vsftpd 3.0.0 正式版发布 - 开源中国社区
vsftpd 3.0.0 正式版发布
fei 2012年04月10日

vsftpd 3.0.0 正式版发布

fei fei 发布于2012年04月10日 收藏 1 评论 1

腾讯云 十分钟定制你的第一个小程序>>>  

三大ftpd之一的Vsftpd发布3.0.0正式版.2012-04-10.上个版本是2011-12-19的2.3.5 经过两个pre它的不过web主站一直上不去.对比proftpd和pure-ftpd,vsftpd的性能最快,安全性也很好。


或者直接下载 ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-3.0.0/



- Update vsf_findlibs.sh to work on Ubuntu 11.10+
- Make listen mode the default.
- Add -Werror to build flags.
- Fix missing "const" in ssl.c
- Add seccompsandbox.c to support a seccomp filter sandbox; works against Ubuntu
12.04 ABI.
- Rearrange ftppolicy.c a bit so the syscall list is easily comparable with
- Rename deprecated "sandbox" to "ptrace_sandbox".
- Add a few more state checks to the privileged helper processes.
- Add tunable "seccomp_sandbox", default on.
- Use hardened build flags. Distros of course override these and provide their
own build flags but no harm in showing how it could be done.
- Retry creating a PASV socket upon port reuse race between bind() and listen(),
patch from Ralph Wuerthner <ralph.wuerthner@de.ibm.com>.
- Don't die() if recv() indicates a closed remote connection. Problem report
on a Windows client from Herbert van den Bergh,
- Add new config setting "allow_writeable_chroot" to help people in a bit of
a spot with the v2.3.5 defensive change. Only applies to non-anonymous.
- Remove a couple of fixed things from BUGS.
- strlen() trunction fix -- no particular impact.
- Apply some tidyups from mmoufid@yorku.ca.
- Fix delete_failed_uploads if there is a timeout. Report from Alejandro
Hern醤dez Hdez <aalejandrohdez@gmail.com>.
- Fix other data channel bugs such as failure to log failure upon timeout.
- Use exit codes a bit more consistently.
- Fix bad interaction between SSL and trans_chunk_size.
- Redo data timeout to fire properly for SSL sessions.
- Redo idle timeout to fire properly for SSL sessions.
- Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing.
- Use 10 minutes as a max linger time just in case an alarm gets lost.
- Change PR_SET_NO_NEW_PRIVS define, from Kees Cook.
- Add AES128-SHA to default SSL cipher suites for FileZilla compatibility.
Unfortunately the default vsftpd SSL confiuration still doesn't fully work
with FileZilla, because FileZilla has a data connection security problem:
no client certificate presentation and no session reuse. At least the error
message is now very clear.
- Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst
a data transfer is in progress.
- Fix delete_failed_uploads for anonymous sessions.
- Don't listen for urgent data if the control connection is SSL, due to possible
protocol synchronization issues.
转载请注明:文章转载自 开源中国社区 [http://www.oschina.net]
本文标题:vsftpd 3.0.0 正式版发布
vsftpd 3.0.xbug比较严重的:
bug1:vsftpd: PAM audit_log_acct_message() failed: Operation not permitted (此bug在google上反映的人很多,他们都向官方提交bug了,截止3.0.2,官方也没能发布fix。)
bug2 :500 OOPS: priv_sock_get_cmd (此bug的出现与新版的沙盒技术有关,关闭沙盒功能即可避免出现,这个功能不成熟,是属于让人头疼的)