # create the pub directory
+ mkdir -p ${D}/home/${FTPUSER}/pub/
+ chown -R ${FTPUSER}:${FTPGROUP} ${D}/home/${FTPUSER}/pub
+
+ install -d ${D}/${systemd_unitdir}/system
+ install -m 644 ${WORKDIR}/proftpd.service ${D}/${systemd_unitdir}/system
+ sed -e 's,@BASE_SBINDIR@,${base_sbindir},g' \
+ -e 's,@SYSCONFDIR@,${sysconfdir},g' \
+ -e 's,@SBINDIR@,${sbindir},g' \
+ -i ${D}${systemd_unitdir}/system/*.service
+}
+
+INITSCRIPT_NAME = "proftpd"
+INITSCRIPT_PARAM = "defaults 85 15"
+
+SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE_${PN} = "proftpd.service"
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}"
+USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} --home-dir /var/lib/${FTPUSER} --no-create-home \
+ --shell /bin/false ${FTPUSER}"
+
+FILES_${PN} += "/home/${FTPUSER}"
+
+RDEPENDS_${PN} += "perl"