Revisions of vsftpd
Dominique Leuenberger (dimstar_suse)
accepted
request 710591
from
Peter Simons (psimons)
(revision 70)
- Apply "vsftpd-avoid-bogus-ssl-write.patch" to fix a segmentation fault that occurred while trying to write to an invalid TLS context. [bsc#1125951] - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini
Dominique Leuenberger (dimstar_suse)
accepted
request 644184
from
Ismail Dönmez (namtrac)
(revision 69)
Dominique Leuenberger (dimstar_suse)
accepted
request 619612
from
Peter Simons (psimons)
(revision 68)
Extend "vsftpd-3.0.3-address_space_limit.patch" to mention the new 'address_space_limit' option in the installed vsftpd.conf(5) man page. [bsc#1075060]
Dominique Leuenberger (dimstar_suse)
accepted
request 618293
from
Peter Simons (psimons)
(revision 67)
- Apply "vsftpd-support-dsa-only-setups.patch" to disable the problematic default setting for rsa_cert_file. Upstream initializes that value to "/usr/share/ssl/certs/vsftpd.pem" and vsftpd won't start up if that file does not exist (or if it does not contain an RSA certificate). Therefore, users who copy a DSA certificate into that location or properly configure a DSA certificate via dsa_cert_file without explicitly disabling the RSA certificate won't be able to start vsftpd. [bsc#975538]
Dominique Leuenberger (dimstar_suse)
accepted
request 609848
from
Peter Simons (psimons)
(revision 66)
Don't start/stop parameterized systemd units in pre/post actions. These units cannot be used without an explicit parameter and attempts to do so lead to a confusing "failed to try-restart" error message. [bsc#1093179, bsc#1010177]
Dominique Leuenberger (dimstar_suse)
accepted
request 607030
from
Peter Simons (psimons)
(revision 65)
Enable wait4(), sysinfo(), and shutdown() syscalls in seccomp sandbox. These are required for the daemon to work properly on SLE-15. [bsc#1089088]
Dominique Leuenberger (dimstar_suse)
accepted
request 593273
from
Tomáš Chvátal (scarabeus_iv)
(revision 64)
Dominique Leuenberger (dimstar_suse)
accepted
request 556627
from
Tomáš Chvátal (scarabeus_iv)
(revision 63)
- Make sure to also require group nobody and user ftp bsc#1070653
Dominique Leuenberger (dimstar_suse)
accepted
request 523208
from
Peter Simons (psimons)
(revision 62)
- Add "vsftpd-die-with-session.patch" to fix a bug in vsftpd that would cause SSL protocol errors, aborting the connection, whenever system errors occurred that were supposed to be non-fatal. [bsc#1044292] - Add "vsftpd-mdtm-in-utc.patch" to fix interoperability issue with various ftp clients that arose when vsftpd is configured with option "use_localtime=YES". Basically, it's fine to use local time stamps in directory listings, but responding to MDTM commands with any time zone other than UTC directly violates RFC3659 and leads FTP clients to misinterpret the file's time stamp. [bsc#1024961] - Add "vsftpd-append-seek-pipe.patch" to allow the FTP server to append to a file system pipe. [bsc#1048427] - Add "vsftpd-3.0.3-address_space_limit.patch" to create the new configuration option "address_space_limit", which determines the memory limit vsftpd configures for its own process (given in bytes). The previously hard-coded limit (100 MB) may not be sufficient for vsftpd servers running with certain PAM modules enabled, and in such cases administrators may wish to raise the limit to match their system's requirements. [bsc#1042137] - Don't rely on the vsf_findlibs.sh script to figure out the list of libraries the build needs to link. The script is wildly unreliable and it's hard to predict what results it will produce. Also, the results it *does* produce are invisble in the build log. We stumbled across this issue when vsftpd suddendly had build failures on i586 platforms because the script decided to try and link "-lnsl" even though the library was neither installed nor required. - Drop the explicit specification of the LDFLAGS and LINK variables from the call to make. The value of LDFLAGS we passed is the default anyway and giving LINK has no effect since it's not used
Dominique Leuenberger (dimstar_suse)
accepted
request 503674
from
Tomáš Chvátal (scarabeus_iv)
(revision 61)
- Conditionally install xinetd service only on older releases
* On current distributions we support the same functionality
via systemd socket activation
- Fix build against OpenSSL 1.1. Remove lock on 1.0.x libs
adds vsftpd-3.0.3-build-with-openssl-1.1.patch
(bsc#1042673)
Dominique Leuenberger (dimstar_suse)
accepted
request 500193
from
Peter Simons (psimons)
(revision 60)
Fix build failure in openSUSE:Factory:Staging:I.
Dominique Leuenberger (dimstar_suse)
accepted
request 492476
from
Thorsten Kukuk (kukuk)
(revision 59)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 428670
from
Peter Simons (psimons)
(revision 58)
Add vsftpd-3.0.2-fix-chown-uploads.patch to fix a bug in vsftpd where files uploaded by an anonymous user could not be chown()ed to the desired UID as specified in the daemon's configuration file. [bnc#996370]
Dominique Leuenberger (dimstar_suse)
accepted
request 424078
from
Peter Simons (psimons)
(revision 57)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 417078
from
Tomáš Chvátal (scarabeus_iv)
(revision 56)
- Do not bother with omc xml configs, useless nowdays
Dominique Leuenberger (dimstar_suse)
accepted
request 380727
from
Tomáš Chvátal (scarabeus_iv)
(revision 55)
- Require shadow and do not output the error out of useradd - Fix user creation to not report error when user alredy exist bnc#972169 - Fix bnc#970982 hanging on pam_exec in pam.d * Add patch vsftpd-3.0.2-wnohang.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 369732
from
Tomáš Chvátal (scarabeus_iv)
(revision 54)
- Fix memory leaks in ls.c bnc#968138 * Add patch vsftpd-ls-memleak.patch * Update patch vsftpd-path-normalize.patch - Fix wildcard ? matching bnc#969411 * Update patch vsftpd-2.3.4-sqb.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 334376
from
Factory Maintainer (factory-maintainer)
(revision 53)
Automatic submission by obs-autosubmit
Stephan Kulow (coolo)
accepted
request 329655
from
Tomáš Chvátal (scarabeus_iv)
(revision 52)
- Version bump to 3.0.3:
* Increase VSFTP_AS_LIMIT to 200MB; various reports.
* Make the PWD response more RFC compliant; report from Barry Kelly
<barry@modeltwozero.com>.
* Remove the trailing period from EPSV response to work around BT Internet
issues; report from Tim Bishop <tdb@mirrorservice.org>.
* Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
* Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
probably have a different distro / libc / etc. and there are multiple reports.
* Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
* List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
* Make some compile-time SSL defaults (such as correct client shutdown
handling) stricter.
* Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
* Kill the FTP session if we see HTTP protocol commands, to avoid
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
* Kill the FTP session if we see session re-use failure. A report from
Tim Kosse <tim.kosse@filezilla-project.org>.
* Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
* Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
* Minor SSL logging improvements.
* Un-default tunable_strict_ssl_write_shutdown again. We still have
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
upload integrity.
- Drop patch vsftpd-allow-dev-log-socket.patch should be included
upstream, se above bullet with mvyskocil's email
Dominique Leuenberger (dimstar_suse)
accepted
request 313269
from
Tomáš Chvátal (scarabeus_iv)
(revision 51)
- Fix logrotate script to not fail when vsftpd is not running, bnc#935279
Displaying revisions 21 - 40 of 90
