Commit graph

110 commits

Author SHA1 Message Date
kim
63d352df2d Update net/proftpd (and modules) to 1.3.5d with a fix for CVE-2017-7418
1.3.5d - Released 15-Jan-2017
--------------------------------
- Bug 4283 - All FTP logins treated as anonymous logins again.  This is a
  regression of Bug#3307.

1.3.5c - Released 14-Jan-2017
--------------------------------
- Bug 4254 - SSH rekey during authentication can cause issues with clients.
- Bug 4257 - Recursive SCP uploads of multiple directories not handled properly.
- Bug 4259 - LIST returns different results for file, depending on path syntax.
- Bug 4255 - "AuthAliasOnly on" in server config breaks anonymous logins.
- Bug 4272 - CapabilitiesEngine directive not honored for <IfUser>/<IfGroup>
  sections.
- Bug 4275 - Support OpenSSL 1.1.x API.
- Bug 4278 - Memory leak when mod_facl is used.
2017-04-05 17:36:00 +00:00
agc
30b55df38e Convert all occurrences (353 by my count) of
MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
2017-01-19 18:52:01 +00:00
wiz
73716d23de Bump PKGREVISION for perl-5.24.0 for everything mentioning perl. 2016-07-09 06:38:30 +00:00
jperkin
36e6903fd8 Remove the stability entity, it has no meaning outside of an official context. 2016-06-08 10:16:50 +00:00
jperkin
31ffe7cbb6 Change the service_bundle name to "export" to reduce diffs between the
original manifest.xml file and the output from "svccfg export".
2016-06-08 09:46:01 +00:00
wiedi
a5ea553ef9 Update net/proftpd (and modules) to 1.3.5b
1.3.5b - Released 10-Mar-2016
--------------------------------
- Bug 4187 - mod_geoip does not load all of the GeoIPTables properly.
- Bug 4191 - "Incorrect string value" reported by mod_sql_mysql for some UTF8
  characters.
- Bug 4097 - SSH rekey fails when using RSA hostkey smaller than 2048 bits.
- Bug 4198 - MLSD/MLST fact type "cdir" is incorrectly used for the current
  working directory.
- Bug 4201 - HiddenStores temporary files not removed when exceeding quota
  using SCP.
- Bug 4202 - MLSD lines not properly terminated with CRLF.
- Bug 4209 - Zero-length memory allocation possible, with undefined results.
- Bug 4210 - Avoid unbounded SFTP extended attribute key/values.
- Bug 4212 - Ensure that FTP data transfer commands fail appropriately when
  "RootRevoke on" is in effect.
- Bug 4217 - Handle FTP re-authentication attempts better.
- Bug 4223 - Permissions on files uploaded via STOU do not honor configured
  Umask.
- Bug 4227 - Support SFTP clients that send multiple INIT requests.
- Bug 4230 - TLSDHParamFile directive appears ignored because unexpected DH is
  chosen.
2016-03-14 22:47:10 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
agc
203292f73e Add SHA512 digests for distfiles for net category
Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 00:34:51 +00:00
fhajny
2fb410622c Needs zlib. Fixes build at least on SunOS. 2015-10-23 08:37:35 +00:00
wiedi
0b2f9152b1 Package ProFTPD using DSO (Dynamic Shared Objects) support.
This is preferable for binary package use as it allowes the user to choose
which features to enable by changeing the configuration file instead of
recompiling. This is also how ProFTPD is usually packaged in other systems.

For details about ProFTPD and DSO see:
	http://www.proftpd.org/docs/howto/DSO.html

This change removes the following PKG_OPTIONS.proftpd:
	ban, ldap, mysql, pgsql, proftpd-readme, quota, tls and wrap

The modules that were previously compiled when enabling ban, proftpd-readme,
quota or tls are now always included. To load them use a configuration
directive like:
	LoadModule mod_ban.c

In addition the proftpd package includes by default many other modules that
were previously unavailble like: mod_load, mod_radius, mod_sftp and more.

The module that was provided by the wrap option is replaced by the wrap2 module
which is also always included.

The ldap option is superseded by the proftpd-ldap package.
The mysql option is superseded by the proftpd-mysql package.
The pgsql option is superseded by the proftpd-postgresql package.
Using proftpd-postgresql will create one binary package for each PostgreSQL
version in pkgsrc.

