Revisions of vsftpd
- Apply "vsftpd-avoid-bogus-ssl-write.patch" to fix a segmentation fault that occurred while trying to write to an invalid TLS context. [bsc#1125951] - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini
Extend "vsftpd-3.0.3-address_space_limit.patch" to mention the new 'address_space_limit' option in the installed vsftpd.conf(5) man page. [bsc#1075060]
- Apply "vsftpd-support-dsa-only-setups.patch" to disable the problematic default setting for rsa_cert_file. Upstream initializes that value to "/usr/share/ssl/certs/vsftpd.pem" and vsftpd won't start up if that file does not exist (or if it does not contain an RSA certificate). Therefore, users who copy a DSA certificate into that location or properly configure a DSA certificate via dsa_cert_file without explicitly disabling the RSA certificate won't be able to start vsftpd. [bsc#975538]
Don't start/stop parameterized systemd units in pre/post actions. These units cannot be used without an explicit parameter and attempts to do so lead to a confusing "failed to try-restart" error message. [bsc#1093179, bsc#1010177]
Enable wait4(), sysinfo(), and shutdown() syscalls in seccomp sandbox. These are required for the daemon to work properly on SLE-15. [bsc#1089088]
- Make sure to also require group nobody and user ftp bsc#1070653
- Add "vsftpd-die-with-session.patch" to fix a bug in vsftpd that would cause SSL protocol errors, aborting the connection, whenever system errors occurred that were supposed to be non-fatal. [bsc#1044292] - Add "vsftpd-mdtm-in-utc.patch" to fix interoperability issue with various ftp clients that arose when vsftpd is configured with option "use_localtime=YES". Basically, it's fine to use local time stamps in directory listings, but responding to MDTM commands with any time zone other than UTC directly violates RFC3659 and leads FTP clients to misinterpret the file's time stamp. [bsc#1024961] - Add "vsftpd-append-seek-pipe.patch" to allow the FTP server to append to a file system pipe. [bsc#1048427] - Add "vsftpd-3.0.3-address_space_limit.patch" to create the new configuration option "address_space_limit", which determines the memory limit vsftpd configures for its own process (given in bytes). The previously hard-coded limit (100 MB) may not be sufficient for vsftpd servers running with certain PAM modules enabled, and in such cases administrators may wish to raise the limit to match their system's requirements. [bsc#1042137] - Don't rely on the vsf_findlibs.sh script to figure out the list of libraries the build needs to link. The script is wildly unreliable and it's hard to predict what results it will produce. Also, the results it *does* produce are invisble in the build log. We stumbled across this issue when vsftpd suddendly had build failures on i586 platforms because the script decided to try and link "-lnsl" even though the library was neither installed nor required. - Drop the explicit specification of the LDFLAGS and LINK variables from the call to make. The value of LDFLAGS we passed is the default anyway and giving LINK has no effect since it's not used
- Conditionally install xinetd service only on older releases * On current distributions we support the same functionality via systemd socket activation - Fix build against OpenSSL 1.1. Remove lock on 1.0.x libs adds vsftpd-3.0.3-build-with-openssl-1.1.patch (bsc#1042673)
Fix build failure in openSUSE:Factory:Staging:I.
1
Add vsftpd-3.0.2-fix-chown-uploads.patch to fix a bug in vsftpd where files uploaded by an anonymous user could not be chown()ed to the desired UID as specified in the daemon's configuration file. [bnc#996370]
1
- Do not bother with omc xml configs, useless nowdays
- Require shadow and do not output the error out of useradd - Fix user creation to not report error when user alredy exist bnc#972169 - Fix bnc#970982 hanging on pam_exec in pam.d * Add patch vsftpd-3.0.2-wnohang.patch
- Fix memory leaks in ls.c bnc#968138 * Add patch vsftpd-ls-memleak.patch * Update patch vsftpd-path-normalize.patch - Fix wildcard ? matching bnc#969411 * Update patch vsftpd-2.3.4-sqb.patch
Automatic submission by obs-autosubmit
- Version bump to 3.0.3: * Increase VSFTP_AS_LIMIT to 200MB; various reports. * Make the PWD response more RFC compliant; report from Barry Kelly <barry@modeltwozero.com>. * Remove the trailing period from EPSV response to work around BT Internet issues; report from Tim Bishop <tdb@mirrorservice.org>. * Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil <mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now. * Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I probably have a different distro / libc / etc. and there are multiple reports. * Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle this case gracefully. Report from Vasily Averin <vvs@odin.com>. * List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. * Make some compile-time SSL defaults (such as correct client shutdown handling) stricter. * Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms delays. From Tim Kosse <tim.kosse@filezilla-project.org>. * Kill the FTP session if we see HTTP protocol commands, to avoid cross-protocol attacks. A report from Jann Horn <jann@thejh.net>. * Kill the FTP session if we see session re-use failure. A report from Tim Kosse <tim.kosse@filezilla-project.org>. * Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>. * Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384. * Minor SSL logging improvements. * Un-default tunable_strict_ssl_write_shutdown again. We still have tunable_strict_ssl_read_eof defaulted now, which is the important one to prove upload integrity. - Drop patch vsftpd-allow-dev-log-socket.patch should be included upstream, se above bullet with mvyskocil's email
- Fix logrotate script to not fail when vsftpd is not running, bnc#935279
Displaying revisions 21 - 40 of 90