diff --git a/srcpkgs/vsftpd/patches/001-destdir.patch b/srcpkgs/vsftpd/patches/001-destdir.patch
new file mode 100644
index 00000000000..d5014f0c9df
--- /dev/null
+++ b/srcpkgs/vsftpd/patches/001-destdir.patch
@@ -0,0 +1,47 @@
+--- Makefile.orig
++++ Makefile
+@@ -22,6 +22,8 @@ OBJS	=	main.o utility.o prelogin.o ftpcm
+     seccompsandbox.o
+ 
+ 
++DESTDIR =
++
+ .c.o:
+ 	$(CC) -c $*.c $(CFLAGS) $(IFLAGS)
+ 
+@@ -29,21 +31,20 @@ vsftpd: $(OBJS)
+ 	$(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS)
+ 
+ install:
+-	if [ -x /usr/local/sbin ]; then \
+-		$(INSTALL) -m 755 vsftpd /usr/local/sbin/vsftpd; \
+-	else \
+-		$(INSTALL) -m 755 vsftpd /usr/sbin/vsftpd; fi
+-	if [ -x /usr/local/man ]; then \
+-		$(INSTALL) -m 644 vsftpd.8 /usr/local/man/man8/vsftpd.8; \
+-		$(INSTALL) -m 644 vsftpd.conf.5 /usr/local/man/man5/vsftpd.conf.5; \
+-	elif [ -x /usr/share/man ]; then \
+-		$(INSTALL) -m 644 vsftpd.8 /usr/share/man/man8/vsftpd.8; \
+-		$(INSTALL) -m 644 vsftpd.conf.5 /usr/share/man/man5/vsftpd.conf.5; \
+-	else \
+-		$(INSTALL) -m 644 vsftpd.8 /usr/man/man8/vsftpd.8; \
+-		$(INSTALL) -m 644 vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5; fi
+-	if [ -x /etc/xinetd.d ]; then \
+-		$(INSTALL) -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi
++	mkdir -p $(DESTDIR)/usr/sbin
++	$(INSTALL) -m 755 vsftpd $(DESTDIR)/usr/sbin/
++	mkdir -p $(DESTDIR)/usr/share/man/man8
++	$(INSTALL) -m 644 vsftpd.8 $(DESTDIR)/usr/share/man/man8/
++	mkdir -p $(DESTDIR)/usr/share/man/man5
++	$(INSTALL) -m 644 vsftpd.conf.5 $(DESTDIR)/usr/share/man/man5/
++	mkdir -p $(DESTDIR)/etc/xinetd.d
++	$(INSTALL) -m 644 xinetd.d/vsftpd $(DESTDIR)/etc/xinetd.d/
++
++uninstall:
++	rm -f $(DESTDIR)/usr/sbin/vsftpd
++	rm -f $(DESTDIR)/usr/share/man/man8/vsftpd.8
++	rm -f $(DESTDIR)/usr/share/man/man5/vsftpd.conf.5
++	rm -f $(DESTDIR)/etc/xinetd.d/vsftpd
+ 
+ clean:
+ 	rm -f *.o *.swp vsftpd
diff --git a/srcpkgs/vsftpd/patches/002-find_libs.patch b/srcpkgs/vsftpd/patches/002-find_libs.patch
new file mode 100644
index 00000000000..9d6b9b964af
--- /dev/null
+++ b/srcpkgs/vsftpd/patches/002-find_libs.patch
@@ -0,0 +1,13 @@
+--- Makefile.orig
++++ Makefile
+@@ -8,8 +8,8 @@ CFLAGS	=	-O2 -fPIE -fstack-protector --p
+ 	-D_FORTIFY_SOURCE=2 \
+ 	#-pedantic -Wconversion
+ 
+-LIBS	=	`./vsf_findlibs.sh`
+-LINK	=	-Wl,-s
++LIBS	=	-lssl -lcrypt -lnsl -lssl
++LINK	=
+ LDFLAGS	=	-fPIE -pie -Wl,-z,relro -Wl,-z,now
+ 
+ OBJS	=	main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \
diff --git a/srcpkgs/vsftpd/patches/003-chroot.patch b/srcpkgs/vsftpd/patches/003-chroot.patch
new file mode 100644
index 00000000000..84116c4ad94
--- /dev/null
+++ b/srcpkgs/vsftpd/patches/003-chroot.patch
@@ -0,0 +1,11 @@
