| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: vsftpd | Distribution: openSUSE Tumbleweed |
| Version: 3.0.5 | Vendor: openSUSE |
| Release: 15.1 | Build date: Thu Feb 22 21:35:42 2024 |
| Group: Productivity/Networking/Ftp/Servers | Build host: i02-armsrv1 |
| Size: 305975 | Source RPM: vsftpd-3.0.5-15.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://security.appspot.com/vsftpd.html | |
| Summary: Very Secure FTP Daemon - Written from Scratch | |
Vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. Obviously this is not a guarantee, but the entire codebase was written with security in mind, and carefully designed to be resilient to attack. Recent evidence suggests that vsftpd is also extremely fast (and this is before any explicit performance tuning!). In tests against wu-ftpd, vsftpd was always faster, supporting over twice as many users in some tests.
SUSE-GPL-2.0-with-openssl-exception
* Tue Feb 20 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Use %patch -P N instead of deprecated %patchN.
* Tue Jan 30 2024 Arjen de Korte <suse+build@de-korte.org>
- Fix location of ftpusers in /usr/lib/pam.d/vsftpd (boo#1219362)
* Wed Oct 04 2023 Thorsten Kukuk <kukuk@suse.com>
- Add vsftpd.ftpusers, the netcfg one is not maintained, outdated
and will be removed.
- vsftpd.pam: use own copy of ftpusers.
* Tue Sep 26 2023 Pedro Monreal <pmonreal@suse.com>
- Enable crypto-policies support: [bsc#1211301]
* Add vsftpd-use-system-wide-crypto-policy.patch
* Fri Aug 25 2023 Thorsten Kukuk <kukuk@suse.com>
- Use pam macros to install pam config in /usr/lib/pam.d
- Adjust vsftpd.pam to include postlogin config (replace wtmp with
wtmpdb for Y2038 [jsc#3144])
* Mon Jun 19 2023 Peter Simons <psimons@suse.com>
- Apply "0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch"
to fix the documentation of the strict_ssl_read_eof option. The
documentation says option would be disabled by default, but it is
in fact enabled. [bsc#1200075]
* Tue Jan 03 2023 David Anes <david.anes@suse.com>
- Use valid separator for logrotate config file. [bsc#1192179]
* Fri Sep 16 2022 Peter Simons <psimons@suse.com>
- systemd versions prior to 244 do not support the ProtectXYZ
directives we use in our vsftpd.service file and log warnings
every time the daemon starts, which confuses our users. We avoid
this issue by removing the unsupported options from the service
file when installing on a distribution that comes with such an
older version of systemd. [bsc#1196918]
* Thu Sep 15 2022 Stefan Schubert <schubi@localhost>
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
* Thu Aug 25 2022 Peter Simons <psimons@suse.com>
- Apply "disable-tls13-to-support-older-openssl-versions.patch"
when building on SLE-15. This is necessary, because openssl_1_1
on that codestream is version 1.1.0 rather than 1.1.1 and that
older version has no TLSv1.3 support. [bsc#1187686]
* Wed Jun 29 2022 Stefan Schubert <schubi@suse.com>
- When building on Tumbleweed, move logrotate files from user
specific directory /etc/logrotate.d to vendor specific directory
/usr/etc/logrotate.d. Builds on other codestreams still use the
original location.
* Thu Mar 03 2022 Peter Simons <psimons@suse.com>
- Use rpm conditional to build against the proper OpenSSL version
on all distributions. This allows us to update vsftpd in all
maintained SLE codestreams to the current Factory version and
mitigate the newly discovered ALPACA attack. [jsc#SLE-24275,
jsc#PM-3322, bsc#1187686]
* Tue Feb 01 2022 Peter Simons <psimons@suse.com>
- Add "seccomp-fixes.patch" to fix the syscall architecture offset
from 4 to 5, this change was documented in
<https://lore.kernel.org/patchwork/patch/554803/>.
- Add "vsftpd-openlog-force.patch" to a logic error in the way the
force option for syslog's openlog() call was handled.
- Add "vsftpd-seccomp-getrandom.patch" to fix a seccomp failure in
FIPS mode when SSL was enabled. [bsc#1052900]
- Add "vsftpd-seccomp-ssl.patch" to allow stat() to be called,
which is required during SSL initialization by RAND_load_file().
- Add "vsftpd-seccomp-wait4.patch" to allow wait4() to be called so
that the broker can wait for its child processes. [bsc#1021387]
- Refresh patches to -p1 style so that we can use %autosetup:
* vsftpd-2.0.4-dmapi.patch
* vsftpd-2.0.4-enable-ssl.patch
* vsftpd-2.0.5-enable-debuginfo.patch
* vsftpd-2.0.5-utf8-log-names.patch
* vsftpd-2.0.5-vuser.patch
* vsftpd-2.3.5-conf.patch
- Apply "revert-undocumented-config-file-format-changes.patch" to
revert the "ssl_tlsv1_X"-style config file options back to their
original spelling. The changes that dropped the underscore from
the version numbers in release 3.0.4 breaks existing
configurations and it was never documented anywhere -- not in the
package's changelog and not in the packages's own man page.
- Apply "use-system-wide-tls-cipher-policy.patch" so that vsftpd
follows the system-wide TLS cipher policy "DEFAULT_SUSE" by
default. Run the command "openssl ciphers -v DEFAULT_SUSE" to see
which ciphers this includes.
- Apply "vsftpd-allow-dev-log-socket.patch" to allow sendto()
syscall when /dev/log support is enabled. [bnc#786024]
- Apply "vsftpd-enable-sendto-for-prelogin-syslog.patch" to allow
sendto() to be called from check_limits(), which is necessary for
vsftpd to write to the system log.
* Wed Jan 05 2022 Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* vsftpd.service
* Fri Sep 10 2021 Fabian Vogt <fvogt@suse.com>
- Update to version 3.0.5:
* Fix ALPN callback to correctly select the 'ftp' string if present.
Works with FileZilla-3.55.0.
* Fix a couple of seccomp policy issues with Fedora 34.
* Tue Jun 15 2021 Peter Simons <psimons@suse.com>
- Update to version 3.0.4.
* Fix runtime SIGSYS crashes (seccomp sandbox policy tweaks).
* Reject HTTP verbs pre-login.
* Disable TLS prior to v1.2 by default.
* Close the control connection after 10 unknown commands pre-login.
* Reject any TLS ALPN advertisement that's not 'ftp'.
* Add ssl_sni_hostname option to require a match on incoming SNI hostname.
* The options "ssl_tlsv1_1", "ssl_tlsv1_2", and "ssl_tlsv1_3"
have been renamed to "ssl_tlsv11", "ssl_tlsv12", and
"ssl_tlsv13" respectively. Note that the man page has not been
updated accordingly.
- Upstream has a new GPG key (7B89011BCAE1CFEA).
- "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" is now obsolete.
- "0001-Introduce-TLSv1.3-option.patch" is now obsolete.
- "vsftpd-seccomp-syslog.patch" is now obsolete.
* Mon Jun 14 2021 Peter Simons <psimons@suse.com>
- OpenSSL was updated to version 1.1.1 in SLE-15-SP2, adding
support for the TLSv1.3 protocol. As a consequence, some SLE-15
applications that link OpenSSL for TLS support -- like vsftpd --,
gained the ability to use the newer TLS protocol, which created
interoperability problems with FTP clients in some cases. To
remedy the situation, "0001-Introduce-TLSv1.3-option.patch" was
applied in a forked SLE-15-SP2 version of vsftpd. The patch adds
the configuration option "ssl_tlsv1_3" that system administrators
can use to disable TLSv1.3 support on their servers.
[bsc#1187188]
/etc/vsftpd /etc/vsftpd.conf /etc/vsftpd/ftpusers /usr/etc/logrotate.d/vsftpd /usr/lib/firewalld /usr/lib/firewalld/services /usr/lib/firewalld/services/vsftpd.xml /usr/lib/pam.d/vsftpd /usr/lib/systemd/system/vsftpd.service /usr/lib/systemd/system/vsftpd.socket /usr/lib/systemd/system/vsftpd@.service /usr/sbin/rcvsftpd /usr/sbin/vsftpd /usr/share/doc/packages/vsftpd /usr/share/doc/packages/vsftpd/AUDIT /usr/share/doc/packages/vsftpd/BUGS /usr/share/doc/packages/vsftpd/Changelog /usr/share/doc/packages/vsftpd/EXAMPLE /usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE /usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE/README /usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE/vsftpd.conf /usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE/vsftpd.xinetd /usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE_NOINETD /usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE_NOINETD/README /usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE_NOINETD/vsftpd.conf /usr/share/doc/packages/vsftpd/EXAMPLE/PER_IP_CONFIG /usr/share/doc/packages/vsftpd/EXAMPLE/PER_IP_CONFIG/README /usr/share/doc/packages/vsftpd/EXAMPLE/PER_IP_CONFIG/hosts.allow /usr/share/doc/packages/vsftpd/EXAMPLE/README /usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_HOSTS /usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_HOSTS/README /usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS /usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS/README /usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS/logins.txt /usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS/vsftpd.conf /usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS/vsftpd.pam /usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS_2 /usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS_2/README /usr/share/doc/packages/vsftpd/FAQ /usr/share/doc/packages/vsftpd/README /usr/share/doc/packages/vsftpd/README.SUSE /usr/share/doc/packages/vsftpd/README.security /usr/share/doc/packages/vsftpd/REWARD /usr/share/doc/packages/vsftpd/SECURITY /usr/share/doc/packages/vsftpd/SECURITY/DESIGN /usr/share/doc/packages/vsftpd/SECURITY/IMPLEMENTATION /usr/share/doc/packages/vsftpd/SECURITY/OVERVIEW /usr/share/doc/packages/vsftpd/SECURITY/TRUST /usr/share/doc/packages/vsftpd/SIZE /usr/share/doc/packages/vsftpd/SPEED /usr/share/doc/packages/vsftpd/TODO /usr/share/doc/packages/vsftpd/TUNING /usr/share/empty /usr/share/licenses/vsftpd /usr/share/licenses/vsftpd/COPYING /usr/share/licenses/vsftpd/LICENSE /usr/share/man/man5/vsftpd.conf.5.gz /usr/share/man/man8/vsftpd.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Apr 27 00:22:44 2024