d34b251e5d
Accepting request 138998 from network
Stephan Kulow
2012-10-24 05:19:35 +00:00
cc0b3b4805
- update to 3.0.2 (bnc#786024) * Fix some seccomp related build errors on certain CentOS and Debian versions. * Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort() opens and maps /proc/meminfo but only for larger item counts? * Seccomp filter sandbox: deny socket() gracefully for text_userdb_names. * Fix various NULL crashes with nonsensical config settings. Noted by Tianyin Xu <tixu@cs.ucsd.edu>. * Force cast to unsigned char in is* char functions. * Fix harmless integer issues in strlist.c. * Started on a (possibly ill-advised?) crusade to compile cleanly with Wconversion. Decided to suspend the effort half-way through. * One more seccomp policy fix: mremap (denied). * Support STOU with no filename, uses a STOU. prefix.
Michal Vyskocil2012-10-22 13:40:00 +00:00
59ccc76869
- update to 3.0.2 (bnc#786024) * Fix some seccomp related build errors on certain CentOS and Debian versions. * Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort() opens and maps /proc/meminfo but only for larger item counts? * Seccomp filter sandbox: deny socket() gracefully for text_userdb_names. * Fix various NULL crashes with nonsensical config settings. Noted by Tianyin Xu <tixu@cs.ucsd.edu>. * Force cast to unsigned char in is* char functions. * Fix harmless integer issues in strlist.c. * Started on a (possibly ill-advised?) crusade to compile cleanly with Wconversion. Decided to suspend the effort half-way through. * One more seccomp policy fix: mremap (denied). * Support STOU with no filename, uses a STOU. prefix.
Michal Vyskocil2012-10-22 13:40:00 +00:00
d195e8e869
Accepting request 131864 from network
Stephan Kulow
2012-08-31 08:02:42 +00:00
9b4e19fdcc
Accepting request 131864 from network
Stephan Kulow
2012-08-31 08:02:42 +00:00
e34dbaa3d7
- make seccomp sandbox enabled by default * dropped vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
Michal Vyskocil2012-08-24 07:10:05 +00:00
736c79429f
- make seccomp sandbox enabled by default * dropped vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
Michal Vyskocil2012-08-24 07:10:05 +00:00
1f1a63d012
Accepting request 116233 from network
Stephan Kulow
2012-05-08 04:49:05 +00:00
b0d51ef310
Accepting request 116233 from network
Stephan Kulow
2012-05-08 04:49:05 +00:00
afb6927f52
Accepting request 115133 from home:aljex:branches:network
Michal Vyskocil2012-04-24 13:17:54 +00:00
362a9f2f63
Accepting request 115133 from home:aljex:branches:network
Michal Vyskocil2012-04-24 13:17:54 +00:00
a6cf2efa47
Accepting request 113215 from network
Stephan Kulow
2012-04-12 07:55:49 +00:00
db732681af
Accepting request 113215 from network
Stephan Kulow
2012-04-12 07:55:49 +00:00
cf83fc9250
- update to upstream 3.0.0: * Make listen mode the default. * Fix missing "const" in ssl.c * Add seccompsandbox.c to support a seccomp filter sandbox; works against Ubuntu 12.04 ABI. * Rearrange ftppolicy.c a bit so the syscall list is easily comparable with seccompsandbox.c * Rename deprecated "sandbox" to "ptrace_sandbox". * Add a few more state checks to the privileged helper processes. * Add tunable "seccomp_sandbox", default on. * Use hardened build flags. * Retry creating a PASV socket upon port reuse race between bind() and listen(), patch from Ralph Wuerthner <ralph.wuerthner@de.ibm.com>. * Don't die() if recv() indicates a closed remote connection. Problem report on a Windows client from Herbert van den Bergh, <herbert.van.den.bergh@oracle.com>. * Add new config setting "allow_writeable_chroot" to help people in a bit of a spot with the v2.3.5 defensive change. Only applies to non-anonymous. * Remove a couple of fixed things from BUGS. * strlen() trunction fix -- no particular impact. * Apply some tidyups from mmoufid@yorku.ca. * Fix delete_failed_uploads if there is a timeout. Report from Alejandro Hernández Hdez <aalejandrohdez@gmail.com>. * Fix other data channel bugs such as failure to log failure upon timeout. * Use exit codes a bit more consistently. * Fix bad interaction between SSL and trans_chunk_size. * Redo data timeout to fire properly for SSL sessions. * Redo idle timeout to fire properly for SSL sessions. * Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing. * Use 10 minutes as a max linger time just in case an alarm gets lost. * Change PR_SET_NO_NEW_PRIVS define, from Kees Cook. * Add AES128-SHA to default SSL cipher suites for FileZilla compatibility. Unfortunately the default vsftpd SSL confiuration still doesn't fully work with FileZilla, because FileZilla has a data connection security problem: no client certificate presentation and no session reuse. At least the error message is now very clear. * Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst a data transfer is in progress. * Fix delete_failed_uploads for anonymous sessions. * Don't listen for urgent data if the control connection is SSL, due to possible protocol synchronization issues. - SUSE specific changes: * turn off the listen mode (listen=NO) by default and change README.SUSE * merge new hardended flags for build and linking * fix the wrong Type=forking from systemd service file * turn off the seccomp_sandbox off by default as SUSE kernel does not support it (yet)
Michal Vyskocil2012-04-11 12:03:42 +00:00
6ce3661ad8
- update to upstream 3.0.0: * Make listen mode the default. * Fix missing "const" in ssl.c * Add seccompsandbox.c to support a seccomp filter sandbox; works against Ubuntu 12.04 ABI. * Rearrange ftppolicy.c a bit so the syscall list is easily comparable with seccompsandbox.c * Rename deprecated "sandbox" to "ptrace_sandbox". * Add a few more state checks to the privileged helper processes. * Add tunable "seccomp_sandbox", default on. * Use hardened build flags. * Retry creating a PASV socket upon port reuse race between bind() and listen(), patch from Ralph Wuerthner <ralph.wuerthner@de.ibm.com>. * Don't die() if recv() indicates a closed remote connection. Problem report on a Windows client from Herbert van den Bergh, <herbert.van.den.bergh@oracle.com>. * Add new config setting "allow_writeable_chroot" to help people in a bit of a spot with the v2.3.5 defensive change. Only applies to non-anonymous. * Remove a couple of fixed things from BUGS. * strlen() trunction fix -- no particular impact. * Apply some tidyups from mmoufid@yorku.ca. * Fix delete_failed_uploads if there is a timeout. Report from Alejandro Hernández Hdez <aalejandrohdez@gmail.com>. * Fix other data channel bugs such as failure to log failure upon timeout. * Use exit codes a bit more consistently. * Fix bad interaction between SSL and trans_chunk_size. * Redo data timeout to fire properly for SSL sessions. * Redo idle timeout to fire properly for SSL sessions. * Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing. * Use 10 minutes as a max linger time just in case an alarm gets lost. * Change PR_SET_NO_NEW_PRIVS define, from Kees Cook. * Add AES128-SHA to default SSL cipher suites for FileZilla compatibility. Unfortunately the default vsftpd SSL confiuration still doesn't fully work with FileZilla, because FileZilla has a data connection security problem: no client certificate presentation and no session reuse. At least the error message is now very clear. * Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst a data transfer is in progress. * Fix delete_failed_uploads for anonymous sessions. * Don't listen for urgent data if the control connection is SSL, due to possible protocol synchronization issues. - SUSE specific changes: * turn off the listen mode (listen=NO) by default and change README.SUSE * merge new hardended flags for build and linking * fix the wrong Type=forking from systemd service file * turn off the seccomp_sandbox off by default as SUSE kernel does not support it (yet)
Michal Vyskocil2012-04-11 12:03:42 +00:00
c2aa5ce3b4
Accepting request 106294 from network
Stephan Kulow
2012-02-22 14:55:42 +00:00
fe8b6a2bc4
Accepting request 106294 from network
Stephan Kulow
2012-02-22 14:55:42 +00:00
e5b3faff0a
- revert a part oc changes utf converting ˇ IPv6 support, so drop our patch ˇ Many bugfixes and tunings ˇ Build fixes
Michal Vyskocil2012-02-15 16:46:06 +00:00
acd4d6b736
- revert a part oc changes utf converting ˇ IPv6 support, so drop our patch ˇ Many bugfixes and tunings ˇ Build fixes
Michal Vyskocil2012-02-15 16:46:06 +00:00
7d3d450ec2
Accepting request 62760 from home:elvigia:branches:network
Cristian Rodríguez2011-02-25 01:39:16 +00:00
75fdda4cee
Accepting request 62760 from home:elvigia:branches:network
Cristian Rodríguez2011-02-25 01:39:16 +00:00
29011c873e
Accepting request 48701 from network
OBS User autobuild
2010-09-21 21:42:38 +00:00
dc6b27db0c
Accepting request 48701 from network
