Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-12:Update
vsftpd
vsftpd.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File vsftpd.changes of Package vsftpd
------------------------------------------------------------------- Tue Apr 27 06:39:41 AM UTC 2021 - Peter Simons <psimons@suse.com> - Apply "vsftpd-avoid-bogus-ssl-write.patch" to fix a segmentation fault that occurred while trying to write to an invalid TLS context. [bsc#1125951] ------------------------------------------------------------------- Tue Apr 20 08:37:59 AM UTC 2021 - psimons@suse.com - vsftpd-enable-syscalls-needed-by-sle15.patch: Enable wait4(), sysinfo(), and shutdown() syscalls in seccomp sandbox. These are required for the daemon to work properly on SLE-15. [bsc#1089088, bsc#1180314] ------------------------------------------------------------------- Fri Nov 13 09:49:06 AM UTC 2020 - psimons@suse.com - Apply "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" and "0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch", which add the "ssl_tlsv1_1" and "ssl_tlsv1_2" options to the configuration file. Both options default to true. [SLE-4182] - Apply "use-system-wide-tls-cipher-policy.patch" so that vsftpd follows the system-wide TLS cipher policy "DEFAULT_SUSE" by default. Run the command "openssl ciphers -v DEFAULT_SUSE" to see which ciphers this includes. ------------------------------------------------------------------- Thu Jun 28 15:57:13 UTC 2018 - psimons@suse.com - Extend "vsftpd-3.0.3-address_space_limit.patch" to mention the new 'address_space_limit' option in the installed vsftpd.conf(5) man page. [bsc#1075060] ------------------------------------------------------------------- Thu Jun 21 11:06:33 UTC 2018 - psimons@suse.com - Apply "vsftpd-support-dsa-only-setups.patch" to disable the problematic default setting for rsa_cert_file. Upstream initializes that value to "/usr/share/ssl/certs/vsftpd.pem" and vsftpd won't start up if that file does not exist (or if it does not contain an RSA certificate). Therefore, users who copy a DSA certificate into that location or properly configure a DSA certificate via dsa_cert_file without explicitly disabling the RSA certificate won't be able to start vsftpd. [bsc#975538] ------------------------------------------------------------------- Wed May 16 15:25:02 UTC 2018 - psimons@suse.com - Don't start/stop parameterized systemd units in pre/post actions. These units cannot be used without an explicit parameter and attempts to do so lead to a confusing "failed to try-restart" error message. [bsc#1093179, bsc#1010177] ------------------------------------------------------------------- Thu Sep 7 12:24:26 UTC 2017 - psimons@suse.com - Add "vsftpd-die-with-session.patch" to fix a bug in vsftpd that would cause SSL protocol errors, aborting the connection, whenever system errors occurred that were supposed to be non-fatal. [bsc#1044292] - Add "vsftpd-seccomp-getrandom.patch" to fix a seccomp failure that used to occur in FIPS mode when SSL is enabled. [bsc#1052900] - Add "vsftpd-append-seek-pipe.patch" to allow the FTP server to append to a file system pipe. [bsc#1048427] - Add "vsftpd-3.0.3-address_space_limit.patch" to create the new configuration option "address_space_limit", which determines the memory limit vsftpd configures for its own process (given in bytes). The previously hard-coded limit (100 MB) may not be sufficient for vsftpd servers running with certain PAM modules enabled, and in such cases administrators may wish to raise the limit to match their system's requirements. [bsc#1042137] ------------------------------------------------------------------- Thu Apr 6 10:29:44 UTC 2017 - psimons@suse.com - Add "vsftpd-mdtm-in-utc.patch" to fix interoperability issue with various ftp clients that arose when vsftpd is configured with option "use_localtime=YES". Basically, it's fine to use local time stamps in directory listings, but responding to MDTM commands with any time zone other than UTC directly violates RFC3659 and leads FTP clients to misinterpret the file's time stamp. [bsc#1024961] ------------------------------------------------------------------- Thu Mar 16 10:16:15 UTC 2017 - psimons@suse.com - Fix several issues related to SSL/TLS support [bsc#1021387]: * vsftpd-enable-sendto-for-prelogin-syslog.patch allows sendto() to be called from check_limits(), which is necessary for vsftpd to write to the system log. * vsftpd-openlog-force.patch fixes a logic error in the way the force option for syslog's openlog() call was handled. * vsftpd-seccomp-ssl.patch allows stat() to be called, which is required during SSL initialization by RAND_load_file(). * vsftpd-seccomp-wait4.patch allows wait4() to be called so that the broker can wait for its child processes. ------------------------------------------------------------------- Fri Oct 21 12:50:25 UTC 2016 - psimons@suse.com - Add vsftpd-3.0.2-fix-chown-uploads.patch to fix a bug in vsftpd where files uploaded by an anonymous user could not be chown()ed to the desired UID as specified in the daemon's