+--- tunables.c.orig
++++ tunables.c
+@@ -254,7 +254,7 @@ tunables_load_defaults()
+   /* -rw------- */
+   tunable_chown_upload_mode = 0600;
+ 
+-  install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
++  install_str_setting("/var/run/vsftpd", &tunable_secure_chroot_dir);
+   install_str_setting("ftp", &tunable_ftp_username);
+   install_str_setting("root", &tunable_chown_username);
+   install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
diff --git a/srcpkgs/vsftpd/patches/004-disable-capabilities.patch b/srcpkgs/vsftpd/patches/004-disable-capabilities.patch
new file mode 100644
index 00000000000..c192954a356
--- /dev/null
+++ b/srcpkgs/vsftpd/patches/004-disable-capabilities.patch
@@ -0,0 +1,12 @@
+--- sysdeputil.c.orig
++++ sysdeputil.c
+@@ -165,6 +165,9 @@
+ #endif
+ /* END config */
+ 
++#undef VSF_SYSDEP_HAVE_CAPABILITIES
++#undef VSF_SYSDEP_HAVE_LIBCAP
++
+ /* PAM support - we include our own dummy version if the system lacks this */
+ #include <security/pam_appl.h>
+ 
diff --git a/srcpkgs/vsftpd/patches/005-disable-pam.patch b/srcpkgs/vsftpd/patches/005-disable-pam.patch
new file mode 100644
index 00000000000..f59eed0afb6
--- /dev/null
+++ b/srcpkgs/vsftpd/patches/005-disable-pam.patch
@@ -0,0 +1,11 @@
+--- builddefs.h.orig
++++ builddefs.h
+@@ -2,7 +2,7 @@
+ #define VSF_BUILDDEFS_H
+ 
+ #undef VSF_BUILD_TCPWRAPPERS
+-#define VSF_BUILD_PAM
++#undef VSF_BUILD_PAM
+ #undef VSF_BUILD_SSL
+ 
+ #endif /* VSF_BUILDDEFS_H */
diff --git a/srcpkgs/vsftpd/patches/006-musl-compatibility.patch b/srcpkgs/vsftpd/patches/006-musl-compatibility.patch
new file mode 100644
index 00000000000..acf716af7af
--- /dev/null
+++ b/srcpkgs/vsftpd/patches/006-musl-compatibility.patch
@@ -0,0 +1,13 @@
+--- sysdeputil.c.orig
++++ sysdeputil.c
+@@ -58,7 +58,9 @@
+ #define VSF_SYSDEP_HAVE_SHADOW
+ #define VSF_SYSDEP_HAVE_USERSHELL
+ #define VSF_SYSDEP_HAVE_LIBCAP
+-#define VSF_SYSDEP_HAVE_UTMPX
++#if defined(__GLIBC__) || defined(__UCLIBC__)
++  #define VSF_SYSDEP_HAVE_UTMPX
++#endif
+ 
+ #define __USE_GNU
+ #include <utmpx.h>
diff --git a/srcpkgs/vsftpd/patches/007-CVE-2015-1419.patch b/srcpkgs/vsftpd/patches/007-CVE-2015-1419.patch
new file mode 100644
index 00000000000..f0c2cf889be
--- /dev/null
+++ b/srcpkgs/vsftpd/patches/007-CVE-2015-1419.patch
@@ -0,0 +1,98 @@
+Description: CVE-2015-1419: config option deny_file is not handled correctly
+Author: Marcus Meissner <meissner@suse.com>
+Origin: https://bugzilla.novell.com/show_bug.cgi?id=CVE-2015-1419
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776922
+Last-Update: 2015-02-24
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- ls.c.orig
++++ ls.c
+@@ -7,6 +7,7 @@
+  * Would you believe, code to handle directory listing.
