Merge vsftpd 3.0.2-18 (main) from Debian unstable (main)

Bug #1427884 reported by Artur Rona
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vsftpd (Ubuntu)
Fix Released
High
Unassigned

Bug Description

vsftpd (3.0.2-18) unstable; urgency=high

  * New debian/patches/0050-CVE-2015-1419.patch
    - Fix config option "deny_file" not always being handled correctly
      CVE-2015-1419 (Closes: #776922).
    - Thanks to Marcus Meissner.
  * Add year 2015 to debian/copyright.
  * debian/rules:
    - Remove override_dh_builddeb because xz compression is standard now.
  * debian/patches:
    - Refresh 0002-config.patch, 0004-link-local.patch, 0005-whitespaces.patch,
      0006-greedy.patch, 0007-utf8.patch, 0010-remote-dos.patch,
      0011-alpha.patch.
  * Remove debian/source/options because xz compression is standard now.
  * debian/vsftpd.postrm:
    - Remove systemd files and directories when purging.

 -- Jörg Frings-Fürst <email address hidden> Tue, 24 Feb 2015 16:42:25 +0100

vsftpd (3.0.2-17) unstable; urgency=medium

  * Add debian/patches/0035-address_space_limit.patch to increase the
    address space (LP: #1348972).
  * Add patches from Ubuntu:
    - 0040-disable-anonymous.patch to disable anonymous login in
      vsftpd.conf.
      + Change also vsftpd.man.5 and confs in EXPAMPLE.
    - 0045-seccomp-gettimeofday.patch to permit gettimeofday() in
      seccomp sandbox.
      Thanks to Robie Basak <email address hidden>.
    - Delete debian/patches/0016-seccomp.patch (replace with 0045-*).
  * Add Turkish debconf translation (Closes: #759883).
    Thanks to Mert Dirik <email address hidden>.
  * debian/control:
    - Change at vsftpd-dbg Architecture from linux-any to any.
    - Add Depends dialog to package vsftpd.
  * Add debian/vsftpd.bug-script.
  * Add debian/vsftpd.apport file from Ubuntu.
    Thanks to Andres Rodriguez <email address hidden>.
  * debian/rules:
    - Remove useless override_dh_installinit.
    - Add manuelly install of the apport file because dh-apport is missing
      in debian.
  * debian/vsftpd.lintian-overrides:
    - Add a comment to the override.

 -- Jörg Frings-Fürst <email address hidden> Tue, 07 Oct 2014 15:56:29 +0200

vsftpd (3.0.2-16) unstable; urgency=medium

  * New maintainer (Closes: #756094).
  * debian/control:
    - Set myself as maintainer.
    - Replace vacant Vcs to alioth.
    - Remove field "priority" in package vsftpd-dbg.
    - Bump Standards-Version to 3.9.6 (no changes required).
  * debian/source/options:
    - Set compression-level to 9 to save space.
  * debian/vsftpd.init:
    - Add "Default-Stop" for level 0 & 6.
  * debian/rules:
    - At dh_installinit add Stoplevel 0 & 6.
  * debian/vsftpd.service:
    - Remove obsolete target "syslog.target".
  * debian/vsftpd.lintian-overrides:
    - Add override "binary-without-manpage" for "/usr/bin/vsftpdwho",
      a 3 line shell script.
  * debian/copyright:
    - Add myself to the list of authors for debian/*.
    - Add Daniel Jacobowitz for *.
  * New debian/patches/0020-manpage-hyphen.patch.
    - Escape minus in all manpages.
  * New debian/patches/0025-unconditional_utf8_report.patch.
    - Remove unconditional UTF-8 report, as conditional report
      is enabled per 0007-utf8.patch (Closes: 754449).
      Thanks to: Bartos-Elekes Zsolt <email address hidden>!
  * New debian/patches/0030-kfreebsd.patch (Closes: #756794).
    - Add condition for missing libcab{2}-dev on kfreebsd*.
      Thanks to: Steven Chamberlain <email address hidden>!
  * Add DEP8 tests (Closes: #746480).
    - Thanks to: Robie Basak <email address hidden>!
  * debian/vsftpd.init:
    - Add while loop to prevent error on
      slow PID file generation (Closes: #754762).
      Thanks to: Stephen Powell <email address hidden>!
  * New missing debian/watch.

 -- Jörg Frings-Fürst <email address hidden> Tue, 30 Sep 2014 07:30:37 +0200

vsftpd (3.0.2-15) unstable; urgency=low

  * Adding patch from Robie Basak <email address hidden> to permit
    gettimeofday() in seccomp sandbox to fix log message generation.
  * I don't care anymore, not worth it.. orphaning.

 -- Daniel Baumann <email address hidden> Fri, 25 Jul 2014 16:39:45 +0200

CVE References

Revision history for this message
Artur Rona (ari-tczew) wrote :
Revision history for this message
Artur Rona (ari-tczew) wrote :
Changed in vsftpd (Ubuntu):
importance: Undecided → High
status: New → Confirmed
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I looked at the debian-ubuntu debdiff, and it FTBFS because you dropped dh-apport from debian/control.

How did you get this to compile?

Please fix it, and test compile this before submitting it again.

Changed in vsftpd (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Artur Rona (ari-tczew) wrote :

Sorry, but I did test build on pbuilder. It builds fine and pulls dh-apport automatically. See attachment.

Revision history for this message
Artur Rona (ari-tczew) wrote :

Depends: debhelper (>= 9), dh-apport, dh-systemd, libcap2-dev, libpam0g-dev, libssl-dev, libwrap0-dev
[...]
 pbuilder-satisfydepends-dummy depends on dh-apport; however:
  Package dh-apport is not installed.
[...]
The following NEW packages will be installed:
  bsdmainutils{a} debhelper{a} dh-apparmor{a} dh-apport{a} dh-systemd{a}
[...]
Writing extended state information...
Get: 1 http://archive.ubuntu.com/ubuntu/ vivid/main dh-apport all 2.16.2-0ubuntu1 [7366 B]
[...]
Preparing to unpack .../dh-apport_2.16.2-0ubuntu1_all.deb ...
Unpacking dh-apport (2.16.2-0ubuntu1)

Changed in vsftpd (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Artur Rona (ari-tczew) wrote :

I tested a build on my PPA and there were FTBFS. I don't know what is wrong with my pbuilder locally, but I'm attaching a fixed debdiff included B-D on dh-apport.

Revision history for this message
Artur Rona (ari-tczew) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiff in comment #6, uploaded to vivid.

Thanks!

Changed in vsftpd (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.3 KiB)

This bug was fixed in the package vsftpd - 3.0.2-18ubuntu1

---------------
vsftpd (3.0.2-18ubuntu1) vivid; urgency=low

  * Merge from Debian unstable. (LP: #1427884) Remaining changes:
    - debian/control, debian/rules:
      + Add Apport hook.
    - debian/vsftpd.init, debian/vsftpd.upstart:
      + Migrate to upstart.
  * Drop following changes, fixed in Debian:
    - ubuntu-disable-anonymous.patch -> 0040-disable-anonymous.patch
    - ubuntu-seccomp-gettimeofday.patch -> 0045-seccomp-gettimeofday.patch
    - debian/tests/*, debian/control: Add dep8 test.
    - debian/watch: It doesn't work anymore.
    - debian/vsftpd.apport: Add Apport hook.

vsftpd (3.0.2-18) unstable; urgency=high

  * New debian/patches/0050-CVE-2015-1419.patch
    - Fix config option "deny_file" not always being handled correctly
      CVE-2015-1419 (Closes: #776922).
    - Thanks to Marcus Meissner.
  * Add year 2015 to debian/copyright.
  * debian/rules:
    - Remove override_dh_builddeb because xz compression is standard now.
  * debian/patches:
    - Refresh 0002-config.patch, 0004-link-local.patch, 0005-whitespaces.patch,
      0006-greedy.patch, 0007-utf8.patch, 0010-remote-dos.patch,
      0011-alpha.patch.
  * Remove debian/source/options because xz compression is standard now.
  * debian/vsftpd.postrm:
    - Remove systemd files and directories when purging.

vsftpd (3.0.2-17) unstable; urgency=medium

  * Add debian/patches/0035-address_space_limit.patch to increase the
    address space (LP: #1348972).
  * Add patches from Ubuntu:
    - 0040-disable-anonymous.patch to disable anonymous login in
      vsftpd.conf.
      + Change also vsftpd.man.5 and confs in EXPAMPLE.
    - 0045-seccomp-gettimeofday.patch to permit gettimeofday() in
      seccomp sandbox.
      Thanks to Robie Basak <email address hidden>.
    - Delete debian/patches/0016-seccomp.patch (replace with 0045-*).
  * Add Turkish debconf translation (Closes: #759883).
    Thanks to Mert Dirik <email address hidden>.
  * debian/control:
    - Change at vsftpd-dbg Architecture from linux-any to any.
    - Add Depends dialog to package vsftpd.
  * Add debian/vsftpd.bug-script.
  * Add debian/vsftpd.apport file from Ubuntu.
    Thanks to Andres Rodriguez <email address hidden>.
  * debian/rules:
    - Remove useless override_dh_installinit.
    - Add manuelly install of the apport file because dh-apport is missing
      in debian.
  * debian/vsftpd.lintian-overrides:
    - Add a comment to the override.

vsftpd (3.0.2-16) unstable; urgency=medium

  * New maintainer (Closes: #756094).
  * debian/control:
    - Set myself as maintainer.
    - Replace vacant Vcs to alioth.
    - Remove field "priority" in package vsftpd-dbg.
    - Bump Standards-Version to 3.9.6 (no changes required).
  * debian/source/options:
    - Set compression-level to 9 to save space.
  * debian/vsftpd.init:
    - Add "Default-Stop" for level 0 & 6.
  * debian/rules:
    - At dh_installinit add Stoplevel 0 & 6.
  * debian/vsftpd.service:
    - Remove obsolete target "syslog.target".
  * debian/vsftpd.lintian-overrides:
    - Add override "binary-without-manpage" for "/usr/bin/vsftpdwho",
      a 3 line shell script.
  * debi...

Read more...

Changed in vsftpd (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.