From 7cbe902ddd60d1a921369cee8f8aadccc9eccdc8a281833269081d89824e218c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Tue, 8 Sep 2015 11:05:12 +0000 Subject: [PATCH] - Version bump to 3.0.3: * Increase VSFTP_AS_LIMIT to 200MB; various reports. * Make the PWD response more RFC compliant; report from Barry Kelly . * Remove the trailing period from EPSV response to work around BT Internet issues; report from Tim Bishop . * Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil . At least, syslogging seems to work on my Fedora now. * Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I probably have a different distro / libc / etc. and there are multiple reports. * Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle this case gracefully. Report from Vasily Averin . * List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. * Make some compile-time SSL defaults (such as correct client shutdown handling) stricter. * Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms delays. From Tim Kosse . * Kill the FTP session if we see HTTP protocol commands, to avoid cross-protocol attacks. A report from Jann Horn . * Kill the FTP session if we see session re-use failure. A report from Tim Kosse . * Enable ECDHE, Tim Kosse . * Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384. * Minor SSL logging improvements. * Un-default tunable_strict_ssl_write_shutdown again. We still have tunable_strict_ssl_read_eof defaulted now, which is the important one to prove upload integrity. - Drop patch vsftpd-allow-dev-log-socket.patch should be included upstream, se above bullet with mvyskocil's email OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=89 --- vsftpd-3.0.2.tar.gz | 3 --- vsftpd-3.0.2.tar.gz.asc | 7 ------- vsftpd-3.0.3.tar.gz | 3 +++ vsftpd-3.0.3.tar.gz.asc | 7 +++++++ vsftpd-allow-dev-log-socket.patch | 30 ---------------------------- vsftpd.changes | 33 +++++++++++++++++++++++++++++++ vsftpd.spec | 5 +---- 7 files changed, 44 insertions(+), 44 deletions(-) delete mode 100644 vsftpd-3.0.2.tar.gz delete mode 100644 vsftpd-3.0.2.tar.gz.asc create mode 100644 vsftpd-3.0.3.tar.gz create mode 100644 vsftpd-3.0.3.tar.gz.asc delete mode 100644 vsftpd-allow-dev-log-socket.patch diff --git a/vsftpd-3.0.2.tar.gz b/vsftpd-3.0.2.tar.gz deleted file mode 100644 index 5c01dab..0000000 --- a/vsftpd-3.0.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:be46f0e2c5528fe021fafc8dab1ecfea0c1f183063a06977f8537fcd0b195e56 -size 192808 diff --git a/vsftpd-3.0.2.tar.gz.asc b/vsftpd-3.0.2.tar.gz.asc deleted file mode 100644 index 669ed96..0000000 --- a/vsftpd-3.0.2.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iEYEABECAAYFAlBYSB8ACgkQqmLsRjwOdRwyzACdEOSXJgLVmiIZHZ/dFJfchX1R -Z3cAnjkRO3++zgZuG+CQ+FJx745IlazL -=UTJs ------END PGP SIGNATURE----- diff --git a/vsftpd-3.0.3.tar.gz b/vsftpd-3.0.3.tar.gz new file mode 100644 index 0000000..0aba8cd --- /dev/null +++ b/vsftpd-3.0.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7 +size 196649 diff --git a/vsftpd-3.0.3.tar.gz.asc b/vsftpd-3.0.3.tar.gz.asc new file mode 100644 index 0000000..1351ac6 --- /dev/null +++ b/vsftpd-3.0.3.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlWy7z8ACgkQqmLsRjwOdRyg1QCgp6fVazIhibmgmlefKPEVBUEM +yDMAnibP6iavxih4przbfR+Fd3LgsARM +=G+eX +-----END PGP SIGNATURE----- diff --git a/vsftpd-allow-dev-log-socket.patch b/vsftpd-allow-dev-log-socket.patch deleted file mode 100644 index 2af01d1..0000000 --- a/vsftpd-allow-dev-log-socket.