This is a bug and security fix release, including:
- CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
http://svn.ruby-lang.org/repos/ruby/tags/v2_2_3/ChangeLog
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
It's better to install setuptools-enabled Python packages with a special
flag that makes a flatter structure of the egg and does not create
site.py file. Already done for python-pip recently. Also, version was
bumped to 18.1.
Signed-off-by: Jan Čermák <jan.cermak@nic.cz>
error reported by buildbot, replicated locally:
wave.c:(.text+0x8e4): undefined reference to `__builtin_bswap16'
It seems that gcc builtin function is not working for mips64
according to
https://gcc.gnu.org/ml/gcc-patches/2014-01/msg00551.html
bswap patterns only work in >4.8 so the compiler
check in wave.c seems inconsistent across different archs
as octeon has gcc 4.6
make it require gcc >=4.8
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
PIP's installation procedure was too complicated, requiring obscure
postinstall and prerm scripts to move files created by setup procedure.
But since setuptools is required anyway, it's better to use a special
flag created for the purpose of package creation. Resulting directory
structure is flatter and unnecessary files that had to be moved by
prerm/postinstall scripts are not created anymore.
Signed-off-by: Jan Čermák <jan.cermak@nic.cz>
Update vsftpd to 3.0.3 released in July 2015.
Changelog: https://security.appspot.com/vsftpd/Changelog.txt
Release blog: http://scarybeastsecurity.blogspot.fi/2015/07/vsftpd-303-released-and-horrors-of-ftp.html
- Increase VSFTP_AS_LIMIT to 200MB; various reports.
- Make the PWD response more RFC compliant; report from Barry Kelly
<barry@modeltwozero.com>.
- Remove the trailing period from EPSV response to work around BT Internet
issues; report from Tim Bishop <tdb@mirrorservice.org>.
- Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
- Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
probably have a different distro / libc / etc. and there are multiple reports.
- Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
- List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
- Make some compile-time SSL defaults (such as correct client shutdown
handling) stricter.
- Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
- Kill the FTP session if we see HTTP protocol commands, to avoid
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
- Kill the FTP session if we see session re-use failure. A report from
Tim Kosse <tim.kosse@filezilla-project.org>.
(vsftpd-3.0.3pre1)
- Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
- Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
- Minor SSL logging improvements.
- Un-default tunable_strict_ssl_write_shutdown again. We still have
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
upload integrity.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Several patches here and pull requests at the upstream github project
page were merged into the devel branch. Switch to that until the next
stable release.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This change aims to address the following 2 issues
- The control file was there yet xl2tpd process was not
- The control file's existence prevented xl2tpd from start
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
L2TP with xl2tpd has no proto_task in the context of netifd and because
of this there is no valid $ERROR to check for when doing tearing down.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>