Up to [cvs.NetBSD.org] / pkgsrc / net / proftpd
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
remove dead sites
proftpd*: update to 1.3.8b 1.3.8b - Released 19-Dec-2023 -------------------------------- - Issue 1735 - Compiling ProFTPD 1.3.8a mod_sftp, mod_tls using libressl 3.7.3 fails. - Issue 1756 - Build system fails for specific module names. - Issue 1760 - mod_sftp is affected by "Terrapin" Prefix Truncation Attacks in SSH Specification (CVE-2023-48795). 1.3.8a - Released 08-Oct-2023 -------------------------------- - Issue 1581 - mod_sftp fails to handle SFTP requests to truncate files to zero size. - Issue 1584 - mod_sftp improperly handles SFTP WRITE requests for files opened for appending. - Issue 1568 - Build-time detection of Linux POSIX ACL support broken since 1.3.8rc2. - Issue 1590 - Unable to load mod_rewrite as a dynamic module due to incomplete/missing library linker flags. - Issue 1597 - <Class> section is allowed to be in <Global>, but From directive is not. - Issue 1617 - ExtendedLog SSH, SFTP classes not working as expected. - Issue 1646 - mod_sftp does not handle multiple concurrent open file handles/transfers well for logging. - Issue 1679 - "TLSRequired off" plus Protocols directive causes mod_tls to terminate the session abruptly. - Issue 1689 - mod_tls fails to compile against OpenSSL 3.0.8 due to missing ENGINE_METHOD_ flags. - Issue 1659 - Unknown named connection error when using different SQL backends. - Issue 1697 - mod_sql is not properly closing all named backend connections on session exit. - Issue 1694 - SSH key exchanges fail unexpectedly with "unable to write X bytes of raw data" errors due to small ProFTPD buffer. - Issue 1678 - High session memory usage caused by SFTP outgoing data buffering. - Issue 1683 - Out-of-bounds buffer read when handling FTP commands. - Issue 1712 - SFTP algorithm settings in <Global> section not being used. 1.3.8 - Released 04-Dec-2022 -------------------------------- - Issue 1488 - 1.3.8rc4 failing to build mod_sftp with OpenSSL 1.1.0 due to X448 check. - Issue 1494 - 1.3.8rc4 failing to build on Solaris due to missing type declarations. - Issue 1500 - mod_ifsession doesn't change the effect of SFTPMaxChannels. - Issue 1533 - mod_tls module unexpectedly allows TLS handshake after authentication in some configurations. - Issue 1528 - Disable FSCachePolicy by default. - Issue 1539 - Avoid logging "session closed" messages unless there is a corresponding "session opened" log message, to avoid user confusion. - Issue 1550 - Implement support for the CSID FTP command. - Bug 4491 - unable to verify signed data: signature type 'rsa-sha2-512' does not match publickey algorithm 'ssh-rsa'. - Issue 1560 - mod_auth_otp improperly allows keyboard-interactive logins for users lacking OTP entries. 1.3.8rc4 - Released 23-Jul-2022 -------------------------------- - Issue 1434 - mod_sftp should fail on startup when SFTP and TLS are both enabled for a vhost. - Issue 1440 - DelayTable not properly using documented default value. This is a regression caused by the changes for Bug#4020. - Issue 1444 - Support customizing SSH ciphers, digests, key exchanges via SFTPClientMatch. - Issue 1448 - Ensure that mod_sftp algorithms work properly with OpenSSL 3.x. - Issue 1445 - BanOnEvent BadProtocol triggers segfault. - Issue 1439 - SFTP "check-file" implementation computes incorrect results. - Issue 1457 - Implement SFTPHostKeys directive for configuring the SSH host key algorithms. - Issue 1437 - Implement the "curve448-sha512" SSH key exchange algorithm. - Issue 1472 - Include directive broken when using wildcards for directory components. - Bug 4485 - mod_sftp fails to build using OpenSSL 1.0.x: undefined reference to `EVP_MD_CTX_reset'. - Issue 1476 - Reload after omitting explicit ModulePath value causes fatal module load failures. 1.3.8rc3 - Released 23-Apr-2022 -------------------------------- - Issue 1323 - Support SSH hostkey rotation via OpenSSH extensions. - Issue 1325 - NLST does not behave consistently for relative paths. - Bug 3759 - Support AES Galois Counter Mode (AES-GCM) in SSH. Support for the "aes128-gcm@openssh.com" and "aes256-gcm@openssh.com" ciphers has been added to mod_sftp. - Issue 1333 - Implement an LDAPConnectTimeout directive, to configure the timeout used when connecting to LDAP servers. - Issue 1330 - Implement OpenSSH "Encrypt-Then-MAC" (ETM) algorithm extensions. - Issue 1346 - Implement AllowForeignAddress class matching for passive data transfers. - Issue 1353 - Implement support for PCRE2. - Bug 4466 - ProFTPD won't start with several locales. - Issue 1367 - Auth sources providing space-bearing user/group names cause compliance issues with MLSD/MLST responses. - Bug 4467 - DeleteAbortedStores removes successfully transferred files unexpectedly. - Issue 1383 - Omit EPRT/EPSV from FEAT response when denied by <Limit> configuration. - Issue 1379 - Support uploading to symlinked files. - Issue 1401 - Keepalive socket options should be set using IPPROTO_TCP, not SOL_SOCKET. - Issue 1402 - TCP keepalive SocketOptions should apply to control as well as data connection. - Issue 1396 - ProFTPD always uses the same PassivePorts port for first transfer. - Issue 1410 - mod_sftp needs to handle unknown SSH messages in an RFC-compliant manner, ignoring rather than disconnecting. - Issue 1418 - Improve handling of some globally applied configuration directives. - Issue 1369 - Name-based virtual hosts not working as expected after upgrade from 1.3.7a to 1.3.7b. 1.3.8rc2 - Released 29-Aug-2021 -------------------------------- - Bug 4401 - mod_sftp crashes when handling aes256-ctr OpenSSH-specific key with some old OpenSSL versions. - Issue 1273 - Improve mod_tls log messages for unsupported older TLS protocol requests. - Issue 1284 - Fix memory disclosure to RADIUS servers by mod_radius. - Issue 1282 - Properly handle <VirtualHost> sections that use interface/device names. - Bug 4315 - mod_ifsession fails to reset directory config lookup after <Directory> section merges. - Issue 1296 - Support <Limit> configurations for HELP command. - Issue 1300 - PCRE expressions with capture groups are not being handled properly. - Issue 1307 - AuthUserFile permissions check fails during SIGHUP, causing ProFTPD to stop. - Issue 1286 - Add support for the libidn2 library, over libidn, for e.g. mod_rewrite mappings. - Bug 4443 - Changed the default behavior of mod_tls, such that TLS renegotiations on control/data connections are not requested by default. TLS renegotiations have a long and sordid history; many SSL/TLS libraries no longer implement them, or disable them by default. - Issue 1319 - mod_auth_otp should honor RequireTableEntry semantics for SFTP logins. 1.3.8rc1 - Released 13-Jun-2021 -------------------------------- - Issue 1063 - FTPS data transfers using TLSv1.3 might segfault when session tickets cannot be decrypted. - Issue 1070 - Implement support for Redis 6.x AUTH semantics. - Issue 1068 - Define an OpenSSL API version compatibility macro, currently set to OpenSSL 1.0.0 and later. - Bug 4405 - Memory use-after-free in mod_sftp causes unexpected login/authentication issues. - Bug 4402 - Inappropriate handling of aborted FTP data transfers causes issues for some FTP clients. - Issue 1084 - Implement support for configuring TLSv1.3 ciphersuites. - Issue 1086 - Update TLSRenegotiate to work properly for TLSv1.3 sessions. - Issue 1079 - prxs fails to detect module-specific configure/Makefile, leading to unexpected module load errors. - Issue 1074 - TLS SNI connections to name-based VirtualHosts with TLSCertificateChainFile fail unexpectedly. - Issue 1089 - Deprecate the MultilineRFC2228 directive. - Issue 1067 - Generate new DH parameters for mod_tls, mod_sftp for 1.3.8. - Issue 1101 - Update TLS minimum supported DH parameter size to 2048. - Issue 811 - Support adding custom key/values to RedisLogOnCommand. - Issue 1106 - TLS SNI can cause mod_quotatab to crash due to null pointer dereferences. - Issue 1076 - TLS client-initiated renegotiations are supported unexpectedly. - Issue 1105 - Improper handling of multiple IP addresses, ServerAliases in <VirtualHost> sections. - Issue 1048 - Support using weak TLS certificates via the new AllowWeakSecurity TLSOption. - Issue 1149 - mod_quotatab_sql failing due to SQL syntax errors. This is a regression caused by Issue #392. - Issue 1061 - Freeing uninitialized memory causes SFTP issues with ed25519 keys. - Issue 1111 - "Corrupted MAC on input" errors using SFTP umac-64@openssh.com digest. - Issue 1171 - PassivePort randomization is broken due to SO_REUSEPORT option. - Issue 1072 - Support configurable certificate settings in Redis SSL/TLS connections. - Issue 369 - Provide function for obtaining memory pool information as e.g. JSON. - Issue 1134 - AuthUserFile-based logins, directory listings are very slow due to unbuffered reads. - Issue 1193 - Improper checking for reused TLS session for data transfers using OpenSSL 1.1.1. - Issue 1168 - Improve error handling of OpenSSH host keys converted to PEM format. - Issue 1179 - TLSRSACertificateKeyFile sanity checks fail unexpectedly for passphrase-protected keys. - Issue 1174 - ftptop segfaults when using libncursesw on Gentoo. - Issue 1204 - Once TLSTimeoutHandshake is reached, internal "timed out" flag never reset. - Issue 1133 - Support include files in mod_wrap2 allow/deny tables. - Issue 1200 - Disconnect SFTP clients that request unsupportable protocol versions. - Issue 1207 - On Gentoo, "./configure --disable-ncurses" fails to link ftptop, due to "undefined reference to symbol 'stdscr'" error. - Issue 1212 - mod_sql_mysql needs to quote table names due to reserved MySQL keywords. - Issue 1175 - Unable to set per-user TLSOptions using mod_ifsession. - Issue 754 - Some mod_snmp counters were not being incremented properly. - Issue 548 - `make install` target should install only, not recompile any code. - Bug 4428 - <VirtualHost> name resolution does not include all associated IPv6 records. - Issue 1230 - Stack overflow due to unlimited recursion possible when parsing JSON text. - Issue 1232 - Unable to use %{env:FTPS} in a SQLNamedQuery. The fix is to now use %{note:FTPS} instead. - Issue 1170 - Implement support for user/host combination bans in mod_ban. - Issue 1246 - mod_sftp_sql crashes (sigsegv) on NULL key. - Issue 1237 - ftpasswd should default to SHA256, not MD5. - Issue 490 - Support syntax checks on AuthUserFiles, AuthGroupFiles on startup.
proftpd: Update to 1.3.7f, and fix msgfmt. 1.3.7f ------- 1.3.7e ------- + Ensure that mod_sftp algorithms work properly when OpenSSL 3.x is used. 1.3.7d ------- + Improved consistency/support for name-based virtual hosts. + Fixed crashes due to very long lines in AuthGroupFiles (Issue #1321).
proftpd: Apply CHECK_RELRO_SKIP when building modules to fix their build.
Update proftpd to 1.3.7c 1.3.7c + Fix memory disclosure to RADIUS servers by mod_radius (Issue #1284). + PCRE expressions with capture groups were not being handled properly (Issue #1300). 1.3.7b + Fixed occasional segfaults with FTPS data transfers using TLSv1.3, when session tickets cannot be decrypted (Issue #1063). + Passive transfers fail unexpectedly due to use of SO_REUSEPORT socket option (Issue #1171). + Implemented support for Redis 6.x AUTH semantics (Issue #1070). + Fixed memory use-after-free issue in mod_sftp which can cause unexpected login/authentication issues. + Fixed SQL syntax regression for some generated SQL statements (Issue #1149). + Fixed "Corrupted MAC on inptut" errors when SFTP uses the umac-64@openssh.com digest (Issue #1111). 1.3.7a + Fix build-time regression when using the --localstatedir configure option. 1.3.7 + Support the SOURCE_DATE_EPOCH environment variable, for reproducible builds (Issue #1038). 1.3.7rc4 + Implemented support for configuring certificate options for LDAP connections using SSL/TLS. + Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959). + Fixed handling of IPv6 addresses in From directives (Issue #682). + Added -b and -n command-line options to ftptop. + Ignore supplemental groups when run as non-root user (Issue #808). + Use re-entrant versions of time functions where available (Issue #983). + New Configuration Directives BanOptions The BanOptions directive is used to tune mod_ban behavior, such as creating ban entries that match/apply to all <VirtualHost> sections. See doc/contrib/mod_ban.html#BanOptions for more details. LDAPUseSASL The LDAPUseSASL directive configures a list of SASL authentication mechanisms to use, when using the LDAPBindDN to bind to the LDAP server. See doc/contrib/mod_ldap.html#LDAPUseSASL for details. LogOptions The LogOptions directive is used to modify the default logging format for ProFTPD syslog, debug, and module logging. See doc/modules/mod_log.html#LogOptions for more information. SQLKeepAlive The SQLKeepAlive directive configures a periodic "keepalive" query for ensuring the connection between mod_sql and the backend database server. See doc/contrib/mod_sql.html#SQLKeepAlive for more information. + Changed Configuration Directives LDAPServer The LDAPServer directive now supports configuring the trusted CA file, client certificate and key files, SSL ciphers, and verification policies for LDAP connections. See doc/contrib/mod_ldap.html#LDAPServer for more details. TraceOptions The TraceOptions directive now supports a "Timestamp" option, for disabling inclusion of timestamps in Trace logs. + Developer notes When MaxLoginAttempts is reach, the POST_CMD_ERR/LOG_CMD_ERR command handler phases will now run. This allows interested modules, such as mod_exec and others, to react to these events (Issue #718). 1.3.7rc3 + Fixed regression in directory listing latency (Issue #863). + Fixed use-after-free vulnerability during data transfers (Issue #903). + Addressed out-of-bounds read in mod_cap by removing bundled libcap, and relying solely on the system-provided libcap (Issue #902). Note that building ProFTPD from source will *not* automatically include the mod_cap module, unless the libcap library is available. + mod_sftp now supports OpenSSH-specific private host keys (Issue #793). Newer versions of OpenSSH ssh-keygen(1) automatically generate private keys formatted with this OpenSSH-specific format. + mod_sftp now supports Ed25519 keys (Bug #4221). + mod_sftp now supports RSA SHA-2 publickey signatures, per RFC 8332 (Issue #907). + mod_tls now honors client-provided SNI as part of the TLS handshake, for implementing name-based virtual hosts via TLS SNI. + Changed Configuration Directives LogFormat %{transfer-port} The LogFormat directive supports a %{transfer-port} variable for logging the selected data transfer port. SFTPOptions NoExtensionNegotiation The mod_sftp module now supports SSH extension negotations (RFC 8332). If there any issues with this support, it can be disabled using: SFTPOptions NoExtensionNegotiation SQLAuthTypes bcrypt The mod_sql_passwd module now supports bcrypt-encrypted passwords. This can be enabled using: SQLAuthTypes bcrypt in your mod_sql configuration. See doc/contrib/mod_sql_password.html for more information. TLSOption IgnoreSNI The TLSOption directive now supports an "IgnoreSNI" setting, to tell mod_tls to ignore/not use any SNI, provided by the client in the TLS handshake, for determining any name-based virtual hosts. See doc/contrib/mod_tls.html#TLSOption for more details. + Added API FSIO pread(2), pwrite(2) (Issue#317) 1.3.7rc2 + Fixed pre-authentication remote denial-of-service issue (Issue #846, CVE-2019-18217). 1.3.7rc1 + RootRevoke is now on by default, meaning that once authentication succeeds, all root privileges are dropped by default, unless the UserOwner directive (which requires root privileges) is used (Bug#4241). + The mod_ident module is no longer automatically built by default. To include the mod_ident module in the build, it must be explicitly requested via --enable-ident or --with-shared=mod_ident. This means that configuration files using the IdentLookups directive will now want to using an enclosing <IfModule> section, like so: <IfModule mod_ident.c> IdentLookups off </IfModule> + The mod_tls module now performs basic sanity checks of configured TLS files on startup (Issue#491). + The mod_deflate module now supports MODE Z data transfers when TLS is used (Issue#505). + The mod_xfer module now supports the RANG FTP command; see https://tools.ietf.org/html/draft-bryan-ftp-range-08 (Issue#351). + The ftpasswd script now supports a --change-home option, for changing the home directory of a user in an AuthUserFile (Issue#566). + The ftpasswd script supports deleting a user from a group (Issue#620). + Refactored the LogFormat handling code so that it is not longer duplicated by mod_log, mod_sql, etc. The new Jot API is the common API to be used by modules for LogFormat variables and logging. + Generated new DH parameters for mod_sftp, mod_tls. + New Configuration Directives AuthFileOptions The mod_auth_file module supports a configuration directive for disabling its requirement for secure permissions on configured AuthUserFile/AuthGroupFile. See doc/modules/mod_auth_file.html#AuthFileOptions for information. RedisLogOnEvent The mod_redis module can be configured to log JSON messages based on specified events (Issue#392). See the doc/modules/mod_redis.html#RedisLogOnEvent documentation for details. RedisOptions The mod_redis module now implements a RedisOptions directive, for tuning some of the module behavior (Issue#477). The doc/modules/mod_redis.html#RedisOptions documentation has more details. RedisSentinel The mod_redis module now supports use of Redis Sentinels (Issue#396); see doc/modules/mod_redis.html#RedisSentinel. + Changed Configuration Directives AllowForeignAddress class-name The AllowForeignAddress directive supports a Class name, for finer-grained control over which clients are allowed to use foreign/mismatching IP addresses for transfers. See doc/modules/mod_core.html#AllowForeignAddress for more information. ExecEnviron %b The ExecEnviron directive has been fixed to properly resolve the %b LogFormat variable (Issue#515). RedisServer db-index (Issue#550) The mod_redis module can now be configured to select a database index via the RedisServer directive (Issue#550). See the doc/modules/mod_redis.html#RedisServer documentation for details. RewriteMap idnatrans The mod_rewrite module can now support rewriting `idn` to `idna` formats (Issue#231). See the doc/modules/mod_rewrite#RewriteMap for details on how to do so. RootRevoke on The RootRevoke directive is now enabled by default (Bug#4241). This makes for more secure configurations/sessions out-of-the-box. See doc/modules/mod_auth.html#RootRevoke for more information. SFTPCiphers, SFTPDigests Some weak algorithms are now disabled by default in mod_sftp (Bug#4279). These algorithms, if need be, can be explicitly enabled by configuration; they are just not enabled automatically. For list of the algorithms affected, see doc/contrib/mod_sftp.html#SFTPCiphers, doc/contrib/mod_sftp.html#SFTPDigests. SFTPOptions IncludeSFTPTimes The SFTOptions directive of mod_sftp now supports an option for explicitly including the timestamps of files when SFTP protocol 4 and higher are used, even if the SFTP client did not request these timestamps. This works around a bug in the popular Rebex SFTP library; see doc/contrib/mod_sftp.html#SFTPOptions for details. TLSProtocol TLSv1.3 The mod_tls module, and its TLSProtocol directive, now support TLSv1.3 (Issue#536). See doc/contrib/mod_tls.html#TLSProtocol for more information. TLSServerCipherPreference The TLSServerCipherPreference directive is now enabled by default. See doc/contrib/mod_tls.html#TLSServerCipherPrefrence. TLSStaplingOptions NoFakeTryLater Some TLS clients have trouble with the "fake" OCSP response that mod_tls might stable, when the client requested stapled OCSP responses and mod_tls is unable to contact the OCSP responder. Use this option to disable such fake responses (Issue#518): TLSStaplingOptions NoFakeTryLater See doc/contrib/mod_tls.html#TLSStaplingOptions for details. + Removed Configuration Directives The following directives have been removed: GroupPassword LoginPasswordPrompt TransferPriority
net/proftpd: skip check for unknown configure options
Upgrade to 1.3.6c: 1.3.6c --------- + Fixed regression in directory listing latency (Issue #863). + Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for converting them to supported format. + Fixed use-after-free vulnerability during data transfers (Issue #903). + Fixed out-of-bounds read in mod_cap by updating the bundled libcap (Issue #902). 1.3.6b --------- + Fixed pre-authentication remote denial-of-service issue (Issue #846). + Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824). 1.3.6a --------- + Fixed symlink navigation (Bug#4332). + Fixed building of mod_sftp using OpenSSL 1.1.x releases (Issue#674). + Fixed SITE COPY honoring of <Limit> restrictions (Bug#4372). + Fixed segfault on login when using mod_sftp + mod_sftp_pam (Issue#656). + Fixed restarts when using mod_facl as a static module.
Fix compilation on platforms that need sys/loadavg.h for loadavg Make mod_load look for sys/loadavg.h using configure and include it if found.
proftpd: add a configure check for blacklist, instead of assuming it always exists. helps non-netbsd/non-freebsd.
- update to 1.3.6 - add blacklistd support.
Update MAINTAINER
proftpd: Skip SSP checks on archive libraries.
Pullup ticket #5244 - requested by kim net/proftpd-postgresql: security update net/proftpd-sqlite; security update net/proftpd: security update Revisions pulled up: - net/proftpd-postgresql/Makefile 1.3 - net/proftpd-sqlite/Makefile 1.6 - net/proftpd/Makefile 1.85 - net/proftpd/Makefile.common 1.5 - net/proftpd/distinfo 1.46 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: kim Date: Wed Apr 5 17:36:00 UTC 2017 Modified Files: pkgsrc/net/proftpd: Makefile Makefile.common distinfo pkgsrc/net/proftpd-postgresql: Makefile pkgsrc/net/proftpd-sqlite: Makefile Log Message: Update net/proftpd (and modules) to 1.3.5d with a fix for CVE-2017-7418 1.3.5d - Released 15-Jan-2017 -------------------------------- - Bug 4283 - All FTP logins treated as anonymous logins again. This is a regression of Bug#3307. 1.3.5c - Released 14-Jan-2017 -------------------------------- - Bug 4254 - SSH rekey during authentication can cause issues with clients. - Bug 4257 - Recursive SCP uploads of multiple directories not handled properly. - Bug 4259 - LIST returns different results for file, depending on path syntax. - Bug 4255 - "AuthAliasOnly on" in server config breaks anonymous logins. - Bug 4272 - CapabilitiesEngine directive not honored for <IfUser>/<IfGroup> sections. - Bug 4275 - Support OpenSSL 1.1.x API. - Bug 4278 - Memory leak when mod_facl is used. To generate a diff of this commit: cvs rdiff -u -r1.84 -r1.85 pkgsrc/net/proftpd/Makefile cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/proftpd/Makefile.common cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/proftpd/distinfo cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/proftpd-postgresql/Makefile cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/proftpd-sqlite/Makefile
Update net/proftpd (and modules) to 1.3.5d with a fix for CVE-2017-7418 1.3.5d - Released 15-Jan-2017 -------------------------------- - Bug 4283 - All FTP logins treated as anonymous logins again. This is a regression of Bug#3307. 1.3.5c - Released 14-Jan-2017 -------------------------------- - Bug 4254 - SSH rekey during authentication can cause issues with clients. - Bug 4257 - Recursive SCP uploads of multiple directories not handled properly. - Bug 4259 - LIST returns different results for file, depending on path syntax. - Bug 4255 - "AuthAliasOnly on" in server config breaks anonymous logins. - Bug 4272 - CapabilitiesEngine directive not honored for <IfUser>/<IfGroup> sections. - Bug 4275 - Support OpenSSL 1.1.x API. - Bug 4278 - Memory leak when mod_facl is used.
Convert all occurrences (353 by my count) of MASTER_SITES= site1 \ site2 style continuation lines to be simple repeated MASTER_SITES+= site1 MASTER_SITES+= site2 lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint accordingly.
Update net/proftpd (and modules) to 1.3.5b 1.3.5b - Released 10-Mar-2016 -------------------------------- - Bug 4187 - mod_geoip does not load all of the GeoIPTables properly. - Bug 4191 - "Incorrect string value" reported by mod_sql_mysql for some UTF8 characters. - Bug 4097 - SSH rekey fails when using RSA hostkey smaller than 2048 bits. - Bug 4198 - MLSD/MLST fact type "cdir" is incorrectly used for the current working directory. - Bug 4201 - HiddenStores temporary files not removed when exceeding quota using SCP. - Bug 4202 - MLSD lines not properly terminated with CRLF. - Bug 4209 - Zero-length memory allocation possible, with undefined results. - Bug 4210 - Avoid unbounded SFTP extended attribute key/values. - Bug 4212 - Ensure that FTP data transfer commands fail appropriately when "RootRevoke on" is in effect. - Bug 4217 - Handle FTP re-authentication attempts better. - Bug 4223 - Permissions on files uploaded via STOU do not honor configured Umask. - Bug 4227 - Support SFTP clients that send multiple INIT requests. - Bug 4230 - TLSDHParamFile directive appears ignored because unexpected DH is chosen.
Needs zlib. Fixes build at least on SunOS.
Package ProFTPD using DSO (Dynamic Shared Objects) support. This is preferable for binary package use as it allowes the user to choose which features to enable by changeing the configuration file instead of recompiling. This is also how ProFTPD is usually packaged in other systems. For details about ProFTPD and DSO see: http://www.proftpd.org/docs/howto/DSO.html This change removes the following PKG_OPTIONS.proftpd: ban, ldap, mysql, pgsql, proftpd-readme, quota, tls and wrap The modules that were previously compiled when enabling ban, proftpd-readme, quota or tls are now always included. To load them use a configuration directive like: LoadModule mod_ban.c In addition the proftpd package includes by default many other modules that were previously unavailble like: mod_load, mod_radius, mod_sftp and more. The module that was provided by the wrap option is replaced by the wrap2 module which is also always included. The ldap option is superseded by the proftpd-ldap package. The mysql option is superseded by the proftpd-mysql package. The pgsql option is superseded by the proftpd-postgresql package. Using proftpd-postgresql will create one binary package for each PostgreSQL version in pkgsrc. In addition the following added packages provide new functionality: - proftpd-geoip (access GeoIP details) - proftpd-memcached (mod_memcache and mod_tls_memcache) - proftpd-odbc (access any ODBC database) - proftpd-sqlite (access to sqlite3)