Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2021-09-16 23:14:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vsftpd (Old) and /work/SRC/openSUSE:Factory/.vsftpd.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vsftpd" Thu Sep 16 23:14:29 2021 rev:76 rq:917998 version:3.0.5 Changes: -------- --- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes 2021-07-09 23:56:49.525697454 +0200 +++ /work/SRC/openSUSE:Factory/.vsftpd.new.1899/vsftpd.changes 2021-09-16 23:16:41.651923936 +0200 @@ -1,0 +2,8 @@ +Fri Sep 10 13:15:44 UTC 2021 - Fabian Vogt <fv...@suse.com> + +- Update to version 3.0.5: + * Fix ALPN callback to correctly select the 'ftp' string if present. + Works with FileZilla-3.55.0. + * Fix a couple of seccomp policy issues with Fedora 34. + +------------------------------------------------------------------- Old: ---- vsftpd-3.0.4.tar.gz vsftpd-3.0.4.tar.gz.asc New: ---- vsftpd-3.0.5.tar.gz vsftpd-3.0.5.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vsftpd.spec ++++++ --- /var/tmp/diff_new_pack.uTmVEe/_old 2021-09-16 23:16:42.763925087 +0200 +++ /var/tmp/diff_new_pack.uTmVEe/_new 2021-09-16 23:16:42.763925087 +0200 @@ -27,7 +27,7 @@ %define use_firewalld 0 %endif Name: vsftpd -Version: 3.0.4 +Version: 3.0.5 Release: 0 Summary: Very Secure FTP Daemon - Written from Scratch License: SUSE-GPL-2.0-with-openssl-exception ++++++ vsftpd-3.0.4.tar.gz -> vsftpd-3.0.5.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-3.0.4/Changelog new/vsftpd-3.0.5/Changelog --- old/vsftpd-3.0.4/Changelog 2021-05-30 00:50:36.000000000 +0200 +++ new/vsftpd-3.0.5/Changelog 2021-08-02 08:23:45.000000000 +0200 @@ -1387,3 +1387,10 @@ At this point: v3.0.4 released! =============================== + +- Fix ALPN callback to correctly select the 'ftp' string if present. Works +with FileZilla-3.55.0. +- Fix a couple of seccomp policy issues with Fedora 34. + +At this point: v3.0.5 released! +=============================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-3.0.4/README new/vsftpd-3.0.5/README --- old/vsftpd-3.0.4/README 2021-05-18 08:48:40.000000000 +0200 +++ new/vsftpd-3.0.5/README 2021-07-31 22:08:40.000000000 +0200 @@ -1,4 +1,4 @@ -This is vsftpd, version 3.0.4 +This is vsftpd, version 3.0.5 Author: Chris Evans Contact: scarybea...@gmail.com Website: http://vsftpd.beasts.org/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-3.0.4/seccompsandbox.c new/vsftpd-3.0.5/seccompsandbox.c --- old/vsftpd-3.0.4/seccompsandbox.c 2021-05-20 07:43:18.000000000 +0200 +++ new/vsftpd-3.0.5/seccompsandbox.c 2021-08-01 03:32:53.000000000 +0200 @@ -45,6 +45,12 @@ #ifndef __NR_openat #define __NR_openat 257 #endif +#ifndef __NR_newfstatat + #define __NR_newfstatat 262 +#endif +#ifndef __NR_pselect6 + #define __NR_pselect6 270 +#endif #ifndef __NR_getrandom #define __NR_getrandom 318 #endif @@ -270,6 +276,7 @@ 3, IPPROTO_TCP); allow_nr(__NR_bind); allow_nr(__NR_select); + allow_nr(__NR_pselect6); if (tunable_port_enable) { allow_nr(__NR_connect); @@ -401,6 +408,7 @@ allow_nr_2_arg_match(__NR_setsockopt, 2, SOL_SOCKET, 3, SO_LINGER); allow_nr_2_arg_match(__NR_setsockopt, 2, IPPROTO_IP, 3, IP_TOS); allow_nr(__NR_fstat); + allow_nr(__NR_newfstatat); allow_nr(__NR_lseek); /* Since we use chroot() to restrict filesystem access, we can just blanket * allow open(). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-3.0.4/ssl.c new/vsftpd-3.0.5/ssl.c --- old/vsftpd-3.0.4/ssl.c 2021-05-30 00:42:56.000000000 +0200 +++ new/vsftpd-3.0.5/ssl.c 2021-08-02 08:24:35.000000000 +0200 @@ -740,17 +740,25 @@ (void) p_ssl; - /* Select everything but return an error if we don't like it. */ + /* Initialize just in case. */ *p_out = p_in; - *outlen = inlen; + *outlen = 0; - if (inlen == 4) { - if (p_in[0] == 3 && p_in[1] == 'f' && p_in[2] == 't' && p_in[3] == 'p') + for (i = 0; i < inlen; ++i) { + unsigned int left = (inlen - i); + if (left < 4) { + continue; + } + if (p_in[i] == 3 && p_in[i + 1] == 'f' && p_in[i + 2] == 't' && + p_in[i + 3] == 'p') { is_ok = 1; + *p_out = &p_in[i + 1]; + *outlen = 3; + break; } } - + if (!is_ok) { str_alloc_text(&debug_str, "ALPN rejection"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-3.0.4/vsftpver.h new/vsftpd-3.0.5/vsftpver.h --- old/vsftpd-3.0.4/vsftpver.h 2021-05-18 08:48:48.000000000 +0200 +++ new/vsftpd-3.0.5/vsftpver.h 2021-07-31 22:08:48.000000000 +0200 @@ -1,7 +1,7 @@ #ifndef VSF_VERSION_H #define VSF_VERSION_H -#define VSF_VERSION "3.0.4" +#define VSF_VERSION "3.0.5" #endif /* VSF_VERSION_H */
