- Add "vsftpd-die-with-session.patch" to fix a bug in vsftpd that
would cause SSL protocol errors, aborting the connection, whenever
system errors occurred that were supposed to be non-fatal.
[bsc#1044292]
- Add "vsftpd-mdtm-in-utc.patch" to fix interoperability issue with
various ftp clients that arose when vsftpd is configured with
option "use_localtime=YES". Basically, it's fine to use local time
stamps in directory listings, but responding to MDTM commands with
any time zone other than UTC directly violates RFC3659 and leads
FTP clients to misinterpret the file's time stamp. [bsc#1024961]
- Add "vsftpd-append-seek-pipe.patch" to allow the FTP server to
append to a file system pipe. [bsc#1048427]
- Add "vsftpd-3.0.3-address_space_limit.patch" to create the new
configuration option "address_space_limit", which determines the
memory limit vsftpd configures for its own process (given in
bytes). The previously hard-coded limit (100 MB) may not be
sufficient for vsftpd servers running with certain PAM modules
enabled, and in such cases administrators may wish to raise the
limit to match their system's requirements. [bsc#1042137]
- Don't rely on the vsf_findlibs.sh script to figure out the list
of libraries the build needs to link. The script is wildly
unreliable and it's hard to predict what results it will produce.
Also, the results it *does* produce are invisble in the build
log. We stumbled across this issue when vsftpd suddendly had
build failures on i586 platforms because the script decided to
try and link "-lnsl" even though the library was neither
installed nor required.
- Drop the explicit specification of the LDFLAGS and LINK variables
from the call to make. The value of LDFLAGS we passed is the
default anyway and giving LINK has no effect since it's not used
OBS-URL: https://build.opensuse.org/request/show/523208
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=62
of libraries the build needs to link. The script is wildly
unreliable and it's hard to predict what results it will produce.
Also, the results it *does* produce are invisble in the build
log. We stumbled across this issue when vsftpd suddendly had
build failures on i586 platforms because the script decided to
try and link "-lnsl" even though the library was neither
installed nor required.
- Drop the explicit specification of the LDFLAGS and LINK variables
from the call to make. The value of LDFLAGS we passed is the
default anyway and giving LINK has no effect since it's not used
anywhere in the Makefile.
OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=119
- Version bump to 3.0.3:
* Increase VSFTP_AS_LIMIT to 200MB; various reports.
* Make the PWD response more RFC compliant; report from Barry Kelly
<barry@modeltwozero.com>.
* Remove the trailing period from EPSV response to work around BT Internet
issues; report from Tim Bishop <tdb@mirrorservice.org>.
* Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
* Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
probably have a different distro / libc / etc. and there are multiple reports.
* Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
* List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
* Make some compile-time SSL defaults (such as correct client shutdown
handling) stricter.
* Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
* Kill the FTP session if we see HTTP protocol commands, to avoid
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
* Kill the FTP session if we see session re-use failure. A report from
Tim Kosse <tim.kosse@filezilla-project.org>.
* Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
* Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
* Minor SSL logging improvements.
* Un-default tunable_strict_ssl_write_shutdown again. We still have
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
upload integrity.
- Drop patch vsftpd-allow-dev-log-socket.patch should be included
upstream, se above bullet with mvyskocil's email
OBS-URL: https://build.opensuse.org/request/show/329655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=52
* Increase VSFTP_AS_LIMIT to 200MB; various reports.
* Make the PWD response more RFC compliant; report from Barry Kelly
<barry@modeltwozero.com>.
* Remove the trailing period from EPSV response to work around BT Internet
issues; report from Tim Bishop <tdb@mirrorservice.org>.
* Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
* Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
probably have a different distro / libc / etc. and there are multiple reports.
* Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
* List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
* Make some compile-time SSL defaults (such as correct client shutdown
handling) stricter.
* Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
* Kill the FTP session if we see HTTP protocol commands, to avoid
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
* Kill the FTP session if we see session re-use failure. A report from
Tim Kosse <tim.kosse@filezilla-project.org>.
* Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
* Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
* Minor SSL logging improvements.
* Un-default tunable_strict_ssl_write_shutdown again. We still have
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
upload integrity.
- Drop patch vsftpd-allow-dev-log-socket.patch should be included
upstream, se above bullet with mvyskocil's email
OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=89
- bnc#925963 stat is sometimes run on wrong path and results with
ENOENT, ensure we sent both dir+file to filter verification:
* vsftpd-path-normalize.patch
- Update patch bit more for sanity checks. Done by rsassu@suse.de:
* vsftpd-path-normalize.patch
- Add back patch attempting to fix bnc#900326 bnc#915522 and
bnc#922538:
* vsftpd-path-normalize.patch
- Reset filter patch to match fedora, my work will be restarted
in one-off patch to make the changes stand out. Add rest of
RH filtering patches:
* vsftpd-2.2.0-wildchar.patch
* vsftpd-2.3.4-sqb.patch
* vsftpd-2.1.0-filter.patch
- Work on the filter patch and split out the normalisation of the
path to separate str function, currently commented out so I
avoid huge diffing.
* vsftpd-2.1.0-filter.patch
OBS-URL: https://build.opensuse.org/request/show/294583
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=49
