Revisions of vsftpd
Dominique Leuenberger (dimstar_suse)
accepted
request 297784
from
Tomáš Chvátal (scarabeus_iv)
(revision 50)
- Fix hide_file option wrt bnc#927612: * vsftpd-path-normalize.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 294583
from
Tomáš Chvátal (scarabeus_iv)
(revision 49)
- bnc#925963 stat is sometimes run on wrong path and results with ENOENT, ensure we sent both dir+file to filter verification: * vsftpd-path-normalize.patch - Update patch bit more for sanity checks. Done by rsassu@suse.de: * vsftpd-path-normalize.patch - Add back patch attempting to fix bnc#900326 bnc#915522 and bnc#922538: * vsftpd-path-normalize.patch - Reset filter patch to match fedora, my work will be restarted in one-off patch to make the changes stand out. Add rest of RH filtering patches: * vsftpd-2.2.0-wildchar.patch * vsftpd-2.3.4-sqb.patch * vsftpd-2.1.0-filter.patch - Work on the filter patch and split out the normalisation of the path to separate str function, currently commented out so I avoid huge diffing. * vsftpd-2.1.0-filter.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 287539
from
Tomáš Chvátal (scarabeus_factory)
(revision 48)
- Add service calls for other unit files too - Udate filter patch to work as expected: * vsftpd-2.1.0-filter.patch from fedora. bnc#900326 bnc#915522 CVE-2015-1419
Dominique Leuenberger (dimstar_suse)
accepted
request 267273
from
Tomáš Chvátal (scarabeus_iv)
(revision 47)
- Try to fix deny_file parsing to do more what is expected. Taken from fedora. bnc#900326 * vsftpd-2.1.0-filter.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 261591
from
Vítězslav Čížek (vitezslav_cizek)
(revision 46)
1
Adrian Schröter (adrianSuSE)
committed
(revision 44)
Split 13.2 from Factory
Stephan Kulow (coolo)
accepted
request 235383
from
Tomáš Chvátal (scarabeus_factory)
(revision 43)
- Cleanup with spec-cleaner - Remove conditions about init files as we do not build for < 12.1 anyway. - Update the README.SUSE file to describe more the listen option. - Add socket service for vsftpd to avoid the need for xinetd here. - Add comment about listen variables for xinetd configuration. Fixes bnc#872221. - Add default configuration as arg to xinetd started vsftpd. - Updated patch: * vsftpd-2.0.4-xinetd.diff
Stephan Kulow (coolo)
accepted
request 229628
from
Michal Hrusecky (old before rename to _miska_) (-miska-)
(revision 42)
- Move the enabling of timeofday and alarm one level deeper to be sure it is whitelisted everytime. Also should possibly fix bnc#872215. - Updated patch: * vsftpd-enable-gettimeofday-sec.patch - Remove forking from service type as it hangs in endless loop. - Fix warning about dangling symlink on rcvsftpd from rpmlint and remove also clean section while at it. - Add patch to allow gettimeofday and alarm calls with seccomp enabled. bnc#870122 - Added patch: * vsftpd-enable-gettimeofday-sec.patch - Specify that the service type is forking - changed license to SUSE-GPL-2.0-with-openssl-exception * suggested by legal team - add allow_root_squashed_chroot option to enable chroot on nsf mounted with squash_root option (fate#311051) * vsftpd-root-squashed-chroot.patch (forwarded request 229627 from scarabeus_iv)
Adrian Schröter (adrianSuSE)
committed
(revision 41)
Split 13.1 from Factory
Stephan Kulow (coolo)
accepted
request 183971
from
Marcus Meissner (msmeissn)
(revision 40)
- build with OPENSSL_NO_SSL_INTERN this hides internal struct members or functions that if changed in future openssl versions will break the ABI of the calling applications. (forwarded request 183859 from elvigia)
Stephan Kulow (coolo)
accepted
request 162591
from
Michal Vyskocil (mvyskocil)
(revision 39)