In addition the following added packages provide new functionality:
	- proftpd-geoip (access GeoIP details)
	- proftpd-memcached (mod_memcache and mod_tls_memcache)
	- proftpd-odbc (access any ODBC database)
	- proftpd-sqlite (access to sqlite3)
2015-09-25 10:01:36 +00:00
wiz
c7383780db Bump all packages that depend on curses.bui* or terminfo.bui* since they
might incur ncurses dependencies on some platforms, and ncurses just bumped
its shlib.
Some packages were bumped twice now, sorry for that.
2015-08-18 07:31:00 +00:00
he
58a0827674 Update to version 1.3.5a.
Pkgsrc changes:
 * adapt one patch to changes upstream.
 * adapt PLIST to newly installed files.
 * rename and adapt patch to Makefile.in.

Upstream changes:

1.3.5a - Released 27-May-2015
--------------------------------
- Bug 4055 - "error setting listen fd IPV6_TCLASS: Protocol not available" log
  message.
- Bug 3944 - Session closed if active data transfer fails due to "Address
  already in use" error.
- Bug 4068 - MaxClients directive doesn't work for <Anonymous> sessions.
- Bug 4069 - NLST -a shows / directory instead of the current directory.
- Bug 4063 - Unable to create directory on NFS/CIFS partition: Permission
  denied.
- Bug 4073 - Polycom VOIP phones unable to use FTPS data transfers.
- Bug 4077 - ShaperLog not closed/reopened on SIGHUP, causing log rotation
  problems.
- Bug 4079 - Invalid response encoding for SFTP space-available request.
- Bug 4083 - Using SQLDefaultHomedir with null home results in "No such user".
- Bug 4087 - mod_sftp does not handle "MaxLoginAttempts none" properly.
- Bug 4089 - mod_sftp does not allow multiple attempts using a given
  authentication method.
- Bug 4090 - mod_wrap2_file does not support IPv6 addresses properly.
- Bug 4091 - Log "Operation not permitted" privs errors at NOTICE rather than
  ERROR.
- Bug 4094 - Available space on file system using %f displays wrong value.
- Bug 4108 - SSL handshakes for data connections sometimes stall for 3-30
  seconds.
- Bug 4109 - setsockopt() call for IPV6_TCLASS should use IPPROTO_IPV6.
- Bug 4112 - Failure to connect using mod_sftp sometimes due to too-small
  buffers.
- Bug 4114 - mod_tls should not support SSLv3 by default.
- Bug 4116 - Report exact SSL/TLS protocol version used in client connections.
- Bug 4124 - DeleteAbortedStores defaults to "on" for all transfers, not just
  HiddenStores.
- Bug 4129 - mod_sql caches incorrect UID/GID when name cannot be retrieved.
- Bug 4131 - mod_sftp's autoconf script does not detect OpenSSL SHA2 support.
- Bug 4133 - LDAPUsers directive does not honor uid-number-filter-template
  parameter.
- Bug 4137 - GeoIPDenyFilter incorrectly takes precedence over GeoIPAllowFilter.
- Bug 4140 - SFTP READLINK requests to symlinks to directories fail.
- Bug 4143 - HTTPS/FTPS protocol confusion leads to XSS.
- Bug 4145 - Segfault if AuthUserFile is a relative symlink.
- Bug 4152 - Reduce logging of non-fatal "unable to open incoming connection"
  errors.
- Bug 4155 - SSH keys with too-long Comment headers aren't recognized by
  mod_sftp_sql.
- Bug 4156 - Segfault handling LIST/NLST FTP command on Mac OS X.
- Bug 4160 - Malformed response to SSH_FXP_REALPATH with SFTP version 6.
- Bug 4169 - Unauthenticated copying of files via SITE CPFR/CPTO allowed by
  mod_copy.
- Bug 4178 - TLS session reuse requirement for data connections not properly
  enforced.

1.3.5 - Released 15-May-2014
--------------------------------
- Bug 4018 - Implement checks for sensitive directories when chrooted.
- Bug 4022 - "Directory not empty" error when creating directory is misleading.
- Bug 4025 - <IfClass> sections do not work for multiple SQLLog directives.
- Bug 4029 - TLSOptions EnableDiags logs "unknown version (771)" for
  TLS 1.1/1.2 connections.
- Bug 3938 - mod_wrap2 uses reverse DNS regardless "UseReverseDNS off".
- Bug 4032 - Restarting proftpd with mod_sftp fails due to permissions on
  SFTPHostKey file.
- Bug 4033 - mod_sftp fails to create SSH2 session using 'none' cipher.
- Bug 4034 - SSH publickey authentication fails with "MaxLoginAttempts 1".
- Bug 4024 - TLS 1.1/1.2 configurable, but not properly implemented.
- Bug 4046 - ALLO command failed because of bad size check.
- Bug 4048 - Race condition in mod_ban can lead to segfault of all new
  connections.
- Bug 4049 - mod_exec should include supplemental groups when running commands
  as logged-in user.
- Bug 4042 - MIC command between RNFR and RNTO should not be rejected.
- Bug 4044 - mod_facl prevents a normal SIGHUP reload.
- Bug 4052 - Enhance SQLPasswordPBKDF2 to support per-user query for settings.

