--- - branch: MAIN date: Mon Nov 8 17:10:56 UTC 2010 files: - new: '1.32' old: '1.31' path: pkgsrc/net/vsftpd/Makefile pathrev: pkgsrc/net/vsftpd/Makefile@1.32 type: modified - new: '1.12' old: '1.11' path: pkgsrc/net/vsftpd/distinfo pathrev: pkgsrc/net/vsftpd/distinfo@1.12 type: modified - new: '1.5' old: '1.4' path: pkgsrc/net/vsftpd/patches/patch-aa pathrev: pkgsrc/net/vsftpd/patches/patch-aa@1.5 type: modified - new: '1.5' old: '1.4' path: pkgsrc/net/vsftpd/patches/patch-ad pathrev: pkgsrc/net/vsftpd/patches/patch-ad@1.5 type: modified - new: '1.5' old: '1.4' path: pkgsrc/net/vsftpd/patches/patch-ae pathrev: pkgsrc/net/vsftpd/patches/patch-ae@1.5 type: modified - new: '1.2' old: '1.1' path: pkgsrc/net/vsftpd/patches/patch-ab pathrev: pkgsrc/net/vsftpd/patches/patch-ab@1.2 type: modified - new: '1.4' old: '1.3' path: pkgsrc/net/vsftpd/patches/patch-ac pathrev: pkgsrc/net/vsftpd/patches/patch-ac@1.4 type: modified - new: '1.6' old: '1.5' path: pkgsrc/net/vsftpd/patches/patch-af pathrev: pkgsrc/net/vsftpd/patches/patch-af@1.6 type: modified id: 20101108T171056Z.90c76520a944302662029eb4594985ffcd127689 log: | Updated net/vsftpd to 2.3.2 Changes since 2.0.7 - Remove .postlogin.c.swp (thanks Kaibin Li )! - findlibs repairs for libcap; builds on my Ubuntu 6.06 again. - Apply patch to fix "error: assignment of read-only member '__in'" build error on broken systems where the WIFEXITED() etc. macros write to their argument. Thanks Ingo Terpelle . - Replace spaces in xferlog with underscores, report from Michael Wittauer . - Reload default config values before re-parsing config file on SIGHUP. This makes the values correct in the case a setting was removed from the file. - Do not issue an FTP response for a blank line on the control channel. Fixes issues with some broken NAT devices. ProFTPd does the same, so hopefully nothing will break. Report from Frank Bulk . - Replace usage of broken _syscall() with syscall(). Fixes build errors for those without libcap-devel installed. - Add implicit SSL support with implicit_ssl option. - Remove arbitrary restriction on one process model + SSL. - Set a session ID on the SSL context. - Add the skeleton of a built-in ptrace sandbox. Not yet useful for anything other than catching compile errors. Yes, I'm crazy :P - Use PR_SET_PDEATHSIG all over the place so that when the listener is killed, existing sessions are booted too. - Use SSL_peek; makes SSL pipelining work. Note that I never found any SSL client that need it, but still a nice code clean-up. - Change ASCII download behaviour so \r\n does not become \r\r\n. This mirrors proftpd behaviour instead of wu-ftpd. Thanks Paul Abel . - Switch all sighandlers to the synchronous ones. Prevents us having to block and unblock signals all the time. - Add a "use alarm" option to synchronous signal handlers, to ensure the race condition against a blocking call does not result in a permanent non-delivery. - Use SIGTERM for privileged parent process shutdown, so they can still update u/wtmp properly. - Do RAND_load_file from /dev/urandom in the child context because I don't trust the OpenSSL API vs. fork(). Different children do have different RNG state; this is defense in depth. - More thoroughly close the remote ends of the priv_sock, ensuring that child death results in no blocking in the parent. This is a matter of tidyness; the SIGCHLD handler will reliably tear down the parent. - Do the same for the SSL slave / consumer channels. - Fix OpenBSD build. - Move SSL data handling into the SSL slave process. Incurs some extra overhead in terms of context switches and copies, but it enables this next item: - By default, require SSL data connections to exhibit SSL session re-use of the control channel. Unlike the cert thing, this _is_ something we can turn on by default as most clients seem to do reuse. Yay. - Change 522 response for SSL connection fail to note when session reuse is required. (v2.1.0pre1 here) - More work on the inbuilt ptrace()-sandbox support. - Clear the idle alarm when starting data transfer if there is no data alarm. - Fix syslog format; don't embed 2nd copy of date, pid. Thanks to Ren - Lock file before truncating it for upload. Fixes various simultaneous upload corruption issues. - Make sure to give 426 error code on uploads if ABOR was received. - Add cmds_denied option to complement cmds_allowed. - Ignore lines in config file containing only white space. - Require write_enable / anon_upload_enable / etc. to process STOU. - FC10 patch (vsftpd-1.0.1-missingok.patch): tweak to logrotate file. - FC10 patch (vsftpd-1.2.1-nonrootconf.patch): bail if the config file is not owned by the currently running user. - FC10 patch (vsftpd-2.0.1-tcp_wrappers.patch): explicitly call openlog() to avoid syslog() bug where some settings are not initialized. - FC10 patch (vsftpd-2.0.3-daemonize_fds.patch): when backgrounding, replace fd 0,1,2 with /dev/null fd. - FC10 patch (vsftpd-2.0.5-correct_comments.patch): comment tweaks in the sample config file. - FC10 patch (vsftpd-2.0.5-fix_unique.patch): use the default filename given by STOU if it is available. - FC10 patch (vsftpd-2.0.5-pam_end.patch): call pam_end() properly so modules can act on errors if they want. - FC10 patch (vsftpd-2.0.5-pasv_dot.patch): Strict RFC compliance for PASV command; add a trailing period. - FC10 patch (vsftpd-2.0.5-uname_size.patch): allow longer usernames. It's not 1990 any more, so trust PAM etc. to not stack-buffer-overflow. - FC10 patch (vsftpd-2.0.5-underscore_uname.patch): permit username to start with underscore or period. - FC10 patch (vsftpd-2.0.6-listen.patch): default listen to YES. - Fix crash on SIGHUP introduced in 2.1.0pre1. Oops. - FC10 patch (vsftpd-2.0.5-bind_denied.patch): retry PASV bind() on EACCES too, which can happen on SELinux systems. - Default resource limit for child processes: 100MB address space. - Finishing touches to the initial sandbox policy; only permit connect() to the host on the control channel being the nicest touch. (v2.1.0pre2 here) - Fix 64-bit build (oops)! Thanks Martin Nagy . - Fix config of SSL built in; not enabled; two process model. Report from Martin. - Shutdown the command connection in the priv parent's SIGTERM handler; kills of children where the PR_SET_PDEATHSIG cannot due to different user ids. (v2.1.0pre3 here) - Fix build on FC10. - Some FAQ tweaks. - Permit fcntl(F_GETFD) in sandbox policy. Needed for FC10. Not sure where it comes from but it is harmless. (My guess would be glibc-2.9's new support for using O_CLOEXEC more). - Fix build warning on 64-bit. - Fix build on OpenBSD again. (v2.1.0pre4 here) - Bring userlist_deny handling inside the max_login_fail accounting. At this point: v2.1.0 released! =============================== - Apply Tavis' RLIMIT_NOFILE trick in the twoprocess model's initial unprivileged child. - Fix build error due to __NR_utimes. - Ugh. Can't use RLIMIT_NOFILE in the SSL case because the process later receives data transfer fd's via recvmsg(). It's a total shame because doing the SSL handshake under even lower privs would be a real boost. (v2.1.1pre1 here) - Fix some declarations occuring in the middle of a block; broke older more strict compilers. - Handle the case where libcap is now libcap.so.2; fixes build on my new Ubuntu 9.04. - Enhance 522 error message to point to require_ssl_reuse option. - Fix NASTY regression whereby data transfer timeouts would fire incorrectly under SSL transfers. In addition, the transfer rate caps were not working under SSL transfers. Reported by several people. - Use the login delay machinery for userlist-based denials too. Thanks to Tomas Hoger for the patch. - Fix another tedious regression whereby absent per-user config files were causing a session fail rather than being gracefully ignored. - Use the somewhat new CLONE_NEWPID / CLONE_NEWIPC to provide more isolation in the vsftpd low-priv processes (CLONE_NEWNET pending). - Use RLIMIT_NPROC to disallow fork()ing etc. in processes that do not need to create new ones. - Add "isolate" config flag to disable the new weird clone() flags if necessary. At this point: v2.1.1 released! =============================== - Fix compile error in sysdeputil.c on some Linux systems. At this point: v2.1.2 released! =============================== - Fix compile on systems with no RLIMIT_NPROC, oops. - Change some unsigned int to socklen_t's to avoid warnings on various platforms, e.g. AIX. - Add some syscall constants to ptracesandbox.c to fix the build on systems with 2.4 kernel headers. - Look for libs in /lib64 and /usr/lib64 too (Fixes Fedora 11 x86_64 compile). - Fix EACCES mapping, thanks Solar Designer . - Dont emit a bogus "OOPS: " message upon a QUIT, report from Solar Designer . - Tweak example vsftpd.conf to add commented out chroot_local_user=YES, from Ivan I. Grushin . - Where available, use CLONE_NEWNET to isolate the untrusted processes so that they can't do arbitrary connect() and instead have to ask the privileged process for sockets. Moderate code disturbance - hope for no breakage :-/ - Disable implicit activation of one_process_model so that an anonymous setup can benefit from the no-network isolation of the unprivileged process (where available). (vsftpd-2.2.0pre1) - Call pam_get_item(PAM_USER) after authentication in case a PAM module remapped the username. Based on a patch from John McNair . - Apply a couple of IPv6 fixes from Corinna Schultz , particularly when MS operating systems are talking on link local addresses. - Handle the error case for accepting a PASV connection in the two process model properly. - Pull in a couple of minor tidyup patches from Openwall. - Add "-o" command line option to specify option, e.g. vsftpd -olisten=NO. Also respect ordering with respect config files, e.g. vsftpd -olisten=NO /etc/vsftpd.conf -olocal_enable=NO Inspiration from Solar / Openwall. (vsftpd-2.2.0pre2) - Revert listen to be "NO" by default and also set max_per_ip / max_clients to 2000 / 50 as a default. Thanks to Solar. - Sanity check for admin: check config files are regular files. - Error out if opening the per-user config file gives an error other than ENOENT. Thanks Solar (who is on fire today ;-) (vsftpd-2.2.0pre3) - Apply some typo fixes from Solar. - Error out on read() errors when reading config files. (vsftpd-2.2.0pre4) - Add tunable_isolate_network to parseconf.c, thanks Stefan Pfetzing . - Don't try and use CLONE_NEWPID etc. if we get EPERM -- may happen even to root if using linux-vserver. Also thanks to Stefan Pfetzing . - Couple of typo tweaks from Cristi Terpea . - Change // style comments to /* style. - Fix pointer aliasing issue in new PAM_USER item support, thanks to Solar. At this point: v2.2.0 released! =============================== - Apply patch to set SSL context timeout to maximum, from Tim Kosse . Should prevent data connection failures after a long transfer or idle period. - Apply async-safety signal tweaks from Solar. - Fix crash regression with the pasv_address option enabled. - Typo fix and look for libnsl in /lib64, from Robby Workman . - When asking the client to send us a cert, make sure we broadcast some suitable certificates. Fixes compatibility with the z/OS FTP client when tunable_ssl_request_cert=YES. - Rip out the silly "cached time" concept. Simplifies things and fixes incorrect transfer time bug reported by Rajeev V. Pillai. Explicitly pass around the cached current time in seconds in the one place that needs to avoid repeated gettimeofday() calls (directory listing). - Do the login fail delay in the parent process for cases where we checked a username / password. At this point: v2.2.1 released! =============================== - Change "File receive OK." to "Transfer complete." to placate some broken clients. Thanks Holger Kiehl . - Fix erroneous "child died" upon FTP client connect, when under load. Awesome thanks to Holger Kiehl for running diagnostic tests on his live server. - Boot the session if an overly long line is encountered. (vsftpd-2.2.2pre1) At this point: v2.2.2 released! =============================== - Add extremely simply HTTP support. It's very experimental, ignorant of HTTP protocol and headers, and likely has all sorts of other issues. The use case it might satisfy is if you need to serve simple static unathenticated content with large levels of paranoia. - Fix port_promiscuous breakage. Report from Soeren . (v2.3.0pre1) - Minor FAQ update. - Use a larger address space limit if using text_userdb_names=YES - Always use CLONE_NEWNET if possible when in HTTP mode. - Change REST + STOR so that it's possible to overwrite part of file without truncating it. (v2.3.0pre2) - Boot the session if we see a USER where encryption was required. May prevent the transmission of plaintext passwords by buggy clients. Idea from Marcin Hlybin . - Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n fixups. At this point: v2.3.0 released! =============================== - Fix silly regression re: log files being overwritten from the start. - Rename a few file-open functions to make it clearer what they do. At this point: v2.3.1 released! =============================== - Argh! Fix version number. At this point: v2.3.2 released! =============================== module: pkgsrc subject: 'CVS commit: pkgsrc/net/vsftpd' unixtime: '1289236256' user: abs