configuration file. [bnc#996370] ------------------------------------------------------------------- Tue Mar 22 14:56:05 UTC 2016 - tchvatal@suse.com - Fix hang when using seccomp and syslog bnc#971784: * vsftpd-seccomp-syslog.patch ------------------------------------------------------------------- Tue Mar 22 14:27:27 UTC 2016 - tchvatal@suse.com - Fix user creation to not report error when user alredy exist bnc#972169 ------------------------------------------------------------------- Mon Mar 21 12:53:59 UTC 2016 - tchvatal@suse.com - Fix bnc#970982 hanging on pam_exec in pam.d * Add patch vsftpd-3.0.2-wnohang.patch ------------------------------------------------------------------- Thu Mar 10 18:15:03 UTC 2016 - jcejka@suse.com - Fix memory leaks in ls.c bnc#968138 * Add patch vsftpd-ls-memleak.patch * Update patch vsftpd-path-normalize.patch - Fix wildcard ? matching bnc#969411 * Update patch vsftpd-2.3.4-sqb.patch ------------------------------------------------------------------- Tue Jun 23 08:51:32 UTC 2015 - tchvatal@suse.com - Fix logrotate script to not fail when vsftpd is not running, bnc#935279 ------------------------------------------------------------------- Fri Apr 17 16:35:14 UTC 2015 - tchvatal@suse.com - Fix hide_file option wrt bnc#927612: * vsftpd-path-normalize.patch ------------------------------------------------------------------- Sun Apr 5 10:25:50 UTC 2015 - tchvatal@suse.com - bnc#925963 stat is sometimes run on wrong path and results with ENOENT, ensure we sent both dir+file to filter verification: * vsftpd-path-normalize.patch ------------------------------------------------------------------- Wed Mar 25 10:08:03 UTC 2015 - tchvatal@suse.com - Update patch bit more for sanity checks. Done by rsassu@suse.de: * vsftpd-path-normalize.patch ------------------------------------------------------------------- Mon Mar 23 20:13:51 UTC 2015 - tchvatal@suse.com - Add back patch attempting to fix bnc#900326 bnc#915522 and bnc#922538: * vsftpd-path-normalize.patch ------------------------------------------------------------------- Mon Mar 23 20:08:19 UTC 2015 - tchvatal@suse.com - Reset filter patch to match fedora, my work will be restarted in one-off patch to make the changes stand out. Add rest of RH filtering patches: * vsftpd-2.2.0-wildchar.patch * vsftpd-2.3.4-sqb.patch * vsftpd-2.1.0-filter.patch ------------------------------------------------------------------- Mon Mar 23 19:56:11 UTC 2015 - tchvatal@suse.com - Work on the filter patch and split out the normalisation of the path to separate str function, currently commented out so I avoid huge diffing. * vsftpd-2.1.0-filter.patch ------------------------------------------------------------------- Fri Feb 20 12:13:42 UTC 2015 - tchvatal@suse.com - Add service calls for other unit files too - Udate filter patch to work as expected: * vsftpd-2.1.0-filter.patch ------------------------------------------------------------------- Fri Jan 2 10:32:53 UTC 2015 - tchvatal@suse.com - Try to fix deny_file parsing to do more what is expected. Taken from fedora. bnc#900326 bnc#915522 CVE-2015-1419 * vsftpd-2.1.0-filter.patch ------------------------------------------------------------------- Fri Nov 14 09:19:22 UTC 2014 - dimstar@opensuse.org - No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify. ------------------------------------------------------------------- Thu Aug 21 14:21:51 UTC 2014 - jmatejek@suse.com - force using fork() instead of clone() on s390 - fixes bnc#890469 * vsftpd-3.0.2-s390.patch ------------------------------------------------------------------- Mon May 26 13:13:44 UTC 2014 - tchvatal@suse.com - Cleanup with spec-cleaner - Remove conditions about init files as we do not build for < 12.1 anyway. - Update the README.SUSE file to describe more the listen option. ------------------------------------------------------------------- Mon May 26 12:52:56 UTC 2014 - tchvatal@suse.com - Add socket service for vsftpd to avoid the need for xinetd here. ------------------------------------------------------------------- Mon May 26 12:42:21 UTC 2014 - tchvatal@suse.com - Add comment about listen variables for xinetd configuration. Fixes bnc#872221. - Add default configuration as arg to xinetd started vsftpd. - Updated patch: * vsftpd-2.0.4-xinetd.diff ------------------------------------------------------------------- Thu Apr 10 12:56:03 UTC 2014 - tchvatal@suse.com - Move the enabling of timeofday and alarm one level deeper to be sure it is whitelisted everytime. Also should possibly fix bnc#872215. - Updated patch: * vsftpd-enable-gettimeofday-sec.patch ------------------------------------------------------------------- Thu Apr 10 12:06:25 UTC 2014 - tchvatal@suse.com - Remove forking from service type as it hangs in endless loop. ------------------------------------------------------------------- Wed Apr 2 07:47:05 UTC 2014 - tchvatal@suse.com - Fix warning about dangling symlink on rcvsftpd from rpmlint and remove also clean section while at it. ------------------------------------------------------------------- Wed Apr 2 07:35:27 UTC 2014 - tchvatal@suse.com - Add patch to allow gettimeofday and alarm calls with seccomp enabled. bnc#870122 - Added patch: * vsftpd-enable-gettimeofday-sec.patch ------------------------------------------------------------------- Tue Apr 1 07:17:50 UTC 2014 - tchvatal@suse.com - Specify that the service type is forking ------------------------------------------------------------------- Mon Jan 27 13:04:19 UTC 2014 - mvyskocil@suse.com - changed license to SUSE-GPL-2.0-with-openssl-exception * suggested by legal team ------------------------------------------------------------------- Tue Jan 21 11:00:13 UTC 2014 - mvyskocil@suse.com - add allow_root_squashed_chroot option to enable chroot on nsf mounted with squash_root option (fate#311051) * vsftpd-root-squashed-chroot.patch ------------------------------------------------------------------- Sat Jul 20 21:23:31 UTC 2013 - crrodriguez@opensuse.org - build with OPENSSL_NO_SSL_INTERN this hides internal struct members or functions that if changed in future openssl versions will break the ABI of the calling applications. ------------------------------------------------------------------- Thu Apr 4 08:35:40 UTC 2013 - mvyskocil@suse.com - add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1) * this enabled a sendto on /dev/log socket when syslog is enabled - provide more verbose explanation about isolate_network and seccomp_sanbox in config file template - don't install init file on openSUSE 13.1+ - drop a build support for SL 10 and older ------------------------------------------------------------------- Fri Mar 29 13:15:46 UTC 2013 - mvyskocil@suse.com - add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38) * drop CLONE_NEWPID from clone to enable audit system - add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406) * unconditionally enable F_SETFL patch - might be safe to do ------------------------------------------------------------------- Thu Feb 28 16:02:17 UTC 2013 - lnussel@suse.de - add isolate_network and seccomp_sandbox options to template to make them easier to find (bnc#786024) ------------------------------------------------------------------- Thu Feb 28 13:30:07 UTC 2013 - mvyskocil@suse.com - add vsftpd-allow-dev-log-socket.patch (bnc#786024) * whitelist /dev/log related socket syscall ------------------------------------------------------------------- Tue Nov 20 17:19:03 CET 2012 - sbrabec@suse.cz - Verify GPG signature. ------------------------------------------------------------------- Tue Nov 20 09:21:17 UTC 2012 - dimstar@opensuse.org - Fix useradd invocation: -o is useless without -u and newer versions of pwdutils/shadowutils fail on this now. ------------------------------------------------------------------- Mon Oct 22 13:38:57 UTC 2012 - mvyskocil@suse.com - update to 3.0.2 (bnc#786024) * Fix some seccomp related build errors on certain CentOS and Debian versions. * Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort() opens and maps /proc/meminfo but only for larger item counts? * Seccomp filter sandbox: deny socket() gracefully for text_userdb_names. * Fix various NULL crashes with nonsensical config settings. Noted by Tianyin Xu <tixu@cs.ucsd.edu>. * Force cast to unsigned char in is* char functions. * Fix harmless integer issues in strlist.c. * Started on a (possibly ill-advised?) crusade to compile cleanly with Wconversion. Decided to suspend the effort half-way through. * One more seccomp policy fix: mremap (denied). * Support STOU with no filename, uses a STOU. prefix. ------------------------------------------------------------------- Fri Aug 24 07:07:55 UTC 2012 - mvyskocil@suse.cz - make seccomp sandbox enabled by default * dropped vsftpd-3.0.0-turn-seccomp-sandbox-off.patch ------------------------------------------------------------------- Mon Apr 23 10:38:40 UTC 2012 - brian@aljex.com - fix building on 11.4 x86_64 and lower * fix where, when, & how __USE_GNU gets #defined * make seccomp optional and disable it on 10.3 and lower ------------------------------------------------------------------- Tue Apr 10 14:13:12 UTC 2012 - mvyskocil@suse.cz - update to upstream 3.0.0: * Make listen mode the default. * Fix missing "const" in ssl.c * Add seccompsandbox.c to support a seccomp filter sandbox; works against Ubuntu 12.04 ABI. * Rearrange ftppolicy.c a bit so the syscall list is easily comparable with seccompsandbox.c * Rename deprecated "sandbox" to "ptrace_sandbox". * Add a few more state checks to the privileged helper processes. * Add tunable "seccomp_sandbox", default on. * Use hardened build flags. * Retry creating a PASV socket upon port reuse race between bind() and listen(), patch from Ralph Wuerthner <ralph.wuerthner@de.ibm.com>. * Don't die() if recv() indicates a closed remote connection. Problem report on a Windows client from Herbert van den Bergh, <herbert.van.den.bergh@oracle.com>. * Add new config setting "allow_writeable_chroot" to help people in a bit of a spot with the v2.3.5 defensive change. Only applies to non-anonymous. * Remove a couple of fixed things from BUGS. * strlen() trunction fix -- no particular impact. * Apply some tidyups from mmoufid@yorku.ca. * Fix delete_failed_uploads if there is a timeout. Report from Alejandro Hernández Hdez <aalejandrohdez@gmail.com>. * Fix other data channel bugs such as failure to log failure upon timeout. * Use exit codes a bit more consistently. * Fix bad interaction between SSL and trans_chunk_size. * Redo data timeout to fire properly for SSL sessions. * Redo idle timeout to fire properly for SSL sessions. * Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing. * Use 10 minutes as a max linger time just in case an alarm gets lost. * Change PR_SET_NO_NEW_PRIVS define, from Kees Cook. * Add AES128-SHA to default SSL cipher suites for FileZilla compatibility. Unfortunately the default vsftpd SSL confiuration still doesn't fully work with FileZilla, because FileZilla has a data connection security problem: no client certificate presentation and no session reuse. At least the error message is now very clear. * Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst a data transfer is in progress. * Fix delete_failed_uploads for anonymous sessions. * Don't listen for urgent data if the control connection is SSL, due to possible protocol synchronization issues. - SUSE specific changes: * turn off the listen mode (listen=NO) by default and change README.SUSE * merge new hardended flags for build and linking * fix the wrong Type=forking from systemd service file * turn off the seccomp_sandbox off by default as SUSE kernel does not support it (yet) ------------------------------------------------------------------- Tue Feb 21 10:51:51 UTC 2012 - mvyskocil@suse.cz - follow Systemd Packaging guidelines http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines - add $local_fs and $remote_fs to init script ------------------------------------------------------------------- Wed Feb 15 16:41:15 UTC 2012 - mvyskocil@suse.cz - use the original tarball, because the bz2 repacking madness disables gpg --verify - revert a part oc changes utf converting ------------------------------------------------------------------- Fri Dec 23 17:48:04 UTC 2011 - andreas.stieger@gmx.de - update to upstream 2.3.5: * Try and force glibc to cache zoneinfo files in an attempt to work around glibc parsing vulnerability. Thanks to Kingcope. * Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke <martin@meltin.net>. * Some simple fixes and cleanups from Thorsten Brehm <tbrehm@dspace.de>. * Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to steve willing <eiji-gravion@hotmail.com>. * Handle connect() failures properly. Thanks to Takayuki Nagata <tnagata@redhat.com>. * Add stronger checks for the configuration error of running with a writeable root directory inside a chroot(). This may bite people who carelessly turned on chroot_local_user but such is life. - convert .changes file to unicode - refresh vsftpd-2.0.4-conf.diff to vsftpd-2.3.5-conf.patch - name patches explicitly without macro as per recommendations - remove INSTALL file from binary package - update license to GPL-2.0+ - mark /etc/sysconfig/SuSEfirewall2/services/vsftpd as config file ------------------------------------------------------------------- Sat Nov 26 16:31:20 UTC 2011 - crrodriguez@opensuse.org - fis copy/paste error in previous change ------------------------------------------------------------------- Fri Nov 25 22:14:14 UTC 2011 - crrodriguez@opensuse.org - Add systemd unit ------------------------------------------------------------------- Thu Sep 22 11:17:04 UTC 2011 - mvyskocil@suse.cz - fix bnc#713588 - bogus logrotate config for vsftpd call /sbin/killproc -HUP /usr/sbin/vsftpd like init script - change the url and service file to the new location at security.appspot.com/vsftpd ------------------------------------------------------------------- Fri Feb 25 01:37:38 UTC 2011 - crrodriguez@opensuse.org - Update to 2.3.4 - Avoid consuming excessive CPU when matching filenames to patterns. Thanks to Maksymilian Arciemowicz <cxib@securityreason.com>. - Some bugfixes from Raphaël Rigo <raphael.rigo@syscall.eu> -- good bugs but no apparent security impact. ------------------------------------------------------------------- Tue Sep 21 16:31:39 UTC 2010 - cristian.rodriguez@opensuse.org - Update to version 2.3.2 - Fix silly regression re: log files being overwritten from the start. - Rename a few file-open functions to make it clearer what they do ------------------------------------------------------------------- Tue Aug 10 04:55:16 UTC 2010 - cristian.rodriguez@opensuse.org - Update to 2.3.0 - Add extremely simply HTTP support. It's very experimental, ignorant of HTTP protocol and headers, and likely has all sorts of other issues. The use case it might satisfy is if you need to serve simple static unathenticated content with large levels of paranoia. - Fix port_promiscuous breakage. - Minor FAQ update. - Use a larger address space limit if using text_userdb_names=YES - Always use CLONE_NEWNET if possible when in HTTP mode. - Change REST + STOR so