Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

vsftpd-3.0.5-150600.8.5 RPM for ppc64le

From OpenSuSE Leap 15.6 for ppc64le

Name: vsftpd Distribution: SUSE Linux Enterprise 15
Version: 3.0.5 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150600.8.5 Build date: Thu May 9 19:00:01 2024
Group: Productivity/Networking/Ftp/Servers Build host: xinomavro
Size: 434325 Source RPM: vsftpd-3.0.5-150600.8.5.src.rpm
Packager: https://www.suse.com/
Url: https://security.appspot.com/vsftpd.html
Summary: Very Secure FTP Daemon - Written from Scratch
 
Vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure.
Obviously this is not a guarantee, but the entire codebase was written
with security in mind, and carefully designed to be resilient to
attack.

Recent evidence suggests that vsftpd is also extremely fast (and this
is before any explicit performance tuning!). In tests against wu-ftpd,
vsftpd was always faster, supporting over twice as many users in some
tests.

Provides

Requires

License

SUSE-GPL-2.0-with-openssl-exception

Changelog

* Mon Jun 19 2023 psimons@suse.com
  - Apply "0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch"
    to fix the documentation of the strict_ssl_read_eof option. The
    documentation says option would be disabled by default, but it is
    in fact enabled. [bsc#1200075]
* Tue Jan 03 2023 david.anes@suse.com
  - Use valid separator for logrotate config file. [bsc#1192179]
* Fri Sep 16 2022 psimons@suse.com
  - systemd versions prior to 244 do not support the ProtectXYZ
    directives we use in our vsftpd.service file and log warnings
    every time the daemon starts, which confuses our users. We avoid
    this issue by removing the unsupported options from the service
    file when installing on a distribution that comes with such an
    older version of systemd. [bsc#1196918]
* Thu Aug 25 2022 psimons@suse.com
  - Apply "disable-tls13-to-support-older-openssl-versions.patch"
    when building on SLE-15. This is necessary, because openssl_1_1
    on that codestream is version 1.1.0 rather than 1.1.1 and that
    older version has no TLSv1.3 support. [bsc#1187686]
* Wed Jun 29 2022 schubi@suse.com
  - When building on Tumbleweed, move logrotate files from user
    specific directory /etc/logrotate.d to vendor specific directory
    /usr/etc/logrotate.d. Builds on other codestreams still use the
    original location.
* Thu Mar 03 2022 psimons@suse.com
  - Use rpm conditional to build against the proper OpenSSL version
    on all distributions. This allows us to update vsftpd in all
    maintained SLE codestreams to the current Factory version and
    mitigate the newly discovered ALPACA attack. [jsc#SLE-24275,
    jsc#PM-3322, bsc#1187686]
* Tue Feb 01 2022 psimons@suse.com
  - Add "seccomp-fixes.patch" to fix the syscall architecture offset
    from 4 to 5, this change was documented in
    <https://lore.kernel.org/patchwork/patch/554803/>.
  - Add "vsftpd-openlog-force.patch" to a logic error in the way the
    force option for syslog's openlog() call was handled.
  - Add "vsftpd-seccomp-getrandom.patch" to fix a seccomp failure in
    FIPS mode when SSL was enabled. [bsc#1052900]
  - Add "vsftpd-seccomp-ssl.patch" to allow stat() to be called,
    which is required during SSL initialization by RAND_load_file().
  - Add "vsftpd-seccomp-wait4.patch" to allow wait4() to be called so
    that the broker can wait for its child processes. [bsc#1021387]
  - Refresh patches to -p1 style so that we can use %autosetup:
    * vsftpd-2.0.4-dmapi.patch
    * vsftpd-2.0.4-enable-ssl.patch
    * vsftpd-2.0.5-enable-debuginfo.patch
    * vsftpd-2.0.5-utf8-log-names.patch
    * vsftpd-2.0.5-vuser.patch
    * vsftpd-2.3.5-conf.patch
  - Apply "revert-undocumented-config-file-format-changes.patch" to
    revert the "ssl_tlsv1_X"-style config file options back to their
    original spelling. The changes that dropped the underscore from
    the version numbers in release 3.0.4 breaks existing
    configurations and it was never documented anywhere -- not in the
    package's changelog and not in the packages's own man page.
  - Apply "use-system-wide-tls-cipher-policy.patch" so that vsftpd
