SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for vsftpd-debugsource-3.0.2-17.2.x86_64.rpm :

* Tue Mar 22 2016 tchvatalAATTsuse.com- Fix hang when using seccomp and syslog bnc#971784:
* vsftpd-seccomp-syslog.patch
* Tue Mar 22 2016 tchvatalAATTsuse.com- Fix user creation to not report error when user alredy exist bnc#972169
* Mon Mar 21 2016 tchvatalAATTsuse.com- Fix bnc#970982 hanging on pam_exec in pam.d
* Add patch vsftpd-3.0.2-wnohang.patch
* Thu Mar 10 2016 jcejkaAATTsuse.com- Fix memory leaks in ls.c bnc#968138
* Add patch vsftpd-ls-memleak.patch
* Update patch vsftpd-path-normalize.patch- Fix wildcard ? matching bnc#969411
* Update patch vsftpd-2.3.4-sqb.patch
* Tue Jun 23 2015 tchvatalAATTsuse.com- Fix logrotate script to not fail when vsftpd is not running, bnc#935279
* Fri Apr 17 2015 tchvatalAATTsuse.com- Fix hide_file option wrt bnc#927612:
* vsftpd-path-normalize.patch
* Sun Apr 05 2015 tchvatalAATTsuse.com- bnc#925963 stat is sometimes run on wrong path and results with ENOENT, ensure we sent both dir+file to filter verification:
* vsftpd-path-normalize.patch
* Wed Mar 25 2015 tchvatalAATTsuse.com- Update patch bit more for sanity checks. Done by rsassuAATTsuse.de:
* vsftpd-path-normalize.patch
* Mon Mar 23 2015 tchvatalAATTsuse.com- Add back patch attempting to fix bnc#900326 bnc#915522 and bnc#922538:
* vsftpd-path-normalize.patch
* Mon Mar 23 2015 tchvatalAATTsuse.com- Reset filter patch to match fedora, my work will be restarted in one-off patch to make the changes stand out. Add rest of RH filtering patches:
* vsftpd-2.2.0-wildchar.patch
* vsftpd-2.3.4-sqb.patch
* vsftpd-2.1.0-filter.patch
* Mon Mar 23 2015 tchvatalAATTsuse.com- Work on the filter patch and split out the normalisation of the path to separate str function, currently commented out so I avoid huge diffing.
* vsftpd-2.1.0-filter.patch
* Fri Feb 20 2015 tchvatalAATTsuse.com- Add service calls for other unit files too- Udate filter patch to work as expected:
* vsftpd-2.1.0-filter.patch
* Fri Jan 02 2015 tchvatalAATTsuse.com- Try to fix deny_file parsing to do more what is expected. Taken from fedora. bnc#900326 bnc#915522 CVE-2015-1419
* vsftpd-2.1.0-filter.patch
* Fri Nov 14 2014 dimstarAATTopensuse.org- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.
* Thu Aug 21 2014 jmatejekAATTsuse.com- force using fork() instead of clone() on s390 - fixes bnc#890469
* vsftpd-3.0.2-s390.patch
* Mon May 26 2014 tchvatalAATTsuse.com- Cleanup with spec-cleaner- Remove conditions about init files as we do not build for < 12.1 anyway.- Update the README.SUSE file to describe more the listen option.
* Mon May 26 2014 tchvatalAATTsuse.com- Add socket service for vsftpd to avoid the need for xinetd here.
* Mon May 26 2014 tchvatalAATTsuse.com- Add comment about listen variables for xinetd configuration. Fixes bnc#872221.- Add default configuration as arg to xinetd started vsftpd.- Updated patch:
* vsftpd-2.0.4-xinetd.diff
* Thu Apr 10 2014 tchvatalAATTsuse.com- Move the enabling of timeofday and alarm one level deeper to be sure it is whitelisted everytime. Also should possibly fix bnc#872215.- Updated patch:
* vsftpd-enable-gettimeofday-sec.patch
* Thu Apr 10 2014 tchvatalAATTsuse.com- Remove forking from service type as it hangs in endless loop.
* Wed Apr 02 2014 tchvatalAATTsuse.com- Fix warning about dangling symlink on rcvsftpd from rpmlint and remove also clean section while at it.
* Wed Apr 02 2014 tchvatalAATTsuse.com- Add patch to allow gettimeofday and alarm calls with seccomp enabled. bnc#870122- Added patch:
* vsftpd-enable-gettimeofday-sec.patch
* Tue Apr 01 2014 tchvatalAATTsuse.com- Specify that the service type is forking
* Mon Jan 27 2014 mvyskocilAATTsuse.com- changed license to SUSE-GPL-2.0-with-openssl-exception
* suggested by legal team
* Tue Jan 21 2014 mvyskocilAATTsuse.com- add allow_root_squashed_chroot option to enable chroot on nsf mounted with squash_root option (fate#311051)
* vsftpd-root-squashed-chroot.patch
* Sat Jul 20 2013 crrodriguezAATTopensuse.org- build with OPENSSL_NO_SSL_INTERN this hides internal struct members or functions that if changed in future openssl versions will break the ABI of the calling applications.
* Thu Apr 04 2013 mvyskocilAATTsuse.com- add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1)
* this enabled a sendto on /dev/log socket when syslog is enabled- provide more verbose explanation about isolate_network and seccomp_sanbox in config file template- don\'t install init file on openSUSE 13.1+- drop a build support for SL 10 and older
* Fri Mar 29 2013 mvyskocilAATTsuse.com- add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38)
* drop CLONE_NEWPID from clone to enable audit system- add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406)
* unconditionally enable F_SETFL patch - might be safe to do
* Thu Feb 28 2013 lnusselAATTsuse.de- add isolate_network and seccomp_sandbox options to template to make them easier to find (bnc#786024)
* Thu Feb 28 2013 mvyskocilAATTsuse.com- add vsftpd-allow-dev-log-socket.patch (bnc#786024)
* whitelist /dev/log related socket syscall
* Tue Nov 20 2012 sbrabecAATTsuse.cz- Verify GPG signature.
* Tue Nov 20 2012 dimstarAATTopensuse.org- Fix useradd invocation: -o is useless without -u and newer versions of pwdutils/shadowutils fail on this now.
* Mon Oct 22 2012 mvyskocilAATTsuse.com- update to 3.0.2 (bnc#786024)
* Fix some seccomp related build errors on certain CentOS and Debian versions.
* Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort() opens and maps /proc/meminfo but only for larger item counts?
* Seccomp filter sandbox: deny socket() gracefully for text_userdb_names.
* Fix various NULL crashes with nonsensical config settings. Noted by Tianyin Xu .
* Force cast to unsigned char in is
* char functions.
* Fix harmless integer issues in strlist.c.
* Started on a (possibly ill-advised?) crusade to compile cleanly with Wconversion. Decided to suspend the effort half-way through.
* One more seccomp policy fix: mremap (denied).
* Support STOU with no filename, uses a STOU. prefix.
* Fri Aug 24 2012 mvyskocilAATTsuse.cz- make seccomp sandbox enabled by default
* dropped vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
* Mon Apr 23 2012 brianAATTaljex.com- fix building on 11.4 x86_64 and lower
* fix where, when, & how __USE_GNU gets #defined
* make seccomp optional and disable it on 10.3 and lower
* Tue Apr 10 2012 mvyskocilAATTsuse.cz- update to upstream 3.0.0:
* Make listen mode the default.
* Fix missing \"const\" in ssl.c
* Add seccompsandbox.c to support a seccomp filter sandbox; works against Ubuntu 12.04 ABI.
* Rearrange ftppolicy.c a bit so the syscall list is easily comparable with seccompsandbox.c
* Rename deprecated \"sandbox\" to \"ptrace_sandbox\".
* Add a few more state checks to the privileged helper processes.
* Add tunable \"seccomp_sandbox\", default on.
* Use hardened build flags.
* Retry creating a PASV socket upon port reuse race between bind() and listen(), patch from Ralph Wuerthner .
* Don\'t die() if recv() indicates a closed remote connection. Problem report on a Windows client from Herbert van den Bergh, .
* Add new config setting \"allow_writeable_chroot\" to help people in a bit of a spot with the v2.3.5 defensive change. Only applies to non-anonymous.
* Remove a couple of fixed things from BUGS.
* strlen() trunction fix -- no particular impact.
* Apply some tidyups from mmoufidAATTyorku.ca.
* Fix delete_failed_uploads if there is a timeout. Report from Alejandro Hernández Hdez .
* Fix other data channel bugs such as failure to log failure upon timeout.
* Use exit codes a bit more consistently.
* Fix bad interaction between SSL and trans_chunk_size.
* Redo data timeout to fire properly for SSL sessions.
* Redo idle timeout to fire properly for SSL sessions.
* Make sure PROT_EXEC isn\'t allowed, thanks to Will Drewry for noticing.
* Use 10 minutes as a max linger time just in case an alarm gets lost.
* Change PR_SET_NO_NEW_PRIVS define, from Kees Cook.
* Add AES128-SHA to default SSL cipher suites for FileZilla compatibility. Unfortunately the default vsftpd SSL confiuration still doesn\'t fully work with FileZilla, because FileZilla has a data connection security problem: no client certificate presentation and no session reuse. At least the error message is now very clear.
* Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst a data transfer is in progress.
* Fix delete_failed_uploads for anonymous sessions.
* Don\'t listen for urgent data if the control connection is SSL, due to possible protocol synchronization issues.- SUSE specific changes:
* turn off the listen mode (listen=NO) by default and change README.SUSE
* merge new hardended flags for build and linking
* fix the wrong Type=forking from systemd service file
* turn off the seccomp_sandbox off by default as SUSE kernel does not support it (yet)
* Tue Feb 21 2012 mvyskocilAATTsuse.cz- follow Systemd Packaging guidelines http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines- add $local_fs and $remote_fs to init script
* Wed Feb 15 2012 mvyskocilAATTsuse.cz- use the original tarball, because the bz2 repacking madness disables gpg --verify- revert a part oc changes utf converting
* Fri Dec 23 2011 andreas.stiegerAATTgmx.de- update to upstream 2.3.5:
* Try and force glibc to cache zoneinfo files in an attempt to work around glibc parsing vulnerability. Thanks to Kingcope.
* Only report CHMOD in SITE HELP if it\'s enabled. Thanks to Martin Schwenke .
* Some simple fixes and cleanups from Thorsten Brehm .
* Only advertise \"AUTH SSL\" if one of SSLv2, SSLv3 is enabled. Thanks to steve willing .
* Handle connect() failures properly. Thanks to Takayuki Nagata .
* Add stronger checks for the configuration error of running with a writeable root directory inside a chroot(). This may bite people who carelessly turned on chroot_local_user but such is life.- convert .changes file to unicode- refresh vsftpd-2.0.4-conf.diff to vsftpd-2.3.5-conf.patch- name patches explicitly without macro as per recommendations- remove INSTALL file from binary package- update license to GPL-2.0+- mark /etc/sysconfig/SuSEfirewall2/services/vsftpd as config file
* Sat Nov 26 2011 crrodriguezAATTopensuse.org- fis copy/paste error in previous change
* Fri Nov 25 2011 crrodriguezAATTopensuse.org- Add systemd unit
* Thu Sep 22 2011 mvyskocilAATTsuse.cz- fix bnc#713588 - bogus logrotate config for vsftpd call /sbin/killproc -HUP /usr/sbin/vsftpd like init script- change the url and service file to the new location at security.appspot.com/vsftpd
* Fri Feb 25 2011 crrodriguezAATTopensuse.org- Update to 2.3.4- Avoid consuming excessive CPU when matching filenames to patterns. Thanks to Maksymilian Arciemowicz .- Some bugfixes from Raphaël Rigo -- good bugs but no apparent security impact.
* Tue Sep 21 2010 cristian.rodriguezAATTopensuse.org- Update to version 2.3.2- Fix silly regression re: log files being overwritten from the start.- Rename a few file-open functions to make it clearer what they do
* Tue Aug 10 2010 cristian.rodriguezAATTopensuse.org- Update to 2.3.0- Add extremely simply HTTP support. It\'s very experimental, ignorant of HTTP protocol and headers, and likely has all sorts of other issues. The use case it might satisfy is if you need to serve simple static unathenticated content with large levels of paranoia.- Fix port_promiscuous breakage.- Minor FAQ update.- Use a larger address space limit if using text_userdb_names=YES- Always use CLONE_NEWNET if possible when in HTTP mode.- Change REST + STOR so that it\'s possible to overwrite part of file without truncating it.- Boot the session if we see a USER where encryption was required. May prevent the transmission of plaintext passwords by buggy clients.- Fix failure to transmit a large ASCII file over SSL, if it contains \
-> \\r\
fixups.
* Tue May 25 2010 cristian.rodriguezAATTopensuse.org- $remote_fs --> network-remotefs
* Sun Feb 21 2010 msebenAATTnovell.com- updated to version 2.2.2
* Change \"File receive OK.\" to \"Transfer complete.\" to placate some broken clients. Thanks Holger Kiehl .
* Fix erroneous \"child died\" upon FTP client connect, when under load. Awesome thanks to Holger Kiehl for running diagnostic tests on his live server.
* Boot the session if an overly long line is encountered.- see Changelog file for changes in 2.1.0, 2.1.1, 2.1.2 and 2.2.0 releases- deprecated use-ipv6-scope-id.patch,libcap2-fix.diff,write_race.patch nowarn.patch
* Thu Jan 28 2010 msebenAATTnovell.com- added use-ipv6-scope-id.patch to fix connection issues with ipv6-link local address (bnc#574366)
* Wed Jan 20 2010 cooloAATTnovell.com- fix typo in the package description - and remove authors
  
ICM