1.3.5rc4 - Released 28-Jan-2014
--------------------------------
- Bug 3945 - Spurious log messages at session close.
- Bug 3946 - Null pointer dereference causes segfault when logging
  %{transfer-status}, %{transfer-failure} LogFormat variables on EXIT.
- Bug 3947 - LogFormat %f variable not resolved properly for SFTP renames.
- Bug 3950 - LogFormat %d/%D variables not resolved properly for directory
  listings.
- Bug 3949 - RNFR/RNTO not logged as expected for SFTP EXTENDED
  posix-rename@openssh.com requests.
- Bug 3948 - Support FTP response codes in ExtendedLog for SFTP data transfers.
- Bug 3858 - mod_delay allows too-large values, leading to client hang on
  authentication.
- Bug 3951 - Null pointer dereference for mod_ldap logins when
  LDAPDefaultAuthScheme not configured.
- Bug 3954 - scp downloads result in segfault.
- Bug 3957 - ProFTPD configuration with thousands of <Directory>/<Limit>
  sections leads to slow logins.
- Bug 3959 - mod_sftp does not honor <Directory>/<Limit> sections when symlinks
  are involved.
- Bug 3958 - Directory creation does not honor single-parameter Umask setting.
- Bug 3960 - Support the CAP_FSETID Linux capability, for preserving directory
  SGID bit.
- Bug 3962 - Directory creation fails (chmod(2) EPERM) when root privs are used
  in some cases.
- Bug 3955 - Support secure FXP (site-to-site) transfers using SSCN.
- Bug 3966 - LogFormat %f variable not resolved for some commands.
- Bug 3971 - Support SQLOption for ignoring client library config files when
  needed.
- Bug 3972 - Authentication error on Cygwin due to bad code.
- Bug 3973 - mod_sftp can be forced to allocate too much memory for
  keyboard-interactive authentication.
- Bug 3974 - PathDenyFilter directive does not work as expected for SFTP
  sessions.
- Bug 3963 - Improve permission setting when creating directories.
- Bug 3975 - Error printed to stderr when loading GeoIP Lite country database
  using IndexCache flag.
- Bug 3976 - ProFTPD terminating (signal 11) crash for GeoLiteCity-20130903
  database lookup.
- Bug 3964 - Support running ExecOnEvent actions with logged-in user's
  permissions.
- Bug 3979 - mod_sql_odbc compiler warnings on 64-bit systems using unixODBC.
- Bug 3952 - Make PersistentPasswd default to 'off'.
- Bug 3981 - Null pointer dereference in mod_exec with ExecOption useStdin.
- Bug 3982 - Normalize log messages and levels.
- Bug 3888 - Add LDAPLog directive to mod_ldap.
- Bug 3982 - Normalize log messages and levels.
- Bug 3986 - Support filesystems which do not support chmod(2)/chown(2),
  e.g. FAT/ExFAT.
- Bug 3991 - SSL session caching modules use incorrect OpenSSL cache mode flags,
  breaking session caching.
- Bug 3987 - LogFormat variable for just the filename.
- Bug 3965 - Timeout directives have inconsistent maximum values.
- Bug 3998 - Support IgnoreSCPUploadTimes SFTPOption.
- Bug 3995 - ftpasswd utility should prevent concurrent modification of files.
- Bug 3994 - ftpasswd utility should support --lock/--unlock options.
- Bug 3970 - ProFTPD should not use fd 2 (stderr) for files.
- Bug 3772 - Support Elliptic Curve Cryptography (ECC) certs for
  FTPS connections.
- Bug 3992 - RSA signature issue when connecting using PuTTY/WinSCP.
- Bug 3996 - Handling ALLO command can result in wrong response when chrooted.
- Bug 3876 - ExecOnEvent should be configurable per <VirtualHost>/<Global>.
- Bug 4001 - mod_sftp fails key exchange for 8192-bit DH group.
- Bug 4002 - Add 7680-bit DH parameter to mod_sftp bundled dhparams.pem file.
  A 3072-bit DH group was also added.
- Bug 4004 - IgnoreSCPUploadPerms SFTPOption not honored properly for SCP
  directory upload.
- Bug 4006 - RADIUS "service-type" attribute encoded with wrong length on
  64-bit system.
- Bug 4011 - NLST ../ shows current directory contents rather than parent
  directory.
- Bug 4013 - SCP upload of shorter file does not completely overwrite existing
  file of same name.
- Bug 4014 - CommandBufferSize should override PR_DEFAULT_CMD_BUFSZ.

