pure-ftpd: Update to 1.0.49 * Version 1.0.49: - This version fixes a regression introduced in version 1.0.48 that broke the external authentication feature. Reported by Peter Hudec, thanks! - Sockets from `pure-authd` and `pure-extauth` are now always owned by `root` in order to cope with the absence of `CAP_DAC_OVERRIDE` on Linux. Suggested by Arkadiusz Mi����kiewicz, thanks! * Version 1.0.48: - SNI support has been added. A new service, `pure-certd`, can run external code written in any language in order to map SNI names to TLS certificates. - External authentication handlers get a new `AUTHD_CLIENT_SNI_NAME` environment variable set when the client uses SNI. - TLS certificates and keys can now be in different files. - `make install` does not overwrite existing configuration files any more. The example files layout has changed. - TLS 1.3 is enabled when using OpenSSL 1.1.x. - TLS < 1.2 is disabled by default. - Quirks for obsolete OpenSSL versions have been removed. - Username _ftp can be used as an alternative to ftp everywhere. - Password hashing parameters are now chosen according to locally available resources. The `pure-pw` command gets to new switches: `-C` (as a hint regarding the number of simultaneous login attempts) and `-M` (total memory, in MB, to reserve for password hashing). - New translation: Albanian, thanks to Moisi Xhaferaj. - The `PRET` command has been added. It can avoid opening useless data connections for nonexistent content. - Dot-files are always displayed. We don't lie any more in some commands while not lying in other commands to respect the protocol. - Support for RFC 2640 has been removed from the free version, as it was early, experimental, slow, mostly broken and unmaintained code. - The `NLST` command doesn't perform globbing any more. - The `MLSD` command now prepends the path to file names. * Version 1.0.47: - Unlike other directory listing commands, the STAT command should use TLS on the control channel even if TLS has been disabled on the data channel. It wasn't the case; this has been fixed. Thanks to Carlo Cannas. - Return a 451 error code instead of 226 on aborted uploads. - The system user "_ftp" can be used as an alternative to "ftp" for anonymous sessions. - Compatibility with libsodium > 1.0.12 was added (including minimal mode). * Version 1.0.46: - The server can now be linked against OpenSSL 1.1.x with the strict API. - Unmaintained contributions have been removed. - Globbing: the number of * in an expression has been limited to 3. * Version 1.0.45: - TLS v1.0 sessions are now refused. - Version 1.0.44 didn't properly parse the TLSCipherSuite directive. This has been fixed. * Version 1.0.44: - The Perl and Python wrappers are gone. The daemon can now use a configuration file without requiring external dependencies. - Pure-FTPd can now be linked against OpenSSL 1.1.x - The QUIT command didn't work properly when the server was compiled without support for RFC2640. This has been fixed. - 3DES was removed from the default cipher suite. * Version 1.0.43: - Passwords can now be hashed using Argon2. - The -J switch didn't work any more in 1.0.42. This has been fixed. - The default cipher suite was simplified. - Authentication against system accounts is compatible with OpenBSD 6.0. - Fixed: protocol conformance when TLS sessions are refused. - Altlog records can now be sent to `stdout`/`stderr`. * Version 1.0.42: - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not compiled with libsodium. - The connection is now dropped if HTTP commands are received. - LDAP force_default_gid and force_default_uid now work as documented. - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd 1.0.22 circa 2009, but disabled back then due to client compatibility concerns) is now on by default, except in broken clients compatibility mode. * Version 1.0.41: - libmariadb is looked for in addition to libmysqlclient - MySQL: my_make_scrambled_password() is not always an exported symbol any more, so pure-ftpd now ships a reimplementation. - openssl/ec.h is not available on some Linux distributions that disable EC in OpenSSL. This is being tested by autoconf. - New command-line switch: -2/--certfile= to set the path to the certificate file when using TLS. * Version 1.0.40: - Support for TCP_FASTOPEN added on Linux - The LDAP configuration file didn't allow a default gid without also defining a default uid. This is no longer the case. - OpenBSD's glob() left the glob_t structure uninitialized if the pattern was larger than PATH_MAX, causing globfree() to free() an unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34. * Version 1.0.39: - Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5) - Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE) * Version 1.0.38: - The default cipher suite is now ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH - TLS forward secrecy support was added. DH parameters are loaded from TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically selected when using LibreSSL. - scrypt hashed passwords can be used in the MySQL, PostgreSQL and LDAP backends. * Version 1.0.37: - The -C: prefix can be added to the cipher suite in order to make valid client certificates mandatory. This is no longer a compile-time option. - The Clear Command Channel (CCC) command is now supported. - pure-config.py is compatible with Python 3. - SSL (v2, v3) is refused by default. - The PureDB backend supports the scrypt function in order to hash passwords. This is the preferred algorithm, but requires the presence of libsodium. - DES-hashed passwords are not supported any more. - LDAP uid and gid values can over overridden in the LDAP configuration file. - New LDAPUseTLS directive for LDAP. - RC4 was killed. * Version 1.0.36: - The safe_write()/safe_read() factorization broke extauth. Using safe_read_partial() to read from the extauth pipe wasn't enough. Bug reported by Rasmus Fauske. - Improved autoconf detection of -fstack-protector and -fPIE - If 10 digits are not enough to print the size of a file in an ls-like output, bump the max number of digits to 18. This adds support for files up to 1 exabyte. - Pure-FTPd can be compiled with Cygwin, ASLR/DEP is enabled by default on Windows, and ASCII downloads on Windows have been fixed. - A new undocumented macro, ALLOW_EVERYTHING_IN_FILE_NAMES, allows any characters in a file name. Disabled by default. - Don't display dot files (except . and ..) if dot_read_ok is 0 in donlist() - but not in sglob() yet. This change is purely cosmetic. There are many ways to figure out if a file exists.diff -r1.40 -r1.41 pkgsrc/net/pure-ftpd/Makefile
(nia)
@@ -1,44 +1,29 @@ | @@ -1,44 +1,29 @@ | |||
1 | # $NetBSD: Makefile,v 1.40 2020/02/25 14:10:44 leot Exp $ | 1 | # $NetBSD: Makefile,v 1.41 2020/03/11 11:47:19 nia Exp $ | |
2 | 2 | |||
3 | DISTNAME= pure-ftpd-1.0.35 | 3 | DISTNAME= pure-ftpd-1.0.49 | |
4 | PKGREVISION= 7 | |||
5 | CATEGORIES= net | 4 | CATEGORIES= net | |
6 | MASTER_SITES= ftp://ftp.pureftpd.org/pub/pure-ftpd/releases/ | 5 | MASTER_SITES= https://download.pureftpd.org/pub/pure-ftpd/releases/ | |
7 | MASTER_SITES+= http://download.pureftpd.org/pub/pure-ftpd/releases/ | |||
8 | MASTER_SITES+= ftp://ftp2.fr.pureftpd.org/pub/mirrors/ftp.fr.pureftpd.org/pub/pure-ftpd/releases/ | |||
9 | MASTER_SITES+= ftp://ftp3.fr.pureftpd.org/pure-ftpd/releases/ | |||
10 | MASTER_SITES+= ftp://ftp.dk.pureftpd.org/mirrors/pure-ftpd/releases/ | |||
11 | MASTER_SITES+= ftp://ftp.nl.pureftpd.org/pub/pure-ftpd/releases/ | |||
12 | MASTER_SITES+= ftp://ftp.fr.pureftpd.org/pub/pure-ftpd/releases/ | |||
13 | MASTER_SITES+= ftp://ftp.cn.pureftpd.org/pub/pureftpd/pure-ftpd/releases/ | |||
14 | MASTER_SITES+= ${MASTER_SITE_SOURCEFORGE:=pureftpd/} | |||
15 | EXTRACT_SUFX= .tar.bz2 | 6 | EXTRACT_SUFX= .tar.bz2 | |
16 | 7 | |||
17 | MAINTAINER= pkgsrc-users@NetBSD.org | 8 | MAINTAINER= pkgsrc-users@NetBSD.org | |
18 | HOMEPAGE= https://www.pureftpd.org/project/pure-ftpd | 9 | HOMEPAGE= https://www.pureftpd.org/project/pure-ftpd | |
19 | COMMENT= Secure FTP daemon with optional SQL support | 10 | COMMENT= Secure FTP daemon with optional SQL support | |
20 | LICENSE= modified-bsd | 11 | LICENSE= modified-bsd | |
21 | 12 | |||
22 | GNU_CONFIGURE= yes | 13 | GNU_CONFIGURE= yes | |
23 | CONFIGURE_ARGS+= --with-everything | 14 | CONFIGURE_ARGS+= --with-everything | |
24 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} | 15 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} | |
25 | CONFIGURE_ARGS+= --localstatedir=${VARBASE} | 16 | CONFIGURE_ARGS+= --localstatedir=${VARBASE} | |
26 | 17 | |||
27 | BUILD_DEFS+= VARBASE | 18 | BUILD_DEFS+= VARBASE | |
28 | 19 | |||
29 | CONFIGURE_ARGS.Interix+= --without-privsep | 20 | CONFIGURE_ARGS.Interix+= --without-privsep | |
30 | 21 | |||
31 | .include "options.mk" | |||
32 | ||||
33 | RCD_SCRIPTS= pure_ftpd pure_uploadscript | 22 | RCD_SCRIPTS= pure_ftpd pure_uploadscript | |
34 | INSTALLATION_DIRS= share/doc/pure-ftpd | |||
35 | 23 | |||
36 | post-install: | 24 | EGDIR= ${PREFIX}/share/examples/pure-ftpd | |
37 | cd ${WRKSRC} && \ | |||
38 | ${INSTALL_DATA} README README.Authentication-Modules \ | |||
39 | README.Configuration-File README.Contrib \ | |||
40 | README.TLS README.Virtual-Users \ | |||
41 | README.MySQL README.PGSQL README.LDAP \ | |||
42 | ${DESTDIR}${PREFIX}/share/doc/pure-ftpd | |||
43 | 25 | |||
26 | CONF_FILES+= ${EGDIR}/pure-ftpd.conf \ | |||
27 | ${PKG_SYSCONFDIR}/pure-ftpd.conf | |||
28 | .include "options.mk" | |||
44 | .include "../../mk/bsd.pkg.mk" | 29 | .include "../../mk/bsd.pkg.mk" |
@@ -1,28 +1,36 @@ | @@ -1,28 +1,36 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.9 2014/03/11 14:05:10 jperkin Exp $ | 1 | @comment $NetBSD: PLIST,v 1.10 2020/03/11 11:47:19 nia Exp $ | |
2 | bin/pure-pw | 2 | bin/pure-pw | |
3 | bin/pure-pwconvert | 3 | bin/pure-pwconvert | |
4 | bin/pure-statsdecode | 4 | bin/pure-statsdecode | |
5 | man/man8/pure-authd.8 | 5 | man/man8/pure-authd.8 | |
6 | man/man8/pure-certd.8 | |||
6 | man/man8/pure-ftpd.8 | 7 | man/man8/pure-ftpd.8 | |
7 | man/man8/pure-ftpwho.8 | 8 | man/man8/pure-ftpwho.8 | |
8 | man/man8/pure-mrtginfo.8 | 9 | man/man8/pure-mrtginfo.8 | |
9 | man/man8/pure-pw.8 | 10 | man/man8/pure-pw.8 | |
10 | man/man8/pure-pwconvert.8 | 11 | man/man8/pure-pwconvert.8 | |
11 | man/man8/pure-quotacheck.8 | 12 | man/man8/pure-quotacheck.8 | |
12 | man/man8/pure-statsdecode.8 | 13 | man/man8/pure-statsdecode.8 | |
13 | man/man8/pure-uploadscript.8 | 14 | man/man8/pure-uploadscript.8 | |
14 | sbin/pure-authd | 15 | sbin/pure-authd | |
16 | sbin/pure-certd | |||
15 | sbin/pure-ftpd | 17 | sbin/pure-ftpd | |
16 | sbin/pure-ftpwho | 18 | sbin/pure-ftpwho | |
17 | sbin/pure-mrtginfo | 19 | sbin/pure-mrtginfo | |
18 | sbin/pure-quotacheck | 20 | sbin/pure-quotacheck | |
19 | sbin/pure-uploadscript | 21 | sbin/pure-uploadscript | |
20 | share/doc/pure-ftpd/README | 22 | share/doc/pure-ftpd/FAQ | |
21 | share/doc/pure-ftpd/README.Authentication-Modules | 23 | share/doc/pure-ftpd/README.Authentication-Modules | |
22 | share/doc/pure-ftpd/README.Configuration-File | 24 | share/doc/pure-ftpd/README.Configuration-File | |
23 | share/doc/pure-ftpd/README.Contrib | |||
24 | share/doc/pure-ftpd/README.LDAP | 25 | share/doc/pure-ftpd/README.LDAP | |
26 | share/doc/pure-ftpd/README.MacOS-X | |||
25 | share/doc/pure-ftpd/README.MySQL | 27 | share/doc/pure-ftpd/README.MySQL | |
26 | share/doc/pure-ftpd/README.PGSQL | 28 | share/doc/pure-ftpd/README.PGSQL | |
27 | share/doc/pure-ftpd/README.TLS | 29 | share/doc/pure-ftpd/README.TLS | |
28 | share/doc/pure-ftpd/README.Virtual-Users | 30 | share/doc/pure-ftpd/README.Virtual-Users | |
31 | share/doc/pure-ftpd/pure-ftpd.conf | |||
32 | share/doc/pure-ftpd/pureftpd-ldap.conf | |||
33 | share/doc/pure-ftpd/pureftpd-mysql.conf | |||
34 | share/doc/pure-ftpd/pureftpd-pgsql.conf | |||
35 | share/doc/pure-ftpd/pureftpd.schema | |||
36 | share/examples/pure-ftpd/pure-ftpd.conf |
@@ -1,17 +1,18 @@ | @@ -1,17 +1,18 @@ | |||
1 | # $NetBSD: options.mk,v 1.9 2010/02/04 12:03:51 obache Exp $ | 1 | # $NetBSD: options.mk,v 1.10 2020/03/11 11:47:19 nia Exp $ | |
2 | 2 | |||
3 | PKG_OPTIONS_VAR= PKG_OPTIONS.pureftpd | 3 | PKG_OPTIONS_VAR= PKG_OPTIONS.pureftpd | |
4 | PKG_SUPPORTED_OPTIONS= ldap mysql pgsql ssl virtualchroot utf8 | 4 | PKG_SUPPORTED_OPTIONS= ldap mysql pgsql ssl virtualchroot utf8 | |
5 | PKG_SUGGESTED_OPTIONS= ssl virtualchroot | |||
5 | 6 | |||
6 | PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_MYSQL:mysql | 7 | PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_MYSQL:mysql | |
7 | PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_PGSQL:pgsql | 8 | PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_PGSQL:pgsql | |
8 | PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_TLS:ssl | 9 | PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_TLS:ssl | |
9 | PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_VIRTUAL_CHROOT:virtualchroot | 10 | PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_VIRTUAL_CHROOT:virtualchroot | |
10 | 11 | |||
11 | .include "../../mk/bsd.options.mk" | 12 | .include "../../mk/bsd.options.mk" | |
12 | 13 | |||
13 | .if !empty(PKG_OPTIONS:Mldap) | 14 | .if !empty(PKG_OPTIONS:Mldap) | |
14 | . include "../../databases/openldap-client/buildlink3.mk" | 15 | . include "../../databases/openldap-client/buildlink3.mk" | |
15 | CONFIGURE_ARGS+= --with-ldap | 16 | CONFIGURE_ARGS+= --with-ldap | |
16 | .endif | 17 | .endif | |
17 | 18 |
@@ -1,6 +1,7 @@ | @@ -1,6 +1,7 @@ | |||
1 | $NetBSD: distinfo,v 1.14 2015/11/04 00:35:29 agc Exp $ | 1 | $NetBSD: distinfo,v 1.15 2020/03/11 11:47:19 nia Exp $ | |
2 | 2 | |||
3 | SHA1 (pure-ftpd-1.0.35.tar.bz2) = e470bd886af68903ffba61832002fe90611f5756 | 3 | SHA1 (pure-ftpd-1.0.49.tar.bz2) = 467b5198ffeca9afa5f0aedf273553c3abe2a8e3 | |
4 | RMD160 (pure-ftpd-1.0.35.tar.bz2) = 525ae8c4564b7a8f29ec09b882eacaa7a025a911 | 4 | RMD160 (pure-ftpd-1.0.49.tar.bz2) = b4af1d749a8bb5a441ad504a00a03081875d734d | |
5 | SHA512 (pure-ftpd-1.0.35.tar.bz2) = d54f0709fb49f480d6f3424b7a59d9c2ae3d252e6a63d98d7ccc6c8c2d3bbc959cc997ca790740afaf1207f306d516930fbd165a7c271c324954f883b3ecc688 | 5 | SHA512 (pure-ftpd-1.0.49.tar.bz2) = b44896d6fe2cda9169b1db93c5260bb892af14a173f2d25e60dd6530afe85d8e9156985609e35da7e5550dc123afb42bc5012beb9fca9011054cf0ed8b2eddef | |
6 | Size (pure-ftpd-1.0.35.tar.bz2) = 482387 bytes | 6 | Size (pure-ftpd-1.0.49.tar.bz2) = 487958 bytes | |
7 | SHA1 (patch-Makefile.in) = 1fdd2463fe27605cc02ff445d55d5355617361c2 |
$NetBSD: patch-Makefile.in,v 1.1 2020/03/11 11:47:19 nia Exp $
Install configuration file to examples.
--- Makefile.in.orig 2019-04-03 10:51:06.000000000 +0000
+++ Makefile.in
@@ -881,7 +881,7 @@ uninstall-am: uninstall-docDATA uninstal
install-data-local:
- @$(mkinstalldirs) $(DESTDIR)$(sysconfdir); \
+ @$(mkinstalldirs) $(DESTDIR)$(datadir)/examples/pure-ftpd; \
if [ -f $(DESTDIR)$(sysconfdir)/pure-ftpd.conf ]; then \
if cmp -s $(srcdir)/pure-ftpd.conf $(docdir)/pure-ftpd.conf; then \
echo "Configuration file unchanged"; \
@@ -890,7 +890,7 @@ install-data-local:
echo "You may want to compare it with the one at [$(DESTDIR)$(sysconfdir)/pure-ftpd.conf]."; \
fi; \
else \
- $(INSTALL_DATA) $(srcdir)/pure-ftpd.conf $(DESTDIR)$(sysconfdir)/pure-ftpd.conf; \
+ $(INSTALL_DATA) $(srcdir)/pure-ftpd.conf $(DESTDIR)$(datadir)/examples/pure-ftpd/pure-ftpd.conf; \
fi
uninstall-local: