kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net/vsftpd/options.mk

47 lines
1.4 KiB
Makefile
Raw Normal View History

Use USE_FEATURES=inet6 for requirement of IPv6 support, instead of unusual usage of PKG_OPTIONS.
2011-04-15 10:34:00 +02:00
# $NetBSD: options.mk,v 1.7 2011/04/15 08:34:01 obache Exp $
Update to 2.0.4, based on 2.0.1 update from Ove Soerensen in PR 26811. Add ssl (default off) and tcpwrappers (default on) options. Changes: - Improve logging (log deletes, renames, chmods, etc. as requested by users). - Add no_log_lock to work around Solaris / Veritas locking hangs. - Add EPRT, EPSV, PASV and TVFS to FEAT response. - Implement use of MDTM to set timestamps. - Recognize FEAT prior to login. - Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data connections! Hurrah. - Increase max size of .message files to 4000 characters, thanks to Eric Pancer for the report. - Add easy builddefs.h ability to disable PAM builds even when PAM is installed. - Report vsftpd version in STAT output. - Add REFS file. - Change parent<->child socket comms from DGRAM to STREAM for increased reliability. The main benefit is should the parent be killed (or crash out) then the child won't block on a read() that will never return. - Make str_reserve reserve space for the trailing zero as well, so we don't cause a reallocation if we exactly fill the buffer. - Optimize the sending of strings over the parent<->child comms links. - Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly compiled out. - Fix vsftpd.conf.5 typos, thanks to Dmitry V. Levin - If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring totally. Thanks to Brad - Lose Makefile.sun and README.solaris special cases. - Add SSL / TLS info to SECURITY texts. - Add README.ssl - Add documentation for new SSL options to vsftpd.conf.5. - Add support for CWD ~ (and in general support ~ at start of any filename). Also support stuff like ~chris/pics, if tilde_user_enable=YES is set. Note that all of this is for very very broken clients :-( - Fix compile warnings. - Update INSTALL with (recent) OS X as a working platform. At this point: v2.0.0 released! =============================== - Add -lcrypto for the SSL build; needed for some systems! Thanks to Nelson Chang - Oops; fix session bale out if an empty length password is given. - Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so). - Fix vsftpd.conf.5 man page error in "ssl_sslv3", thanks to Etienne Chevillard - Clarify licensing: I allow linking of my GPL software with the OpenSSL libraries. Thanks to Jonas Bofjall - Add COPYRIGHT. - Fix build on OpenBSD, FreeBSD, probably NetBSD too (they aren't SuSv2 compliant; timezone should be a variable not a function). - Fix build where PAM build is enabled but PAM headers are missing. - Fix build on RHEL3 (remove errant include from twoprocess.c). At this point: v2.0.1 released! =============================== - Fix FAQ typo, thanks to Jose Santiago Oyervides Gonzalez - Emit data transfer status messages (success / failure) after flushing and waiting for the full data transfer to reach the client. This should help work around buggy FTP clients such as FlashFXP, which is known to truncate files incorrectly. (v2.0.2pre1) - Make str_empty actually allocate an empty string. - Change the ASCII receive code to ONLY rip out \r if it is just before a \n; someone finally complained about this. (v2.0.2pre2) - Enable AIX Large File Support #define from Tomas gren - Add a couple of FAQ entries. - Fix time delta code areas to cope with negative deltas, which will occur if the clock is adjusted backwards. Thanks to Andrew Anderson for a great report. - Fix "errno" checks to be robust in multiple places; previously, calls to failing library calls could be made inbetween the original library call and the "errno" reads. Thanks to Andrew Anderson for a great report. - Make bandwidth limiter work with SSL data connections. (v2.0.2pre3) - Note that the SSL / bandwidth limiter bug fixed a much more serious bug: SSL data connection dropouts after data_connection_timeout seconds. - Typo fixes. At this point: v2.0.2 released! (need to get the SSL dropout fix out) ===================================================================== - Document what regex expressions are supported in the man page. - New settings rsa_private_key_file and dsa_private_key_file to allow separate files for the certificates and private keys. - Initial, simple fix for timed out processes not exiting when SSL is in use. Better fix (which reports timeout to client properly) to follow. - Add which setsockopt option failed to die("setsockopt") calls. - Fix when running on recent OpenBSDs - OpenBSD change broke vsftpd. Lower linger timeout from INT_MAX to 32767 (SHORT_MAX). Reported by Ewoud van der Vliet and Ed Vazquez (v2.0.3pre1) - Fix error with IPv4 connections to IPv6 listeners and PORT type data connections when connect_from_port_20 is set. RedHat bugzilla 134541. Reported by Joe Orton, Radek Vokal and Andreas Kupfer - Remove vsf_sysutil_sockaddr_same_family (unused). - Support protocol 1 (IPv4) in EPRT. - Add ssl.c to AUDIT. - Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list. - Allow "EPSV 1" to mean IPv4 EPSV. - Report dummy IP but correct port with IPv6 / PASV. - Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write; fixes SSL upload failures when data timeouts are in use with some clients. Specifically, I used the test case FileZilla 2.2.12a on Windows XP. Reported by Lee Lawrence (using CuteFTP and BackupEdge) and Christian DELAIR (using lftp, FileZilla and SmartFTP). Thanks to these two people for valuable help. (v2.0.3pre2) - Implicitly disable connect_from_port_20 and chown_uploads when a non-root user is using run_as_launching_user. - Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure anonymous-only solution (useful when you don't have root access and a range of acceptable anonymous passwords as credentials). - Use SSL BIO callbacks to fix data connection timeout checks; the checks weren't all occurring promply. At this point: v2.0.3 released! (need to get about three imporant fixes out) ============================================================================ - Add explicit "This FTP server does not allow anonymous logins" message. - Add paranoid checks to sysutil.c for large values / lengths. - Fix incorrect comment about ASCII and SIZE in the vsftpd.conf example. - Load per-IP config files earlier; allows more settings to be tuned on a per-IP level. Suggested by Reber Tobias - Fix MDTM on non-existant files. Reported by Ken A - {} regex fix so that {*} correctly matches everything. Reported by Tom Van de Wiele - Add "mdtm_write" option to disable MDTM being able to set file timestamps. - Fix HPUX build, thanks to Kevin Vajk - Add optional file locking support via lock_upload_files (default on). - Apply LDFLAGS patch from Mads Martin Joergensen - Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once at startup. - Apply patch to fix timezone issues (caused by chroot() interacting badly with newer glibc versions). Thanks to Dmitry V. Levin and Mads Martin Joergensen At this point: v2.0.4 released! ===============================
2006-01-13 19:12:46 +01:00
PKG_OPTIONS_VAR= PKG_OPTIONS.vsftpd
Require "inet6" option instead of using deprecated USE_INET6; also don't set that in PKG_SUGGESTED_OPTIONS (it's up to bsd.pkg.mk to do that).
2007-01-03 16:54:56 +01:00
PKG_SUPPORTED_OPTIONS= pam ssl tcpwrappers
PKG_SUGGESTED_OPTIONS= pam tcpwrappers
Update to 2.0.4, based on 2.0.1 update from Ove Soerensen in PR 26811. Add ssl (default off) and tcpwrappers (default on) options. Changes: - Improve logging (log deletes, renames, chmods, etc. as requested by users). - Add no_log_lock to work around Solaris / Veritas locking hangs. - Add EPRT, EPSV, PASV and TVFS to FEAT response. - Implement use of MDTM to set timestamps. - Recognize FEAT prior to login. - Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data connections! Hurrah. - Increase max size of .message files to 4000 characters, thanks to Eric Pancer for the report. - Add easy builddefs.h ability to disable PAM builds even when PAM is installed. - Report vsftpd version in STAT output. - Add REFS file. - Change parent<->child socket comms from DGRAM to STREAM for increased reliability. The main benefit is should the parent be killed (or crash out) then the child won't block on a read() that will never return. - Make str_reserve reserve space for the trailing zero as well, so we don't cause a reallocation if we exactly fill the buffer. - Optimize the sending of strings over the parent<->child comms links. - Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly compiled out. - Fix vsftpd.conf.5 typos, thanks to Dmitry V. Levin - If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring totally. Thanks to Brad - Lose Makefile.sun and README.solaris special cases. - Add SSL / TLS info to SECURITY texts. - Add README.ssl - Add documentation for new SSL options to vsftpd.conf.5. - Add support for CWD ~ (and in general support ~ at start of any filename). Also support stuff like ~chris/pics, if tilde_user_enable=YES is set. Note that all of this is for very very broken clients :-( - Fix compile warnings. - Update INSTALL with (recent) OS X as a working platform. At this point: v2.0.0 released! =============================== - Add -lcrypto for the SSL build; needed for some systems! Thanks to Nelson Chang - Oops; fix session bale out if an empty length password is given. - Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so). - Fix vsftpd.conf.5 man page error in "ssl_sslv3", thanks to Etienne Chevillard - Clarify licensing: I allow linking of my GPL software with the OpenSSL libraries. Thanks to Jonas Bofjall - Add COPYRIGHT. - Fix build on OpenBSD, FreeBSD, probably NetBSD too (they aren't SuSv2 compliant; timezone should be a variable not a function). - Fix build where PAM build is enabled but PAM headers are missing. - Fix build on RHEL3 (remove errant include from twoprocess.c). At this point: v2.0.1 released! =============================== - Fix FAQ typo, thanks to Jose Santiago Oyervides Gonzalez - Emit data transfer status messages (success / failure) after flushing and waiting for the full data transfer to reach the client. This should help work around buggy FTP clients such as FlashFXP, which is known to truncate files incorrectly. (v2.0.2pre1) - Make str_empty actually allocate an empty string. - Change the ASCII receive code to ONLY rip out \r if it is just before a \n; someone finally complained about this. (v2.0.2pre2) - Enable AIX Large File Support #define from Tomas gren - Add a couple of FAQ entries. - Fix time delta code areas to cope with negative deltas, which will occur if the clock is adjusted backwards. Thanks to Andrew Anderson for a great report. - Fix "errno" checks to be robust in multiple places; previously, calls to failing library calls could be made inbetween the original library call and the "errno" reads. Thanks to Andrew Anderson for a great report. - Make bandwidth limiter work with SSL data connections. (v2.0.2pre3) - Note that the SSL / bandwidth limiter bug fixed a much more serious bug: SSL data connection dropouts after data_connection_timeout seconds. - Typo fixes. At this point: v2.0.2 released! (need to get the SSL dropout fix out) ===================================================================== - Document what regex expressions are supported in the man page. - New settings rsa_private_key_file and dsa_private_key_file to allow separate files for the certificates and private keys. - Initial, simple fix for timed out processes not exiting when SSL is in use. Better fix (which reports timeout to client properly) to follow. - Add which setsockopt option failed to die("setsockopt") calls. - Fix when running on recent OpenBSDs - OpenBSD change broke vsftpd. Lower linger timeout from INT_MAX to 32767 (SHORT_MAX). Reported by Ewoud van der Vliet and Ed Vazquez (v2.0.3pre1) - Fix error with IPv4 connections to IPv6 listeners and PORT type data connections when connect_from_port_20 is set. RedHat bugzilla 134541. Reported by Joe Orton, Radek Vokal and Andreas Kupfer - Remove vsf_sysutil_sockaddr_same_family (unused). - Support protocol 1 (IPv4) in EPRT. - Add ssl.c to AUDIT. - Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list. - Allow "EPSV 1" to mean IPv4 EPSV. - Report dummy IP but correct port with IPv6 / PASV. - Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write; fixes SSL upload failures when data timeouts are in use with some clients. Specifically, I used the test case FileZilla 2.2.12a on Windows XP. Reported by Lee Lawrence (using CuteFTP and BackupEdge) and Christian DELAIR (using lftp, FileZilla and SmartFTP). Thanks to these two people for valuable help. (v2.0.3pre2) - Implicitly disable connect_from_port_20 and chown_uploads when a non-root user is using run_as_launching_user. - Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure anonymous-only solution (useful when you don't have root access and a range of acceptable anonymous passwords as credentials). - Use SSL BIO callbacks to fix data connection timeout checks; the checks