1.3.5rc3 - Released 14-Jun-2013
--------------------------------
- Bug 3910 - Clang's scan-build warns on set[u][g]id unchecked return value.
- Bug 3914 - 1.3.5rc2 fails to build on Solaris 10.
- Bug 3917 - Make DeleteAbortedStores on by default when HiddenStores enabled.
- Bug 3918 - mod_sftp segfault after SIGHUP when evaluating client banner.
- Bug 3864 - Support SQL query to lookup/use primary key for logged-in
  user/group.
- Bug 3920 - Support umac-64@openssh.com digest for mod_sftp.
- Bug 3921 - Single failed keyboard-interactive login attempt causes SSH
  connection to close prematurely.
- Bug 3923 - mod_cap does not revoke root privileges properly for SFTP
  connections.
- Bug 3926 - Support OpenSSH fsync SFTP extension.
- Bug 3925 - SFTP directory listings are sensitive to locale environment
  variables.
- Bug 3924 - HideFiles does not filter symlinks.
- Bug 3929 - pam_session_close() requires root privs on some platforms.
- Bug 3932 - SQLAuthType Backend returns "password mismatch" for MySQL
  PASSWORD().
- Bug 3934 - HideUser/HideGroup do not work as expected for virtual users.
- Bug 3935 - scp download of nonexistent file results in client hang.
- Bug 3927 - Default ControlsSocket created despite custom ControlsSocket path.
- Bug 3937 - Segfault when retrieving SSH public key from LDAP directory.
- Added new mod_snmp contrib module.
- Bug 3939 - Disable Controls for "ServerType inetd" servers.
- Bug 3942 - mod_sftp_sql should support multiple keys concatenated together
  in a single column.
- Bug 3943 - Support for PBKDF2 passwords in mod_sql_passwd.
- Bug 3941 - RLimitProcesses causes problems with setuid/setreuid.

1.3.5rc2 - Released 06-Mar-2013
--------------------------------
- Bug 3859 - MLSD fails to show symlinks when ShowSymlinks is not configured.
- Bug 3860 - Add a default deny option for mod_geoip.
- Bug 3862 - Support for FTPS-specific MasqueradeAddress functionality.  A
  new TLSMasqueradeAddress directive has been added to mod_tls.
- Bug 3863 - mod_sftp does not handle MaxLoginAttempts properly.
- Bug 3865 - BanEngine not set in "server config" results in "mod_ban not
  enabled" ftpdctl error.
- Bug 3866 - Issuing invalid 'ftpdctl ban' request causes segfault.
- Bug 3867 - ftpasswd fails with "Permission denied" when adding subsequent
  passwd/group entries.
- Bug 3868 - Only first DH param in TLSDHParamFile is used, regardless of
  requested keylength.
- Bug 3870 - Handling of OPTS command can lead to crash.
- Bug 3779 - Generate new DH parameters for mod_tls and mod_sftp.
- Bug 3871 - REALPATH SFTP request not properly handled by <Limit DIRS>
  configuration.
- Bug 3872 - Use HiddenStores directive to customise suffix.
- Bug 3873 - Provide FTP response code in ExtendedLog for failed SFTP REMOVE
  request.
- Bug 3869 - Use longer SSL session cache expiration by default.
- Bug 3874 - Use of O_EXCL flag on HiddenStores files might break for NFS
  filesystems.
- Bug 3878 - QuotaExcludeFilter not honored for uploads when 'hard' limits are
  used.
- Bug 3879 - Allow additional columns in SQLNamedQuery queries used for quota
  limits and tallies.
- Bug 3882 - DisplayLogin with an absolute path does not work properly within
  an <IfGroup> section.
- Added new mod_log_forensic contrib module.
- Bug 3881 - <Directory> sections within <IfGroup> sections not applied as
  expected.
- Bug 3884 - Configure script not detecting MySQL make_scrambled_password
  functions.
- Bug 3887 - <Limit ALL> erroneously blocks the PROT command used for FTPS.
- Bug 3819 - Second and subsequent LIST of directory with many files is very
  slow.
- Bug 3889 - Support millisecond timestamp LogFormat variable.
- Bug 3891 - Allow TLSProtocol directive in <VirtualHost> and <Global> sections.
- Bug 3753 - Support SFTP request names in <Limit> sections better.
- Bug 3892 - mod_auth_file should have strict permission checks of configured
  files.
- Bug 3893 - Add SQLLogOnEvent directive, for performing SQL query on
  configurable event.
- Bug 3894 - ftptop doesn't work with --enable-nls.
- Bug 3895 - Missing TransferLog entry under some out-of-space conditions.
- Bug 3897 - mod_sftp does not handle a REALPATH request properly for SFTP
  protocol version 6.
- Bug 3896 - Warn when world-writable config files are used.
- Bug 3899 - Support authentication of users based on SSL/TLS client
  certificate.
- Bug 3903 - With mod_log_forensic enabled, SSH connections fail randomly.
- Bug 3905 - Handle the Linux-specific PAM_RADIO_TYPE message properly.
- Bug 3709 - Support download-triggered emails in the ftpmail script.
- Bug 3904 - scp downloads using glob pattern sometimes fails.
- Bug 3900 - ProFTPD terminating (signal 11) on some sftp connections.
- Bug 3906 - Support ban rule for clients which perform SSL/TLS handshakes too
  frequently.

1.3.5rc1 - Released 04-Jan-2013
--------------------------------
- Bug 3712 - mod_wrap2/mod_load build errors: missing config.h.
- Bug 3713 - mod_tls cannot be compiled using Openssl 0.9.6.
- Bug 3646 - Debug logging to stderr should include timestamps and PID.
- Bug 3714 - ftpwho/ftptop are not showing command arguments (e.g. downloaded
  file name).
- Bug 3715 - MLSD/MLST fail when "DirFakeUser off" or "DirFakeGroup off" used.
- Bug 3717 - proftpd fails to run with "Abort trap" error message.
- Bug 3719 - LIST -R can loop endlessly if bad directory symlink exists.
- Bug 3720 - Various module logfile permissions are 0600 instead of 0640.
- Bug 3723 - mod_memcache segfault on server restart.
- Bug 3721 - mod_rewrite does not replace characters if there are more than
  8 occurrences.  To handle this situation, a new RewriteMaxReplace directive
  has been added for configuring this limit.
- Bug 3724 - Unloading mod_quotatab causes segfault.
- Bug 3686 - Support SHA2 digests in mod_sftp.  See the SFTPDigests directive
  documentation for more information.
- Bug 3629 - Support <IfAuthenticated> conditional config section.
- Bug 3682 - Configure does not detect libiconv under Gentoo FreeBSD.
- Bug 3726 - mod_exec does not always capture stdout/stderr output from
  executed command.
- Bug 3727 - mod_wrap2 causes unexpected LogFormat %u expansion for SFTP
  connections.
- Bug 3729 - mod_ldap can segfault when LDAPUsers is used with no optional
  filters.
- Bug 3728 - Build failure in wtmp.c on Gentoo/FreeBSD on sparc.
- Bug 3734 - DirFakeUser/DirFakeGroup off with name causes SIGSEGV for
  MLSD/MLST commands.
- Bug 3739 - Allow for configurable SSH version identifiers in mod_sftp.  The
  SSH version identifier can now be configured for mod_sftp via the
  ServerIdent directive.
- Bug 3718 - ftptop fails to build on OpenSUSE.
- Bug 3699 - ProFTPD crash on start up on Mac OSX Lion with NLS enabled.
- Bug 3744 - Support ls(1) -1 option for LIST command.
- Bug 3746 - Support applying ListOptions only to NLST or to LIST commands.
- Bug 3747 - Support option for displaying symlinks via MLSD using syntax
  preferred by FileZilla.  The new FactsOptions directive can be used for
  this purpose.
- Bug 3745 - Reject PASV command if no IPv4 address available.
- Bug 3701 - Modify ScoreboardFile directive to support disabling scoreboarding.
- Bug 3742 - Improper handling of self-signed certificate in client-sent cert
  list when "TLSVerifyClient on" is used.
- Bug 3749 - Compile of src/netacl.c fails on Tru64 UNIX (OSF/1) due to
  conflict with system header.
- Bug 3743 - Random stalls/segfaults seen when transferring large files
  via SFTP.
- Bug 3752 - proftpd process exit status is zero for "Failed binding to
  address, port N: Address already in use" startup failure.
- Bug 3751 - mod_ban does not close/reopen the BanLog/BanTable file descriptors
  on restart, causing a file descriptor leak.
- Bug 3707 - Add request/transfer ID to the logging of the initial and closing
  commands for SFTP file transfers.  This can now be accomplished using a
  LogFormat variable of '%{note:sftp.file-handle}'.
- Bug 3757 - Support SFTPOption for ignoring requests to modify file ownership.
- Bug 3756 - mod_ctrls no longer listens on ControlsSocket after restart.
- Bug 3731 - Support active data transfers while RootRevoke is in effect.
- Bug 3737 - Allow UTF8 when UseEncoding is used.
- Bug 3573 - Support Elliptic Curve Cryptography (ECC) in SSH.
- Bug 3758 - ProFTPD crashes when handling mod_gss authentication due to null
  pointer.
- Ability to load SSH host keys from an SSH agent, in addition to files on
  disk.  See doc/contrib/mod_sftp.html#SFTPHostKey for more information.
- Bug 3761 - SSH2 key exchange fails if client sends certain SSH message before
  NEWKEYS.
- Bug 3763 - Ensure that mod_sftp operates properly when OpenSSL FIPS mode is
  enabled.
- Bug 3764 - mod_sftp does not correctly handle a 'guess' KEX message when the
  client guesses correctly.
- Bug 3765 - mod_sftp should honor the GroupOwner directive for MKDIR requests.
- Bug 3626 - Display variable %f off by a factor of 1024 on 64-bit platforms.
- Bug 3673 - Support date/timestamp variables in mod_rewrite.
- Bug 3754 - ProFTPD refuses to delete/rename a symlink pointing outside a
  writable directory.
- Bug 3766 - Support a QuotaDefault directive, for configuring default limits.
- Bug 3767 - mod_rewrite segfault when handling SITE CHGRP without a parameter.
- Bug 3768 - ExecTimeout 0 (zero) not treated as infinite.
- Added new mod_geoip contrib module.
- Bug 3769 - Ensure that encoded strings are NUL-terminated.
- Bug 3732 - AIX build error: undefined symbol: .alloca.
- Bug 3782 - SQLShowInfo does not work properly for error responses.
- Bug 3780 - AIX gives "error setting listen fd IP_TOS: Invalid argument".
- Bug 3736 - Trying to re-authenticate an existing FTP connection causes invalid
  503 response.
- Bug 3785 - Support resolution of tilde (~) within a chrooted session.
- Bug 3787 - Read-only SFTP OPEN request permissions not properly ignored.
- Bug 3740 - Overwrite permission denied when reloading multiple times and
  multiple <VirtualHost> sections in proftpd.conf.
- Bug 3791 - Invalid handling of SCP control messages fragmented over multiple
  SSH packets.
- Bug 3794 - Cygwin build failure in lib/tpl.c due to wrong include of mman.h.
- Bug 3795 - ProFTPD needs to use -pthread linker option if linking against
  OpenSSL with thread support.
- Bug 3790 - Logfile timestamps change to GMT after MFMT command.
- Bug 3798 - Downloading nonexistent file via SCP results in timeout rather
  than error.
- Bug 3800 - Multiple *Options directives should be handled properly.
- Bug 3801 - mod_tls should have directive like Apache mod_ssl's
  SSLHonorCipherOrder.  The mod_tls module now supports a
  TLSServerCipherPreference directive.
- Bug 3804 - ioctl(RPROTDIS) code no longer needed on Solaris 11.
- Bug 3808 - Segfault in mod_tls when mod_tls_shmcache used.
- Bug 3809 - Segfaults in mod_radius when configured with RadiusGroupInfo.
- Bug 3811 - ExtendedLog entries not written if MaxClients limit reached.
- Bug 3814 - Support "configtest" command for contrib init.d script.
- Bug 3816 - Installation of ftpasswd does not honor DESTDIR environment
  variable.
- Bug 3813 - Ability to use CreateHome to create parent directories as
  non-root user, for better interoperability with NFS.
- Bug 3806 - Support reverse DNS resolution for IPv6 addresses when
  gethostbyname2(3) is not available.
- Bug 3820 - Support device/interface names in <VirtualHost>, MasqueradeAddress,
  and DefaultAddress.
- Bug 3822 - Resolving %U/%u LogFormat variables inconsistent between
  mod_log/mod_sql in certain cases.
- Bug 3824 - Use RFC compliant address/port for data transfer if FTP client has
  not sent PORT/PASV/EPRT/EPSV commands.
- Bug 3825 - Handle RFC 1918 IP addresses in PORT/EPRT commands.
- Bug 3827 - Use non-filesystem based SFTP handle generator instead of
  mktemp(3).
- Bug 3828 - Certain sequences of FTP data transfer commands lead to NULL
  pointer dereferences in mod_deflate.
- Bug 3830 - MFF/MFMT command segfaults due to insufficient parameter checks.
- Bug 3829 - RNFR without following RNTO can lead to NULL pointer dereference.
- Bug 3832 - Support disabling of system logging on per-connection basis.
- Bug 3792 - Recursive SCP uploads using preserve-time (-p) option may not work.
- Bug 3831 - Sporadic "451 Insufficient memory or file locked" failure when
  downloading.
- Bug 3833 - Enable TCP keepalive by default, with configurable SocketOption.
- Bug 3837 - mod_tls unable to read certificate files after SIGHUP.
- Bug 3842 - Incorrect handling of REALPATH requests for symlink paths in
  mod_sftp.
- Bug 3843 - ProFTPD should not fail when starting up due to loading same
  module multiple times.
- Bug 3845 - mod_sftp does not provide response codes for %s LogFormat variable
  for AUTH ExtendedLog.
- Bug 3846 - Avoid scanning ScoreboardFile needlessly on login if limits are
  not configured.
- Bug 3850 - ftpasswd should support generating SHA-256, SHA-512 hashes where
  possible.
- Bug 3851 - SFTPPassPhraseProvider fails due to incorrect pointer.
- Bug 3852 - Support directive for ignoring symlink DefaultRoot directories.
  See the new AllowChrootSymlinks directive.
- Bug 3839 - Enhance mod_cap to support dropping root privs entirely.
- Bug 3841 - Possible symlink race when applying UserOwner to newly created
  directory.
- Bug 3855 - Restarting proftpd may cause Include files not to be parsed.
2015-07-13 15:39:27 +00:00
wiz
0982effce2 Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
2015-06-12 10:48:20 +00:00
wiz
7eeb51b534 Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
2014-05-29 23:35:13 +00:00
jperkin
222f8dc36b Import initial SMF support for individual packages. 2014-03-11 14:34:36 +00:00
jperkin
45bc40abb4 Remove example rc.d scripts from PLISTs.
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
2014-03-11 14:04:57 +00:00
adam
bc437f31fb Changes 1.3.4d:
+ Fixed broken build when using --disable-ipv6 configure option
+ Fixed mod_sql "SQLAuthType Backend" MySQL issues
2014-03-03 15:01:53 +00:00
tron
73d05e2276 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:17:32 +00:00
jperkin
85d237f6e0 Fix PLIST for pgsql option. 2013-10-23 15:46:22 +00:00
wiz
d2ca14a3f1 Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.
2013-05-31 12:39:57 +00:00
rodent
44c94b38c6 'EXTRACT_SUFX is ".tar.gz" by default, so this definition may be
redundant.' - It was. Removed.
2013-04-06 13:01:26 +00:00
kim
2eeca3359d Updated net/proftpd to 1.3.4c:
- addresses CVE-2012-6095 <http://bugs.proftpd.org/show_bug.cgi?id=3841>
2013-03-15 13:34:32 +00:00
wiz
a8730d5aa1 Bump PKGREVISION for mysql default change to 55. 2013-03-02 20:33:21 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
obache
64deda1dc9 recursive bump from cyrus-sasl libsasl2 shlib major bump. 2012-12-16 01:51:57 +00:00
asau
e059e7e469 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 17:18:07 +00:00
wiz
8b5d49eb78 Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.

I hope that's all of them.
2012-10-03 21:53:53 +00:00
wiz
f98e8b0585 Add inet6 to default suggested options. It's 2012. 2012-06-12 15:45:54 +00:00
sbd
90d857ba7f Add missing mk/curses buildlink.
Bump PKGREVISION
2011-12-17 10:16:28 +00:00
obache
0d184945b2 Update proftpd to 1.3.3g.
1.3.3g - Released 09-Nov-2011
--------------------------------
- Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD.
- Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks.
  To disable this countermeasure, which may cause interoperability issues
  with some clients, use the NoEmptyFragments TLSOption.
- Bug 3711 - Response pool use-after-free memory corruption error.
2011-11-16 09:05:03 +00:00
adam
2addb25bb0 Changes 1.3.3f:
* Fixes segfault if mod_sql_mysql and "SQLAuthenticate groupsetfast"
  configuration used.
* Fixes mod_wrap syslog level (regression from Bug 3317).
* Fixes mod_ifsession segfault if regular expression patterns used in
  a <VirtualHost> section.
2011-10-03 11:23:31 +00:00
dholland
a3f1eda682 Fix REPLACE_PERL. USE_TOOLS+=perl:run, since it installs the perl scripts
that it's doing REPLACE_PERL on. PKGREVISION -> 1 because of the new dep.
2011-07-03 01:57:06 +00:00
adam
e51708a0ae Changes 1.3.3e:
* Display messages work properly again.
* Fixes plaintext command injection vulnerability in FTPS implementation
  (i.e. mod_tls).  See http://bugs.proftpd.org/show_bug.cgi?id=3624 for
  details.
* Fixes CVE-2011-1137 (badly formed SSH messages cause DoS).  See
  http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.
* Performance improvements, especially during server startup/restarts.
2011-05-20 11:15:01 +00:00
obache
1d9df3258a recursive bump from gettext-lib shlib bump. 2011-04-22 13:41:54 +00:00
adam
29cb4f7b8c Fix building on NetBSD-5 with TLS option; fix for PR#44297 2011-03-25 13:58:37 +00:00
adam
31a545d046 Changes 1.3.3d:
* Fixed sql_prepare_where() buffer overflow.
* Fixed CPU spike when handling .ftpaccess files.
* Fixed handling of SFTP uploads when compression is used.
2011-01-12 07:31:00 +00:00
obache
ec9623f05f Update proftpd to 1.3.3c.
pksrc changes:
* Instead of patch&subst to change layout of statedir, pass it to configure
  instead (and subst for manpages are fixed).
* Convert custom mod_wrap library modification to SUBST.
* Need to buildlink with security/tcp_wappers for mod_wrap.

