Updating vsftpd to 2.0.7?

Sat Sep 13 16:55:42 UTC 2008

Hi everyone,

I'd like your opinion about a possible update of vsftpd from 2.0.6 to 2.0.7.
I know we're past FF, but I didn't care about it earlier, thinking the package
would have been updated in Debian and synced/merged to Ubuntu. Obviously it
isn't the case, and I was told that no one in particular takes care of that
package in Ubuntu.

The main reason for which I'd like 2.0.7 is because it fixes a bug [1] that
makes it impossible to connect with FTPS using a recent version of FileZilla.
(This is by the way a fix I'd like to backport to hardy-updates).

- Shutdown the SSL data connections properly. This prevents clients such as
recent FileZilla from complaining. Reported by various people.

[1] https://launchpad.net/bugs/254905

Moreover, the changelog [2] is pretty small. Some changes don't affect us or are
trivial, some are bug fixes, and 2 are added config options.

 - Fix finding libcap for the link on Slackware systems, thanks to Roman
 Kravchenko <roman at atech.lv>.
 - Fix build on Solaris 2.8 due to non-standard C, thanks to IIDA Yosiaki
  <y-iida at secom.co.jp>.
 - Fix man page typo, thanks Matt Selsky <selsky at columbia.edu>.
 - Bring the PASV listen() into the bind() retry loop to resolve a race under
 extreme load. Thanks to Curtis Taylor <cjt at us.ibm.com>.
 - Enhance logging for debug_ssl.
 - Shutdown the SSL data connections properly. This prevents clients such as
 recent FileZilla from complaining. Reported by various people.
 - Add option to enforce proper SSL shutdown on uploads. Left it off after much
 agonizing because clients are so broken in this area.
 - Add option to delete failed uploads.

[2] ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.7/Changelog

The diffstat looks like this:

 Changelog       |   17 ++++++
 README          |    2 
 ftpdataio.c     |    6 +-
 ftpdataio.h     |    5 +-
 parseconf.c     |    4 +
 postlogin.c     |   33 ++++++++++---
 privops.c       |    3 -
 readwrite.c     |    4 -
 readwrite.h     |    3 -
 ssl.c           |  138 +++++++++++++++++++++++++++++++++++++++++++++++++-------
 ssl.h           |    4 -
 standalone.c    |    6 ++
 sysutil.c       |   12 +++-
 sysutil.h       |    2 
 tunables.c      |    4 +
 tunables.h      |    4 +
 vsf_findlibs.sh |    1 
 vsftpd.conf.5   |   32 ++++++++++++
 vsftpver.h      |    2 
 19 files changed, 239 insertions(+), 43 deletions(-)

This update doesn't seem to require any packaging change. The few tests I've
done so far were successful.

What do you think about this?

If there is no strong opposition, I'll file an FFe request as soon as possible,
so that we can hopefully get this in before Alpha 6 freeze.

-- 
Adrien Cunin aka Adri2000
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080913/59b70c6a/attachment.pgp>