weren't all occurring promply. At this point: v2.0.3 released! (need to get about three imporant fixes out) ============================================================================ - Add explicit "This FTP server does not allow anonymous logins" message. - Add paranoid checks to sysutil.c for large values / lengths. - Fix incorrect comment about ASCII and SIZE in the vsftpd.conf example. - Load per-IP config files earlier; allows more settings to be tuned on a per-IP level. Suggested by Reber Tobias - Fix MDTM on non-existant files. Reported by Ken A - {} regex fix so that {*} correctly matches everything. Reported by Tom Van de Wiele - Add "mdtm_write" option to disable MDTM being able to set file timestamps. - Fix HPUX build, thanks to Kevin Vajk - Add optional file locking support via lock_upload_files (default on). - Apply LDFLAGS patch from Mads Martin Joergensen - Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once at startup. - Apply patch to fix timezone issues (caused by chroot() interacting badly with newer glibc versions). Thanks to Dmitry V. Levin and Mads Martin Joergensen At this point: v2.0.4 released! ===============================
2006-01-13 19:12:46 +01:00
.include "../../mk/bsd.options.mk"
Improve linkage but not using the crappy shell script from vsftpd, which doesn't work correctly e.g. on Solaris. Make PAM optional, but since the option is on by default, nothing changes. Fix compilation on Solaris based on input from Stefan Pfetzing in PR 33494.
2006-05-16 23:08:50 +02:00
.if !empty(PKG_OPTIONS:Mpam)
.include "../../mk/pam.buildlink3.mk"
LIBS+= -L${PAMBASE}
LIBS+= ${COMPILER_RPATH_FLAG}${PAMBASE}
LIBS+= -lpam
.else
Updated net/vsftpd to 2.0.7 - needed for recent FileZilla to with with SSL v2.0.5 - Apply fix for O_NONBLOCK vs. XFS DMAPI filesystem. Thanks to Sudha Srinivasan <sudhas@sgi.com>. - Fix build warnings exposed by my upgrade to Fedora Core 5 / GCC4.1.1. - Be more honest in FEAT response if PORT or PASV are disabled! Reported by Charles Honton <chas@honton.org>. Allows MS Explorer to get the transfer mode correct. - pam_pwdb.so -> pam_unix.so in example PAM file. Thanks to Rhodes, Colin <colin.rhodes@airways.co.nz>. - Add FAQ issue regarding "chroot fails with SSL" - in fact, sshd is being hit here instead ;-) - Minor man page doc tweaks. - Tiny bit of paranoia in privops.c. - Revert change to reject anonymous logins before asking for password. This fixes complaints about IE not showing the FTP login dialog. - Change SSL certificate load to cater for chaining too. - Added delay_failed_login and delay_successful_login to help limit resources taken by brute force attacks. - Kick session after a few login fails. Allows IP blocking solutions to be more immediately effective. - Replace setenv() with more portable putenv(). First part of Solaris fix. - Replace tm_gmtoff usage with timezone and daylight. Second part of Solaris fix. - Set PAM items TTY and RUSER if possible. - OpenBSD build warning fixes. - So, timezone and daylight are not available on BSD, so redo the whole TZ thing again. Should use only very portable constructs now. v2.0.6 - Fix delay_failed_login typo. Oops. - Patch the getcwd and readlink sysutil helpers to reflect that they wouldn't like a 0-sized buf. No caller is affected. Thanks Ilja van Sprundel <ilja@suresec.org>. - Allow a (fake) reauth as the same user as the logged in user. Should resolve .NET related report from Sabo Jim <Jim.Sabo@thomson.net>. - Tweak from Lucian Adrian Grijincu <lucian.grijincu@gmail.com> to take unnecessary port calculations out of a loop. - Fix byte I/O accounting in the error path of do_file_send_rwloop, thanks to <echen@siac.com>. - Don't log FireFox's attempts to RETR directories! Reported by Nixdorf, Tim <tnixdorf@dnps.com>. - Fix STOU sending the same 150 status line twice - oops! Reported by <yamazaki@iij.ad.jp>. - Fix xferlog format for virtual (guest) users, reported by Andy Fletcher <andy@withnail.org>. - Fix bug with empty user list file and userlist_deny=NO. Reported by Marcin Zawadzki/GlobalVanet.com <marcin.zawadzki@globalvanet.com>. - Pretend we have proper UTF8 support and respond positively to OPTS UTF8 ON. Thanks Stanislav Maslovski <stanislav.maslovski@gmail.com>. - Add control over the file permissions used in the chown()ing of anonymous uploads: chown_upload_mode (default 0600 as before). Suggestion from An Pham <apham@medforcetech.com>. - Do a retry getting the active ftp socket in vsf_privop_get_ftp_port_sock(); should help buggy Solaris systems. Reported by Michael Masterson <mjmasterson@xo.com>. - Add debug_ssl option to dump out some SSL connection details. - Use code 522, not 521, to indicate that the server requires an encrypted data connection. Still does not seem to coax lftp to retry :( - Recognize OPTS pre-login. - A whole ton of SSL improvements, including ability to force requirement of a client cert; data and control channel client cert cross checking. Ability to require fully valid / authentic client certs. No cert-based auth yet. - Change my e-mail to my GMail account. v2.0.7 - Fix finding libcap for the link on Slackware systems, thanks to Roman Kravchenko <roman@atech.lv>. - Fix build on Solaris 2.8 due to non-standard C, thanks to IIDA Yosiaki <y-iida@secom.co.jp>. - Fix man page typo, thanks Matt Selsky <selsky@columbia.edu>. - Bring the PASV listen() into the bind() retry loop to resolve a race under extreme load. Thanks to Curtis Taylor <cjt@us.ibm.com>. - Enhance logging for debug_ssl. - Shutdown the SSL data connections properly. This prevents clients such as recent FileZilla from complaining. Reported by various people. - Add option to enforce proper SSL shutdown on uploads. Left it off after much agonizing because clients are so broken in this area. - Add option to delete failed uploads.
