From 0be9cd49393ec1666cc7aab3ef948cbc83a9a346 Mon Sep 17 00:00:00 2001 From: tm Date: Sat, 16 Oct 2021 19:46:41 +0000 Subject: [PATCH] Update proftpd to 1.3.7c 1.3.7c + Fix memory disclosure to RADIUS servers by mod_radius (Issue #1284). + PCRE expressions with capture groups were not being handled properly (Issue #1300). 1.3.7b + Fixed occasional segfaults with FTPS data transfers using TLSv1.3, when session tickets cannot be decrypted (Issue #1063). + Passive transfers fail unexpectedly due to use of SO_REUSEPORT socket option (Issue #1171). + Implemented support for Redis 6.x AUTH semantics (Issue #1070). + Fixed memory use-after-free issue in mod_sftp which can cause unexpected login/authentication issues. + Fixed SQL syntax regression for some generated SQL statements (Issue #1149). + Fixed "Corrupted MAC on inptut" errors when SFTP uses the umac-64@openssh.com digest (Issue #1111). 1.3.7a + Fix build-time regression when using the --localstatedir configure option. 1.3.7 + Support the SOURCE_DATE_EPOCH environment variable, for reproducible builds (Issue #1038). 1.3.7rc4 + Implemented support for configuring certificate options for LDAP connections using SSL/TLS. + Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959). + Fixed handling of IPv6 addresses in From directives (Issue #682). + Added -b and -n command-line options to ftptop. + Ignore supplemental groups when run as non-root user (Issue #808). + Use re-entrant versions of time functions where available (Issue #983). + New Configuration Directives BanOptions The BanOptions directive is used to tune mod_ban behavior, such as creating ban entries that match/apply to all sections. See doc/contrib/mod_ban.html#BanOptions for more details. LDAPUseSASL The LDAPUseSASL directive configures a list of SASL authentication mechanisms to use, when using the LDAPBindDN to bind to the LDAP server. See doc/contrib/mod_ldap.html#LDAPUseSASL for details. LogOptions The LogOptions directive is used to modify the default logging format for ProFTPD syslog, debug, and module logging. See doc/modules/mod_log.html#LogOptions for more information. SQLKeepAlive The SQLKeepAlive directive configures a periodic "keepalive" query for ensuring the connection between mod_sql and the backend database server. See doc/contrib/mod_sql.html#SQLKeepAlive for more information. + Changed Configuration Directives LDAPServer The LDAPServer directive now supports configuring the trusted CA file, client certificate and key files, SSL ciphers, and verification policies for LDAP connections. See doc/contrib/mod_ldap.html#LDAPServer for more details. TraceOptions The TraceOptions directive now supports a "Timestamp" option, for disabling inclusion of timestamps in Trace logs. + Developer notes When MaxLoginAttempts is reach, the POST_CMD_ERR/LOG_CMD_ERR command handler phases will now run. This allows interested modules, such as mod_exec and others, to react to these events (Issue #718). 1.3.7rc3 + Fixed regression in directory listing latency (Issue #863). + Fixed use-after-free vulnerability during data transfers (Issue #903). + Addressed out-of-bounds read in mod_cap by removing bundled libcap, and relying solely on the system-provided libcap (Issue #902). Note that building ProFTPD from source will *not* automatically include the mod_cap module, unless the libcap library is available. + mod_sftp now supports OpenSSH-specific private host keys (Issue #793). Newer versions of OpenSSH ssh-keygen(1) automatically generate private keys formatted with this OpenSSH-specific format. + mod_sftp now supports Ed25519 keys (Bug #4221). + mod_sftp now supports RSA SHA-2 publickey signatures, per RFC 8332 (Issue #907). + mod_tls now honors client-provided SNI as part of the TLS handshake, for implementing name-based virtual hosts via TLS SNI. + Changed Configuration Directives LogFormat %{transfer-port} The LogFormat directive supports a %{transfer-port} variable for logging the selected data transfer port. SFTPOptions NoExtensionNegotiation The mod_sftp module now supports SSH extension negotations (RFC 8332). If there any issues with this support, it can be disabled using: SFTPOptions NoExtensionNegotiation SQLAuthTypes bcrypt The mod_sql_passwd module now supports bcrypt-encrypted passwords. This can be enabled using: SQLAuthTypes bcrypt in your mod_sql configuration. See doc/contrib/mod_sql_password.html for more information. TLSOption IgnoreSNI The TLSOption directive now supports an "IgnoreSNI" setting, to tell mod_tls to ignore/not use any SNI, provided by the client in the TLS handshake, for determining any name-based virtual hosts. See doc/contrib/mod_tls.html#TLSOption for more details. + Added API FSIO pread(2), pwrite(2) (Issue#317) 1.3.7rc2 + Fixed pre-authentication remote denial-of-service issue (Issue #846, CVE-2019-18217). 1.3.7rc1 + RootRevoke is now on by default, meaning that once authentication succeeds, all root privileges are dropped by default, unless the UserOwner directive (which requires root privileges) is used (Bug#4241). + The mod_ident module is no longer automatically built by default. To include the mod_ident module in the build, it must be explicitly requested via --enable-ident or --with-shared=mod_ident. This means that configuration files using the IdentLookups directive will now want to using an enclosing section, like so: IdentLookups off + The mod_tls module now performs basic sanity checks of configured TLS files on startup (Issue#491). + The mod_deflate module now supports MODE Z data transfers when TLS is used (Issue#505). + The mod_xfer module now supports the RANG FTP command; see https://tools.ietf.org/html/draft-bryan-ftp-range-08 (Issue#351). + The ftpasswd script now supports a --change-home option, for changing the home directory of a user in an AuthUserFile (Issue#566). + The ftpasswd script supports deleting a user from a group (Issue#620). + Refactored the LogFormat handling code so that it is not longer duplicated by mod_log, mod_sql, etc. The new Jot API is the common API to be used by modules for LogFormat variables and logging. + Generated new DH parameters for mod_sftp, mod_tls. + New Configuration Directives AuthFileOptions The mod_auth_file module supports a configuration directive for disabling its requirement for secure permissions on configured AuthUserFile/AuthGroupFile. See doc/modules/mod_auth_file.html#AuthFileOptions for information. RedisLogOnEvent The mod_redis module can be configured to log JSON messages based on specified events (Issue#392). See the doc/modules/mod_redis.html#RedisLogOnEvent documentation for details. RedisOptions The mod_redis module now implements a RedisOptions directive, for tuning some of the module behavior (Issue#477). The doc/modules/mod_redis.html#RedisOptions documentation has more details. RedisSentinel The mod_redis module now supports use of Redis Sentinels (Issue#396); see doc/modules/mod_redis.html#RedisSentinel. + Changed Configuration Directives AllowForeignAddress class-name The AllowForeignAddress directive supports a Class name, for finer-grained control over which clients are allowed to use foreign/mismatching IP addresses for transfers. See doc/modules/mod_core.html#AllowForeignAddress for more information. ExecEnviron %b The ExecEnviron directive has been fixed to properly resolve the %b LogFormat variable (Issue#515). RedisServer db-index (Issue#550) The mod_redis module can now be configured to select a database index via the RedisServer directive (Issue#550). See the doc/modules/mod_redis.html#RedisServer documentation for details. RewriteMap idnatrans The mod_rewrite module can now support rewriting `idn` to `idna` formats (Issue#231). See the doc/modules/mod_rewrite#RewriteMap for details on how to do so. RootRevoke on The RootRevoke directive is now enabled by default (Bug#4241). This makes for more secure configurations/sessions out-of-the-box. See doc/modules/mod_auth.html#RootRevoke for more information. SFTPCiphers, SFTPDigests Some weak algorithms are now disabled by default in mod_sftp (Bug#4279). These algorithms, if need be, can be explicitly enabled by configuration; they are just not enabled automatically. For list of the algorithms affected, see doc/contrib/mod_sftp.html#SFTPCiphers, doc/contrib/mod_sftp.html#SFTPDigests. SFTPOptions IncludeSFTPTimes The SFTOptions directive of mod_sftp now supports an option for explicitly including the timestamps of files when SFTP protocol 4 and higher are used, even if the SFTP client did not request these timestamps. This works around a bug in the popular Rebex SFTP library; see doc/contrib/mod_sftp.html#SFTPOptions for details. TLSProtocol TLSv1.3 The mod_tls module, and its TLSProtocol directive, now support TLSv1.3 (Issue#536). See doc/contrib/mod_tls.html#TLSProtocol for more information. TLSServerCipherPreference The TLSServerCipherPreference directive is now enabled by default. See doc/contrib/mod_tls.html#TLSServerCipherPrefrence. TLSStaplingOptions NoFakeTryLater Some TLS clients have trouble with the "fake" OCSP response that mod_tls might stable, when the client requested stapled OCSP responses and mod_tls is unable to contact the OCSP responder. Use this option to disable such fake responses (Issue#518): TLSStaplingOptions NoFakeTryLater See doc/contrib/mod_tls.html#TLSStaplingOptions for details. + Removed Configuration Directives The following directives have been removed: GroupPassword LoginPasswordPrompt TransferPriority --- net/proftpd/Makefile | 6 ++-- net/proftpd/Makefile.common | 7 +++-- net/proftpd/Makefile.module | 4 +-- net/proftpd/PLIST | 17 ++++++----- net/proftpd/distinfo | 8 ++--- net/proftpd/patches/patch-Make.rules.in | 12 ++++---- net/proftpd/patches/patch-Makefile.in | 16 +++++----- net/proftpd/patches/patch-configure.in | 19 +++++++++--- .../patch-contrib_mod__load_configure.in | 16 +++++----- .../patch-contrib_mod__load_mod__load.c | 6 ++-- .../patch-contrib_mod__load_mod__load.h.in | 6 ++-- .../patch-contrib_mod__sftp_Makefile.in | 14 ++++----- net/proftpd/patches/patch-include_pfilter.h | 10 ++++--- net/proftpd/patches/patch-src_main.c | 18 +++++------ net/proftpd/patches/patch-src_pfilter.c | 10 ++++--- net/proftpd/patches/patch-src_pidfile.c | 30 +++++++++++++++++++ 16 files changed, 127 insertions(+), 72 deletions(-) create mode 100644 net/proftpd/patches/patch-src_pidfile.c diff --git a/net/proftpd/Makefile b/net/proftpd/Makefile index 7ea438b096c9..d9f6a59ed04d 100644 --- a/net/proftpd/Makefile +++ b/net/proftpd/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.92 2021/05/24 19:53:36 wiz Exp $ +# $NetBSD: Makefile,v 1.93 2021/10/16 19:46:41 tm Exp $ #PKGREVISION= 2 -PKGREVISION= 2 .include "../../net/proftpd/Makefile.common" COMMENT= Highly configurable FTP server software @@ -55,8 +54,7 @@ INSTALLATION_DIRS+= share/doc/proftpd INSTALLATION_DIRS+= share/examples/proftpd post-install: -.for i in NEWS README.md README.IPv6 README.LDAP README.PAM README.capabilities \ - README.classes README.controls README.facl README.modules +.for i in NEWS README.md README.LDAP README.modules ${INSTALL_DATA} ${WRKSRC}/${i} ${DESTDIR}${PREFIX}/share/doc/proftpd .endfor .for i in Configuration.html faq.html license.txt diff --git a/net/proftpd/Makefile.common b/net/proftpd/Makefile.common index e5aedc305c9c..47baec365c74 100644 --- a/net/proftpd/Makefile.common +++ b/net/proftpd/Makefile.common @@ -1,9 +1,9 @@ -# $NetBSD: Makefile.common,v 1.12 2020/05/10 14:22:48 rillig Exp $ +# $NetBSD: Makefile.common,v 1.13 2021/10/16 19:46:41 tm Exp $ # used by net/proftpd/Makefile # used by net/proftpd/Makefile.module -DISTNAME= proftpd-1.3.6c +DISTNAME= proftpd-1.3.7c CATEGORIES= net MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ MASTER_SITES+= ftp://ftp.servus.at/ProFTPD/distrib/source/ @@ -36,6 +36,9 @@ CONFIGURE_ARGS+= --enable-dso CONFIGURE_ENV+= install_group=${ROOT_GROUP} CONFIGURE_ENV+= install_user=${ROOT_USER} +CFLAGS.SunOS+= -D_POSIX_PTHREAD_SEMANTICS +CFLAGS.SunOS+= -Du_int64_t=uint64_t -Du_int32_t=uint32_t -Du_int16_t=uint16_t -Du_int8_t=uint8_t + BUILD_DEFS+= VARBASE CHECK_SHLIBS_SKIP= libexec/proftpd/*.a diff --git a/net/proftpd/Makefile.module b/net/proftpd/Makefile.module index 8adf76d6ca85..0ef4bdbfec01 100644 --- a/net/proftpd/Makefile.module +++ b/net/proftpd/Makefile.module @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.module,v 1.1 2015/09/25 10:01:37 wiedi Exp $ +# $NetBSD: Makefile.module,v 1.2 2021/10/16 19:46:42 tm Exp $ # used by net/proftpd-geoip/Makefile # used by net/proftpd-ldap/Makefile @@ -19,4 +19,4 @@ DEPENDS+= proftpd>=${PKGVERSION_NOREV}:../../net/proftpd CPPFLAGS+= -I${WRKSRC}/include -I${WRKSRC}/contrib pre-build: - cd ${WRKSRC} && ${MAKE} include/buildstamp.h + cd ${WRKSRC} && ${GMAKE} include/buildstamp.h diff --git a/net/proftpd/PLIST b/net/proftpd/PLIST index 5861fc8eaace..aea25c3f572c 100644 --- a/net/proftpd/PLIST +++ b/net/proftpd/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.28 2019/10/07 19:29:47 christos Exp $ +@comment $NetBSD: PLIST,v 1.29 2021/10/16 19:46:42 tm Exp $ bin/ftpasswd bin/ftpcount bin/ftpdctl @@ -7,6 +7,7 @@ bin/ftpquota bin/ftptop bin/ftpwho bin/prxs +include/proftpd/acconfig.h include/proftpd/ascii.h include/proftpd/auth.h include/proftpd/bindings.h @@ -26,6 +27,7 @@ include/proftpd/dirtree.h include/proftpd/display.h include/proftpd/encode.h include/proftpd/env.h +include/proftpd/error.h include/proftpd/event.h include/proftpd/expr.h include/proftpd/feat.h @@ -37,6 +39,7 @@ include/proftpd/hanson-tpl.h include/proftpd/help.h include/proftpd/ident.h include/proftpd/inet.h +include/proftpd/jot.h include/proftpd/json.h include/proftpd/lastlog.h include/proftpd/libsupp.h @@ -56,7 +59,9 @@ include/proftpd/modules.h include/proftpd/netacl.h include/proftpd/netaddr.h include/proftpd/netio.h +include/proftpd/openbsd-blowfish.h include/proftpd/options.h +include/proftpd/os.h include/proftpd/parser.h include/proftpd/pfilter.h include/proftpd/pidfile.h @@ -65,6 +70,7 @@ include/proftpd/pr-syslog.h include/proftpd/privs.h include/proftpd/proctitle.h include/proftpd/proftpd.h +include/proftpd/random.h include/proftpd/redis.h include/proftpd/regexp.h include/proftpd/response.h @@ -135,14 +141,8 @@ sbin/in.proftpd sbin/proftpd share/doc/proftpd/Configuration.html share/doc/proftpd/NEWS -share/doc/proftpd/README.md -share/doc/proftpd/README.IPv6 share/doc/proftpd/README.LDAP -share/doc/proftpd/README.PAM -share/doc/proftpd/README.capabilities -share/doc/proftpd/README.classes -share/doc/proftpd/README.controls -share/doc/proftpd/README.facl +share/doc/proftpd/README.md share/doc/proftpd/README.modules share/doc/proftpd/faq.html share/doc/proftpd/license.txt @@ -165,3 +165,4 @@ share/locale/ru_RU/LC_MESSAGES/proftpd.mo share/locale/zh_CN/LC_MESSAGES/proftpd.mo share/locale/zh_TW/LC_MESSAGES/proftpd.mo @pkgdir lib/proftpd +@pkgdir etc diff --git a/net/proftpd/distinfo b/net/proftpd/distinfo index a33a4bfd521e..23f4428f9250 100644 --- a/net/proftpd/distinfo +++ b/net/proftpd/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.52 2021/10/07 14:42:22 nia Exp $ +$NetBSD: distinfo,v 1.53 2021/10/16 19:46:42 tm Exp $ -RMD160 (proftpd-1.3.6c.tar.gz) = 0fcb3453fef0c5a25b9605940b5840eacead8f40 -SHA512 (proftpd-1.3.6c.tar.gz) = 9b10e603b26d527b594682a4905e70dc0a8361372ed80a8e2617167305047bf94ea16b441f9d5782ae04dd50768d32e12f9cb68708c1f80dcd219b09e0d4fd15 -Size (proftpd-1.3.6c.tar.gz) = 20271908 bytes +RMD160 (proftpd-1.3.7c.tar.gz) = e51b3c2350d027c60a83552078802c99f09fad1e +SHA512 (proftpd-1.3.7c.tar.gz) = f9268e521e68cebaf1947cbfe1cc57f282ea09d59410c1722cd9a68c99d643b90b837c1fa840fdb894597c7429b0eb62bc4ac324915ffac04366daa2f104e88d +Size (proftpd-1.3.7c.tar.gz) = 20428648 bytes SHA1 (patch-Make.rules.in) = 4689fcb4aff5c9b3a2e47a43b93e76101d54e812 SHA1 (patch-Makefile.in) = 332dcd9d773770c10d876dc9da1dc7f6b1c15421 SHA1 (patch-configure.in) = ed8e190a89cbfc3276d9e77f0bbb624f6d19f816 diff --git a/net/proftpd/patches/patch-Make.rules.in b/net/proftpd/patches/patch-Make.rules.in index f9225f147205..85692fca7f26 100644 --- a/net/proftpd/patches/patch-Make.rules.in +++ b/net/proftpd/patches/patch-Make.rules.in @@ -1,8 +1,10 @@ ---- Make.rules.in.orig 2015-05-27 20:25:54.000000000 -0400 -+++ Make.rules.in 2016-01-25 21:48:47.000000000 -0500 ---- Make.rules.in.orig 2017-04-10 02:31:02.000000000 +0000 -+++ Make.rules.in -@@ -113,3 +113,6 @@ BUILD_FTPTOP_OBJS=utils/ftptop.o utils/s +$NetBSD: patch-Make.rules.in,v 1.3 2021/10/16 19:46:42 tm Exp $ + +Add pfilter objects. + +--- Make.rules.in.orig Mon Aug 30 00:22:56 2021 ++++ Make.rules.in Fri Oct 15 10:32:05 2021 +@@ -114,3 +114,6 @@ FTPWHO_OBJS=ftpwho.o scoreboard.o misc.o BUILD_FTPWHO_OBJS=utils/ftpwho.o utils/scoreboard.o utils/misc.o diff --git a/net/proftpd/patches/patch-Makefile.in b/net/proftpd/patches/patch-Makefile.in index 01434382bdb3..28dad4201f9b 100644 --- a/net/proftpd/patches/patch-Makefile.in +++ b/net/proftpd/patches/patch-Makefile.in @@ -1,13 +1,13 @@ -$NetBSD: patch-Makefile.in,v 1.1 2015/07/13 15:39:27 he Exp $ +$NetBSD: patch-Makefile.in,v 1.2 2021/10/16 19:46:42 tm Exp $ Make this pkgsrc friendly. Linking ftpdctl does not (seem to) require all the libraries needed for various proftpd modules. It definitely cannot include -lwrap. ---- Makefile.in.orig 2015-05-28 00:25:54.000000000 +0000 -+++ Makefile.in -@@ -59,7 +59,7 @@ ftpcount$(EXEEXT): lib utils +--- Makefile.in.orig Tue Jul 21 17:25:51 2020 ++++ Makefile.in Fri Oct 15 09:18:04 2021 +@@ -77,7 +77,7 @@ $(CC) $(LDFLAGS) -o $@ $(BUILD_FTPCOUNT_OBJS) $(UTILS_LIBS) ftpdctl$(EXEEXT): lib src @@ -16,12 +16,12 @@ various proftpd modules. It definitely cannot include -lwrap. ftpscrub$(EXEEXT): lib utils $(CC) $(LDFLAGS) -o $@ $(BUILD_FTPSCRUB_OBJS) $(UTILS_LIBS) -@@ -178,7 +178,7 @@ install-man: $(DESTDIR)$(mandir) $(DESTD - $(INSTALL_MAN) $(top_srcdir)/src/proftpd.conf.5 $(DESTDIR)$(mandir)/man5 - $(INSTALL_MAN) $(top_srcdir)/src/xferlog.5 $(DESTDIR)$(mandir)/man5 +@@ -196,7 +196,7 @@ + $(INSTALL_MAN) $(top_builddir)/src/proftpd.conf.5 $(DESTDIR)$(mandir)/man5 + $(INSTALL_MAN) $(top_builddir)/src/xferlog.5 $(DESTDIR)$(mandir)/man5 -install-all: install-proftpd install-modules install-utils install-conf install-man install-libs install-headers install-pkgconfig install-locales $(INSTALL_DEPS) +install-all: install-proftpd install-modules install-utils install-man install-libs install-headers install-pkgconfig install-locales $(INSTALL_DEPS) - install: all install-all + install: $(BUILD_BIN) install-all diff --git a/net/proftpd/patches/patch-configure.in b/net/proftpd/patches/patch-configure.in index 44c8d05ab840..5c2d7f557424 100644 --- a/net/proftpd/patches/patch-configure.in +++ b/net/proftpd/patches/patch-configure.in @@ -1,8 +1,19 @@ -$NetBSD: patch-configure.in,v 1.1 2019/10/13 19:52:47 maya Exp $ +$NetBSD: patch-configure.in,v 1.2 2021/10/16 19:46:42 tm Exp $ ---- configure.in.orig 2017-04-10 02:31:02.000000000 +0000 -+++ configure.in -@@ -2836,6 +2836,12 @@ AC_TRY_RUN( +Test if blacklistd supported. + +--- configure.in.orig Tue Jul 21 17:25:51 2020 ++++ configure.in Fri Oct 15 09:41:18 2021 +@@ -2800,7 +2800,7 @@ + AC_DEFINE(PR_USE_NONBLOCKING_LOG_OPEN, 1, [Define if using nonblocking open of log files]) + fi + +-if test x"$enable_ident" == xyes ; then ++if test x"$enable_ident" = xyes ; then + ac_static_modules="mod_ident.o $ac_static_modules" + ac_build_static_modules="modules/mod_ident.o $ac_build_static_modules" + fi +@@ -2949,6 +2949,12 @@ AC_MSG_RESULT(cross-compiling); AC_DEFINE(HAVE_LU, 1, [Define if you have %lu support]) ) diff --git a/net/proftpd/patches/patch-contrib_mod__load_configure.in b/net/proftpd/patches/patch-contrib_mod__load_configure.in index 4dd739f0c2f7..346284022bc1 100644 --- a/net/proftpd/patches/patch-contrib_mod__load_configure.in +++ b/net/proftpd/patches/patch-contrib_mod__load_configure.in @@ -1,13 +1,15 @@ -$NetBSD: patch-contrib_mod__load_configure.in,v 1.1 2019/12/09 19:22:57 nros Exp $ -* solaris and derivates has loadavg in sys/loadavg.h ---- contrib/mod_load/configure.in.orig 2019-12-09 18:12:06.479685628 +0000 -+++ contrib/mod_load/configure.in -@@ -63,7 +63,7 @@ AC_ARG_WITH(libraries, +$NetBSD: patch-contrib_mod__load_configure.in,v 1.2 2021/10/16 19:46:42 tm Exp $ + +Solaris and derivates has loadavg in sys/loadavg.h + +--- contrib/mod_load/configure.in.orig Tue Jul 21 17:25:51 2020 ++++ contrib/mod_load/configure.in Fri Oct 15 09:22:45 2021 +@@ -63,7 +63,7 @@ ]) AC_HEADER_STDC -AC_CHECK_HEADERS(stdlib.h unistd.h limits.h fcntl.h) +AC_CHECK_HEADERS(stdlib.h unistd.h limits.h fcntl.h sys/loadavg.h) - AC_SUBST(LDFLAGS) - + dnl _Must_ come before AC_FUNC_GETLOADAVG + AC_CHECK_LIB(kstat, kstat_open) diff --git a/net/proftpd/patches/patch-contrib_mod__load_mod__load.c b/net/proftpd/patches/patch-contrib_mod__load_mod__load.c index 8cc4251e0e5e..8cd8a94e00b7 100644 --- a/net/proftpd/patches/patch-contrib_mod__load_mod__load.c +++ b/net/proftpd/patches/patch-contrib_mod__load_mod__load.c @@ -1,5 +1,7 @@ -$NetBSD: patch-contrib_mod__load_mod__load.c,v 1.2 2019/12/19 12:52:28 nros Exp $ -* solaris and derivates has loadavg in sys/loadavg.h +$NetBSD: patch-contrib_mod__load_mod__load.c,v 1.3 2021/10/16 19:46:42 tm Exp $ + +Solaris and derivates has loadavg in sys/loadavg.h + --- contrib/mod_load/mod_load.c.orig 2017-04-10 02:31:02.000000000 +0000 +++ contrib/mod_load/mod_load.c @@ -49,6 +49,10 @@ diff --git a/net/proftpd/patches/patch-contrib_mod__load_mod__load.h.in b/net/proftpd/patches/patch-contrib_mod__load_mod__load.h.in index 15eb6fb9c0c1..ceba3734917d 100644 --- a/net/proftpd/patches/patch-contrib_mod__load_mod__load.h.in +++ b/net/proftpd/patches/patch-contrib_mod__load_mod__load.h.in @@ -1,5 +1,7 @@ -$NetBSD: patch-contrib_mod__load_mod__load.h.in,v 1.1 2019/12/09 19:22:57 nros Exp $ -* solaris and derivates has loadavg in sys/loadavg.h +$NetBSD: patch-contrib_mod__load_mod__load.h.in,v 1.2 2021/10/16 19:46:42 tm Exp $ + +Solaris and derivates has loadavg in sys/loadavg.h + --- contrib/mod_load/mod_load.h.in.orig 2019-12-09 18:10:43.656037132 +0000 +++ contrib/mod_load/mod_load.h.in @@ -51,6 +51,9 @@ diff --git a/net/proftpd/patches/patch-contrib_mod__sftp_Makefile.in b/net/proftpd/patches/patch-contrib_mod__sftp_Makefile.in index 77b1af80a217..496e509ab145 100644 --- a/net/proftpd/patches/patch-contrib_mod__sftp_Makefile.in +++ b/net/proftpd/patches/patch-contrib_mod__sftp_Makefile.in @@ -1,15 +1,15 @@ -$NetBSD: patch-contrib_mod__sftp_Makefile.in,v 1.1 2015/09/25 10:01:37 wiedi Exp $ +$NetBSD: patch-contrib_mod__sftp_Makefile.in,v 1.2 2021/10/16 19:46:42 tm Exp $ Install mod_sftp misc files into examples folder ---- contrib/mod_sftp/Makefile.in.orig 2015-05-28 00:25:54.000000000 +0000 -+++ contrib/mod_sftp/Makefile.in -@@ -46,8 +46,9 @@ install: install-misc - fi +--- contrib/mod_sftp/Makefile.in.orig Tue Jul 21 17:25:51 2020 ++++ contrib/mod_sftp/Makefile.in Fri Oct 15 09:25:08 2021 +@@ -73,8 +73,9 @@ + $(INSTALL_MAN) $(MODULE_NAME).h $(DESTDIR)$(includedir)/proftpd/$(MODULE_NAME).h install-misc: -- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 dhparams.pem $(DESTDIR)$(sysconfdir)/dhparams.pem -- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 blacklist.dat $(DESTDIR)$(sysconfdir)/blacklist.dat +- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 $(top_srcdir)/dhparams.pem $(DESTDIR)$(sysconfdir)/dhparams.pem +- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 $(top_srcdir)/blacklist.dat $(DESTDIR)$(sysconfdir)/blacklist.dat + $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/share/examples/proftpd + $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 dhparams.pem $(DESTDIR)$(PREFIX)/share/examples/proftpd/dhparams.pem + $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 blacklist.dat $(DESTDIR)$(PREFIX)/share/examples/proftpd/blacklist.dat diff --git a/net/proftpd/patches/patch-include_pfilter.h b/net/proftpd/patches/patch-include_pfilter.h index 9cd2087ba3db..866fe7bbee3b 100644 --- a/net/proftpd/patches/patch-include_pfilter.h +++ b/net/proftpd/patches/patch-include_pfilter.h @@ -1,7 +1,9 @@ ---- /dev/null 2016-01-22 17:30:55.000000000 -0500 -+++ include/pfilter.h 2016-01-22 16:18:33.000000000 -0500 ---- include/pfilter.h.orig 2019-10-13 19:47:58.412725364 +0000 -+++ include/pfilter.h +$NetBSD: patch-include_pfilter.h,v 1.3 2021/10/16 19:46:42 tm Exp $ + +Add packet filter + +--- /dev/null Fri Oct 15 10:32:05 2021 ++++ include/pfilter.h Fri Oct 15 10:32:05 2021 @@ -0,0 +1,3 @@ + +void pfilter_notify(int); diff --git a/net/proftpd/patches/patch-src_main.c b/net/proftpd/patches/patch-src_main.c index cf34663b1615..91a4c0ad335c 100644 --- a/net/proftpd/patches/patch-src_main.c +++ b/net/proftpd/patches/patch-src_main.c @@ -1,18 +1,18 @@ -$NetBSD: patch-src_main.c,v 1.1 2019/10/07 19:29:47 christos Exp $ +$NetBSD: patch-src_main.c,v 1.2 2021/10/16 19:46:42 tm Exp $ Add packet filter ---- src/main.c.orig 2017-04-09 22:31:02.000000000 -0400 -+++ src/main.c 2019-10-07 15:09:12.516004304 -0400 +--- src/main.c.orig Tue Jul 21 17:25:51 2020 ++++ src/main.c Fri Oct 15 09:29:42 2021 @@ -41,6 +41,7 @@ #endif #include "privs.h" +#include "pfilter.h" - int (*cmd_auth_chk)(cmd_rec *); - void (*cmd_handler)(server_rec *, conn_t *); -@@ -1089,6 +1090,7 @@ + #ifdef PR_USE_OPENSSL + # include +@@ -1116,6 +1117,7 @@ pid_t pid; sigset_t sig_set; @@ -20,13 +20,13 @@ Add packet filter if (no_fork == FALSE) { /* A race condition exists on heavily loaded servers where the parent -@@ -1206,7 +1208,8 @@ +@@ -1233,7 +1235,8 @@ /* Reseed pseudo-randoms */ - srand((unsigned int) (time(NULL) * getpid())); + pr_random_init(); - +#else -+ pfilter_init(); ++ pfilter_init(); #endif /* PR_DEVEL_NO_FORK */ /* Child is running here */ diff --git a/net/proftpd/patches/patch-src_pfilter.c b/net/proftpd/patches/patch-src_pfilter.c index 0c77b28f38c3..9168a96a9ee1 100644 --- a/net/proftpd/patches/patch-src_pfilter.c +++ b/net/proftpd/patches/patch-src_pfilter.c @@ -1,7 +1,9 @@ ---- /dev/null 2016-01-22 17:30:55.000000000 -0500 -+++ src/pfilter.c 2016-01-22 16:37:55.000000000 -0500 ---- src/pfilter.c.orig 2019-10-13 19:47:58.437871822 +0000 -+++ src/pfilter.c +$NetBSD: patch-src_pfilter.c,v 1.3 2021/10/16 19:46:42 tm Exp $ + +Add pfilter objects. + +--- /dev/null Fri Oct 15 10:32:05 2021 ++++ src/pfilter.c Fri Oct 15 10:32:05 2021 @@ -0,0 +1,41 @@ +#include "pfilter.h" +#include "conf.h" diff --git a/net/proftpd/patches/patch-src_pidfile.c b/net/proftpd/patches/patch-src_pidfile.c new file mode 100644 index 000000000000..fd4245f303a0 --- /dev/null +++ b/net/proftpd/patches/patch-src_pidfile.c @@ -0,0 +1,30 @@ +$NetBSD: patch-src_pidfile.c,v 1.1 2021/10/16 19:46:42 tm Exp $ + +dprintf is not availble on SunOS (illumos) + +--- src/pidfile.c.orig Fri Oct 15 10:11:49 2021 ++++ src/pidfile.c Fri Oct 15 10:11:58 2021 +@@ -29,6 +29,23 @@ + + static const char *pidfile_path = PR_PID_FILE_PATH; + ++#if defined(__sun) ++#include ++ ++int dprintf(int fd, const char *restrict format, ...) { ++ va_list ap; ++ FILE *f = fdopen(fd, "w"); ++ if (!f) { ++ return -1; ++ } ++ va_start(ap, format); ++ int result = fprintf(f, format, ap); ++ va_end(ap); ++ ++ return result; ++} ++#endif ++ + const char *pr_pidfile_get(void) { + return pidfile_path; + }