that it's possible to overwrite part of file without truncating it. - Boot the session if we see a USER where encryption was required. May prevent the transmission of plaintext passwords by buggy clients. - Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n fixups. ------------------------------------------------------------------- Tue May 25 13:05:30 UTC 2010 - cristian.rodriguez@opensuse.org - $remote_fs --> network-remotefs ------------------------------------------------------------------- Sun Feb 21 19:28:29 UTC 2010 - mseben@novell.com - updated to version 2.2.2 * Change "File receive OK." to "Transfer complete." to placate some broken clients. Thanks Holger Kiehl <Holger.Kiehl@dwd.de>. * Fix erroneous "child died" upon FTP client connect, when under load. Awesome thanks to Holger Kiehl <Holger.Kiehl@dwd.de> for running diagnostic tests on his live server. * Boot the session if an overly long line is encountered. - see Changelog file for changes in 2.1.0, 2.1.1, 2.1.2 and 2.2.0 releases - deprecated use-ipv6-scope-id.patch,libcap2-fix.diff,write_race.patch nowarn.patch ------------------------------------------------------------------- Thu Jan 28 10:42:31 UTC 2010 - mseben@novell.com - added use-ipv6-scope-id.patch to fix connection issues with ipv6-link local address (bnc#574366) ------------------------------------------------------------------- Wed Jan 20 14:13:49 UTC 2010 - coolo@novell.com - fix typo in the package description - and remove authors ------------------------------------------------------------------- Mon Sep 15 14:52:05 CEST 2008 - hvogel@suse.de - limit port range for passv to 30000:30100 to assist firewalling [bnc#420671] ------------------------------------------------------------------- Mon Sep 8 15:30:43 CEST 2008 - hvogel@suse.de - version 2.0.7 * Fix man page typo * Enhance logging for debug_ssl * Shutdown the SSL data connections properly * Add option to enforce proper SSL shutdown on uploads * Add option to delete failed uploads - limit port range for passv to 1024:2024 to assist firewalling [bnc#420671] ------------------------------------------------------------------- Wed Jun 11 12:44:25 CEST 2008 - hvogel@suse.de - Fix simultaneous ftp put of the same file [bnc#361559, bnc#273454] - dont die on EADDRINUSE but try again [bnc#395899] ------------------------------------------------------------------- Fri May 2 10:08:03 CEST 2008 - tiwai@suse.de - fix the link with libcap2 ------------------------------------------------------------------- Wed Apr 30 11:58:17 CEST 2008 - hvogel@suse.de - Make the unpriv bits run as ftpsecure and not as nobody [bnc#384776] ------------------------------------------------------------------- Tue Apr 1 16:23:57 CEST 2008 - mkoenig@suse.de - remove dir /usr/share/omc/svcinfo.d as it is provided now by filesystem ------------------------------------------------------------------- Tue Mar 11 20:56:47 CET 2008 - crrodriguez@suse.de - version 2.0.6 - Fix delay_failed_login typo. Oops. - Patch the getcwd and readlink sysutil helpers to reflect that they wouldn't like a 0-sized buf. No caller is affected. Thanks Ilja van Sprundel <ilja@suresec.org>. - Allow a (fake) reauth as the same user as the logged in user. Should resolve .NET related report from Sabo Jim <Jim.Sabo@thomson.net>. - Tweak from Lucian Adrian Grijincu <lucian.grijincu@gmail.com> to take unnecessary port calculations out of a loop. - Fix byte I/O accounting in the error path of do_file_send_rwloop, thanks to <echen@siac.com>. - Don't log FireFox's attempts to RETR directories! Reported by Nixdorf, Tim <tnixdorf@dnps.com>. - Fix STOU sending the same 150 status line twice - oops! Reported by <yamazaki@iij.ad.jp>. - Fix xferlog format for virtual (guest) users, reported by Andy Fletcher <andy@withnail.org>. - Fix bug with empty user list file and userlist_deny=NO. Reported by Marcin Zawadzki/GlobalVanet.com <marcin.zawadzki@globalvanet.com>. - Pretend we have proper UTF8 support and respond positively to OPTS UTF8 ON. Thanks Stanislav Maslovski <stanislav.maslovski@gmail.com>. - Add control over the file permissions used in the chown()ing of anonymous uploads: chown_upload_mode (default 0600 as before). Suggestion from An Pham <apham@medforcetech.com>. - Do a retry getting the active ftp socket in vsf_privop_get_ftp_port_sock(); should help buggy Solaris systems. Reported by Michael Masterson <mjmasterson@xo.com>. - Add debug_ssl option to dump out some SSL connection details. - Use code 522, not 521, to indicate that the server requires an encrypted data connection. Still does not seem to coax lftp to retry :( - Recognize OPTS pre-login. - A whole ton of SSL improvements, including ability to force requirement of a client cert; data and control channel client cert cross checking. Ability to require fully valid / authentic client certs. No cert-based auth yet. ------------------------------------------------------------------- Tue Mar 27 14:45:11 CEST 2007 - mskibbe@suse.de - change path to firewall script (#247352) ------------------------------------------------------------------- Fri Mar 2 10:34:33 CET 2007 - mskibbe@suse.de - change path to firewall script (#247352) ------------------------------------------------------------------- Wed Feb 28 08:46:47 CET 2007 - mskibbe@suse.de - vsftpd - Support for FATE #300687: Ports for SuSEfirewall added via packages (#246932) ------------------------------------------------------------------- Mon Jan 15 09:21:58 CET 2007 - mskibbe@suse.de - fix cryptic symbol in package - description - build against libcap on suse < 10.1 ------------------------------------------------------------------- Fri Jan 12 09:39:24 CET 2007 - mskibbe@suse.de - vsftp could not log any file name other then ascii (#229320) ------------------------------------------------------------------- Thu Jan 11 09:54:07 CET 2007 - mskibbe@suse.de - change path to xml service document (fate #301713) ------------------------------------------------------------------- Mon Jan 8 10:31:52 CET 2007 - mskibbe@suse.de - fix Bug #230220 - vsftp no debuginfo ------------------------------------------------------------------- Mon Jan 8 09:27:36 CET 2007 - mskibbe@suse.de - xml document should readable to all (fate #301713) ------------------------------------------------------------------- Wed Dec 6 12:03:32 CET 2006 - mskibbe@suse.de - add service xml document (fate #301713 ) ------------------------------------------------------------------- Mon Oct 23 09:42:05 CEST 2006 - mskibbe@suse.de - fix Bug 213894 - vsftpd and pam ------------------------------------------------------------------- Mon Sep 4 11:58:26 CEST 2006 - kukuk@suse.de - Include common PAM config files, add pam_loginuid.so ------------------------------------------------------------------- Fri Jul 14 10:57:58 CEST 2006 - mskibbe@suse.de - udpate to version 2.0.5 which o IE should now show the login dialog again o configurable login attempt limits and delays were added o a bad intereaction with DMAPI filesystems was fixed and chained certs should now work. ------------------------------------------------------------------- Fri May 26 11:50:07 CEST 2006 - schwab@suse.de - Don't strip binaries. ------------------------------------------------------------------- Thu Apr 20 18:03:29 CEST 2006 - hvogel@suse.de - revert the rename to vsftp for the xinetd config file. chkconfig knows on for init and xinetd. So this wasnt a bug but a misusage of chkconfig ------------------------------------------------------------------- Thu Apr 20 16:21:14 CEST 2006 - hvogel@suse.de - add support for DMAPI filesystems [#167632] ------------------------------------------------------------------- Wed Apr 19 11:13:47 CEST 2006 - hvogel@suse.de - rename xinetd config from vsftpd to vsftp to avoid name clashes in chkconfig [#165745] ------------------------------------------------------------------- Thu Feb 16 12:27:53 CET 2006 - hvogel@suse.de - enable ssl for real [#151453] ------------------------------------------------------------------- Mon Feb 6 14:31:27 CET 2006 - hvogel@suse.de - The switch to standalone should not happen in update. Installed xinetd config file again. The configuration file is marked as noreplace anyway so if you are updating you will get a xinetd.d/vsftpd.rpmnew and a vsftpd.conf.rpmnew and everything is working as before and standalone is only used for new installations. [#148201] - redirect standalone parent output to /var/log/rcvsftp.log so the init script can return properly. ------------------------------------------------------------------- Wed Jan 25 21:42:43 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Fri Jan 13 15:08:31 CET 2006 - hvogel@suse.de - Make use of Stack Protector - fix some uninitialized variables ------------------------------------------------------------------- Wed Jan 11 12:11:52 CET 2006 - hvogel@suse.de - Update to version 2.0.4 including: o Add explicit "This FTP server does not allow anonymous logins" message. o Add paranoid checks to sysutil.c for large values / lengths. o Load per-IP config files earlier; allows more settings to be tuned on a per-IP level. o regex fix so that {*} correctly matches everything. o Add optional file locking support via lock_upload_files. o Apply LDFLAGS patch from Mads Martin Joergensen <mmj@suse.de>. o Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once at startup. o Apply patch to fix timezone issues (caused by chroot() interacting badly with newer glibc versions). ------------------------------------------------------------------- Wed Sep 28 18:47:15 CEST 2005 - mmj@suse.de - Add init script, and make it standalone ------------------------------------------------------------------- Sun Sep 18 12:00:08 CEST 2005 - kukuk@suse.de - Add libcap-devel to nfb ------------------------------------------------------------------- Tue Aug 9 14:11:06 CEST 2005 - mmj@suse.de - Document that /etc/xinet.d/vsftpd is for xinetd conf [#102953] ------------------------------------------------------------------- Mon Aug 8 14:39:16 CEST 2005 - uli@suse.de - build with -fPIE, not -fpie (fixes s390x) ------------------------------------------------------------------- Mon Jun 27 14:09:14 CEST 2005 - ro@suse.de - use libcap ------------------------------------------------------------------- Fri Jun 17 10:16:13 CEST 2005 - mmj@suse.de - Compile with -fpie, link with -pie ------------------------------------------------------------------- Tue Apr 19 16:39:52 CEST 2005 - mmj@suse.de - Update to 2.0.3 including: o Document what regex expressions are supported in the man page. o New settings rsa_private_key_file and dsa_private_key_file to allow separate files for the certificates and private keys. o Initial, simple fix for timed out processes not exiting when SSL is in use. Better fix (which reports timeout to client properly) to follow. o Add which setsockopt option failed to die("setsockopt") calls. o Fix error with IPv4 connections to IPv6 listeners and PORT type data connections when connect_from_port_20 is set. o Remove vsf_sysutil_sockaddr_same_family (unused). o Support protocol 1 (IPv4) in EPRT. o Add ssl.c to AUDIT. o Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list. o Allow "EPSV 1" to mean IPv4 EPSV. o Report dummy IP but correct port with IPv6 / PASV. o Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write; fixes SSL upload failures when data timeouts are in use with some clients. o Implicitly disable connect_from_port_20 and chown_uploads when a non-root user is using run_as_launching_user. o Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure anonymous oonly solution (useful when you don't have root access and a range of acceptable anonymous passwords as credentials). o Use SSL BIO callbacks to fix data connection timeout checks; the checks weren't all occurring promply. ------------------------------------------------------------------- Thu Mar 3 09:35:27 CET 2005 - mmj@suse.de - Update to 2.0.2 including: o Emit data transfer status messages (success / failure) after flushing and waiting for the full data transfer to reach the client. This should help work around buggy FTP clients such as FlashFXP, which is known to truncate files incorrectly. o Make str_empty actually allocate an empty string. o Change the ASCII receive code to ONLY rip out \r if it is just before a \n; someone finally complained about this. o Enable AIX Large File Support o Add a couple of FAQ entries. o Fix time delta code areas to cope with negative deltas, which will occur if the clock is adjusted backwards. o Fix "errno" checks to be robust in multiple places; previously, calls to failing library calls could be made inbetween the original library call and the "errno" reads. o Make bandwidth limiter work with SSL data connections. o Note that the SSL / bandwidth limiter bug fixed a much more serious bug: SSL data connection dropouts after data_connection_timeout seconds. ------------------------------------------------------------------- Fri Feb 18 10:48:48 CET 2005 - mmj@suse.de - Glibc doesn't cache the timezone as much as it used to, so export the TZ variable after doing chroot. [#49878] ------------------------------------------------------------------- Thu Aug 12 11:26:26 CEST 2004 - mmj@suse.de - Update to 2.0.1 including: o Add -lcrypto for the SSL build; needed for some systems o Oops; fix session bale out if an empty length password is given. o Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so). o Fix vsftpd.conf.5 man page error in "ssl_sslv3" o Clarify licensing: I allow linking of my GPL software with the OpenSSL libraries. o Fix build where PAM build is enabled but PAM headers are missing. ------------------------------------------------------------------- Fri Jul 2 12:35:51 CEST 2004 - mmj@suse.de - Update to 2.0.0 including: o Improve logging (log deletes, renames, chmods, etc. as requested by users). o Add no_log_lock to work around Solaris / Veritas locking hangs. o Add EPRT, EPSV, PASV and TVFS to FEAT response. o Implement use of MDTM to set timestamps. o Recognize FEAT prior to login. o Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data connections. o Increase max size of .message files to 4000 characters o Add easy builddefs.h ability to disable PAM builds even when PAM is installed. o Report vsftpd version in STAT output. o Add REFS file. o Change parent<->child socket comms from DGRAM to STREAM for increased reliability. The main benefit is should the parent be killed (or crash out) then the child won't block on a read() that will never return. o Make str_reserve reserve space for the trailing zero as well, so we don't cause a reallocation if we exactly fill the buffer. o Optimize the sending of strings over the parent<->child comms links. o Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly compiled out. o Fix vsftpd.conf.5 typos o If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring totally. o Add SSL / TLS info to SECURITY texts. o Add README.ssl o Add documentation for new SSL options to vsftpd.conf.5. o Add support for CWD ~ o Fix compile warnings. ------------------------------------------------------------------- Sun May 30 01:35:55 CEST 2004 - mmj@suse.de - Add logrotate file [#41432] ------------------------------------------------------------------- Tue Apr 27 10:15:24 CEST 2004 - mmj@suse.de - Update to 1.2.2 including: o Fix nasty issue resulting in listener instability under extreme load (root cause was re-entering malloc/free). o Fix build with modern glibc-2.3 and no libcap on Linux. o Add initial support for running as the user which launched vsftpd, i.e. no root needed. Warning - easy to create insecurity if you use this without knowing what you are doing. o For above run-as-launching-user support: make CDUP re-use CWD code so that deny_file of *..* is useful. ------------------------------------------------------------------- Mon Jan 26 14:08:28 CET 2004 - hvogel@suse.de - reworked the log part of the conf file patch. Enabled syslog as default log destination, clarify xferlog settings. ------------------------------------------------------------------- Mon Jan 19 17:53:28 CET 2004 - mmj@suse.de - -D_LARGEFILE_SOURCE to get LFS support. Also make sure the offset bits are set correct. ------------------------------------------------------------------- Fri Jan 16 13:31:12 CET 2004 - kukuk@suse.de - Add pam-devel to neededforbuild ------------------------------------------------------------------- Thu Nov 13 12:55:27 CET 2003 - mmj@suse.de - Update to 1.2.1 ------------------------------------------------------------------- Wed Oct 15 12:56:23 CEST 2003 - mmj@suse.de - Don't build as root ------------------------------------------------------------------- Mon Jul 28 15:55:40 CEST 2003 - mmj@suse.de - Add EXAMPLE/ and FAQ - Don't strip explicitly ------------------------------------------------------------------- Fri May 30 12:48:45 CEST 2003 - mmj@suse.de - Update to vsftpd-1.2.0 including: ˇ IPv6 support, so drop our patch ˇ Many bugfixes and tunings ˇ Build fixes ------------------------------------------------------------------- Thu Mar 6 16:34:30 CET 2003 - mmj@suse.de - Fix the xinetd conf file [#24774] ------------------------------------------------------------------- Fri Feb 7 13:58:51 CET 2003 - kukuk@suse.de - Use pam_unix2.so instead of pam_unix.so ------------------------------------------------------------------- Fri Jan 24 12:12:52 CET 2003 - mmj@suse.de - Correct xinetd conffile ------------------------------------------------------------------- Tue Jan 14 13:54:58 CET 2003 - mmj@suse.de - Install xinetd.d/vsftpd ------------------------------------------------------------------- Sat Oct 26 10:51:03 CEST 2002 - mmj@suse.de - Use better configuration defaults, thanks henne. ------------------------------------------------------------------- Fri Oct 25 10:17:07 CEST 2002 - mmj@suse.de - Add $RPM_OPT_FLAGS to CFLAGS when building ------------------------------------------------------------------- Thu Oct 24 14:05:23 CEST 2002 - mmj@suse.de - Update to 1.1.2 including: o Addition of per-IP connection limits in standalone mode. o Add logging of refused connect due to global or IP connection limits. o Make connection limit exceeded messages nonblocking. o Don't exit the listener if fork fails. ------------------------------------------------------------------- Tue Oct 8 09:47:55 CEST 2002 - mmj@suse.de - Update to 1.1.1 ------------------------------------------------------------------- Fri Aug 2 12:32:43 CEST 2002 - mmj@suse.de - Update to 1.1.0 ------------------------------------------------------------------- Tue Jul 9 12:48:03 CEST 2002 - okir@suse.de - Added a patch to get rid of lots of warnings caused by -Wshadow - Added a patch to implement IPv6 support ------------------------------------------------------------------- Tue Apr 30 14:27:53 CEST 2002 - mmj@suse.de - And now without detection of pam in /lib/libpam.so.0, which is bogus. ------------------------------------------------------------------- Sun Feb 17 18:14:13 CET 2002 - mmj@suse.de - Added a patch to the vsftpd library detection function to make it build with /usr/lib64. Fixes build on S/390. ------------------------------------------------------------------- Tue Feb 12 13:52:01 MET 2002 - mmj@suse.de - Remove Requires: ftpdir ------------------------------------------------------------------- Mon Feb 4 18:02:20 CET 2002 - choeger@suse.de - do not set e(x)ecute bit on textfiles ------------------------------------------------------------------- Fri Feb 1 14:33:13 CET 2002 - choeger@suse.de - declare config file as %config(noreplace) ------------------------------------------------------------------- Thu Jan 17 15:45:11 CET 2002 - mmj@suse.de - Update to version 1.0.1 ------------------------------------------------------------------- Fri Nov 30 16:25:35 CET 2001 - mmj@suse.de - Use /etc/pam.d/vsftpd ------------------------------------------------------------------- Tue Nov 13 13:30:42 CET 2001 - mmj@suse.de - Updated to version 1.0.0 ------------------------------------------------------------------- Mon Oct 22 15:57:40 CEST 2001 - mmj@suse.de - Initial package -------------------------------------------------------------------
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor