Wed Mar 11 11:47:19 2020 UTC ()
pure-ftpd: Update to 1.0.49

* Version 1.0.49:
 - This version fixes a regression introduced in version 1.0.48 that broke
the external authentication feature. Reported by Peter Hudec, thanks!
 - Sockets from `pure-authd` and `pure-extauth` are now always owned by
`root` in order to cope with the absence of `CAP_DAC_OVERRIDE` on Linux.
Suggested by Arkadiusz Mi����kiewicz, thanks!

* Version 1.0.48:
 - SNI support has been added. A new service, `pure-certd`, can run
external code written in any language in order to map SNI names to TLS certificates.
 - External authentication handlers get a new
`AUTHD_CLIENT_SNI_NAME` environment variable set when the client uses SNI.
 - TLS certificates and keys can now be in different files.
 - `make install` does not overwrite existing configuration files any
more. The example files layout has changed.
 - TLS 1.3 is enabled when using OpenSSL 1.1.x.
 - TLS < 1.2 is disabled by default.
 - Quirks for obsolete OpenSSL versions have been removed.
 - Username _ftp can be used as an alternative to ftp everywhere.
 - Password hashing parameters are now chosen according to locally
available resources. The `pure-pw` command gets to new switches: `-C` (as
a hint regarding the number of simultaneous login attempts) and `-M`
(total memory, in MB, to reserve for password hashing).
 - New translation: Albanian, thanks to Moisi Xhaferaj.
 - The `PRET` command has been added. It can avoid opening useless data
connections for nonexistent content.
 - Dot-files are always displayed. We don't lie any more in some
commands while not lying in other commands to respect the protocol.
 - Support for RFC 2640 has been removed from the free version, as it
was early, experimental, slow, mostly broken and unmaintained code.
 - The `NLST` command doesn't perform globbing any more.
 - The `MLSD` command now prepends the path to file names.

* Version 1.0.47:
 - Unlike other directory listing commands, the STAT command should
use TLS on the control channel even if TLS has been disabled on the data
channel. It wasn't the case; this has been fixed. Thanks to Carlo
Cannas.
 - Return a 451 error code instead of 226 on aborted uploads.
 - The system user "_ftp" can be used as an alternative to "ftp" for
anonymous sessions.
 - Compatibility with libsodium > 1.0.12 was added (including minimal
mode).

* Version 1.0.46:
 - The server can now be linked against OpenSSL 1.1.x with the strict API.
 - Unmaintained contributions have been removed.
 - Globbing: the number of * in an expression has been limited to 3.

* Version 1.0.45:
 - TLS v1.0 sessions are now refused.
 - Version 1.0.44 didn't properly parse the TLSCipherSuite directive.
This has been fixed.

* Version 1.0.44:
 - The Perl and Python wrappers are gone. The daemon can now use a
configuration file without requiring external dependencies.
 - Pure-FTPd can now be linked against OpenSSL 1.1.x
 - The QUIT command didn't work properly when the server was compiled
without support for RFC2640. This has been fixed.
 - 3DES was removed from the default cipher suite.

* Version 1.0.43:
 - Passwords can now be hashed using Argon2.
 - The -J switch didn't work any more in 1.0.42. This has been fixed.
 - The default cipher suite was simplified.
 - Authentication against system accounts is compatible with OpenBSD 6.0.
 - Fixed: protocol conformance when TLS sessions are refused.
 - Altlog records can now be sent to `stdout`/`stderr`.

* Version 1.0.42:
 - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
compiled with libsodium.
 - The connection is now dropped if HTTP commands are received.
 - LDAP force_default_gid and force_default_uid now work as documented.
 - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
1.0.22 circa 2009, but disabled back then due to client compatibility
concerns) is now on by default, except in broken clients compatibility mode.

* Version 1.0.41:
 - libmariadb is looked for in addition to libmysqlclient
 - MySQL: my_make_scrambled_password() is not always an exported
symbol any more, so pure-ftpd now ships a reimplementation.
 - openssl/ec.h is not available on some Linux distributions that
disable EC in OpenSSL. This is being tested by autoconf.
 - New command-line switch: -2/--certfile= to set the path to the
certificate file when using TLS.

