From 8ba24f68c9a0405300693323303ef653a4dc8b4853dd8d21baaa19017b05f5fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Wed, 6 Mar 2013 18:42:15 +0000 Subject: [PATCH] Accepting request 157236 from home:lnussel:branches:network - add isolate_network and seccomp_sandbox options to template to make them easier to find (bnc#786024) OBS-URL: https://build.opensuse.org/request/show/157236 OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=53 --- vsftpd-2.3.5-conf.patch | 15 ++++++++++----- vsftpd.changes | 6 ++++++ 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/vsftpd-2.3.5-conf.patch b/vsftpd-2.3.5-conf.patch index 880af54..5bff5e6 100644 --- a/vsftpd-2.3.5-conf.patch +++ b/vsftpd-2.3.5-conf.patch @@ -1,7 +1,7 @@ Index: vsftpd.conf =================================================================== ---- vsftpd.conf.orig 2011-12-17 19:24:40.000000000 +0100 -+++ vsftpd.conf 2012-04-11 10:19:06.192238657 +0200 +--- vsftpd.conf.orig ++++ vsftpd.conf @@ -4,23 +4,89 @@ # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. @@ -98,7 +98,7 @@ Index: vsftpd.conf # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. -@@ -30,15 +96,9 @@ +@@ -30,15 +96,9 @@ anonymous_enable=YES # new directories. #anon_mkdir_write_enable=YES # @@ -117,7 +117,7 @@ Index: vsftpd.conf # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not -@@ -46,24 +106,51 @@ +@@ -46,24 +106,51 @@ connect_from_port_20=YES #chown_uploads=YES #chown_username=whoever # @@ -174,7 +174,7 @@ Index: vsftpd.conf # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. -@@ -77,41 +164,29 @@ +@@ -77,41 +164,34 @@ connect_from_port_20=YES # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. @@ -231,3 +231,8 @@ Index: vsftpd.conf +# Limit passive ports to this range to assis firewalling +pasv_min_port=30000 +pasv_max_port=30100 ++ ++# security features that are incompatible with some other settings. Try to ++# uncomment if vsftpd dies with weird errors. ++#isolate_network=NO ++#seccomp_sandbox=NO diff --git a/vsftpd.changes b/vsftpd.changes index 0beb6dd..5f48de3 100644 --- a/vsftpd.changes +++ b/vsftpd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Feb 28 16:02:17 UTC 2013 - lnussel@suse.de + +- add isolate_network and seccomp_sandbox options to template to make them + easier to find (bnc#786024) + ------------------------------------------------------------------- Thu Feb 28 13:30:07 UTC 2013 - mvyskocil@suse.com