+  */
+ 
++#include <stdlib.h>
+ #include "ls.h"
+ #include "access.h"
+ #include "defs.h"
+@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct
+   struct mystr temp_str = INIT_MYSTR;
+   struct mystr brace_list_str = INIT_MYSTR;
+   struct mystr new_filter_str = INIT_MYSTR;
++  struct mystr normalize_filename_str = INIT_MYSTR;
++  const char *normname;
++  const char *path;
+   int ret = 0;
+   char last_token = 0;
+   int must_match_at_current_pos = 1;
++
+   str_copy(&filter_remain_str, p_filter_str);
+-  str_copy(&name_remain_str, p_filename_str);
++
++  /* normalize filepath */
++  path = str_strdup(p_filename_str);
++  normname = realpath(path, NULL);
++  if (normname == NULL)
++     goto out;
++  str_alloc_text(&normalize_filename_str, normname);
++
++  if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) {
++    if (str_get_char_at(p_filter_str, 0) == '/') {
++      if (str_get_char_at(&normalize_filename_str, 0) != '/') {
++        str_getcwd (&name_remain_str);
++
++        if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
++          str_append_char (&name_remain_str, '/');
++
++        str_append_str (&name_remain_str, &normalize_filename_str);
++      }
++      else
++       str_copy (&name_remain_str, &normalize_filename_str);
++    } else {
++      if (str_get_char_at(p_filter_str, 0) != '{')
++        str_basename (&name_remain_str, &normalize_filename_str);
++      else
++        str_copy (&name_remain_str, &normalize_filename_str);
++    }
++  } else
++    str_copy(&name_remain_str, &normalize_filename_str);
+ 
+   while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
+   {
+@@ -360,6 +392,9 @@ vsf_filename_passes_filter(const struct
+     ret = 0;
+   }
+ out:
++  free(normname);
++  free(path);
++  str_free(&normalize_filename_str);
+   str_free(&filter_remain_str);
+   str_free(&name_remain_str);
+   str_free(&temp_str);
+--- str.c.orig
++++ str.c
+@@ -711,3 +711,14 @@ str_replace_unprintable(struct mystr* p_
+   }
+ }
+ 
++void
++str_basename (struct mystr* d_str, const struct mystr* path)
++{
++  static struct mystr tmp;
++
++  str_copy (&tmp, path);
++  str_split_char_reverse(&tmp, d_str, '/');
++
++  if (str_isempty(d_str))
++   str_copy (d_str, path);
++}
+--- str.h.orig
++++ str.h
+@@ -100,6 +100,7 @@ void str_replace_unprintable(struct myst
+ int str_atoi(const struct mystr* p_str);
+ filesize_t str_a_to_filesize_t(const struct mystr* p_str);
+ unsigned int str_octal_to_uint(const struct mystr* p_str);
++void str_basename (struct mystr* d_str, const struct mystr* path);
+ 
+ /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
+  * buffer, starting at character position 'p_pos'. The extracted line will
diff --git a/srcpkgs/vsftpd/template b/srcpkgs/vsftpd/template
index 91b8eacdcf5..1ec83984146 100644
--- a/srcpkgs/vsftpd/template
+++ b/srcpkgs/vsftpd/template
@@ -12,10 +12,17 @@ distfiles="https://security.appspot.com/downloads/$pkgname-$version.tar.gz"
 checksum=9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7
 system_accounts="ftp"
 ftp_pgroup="nogroup"
+CFLAGS="-Wno-error"
+conf_files="/etc/vsftpd.conf"
 
 do_configure() {
-	sed -i 's@^#undef VSF_BUILD_SSL$@#define VSF_BUILD_SSL@' \
-		builddefs.h
+	local _nlsstring='-lcrypt -lnsl';
+	case "$XBPS_TARGET_MACHINE" in
+		*-musl) _nlsstring=-lcrypt ;;
+	esac
+
+	sed -i 's/#undef VSF_BUILD_SSL/#define VSF_BUILD_SSL/' builddefs.h
+	sed -i "s/-lcrypt -lnsl/${_nlsstring} -lssl -lcrypto/" Makefile
 }
 
 do_install() {