| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
* create /etc/vsftpd directory for extra config files
like userlist, certificate and key
* modify config file to use that directory
* include that directory in conffiles for backup
* use PKG_HASH
* update URL
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes build errors with external toolchains that don't have STAGING_DIR
in their default search path for headers:
mipsel-linux-gnu-gcc -c ssl.c -Os -pipe -mno-branch-likely -mips32r2
-mtune=24kc -fno-caller-saves -Wno-unused-result -D_FORTIFY_SOURCE=1
-Wl,-z,now -Wl,-z,relro -D_GNU_SOURCE -include fcntl.h -idirafter
dummyinc
ssl.c:28:25: fatal error: openssl/err.h: No such file or directory
#include <openssl/err.h>
^
compilation terminated.
Makefile:28: recipe for target 'ssl.o' failed
make[3]: *** [ssl.o] Error 1
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alex Nikitenko <alex.nikitenko@sirinsoftware.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update vsftpd to 3.0.3 released in July 2015.
Changelog: https://security.appspot.com/vsftpd/Changelog.txt
Release blog: http://scarybeastsecurity.blogspot.fi/2015/07/vsftpd-303-released-and-horrors-of-ftp.html
- Increase VSFTP_AS_LIMIT to 200MB; various reports.
- Make the PWD response more RFC compliant; report from Barry Kelly
<barry@modeltwozero.com>.
- Remove the trailing period from EPSV response to work around BT Internet
issues; report from Tim Bishop <tdb@mirrorservice.org>.
- Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
- Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
probably have a different distro / libc / etc. and there are multiple reports.
- Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
- List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
- Make some compile-time SSL defaults (such as correct client shutdown
handling) stricter.
- Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
- Kill the FTP session if we see HTTP protocol commands, to avoid
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
- Kill the FTP session if we see session re-use failure. A report from
Tim Kosse <tim.kosse@filezilla-project.org>.
(vsftpd-3.0.3pre1)
- Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
- Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
- Minor SSL logging improvements.
- Un-default tunable_strict_ssl_write_shutdown again. We still have
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
upload integrity.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| |
|
|
| |
and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
|
| |
|
|
|
|
|
|
|
|
| |
Make vsftpd to compile with musl, while preserving uclibc compatibility.
When using musl:
* disable UTMPX functionality
* disable -lnsl option in upstream Makefile
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| |
|
|
|
|
| |
I added license info to those packages that I have imported here.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| |
|
|
|
| |
I did not define myself as the maintainer, as the package already had one.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| |
|