* Version 1.0.40:
 - Support for TCP_FASTOPEN added on Linux
 - The LDAP configuration file didn't allow a default gid without also
defining a default uid. This is no longer the case.
 - OpenBSD's glob() left the glob_t structure uninitialized if the
pattern was larger than PATH_MAX, causing globfree() to free() an
unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.

* Version 1.0.39:
 - Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5)
 - Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)

* Version 1.0.38:
 - The default cipher suite is now ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH
 - TLS forward secrecy support was added. DH parameters are loaded from
TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve
is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically
selected when using LibreSSL.
 - scrypt hashed passwords can be used in the MySQL, PostgreSQL and
LDAP backends.

* Version 1.0.37:
 - The -C: prefix can be added to the cipher suite in order to make valid
client certificates mandatory. This is no longer a compile-time option.
 - The Clear Command Channel (CCC) command is now supported.
 - pure-config.py is compatible with Python 3.
 - SSL (v2, v3) is refused by default.
 - The PureDB backend supports the scrypt function in order to hash
passwords. This is the preferred algorithm, but requires the presence
of libsodium.
 - DES-hashed passwords are not supported any more.
 - LDAP uid and gid values can over overridden in the LDAP configuration file.
 - New LDAPUseTLS directive for LDAP.
 - RC4 was killed.

* Version 1.0.36:
 - The safe_write()/safe_read() factorization broke extauth. Using
safe_read_partial() to read from the extauth pipe wasn't enough.
Bug reported by Rasmus Fauske.
 - Improved autoconf detection of -fstack-protector and -fPIE
 - If 10 digits are not enough to print the size of a file in an
ls-like output, bump the max number of digits to 18. This adds support for
files up to 1 exabyte.
 - Pure-FTPd can be compiled with Cygwin, ASLR/DEP is enabled by
default on Windows, and ASCII downloads on Windows have been fixed.
 - A new undocumented macro, ALLOW_EVERYTHING_IN_FILE_NAMES, allows
any characters in a file name. Disabled by default.
 - Don't display dot files (except . and ..) if dot_read_ok is 0 in
donlist() - but not in sglob() yet. This change is purely cosmetic. There are
many ways to figure out if a file exists.


(nia)
diff -r1.40 -r1.41 pkgsrc/net/pure-ftpd/Makefile
diff -r1.9 -r1.10 pkgsrc/net/pure-ftpd/PLIST
diff -r1.9 -r1.10 pkgsrc/net/pure-ftpd/options.mk
diff -r1.14 -r1.15 pkgsrc/net/pure-ftpd/distinfo
diff -r0 -r1.1 pkgsrc/net/pure-ftpd/patches/patch-Makefile.in
cvs diff -r1.40 -r1.41 pkgsrc/net/pure-ftpd/Makefile (expand / switch to unified diff)

--- pkgsrc/net/pure-ftpd/Makefile 2020/02/25 14:10:44 1.40
+++ pkgsrc/net/pure-ftpd/Makefile 2020/03/11 11:47:19 1.41
@@ -1,44 +1,29 @@ @@ -1,44 +1,29 @@
1# $NetBSD: Makefile,v 1.40 2020/02/25 14:10:44 leot Exp $ 1# $NetBSD: Makefile,v 1.41 2020/03/11 11:47:19 nia Exp $
2 2
3DISTNAME= pure-ftpd-1.0.35 3DISTNAME= pure-ftpd-1.0.49
4PKGREVISION= 7 
5CATEGORIES= net 4CATEGORIES= net
6MASTER_SITES= ftp://ftp.pureftpd.org/pub/pure-ftpd/releases/ 5MASTER_SITES= https://download.pureftpd.org/pub/pure-ftpd/releases/
7MASTER_SITES+= http://download.pureftpd.org/pub/pure-ftpd/releases/ 
8MASTER_SITES+= ftp://ftp2.fr.pureftpd.org/pub/mirrors/ftp.fr.pureftpd.org/pub/pure-ftpd/releases/ 
9MASTER_SITES+= ftp://ftp3.fr.pureftpd.org/pure-ftpd/releases/ 
10MASTER_SITES+= ftp://ftp.dk.pureftpd.org/mirrors/pure-ftpd/releases/ 
11MASTER_SITES+= ftp://ftp.nl.pureftpd.org/pub/pure-ftpd/releases/ 
12MASTER_SITES+= ftp://ftp.fr.pureftpd.org/pub/pure-ftpd/releases/ 
13MASTER_SITES+= ftp://ftp.cn.pureftpd.org/pub/pureftpd/pure-ftpd/releases/ 
14MASTER_SITES+= ${MASTER_SITE_SOURCEFORGE:=pureftpd/} 
15EXTRACT_SUFX= .tar.bz2 6EXTRACT_SUFX= .tar.bz2
16 7
17MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
18HOMEPAGE= https://www.pureftpd.org/project/pure-ftpd 9HOMEPAGE= https://www.pureftpd.org/project/pure-ftpd
19COMMENT= Secure FTP daemon with optional SQL support 10COMMENT= Secure FTP daemon with optional SQL support
20LICENSE= modified-bsd 11LICENSE= modified-bsd
21 12
22GNU_CONFIGURE= yes 13GNU_CONFIGURE= yes
23CONFIGURE_ARGS+= --with-everything 14CONFIGURE_ARGS+= --with-everything
24CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} 15CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
25CONFIGURE_ARGS+= --localstatedir=${VARBASE} 16CONFIGURE_ARGS+= --localstatedir=${VARBASE}
26 17
27BUILD_DEFS+= VARBASE 18BUILD_DEFS+= VARBASE
28 19
29CONFIGURE_ARGS.Interix+= --without-privsep 20CONFIGURE_ARGS.Interix+= --without-privsep
30 21
31.include "options.mk" 
32 
33RCD_SCRIPTS= pure_ftpd pure_uploadscript 22RCD_SCRIPTS= pure_ftpd pure_uploadscript
34INSTALLATION_DIRS= share/doc/pure-ftpd 
35 23
36post-install: 24EGDIR= ${PREFIX}/share/examples/pure-ftpd
37 cd ${WRKSRC} && \ 
38 ${INSTALL_DATA} README README.Authentication-Modules \ 
39 README.Configuration-File README.Contrib \ 
40 README.TLS README.Virtual-Users \ 
41 README.MySQL README.PGSQL README.LDAP \ 
42 ${DESTDIR}${PREFIX}/share/doc/pure-ftpd 
43 25
 26CONF_FILES+= ${EGDIR}/pure-ftpd.conf \
 27 ${PKG_SYSCONFDIR}/pure-ftpd.conf
 28.include "options.mk"
44.include "../../mk/bsd.pkg.mk" 29.include "../../mk/bsd.pkg.mk"
cvs diff -r1.9 -r1.10 pkgsrc/net/pure-ftpd/PLIST (expand / switch to unified diff)

--- pkgsrc/net/pure-ftpd/PLIST 2014/03/11 14:05:10 1.9
+++ pkgsrc/net/pure-ftpd/PLIST 2020/03/11 11:47:19 1.10
@@ -1,28 +1,36 @@ @@ -1,28 +1,36 @@
1@comment $NetBSD: PLIST,v 1.9 2014/03/11 14:05:10 jperkin Exp $ 1@comment $NetBSD: PLIST,v 1.10 2020/03/11 11:47:19 nia Exp $
2bin/pure-pw 2bin/pure-pw
3bin/pure-pwconvert 3bin/pure-pwconvert
4bin/pure-statsdecode 4bin/pure-statsdecode
5man/man8/pure-authd.8 5man/man8/pure-authd.8
 6man/man8/pure-certd.8
6man/man8/pure-ftpd.8 7man/man8/pure-ftpd.8
7man/man8/pure-ftpwho.8 8man/man8/pure-ftpwho.8
8man/man8/pure-mrtginfo.8 9man/man8/pure-mrtginfo.8
9man/man8/pure-pw.8 10man/man8/pure-pw.8
10man/man8/pure-pwconvert.8 11man/man8/pure-pwconvert.8
11man/man8/pure-quotacheck.8 12man/man8/pure-quotacheck.8
12man/man8/pure-statsdecode.8 13man/man8/pure-statsdecode.8
13man/man8/pure-uploadscript.8 14man/man8/pure-uploadscript.8
14sbin/pure-authd 15sbin/pure-authd
 16sbin/pure-certd
15sbin/pure-ftpd 17sbin/pure-ftpd
16sbin/pure-ftpwho 18sbin/pure-ftpwho
17sbin/pure-mrtginfo 19sbin/pure-mrtginfo
18sbin/pure-quotacheck 20sbin/pure-quotacheck
19sbin/pure-uploadscript 21sbin/pure-uploadscript
20share/doc/pure-ftpd/README 22share/doc/pure-ftpd/FAQ
21share/doc/pure-ftpd/README.Authentication-Modules 23share/doc/pure-ftpd/README.Authentication-Modules
22share/doc/pure-ftpd/README.Configuration-File 24share/doc/pure-ftpd/README.Configuration-File
23share/doc/pure-ftpd/README.Contrib 
24share/doc/pure-ftpd/README.LDAP 25share/doc/pure-ftpd/README.LDAP
 26share/doc/pure-ftpd/README.MacOS-X
25share/doc/pure-ftpd/README.MySQL 27share/doc/pure-ftpd/README.MySQL
26share/doc/pure-ftpd/README.PGSQL 28share/doc/pure-ftpd/README.PGSQL
27share/doc/pure-ftpd/README.TLS 29share/doc/pure-ftpd/README.TLS
28share/doc/pure-ftpd/README.Virtual-Users 30share/doc/pure-ftpd/README.Virtual-Users
 31share/doc/pure-ftpd/pure-ftpd.conf
 32share/doc/pure-ftpd/pureftpd-ldap.conf
 33share/doc/pure-ftpd/pureftpd-mysql.conf
 34share/doc/pure-ftpd/pureftpd-pgsql.conf
 35share/doc/pure-ftpd/pureftpd.schema
 36share/examples/pure-ftpd/pure-ftpd.conf
cvs diff -r1.9 -r1.10 pkgsrc/net/pure-ftpd/options.mk (expand / switch to unified diff)

--- pkgsrc/net/pure-ftpd/options.mk 2010/02/04 12:03:51 1.9
+++ pkgsrc/net/pure-ftpd/options.mk 2020/03/11 11:47:19 1.10
@@ -1,17 +1,18 @@ @@ -1,17 +1,18 @@
1# $NetBSD: options.mk,v 1.9 2010/02/04 12:03:51 obache Exp $ 1# $NetBSD: options.mk,v 1.10 2020/03/11 11:47:19 nia Exp $
2 2
3PKG_OPTIONS_VAR= PKG_OPTIONS.pureftpd 3PKG_OPTIONS_VAR= PKG_OPTIONS.pureftpd
4PKG_SUPPORTED_OPTIONS= ldap mysql pgsql ssl virtualchroot utf8 4PKG_SUPPORTED_OPTIONS= ldap mysql pgsql ssl virtualchroot utf8
 5PKG_SUGGESTED_OPTIONS= ssl virtualchroot
5 6
6PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_MYSQL:mysql 7PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_MYSQL:mysql
7PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_PGSQL:pgsql 8PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_PGSQL:pgsql
8PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_TLS:ssl 9PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_TLS:ssl
9PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_VIRTUAL_CHROOT:virtualchroot 10PKG_OPTIONS_LEGACY_VARS+= PURE_FTPD_USE_VIRTUAL_CHROOT:virtualchroot
10 11
11.include "../../mk/bsd.options.mk" 12.include "../../mk/bsd.options.mk"
12 13
13.if !empty(PKG_OPTIONS:Mldap) 14.if !empty(PKG_OPTIONS:Mldap)
14. include "../../databases/openldap-client/buildlink3.mk" 15. include "../../databases/openldap-client/buildlink3.mk"
15CONFIGURE_ARGS+= --with-ldap 16CONFIGURE_ARGS+= --with-ldap
16.endif 17.endif
17 18
cvs diff -r1.14 -r1.15 pkgsrc/net/pure-ftpd/distinfo (expand / switch to unified diff)

--- pkgsrc/net/pure-ftpd/distinfo 2015/11/04 00:35:29 1.14
+++ pkgsrc/net/pure-ftpd/distinfo 2020/03/11 11:47:19 1.15
@@ -1,6 +1,7 @@ @@ -1,6 +1,7 @@
1$NetBSD: distinfo,v 1.14 2015/11/04 00:35:29 agc Exp $ 1$NetBSD: distinfo,v 1.15 2020/03/11 11:47:19 nia Exp $
2 2
3SHA1 (pure-ftpd-1.0.35.tar.bz2) = e470bd886af68903ffba61832002fe90611f5756 3SHA1 (pure-ftpd-1.0.49.tar.bz2) = 467b5198ffeca9afa5f0aedf273553c3abe2a8e3
4RMD160 (pure-ftpd-1.0.35.tar.bz2) = 525ae8c4564b7a8f29ec09b882eacaa7a025a911 4RMD160 (pure-ftpd-1.0.49.tar.bz2) = b4af1d749a8bb5a441ad504a00a03081875d734d
5SHA512 (pure-ftpd-1.0.35.tar.bz2) = d54f0709fb49f480d6f3424b7a59d9c2ae3d252e6a63d98d7ccc6c8c2d3bbc959cc997ca790740afaf1207f306d516930fbd165a7c271c324954f883b3ecc688 5SHA512 (pure-ftpd-1.0.49.tar.bz2) = b44896d6fe2cda9169b1db93c5260bb892af14a173f2d25e60dd6530afe85d8e9156985609e35da7e5550dc123afb42bc5012beb9fca9011054cf0ed8b2eddef
6Size (pure-ftpd-1.0.35.tar.bz2) = 482387 bytes 6Size (pure-ftpd-1.0.49.tar.bz2) = 487958 bytes
 7SHA1 (patch-Makefile.in) = 1fdd2463fe27605cc02ff445d55d5355617361c2
File Added: pkgsrc/net/pure-ftpd/patches/patch-Makefile.in
$NetBSD: patch-Makefile.in,v 1.1 2020/03/11 11:47:19 nia Exp $

Install configuration file to examples.

--- Makefile.in.orig	2019-04-03 10:51:06.000000000 +0000
+++ Makefile.in
@@ -881,7 +881,7 @@ uninstall-am: uninstall-docDATA uninstal
 
 
 install-data-local:
-	@$(mkinstalldirs) $(DESTDIR)$(sysconfdir); \
+	@$(mkinstalldirs) $(DESTDIR)$(datadir)/examples/pure-ftpd; \
 	if [ -f $(DESTDIR)$(sysconfdir)/pure-ftpd.conf ]; then \
 		if cmp -s $(srcdir)/pure-ftpd.conf $(docdir)/pure-ftpd.conf; then \
 			echo "Configuration file unchanged"; \
@@ -890,7 +890,7 @@ install-data-local:
 			echo "You may want to compare it with the one at [$(DESTDIR)$(sysconfdir)/pure-ftpd.conf]."; \
 		fi; \
 	else \
-		$(INSTALL_DATA) $(srcdir)/pure-ftpd.conf $(DESTDIR)$(sysconfdir)/pure-ftpd.conf; \
+		$(INSTALL_DATA) $(srcdir)/pure-ftpd.conf $(DESTDIR)$(datadir)/examples/pure-ftpd/pure-ftpd.conf; \
 	fi
 
 uninstall-local: