The NetBSD Project

CVS log for pkgsrc/net/pure-ftpd/PLIST

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / net / pure-ftpd

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.10 / (download) - annotate - [select for diffs], Wed Mar 11 11:47:19 2020 UTC (4 years ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, HEAD
Changes since 1.9: +11 -3 lines
Diff to previous 1.9 (colored)

pure-ftpd: Update to 1.0.49

* Version 1.0.49:
 - This version fixes a regression introduced in version 1.0.48 that broke
the external authentication feature. Reported by Peter Hudec, thanks!
 - Sockets from `pure-authd` and `pure-extauth` are now always owned by
`root` in order to cope with the absence of `CAP_DAC_OVERRIDE` on Linux.
Suggested by Arkadiusz Mikiewicz, thanks!

* Version 1.0.48:
 - SNI support has been added. A new service, `pure-certd`, can run
external code written in any language in order to map SNI names to TLS certificates.
 - External authentication handlers get a new
`AUTHD_CLIENT_SNI_NAME` environment variable set when the client uses SNI.
 - TLS certificates and keys can now be in different files.
 - `make install` does not overwrite existing configuration files any
more. The example files layout has changed.
 - TLS 1.3 is enabled when using OpenSSL 1.1.x.
 - TLS < 1.2 is disabled by default.
 - Quirks for obsolete OpenSSL versions have been removed.
 - Username _ftp can be used as an alternative to ftp everywhere.
 - Password hashing parameters are now chosen according to locally
available resources. The `pure-pw` command gets to new switches: `-C` (as
a hint regarding the number of simultaneous login attempts) and `-M`
(total memory, in MB, to reserve for password hashing).
 - New translation: Albanian, thanks to Moisi Xhaferaj.
 - The `PRET` command has been added. It can avoid opening useless data
connections for nonexistent content.
 - Dot-files are always displayed. We don't lie any more in some
commands while not lying in other commands to respect the protocol.
 - Support for RFC 2640 has been removed from the free version, as it
was early, experimental, slow, mostly broken and unmaintained code.
 - The `NLST` command doesn't perform globbing any more.
 - The `MLSD` command now prepends the path to file names.

* Version 1.0.47:
 - Unlike other directory listing commands, the STAT command should
use TLS on the control channel even if TLS has been disabled on the data
channel. It wasn't the case; this has been fixed. Thanks to Carlo
Cannas.
 - Return a 451 error code instead of 226 on aborted uploads.
 - The system user "_ftp" can be used as an alternative to "ftp" for
anonymous sessions.
 - Compatibility with libsodium > 1.0.12 was added (including minimal
mode).

* Version 1.0.46:
 - The server can now be linked against OpenSSL 1.1.x with the strict API.
 - Unmaintained contributions have been removed.
 - Globbing: the number of * in an expression has been limited to 3.

* Version 1.0.45:
 - TLS v1.0 sessions are now refused.
 - Version 1.0.44 didn't properly parse the TLSCipherSuite directive.
This has been fixed.

* Version 1.0.44:
 - The Perl and Python wrappers are gone. The daemon can now use a
configuration file without requiring external dependencies.
 - Pure-FTPd can now be linked against OpenSSL 1.1.x
 - The QUIT command didn't work properly when the server was compiled
without support for RFC2640. This has been fixed.
 - 3DES was removed from the default cipher suite.

* Version 1.0.43:
 - Passwords can now be hashed using Argon2.
 - The -J switch didn't work any more in 1.0.42. This has been fixed.
 - The default cipher suite was simplified.
 - Authentication against system accounts is compatible with OpenBSD 6.0.
 - Fixed: protocol conformance when TLS sessions are refused.
 - Altlog records can now be sent to `stdout`/`stderr`.

* Version 1.0.42:
 - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
compiled with libsodium.
 - The connection is now dropped if HTTP commands are received.
 - LDAP force_default_gid and force_default_uid now work as documented.
 - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
1.0.22 circa 2009, but disabled back then due to client compatibility
concerns) is now on by default, except in broken clients compatibility mode.

* Version 1.0.41:
 - libmariadb is looked for in addition to libmysqlclient
 - MySQL: my_make_scrambled_password() is not always an exported
symbol any more, so pure-ftpd now ships a reimplementation.
 - openssl/ec.h is not available on some Linux distributions that
disable EC in OpenSSL. This is being tested by autoconf.
 - New command-line switch: -2/--certfile= to set the path to the
certificate file when using TLS.

* Version 1.0.40:
 - Support for TCP_FASTOPEN added on Linux
 - The LDAP configuration file didn't allow a default gid without also
defining a default uid. This is no longer the case.
 - OpenBSD's glob() left the glob_t structure uninitialized if the
pattern was larger than PATH_MAX, causing globfree() to free() an
unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.

* Version 1.0.39:
 - Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5)
 - Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)

* Version 1.0.38:
 - The default cipher suite is now ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH
 - TLS forward secrecy support was added. DH parameters are loaded from
TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve
is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically
selected when using LibreSSL.
 - scrypt hashed passwords can be used in the MySQL, PostgreSQL and
LDAP backends.

* Version 1.0.37:
 - The -C: prefix can be added to the cipher suite in order to make valid
client certificates mandatory. This is no longer a compile-time option.
 - The Clear Command Channel (CCC) command is now supported.
 - pure-config.py is compatible with Python 3.
 - SSL (v2, v3) is refused by default.
 - The PureDB backend supports the scrypt function in order to hash
passwords. This is the preferred algorithm, but requires the presence
of libsodium.
 - DES-hashed passwords are not supported any more.
 - LDAP uid and gid values can over overridden in the LDAP configuration file.
 - New LDAPUseTLS directive for LDAP.
 - RC4 was killed.

* Version 1.0.36:
 - The safe_write()/safe_read() factorization broke extauth. Using
safe_read_partial() to read from the extauth pipe wasn't enough.
Bug reported by Rasmus Fauske.
 - Improved autoconf detection of -fstack-protector and -fPIE
 - If 10 digits are not enough to print the size of a file in an
ls-like output, bump the max number of digits to 18. This adds support for
files up to 1 exabyte.
 - Pure-FTPd can be compiled with Cygwin, ASLR/DEP is enabled by
default on Windows, and ASCII downloads on Windows have been fixed.
 - A new undocumented macro, ALLOW_EVERYTHING_IN_FILE_NAMES, allows
any characters in a file name. Disabled by default.
 - Don't display dot files (except . and ..) if dot_read_ok is 0 in
donlist() - but not in sglob() yet. This change is purely cosmetic. There are
many ways to figure out if a file exists.

Revision 1.9 / (download) - annotate - [select for diffs], Tue Mar 11 14:05:10 2014 UTC (10 years ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.8: +1 -3 lines
Diff to previous 1.8 (colored)

Remove example rc.d scripts from PLISTs.

These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.

Revision 1.8 / (download) - annotate - [select for diffs], Tue Feb 7 20:40:39 2012 UTC (12 years, 1 month ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)

Update pure-ftpd to version 1.0.35 and add script to start pure-uploadscript.

Changes since 1.0.30:

 - An old-standing bug has been fixed: when a file was renamed and overwrote an existing file, the quota wasn't properly updated.
 - SITE UTIME now supports the 2-arguments syntax in addition to the 5-arguments syntax.
 - Support for the MFMT command has been implemented.
 - A default directory can now be specified when using the LDAP backend.
 - Support SHA1 password hashing in MySQL and PostgreSQL backends
 - Support for braces expansion in directory listings has been disabled - Cf. CVE-2011-0418
 - The list of allowed ciphers for SSL/TLS connections can now be specified (--tlsciphersuite / -J).
 - Shell-like escaping is now partially handled when emulating the "ls" command in order to improve compatibility with legacy clients.
 - Linking issues with MySQL support on Fedora have been solved.

Revision 1.7 / (download) - annotate - [select for diffs], Sun Jun 14 18:09:39 2009 UTC (14 years, 9 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2
Changes since 1.6: +1 -2 lines
Diff to previous 1.6 (colored)

Remove @dirrm entries from PLISTs

Revision 1.6 / (download) - annotate - [select for diffs], Tue Jan 24 22:46:48 2006 UTC (18 years, 2 months ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1, pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3, pkgsrc-2006Q2-base, pkgsrc-2006Q2, pkgsrc-2006Q1-base, pkgsrc-2006Q1, cwrapper, cube-native-xorg-base, cube-native-xorg
Changes since 1.5: +4 -1 lines
Diff to previous 1.5 (colored)

Install the README files for the LDAP, MySQL and PgSQL options.
Bump PKGREVISION.  Ok for wiz.

Revision 1.5 / (download) - annotate - [select for diffs], Mon May 2 20:34:03 2005 UTC (18 years, 11 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base, pkgsrc-2005Q4, pkgsrc-2005Q3-base, pkgsrc-2005Q3, pkgsrc-2005Q2-base, pkgsrc-2005Q2
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)

RCD_SCRIPTS_EXAMPLEDIR is no longer customizable.
And always is defined as share/examples/rc.d
which was the default before.

This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.

This was discussed on tech-pkg in late January and late April.

Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.

Revision 1.4 / (download) - annotate - [select for diffs], Tue Jul 20 22:04:15 2004 UTC (19 years, 8 months ago) by recht
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base, pkgsrc-2005Q1, pkgsrc-2004Q4-base, pkgsrc-2004Q4, pkgsrc-2004Q3-base, pkgsrc-2004Q3
Changes since 1.3: +1 -1 lines
Diff to previous 1.3 (colored)

update to pure-ftpd-1.0.19
patch provided by Sergio Jimenez in PR pkg/26381

* Version 1.0.19:
 - A workaround for pure-ftpwho not working on OpenBSD has been added.
 - Real disk space is no more shown.
 - A possible denial of service when too many users were connected should be
fixed. Reported by Agri <agri@desnol.ru>, thanks!

Revision 1.3 / (download) - annotate - [select for diffs], Fri Apr 23 22:07:57 2004 UTC (19 years, 11 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base, pkgsrc-2004Q2
Changes since 1.2: +1 -2 lines
Diff to previous 1.2 (colored)

mk/bsd.pkg.install.mk now automatically registers
the RCD_SCRIPTS rc.d script(s) to the PLIST.

This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.

This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)

These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)

I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.

Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
  hard-coded etc/rc.d. These need to be fixed.
- maybe  remove from mk/${OPSYS}.pkg.dist mtree specifications too.

Revision 1.2 / (download) - annotate - [select for diffs], Sat Sep 20 16:56:40 2003 UTC (20 years, 6 months ago) by salo
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base, pkgsrc-2004Q1, pkgsrc-2003Q4-base, pkgsrc-2003Q4
Changes since 1.1: +8 -1 lines
Diff to previous 1.1 (colored)

Update to version 1.0.16a.

Based on PR pkg/22680 by Jon Olsson.

Changes:

- add new build-time options: PURE_FTPD_USE_TLS, PURE_FTPD_USE_VIRTUAL_CHROOT
- make the MySQL support actually work
- install more documentation

1.0.16a:
========
- Fix typo (sizeof_resolved instead of sizeof resolved) in src/bsd-realpath.c
  Not a vulnerability because it happens in the good way, but it sometimes
  used to break uploadscript.

1.0.16:
=======
- An obsolete comment in pure-ftpd.conf was fixed : RPMs don't parse
  /etc/sysconf/pure-ftpd any more.
- Recognize the '##' prefix as a shadowed password - make authentication work
  on Solaris with shadow/NIS.
- Add back some random sleep() between authentication failures in addition to
  the exponential sleep. Zzzzz... sleeping is good in summer...
- Upgrade to automake 1.7.5.
- The list of options in the pure-ftpd(8) man page was reordered -
  Thanks to our beloved Claudiu Costin.
- SSL/TLS support was added (bits in src/{ftpd.c,ftp_parser.c,tls.c,tls.h,
  configure.ac}, new doc: README.TLS, new globals: tls_ctx, tls_cnx). New
  related commands were introduced : AUTH, PBSZ and PROT.
- Uploaded files are now removed when realpath() fails and bsd_realpath() was
  modified to fall back to getcwd()/chdir() if we can't get a descriptor on
  the current directory because it is not readable. It fixes pure-uploadscript
  on some platforms like MacOS X.
- HAVE_BROKEN_REALPATH is gone. USE_BUILTIN_REALPATH is born.
- A typo in the Python configuration file wrapper was fixed : -t was used in
  place of -y.
- MacOS X Panther has a lousy getnameinfo() implementation that doesn't fill
  the buffer when no DNS entry is found for a host and a numerical result
  wasn't explicitely asked. As a result, Pure-FTPd didn't even start on Panther
  (saying "bad IP address") . We now check for EAI_NONAME if available and we
  retry with NI_NUMERICHOST if this is what getnameinfo() returns. Thanks to
  Yann Bizeul for his valuable help on this issue.
- Implement a working strdup() replacement in puredb for systems lacking it.
- Some MAXPATHLEN / MAXPATHLEN + 1 cleanups. Basically when paths are
  generated by our own functions, we use MAXPATHLEN for the complete
  zero-terminated string. When a buffer is passed to a libc function, we reserve
  a MAXPATHLEN + 1 buffer and give a MAXPATHLEN size, just to avoid bad
  surprises if an off-by-one ever occurs in a getcwd() like function.
- Don't use make_scrambled_password() in the MySQL backend because the API
  changed since MySQL 4.1.
- Removed fixed-size constant arrays in src/crypto.c because of MacOS X linker
  bugs (grrr...) .

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sat Jul 12 14:43:08 2003 UTC (20 years, 8 months ago) by salo
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Reimported net/pureftpd as net/pure-ftpd to make it more consistent.

Updated to version 1.0.15.
Addresses PR pkg/21941 by Jon Olsson.

Changes:

- buildlink2-ify
- added PostgreSQL support (PURE_FTPD_USE_PGSQL)
- fixed MySQL support (missing bsd.prefs.mk include)

1.0.15:
=======
- A turkish translation has been added. Thanks to Mehmet Cokcevik
  <dns@netline.com.tr> .
- Various functional and portability fixes have been made to the
  handling of upload scripts, to the pure-pw command and to the
  automatic creation of home directories.
- Accounts in a puredb database can now be quickly listed ("pure-pw
  list").
- The anonymous FTP directory can now be overriden on the Windows
  port (using a WIN32_ANON_DIR environment variable).
- The default banner has been stripped down to look more
  professionnal (ie. boring).
- Transfer speed on BSD systems has been improved.
- The license of the whole package has changed from GPL to a simplified
  BSD license.

Revision 1.1 / (download) - annotate - [select for diffs], Sat Jul 12 14:43:08 2003 UTC (20 years, 8 months ago) by salo
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>