- add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1) * this enabled a sendto on /dev/log socket when syslog is enabled - provide more verbose explanation about isolate_network and seccomp_sanbox in config file template - don't install init file on openSUSE 13.1+ - drop a build support for SL 10 and older - add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38) * drop CLONE_NEWPID from clone to enable audit system - add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406) * unconditionally enable F_SETFL patch - might be safe to do (forwarded request 162590 from mvyskocil)
Stephan Kulow (coolo)
accepted
request 157548
from
Ismail Dönmez (namtrac)
(revision 38)
- add isolate_network and seccomp_sandbox options to template to make them easier to find (bnc#786024) (forwarded request 157236 from lnussel)
Stephan Kulow (coolo)
accepted
request 156829
from
Michal Vyskocil (mvyskocil)
(revision 37)
PLEASE COPY TO 12.3! - add vsftpd-allow-dev-log-socket.patch (bnc#786024) * whitelist /dev/log related socket syscall
Adrian Schröter (adrianSuSE)
committed
(revision 36)
Split 12.3 from Factory
Stephan Kulow (coolo)
accepted
request 145730
from
Michal Vyskocil (mvyskocil)
(revision 35)
Verify GPG signature: Perform build-time offline GPG verification. Please verify that included keyring matches your needs. For manipulation with the offline keyring, please use gpg-offline tool from openSUSE:Factory, devel-tools-building or Base:System. See the man page and/or /usr/share/doc/packages/gpg-offline/PACKAGING.HOWTO. If you need to build your package for older products and don't want to mess spec file with ifs, please follow PACKAGING.HOWTO: you can link or aggregate gpg-offline from devel:tools:building or use following trick with "osc meta prjconf": --- Cut here ---- %if 0%{?suse_version} <= 1220 Substitute: gpg-offline %endif Macros: %gpg_verify(dnf) \ %if 0%{?suse_version} > 1220\ echo "WARNING: Using %%gpg_verify macro from prjconf, not from gpg-offline package."\ gpg-offline --directory="%{-d:%{-d*}}%{!-d:%{_sourcedir}}" --package="%{-n:%{-n*}}%{!-n:%{name}}""%{-f: %{-f*}}" --verify %{**}\ %else\ echo "WARNING: Dummy prjconf macro. gpg-offline is not available, skipping %{**} GPG signature verification!"\ %endif\ %nil ----------------- (forwarded request 143938 from sbrabec)
Stephan Kulow (coolo)
accepted
request 142032
from
Sascha Peilicke (saschpe)
(revision 34)
- Fix useradd invocation: -o is useless without -u and newer versions of pwdutils/shadowutils fail on this now. Error masked by7 || : (forwarded request 142025 from dimstar)
Stephan Kulow (coolo)
accepted
request 138998
from
Michal Vyskocil (mvyskocil)
(revision 33)
- update to 3.0.2 (bnc#786024) * Fix some seccomp related build errors on certain CentOS and Debian versions. * Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort() opens and maps /proc/meminfo but only for larger item counts? * Seccomp filter sandbox: deny socket() gracefully for text_userdb_names. * Fix various NULL crashes with nonsensical config settings. Noted by Tianyin Xu <tixu@cs.ucsd.edu>. * Force cast to unsigned char in is* char functions. * Fix harmless integer issues in strlist.c. * Started on a (possibly ill-advised?) crusade to compile cleanly with Wconversion. Decided to suspend the effort half-way through. * One more seccomp policy fix: mremap (denied). * Support STOU with no filename, uses a STOU. prefix.
Stephan Kulow (coolo)
accepted
request 131864
from
Michal Vyskocil (mvyskocil)
(revision 32)
- make seccomp sandbox enabled by default * dropped vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
Adrian Schröter (adrianSuSE)
committed
(revision 31)
branched from openSUSE:Factory
Displaying revisions 41 - 60 of 90