You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

47 lines
1.6 KiB

vsftpd: update to 3.0.3 Update vsftpd to 3.0.3 released in July 2015. Changelog: https://security.appspot.com/vsftpd/Changelog.txt Release blog: http://scarybeastsecurity.blogspot.fi/2015/07/vsftpd-303-released-and-horrors-of-ftp.html - Increase VSFTP_AS_LIMIT to 200MB; various reports. - Make the PWD response more RFC compliant; report from Barry Kelly <barry@modeltwozero.com>. - Remove the trailing period from EPSV response to work around BT Internet issues; report from Tim Bishop <tdb@mirrorservice.org>. - Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil <mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now. - Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I probably have a different distro / libc / etc. and there are multiple reports. - Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle this case gracefully. Report from Vasily Averin <vvs@odin.com>. - List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. - Make some compile-time SSL defaults (such as correct client shutdown handling) stricter. - Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms delays. From Tim Kosse <tim.kosse@filezilla-project.org>. - Kill the FTP session if we see HTTP protocol commands, to avoid cross-protocol attacks. A report from Jann Horn <jann@thejh.net>. - Kill the FTP session if we see session re-use failure. A report from Tim Kosse <tim.kosse@filezilla-project.org>. (vsftpd-3.0.3pre1) - Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>. - Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384. - Minor SSL logging improvements. - Un-default tunable_strict_ssl_write_shutdown again. We still have tunable_strict_ssl_read_eof defaulted now, which is the important one to prove upload integrity. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
10 years ago
  1. --- a/Makefile
  2. +++ b/Makefile
  3. @@ -22,6 +22,8 @@ OBJS = main.o utility.o prelogin.o ftpcm
  4. seccompsandbox.o
  5. +DESTDIR =
  6. +
  7. .c.o:
  8. $(CC) -c $*.c $(CFLAGS) $(IFLAGS)
  9. @@ -29,21 +31,20 @@ vsftpd: $(OBJS)
  10. $(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS)
  11. install:
  12. - if [ -x /usr/local/sbin ]; then \
  13. - $(INSTALL) -m 755 vsftpd /usr/local/sbin/vsftpd; \
  14. - else \
  15. - $(INSTALL) -m 755 vsftpd /usr/sbin/vsftpd; fi
  16. - if [ -x /usr/local/man ]; then \
  17. - $(INSTALL) -m 644 vsftpd.8 /usr/local/man/man8/vsftpd.8; \
  18. - $(INSTALL) -m 644 vsftpd.conf.5 /usr/local/man/man5/vsftpd.conf.5; \
  19. - elif [ -x /usr/share/man ]; then \
  20. - $(INSTALL) -m 644 vsftpd.8 /usr/share/man/man8/vsftpd.8; \
  21. - $(INSTALL) -m 644 vsftpd.conf.5 /usr/share/man/man5/vsftpd.conf.5; \
  22. - else \
  23. - $(INSTALL) -m 644 vsftpd.8 /usr/man/man8/vsftpd.8; \
  24. - $(INSTALL) -m 644 vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5; fi
  25. - if [ -x /etc/xinetd.d ]; then \
  26. - $(INSTALL) -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi
  27. + mkdir -p $(DESTDIR)/usr/sbin
  28. + $(INSTALL) -m 755 vsftpd $(DESTDIR)/usr/sbin/
  29. + mkdir -p $(DESTDIR)/usr/share/man/man8
  30. + $(INSTALL) -m 644 vsftpd.8 $(DESTDIR)/usr/share/man/man8/
  31. + mkdir -p $(DESTDIR)/usr/share/man/man5
  32. + $(INSTALL) -m 644 vsftpd.conf.5 $(DESTDIR)/usr/share/man/man5/
  33. + mkdir -p $(DESTDIR)/etc/xinetd.d
  34. + $(INSTALL) -m 644 xinetd.d/vsftpd $(DESTDIR)/etc/xinetd.d/
  35. +
  36. +uninstall:
  37. + rm -f $(DESTDIR)/usr/sbin/vsftpd
  38. + rm -f $(DESTDIR)/usr/share/man/man8/vsftpd.8
  39. + rm -f $(DESTDIR)/usr/share/man/man5/vsftpd.conf.5
  40. + rm -f $(DESTDIR)/etc/xinetd.d/vsftpd
  41. clean:
  42. rm -f *.o *.swp vsftpd