OBS User autobuild
2010-09-21 21:42:38 +00:00
d77971a489
Updating link to change in openSUSE:Factory/vsftpd revision 21.0
OBS User buildservice-autocommit
2010-09-21 21:42:38 +00:00
7d463f67bb
Updating link to change in openSUSE:Factory/vsftpd revision 21.0
OBS User buildservice-autocommit
2010-09-21 21:42:38 +00:00
88cf4973ab
Accepting request 48701 from network
OBS User autobuild
2010-09-21 21:42:37 +00:00
08187ec98a
Accepting request 48701 from network
OBS User autobuild
2010-09-21 21:42:37 +00:00
edd32a8418
Accepting request 48700 from home:elvigia:branches:network
Cristian Rodríguez2010-09-21 16:41:38 +00:00
da2bd3586a
Accepting request 48700 from home:elvigia:branches:network
Cristian Rodríguez2010-09-21 16:41:38 +00:00
1c5bc48896
Accepting request 45399 from network
OBS User autobuild
2010-08-13 00:40:10 +00:00
a785e3fd44
Accepting request 45399 from network
OBS User autobuild
2010-08-13 00:40:10 +00:00
55a2a44d4c
Updating link to change in openSUSE:Factory/vsftpd revision 20.0
OBS User buildservice-autocommit
2010-08-13 00:40:10 +00:00
6bd1d3d172
Updating link to change in openSUSE:Factory/vsftpd revision 20.0
OBS User buildservice-autocommit
2010-08-13 00:40:10 +00:00
0ea8a10129
Accepting request 45399 from network
OBS User autobuild
2010-08-13 00:40:09 +00:00
95a774417f
Accepting request 45399 from network
OBS User autobuild
2010-08-13 00:40:09 +00:00
4961c8276d
Accepting request 45245 from home:elvigia:branches:network
Marcus Meissner2010-08-11 15:31:04 +00:00
6711064050
Accepting request 45245 from home:elvigia:branches:network
Marcus Meissner2010-08-11 15:31:04 +00:00
bd02c3a964
Accepting request 40900 from network
OBS User autobuild
2010-05-31 16:20:59 +00:00
e92e50eee6
Accepting request 40900 from network
OBS User autobuild
2010-05-31 16:20:59 +00:00
a367833e69
Accepting request 40900 from network
OBS User autobuild
2010-05-31 16:20:58 +00:00
6a49bbadae
Accepting request 40900 from network
OBS User autobuild
2010-05-31 16:20:58 +00:00
06f3ce81a4
Accepting request 40625 from home:elvigia:branches:network
Michal Seben
2010-05-31 09:16:46 +00:00
e781cb5038
Accepting request 40625 from home:elvigia:branches:network
Michal Seben
2010-05-31 09:16:46 +00:00
289d783226
Accepting request 38025 from network
OBS User autobuild
2010-04-16 08:42:19 +00:00
17983d75c1
Accepting request 38025 from network
OBS User autobuild
2010-04-16 08:42:19 +00:00
7b3e586791
Updating link to change in openSUSE:Factory/vsftpd revision 16.0
OBS User buildservice-autocommit
2010-04-16 08:42:19 +00:00
93c069f18c
Updating link to change in openSUSE:Factory/vsftpd revision 16.0
OBS User buildservice-autocommit
2010-04-16 08:42:19 +00:00
f24a260a84
Accepting request 38025 from network
OBS User autobuild
2010-04-16 08:42:18 +00:00
bf9b739b25
Accepting request 38025 from network
OBS User autobuild
2010-04-16 08:42:18 +00:00
341f12808c
* Change "File receive OK." to "Transfer complete." to placate some broken clients. Thanks Holger Kiehl <Holger.Kiehl@dwd.de>. * Fix erroneous "child died" upon FTP client connect, when under load. Awesome thanks to Holger Kiehl <Holger.Kiehl@dwd.de> for running diagnostic tests on his live server. * Boot the session if an overly long line is encountered. - see Changelog file for changes in 2.1.0, 2.1.1, 2.1.2 and 2.2.0 releases
Michal Seben
2010-04-16 06:40:04 +00:00
f45f58705a
* Change "File receive OK." to "Transfer complete." to placate some broken clients. Thanks Holger Kiehl <Holger.Kiehl@dwd.de>. * Fix erroneous "child died" upon FTP client connect, when under load. Awesome thanks to Holger Kiehl <Holger.Kiehl@dwd.de> for running diagnostic tests on his live server. * Boot the session if an overly long line is encountered. - see Changelog file for changes in 2.1.0, 2.1.1, 2.1.2 and 2.2.0 releases
Michal Seben
2010-04-16 06:40:04 +00:00
1862a11661
Accepting request 37575 from server:ftp
Michal Seben
2010-04-09 15:17:29 +00:00
3b63d1797c
Accepting request 37575 from server:ftp
Michal Seben
2010-04-09 15:17:29 +00:00
b19d8512cb
Updating link to change in openSUSE:Factory/vsftpd revision 15.0
OBS User buildservice-autocommit
2010-03-18 15:34:31 +00:00
1c8ec02267
Updating link to change in openSUSE:Factory/vsftpd revision 15.0
OBS User buildservice-autocommit
2010-03-18 15:34:31 +00:00
Stephan Kulow
Michal Vyskocil
Cristian Rodríguez
Sascha Peilicke
Marcus Meissner
Michal Seben