    follows the system-wide TLS cipher policy "DEFAULT_SUSE" by
    default. Run the command "openssl ciphers -v DEFAULT_SUSE" to see
    which ciphers this includes.
  - Apply "vsftpd-allow-dev-log-socket.patch" to allow sendto()
    syscall when /dev/log support is enabled. [bnc#786024]
  - Apply "vsftpd-enable-sendto-for-prelogin-syslog.patch" to allow
    sendto() to be called from check_limits(), which is necessary for
    vsftpd to write to the system log.
* Wed Jan 05 2022 jsegitz@suse.com
  - Added hardening to systemd service(s) (bsc#1181400). Modified:
    * vsftpd.service
* Fri Sep 10 2021 fvogt@suse.com
  - Update to version 3.0.5:
    * Fix ALPN callback to correctly select the 'ftp' string if present.
      Works with FileZilla-3.55.0.
    * Fix a couple of seccomp policy issues with Fedora 34.
* Tue Jun 15 2021 psimons@suse.com
  - Update to version 3.0.4.
    * Fix runtime SIGSYS crashes (seccomp sandbox policy tweaks).
    * Reject HTTP verbs pre-login.
    * Disable TLS prior to v1.2 by default.
    * Close the control connection after 10 unknown commands pre-login.
    * Reject any TLS ALPN advertisement that's not 'ftp'.
    * Add ssl_sni_hostname option to require a match on incoming SNI hostname.
    * The options "ssl_tlsv1_1", "ssl_tlsv1_2", and "ssl_tlsv1_3"
      have been renamed to "ssl_tlsv11", "ssl_tlsv12", and
      "ssl_tlsv13" respectively. Note that the man page has not been
      updated accordingly.
  - Upstream has a new GPG key (7B89011BCAE1CFEA).
  - "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" is now obsolete.
  - "0001-Introduce-TLSv1.3-option.patch" is now obsolete.
  - "vsftpd-seccomp-syslog.patch" is now obsolete.
* Mon Jun 14 2021 psimons@suse.com
  - OpenSSL was updated to version 1.1.1 in SLE-15-SP2, adding
    support for the TLSv1.3 protocol. As a consequence, some SLE-15
    applications that link OpenSSL for TLS support -- like vsftpd --,
    gained the ability to use the newer TLS protocol, which created
    interoperability problems with FTP clients in some cases. To
    remedy the situation, "0001-Introduce-TLSv1.3-option.patch" was
    applied in a forked SLE-15-SP2 version of vsftpd. The patch adds
    the configuration option "ssl_tlsv1_3" that system administrators
    can use to disable TLSv1.3 support on their servers.
    [bsc#1187188]
* Thu Dec 03 2020 idonmez@suse.com
  - Add seccomp-fixes.patch to allow getdents64 syscall in seccomp
    sandbox, fixes bsc#1179553
    Also in the same patch, fix the architecture offset from 4 to 5,
    this change was documented in https://lore.kernel.org/patchwork/patch/554803/
* Fri Nov 13 2020 psimons@suse.com
  - Apply "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" and
    "0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch",
    which add the "ssl_tlsv1_1" and "ssl_tlsv1_2" options to the
    configuration file. Both options default to true. [SLE-4182]
* Wed Aug 19 2020 dimstar@opensuse.org
  - Use %{_prefix}/lib instead of misused %{_libexecdir}.
* Thu Dec 05 2019 josef.moellers@suse.com
  - Add pam_keyinit.so to PAM config file.
    [vsftpd.pam, bsc#1144062]
* Tue Jun 18 2019 psimons@suse.com
  - Apply "vsftpd-avoid-bogus-ssl-write.patch" to fix a segmentation
    fault that occurred while trying to write to an invalid TLS
    context. [bsc#1125951]
* Wed Jun 12 2019 dimstar@opensuse.org
  - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
    shortcut the build queues by allowing usage of systemd-mini
* Tue Oct 23 2018 suse-beta@cboltz.de
  - firewall-macros should be BuildRequires, not Requires(post)
    (the macro gets expanded during package build)
* Thu Jun 28 2018 psimons@suse.com
  - Extend "vsftpd-3.0.3-address_space_limit.patch" to mention the
    new 'address_space_limit' option in the installed vsftpd.conf(5)
    man page. [bsc#1075060]
* Thu Jun 21 2018 psimons@suse.com
  - Apply "vsftpd-support-dsa-only-setups.patch" to disable the
    problematic default setting for rsa_cert_file. Upstream
    initializes that value to "/usr/share/ssl/certs/vsftpd.pem" and
    vsftpd won't start up if that file does not exist (or if it does
    not contain an RSA certificate). Therefore, users who copy a DSA
    certificate into that location or properly configure a DSA
    certificate via dsa_cert_file without explicitly disabling the
    RSA certificate won't be able to start vsftpd. [bsc#975538]
* Wed May 16 2018 psimons@suse.com
  - Don't start/stop parameterized systemd units in pre/post actions.
    These units cannot be used without an explicit parameter and
    attempts to do so lead to a confusing "failed to try-restart"
    error message. [bsc#1093179, bsc#1010177]
* Wed Apr 25 2018 psimons@suse.com
  - vsftpd-enable-syscalls-needed-by-sle15.patch: Enable wait4(),
    sysinfo(), and shutdown() syscalls in seccomp sandbox. These are
    required for the daemon to work properly on SLE-15. [bsc#1089088,
    bsc#1180314]
* Tue Apr 03 2018 vcizek@suse.com
  - Add firewalld service file (bsc#1083705)
* Wed Dec 13 2017 tchvatal@suse.com
  - Make sure to also require group nobody and user ftp bsc#1070653
* Thu Sep 07 2017 psimons@suse.com
  - Add "vsftpd-die-with-session.patch" to fix a bug in vsftpd that
    would cause SSL protocol errors, aborting the connection, whenever
    system errors occurred that were supposed to be non-fatal.
    [bsc#1044292]
  - Add "vsftpd-mdtm-in-utc.patch" to fix interoperability issue with
    various ftp clients that arose when vsftpd is configured with
    option "use_localtime=YES". Basically, it's fine to use local time
    stamps in directory listings, but responding to MDTM commands with
    any time zone other than UTC directly violates RFC3659 and leads
    FTP clients to misinterpret the file's time stamp. [bsc#1024961]
  - Add "vsftpd-append-seek-pipe.patch" to allow the FTP server to
    append to a file system pipe. [bsc#1048427]
  - Add "vsftpd-3.0.3-address_space_limit.patch" to create the new
    configuration option "address_space_limit", which determines the
    memory limit vsftpd configures for its own process (given in
    bytes). The previously hard-coded limit (100 MB) may not be
    sufficient for vsftpd servers running with certain PAM modules
    enabled, and in such cases administrators may wish to raise the
    limit to match their system's requirements. [bsc#1042137]
  - Don't rely on the vsf_findlibs.sh script to figure out the list
    of libraries the build needs to link. The script is wildly
    unreliable and it's hard to predict what results it will produce.
    Also, the results it *does* produce are invisble in the build
    log. We stumbled across this issue when vsftpd suddendly had
    build failures on i586 platforms because the script decided to
    try and link "-lnsl" even though the library was neither
    installed nor required.
  - Drop the explicit specification of the LDFLAGS and LINK variables
    from the call to make. The value of LDFLAGS we passed is the
    default anyway and giving LINK has no effect since it's not used
    anywhere in the Makefile.
* Wed Jun 14 2017 tchvatal@suse.com
  - Conditionally install xinetd service only on older releases
    * On current distributions we support the same functionality
      via systemd socket activation
* Mon Jun 12 2017 daniel.molkentin@suse.com
  - Fix build against OpenSSL 1.1. Remove lock on 1.0.x libs
    adds vsftpd-3.0.3-build-with-openssl-1.1.patch
    (bsc#1042673)
* Wed May 31 2017 psimons@suse.com
  - Explicitly depend on OpenSSL version 1.0.x since vsftpd doesn't
    compile against the API provided by newer versions.
* Tue May 02 2017 kukuk@suse.de
  - Adjust to new system user/group RPMs
* Mon Sep 19 2016 psimons@suse.com
  - Add vsftpd-3.0.2-fix-chown-uploads.patch to fix a bug in vsftpd
    where files uploaded by an anonymous user could not be chown()ed
    to the desired UID as specified in the daemon's configuration
    file. [bnc#996370]
* Wed Aug 31 2016 dimstar@opensuse.org
  - Extend vsftpd-2.0.4-lib64.diff to also find libcap.so.* in
    /usr/lib64.
* Fri Aug 05 2016 tchvatal@suse.com
  - Do not bother with omc xml configs, useless nowdays
* Wed Mar 23 2016 tchvatal@suse.com
  - Require shadow and do not output the error out of useradd
* Tue Mar 22 2016 tchvatal@suse.com
  - Fix hang when using seccomp and syslog bnc#971784:
    * vsftpd-seccomp-syslog.patch
* Tue Mar 22 2016 tchvatal@suse.com