2008-09-22 13:02:21 +02:00
LIBS.Linux= -lcrypt
#
Improve linkage but not using the crappy shell script from vsftpd, which doesn't work correctly e.g. on Solaris. Make PAM optional, but since the option is on by default, nothing changes. Fix compilation on Solaris based on input from Stefan Pfetzing in PR 33494.
2006-05-16 23:08:50 +02:00
SUBST_CLASSES+= pam
SUBST_FILES.pam= builddefs.h
SUBST_SED.pam+= -e 's,define VSF_BUILD_PAM,undef VSF_BUILD_PAM,g'
SUBST_STAGE.pam= pre-configure
.endif
Update to 2.0.4, based on 2.0.1 update from Ove Soerensen in PR 26811. Add ssl (default off) and tcpwrappers (default on) options. Changes: - Improve logging (log deletes, renames, chmods, etc. as requested by users). - Add no_log_lock to work around Solaris / Veritas locking hangs. - Add EPRT, EPSV, PASV and TVFS to FEAT response. - Implement use of MDTM to set timestamps. - Recognize FEAT prior to login. - Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data connections! Hurrah. - Increase max size of .message files to 4000 characters, thanks to Eric Pancer for the report. - Add easy builddefs.h ability to disable PAM builds even when PAM is installed. - Report vsftpd version in STAT output. - Add REFS file. - Change parent<->child socket comms from DGRAM to STREAM for increased reliability. The main benefit is should the parent be killed (or crash out) then the child won't block on a read() that will never return. - Make str_reserve reserve space for the trailing zero as well, so we don't cause a reallocation if we exactly fill the buffer. - Optimize the sending of strings over the parent<->child comms links. - Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly compiled out. - Fix vsftpd.conf.5 typos, thanks to Dmitry V. Levin - If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring totally. Thanks to Brad - Lose Makefile.sun and README.solaris special cases. - Add SSL / TLS info to SECURITY texts. - Add README.ssl - Add documentation for new SSL options to vsftpd.conf.5. - Add support for CWD ~ (and in general support ~ at start of any filename). Also support stuff like ~chris/pics, if tilde_user_enable=YES is set. Note that all of this is for very very broken clients :-( - Fix compile warnings. - Update INSTALL with (recent) OS X as a working platform. At this point: v2.0.0 released! =============================== - Add -lcrypto for the SSL build; needed for some systems! Thanks to Nelson Chang - Oops; fix session bale out if an empty length password is given. - Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so). - Fix vsftpd.conf.5 man page error in "ssl_sslv3", thanks to Etienne Chevillard - Clarify licensing: I allow linking of my GPL software with the OpenSSL libraries. Thanks to Jonas Bofjall - Add COPYRIGHT. - Fix build on OpenBSD, FreeBSD, probably NetBSD too (they aren't SuSv2 compliant; timezone should be a variable not a function). - Fix build where PAM build is enabled but PAM headers are missing. - Fix build on RHEL3 (remove errant include from twoprocess.c). At this point: v2.0.1 released! =============================== - Fix FAQ typo, thanks to Jose Santiago Oyervides Gonzalez - Emit data transfer status messages (success / failure) after flushing and waiting for the full data transfer to reach the client. This should help work around buggy FTP clients such as FlashFXP, which is known to truncate files incorrectly. (v2.0.2pre1) - Make str_empty actually allocate an empty string. - Change the ASCII receive code to ONLY rip out \r if it is just before a \n; someone finally complained about this. (v2.0.2pre2) - Enable AIX Large File Support #define from Tomas gren - Add a couple of FAQ entries. - Fix time delta code areas to cope with negative deltas, which will occur if the clock is adjusted backwards. Thanks to Andrew Anderson for a great report. - Fix "errno" checks to be robust in multiple places; previously, calls to failing library calls could be made inbetween the original library call and the "errno" reads. Thanks to Andrew Anderson for a great report. - Make bandwidth limiter work with SSL data connections. (v2.0.2pre3) - Note that the SSL / bandwidth limiter bug fixed a much more serious bug: SSL data connection dropouts after data_connection_timeout seconds. - Typo fixes. At this point: v2.0.2 released! (need to get the SSL dropout fix out) ===================================================================== - Document what regex expressions are supported in the man page. - New settings rsa_private_key_file and dsa_private_key_file to allow separate files for the certificates and private keys. - Initial, simple fix for timed out processes not exiting when SSL is in use. Better fix (which reports timeout to client properly) to follow. - Add which setsockopt option failed to die("setsockopt") calls. - Fix when running on recent OpenBSDs - OpenBSD change broke vsftpd. Lower linger timeout from INT_MAX to 32767 (SHORT_MAX). Reported by Ewoud van der Vliet and Ed Vazquez (v2.0.3pre1) - Fix error with IPv4 connections to IPv6 listeners and PORT type data connections when connect_from_port_20 is set. RedHat bugzilla 134541. Reported by Joe Orton, Radek Vokal and Andreas Kupfer - Remove vsf_sysutil_sockaddr_same_family (unused). - Support protocol 1 (IPv4) in EPRT. - Add ssl.c to AUDIT. - Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list. - Allow "EPSV 1" to mean IPv4 EPSV. - Report dummy IP but correct port with IPv6 / PASV. - Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write; fixes SSL upload failures when data timeouts are in use with some clients. Specifically, I used the test case FileZilla 2.2.12a on Windows XP. Reported by Lee Lawrence (using CuteFTP and BackupEdge) and Christian DELAIR (using lftp, FileZilla and SmartFTP). Thanks to these two people for valuable help. (v2.0.3pre2) - Implicitly disable connect_from_port_20 and chown_uploads when a non-root user is using run_as_launching_user. - Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure anonymous-only solution (useful when you don't have root access and a range of acceptable anonymous passwords as credentials). - Use SSL BIO callbacks to fix data connection timeout checks; the checks weren't all occurring promply. At this point: v2.0.3 released! (need to get about three imporant fixes out) ============================================================================ - Add explicit "This FTP server does not allow anonymous logins" message. - Add paranoid checks to sysutil.c for large values / lengths. - Fix incorrect comment about ASCII and SIZE in the vsftpd.conf example. - Load per-IP config files earlier; allows more settings to be tuned on a per-IP level. Suggested by Reber Tobias - Fix MDTM on non-existant files. Reported by Ken A - {} regex fix so that {*} correctly matches everything. Reported by Tom Van de Wiele - Add "mdtm_write" option to disable MDTM being able to set file timestamps. - Fix HPUX build, thanks to Kevin Vajk - Add optional file locking support via lock_upload_files (default on). - Apply LDFLAGS patch from Mads Martin Joergensen - Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once at startup. - Apply patch to fix timezone issues (caused by chroot() interacting badly with newer glibc versions). Thanks to Dmitry V. Levin and Mads Martin Joergensen At this point: v2.0.4 released! ===============================
2006-01-13 19:12:46 +01:00
.if !empty(PKG_OPTIONS:Mssl)
.include "../../security/openssl/buildlink3.mk"
SUBST_CLASSES+= ssl
Fix tcpwrappers option. Since it is on by default, bump PKGREVISION. From Hironaga KOJIMA in private mail.
2006-01-30 19:07:06 +01:00
SUBST_FILES.ssl= builddefs.h
Update to 2.0.4, based on 2.0.1 update from Ove Soerensen in PR 26811. Add ssl (default off) and tcpwrappers (default on) options. Changes: - Improve logging (log deletes, renames, chmods, etc. as requested by users). - Add no_log_lock to work around Solaris / Veritas locking hangs. - Add EPRT, EPSV, PASV and TVFS to FEAT response. - Implement use of MDTM to set timestamps. - Recognize FEAT prior to login. - Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data connections! Hurrah. - Increase max size of .message files to 4000 characters, thanks to Eric Pancer for the report. - Add easy builddefs.h ability to disable PAM builds even when PAM is installed. - Report vsftpd version in STAT output. - Add REFS file. - Change parent<->child socket comms from DGRAM to STREAM for increased reliability. The main benefit is should the parent be killed (or crash out) then the child won't block on a read() that will never return. - Make str_reserve reserve space for the trailing zero as well, so we don't cause a reallocation if we exactly fill the buffer. - Optimize the sending of strings over the parent<->child comms links. - Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly compiled out. - Fix vsftpd.conf.5 typos, thanks to Dmitry V. Levin - If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring totally. Thanks to Brad - Lose Makefile.sun and README.solaris special cases. - Add SSL / TLS info to SECURITY texts. - Add README.ssl - Add documentation for new SSL options to vsftpd.conf.5. - Add support for CWD ~ (and in general support ~ at start of any filename). Also support stuff like ~chris/pics, if tilde_user_enable=YES is set. Note that all of this is for very very broken clients :-( - Fix compile warnings. - Update INSTALL with (recent) OS X as a working platform. At this point: v2.0.0 released! =============================== - Add -lcrypto for the SSL build; needed for some systems! Thanks to Nelson Chang - Oops; fix session bale out if an empty length password is given. - Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so). - Fix vsftpd.conf.5 man page error in "ssl_sslv3", thanks to Etienne Chevillard - Clarify licensing: I allow linking of my GPL software with the OpenSSL libraries. Thanks to Jonas Bofjall - Add COPYRIGHT. - Fix build on OpenBSD, FreeBSD, probably NetBSD too (they aren't SuSv2 compliant; timezone should be a variable not a function). - Fix build where PAM build is enabled but PAM headers are missing. - Fix build on RHEL3 (remove errant include from twoprocess.c). At this point: v2.0.1 released! =============================== - Fix FAQ typo, thanks to Jose Santiago Oyervides Gonzalez - Emit data transfer status messages (success / failure) after flushing and waiting for the full data transfer to reach the client. This should help work around buggy FTP clients such as FlashFXP, which is known to truncate files incorrectly. (v2.0.2pre1) - Make str_empty actually allocate an empty string. - Change the ASCII receive code to ONLY rip out \r if it is just before a \n; someone finally complained about this. (v2.0.2pre2) - Enable AIX Large File Support #define from Tomas gren - Add a couple of FAQ entries. - Fix time delta code areas to cope with negative deltas, which will occur if the clock is adjusted backwards. Thanks to Andrew Anderson for a great report. - Fix "errno" checks to be robust in multiple places; previously, calls to failing library calls could be made inbetween the original library call and the "errno" reads. Thanks to Andrew Anderson for a great report. - Make bandwidth limiter work with SSL data connections. (v2.0.2pre3) - Note that the SSL / bandwidth limiter bug fixed a much more serious bug: SSL data connection dropouts after data_connection_timeout seconds. - Typo fixes. At this point: v2.0.2 released! (need to get the SSL dropout fix out) ===================================================================== - Document what regex expressions are supported in the man page. - New settings rsa_private_key_file and dsa_private_key_file to allow separate files for the certificates and private keys. - Initial, simple fix for timed out processes not exiting when SSL is in use. Better fix (which reports timeout to client properly) to follow. - Add which setsockopt option failed to die("setsockopt") calls. - Fix when running on recent OpenBSDs - OpenBSD change broke vsftpd. Lower linger timeout from INT_MAX to 32767 (SHORT_MAX). Reported by Ewoud van der Vliet and Ed Vazquez (v2.0.3pre1) - Fix error with IPv4 connections to IPv6 listeners and PORT type data connections when connect_from_port_20 is set. RedHat bugzilla 134541. Reported by Joe Orton, Radek Vokal and Andreas Kupfer - Remove vsf_sysutil_sockaddr_same_family (unused). - Support protocol 1 (IPv4) in EPRT. - Add ssl.c to AUDIT. - Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list. - Allow "EPSV 1" to mean IPv4 EPSV. - Report dummy IP but correct port with IPv6 / PASV. - Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write; fixes SSL upload failures when data timeouts are in use with some clients. Specifically, I used the test case FileZilla 2.2.12a on Windows XP. Reported by Lee Lawrence (using CuteFTP and BackupEdge) and Christian DELAIR (using lftp, FileZilla and SmartFTP). Thanks to these two people for valuable help. (v2.0.3pre2) - Implicitly disable connect_from_port_20 and chown_uploads when a non-root user is using run_as_launching_user. - Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure anonymous-only solution (useful when you don't have root access and a range of acceptable anonymous passwords as credentials). - Use SSL BIO callbacks to fix data connection timeout checks; the checks weren't all occurring promply. At this point: v2.0.3 released! (need to get about three imporant fixes out) ============================================================================ - Add explicit "This FTP server does not allow anonymous logins" message. - Add paranoid checks to sysutil.c for large values / lengths. - Fix incorrect comment about ASCII and SIZE in the vsftpd.conf example. - Load per-IP config files earlier; allows more settings to be tuned on a per-IP level. Suggested by Reber Tobias - Fix MDTM on non-existant files. Reported by Ken A - {} regex fix so that {*} correctly matches everything. Reported by Tom Van de Wiele - Add "mdtm_write" option to disable MDTM being able to set file timestamps. - Fix HPUX build, thanks to Kevin Vajk - Add optional file locking support via lock_upload_files (default on). - Apply LDFLAGS patch from Mads Martin Joergensen - Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once at startup. - Apply patch to fix timezone issues (caused by chroot() interacting badly with newer glibc versions). Thanks to Dmitry V. Levin and Mads Martin Joergensen At this point: v2.0.4 released! ===============================
2006-01-13 19:12:46 +01:00
SUBST_SED.ssl+= -e 's,undef VSF_BUILD_SSL,define VSF_BUILD_SSL,g'
SUBST_SED.ssl+= -e 's,/usr/share/ssl/certs/vsftpd.pem,${SSLCERTS}/vsftpd.pem,g'
SUBST_STAGE.ssl= pre-configure
Improve linkage but not using the crappy shell script from vsftpd, which doesn't work correctly e.g. on Solaris. Make PAM optional, but since the option is on by default, nothing changes. Fix compilation on Solaris based on input from Stefan Pfetzing in PR 33494.
2006-05-16 23:08:50 +02:00
LIBS+= -L${BUILDLINK_PREFIX.openssl}
LIBS+= ${COMPILER_RPATH_FLAG}${BUILDLINK_PREFIX.openssl}
LIBS+= -lssl -lcrypto
Update to 2.0.4, based on 2.0.1 update from Ove Soerensen in PR 26811. Add ssl (default off) and tcpwrappers (default on) options. Changes: - Improve logging (log deletes, renames, chmods, etc. as requested by users). - Add no_log_lock to work around Solaris / Veritas locking hangs. - Add EPRT, EPSV, PASV and TVFS to FEAT response. - Implement use of MDTM to set timestamps. - Recognize FEAT prior to login. - Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data connections! Hurrah. - Increase max size of .message files to 4000 characters, thanks to Eric Pancer for the report. - Add easy builddefs.h ability to disable PAM builds even when PAM is installed. - Report vsftpd version in STAT output. - Add REFS file. - Change parent<->child socket comms from DGRAM to STREAM for increased reliability. The main benefit is should the parent be killed (or crash out) then the child won't block on a read() that will never return. - Make str_reserve reserve space for the trailing zero as well, so we don't cause a reallocation if we exactly fill the buffer. - Optimize the sending of strings over the parent<->child comms links. - Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly compiled out. - Fix vsftpd.conf.5 typos, thanks to Dmitry V. Levin - If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring totally. Thanks to Brad - Lose Makefile.sun and README.solaris special cases. - Add SSL / TLS info to SECURITY texts. - Add README.ssl - Add documentation for new SSL options to vsftpd.conf.5. - Add support for CWD ~ (and in general support ~ at start of any filename). Also support stuff like ~chris/pics, if tilde_user_enable=YES is set. Note that all of this is for very very broken clients :-( - Fix compile warnings. - Update INSTALL with (recent) OS X as a working platform. At this point: v2.0.0 released! =============================== - Add -lcrypto for the SSL build; needed for some systems! Thanks to Nelson Chang - Oops; fix session bale out if an empty length password is given. - Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so). - Fix vsftpd.conf.5 man page error in "ssl_sslv3", thanks to Etienne Chevillard - Clarify licensing: I allow linking of my GPL software with the OpenSSL libraries. Thanks to Jonas Bofjall - Add COPYRIGHT. - Fix build on OpenBSD, FreeBSD, probably NetBSD too (they aren't SuSv2 compliant; timezone should be a variable not a function). - Fix build where PAM build is enabled but PAM headers are missing. - Fix build on RHEL3 (remove errant include from twoprocess.c). At this point: v2.0.1 released! =============================== - Fix FAQ typo, thanks to Jose Santiago Oyervides Gonzalez - Emit data transfer status messages (success / failure) after flushing and waiting for the full data transfer to reach the client. This should help work around buggy FTP clients such as FlashFXP, which is known to truncate files incorrectly. (v2.0.2pre1) - Make str_empty actually allocate an empty string. - Change the ASCII receive code to ONLY rip out \r if it is just before a \n; someone finally complained about this. (v2.0.2pre2) - Enable AIX Large File Support #define from Tomas gren - Add a couple of FAQ entries. - Fix time delta code areas to cope with negative deltas, which will occur if the clock is adjusted backwards. Thanks to Andrew Anderson for a great report. - Fix "errno" checks to be robust in multiple places; previously, calls to failing library calls could be made inbetween the original library call and the "errno" reads. Thanks to Andrew Anderson for a great report. - Make bandwidth limiter work with SSL data connections. (v2.0.2pre3) - Note that the SSL / bandwidth limiter bug fixed a much more serious bug: SSL data connection dropouts after data_connection_timeout seconds. - Typo fixes. At this point: v2.0.2 released! (need to get the SSL dropout fix out) ===================================================================== - Document what regex expressions are supported in the man page. - New settings rsa_private_key_file and dsa_private_key_file to allow separate files for the certificates and private keys. - Initial, simple fix for timed out processes not exiting when SSL is in use. Better fix (which reports timeout to client properly) to follow. - Add which setsockopt option failed to die("setsockopt") calls. - Fix when running on recent OpenBSDs - OpenBSD change broke vsftpd. Lower linger timeout from INT_MAX to 32767 (SHORT_MAX). Reported by Ewoud van der Vliet and Ed Vazquez (v2.0.3pre1) - Fix error with IPv4 connections to IPv6 listeners and PORT type data connections when connect_from_port_20 is set. RedHat bugzilla 134541. Reported by Joe Orton, Radek Vokal and Andreas Kupfer - Remove vsf_sysutil_sockaddr_same_family (unused). - Support protocol 1 (IPv4) in EPRT. - Add ssl.c to AUDIT. - Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list. - Allow "EPSV 1" to mean IPv4 EPSV. - Report dummy IP but correct port with IPv6 / PASV. - Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write; fixes SSL upload failures when data timeouts are in use with some clients. Specifically, I used the test case FileZilla 2.2.12a on Windows XP. Reported by Lee Lawrence (using CuteFTP and BackupEdge) and Christian DELAIR (using lftp, FileZilla and SmartFTP). Thanks to these two people for valuable help. (v2.0.3pre2) - Implicitly disable connect_from_port_20 and chown_uploads when a non-root user is using run_as_launching_user. - Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure anonymous-only solution (useful when you don't have root access and a range of acceptable anonymous passwords as credentials). - Use SSL BIO callbacks to fix data connection timeout checks; the checks weren't all occurring promply. At this point: v2.0.3 released! (need to get about three imporant fixes out) ============================================================================ - Add explicit "This FTP server does not allow anonymous logins" message. - Add paranoid checks to sysutil.c for large values / lengths. - Fix incorrect comment about ASCII and SIZE in the vsftpd.conf example. - Load per-IP config files earlier; allows more settings to be tuned on a per-IP level. Suggested by Reber Tobias - Fix MDTM on non-existant files. Reported by Ken A - {} regex fix so that {*} correctly matches everything. Reported by Tom Van de Wiele - Add "mdtm_write" option to disable MDTM being able to set file timestamps. - Fix HPUX build, thanks to Kevin Vajk - Add optional file locking support via lock_upload_files (default on). - Apply LDFLAGS patch from Mads Martin Joergensen - Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once at startup. - Apply patch to fix timezone issues (caused by chroot() interacting badly with newer glibc versions). Thanks to Dmitry V. Levin and Mads Martin Joergensen At this point: v2.0.4 released! ===============================
2006-01-13 19:12:46 +01:00
.endif
.if !empty(PKG_OPTIONS:Mtcpwrappers)
.include "../../security/tcp_wrappers/buildlink3.mk"
Fix tcpwrappers option. Since it is on by default, bump PKGREVISION. From Hironaga KOJIMA in private mail.
2006-01-30 19:07:06 +01:00
SUBST_CLASSES+= tcpwrappers
SUBST_FILES.tcpwrappers= builddefs.h
SUBST_SED.tcpwrappers+= -e 's,undef VSF_BUILD_TCPWRAPPERS,define VSF_BUILD_TCPWRAPPERS,g'
SUBST_STAGE.tcpwrappers= pre-configure
Improve linkage but not using the crappy shell script from vsftpd, which doesn't work correctly e.g. on Solaris. Make PAM optional, but since the option is on by default, nothing changes. Fix compilation on Solaris based on input from Stefan Pfetzing in PR 33494.
2006-05-16 23:08:50 +02:00
LIBS+= -L${BUILDLINK_PREFIX.tcp_wrappers}
LIBS+= ${COMPILER_RPATH_FLAG}${BUILDLINK_PREFIX.tcp_wrappers}
LIBS+= -lwrap
Update to 2.0.4, based on 2.0.1 update from Ove Soerensen in PR 26811. Add ssl (default off) and tcpwrappers (default on) options. Changes: - Improve logging (log deletes, renames, chmods, etc. as requested by users). - Add no_log_lock to work around Solaris / Veritas locking hangs. - Add EPRT, EPSV, PASV and TVFS to FEAT response. - Implement use of MDTM to set timestamps. - Recognize FEAT prior to login. - Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data connections! Hurrah. - Increase max size of .message files to 4000 characters, thanks to Eric Pancer for the report. - Add easy builddefs.h ability to disable PAM builds even when PAM is installed. - Report vsftpd version in STAT output. - Add REFS file. - Change parent<->child socket comms from DGRAM to STREAM for increased reliability. The main benefit is should the parent be killed (or crash out) then the child won't block on a read() that will never return. - Make str_reserve reserve space for the trailing zero as well, so we don't cause a reallocation if we exactly fill the buffer. - Optimize the sending of strings over the parent<->child comms links. - Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly compiled out. - Fix vsftpd.conf.5 typos, thanks to Dmitry V. Levin - If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring totally. Thanks to Brad - Lose Makefile.sun and README.solaris special cases. - Add SSL / TLS info to SECURITY texts. - Add README.ssl - Add documentation for new SSL options to vsftpd.conf.5. - Add support for CWD ~ (and in general support ~ at start of any filename). Also support stuff like ~chris/pics, if tilde_user_enable=YES is set. Note that all of this is for very very broken clients :-( - Fix compile warnings. - Update INSTALL with (recent) OS X as a working platform. At this point: v2.0.0 released! =============================== - Add -lcrypto for the SSL build; needed for some systems! Thanks to Nelson Chang - Oops; fix session bale out if an empty length password is given. - Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so). - Fix vsftpd.conf.5 man page error in "ssl_sslv3", thanks to Etienne Chevillard - Clarify licensing: I allow linking of my GPL software with the OpenSSL libraries. Thanks to Jonas Bofjall - Add COPYRIGHT. - Fix build on OpenBSD, FreeBSD, probably NetBSD too (they aren't SuSv2 compliant; timezone should be a variable not a function). - Fix build where PAM build is enabled but PAM headers are missing. - Fix build on RHEL3 (remove errant include from twoprocess.c). At this point: v2.0.1 released! =============================== - Fix FAQ typo, thanks to Jose Santiago Oyervides Gonzalez - Emit data transfer status messages (success / failure) after flushing and waiting for the full data transfer to reach the client. This should help work around buggy FTP clients such as FlashFXP, which is known to truncate files incorrectly. (v2.0.2pre1) - Make str_empty actually allocate an empty string. - Change the ASCII receive code to ONLY rip out \r if it is just before a \n; someone finally complained about this. (v2.0.2pre2) - Enable AIX Large File Support #define from Tomas gren - Add a couple of FAQ entries. - Fix time delta code areas to cope with negative deltas, which will occur if the clock is adjusted backwards. Thanks to Andrew Anderson for a great report. - Fix "errno" checks to be robust in multiple places; previously, calls to failing library calls could be made inbetween the original library call and the "errno" reads. Thanks to Andrew Anderson for a great report. - Make bandwidth limiter work with SSL data connections. (v2.0.2pre3) - Note that the SSL / bandwidth limiter bug fixed a much more serious bug: SSL data connection dropouts after data_connection_timeout seconds. - Typo fixes. At this point: v2.0.2 released! (need to get the SSL dropout fix out) ===================================================================== - Document what regex expressions are supported in the man page. - New settings rsa_private_key_file and dsa_private_key_file to allow separate files for the certificates and private keys. - Initial, simple fix for timed out processes not exiting when SSL is in use. Better fix (which reports timeout to client properly) to follow. - Add which setsockopt option failed to die("setsockopt") calls. - Fix when running on recent OpenBSDs - OpenBSD change broke vsftpd. Lower linger timeout from INT_MAX to 32767 (SHORT_MAX). Reported by Ewoud van der Vliet and Ed Vazquez (v2.0.3pre1) - Fix error with IPv4 connections to IPv6 listeners and PORT type data connections when connect_from_port_20 is set. RedHat bugzilla 134541. Reported by Joe Orton, Radek Vokal and Andreas Kupfer - Remove vsf_sysutil_sockaddr_same_family (unused). - Support protocol 1 (IPv4) in EPRT. - Add ssl.c to AUDIT. - Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list. - Allow "EPSV 1" to mean IPv4 EPSV. - Report dummy IP but correct port with IPv6 / PASV. - Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write; fixes SSL upload failures when data timeouts are in use with some clients. Specifically, I used the test case FileZilla 2.2.12a on Windows XP. Reported by Lee Lawrence (using CuteFTP and BackupEdge) and Christian DELAIR (using lftp, FileZilla and SmartFTP). Thanks to these two people for valuable help. (v2.0.3pre2) - Implicitly disable connect_from_port_20 and chown_uploads when a non-root user is using run_as_launching_user. - Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure anonymous-only solution (useful when you don't have root access and a range of acceptable anonymous passwords as credentials). - Use SSL BIO callbacks to fix data connection timeout checks; the checks weren't all occurring promply. At this point: v2.0.3 released! (need to get about three imporant fixes out) ============================================================================ - Add explicit "This FTP server does not allow anonymous logins" message. - Add paranoid checks to sysutil.c for large values / lengths. - Fix incorrect comment about ASCII and SIZE in the vsftpd.conf example. - Load per-IP config files earlier; allows more settings to be tuned on a per-IP level. Suggested by Reber Tobias - Fix MDTM on non-existant files. Reported by Ken A - {} regex fix so that {*} correctly matches everything. Reported by Tom Van de Wiele - Add "mdtm_write" option to disable MDTM being able to set file timestamps. - Fix HPUX build, thanks to Kevin Vajk - Add optional file locking support via lock_upload_files (default on). - Apply LDFLAGS patch from Mads Martin Joergensen - Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once at startup. - Apply patch to fix timezone issues (caused by chroot() interacting badly with newer glibc versions). Thanks to Dmitry V. Levin and Mads Martin Joergensen At this point: v2.0.4 released! ===============================
2006-01-13 19:12:46 +01:00
.endif
Reference in a new issue Copy permalink