vsftpd (2.0.7-1+lenny1) oldstable-security; urgency=high * Non-maintainer upload by the Security Team. * Fix possible DoS via globa expressions in STAT commands by limiting the matching loop (CVE-2011-0762; Closes: #622741). -- Nico Golde Thu, 08 Sep 2011 19:15:16 +0000 vsftpd (2.0.7-1) unstable; urgency=medium * New maintainer, taking over package from Matej. * New upstream release (Closes: #497149): - properly shuts down SSL connections now, fixes problem for all Filezilla users (Closes: #494195). - fixes race condition causing PASV connection drops under extreme load (Closes: #502215). * Adding vcs fields in control file. * Removed useless empty line at the end of vsftpd.pam file. -- Daniel Baumann Sat, 31 Jan 2009 00:47:00 +0100 vsftpd (2.0.6-1.2) unstable; urgency=low * Non-maintainer upload to fix a RC bug. * debian/vsftpd.post*: use update-inetd only if available. Closes: #470636 * debian/vsftpd.init.d: include a sane PATH. Closes: #433893 * debian/vsftpd.init.d: include LSB short description. (lintian warning) * debian/control: Standards-Version 3.8.0. No changes. (lintian warning) -- Rogério Brito Fri, 26 Sep 2008 10:01:46 -0300 vsftpd (2.0.6-1.1) unstable; urgency=low * Non-maintainer upload to solve release goal. * Add LSB dependency header to init.d scripts (Closes: #460211) -- Petter Reinholdtsen Mon, 17 Mar 2008 09:46:02 +0100 vsftpd (2.0.6-1) unstable; urgency=low * New upstream release. Closes: #467128. - Adds a chown_upload_mode option. Closes: #269193. - Supports UTF8. Closes: #445393. * man-typo.patch: Integrated upstream. * unused-libs.patch: Remove `-lnsl -ldl -lresolv -lutil' since we don't use any of their symbols. * debian/copyright: Add upstream copyright. * debian/copyright: Update upstream e-mail. * debian/control: Build-depend on quilt (>= 0.40) rather than (>= 0.40-1) to placate Lintian. * Conforms to Standards version 3.7.3. -- Matej Vela Sat, 23 Feb 2008 11:39:37 +0100 vsftpd (2.0.5-2) unstable; urgency=low * New maintainer. Closes: #385929. * Acknowledge NMU. Thanks, Martin! * vsftpd-debian.patch: Split into individual patches. * wifexited-const.patch: Quiltify fix from 2.0.5-1.1. * man-typo.patch: Remove trailing `s' from `delay_failed_login' and `delay_successful_login' in vsftpd.conf.5. Closes: #382154. * Switch to cdbs. * Remove dependency on libpam-runtime (>= 0.76-13.1) since we have 0.76-22 in sarge (and an unversioned dependency is already provided by libpam0g). * debian/copyright: Update upstream URL. * debian/vsftpd.files: Remove cruft. * debian/vsftpd.init.d: Remove pidfile on stop. * debian/vsftpd.postinst, debian/vsftpd.postrm: Use `set -e'. * debian/watch: Add. * Conforms to Standards version 3.7.2. -- Matej Vela Thu, 26 Oct 2006 10:55:25 +0200 vsftpd (2.0.5-1.1) unstable; urgency=medium * Non-maintainer upload. * Applied patch by Martin Michlmayr to fix compilation problem on 64bit architectures (closes: #386267). * Added dependency on netbase because of update-inetd call (closes: #386719) -- martin f. krafft Sat, 9 Sep 2006 18:25:37 +0200 vsftpd (2.0.5-1) unstable; urgency=low * New upstream release. - Added support for certificate chains (Closes: #307498). * Use quilt.make to manage changes to the upstream source. * Exclude libcap-dev build dependency for non-Linux architectures (Closes: #375026). * Mention trouble with background=yes in vsftpd.conf in the README file. * Create /var/run/vsftpd if necessary (Closes: #350996). -- Daniel Jacobowitz Sun, 23 Jul 2006 18:46:23 -0400 vsftpd (2.0.3-1) unstable; urgency=low * New upstream release (Closes: #300132). * Search for SSL certificates in /etc by default. * Improved documentation for SSL support (Closes: #266664). -- Daniel Jacobowitz Fri, 1 Apr 2005 22:47:55 -0500 vsftpd (2.0.1-1) unstable; urgency=low * New upstream release (Closes: #249977, #257773). - Includes SSL support. * Document that the capability module must be loaded if capabilities were built as a module (Closes: #252241, #257774). * Include an /etc/ftpusers to quiet a syslog warning (Closes: #249974). * Conflict with other FTP daemons now that we provide /etc/ftpusers. * Correct output formatting of init.d script (patch from Adeodato Simó ) (Closes: #246437). * Use common-auth and common-account PAM configuration files (Closes: #245233). -- Daniel Jacobowitz Sun, 11 Jul 2004 23:57:34 -0400 vsftpd (1.2.1-1) unstable; urgency=low * New upstream release. * Change default vsftpd.conf to run standalone (listen=YES) instead of from inetd (Closes: #200159). * Do not call update-inetd in postinst any more since we default to standalone operation (Closes: #163163). -- Daniel Jacobowitz Sat, 15 Nov 2003 19:42:21 -0500 vsftpd (1.2.0-4) unstable; urgency=high * Tweaks for init.d script, including starting the server if listen_ipv6 is specified (from Paul van Tilburg) (Closes: #212210). * Check for a listen configuration, but not in inetd - let the daemon start on an alternate port if it's configured to. -- Daniel Jacobowitz Tue, 23 Sep 2003 09:28:22 -0400 vsftpd (1.2.0-3) unstable; urgency=HIGH * Remove pam_ftp.so from the default PAM configuration. -- Daniel Jacobowitz Sun, 21 Sep 2003 14:03:39 -0400 vsftpd (1.2.0-2) unstable; urgency=low * Update for new PAM scheme. * Include more documentation from the source (Closes: #206312). -- Daniel Jacobowitz Tue, 26 Aug 2003 16:53:19 -0400 vsftpd (1.2.0-1) unstable; urgency=low * New upstream release. - Oops - make max_per_ip and max_clients work with the two process model when both connect_from_port_20 and chown_uploads are false (Closes: #171350). - Add ability for virtual users to use local privs non anon privs, via virtual_use_local_privs=YES (Closes: #172829). * Update README.Debian to describe virtual_use_local_privs. * Depend on adduser (Closes: #195277). * Include the FAQ. * Mention chroot_local_user in the sample configuration file. -- Daniel Jacobowitz Sun, 17 Aug 2003 11:47:35 -0400 vsftpd (1.1.3-3) unstable; urgency=low * Add /etc/init.d/vsftpd script for standalone mode, from Sander Smeenk. * Document the interaction between guest_enable and anonymous user configuration in README.Debian. -- Daniel Jacobowitz Mon, 27 Jan 2003 12:21:13 -0500 vsftpd (1.1.3-2) unstable; urgency=low * Brown bag. Fix install invocation in postinst (Closes: #168973). -- Daniel Jacobowitz Wed, 13 Nov 2002 13:51:24 -0500 vsftpd (1.1.3-1) unstable; urgency=low * New upstream release. - Adds tcpwrappers support (off by default, see vsftpd.conf(5)). -- Daniel Jacobowitz Mon, 11 Nov 2002 11:30:23 -0500 vsftpd (1.1.2-1) unstable; urgency=low * New upstream release. - Fixes port_promiscuous option (Closes: #167104). * Create /home/ftp owned by root (Closes: #163164). * Change the default value of pam_service_name to "vsftpd". If you had a custom configuration in /etc/pam.d/ftpd, you should either specify pam_service_name=ftp in vsftpd.conf or copy it to the new file. * Provide a default PAM configuration. * Update Standards-Version (no changes required, yay!). -- Daniel Jacobowitz Mon, 4 Nov 2002 17:36:33 -0500 vsftpd (1.1.0-2) unstable; urgency=low * Add FTP username on initial installation (Closes: #155353). * Rewrite README.Debian. * Use the included vsftpd(8) manual page. -- Daniel Jacobowitz Sun, 18 Aug 2002 14:59:02 -0400 vsftpd (1.1.0-1) unstable; urgency=low * New upstream release. - Fix for kernel warning about MSG_PEEK. - Change the meaning of anon_root and local_root (Closes: #140713). * Upstream removed the kernel 2.4.0 warning, so I've also removed the kernel 2.4.0 sanity check. 2.4.0 and 2.4.1 had plenty of other nasty bugs besides this one, so everyone should update if they haven't yet. * Update upstream URLs in debian/copyright (Closes: #142525). -- Daniel Jacobowitz Tue, 6 Aug 2002 15:06:30 -0400 vsftpd (1.0.0-2) unstable; urgency=low * Provide ftp-server, even though we do not conflict with others like the other ftp-servers do (Closes: #120354). -- Daniel Jacobowitz Sun, 27 Jan 2002 20:07:08 -0500 vsftpd (1.0.0-1) unstable; urgency=low * New upstream release; no code changes from 0.9.4pre4. * Change priority to extra. -- Daniel Jacobowitz Wed, 14 Nov 2001 10:21:02 -0500 vsftpd (0.9.4.0pre4-1) unstable; urgency=low * New upstream release. * Now uses libcap instead of direct kernel includes (Closes: #105168, #89424). -- Daniel Jacobowitz Mon, 12 Nov 2001 14:12:27 -0500 vsftpd (0.9.2-2) unstable; urgency=low * Brown bag fix; 2.4.[01] check objected to 2.4.10 (Closes: #113808). -- Daniel Jacobowitz Fri, 28 Sep 2001 15:21:19 -0400 vsftpd (0.9.2-1) unstable; urgency=low * New upstream version, with nifty features like bandwidth limiting. -- Daniel Jacobowitz Sat, 22 Sep 2001 12:47:38 -0400 vsftpd (0.9.1-1) unstable; urgency=low * New upstream version. * Add missingok to /etc/logrotate.d/vsftpd (Closes: #89736). -- Daniel Jacobowitz Thu, 31 May 2001 09:58:07 -0700 vsftpd (0.0.14-2) unstable; urgency=low * Add build dependency on libpam0g-dev. Oops. -- Daniel Jacobowitz Fri, 9 Mar 2001 01:07:26 -0500 vsftpd (0.0.14-1) unstable; urgency=low * Initial Release. * Create a man page for vsftpd(8). * Suggest logrotate and provide a logrotate.d entry. * Abort if kernel 2.4.0 or 2.4.1 is running. -- Daniel Jacobowitz Thu, 8 Mar 2001 01:24:06 -0500