- Update vsf_findlibs.sh to work on Ubuntu 11.10+ - Make listen mode the default. - Add -Werror to build flags. - Fix missing "const" in ssl.c - Add seccompsandbox.c to support a seccomp filter sandbox; works against Ubuntu 12.04 ABI. - Rearrange ftppolicy.c a bit so the syscall list is easily comparable with seccompsandbox.c - Rename deprecated "sandbox" to "ptrace_sandbox". - Add a few more state checks to the privileged helper processes. - Add tunable "seccomp_sandbox", default on. - Use hardened build flags. Distros of course override these and provide their own build flags but no harm in showing how it could be done. - Retry creating a PASV socket upon port reuse race between bind() and listen(), patch from Ralph Wuerthner <email@example.com>. - Don't die() if recv() indicates a closed remote connection. Problem report on a Windows client from Herbert van den Bergh, <firstname.lastname@example.org>. - Add new config setting "allow_writeable_chroot" to help people in a bit of a spot with the v2.3.5 defensive change. Only applies to non-anonymous. - Remove a couple of fixed things from BUGS. - strlen() trunction fix -- no particular impact. - Apply some tidyups from email@example.com. (vsftpd-3.0.0-pre1) - Fix delete_failed_uploads if there is a timeout. Report from Alejandro Hern醤dez Hdez <firstname.lastname@example.org>. - Fix other data channel bugs such as failure to log failure upon timeout. - Use exit codes a bit more consistently. - Fix bad interaction between SSL and trans_chunk_size. - Redo data timeout to fire properly for SSL sessions. - Redo idle timeout to fire properly for SSL sessions. - Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing. - Use 10 minutes as a max linger time just in case an alarm gets lost. (vsftpd-3.0.0-pre2) - Change PR_SET_NO_NEW_PRIVS define, from Kees Cook. - Add AES128-SHA to default SSL cipher suites for FileZilla compatibility. Unfortunately the default vsftpd SSL confiuration still doesn't fully work with FileZilla, because FileZilla has a data connection security problem: no client certificate presentation and no session reuse. At least the error message is now very clear. - Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst a data transfer is in progress. - Fix delete_failed_uploads for anonymous sessions. - Don't listen for urgent data if the control connection is SSL, due to possible protocol synchronization issues.