Update proftpd to 1.3.7c

1.3.7c
  + Fix memory disclosure to RADIUS servers by mod_radius (Issue #1284).
  + PCRE expressions with capture groups were not being handled properly
    (Issue #1300).

1.3.7b
  + Fixed occasional segfaults with FTPS data transfers using TLSv1.3, when
    session tickets cannot be decrypted (Issue #1063).
  + Passive transfers fail unexpectedly due to use of SO_REUSEPORT socket
    option (Issue #1171).
  + Implemented support for Redis 6.x AUTH semantics (Issue #1070).
  + Fixed memory use-after-free issue in mod_sftp which can cause unexpected
    login/authentication issues.
  + Fixed SQL syntax regression for some generated SQL statements
    (Issue #1149).
  + Fixed "Corrupted MAC on inptut" errors when SFTP uses the
    umac-64@openssh.com digest (Issue #1111).

1.3.7a
  + Fix build-time regression when using the --localstatedir configure option.

1.3.7
  + Support the SOURCE_DATE_EPOCH environment variable, for reproducible
    builds (Issue #1038).

1.3.7rc4
  + Implemented support for configuring certificate options for LDAP
    connections using SSL/TLS.
  + Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
  + Fixed handling of IPv6 addresses in From directives (Issue #682).
  + Added -b and -n command-line options to ftptop.
  + Ignore supplemental groups when run as non-root user (Issue #808).
  + Use re-entrant versions of time functions where available (Issue #983).
  + New Configuration Directives
    BanOptions
      The BanOptions directive is used to tune mod_ban behavior, such as
      creating ban entries that match/apply to all <VirtualHost> sections.
      See doc/contrib/mod_ban.html#BanOptions for more details.
    LDAPUseSASL
      The LDAPUseSASL directive configures a list of SASL authentication
      mechanisms to use, when using the LDAPBindDN to bind to the LDAP
      server.  See doc/contrib/mod_ldap.html#LDAPUseSASL for details.
    LogOptions
      The LogOptions directive is used to modify the default logging format
      for ProFTPD syslog, debug, and module logging.  See
      doc/modules/mod_log.html#LogOptions for more information.
    SQLKeepAlive
      The SQLKeepAlive directive configures a periodic "keepalive" query
      for ensuring the connection between mod_sql and the backend database
      server.  See doc/contrib/mod_sql.html#SQLKeepAlive for more information.
  + Changed Configuration Directives
    LDAPServer
      The LDAPServer directive now supports configuring the trusted CA
      file, client certificate and key files, SSL ciphers, and verification
      policies for LDAP connections.  See doc/contrib/mod_ldap.html#LDAPServer
      for more details.
    TraceOptions
      The TraceOptions directive now supports a "Timestamp" option, for
      disabling inclusion of timestamps in Trace logs.
  + Developer notes
    When MaxLoginAttempts is reach, the POST_CMD_ERR/LOG_CMD_ERR command
    handler phases will now run.  This allows interested modules, such
    as mod_exec and others, to react to these events (Issue #718).

1.3.7rc3
  + Fixed regression in directory listing latency (Issue #863).
  + Fixed use-after-free vulnerability during data transfers (Issue #903).
  + Addressed out-of-bounds read in mod_cap by removing bundled libcap, and
    relying solely on the system-provided libcap (Issue #902).  Note that
    building ProFTPD from source will *not* automatically include the
    mod_cap module, unless the libcap library is available.
  + mod_sftp now supports OpenSSH-specific private host keys (Issue #793).
    Newer versions of OpenSSH ssh-keygen(1) automatically generate private
    keys formatted with this OpenSSH-specific format.
  + mod_sftp now supports Ed25519 keys (Bug #4221).
  + mod_sftp now supports RSA SHA-2 publickey signatures, per RFC 8332
    (Issue #907).
  + mod_tls now honors client-provided SNI as part of the TLS handshake,
    for implementing name-based virtual hosts via TLS SNI.
  + Changed Configuration Directives
    LogFormat %{transfer-port}
      The LogFormat directive supports a %{transfer-port} variable for
      logging the selected data transfer port.
    SFTPOptions NoExtensionNegotiation
      The mod_sftp module now supports SSH extension negotations (RFC 8332).
      If there any issues with this support, it can be disabled using:
        SFTPOptions NoExtensionNegotiation
    SQLAuthTypes bcrypt
      The mod_sql_passwd module now supports bcrypt-encrypted passwords.
      This can be enabled using:
        SQLAuthTypes bcrypt
      in your mod_sql configuration.  See doc/contrib/mod_sql_password.html
      for more information.
    TLSOption IgnoreSNI
      The TLSOption directive now supports an "IgnoreSNI" setting, to
      tell mod_tls to ignore/not use any SNI, provided by the client in the
      TLS handshake, for determining any name-based virtual hosts.  See
      doc/contrib/mod_tls.html#TLSOption for more details.
  + Added API
    FSIO pread(2), pwrite(2) (Issue#317)

1.3.7rc2
  + Fixed pre-authentication remote denial-of-service issue (Issue #846,
    CVE-2019-18217).

1.3.7rc1
  + RootRevoke is now on by default, meaning that once authentication succeeds,
    all root privileges are dropped by default, unless the UserOwner directive
    (which requires root privileges) is used (Bug#4241).
  + The mod_ident module is no longer automatically built by default.
    To include the mod_ident module in the build, it must be explicitly
    requested via --enable-ident or --with-shared=mod_ident.
    This means that configuration files using the IdentLookups directive
    will now want to using an enclosing <IfModule> section, like so:
      <IfModule mod_ident.c>
        IdentLookups off
      </IfModule>
  + The mod_tls module now performs basic sanity checks of configured TLS
    files on startup (Issue#491).
  + The mod_deflate module now supports MODE Z data transfers when TLS
    is used (Issue#505).
  + The mod_xfer module now supports the RANG FTP command; see
    https://tools.ietf.org/html/draft-bryan-ftp-range-08 (Issue#351).
  + The ftpasswd script now supports a --change-home option, for changing
    the home directory of a user in an AuthUserFile (Issue#566).
  + The ftpasswd script supports deleting a user from a group (Issue#620).
  + Refactored the LogFormat handling code so that it is not longer
    duplicated by mod_log, mod_sql, etc.  The new Jot API is the common API
    to be used by modules for LogFormat variables and logging.
  + Generated new DH parameters for mod_sftp, mod_tls.
  + New Configuration Directives
    AuthFileOptions
      The mod_auth_file module supports a configuration directive for disabling
      its requirement for secure permissions on configured
      AuthUserFile/AuthGroupFile.  See
      doc/modules/mod_auth_file.html#AuthFileOptions for information.
    RedisLogOnEvent
      The mod_redis module can be configured to log JSON messages based on
      specified events (Issue#392).  See the
      doc/modules/mod_redis.html#RedisLogOnEvent documentation for details.
    RedisOptions
      The mod_redis module now implements a RedisOptions directive, for tuning
      some of the module behavior (Issue#477).  The
      doc/modules/mod_redis.html#RedisOptions documentation has more details.
    RedisSentinel
      The mod_redis module now supports use of Redis Sentinels (Issue#396);
      see doc/modules/mod_redis.html#RedisSentinel.
  + Changed Configuration Directives
    AllowForeignAddress class-name
      The AllowForeignAddress directive supports a Class name, for finer-grained
      control over which clients are allowed to use foreign/mismatching IP
      addresses for transfers.  See
      doc/modules/mod_core.html#AllowForeignAddress for more information.
    ExecEnviron %b
      The ExecEnviron directive has been fixed to properly resolve the %b
      LogFormat variable (Issue#515).
    RedisServer db-index (Issue#550)
      The mod_redis module can now be configured to select a database index
      via the RedisServer directive (Issue#550).  See the
      doc/modules/mod_redis.html#RedisServer documentation for details.
    RewriteMap idnatrans
      The mod_rewrite module can now support rewriting `idn` to `idna`
      formats (Issue#231).  See the doc/modules/mod_rewrite#RewriteMap for
      details on how to do so.
    RootRevoke on
      The RootRevoke directive is now enabled by default (Bug#4241).  This
      makes for more secure configurations/sessions out-of-the-box.  See
      doc/modules/mod_auth.html#RootRevoke for more information.
    SFTPCiphers, SFTPDigests
      Some weak algorithms are now disabled by default in mod_sftp (Bug#4279).
      These algorithms, if need be, can be explicitly enabled by configuration;
      they are just not enabled automatically.  For list of the algorithms
      affected, see doc/contrib/mod_sftp.html#SFTPCiphers,
      doc/contrib/mod_sftp.html#SFTPDigests.
    SFTPOptions IncludeSFTPTimes
      The SFTOptions directive of mod_sftp now supports an option for explicitly
      including the timestamps of files when SFTP protocol 4 and higher are
      used, even if the SFTP client did not request these timestamps.  This
      works around a bug in the popular Rebex SFTP library; see
      doc/contrib/mod_sftp.html#SFTPOptions for details.
    TLSProtocol TLSv1.3
      The mod_tls module, and its TLSProtocol directive, now support TLSv1.3
      (Issue#536).  See doc/contrib/mod_tls.html#TLSProtocol for more
      information.
    TLSServerCipherPreference
      The TLSServerCipherPreference directive is now enabled by default.
      See doc/contrib/mod_tls.html#TLSServerCipherPrefrence.
    TLSStaplingOptions NoFakeTryLater
      Some TLS clients have trouble with the "fake" OCSP response that mod_tls
      might stable, when the client requested stapled OCSP responses and
      mod_tls is unable to contact the OCSP responder.  Use this option to
      disable such fake responses (Issue#518):
        TLSStaplingOptions NoFakeTryLater
      See doc/contrib/mod_tls.html#TLSStaplingOptions for details.
  + Removed Configuration Directives
    The following directives have been removed:
      GroupPassword
      LoginPasswordPrompt
      TransferPriority
This commit is contained in:
tm 2021-10-16 19:46:41 +00:00
parent b3b58f989b
commit 0be9cd4939
16 changed files with 127 additions and 72 deletions

View file

@ -1,7 +1,6 @@
# $NetBSD: Makefile,v 1.92 2021/05/24 19:53:36 wiz Exp $
# $NetBSD: Makefile,v 1.93 2021/10/16 19:46:41 tm Exp $
#PKGREVISION= 2
PKGREVISION= 2
.include "../../net/proftpd/Makefile.common"
COMMENT= Highly configurable FTP server software
@ -55,8 +54,7 @@ INSTALLATION_DIRS+= share/doc/proftpd
INSTALLATION_DIRS+= share/examples/proftpd
post-install:
.for i in NEWS README.md README.IPv6 README.LDAP README.PAM README.capabilities \
README.classes README.controls README.facl README.modules
.for i in NEWS README.md README.LDAP README.modules
${INSTALL_DATA} ${WRKSRC}/${i} ${DESTDIR}${PREFIX}/share/doc/proftpd
.endfor
.for i in Configuration.html faq.html license.txt

View file

@ -1,9 +1,9 @@
# $NetBSD: Makefile.common,v 1.12 2020/05/10 14:22:48 rillig Exp $
# $NetBSD: Makefile.common,v 1.13 2021/10/16 19:46:41 tm Exp $
# used by net/proftpd/Makefile
# used by net/proftpd/Makefile.module
DISTNAME= proftpd-1.3.6c
DISTNAME= proftpd-1.3.7c
CATEGORIES= net
MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/
MASTER_SITES+= ftp://ftp.servus.at/ProFTPD/distrib/source/
@ -36,6 +36,9 @@ CONFIGURE_ARGS+= --enable-dso
CONFIGURE_ENV+= install_group=${ROOT_GROUP}
CONFIGURE_ENV+= install_user=${ROOT_USER}
CFLAGS.SunOS+= -D_POSIX_PTHREAD_SEMANTICS
CFLAGS.SunOS+= -Du_int64_t=uint64_t -Du_int32_t=uint32_t -Du_int16_t=uint16_t -Du_int8_t=uint8_t
BUILD_DEFS+= VARBASE
CHECK_SHLIBS_SKIP= libexec/proftpd/*.a

View file

@ -1,4 +1,4 @@
# $NetBSD: Makefile.module,v 1.1 2015/09/25 10:01:37 wiedi Exp $
# $NetBSD: Makefile.module,v 1.2 2021/10/16 19:46:42 tm Exp $
# used by net/proftpd-geoip/Makefile
# used by net/proftpd-ldap/Makefile
@ -19,4 +19,4 @@ DEPENDS+= proftpd>=${PKGVERSION_NOREV}:../../net/proftpd
CPPFLAGS+= -I${WRKSRC}/include -I${WRKSRC}/contrib
pre-build:
cd ${WRKSRC} && ${MAKE} include/buildstamp.h
cd ${WRKSRC} && ${GMAKE} include/buildstamp.h

View file

@ -1,4 +1,4 @@
@comment $NetBSD: PLIST,v 1.28 2019/10/07 19:29:47 christos Exp $
@comment $NetBSD: PLIST,v 1.29 2021/10/16 19:46:42 tm Exp $
bin/ftpasswd
bin/ftpcount
bin/ftpdctl
@ -7,6 +7,7 @@ bin/ftpquota
bin/ftptop
bin/ftpwho
bin/prxs
include/proftpd/acconfig.h
include/proftpd/ascii.h
include/proftpd/auth.h
include/proftpd/bindings.h
@ -26,6 +27,7 @@ include/proftpd/dirtree.h
include/proftpd/display.h
include/proftpd/encode.h
include/proftpd/env.h
include/proftpd/error.h
include/proftpd/event.h
include/proftpd/expr.h
include/proftpd/feat.h
@ -37,6 +39,7 @@ include/proftpd/hanson-tpl.h
include/proftpd/help.h
include/proftpd/ident.h
include/proftpd/inet.h
include/proftpd/jot.h
include/proftpd/json.h
include/proftpd/lastlog.h
include/proftpd/libsupp.h
@ -56,7 +59,9 @@ include/proftpd/modules.h
include/proftpd/netacl.h
include/proftpd/netaddr.h
include/proftpd/netio.h
include/proftpd/openbsd-blowfish.h
include/proftpd/options.h
include/proftpd/os.h
include/proftpd/parser.h
include/proftpd/pfilter.h
include/proftpd/pidfile.h
@ -65,6 +70,7 @@ include/proftpd/pr-syslog.h
include/proftpd/privs.h
include/proftpd/proctitle.h
include/proftpd/proftpd.h
include/proftpd/random.h
include/proftpd/redis.h
include/proftpd/regexp.h
include/proftpd/response.h
@ -135,14 +141,8 @@ sbin/in.proftpd
sbin/proftpd
share/doc/proftpd/Configuration.html
share/doc/proftpd/NEWS
share/doc/proftpd/README.md
share/doc/proftpd/README.IPv6
share/doc/proftpd/README.LDAP
share/doc/proftpd/README.PAM
share/doc/proftpd/README.capabilities
share/doc/proftpd/README.classes
share/doc/proftpd/README.controls
share/doc/proftpd/README.facl
share/doc/proftpd/README.md
share/doc/proftpd/README.modules
share/doc/proftpd/faq.html
share/doc/proftpd/license.txt
@ -165,3 +165,4 @@ share/locale/ru_RU/LC_MESSAGES/proftpd.mo
share/locale/zh_CN/LC_MESSAGES/proftpd.mo
share/locale/zh_TW/LC_MESSAGES/proftpd.mo
@pkgdir lib/proftpd
@pkgdir etc

View file

@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.52 2021/10/07 14:42:22 nia Exp $
$NetBSD: distinfo,v 1.53 2021/10/16 19:46:42 tm Exp $
RMD160 (proftpd-1.3.6c.tar.gz) = 0fcb3453fef0c5a25b9605940b5840eacead8f40
SHA512 (proftpd-1.3.6c.tar.gz) = 9b10e603b26d527b594682a4905e70dc0a8361372ed80a8e2617167305047bf94ea16b441f9d5782ae04dd50768d32e12f9cb68708c1f80dcd219b09e0d4fd15
Size (proftpd-1.3.6c.tar.gz) = 20271908 bytes
RMD160 (proftpd-1.3.7c.tar.gz) = e51b3c2350d027c60a83552078802c99f09fad1e
SHA512 (proftpd-1.3.7c.tar.gz) = f9268e521e68cebaf1947cbfe1cc57f282ea09d59410c1722cd9a68c99d643b90b837c1fa840fdb894597c7429b0eb62bc4ac324915ffac04366daa2f104e88d
Size (proftpd-1.3.7c.tar.gz) = 20428648 bytes
SHA1 (patch-Make.rules.in) = 4689fcb4aff5c9b3a2e47a43b93e76101d54e812
SHA1 (patch-Makefile.in) = 332dcd9d773770c10d876dc9da1dc7f6b1c15421
SHA1 (patch-configure.in) = ed8e190a89cbfc3276d9e77f0bbb624f6d19f816

View file

@ -1,8 +1,10 @@
--- Make.rules.in.orig 2015-05-27 20:25:54.000000000 -0400
+++ Make.rules.in 2016-01-25 21:48:47.000000000 -0500
--- Make.rules.in.orig 2017-04-10 02:31:02.000000000 +0000
+++ Make.rules.in
@@ -113,3 +113,6 @@ BUILD_FTPTOP_OBJS=utils/ftptop.o utils/s
$NetBSD: patch-Make.rules.in,v 1.3 2021/10/16 19:46:42 tm Exp $
Add pfilter objects.
--- Make.rules.in.orig Mon Aug 30 00:22:56 2021
+++ Make.rules.in Fri Oct 15 10:32:05 2021
@@ -114,3 +114,6 @@
FTPWHO_OBJS=ftpwho.o scoreboard.o misc.o
BUILD_FTPWHO_OBJS=utils/ftpwho.o utils/scoreboard.o utils/misc.o

View file

@ -1,13 +1,13 @@
$NetBSD: patch-Makefile.in,v 1.1 2015/07/13 15:39:27 he Exp $
$NetBSD: patch-Makefile.in,v 1.2 2021/10/16 19:46:42 tm Exp $
Make this pkgsrc friendly.
Linking ftpdctl does not (seem to) require all the libraries needed for
various proftpd modules. It definitely cannot include -lwrap.
--- Makefile.in.orig 2015-05-28 00:25:54.000000000 +0000
+++ Makefile.in
@@ -59,7 +59,7 @@ ftpcount$(EXEEXT): lib utils
--- Makefile.in.orig Tue Jul 21 17:25:51 2020
+++ Makefile.in Fri Oct 15 09:18:04 2021
@@ -77,7 +77,7 @@
$(CC) $(LDFLAGS) -o $@ $(BUILD_FTPCOUNT_OBJS) $(UTILS_LIBS)
ftpdctl$(EXEEXT): lib src
@ -16,12 +16,12 @@ various proftpd modules. It definitely cannot include -lwrap.
ftpscrub$(EXEEXT): lib utils
$(CC) $(LDFLAGS) -o $@ $(BUILD_FTPSCRUB_OBJS) $(UTILS_LIBS)
@@ -178,7 +178,7 @@ install-man: $(DESTDIR)$(mandir) $(DESTD
$(INSTALL_MAN) $(top_srcdir)/src/proftpd.conf.5 $(DESTDIR)$(mandir)/man5
$(INSTALL_MAN) $(top_srcdir)/src/xferlog.5 $(DESTDIR)$(mandir)/man5
@@ -196,7 +196,7 @@
$(INSTALL_MAN) $(top_builddir)/src/proftpd.conf.5 $(DESTDIR)$(mandir)/man5
$(INSTALL_MAN) $(top_builddir)/src/xferlog.5 $(DESTDIR)$(mandir)/man5
-install-all: install-proftpd install-modules install-utils install-conf install-man install-libs install-headers install-pkgconfig install-locales $(INSTALL_DEPS)
+install-all: install-proftpd install-modules install-utils install-man install-libs install-headers install-pkgconfig install-locales $(INSTALL_DEPS)
install: all install-all
install: $(BUILD_BIN) install-all

View file

@ -1,8 +1,19 @@
$NetBSD: patch-configure.in,v 1.1 2019/10/13 19:52:47 maya Exp $
$NetBSD: patch-configure.in,v 1.2 2021/10/16 19:46:42 tm Exp $
--- configure.in.orig 2017-04-10 02:31:02.000000000 +0000
+++ configure.in
@@ -2836,6 +2836,12 @@ AC_TRY_RUN(
Test if blacklistd supported.
--- configure.in.orig Tue Jul 21 17:25:51 2020
+++ configure.in Fri Oct 15 09:41:18 2021
@@ -2800,7 +2800,7 @@
AC_DEFINE(PR_USE_NONBLOCKING_LOG_OPEN, 1, [Define if using nonblocking open of log files])
fi
-if test x"$enable_ident" == xyes ; then
+if test x"$enable_ident" = xyes ; then
ac_static_modules="mod_ident.o $ac_static_modules"
ac_build_static_modules="modules/mod_ident.o $ac_build_static_modules"
fi
@@ -2949,6 +2949,12 @@
AC_MSG_RESULT(cross-compiling); AC_DEFINE(HAVE_LU, 1, [Define if you have %lu support])
)

View file

@ -1,13 +1,15 @@
$NetBSD: patch-contrib_mod__load_configure.in,v 1.1 2019/12/09 19:22:57 nros Exp $
* solaris and derivates has loadavg in sys/loadavg.h
--- contrib/mod_load/configure.in.orig 2019-12-09 18:12:06.479685628 +0000
+++ contrib/mod_load/configure.in
@@ -63,7 +63,7 @@ AC_ARG_WITH(libraries,
$NetBSD: patch-contrib_mod__load_configure.in,v 1.2 2021/10/16 19:46:42 tm Exp $
Solaris and derivates has loadavg in sys/loadavg.h
--- contrib/mod_load/configure.in.orig Tue Jul 21 17:25:51 2020
+++ contrib/mod_load/configure.in Fri Oct 15 09:22:45 2021
@@ -63,7 +63,7 @@
])
AC_HEADER_STDC
-AC_CHECK_HEADERS(stdlib.h unistd.h limits.h fcntl.h)
+AC_CHECK_HEADERS(stdlib.h unistd.h limits.h fcntl.h sys/loadavg.h)
AC_SUBST(LDFLAGS)
dnl _Must_ come before AC_FUNC_GETLOADAVG
AC_CHECK_LIB(kstat, kstat_open)

View file

@ -1,5 +1,7 @@
$NetBSD: patch-contrib_mod__load_mod__load.c,v 1.2 2019/12/19 12:52:28 nros Exp $
* solaris and derivates has loadavg in sys/loadavg.h
$NetBSD: patch-contrib_mod__load_mod__load.c,v 1.3 2021/10/16 19:46:42 tm Exp $
Solaris and derivates has loadavg in sys/loadavg.h
--- contrib/mod_load/mod_load.c.orig 2017-04-10 02:31:02.000000000 +0000
+++ contrib/mod_load/mod_load.c
@@ -49,6 +49,10 @@

View file

@ -1,5 +1,7 @@
$NetBSD: patch-contrib_mod__load_mod__load.h.in,v 1.1 2019/12/09 19:22:57 nros Exp $
* solaris and derivates has loadavg in sys/loadavg.h
$NetBSD: patch-contrib_mod__load_mod__load.h.in,v 1.2 2021/10/16 19:46:42 tm Exp $
Solaris and derivates has loadavg in sys/loadavg.h
--- contrib/mod_load/mod_load.h.in.orig 2019-12-09 18:10:43.656037132 +0000
+++ contrib/mod_load/mod_load.h.in
@@ -51,6 +51,9 @@

View file

@ -1,15 +1,15 @@
$NetBSD: patch-contrib_mod__sftp_Makefile.in,v 1.1 2015/09/25 10:01:37 wiedi Exp $
$NetBSD: patch-contrib_mod__sftp_Makefile.in,v 1.2 2021/10/16 19:46:42 tm Exp $
Install mod_sftp misc files into examples folder
--- contrib/mod_sftp/Makefile.in.orig 2015-05-28 00:25:54.000000000 +0000
+++ contrib/mod_sftp/Makefile.in
@@ -46,8 +46,9 @@ install: install-misc
fi
--- contrib/mod_sftp/Makefile.in.orig Tue Jul 21 17:25:51 2020
+++ contrib/mod_sftp/Makefile.in Fri Oct 15 09:25:08 2021
@@ -73,8 +73,9 @@
$(INSTALL_MAN) $(MODULE_NAME).h $(DESTDIR)$(includedir)/proftpd/$(MODULE_NAME).h
install-misc:
- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 dhparams.pem $(DESTDIR)$(sysconfdir)/dhparams.pem
- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 blacklist.dat $(DESTDIR)$(sysconfdir)/blacklist.dat
- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 $(top_srcdir)/dhparams.pem $(DESTDIR)$(sysconfdir)/dhparams.pem
- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 $(top_srcdir)/blacklist.dat $(DESTDIR)$(sysconfdir)/blacklist.dat
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/share/examples/proftpd
+ $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 dhparams.pem $(DESTDIR)$(PREFIX)/share/examples/proftpd/dhparams.pem
+ $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 blacklist.dat $(DESTDIR)$(PREFIX)/share/examples/proftpd/blacklist.dat

View file

@ -1,7 +1,9 @@
--- /dev/null 2016-01-22 17:30:55.000000000 -0500
+++ include/pfilter.h 2016-01-22 16:18:33.000000000 -0500
--- include/pfilter.h.orig 2019-10-13 19:47:58.412725364 +0000
+++ include/pfilter.h
$NetBSD: patch-include_pfilter.h,v 1.3 2021/10/16 19:46:42 tm Exp $
Add packet filter
--- /dev/null Fri Oct 15 10:32:05 2021
+++ include/pfilter.h Fri Oct 15 10:32:05 2021
@@ -0,0 +1,3 @@
+
+void pfilter_notify(int);

View file

@ -1,18 +1,18 @@
$NetBSD: patch-src_main.c,v 1.1 2019/10/07 19:29:47 christos Exp $
$NetBSD: patch-src_main.c,v 1.2 2021/10/16 19:46:42 tm Exp $
Add packet filter
--- src/main.c.orig 2017-04-09 22:31:02.000000000 -0400
+++ src/main.c 2019-10-07 15:09:12.516004304 -0400
--- src/main.c.orig Tue Jul 21 17:25:51 2020
+++ src/main.c Fri Oct 15 09:29:42 2021
@@ -41,6 +41,7 @@
#endif
#include "privs.h"
+#include "pfilter.h"
int (*cmd_auth_chk)(cmd_rec *);
void (*cmd_handler)(server_rec *, conn_t *);
@@ -1089,6 +1090,7 @@
#ifdef PR_USE_OPENSSL
# include <openssl/opensslv.h>
@@ -1116,6 +1117,7 @@
pid_t pid;
sigset_t sig_set;
@ -20,13 +20,13 @@ Add packet filter
if (no_fork == FALSE) {
/* A race condition exists on heavily loaded servers where the parent
@@ -1206,7 +1208,8 @@
@@ -1233,7 +1235,8 @@
/* Reseed pseudo-randoms */
srand((unsigned int) (time(NULL) * getpid()));
pr_random_init();
-
+#else
+ pfilter_init();
+ pfilter_init();
#endif /* PR_DEVEL_NO_FORK */
/* Child is running here */

View file

@ -1,7 +1,9 @@
--- /dev/null 2016-01-22 17:30:55.000000000 -0500
+++ src/pfilter.c 2016-01-22 16:37:55.000000000 -0500
--- src/pfilter.c.orig 2019-10-13 19:47:58.437871822 +0000
+++ src/pfilter.c
$NetBSD: patch-src_pfilter.c,v 1.3 2021/10/16 19:46:42 tm Exp $
Add pfilter objects.
--- /dev/null Fri Oct 15 10:32:05 2021
+++ src/pfilter.c Fri Oct 15 10:32:05 2021
@@ -0,0 +1,41 @@
+#include "pfilter.h"
+#include "conf.h"

View file

@ -0,0 +1,30 @@
$NetBSD: patch-src_pidfile.c,v 1.1 2021/10/16 19:46:42 tm Exp $
dprintf is not availble on SunOS (illumos)
--- src/pidfile.c.orig Fri Oct 15 10:11:49 2021
+++ src/pidfile.c Fri Oct 15 10:11:58 2021
@@ -29,6 +29,23 @@
static const char *pidfile_path = PR_PID_FILE_PATH;
+#if defined(__sun)
+#include <stdarg.h>
+
+int dprintf(int fd, const char *restrict format, ...) {
+ va_list ap;
+ FILE *f = fdopen(fd, "w");
+ if (!f) {
+ return -1;
+ }
+ va_start(ap, format);
+ int result = fprintf(f, format, ap);
+ va_end(ap);
+
+ return result;
+}
+#endif
+
const char *pr_pidfile_get(void) {
return pidfile_path;
}