From: Hannu Nyman <hannu.nyman@iki.fi>
Date: Mon, 17 Aug 2015 19:21:23 +0000 (+0300)
Subject: vsftpd: update to 3.0.3
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=refs%2Fpull%2F1663%2Fhead;p=feed%2Fpackages.git

vsftpd: update to 3.0.3

Update vsftpd to 3.0.3 released in July 2015.

Changelog: https://security.appspot.com/vsftpd/Changelog.txt
Release blog: http://scarybeastsecurity.blogspot.fi/2015/07/vsftpd-303-released-and-horrors-of-ftp.html

- Increase VSFTP_AS_LIMIT to 200MB; various reports.
- Make the PWD response more RFC compliant; report from Barry Kelly
<barry@modeltwozero.com>.
- Remove the trailing period from EPSV response to work around BT Internet
issues; report from Tim Bishop <tdb@mirrorservice.org>.
- Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
- Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
probably have a different distro / libc / etc. and there are multiple reports.
- Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
- List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
- Make some compile-time SSL defaults (such as correct client shutdown
handling) stricter.
- Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
- Kill the FTP session if we see HTTP protocol commands, to avoid
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
- Kill the FTP session if we see session re-use failure. A report from
Tim Kosse <tim.kosse@filezilla-project.org>.
(vsftpd-3.0.3pre1)
- Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
- Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
- Minor SSL logging improvements.
- Un-default tunable_strict_ssl_write_shutdown again. We still have
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
upload integrity.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
---

diff --git a/net/vsftpd/Makefile b/net/vsftpd/Makefile
index e68b3eb21d..da50698818 100644
--- a/net/vsftpd/Makefile
+++ b/net/vsftpd/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=vsftpd
-PKG_VERSION:=3.0.2
-PKG_RELEASE:=6
+PKG_VERSION:=3.0.3
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://security.appspot.com/downloads/
-PKG_MD5SUM:=8b00c749719089401315bd3c44dddbb2
+PKG_MD5SUM:=da119d084bd3f98664636ea05b5bb398
 PKG_LICENSE:=GPLv2
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
diff --git a/net/vsftpd/patches/001-destdir.patch b/net/vsftpd/patches/001-destdir.patch
index 70d95927f0..b0274ac865 100644
--- a/net/vsftpd/patches/001-destdir.patch
+++ b/net/vsftpd/patches/001-destdir.patch
@@ -9,7 +9,7 @@
  .c.o:
  	$(CC) -c $*.c $(CFLAGS) $(IFLAGS)
  
-@@ -29,21 +31,20 @@ vsftpd: $(OBJS) 
+@@ -29,21 +31,20 @@ vsftpd: $(OBJS)
  	$(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS)
  
  install: