of libraries the build needs to link. The script is wildly
unreliable and it's hard to predict what results it will produce.
Also, the results it *does* produce are invisble in the build
log. We stumbled across this issue when vsftpd suddendly had
build failures on i586 platforms because the script decided to
try and link "-lnsl" even though the library was neither
installed nor required.
- Drop the explicit specification of the LDFLAGS and LINK variables
from the call to make. The value of LDFLAGS we passed is the
default anyway and giving LINK has no effect since it's not used
anywhere in the Makefile.
OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=119
* Increase VSFTP_AS_LIMIT to 200MB; various reports.
* Make the PWD response more RFC compliant; report from Barry Kelly
<barry@modeltwozero.com>.
* Remove the trailing period from EPSV response to work around BT Internet
issues; report from Tim Bishop <tdb@mirrorservice.org>.
* Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
* Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
probably have a different distro / libc / etc. and there are multiple reports.
* Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
* List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
* Make some compile-time SSL defaults (such as correct client shutdown
handling) stricter.
* Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
* Kill the FTP session if we see HTTP protocol commands, to avoid
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
* Kill the FTP session if we see session re-use failure. A report from
Tim Kosse <tim.kosse@filezilla-project.org>.
* Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
* Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
* Minor SSL logging improvements.
* Un-default tunable_strict_ssl_write_shutdown again. We still have
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
upload integrity.
- Drop patch vsftpd-allow-dev-log-socket.patch should be included
upstream, se above bullet with mvyskocil's email
OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=89
- Move the enabling of timeofday and alarm one level deeper to
be sure it is whitelisted everytime.
Also should possibly fix bnc#872215.
- Updated patch:
* vsftpd-enable-gettimeofday-sec.patch
- Remove forking from service type as it hangs in endless loop.
- Fix warning about dangling symlink on rcvsftpd from rpmlint and
remove also clean section while at it.
- Add patch to allow gettimeofday and alarm calls with seccomp
enabled. bnc#870122
- Added patch:
* vsftpd-enable-gettimeofday-sec.patch
- Specify that the service type is forking
- changed license to SUSE-GPL-2.0-with-openssl-exception
* suggested by legal team
- add allow_root_squashed_chroot option to enable chroot on nsf
mounted with squash_root option (fate#311051)
* vsftpd-root-squashed-chroot.patch
OBS-URL: https://build.opensuse.org/request/show/229627
OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=59
- add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1)
* this enabled a sendto on /dev/log socket when syslog is enabled
- provide more verbose explanation about isolate_network and seccomp_sanbox in
config file template
- don't install init file on openSUSE 13.1+
- drop a build support for SL 10 and older
- add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38)
* drop CLONE_NEWPID from clone to enable audit system
- add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406)
* unconditionally enable F_SETFL patch - might be safe to do
OBS-URL: https://build.opensuse.org/request/show/162590
OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=55
Verify GPG signature: Perform build-time offline GPG verification.
Please verify that included keyring matches your needs.
For manipulation with the offline keyring, please use gpg-offline tool from openSUSE:Factory, devel-tools-building or Base:System.
See the man page and/or /usr/share/doc/packages/gpg-offline/PACKAGING.HOWTO.
If you need to build your package for older products and don't want to mess spec file with ifs, please follow PACKAGING.HOWTO:
you can link or aggregate gpg-offline from
devel:tools:building or use following trick with "osc meta prjconf":
--- Cut here ----
%if 0%{?suse_version} <= 1220
Substitute: gpg-offline
%endif
Macros:
%gpg_verify(dnf) \
%if 0%{?suse_version} > 1220\
echo "WARNING: Using %%gpg_verify macro from prjconf, not from gpg-offline package."\
gpg-offline --directory="%{-d:%{-d*}}%{!-d:%{_sourcedir}}" --package="%{-n:%{-n*}}%{!-n:%{name}}""%{-f: %{-f*}}" --verify %{**}\
%else\
echo "WARNING: Dummy prjconf macro. gpg-offline is not available, skipping %{**} GPG signature verification!"\
%endif\
%nil
-----------------
OBS-URL: https://build.opensuse.org/request/show/143938
OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=49
* Fix some seccomp related build errors on certain CentOS and Debian versions.
* Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort()
opens and maps /proc/meminfo but only for larger item counts?
* Seccomp filter sandbox: deny socket() gracefully for text_userdb_names.
* Fix various NULL crashes with nonsensical config settings. Noted by Tianyin
Xu <tixu@cs.ucsd.edu>.
* Force cast to unsigned char in is* char functions.
* Fix harmless integer issues in strlist.c.
* Started on a (possibly ill-advised?) crusade to compile cleanly with
Wconversion. Decided to suspend the effort half-way through.
* One more seccomp policy fix: mremap (denied).
* Support STOU with no filename, uses a STOU. prefix.
OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=45
