![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / net / proftpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.15 / (download) - annotate - [select for diffs], Fri Jul 7 11:44:35 2023 UTC (2 months, 3 weeks ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
HEAD
Changes since 1.14: +2 -2
lines
Diff to previous 1.14 (colored)
proftpd: Update to 1.3.7f, and fix msgfmt. 1.3.7f ------- 1.3.7e ------- + Ensure that mod_sftp algorithms work properly when OpenSSL 3.x is used. 1.3.7d ------- + Improved consistency/support for name-based virtual hosts. + Fixed crashes due to very long lines in AuthGroupFiles (Issue #1321).
Revision 1.14 / (download) - annotate - [select for diffs], Mon Sep 19 17:36:25 2022 UTC (12 months, 1 week ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.13: +2 -1
lines
Diff to previous 1.13 (colored)
proftpd: Apply CHECK_RELRO_SKIP when building modules to fix their build.
Revision 1.13 / (download) - annotate - [select for diffs], Sat Oct 16 19:46:41 2021 UTC (23 months, 1 week ago) by tm
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4
Changes since 1.12: +5 -2
lines
Diff to previous 1.12 (colored)
Update proftpd to 1.3.7c
1.3.7c
+ Fix memory disclosure to RADIUS servers by mod_radius (Issue #1284).
+ PCRE expressions with capture groups were not being handled properly
(Issue #1300).
1.3.7b
+ Fixed occasional segfaults with FTPS data transfers using TLSv1.3, when
session tickets cannot be decrypted (Issue #1063).
+ Passive transfers fail unexpectedly due to use of SO_REUSEPORT socket
option (Issue #1171).
+ Implemented support for Redis 6.x AUTH semantics (Issue #1070).
+ Fixed memory use-after-free issue in mod_sftp which can cause unexpected
login/authentication issues.
+ Fixed SQL syntax regression for some generated SQL statements
(Issue #1149).
+ Fixed "Corrupted MAC on inptut" errors when SFTP uses the
umac-64@openssh.com digest (Issue #1111).
1.3.7a
+ Fix build-time regression when using the --localstatedir configure option.
1.3.7
+ Support the SOURCE_DATE_EPOCH environment variable, for reproducible
builds (Issue #1038).
1.3.7rc4
+ Implemented support for configuring certificate options for LDAP
connections using SSL/TLS.
+ Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
+ Fixed handling of IPv6 addresses in From directives (Issue #682).
+ Added -b and -n command-line options to ftptop.
+ Ignore supplemental groups when run as non-root user (Issue #808).
+ Use re-entrant versions of time functions where available (Issue #983).
+ New Configuration Directives
BanOptions
The BanOptions directive is used to tune mod_ban behavior, such as
creating ban entries that match/apply to all <VirtualHost> sections.
See doc/contrib/mod_ban.html#BanOptions for more details.
LDAPUseSASL
The LDAPUseSASL directive configures a list of SASL authentication
mechanisms to use, when using the LDAPBindDN to bind to the LDAP
server. See doc/contrib/mod_ldap.html#LDAPUseSASL for details.
LogOptions
The LogOptions directive is used to modify the default logging format
for ProFTPD syslog, debug, and module logging. See
doc/modules/mod_log.html#LogOptions for more information.
SQLKeepAlive
The SQLKeepAlive directive configures a periodic "keepalive" query
for ensuring the connection between mod_sql and the backend database
server. See doc/contrib/mod_sql.html#SQLKeepAlive for more information.
+ Changed Configuration Directives
LDAPServer
The LDAPServer directive now supports configuring the trusted CA
file, client certificate and key files, SSL ciphers, and verification
policies for LDAP connections. See doc/contrib/mod_ldap.html#LDAPServer
for more details.
TraceOptions
The TraceOptions directive now supports a "Timestamp" option, for
disabling inclusion of timestamps in Trace logs.
+ Developer notes
When MaxLoginAttempts is reach, the POST_CMD_ERR/LOG_CMD_ERR command
handler phases will now run. This allows interested modules, such
as mod_exec and others, to react to these events (Issue #718).
1.3.7rc3
+ Fixed regression in directory listing latency (Issue #863).
+ Fixed use-after-free vulnerability during data transfers (Issue #903).
+ Addressed out-of-bounds read in mod_cap by removing bundled libcap, and
relying solely on the system-provided libcap (Issue #902). Note that
building ProFTPD from source will *not* automatically include the
mod_cap module, unless the libcap library is available.
+ mod_sftp now supports OpenSSH-specific private host keys (Issue #793).
Newer versions of OpenSSH ssh-keygen(1) automatically generate private
keys formatted with this OpenSSH-specific format.
+ mod_sftp now supports Ed25519 keys (Bug #4221).
+ mod_sftp now supports RSA SHA-2 publickey signatures, per RFC 8332
(Issue #907).
+ mod_tls now honors client-provided SNI as part of the TLS handshake,
for implementing name-based virtual hosts via TLS SNI.
+ Changed Configuration Directives
LogFormat %{transfer-port}
The LogFormat directive supports a %{transfer-port} variable for
logging the selected data transfer port.
SFTPOptions NoExtensionNegotiation
The mod_sftp module now supports SSH extension negotations (RFC 8332).
If there any issues with this support, it can be disabled using:
SFTPOptions NoExtensionNegotiation
SQLAuthTypes bcrypt
The mod_sql_passwd module now supports bcrypt-encrypted passwords.
This can be enabled using:
SQLAuthTypes bcrypt
in your mod_sql configuration. See doc/contrib/mod_sql_password.html
for more information.
TLSOption IgnoreSNI
The TLSOption directive now supports an "IgnoreSNI" setting, to
tell mod_tls to ignore/not use any SNI, provided by the client in the
TLS handshake, for determining any name-based virtual hosts. See
doc/contrib/mod_tls.html#TLSOption for more details.
+ Added API
FSIO pread(2), pwrite(2) (Issue#317)
1.3.7rc2
+ Fixed pre-authentication remote denial-of-service issue (Issue #846,
CVE-2019-18217).
1.3.7rc1
+ RootRevoke is now on by default, meaning that once authentication succeeds,
all root privileges are dropped by default, unless the UserOwner directive
(which requires root privileges) is used (Bug#4241).
+ The mod_ident module is no longer automatically built by default.
To include the mod_ident module in the build, it must be explicitly
requested via --enable-ident or --with-shared=mod_ident.
This means that configuration files using the IdentLookups directive
will now want to using an enclosing <IfModule> section, like so:
<IfModule mod_ident.c>
IdentLookups off
</IfModule>
+ The mod_tls module now performs basic sanity checks of configured TLS
files on startup (Issue#491).
+ The mod_deflate module now supports MODE Z data transfers when TLS
is used (Issue#505).
+ The mod_xfer module now supports the RANG FTP command; see
https://tools.ietf.org/html/draft-bryan-ftp-range-08 (Issue#351).
+ The ftpasswd script now supports a --change-home option, for changing
the home directory of a user in an AuthUserFile (Issue#566).
+ The ftpasswd script supports deleting a user from a group (Issue#620).
+ Refactored the LogFormat handling code so that it is not longer
duplicated by mod_log, mod_sql, etc. The new Jot API is the common API
to be used by modules for LogFormat variables and logging.
+ Generated new DH parameters for mod_sftp, mod_tls.
+ New Configuration Directives
AuthFileOptions
The mod_auth_file module supports a configuration directive for disabling
its requirement for secure permissions on configured
AuthUserFile/AuthGroupFile. See
doc/modules/mod_auth_file.html#AuthFileOptions for information.
RedisLogOnEvent
The mod_redis module can be configured to log JSON messages based on
specified events (Issue#392). See the
doc/modules/mod_redis.html#RedisLogOnEvent documentation for details.
RedisOptions
The mod_redis module now implements a RedisOptions directive, for tuning
some of the module behavior (Issue#477). The
doc/modules/mod_redis.html#RedisOptions documentation has more details.
RedisSentinel
The mod_redis module now supports use of Redis Sentinels (Issue#396);
see doc/modules/mod_redis.html#RedisSentinel.
+ Changed Configuration Directives
AllowForeignAddress class-name
The AllowForeignAddress directive supports a Class name, for finer-grained
control over which clients are allowed to use foreign/mismatching IP
addresses for transfers. See
doc/modules/mod_core.html#AllowForeignAddress for more information.
ExecEnviron %b
The ExecEnviron directive has been fixed to properly resolve the %b
LogFormat variable (Issue#515).
RedisServer db-index (Issue#550)
The mod_redis module can now be configured to select a database index
via the RedisServer directive (Issue#550). See the
doc/modules/mod_redis.html#RedisServer documentation for details.
RewriteMap idnatrans
The mod_rewrite module can now support rewriting `idn` to `idna`
formats (Issue#231). See the doc/modules/mod_rewrite#RewriteMap for
details on how to do so.
RootRevoke on
The RootRevoke directive is now enabled by default (Bug#4241). This
makes for more secure configurations/sessions out-of-the-box. See
doc/modules/mod_auth.html#RootRevoke for more information.
SFTPCiphers, SFTPDigests
Some weak algorithms are now disabled by default in mod_sftp (Bug#4279).
These algorithms, if need be, can be explicitly enabled by configuration;
they are just not enabled automatically. For list of the algorithms
affected, see doc/contrib/mod_sftp.html#SFTPCiphers,
doc/contrib/mod_sftp.html#SFTPDigests.
SFTPOptions IncludeSFTPTimes
The SFTOptions directive of mod_sftp now supports an option for explicitly
including the timestamps of files when SFTP protocol 4 and higher are
used, even if the SFTP client did not request these timestamps. This
works around a bug in the popular Rebex SFTP library; see
doc/contrib/mod_sftp.html#SFTPOptions for details.
TLSProtocol TLSv1.3
The mod_tls module, and its TLSProtocol directive, now support TLSv1.3
(Issue#536). See doc/contrib/mod_tls.html#TLSProtocol for more
information.
TLSServerCipherPreference
The TLSServerCipherPreference directive is now enabled by default.
See doc/contrib/mod_tls.html#TLSServerCipherPrefrence.
TLSStaplingOptions NoFakeTryLater
Some TLS clients have trouble with the "fake" OCSP response that mod_tls
might stable, when the client requested stapled OCSP responses and
mod_tls is unable to contact the OCSP responder. Use this option to
disable such fake responses (Issue#518):
TLSStaplingOptions NoFakeTryLater
See doc/contrib/mod_tls.html#TLSStaplingOptions for details.
+ Removed Configuration Directives
The following directives have been removed:
GroupPassword
LoginPasswordPrompt
TransferPriority
Revision 1.12 / (download) - annotate - [select for diffs], Sun May 10 14:22:48 2020 UTC (3 years, 4 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.11: +2 -1
lines
Diff to previous 1.11 (colored)
net/proftpd: skip check for unknown configure options
Revision 1.11 / (download) - annotate - [select for diffs], Mon Apr 20 12:50:02 2020 UTC (3 years, 5 months ago) by christos
Branch: MAIN
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
Upgrade to 1.3.6c:
1.3.6c
---------
+ Fixed regression in directory listing latency (Issue #863).
+ Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for
converting them to supported format.
+ Fixed use-after-free vulnerability during data transfers (Issue #903).
+ Fixed out-of-bounds read in mod_cap by updating the bundled libcap
(Issue #902).
1.3.6b
---------
+ Fixed pre-authentication remote denial-of-service issue (Issue #846).
+ Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824).
1.3.6a
---------
+ Fixed symlink navigation (Bug#4332).
+ Fixed building of mod_sftp using OpenSSL 1.1.x releases (Issue#674).
+ Fixed SITE COPY honoring of <Limit> restrictions (Bug#4372).
+ Fixed segfault on login when using mod_sftp + mod_sftp_pam (Issue#656).
+ Fixed restarts when using mod_facl as a static module.
Revision 1.10 / (download) - annotate - [select for diffs], Mon Dec 9 19:22:57 2019 UTC (3 years, 9 months ago) by nros
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base,
pkgsrc-2020Q1,
pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.9: +3 -2
lines
Diff to previous 1.9 (colored)
Fix compilation on platforms that need sys/loadavg.h for loadavg Make mod_load look for sys/loadavg.h using configure and include it if found.
Revision 1.9 / (download) - annotate - [select for diffs], Sun Oct 13 19:52:47 2019 UTC (3 years, 11 months ago) by maya
Branch: MAIN
Changes since 1.8: +5 -2
lines
Diff to previous 1.8 (colored)
proftpd: add a configure check for blacklist, instead of assuming it always exists. helps non-netbsd/non-freebsd.
Revision 1.8 / (download) - annotate - [select for diffs], Mon Oct 7 19:29:47 2019 UTC (3 years, 11 months ago) by christos
Branch: MAIN
Changes since 1.7: +5 -5
lines
Diff to previous 1.7 (colored)
- update to 1.3.6 - add blacklistd support.
Revision 1.7 / (download) - annotate - [select for diffs], Tue May 14 11:39:38 2019 UTC (4 years, 4 months ago) by kim
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3,
pkgsrc-2019Q2-base,
pkgsrc-2019Q2
Changes since 1.6: +2 -2
lines
Diff to previous 1.6 (colored)
Update MAINTAINER
Revision 1.6 / (download) - annotate - [select for diffs], Wed Oct 4 15:46:46 2017 UTC (5 years, 11 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4
Changes since 1.5: +3 -2
lines
Diff to previous 1.5 (colored)
proftpd: Skip SSP checks on archive libraries.
Revision 1.4.2.1 / (download) - annotate - [select for diffs], Wed Apr 5 21:54:27 2017 UTC (6 years, 5 months ago) by spz
Branch: pkgsrc-2017Q1
Changes since 1.4: +7 -3
lines
Diff to previous 1.4 (colored) next main 1.5 (colored)
Pullup ticket #5244 - requested by kim
net/proftpd-postgresql: security update
net/proftpd-sqlite; security update
net/proftpd: security update
Revisions pulled up:
- net/proftpd-postgresql/Makefile 1.3
- net/proftpd-sqlite/Makefile 1.6
- net/proftpd/Makefile 1.85
- net/proftpd/Makefile.common 1.5
- net/proftpd/distinfo 1.46
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: kim
Date: Wed Apr 5 17:36:00 UTC 2017
Modified Files:
pkgsrc/net/proftpd: Makefile Makefile.common distinfo
pkgsrc/net/proftpd-postgresql: Makefile
pkgsrc/net/proftpd-sqlite: Makefile
Log Message:
Update net/proftpd (and modules) to 1.3.5d with a fix for CVE-2017-7418
1.3.5d - Released 15-Jan-2017
--------------------------------
- Bug 4283 - All FTP logins treated as anonymous logins again. This is a
regression of Bug#3307.
1.3.5c - Released 14-Jan-2017
--------------------------------
- Bug 4254 - SSH rekey during authentication can cause issues with clients.
- Bug 4257 - Recursive SCP uploads of multiple directories not handled properly.
- Bug 4259 - LIST returns different results for file, depending on path syntax.
- Bug 4255 - "AuthAliasOnly on" in server config breaks anonymous logins.
- Bug 4272 - CapabilitiesEngine directive not honored for <IfUser>/<IfGroup>
sections.
- Bug 4275 - Support OpenSSL 1.1.x API.
- Bug 4278 - Memory leak when mod_facl is used.
To generate a diff of this commit:
cvs rdiff -u -r1.84 -r1.85 pkgsrc/net/proftpd/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/proftpd/Makefile.common
cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/proftpd/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/proftpd-postgresql/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/proftpd-sqlite/Makefile
Revision 1.5 / (download) - annotate - [select for diffs], Wed Apr 5 17:36:00 2017 UTC (6 years, 5 months ago) by kim
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.4: +7 -3
lines
Diff to previous 1.4 (colored)
Update net/proftpd (and modules) to 1.3.5d with a fix for CVE-2017-7418 1.3.5d - Released 15-Jan-2017 -------------------------------- - Bug 4283 - All FTP logins treated as anonymous logins again. This is a regression of Bug#3307. 1.3.5c - Released 14-Jan-2017 -------------------------------- - Bug 4254 - SSH rekey during authentication can cause issues with clients. - Bug 4257 - Recursive SCP uploads of multiple directories not handled properly. - Bug 4259 - LIST returns different results for file, depending on path syntax. - Bug 4255 - "AuthAliasOnly on" in server config breaks anonymous logins. - Bug 4272 - CapabilitiesEngine directive not honored for <IfUser>/<IfGroup> sections. - Bug 4275 - Support OpenSSL 1.1.x API. - Bug 4278 - Memory leak when mod_facl is used.
Revision 1.4 / (download) - annotate - [select for diffs], Thu Jan 19 18:52:20 2017 UTC (6 years, 8 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.3: +4 -4
lines
Diff to previous 1.3 (colored)
Convert all occurrences (353 by my count) of MASTER_SITES= site1 \ site2 style continuation lines to be simple repeated MASTER_SITES+= site1 MASTER_SITES+= site2 lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint accordingly.
Revision 1.3 / (download) - annotate - [select for diffs], Mon Mar 14 22:47:10 2016 UTC (7 years, 6 months ago) by wiedi
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
Update net/proftpd (and modules) to 1.3.5b 1.3.5b - Released 10-Mar-2016 -------------------------------- - Bug 4187 - mod_geoip does not load all of the GeoIPTables properly. - Bug 4191 - "Incorrect string value" reported by mod_sql_mysql for some UTF8 characters. - Bug 4097 - SSH rekey fails when using RSA hostkey smaller than 2048 bits. - Bug 4198 - MLSD/MLST fact type "cdir" is incorrectly used for the current working directory. - Bug 4201 - HiddenStores temporary files not removed when exceeding quota using SCP. - Bug 4202 - MLSD lines not properly terminated with CRLF. - Bug 4209 - Zero-length memory allocation possible, with undefined results. - Bug 4210 - Avoid unbounded SFTP extended attribute key/values. - Bug 4212 - Ensure that FTP data transfer commands fail appropriately when "RootRevoke on" is in effect. - Bug 4217 - Handle FTP re-authentication attempts better. - Bug 4223 - Permissions on files uploaded via STOU do not honor configured Umask. - Bug 4227 - Support SFTP clients that send multiple INIT requests. - Bug 4230 - TLSDHParamFile directive appears ignored because unexpected DH is chosen.
Revision 1.2 / (download) - annotate - [select for diffs], Fri Oct 23 08:37:35 2015 UTC (7 years, 11 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.1: +2 -1
lines
Diff to previous 1.1 (colored)
Needs zlib. Fixes build at least on SunOS.
Revision 1.1 / (download) - annotate - [select for diffs], Fri Sep 25 10:01:37 2015 UTC (8 years ago) by wiedi
Branch: MAIN
Package ProFTPD using DSO (Dynamic Shared Objects) support. This is preferable for binary package use as it allowes the user to choose which features to enable by changeing the configuration file instead of recompiling. This is also how ProFTPD is usually packaged in other systems. For details about ProFTPD and DSO see: http://www.proftpd.org/docs/howto/DSO.html This change removes the following PKG_OPTIONS.proftpd: ban, ldap, mysql, pgsql, proftpd-readme, quota, tls and wrap The modules that were previously compiled when enabling ban, proftpd-readme, quota or tls are now always included. To load them use a configuration directive like: LoadModule mod_ban.c In addition the proftpd package includes by default many other modules that were previously unavailble like: mod_load, mod_radius, mod_sftp and more. The module that was provided by the wrap option is replaced by the wrap2 module which is also always included. The ldap option is superseded by the proftpd-ldap package. The mysql option is superseded by the proftpd-mysql package. The pgsql option is superseded by the proftpd-postgresql package. Using proftpd-postgresql will create one binary package for each PostgreSQL version in pkgsrc. In addition the following added packages provide new functionality: - proftpd-geoip (access GeoIP details) - proftpd-memcached (mod_memcache and mod_tls_memcache) - proftpd-odbc (access any ODBC database) - proftpd-sqlite (access to sqlite3)