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: mvyskocil@suse.com -Subject: enable /dev/log related socket call - -Linux-PAM try to open /dev/log, but as socket is not enabled in seccomp -sandbox, daemon is killed by SIGSYS. Because the attempt is made by process -with RLIMIT_NOFILE, the correct fix would be to test if we can open a new fd in -pam. Anyway I would say the risc is small, and other socket syscalls are disabled. - -Fixes: https://bugzilla.novell.com/show_bug.cgi?id=786024 - -Index: vsftpd-3.0.2/seccompsandbox.c -=================================================================== ---- vsftpd-3.0.2.orig/seccompsandbox.c -+++ vsftpd-3.0.2/seccompsandbox.c -@@ -353,6 +353,15 @@ seccomp_sandbox_setup_prelogin(const str - { - allow_nr_1_arg_match(__NR_recvmsg, 3, 0); - } -+ -+ //this is very probably an attempt to open /dev/log -+ //it fails because process cannot open any file, so it might be safe -+ //socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = -1 EMFILE (Too many open files) -+ allow_nr_3_arg_match(__NR_socket, -+ 1, PF_FILE, -+ 2, SOCK_DGRAM | SOCK_CLOEXEC, -+ 3, 0); -+ - } - - void diff --git a/vsftpd.changes b/vsftpd.changes index 84d3bf5..9d9b568 100644 --- a/vsftpd.changes +++ b/vsftpd.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Tue Sep 8 10:57:55 UTC 2015 - tchvatal@suse.com + +- Version bump to 3.0.3: + * Increase VSFTP_AS_LIMIT to 200MB; various reports. + * Make the PWD response more RFC compliant; report from Barry Kelly + . + * Remove the trailing period from EPSV response to work around BT Internet + issues; report from Tim Bishop . + * Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil + . At least, syslogging seems to work on my Fedora now. + * Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I + probably have a different distro / libc / etc. and there are multiple reports. + * Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle + this case gracefully. Report from Vasily Averin . + * List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. + * Make some compile-time SSL defaults (such as correct client shutdown + handling) stricter. + * Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms + delays. From Tim Kosse . + * Kill the FTP session if we see HTTP protocol commands, to avoid + cross-protocol attacks. A report from Jann Horn . + * Kill the FTP session if we see session re-use failure. A report from + Tim Kosse . + * Enable ECDHE, Tim Kosse . + * Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384. + * Minor SSL logging improvements. + * Un-default tunable_strict_ssl_write_shutdown again. We still have + tunable_strict_ssl_read_eof defaulted now, which is the important one to prove + upload integrity. +- Drop patch vsftpd-allow-dev-log-socket.patch should be included + upstream, se above bullet with mvyskocil's email + ------------------------------------------------------------------- Tue Jun 23 08:51:32 UTC 2015 - tchvatal@suse.com diff --git a/vsftpd.spec b/vsftpd.spec index 8114bee..ccebff0 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -17,7 +17,7 @@ Name: vsftpd -Version: 3.0.2 +Version: 3.0.3 Release: 0 Summary: Very Secure FTP Daemon - Written from Scratch License: SUSE-GPL-2.0-with-openssl-exception @@ -44,8 +44,6 @@ Patch8: vsftpd-2.0.5-utf8-log-names.patch Patch9: vsftpd-2.3.5-conf.patch Patch10: vsftpd-3.0.0_gnu_source_defines.patch Patch11: vsftpd-3.0.0-optional-seccomp.patch -#PATCH-FIX-OPENSUSE: bnc#786024 -Patch12: vsftpd-allow-dev-log-socket.patch #PATCH-FIX-OPENSUSE: bnc#786024, second issue with pam_login_acct Patch13: vsftpd-drop-newpid-from-clone.patch #PATCH-FIX-OPENSUSE: bnc#812406 @@ -96,7 +94,6 @@ tests. %patch9 %patch10 -p1 %patch11 -p1 -%patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1