Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) by narn.NetBSD.org (Postfix) with ESMTP id 201C063B884 for ; Mon, 22 Sep 2008 11:02:23 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 0) id C36BD63B103; Mon, 22 Sep 2008 11:02:22 +0000 (UTC) Received: from cvs.netbsd.org (unknown [IPv6:2001:4f8:4:7:2e0:81ff:fe25:eab4]) by mail.netbsd.org (Postfix) with ESMTP id 9692D63B101 for ; Mon, 22 Sep 2008 11:02:21 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 5DAD6175D0; Mon, 22 Sep 2008 11:02:21 +0000 (UTC) From: David Brownlee Subject: CVS commit: pkgsrc/net/vsftpd To: pkgsrc-changes@NetBSD.org Reply-To: abs@netbsd.org Message-Id: <20080922110221.5DAD6175D0@cvs.netbsd.org> Date: Mon, 22 Sep 2008 11:02:21 +0000 (UTC) Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes Precedence: list Module Name: pkgsrc Committed By: abs Date: Mon Sep 22 11:02:21 UTC 2008 Modified Files: pkgsrc/net/vsftpd: Makefile distinfo options.mk pkgsrc/net/vsftpd/patches: patch-ad patch-af Removed Files: pkgsrc/net/vsftpd/patches: patch-ag Log Message: Updated net/vsftpd to 2.0.7 - needed for recent FileZilla to with with SSL v2.0.5 - Apply fix for O_NONBLOCK vs. XFS DMAPI filesystem. Thanks to Sudha Srinivasan . - Fix build warnings exposed by my upgrade to Fedora Core 5 / GCC4.1.1. - Be more honest in FEAT response if PORT or PASV are disabled! Reported by Charles Honton . Allows MS Explorer to get the transfer mode correct. - pam_pwdb.so -> pam_unix.so in example PAM file. Thanks to Rhodes, Colin . - Add FAQ issue regarding "chroot fails with SSL" - in fact, sshd is being hit here instead ;-) - Minor man page doc tweaks. - Tiny bit of paranoia in privops.c. - Revert change to reject anonymous logins before asking for password. This fixes complaints about IE not showing the FTP login dialog. - Change SSL certificate load to cater for chaining too. - Added delay_failed_login and delay_successful_login to help limit resources taken by brute force attacks. - Kick session after a few login fails. Allows IP blocking solutions to be more immediately effective. - Replace setenv() with more portable putenv(). First part of Solaris fix. - Replace tm_gmtoff usage with timezone and daylight. Second part of Solaris fix. - Set PAM items TTY and RUSER if possible. - OpenBSD build warning fixes. - So, timezone and daylight are not available on BSD, so redo the whole TZ thing again. Should use only very portable constructs now. v2.0.6 - Fix delay_failed_login typo. Oops. - Patch the getcwd and readlink sysutil helpers to reflect that they wouldn't like a 0-sized buf. No caller is affected. Thanks Ilja van Sprundel . - Allow a (fake) reauth as the same user as the logged in user. Should resolve .NET related report from Sabo Jim . - Tweak from Lucian Adrian Grijincu to take unnecessary port calculations out of a loop. - Fix byte I/O accounting in the error path of do_file_send_rwloop, thanks to . - Don't log FireFox's attempts to RETR directories! Reported by Nixdorf, Tim . - Fix STOU sending the same 150 status line twice - oops! Reported by . - Fix xferlog format for virtual (guest) users, reported by Andy Fletcher . - Fix bug with empty user list file and userlist_deny=NO. Reported by Marcin Zawadzki/GlobalVanet.com . - Pretend we have proper UTF8 support and respond positively to OPTS UTF8 ON. Thanks Stanislav Maslovski . - Add control over the file permissions used in the chown()ing of anonymous uploads: chown_upload_mode (default 0600 as before). Suggestion from An Pham . - Do a retry getting the active ftp socket in vsf_privop_get_ftp_port_sock(); should help buggy Solaris systems. Reported by Michael Masterson . - Add debug_ssl option to dump out some SSL connection details. - Use code 522, not 521, to indicate that the server requires an encrypted data connection. Still does not seem to coax lftp to retry :( - Recognize OPTS pre-login. - A whole ton of SSL improvements, including ability to force requirement of a client cert; data and control channel client cert cross checking. Ability to require fully valid / authentic client certs. No cert-based auth yet. - Change my e-mail to my GMail account. v2.0.7 - Fix finding libcap for the link on Slackware systems, thanks to Roman Kravchenko . - Fix build on Solaris 2.8 due to non-standard C, thanks to IIDA Yosiaki . - Fix man page typo, thanks Matt Selsky . - Bring the PASV listen() into the bind() retry loop to resolve a race under extreme load. Thanks to Curtis Taylor . - Enhance logging for debug_ssl. - Shutdown the SSL data connections properly. This prevents clients such as recent FileZilla from complaining. Reported by various people. - Add option to enforce proper SSL shutdown on uploads. Left it off after much agonizing because clients are so broken in this area. - Add option to delete failed uploads. To generate a diff of this commit: cvs rdiff -r1.28 -r1.29 pkgsrc/net/vsftpd/Makefile cvs rdiff -r1.9 -r1.10 pkgsrc/net/vsftpd/distinfo cvs rdiff -r1.5 -r1.6 pkgsrc/net/vsftpd/options.mk cvs rdiff -r1.3 -r1.4 pkgsrc/net/vsftpd/patches/patch-ad cvs rdiff -r1.4 -r1.5 pkgsrc/net/vsftpd/patches/patch-af cvs rdiff -r1.3 -r0 pkgsrc/net/vsftpd/patches/patch-ag Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.