[-- Attachment #1: Type: text/plain, Size: 1479 bytes --] There is a new pull request by unspecd against master on the void-packages repository https://github.com/unspecd/void-packages pkg/vsftpd https://github.com/void-linux/void-packages/pull/31420 vsftpd: update to 3.0.4. <!-- Mark items with [x] where applicable --> #### General - [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements) #### Have the results of the proposed changes been tested? - [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me - [ ] I generally don't use the affected packages but briefly tested this PR <!-- If GitHub CI cannot be used to validate the build result (for example, if the build is likely to take several hours), make sure to [skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration). When skipping CI, uncomment and fill out the following section. Note: for builds that are likely to complete in less than 2 hours, it is not acceptable to skip CI. --> #### Does it build and run successfully? - [x] I built this PR locally for my native architecture, x86_64-musl - [x] I built this PR locally for these architectures: - [x] aarch64-musl - [ ] armv7l - [ ] armv6l-musl - [x] ppc-musl - [x] ppc64le-musl A patch file from https://github.com/void-linux/void-packages/pull/31420.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-pkg/vsftpd-31420.patch --] [-- Type: text/x-diff, Size: 1128 bytes --] From bea809fe13a933fa1b5a1438779058b46e65b529 Mon Sep 17 00:00:00 2001 From: Evgeny Ermakov <evgeny.v.ermakov@gmail.com> Date: Fri, 11 Jun 2021 05:09:50 +1100 Subject: [PATCH] vsftpd: update to 3.0.4. --- srcpkgs/vsftpd/template | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/srcpkgs/vsftpd/template b/srcpkgs/vsftpd/template index 866fa5db3054..2e177d8b8987 100644 --- a/srcpkgs/vsftpd/template +++ b/srcpkgs/vsftpd/template @@ -1,7 +1,7 @@ # Template file for 'vsftpd' pkgname=vsftpd -version=3.0.3 -revision=14 +version=3.0.4 +revision=1 build_style=gnu-makefile makedepends="pam-devel libcap-devel libnsl-devel openssl-devel" short_desc="FTP daemon with focus on security" @@ -9,7 +9,7 @@ maintainer="Enno Boland <gottox@voidlinux.org>" license="GPL-2.0-only" homepage="https://security.appspot.com/vsftpd.html" distfiles="https://security.appspot.com/downloads/${pkgname}-${version}.tar.gz" -checksum=9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7 +checksum=6b9421bd27e8a6cdeed5b31154f294a20b003a11a26c09500715a0a6b1b86a26 system_accounts="ftp" ftp_pgroup=nogroup
[-- Attachment #1: Type: text/plain, Size: 695 bytes --] New comment by unspecd on void-packages repository https://github.com/void-linux/void-packages/pull/31420#issuecomment-858861010 Comment: [Changelog](https://security.appspot.com/vsftpd/Changelog.txt): ``` - Fix build on Fedora 33 (one warning, one incorrect libcap used). - Fix SSL build (terrible grep for symbol in vsf_findlibs.sh)! - Fix runtime SIGSYS crashes on Fedora 33 (seccomp sandbox policy tweaks). - Reject HTTP verbs pre-login. - Disable TLS prior to v1.2 by default. - Close the control connection after 10 unknown commands pre-login. - Reject any TLS ALPN advertisement that's not 'ftp'. - Add ssl_sni_hostname option to require a match on incoming SNI hostname. ```
[-- Attachment #1: Type: text/plain, Size: 181 bytes --] New comment by ericonr on void-packages repository https://github.com/void-linux/void-packages/pull/31420#issuecomment-859762246 Comment: Huh, all our old patches still apply >.<
[-- Attachment #1: Type: text/plain, Size: 1591 bytes --] There is a new pull request by ailiop-git against master on the void-packages repository https://github.com/ailiop-git/void-packages vsftpd https://github.com/void-linux/void-packages/pull/31482 vsftpd: update to 3.0.4. <!-- Mark items with [x] where applicable --> #### General - [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements) #### Have the results of the proposed changes been tested? - [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me - [ ] I generally don't use the affected packages but briefly tested this PR <!-- If GitHub CI cannot be used to validate the build result (for example, if the build is likely to take several hours), make sure to [skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration). When skipping CI, uncomment and fill out the following section. Note: for builds that are likely to complete in less than 2 hours, it is not acceptable to skip CI. --> <!-- #### Does it build and run successfully? (Please choose at least one native build and, if supported, at least one cross build. More are better.) - [ ] I built this PR locally for my native architecture, (ARCH-LIBC) - [ ] I built this PR locally for these architectures (if supported. mark crossbuilds): - [ ] aarch64-musl - [ ] armv7l - [ ] armv6l-musl --> A patch file from https://github.com/void-linux/void-packages/pull/31482.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-vsftpd-31482.patch --] [-- Type: text/x-diff, Size: 1124 bytes --] From a5ef61cb1ee7747ef1124ec2ad30a15ac93db1f8 Mon Sep 17 00:00:00 2001 From: Anthony Iliopoulos <ailiop@altatus.com> Date: Mon, 14 Jun 2021 11:18:17 +0000 Subject: [PATCH] vsftpd: update to 3.0.4. --- srcpkgs/vsftpd/template | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/srcpkgs/vsftpd/template b/srcpkgs/vsftpd/template index 866fa5db3054..2e177d8b8987 100644 --- a/srcpkgs/vsftpd/template +++ b/srcpkgs/vsftpd/template @@ -1,7 +1,7 @@ # Template file for 'vsftpd' pkgname=vsftpd -version=3.0.3 -revision=14 +version=3.0.4 +revision=1 build_style=gnu-makefile makedepends="pam-devel libcap-devel libnsl-devel openssl-devel" short_desc="FTP daemon with focus on security" @@ -9,7 +9,7 @@ maintainer="Enno Boland <gottox@voidlinux.org>" license="GPL-2.0-only" homepage="https://security.appspot.com/vsftpd.html" distfiles="https://security.appspot.com/downloads/${pkgname}-${version}.tar.gz" -checksum=9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7 +checksum=6b9421bd27e8a6cdeed5b31154f294a20b003a11a26c09500715a0a6b1b86a26 system_accounts="ftp" ftp_pgroup=nogroup
[-- Attachment #1: Type: text/plain, Size: 277 bytes --] New comment by ericonr on void-packages repository https://github.com/void-linux/void-packages/pull/31420#issuecomment-861766350 Comment: It would be nice to look into upstreaming our patches, but otherwise I think they are all still necessary :( Including the CVE one :/
[-- Attachment #1: Type: text/plain, Size: 1325 bytes --] There's a merged pull request on the void-packages repository vsftpd: update to 3.0.4. https://github.com/void-linux/void-packages/pull/31420 Description: <!-- Mark items with [x] where applicable --> #### General - [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements) #### Have the results of the proposed changes been tested? - [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me - [ ] I generally don't use the affected packages but briefly tested this PR <!-- If GitHub CI cannot be used to validate the build result (for example, if the build is likely to take several hours), make sure to [skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration). When skipping CI, uncomment and fill out the following section. Note: for builds that are likely to complete in less than 2 hours, it is not acceptable to skip CI. --> #### Does it build and run successfully? - [x] I built this PR locally for my native architecture, x86_64-musl - [x] I built this PR locally for these architectures: - [x] aarch64-musl - [ ] armv7l - [ ] armv6l-musl - [x] ppc-musl - [x] ppc64le-musl