  - Fix user creation to not report error when user alredy exist
    bnc#972169
* Mon Mar 21 2016 tchvatal@suse.com
  - Fix bnc#970982 hanging on pam_exec in pam.d
    * Add patch vsftpd-3.0.2-wnohang.patch
* Thu Mar 10 2016 jcejka@suse.com
  - Fix memory leaks in ls.c bnc#968138
    * Add patch vsftpd-ls-memleak.patch
    * Update patch vsftpd-path-normalize.patch
  - Fix wildcard ? matching bnc#969411
    * Update patch vsftpd-2.3.4-sqb.patch
* Mon Sep 21 2015 tchvatal@suse.com
  - Clean-up the init.d support to be bit more readable and add missing dep
* Mon Sep 21 2015 joop.boonen@opensuse.org
  - Brought back additional systemv support so it also builds for SLES 10 and 11
* Tue Sep 08 2015 tchvatal@suse.com
  - Version bump to 3.0.3:
    * Increase VSFTP_AS_LIMIT to 200MB; various reports.
    * Make the PWD response more RFC compliant; report from Barry Kelly
      <barry@modeltwozero.com>.
    * Remove the trailing period from EPSV response to work around BT Internet
      issues; report from Tim Bishop <tdb@mirrorservice.org>.
    * Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
      <mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
    * Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
      probably have a different distro / libc / etc. and there are multiple reports.
    * Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
      this case gracefully. Report from Vasily Averin <vvs@odin.com>.
    * List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
    * Make some compile-time SSL defaults (such as correct client shutdown
      handling) stricter.
    * Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
      delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
    * Kill the FTP session if we see HTTP protocol commands, to avoid
      cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
    * Kill the FTP session if we see session re-use failure. A report from
      Tim Kosse <tim.kosse@filezilla-project.org>.
    * Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
    * Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
    * Minor SSL logging improvements.
    * Un-default tunable_strict_ssl_write_shutdown again. We still have
      tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
      upload integrity.
  - Drop patch vsftpd-allow-dev-log-socket.patch should be included
    upstream, se above bullet with mvyskocil's email
* Tue Jun 23 2015 tchvatal@suse.com
  - Fix logrotate script to not fail when vsftpd is not running,
    bnc#935279
* Fri Apr 17 2015 tchvatal@suse.com
  - Fix hide_file option wrt bnc#927612:
    * vsftpd-path-normalize.patch
* Sun Apr 05 2015 tchvatal@suse.com
  - bnc#925963 stat is sometimes run on wrong path and results with
    ENOENT, ensure we sent both dir+file to filter verification:
    * vsftpd-path-normalize.patch
* Wed Mar 25 2015 tchvatal@suse.com
  - Update patch bit more for sanity checks. Done by rsassu@suse.de:
    * vsftpd-path-normalize.patch
* Mon Mar 23 2015 tchvatal@suse.com
  - Add back patch attempting to fix bnc#900326 bnc#915522 and
    bnc#922538:
    * vsftpd-path-normalize.patch
* Mon Mar 23 2015 tchvatal@suse.com
  - Reset filter patch to match fedora, my work will be restarted
    in one-off patch to make the changes stand out. Add rest of
    RH filtering patches:
    * vsftpd-2.2.0-wildchar.patch
    * vsftpd-2.3.4-sqb.patch
    * vsftpd-2.1.0-filter.patch
* Mon Mar 23 2015 tchvatal@suse.com
  - Work on the filter patch and split out the normalisation of the
    path to separate str function, currently commented out so I
    avoid huge diffing.
    * vsftpd-2.1.0-filter.patch
* Fri Feb 20 2015 tchvatal@suse.com
  - Add service calls for other unit files too
  - Udate filter patch to work as expected:
    * vsftpd-2.1.0-filter.patch
* Fri Jan 02 2015 tchvatal@suse.com
  - Try to fix deny_file parsing to do more what is expected. Taken
    from fedora. bnc#900326 bnc#915522 CVE-2015-1419
    * vsftpd-2.1.0-filter.patch
* Fri Nov 14 2014 dimstar@opensuse.org
  - No longer perform gpg validation; osc source_validator does it
    implicit:
    + Drop gpg-offline BuildRequires.
    + No longer execute gpg_verify.

Files

/etc/logrotate.d/vsftpd
/etc/pam.d/vsftpd
/etc/vsftpd.conf
/usr/lib/firewalld
/usr/lib/firewalld/services
/usr/lib/firewalld/services/vsftpd.xml
/usr/lib/systemd/system/vsftpd.service
/usr/lib/systemd/system/vsftpd.socket
/usr/lib/systemd/system/vsftpd@.service
/usr/sbin/rcvsftpd
/usr/sbin/vsftpd
/usr/share/doc/packages/vsftpd
/usr/share/doc/packages/vsftpd/AUDIT
/usr/share/doc/packages/vsftpd/BUGS
/usr/share/doc/packages/vsftpd/Changelog
/usr/share/doc/packages/vsftpd/EXAMPLE
/usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE
/usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE/README
/usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE/vsftpd.conf
/usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE/vsftpd.xinetd
/usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE_NOINETD
/usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE_NOINETD/README
/usr/share/doc/packages/vsftpd/EXAMPLE/INTERNET_SITE_NOINETD/vsftpd.conf
/usr/share/doc/packages/vsftpd/EXAMPLE/PER_IP_CONFIG
/usr/share/doc/packages/vsftpd/EXAMPLE/PER_IP_CONFIG/README
/usr/share/doc/packages/vsftpd/EXAMPLE/PER_IP_CONFIG/hosts.allow
/usr/share/doc/packages/vsftpd/EXAMPLE/README
/usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_HOSTS
/usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_HOSTS/README
/usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS
/usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS/README
/usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS/logins.txt
/usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS/vsftpd.conf
/usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS/vsftpd.pam
/usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS_2
/usr/share/doc/packages/vsftpd/EXAMPLE/VIRTUAL_USERS_2/README
/usr/share/doc/packages/vsftpd/FAQ
/usr/share/doc/packages/vsftpd/README
/usr/share/doc/packages/vsftpd/README.SUSE
/usr/share/doc/packages/vsftpd/README.security
/usr/share/doc/packages/vsftpd/REWARD
/usr/share/doc/packages/vsftpd/SECURITY
/usr/share/doc/packages/vsftpd/SECURITY/DESIGN
/usr/share/doc/packages/vsftpd/SECURITY/IMPLEMENTATION
/usr/share/doc/packages/vsftpd/SECURITY/OVERVIEW
/usr/share/doc/packages/vsftpd/SECURITY/TRUST
/usr/share/doc/packages/vsftpd/SIZE
/usr/share/doc/packages/vsftpd/SPEED
/usr/share/doc/packages/vsftpd/TODO
/usr/share/doc/packages/vsftpd/TUNING
/usr/share/empty
/usr/share/licenses/vsftpd
/usr/share/licenses/vsftpd/COPYING
/usr/share/licenses/vsftpd/LICENSE
/usr/share/man/man5/vsftpd.conf.5.gz
/usr/share/man/man8/vsftpd.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Mar 9 16:30:14 2026