Revisions of vsftpd
- Fix hide_file option wrt bnc#927612: * vsftpd-path-normalize.patch
- bnc#925963 stat is sometimes run on wrong path and results with ENOENT, ensure we sent both dir+file to filter verification: * vsftpd-path-normalize.patch - Update patch bit more for sanity checks. Done by rsassu@suse.de: * vsftpd-path-normalize.patch - Add back patch attempting to fix bnc#900326 bnc#915522 and bnc#922538: * vsftpd-path-normalize.patch - Reset filter patch to match fedora, my work will be restarted in one-off patch to make the changes stand out. Add rest of RH filtering patches: * vsftpd-2.2.0-wildchar.patch * vsftpd-2.3.4-sqb.patch * vsftpd-2.1.0-filter.patch - Work on the filter patch and split out the normalisation of the path to separate str function, currently commented out so I avoid huge diffing. * vsftpd-2.1.0-filter.patch
- Add service calls for other unit files too - Udate filter patch to work as expected: * vsftpd-2.1.0-filter.patch from fedora. bnc#900326 bnc#915522 CVE-2015-1419
- Try to fix deny_file parsing to do more what is expected. Taken from fedora. bnc#900326 * vsftpd-2.1.0-filter.patch
1
- Cleanup with spec-cleaner - Remove conditions about init files as we do not build for < 12.1 anyway. - Update the README.SUSE file to describe more the listen option. - Add socket service for vsftpd to avoid the need for xinetd here. - Add comment about listen variables for xinetd configuration. Fixes bnc#872221. - Add default configuration as arg to xinetd started vsftpd. - Updated patch: * vsftpd-2.0.4-xinetd.diff
- Move the enabling of timeofday and alarm one level deeper to be sure it is whitelisted everytime. Also should possibly fix bnc#872215. - Updated patch: * vsftpd-enable-gettimeofday-sec.patch - Remove forking from service type as it hangs in endless loop. - Fix warning about dangling symlink on rcvsftpd from rpmlint and remove also clean section while at it. - Add patch to allow gettimeofday and alarm calls with seccomp enabled. bnc#870122 - Added patch: * vsftpd-enable-gettimeofday-sec.patch - Specify that the service type is forking - changed license to SUSE-GPL-2.0-with-openssl-exception * suggested by legal team - add allow_root_squashed_chroot option to enable chroot on nsf mounted with squash_root option (fate#311051) * vsftpd-root-squashed-chroot.patch (forwarded request 229627 from scarabeus_iv)
- build with OPENSSL_NO_SSL_INTERN this hides internal struct members or functions that if changed in future openssl versions will break the ABI of the calling applications. (forwarded request 183859 from elvigia)
- add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1) * this enabled a sendto on /dev/log socket when syslog is enabled - provide more verbose explanation about isolate_network and seccomp_sanbox in config file template - don't install init file on openSUSE 13.1+ - drop a build support for SL 10 and older - add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38) * drop CLONE_NEWPID from clone to enable audit system - add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406) * unconditionally enable F_SETFL patch - might be safe to do (forwarded request 162590 from mvyskocil)
- add isolate_network and seccomp_sandbox options to template to make them easier to find (bnc#786024) (forwarded request 157236 from lnussel)
PLEASE COPY TO 12.3! - add vsftpd-allow-dev-log-socket.patch (bnc#786024) * whitelist /dev/log related socket syscall
Verify GPG signature: Perform build-time offline GPG verification. Please verify that included keyring matches your needs. For manipulation with the offline keyring, please use gpg-offline tool from openSUSE:Factory, devel-tools-building or Base:System. See the man page and/or /usr/share/doc/packages/gpg-offline/PACKAGING.HOWTO. If you need to build your package for older products and don't want to mess spec file with ifs, please follow PACKAGING.HOWTO: you can link or aggregate gpg-offline from devel:tools:building or use following trick with "osc meta prjconf": --- Cut here ---- %if 0%{?suse_version} <= 1220 Substitute: gpg-offline %endif Macros: %gpg_verify(dnf) \ %if 0%{?suse_version} > 1220\ echo "WARNING: Using %%gpg_verify macro from prjconf, not from gpg-offline package."\ gpg-offline --directory="%{-d:%{-d*}}%{!-d:%{_sourcedir}}" --package="%{-n:%{-n*}}%{!-n:%{name}}""%{-f: %{-f*}}" --verify %{**}\ %else\ echo "WARNING: Dummy prjconf macro. gpg-offline is not available, skipping %{**} GPG signature verification!"\ %endif\ %nil ----------------- (forwarded request 143938 from sbrabec)
- Fix useradd invocation: -o is useless without -u and newer versions of pwdutils/shadowutils fail on this now. Error masked by7 || : (forwarded request 142025 from dimstar)
- update to 3.0.2 (bnc#786024) * Fix some seccomp related build errors on certain CentOS and Debian versions. * Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort() opens and maps /proc/meminfo but only for larger item counts? * Seccomp filter sandbox: deny socket() gracefully for text_userdb_names. * Fix various NULL crashes with nonsensical config settings. Noted by Tianyin Xu <tixu@cs.ucsd.edu>. * Force cast to unsigned char in is* char functions. * Fix harmless integer issues in strlist.c. * Started on a (possibly ill-advised?) crusade to compile cleanly with Wconversion. Decided to suspend the effort half-way through. * One more seccomp policy fix: mremap (denied). * Support STOU with no filename, uses a STOU. prefix.
- make seccomp sandbox enabled by default * dropped vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
Displaying revisions 41 - 60 of 90