Discussion:
[blfs-support] BLFS_8.1 vsftpd-3.0.3
Paul Rogers
2018-06-01 23:59:13 UTC
Permalink
I don't recall for any problems for 8.1 but that was about nine months
ago. I just checked with openssl 1.1.0h and had no warnings or errors.
-- Bruce
I'm not clear. I had no problem installing openssl-1.1.0f either. It was vsftpd that, if I'm interpretting things right, couldn't find the include files in /usr/include/opsnssl.
Not a package I use, and the only obvious change in the book since
8.1 is adding libnsl which I assume is not required on the older
glibc.
vsf_findlibs.sh finds the libraries fine, including that one. At linking it complains about many undefined SSL symbols in one of the files it compiled without complaint. I'm presuming those should have come from the installed include files.
Paul might care to google for arch-linux vsftpd : their build file
Paul does care to,
shows a change to the conf to apparently enable SSL, and a sed to
link to openssl-1.1.
if Paul could find the page to which you refer.
As always, I cannot recommend using an old version of openssl ;-)
I agree, but that can hardly explain my build failure, and presumably the BLFS devs compiled vsftpd-3.0.3 with openssl-1.1.0f as given in the book.
But fixing that means taking steps to fix make-ca. If Paul looked
at a recent version of the svn book with openssh-1.1.0h and
make-ca-0.7, the fix should be there, make-ca-0.8 should be ok.
Paul has the 5/22 svn, which only has openssl-1.0.2o!
--
Paul Rogers
***@fastmail.fm
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above informatio
Paul Rogers
2018-06-02 00:16:06 UTC
Permalink
Paul might care to google for arch-linux vsftpd : their build file
shows a change to the conf to apparently enable SSL, and a sed to
link to openssl-1.1.
Paul found a patch for it that looks good at suse.
--
Paul Rogers
***@fastmail.fm
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See
Ken Moffat
2018-06-02 01:25:18 UTC
Permalink
Post by Paul Rogers
Paul might care to google for arch-linux vsftpd : their build file
shows a change to the conf to apparently enable SSL, and a sed to
link to openssl-1.1.
Paul found a patch for it that looks good at suse.
Colour me very impressed ;-)

All I've ever managed to find at any flavour of SuSe was srpms, and
most of the links to those seemed broken. Any pointers ?

ĸen
--
War is Peace
Freedom is Slavery
Ignorance is Strength
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Paul Rogers
2018-06-02 06:40:44 UTC
Permalink
So I was following the book. It's misleading. It needs some revisions!

Apparently the external reference in vfs-findlibs.sh dropped out in the 1.1 version. I had openssl-1.1 installed, then built 1.0 with the versioning as instructed. Because of the versioning my first attempt at vsftpd couldn't find SSL_library_init. So the book's instructions only work if one installs 1.0 without versioning as instructed. The book should say so.

Clearly 1.1 is preferred, so the book's instructions for vsftpd should have the fix--I used and recommend just a simple sed rather than the patch. vsftpd should have the choice of one or the other as prereqs and instructions for installing either. And if you want to keep versioning, vsf-findlibs.sh still needs to be fixed for it.
--
Paul Rogers
***@fastmail.fm
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above
Bruce Dubbs
2018-06-02 15:00:44 UTC
Permalink
Post by Paul Rogers
So I was following the book. It's misleading. It needs some revisions!
Apparently the external reference in vfs-findlibs.sh dropped out in the 1.1 version. I had openssl-1.1 installed, then built 1.0 with the versioning as instructed. Because of the versioning my first attempt at vsftpd couldn't find SSL_library_init. So the book's instructions only work if one installs 1.0 without versioning as instructed. The book should say so.
Clearly 1.1 is preferred, so the book's instructions for vsftpd should have the fix--I used and recommend just a simple sed rather than the patch. vsftpd should have the choice of one or the other as prereqs and instructions for installing either. And if you want to keep versioning, vsf-findlibs.sh still needs to be fixed for it.
Paul,
Your problem was not clear to me. I think what you are doing is:

echo "#define VSF_BUILD_SSL" >> builddefs.h
make

We don't normally test with the define as that is not in the mainline
instructions, but only in Command Explanations as an optional thing to do.

Can you share the patch for vsftpd that you found?

OTOH, perhaps we should just remove vsftpd from the book. I can't get
to the url in the book right now and the last update to the package is
dated July 2015. It does not appear to be maintained.

In addition ftp seems to have become be a relatively unused protocol.
Uploads would generally be via scp and downloads either scp or http(s).
About the only thing I can see using ftp server for is for anonymous
uploads and that would be unusual/dangerous. In addition that could be
done via http if really needed.

-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the abov
Ken Moffat
2018-06-02 01:23:31 UTC
Permalink
Post by Paul Rogers
Paul might care to google for arch-linux vsftpd : their build file
Paul does care to,
shows a change to the conf to apparently enable SSL, and a sed to
link to openssl-1.1.
if Paul could find the page to which you refer.
I've now got firefox built, so I can paste from that:

For me, the second result (first is their wiki) is
https://www.archlinux.org/packages/community/x86_64/vsftpd/

In Source Files, the PKGBUILD

https://git.archlinux.org/svntogit/community.git/plain/trunk/PKGBUILD?h=packages/vsftpd
Post by Paul Rogers
As always, I cannot recommend using an old version of openssl ;-)
I agree, but that can hardly explain my build failure, and presumably the BLFS devs compiled vsftpd-3.0.3 with openssl-1.1.0f as given in the book.
Agree it doesn't explain the failure, but probably only one person
built it, and perhaps with different dependencies.
Post by Paul Rogers
But fixing that means taking steps to fix make-ca. If Paul looked
at a recent version of the svn book with openssh-1.1.0h and
make-ca-0.7, the fix should be there, make-ca-0.8 should be ok.
Paul has the 5/22 svn, which only has openssl-1.0.2o!
Doh! It's in LFS these days. 1.0.2 is only retained for its libs,
for those packages which cannot use 1.1.0.

The workaround for make-ca-0.7 is specifically at
http://wiki.linuxfromscratch.org/blfs/changeset/20041

I think that 1.1.0g was not a vulnerability fix for most people, but
that 1.1.0h was.

And to finally confirm, make-ca-0.8 does indeed work fine without
that workaround.

ĸen
--
War is Peace
Freedom is Slavery
Ignorance is Strength
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above infor
Loading...