NEWS:
1.3.3c - Released 29-Oct-2010
--------------------------------
- Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite.
- Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux.
- Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE
  commands.
- Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc
  functionality via proftpd.conf.
- Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc.
- Bug 3521 - Telnet IAC processing stack overflow.

1.3.3b - Released 09-Sep-2010
--------------------------------
- Bug 3481 - Problem with SFTP directory listings.
- Bug 3483 - NULL pointer dereference handling SITE command in mod_quotatab.
- Bug 3485 - Disabling IPv6 via -4 or --ipv4 command-line options does not work.
- Bug 3487 - Null pointer dereference with EPRT/EPSV/PASV/PORT command during
  data transfer.
- Bug 3482 - ProFTPD corrupts utmpx log files on FreeBSD 9.0/HEAD.
- Bug 3491 - Directory pattern not matching as expected.
- Bug 3492 - Null pointer dereference during data transfer due to RNFR/RNTO.
- Bug 3494 - Null pointer dereference for IPv6-enabled proftpd when no
  DefaultServer configured.
- Bug 3501 - <Anonymous> logins with "AuthAliasOnly on" still handled as
  anonymous logins.

1.3.3a - Released 01-Jul-2010
--------------------------------
- Bug 3400 - Add Japanese translation.
- Bug 3401 - mod_sftp does not compile with pre-0.9.7 OpenSSL.
- Bug 3402 - mod_tls does not compile with pre-0.9.7 OpenSSL due to Bug#3349.
- Bug 3403 - File upload followed by MLSD leads to wrong file size entries in
  TransferLog.
- Bug 3405 - Multiple SFTPAuthorizedUserKeys stores causes segfault on 64-bit
  platforms.
- Bug 3354 - Renaming a file across mount points to a full disk does not fail
  as expected.
- Bug 3408 - Use <termios.h> instead of <sys/termios.h> where possible.
- Bug 3412 - Include files not included after restart due to permissions.
- Bug 3409 - Build failure on newer FreeBSD due to utmp/utmpx system changes.
- Bug 3417 - Unsafe use of pointer when scanning config for ScoreboardFile.
- Bug 3418 - %U sometimes showing up as "(none)" in ExtendedLog.
- Bug 3421 - RewriteHome does not work properly for SFTP connections.
- Bug 3419 - SSL_shutdown() errors with openssl-0.9.8m.
- Bug 3423 - Last line of multiline DisplayLogin file improperly handled.
- Bug 3426 - mod_sftp does not log to TransferLog by default.
- Bug 3425 - Improperly constructed destination paths for SCP uploads.
- Bug 3427 - mod_sftp does not handle recursive SCP uploads properly.
- Bug 3432 - ExecBeforeCommand does not interpolate the %F/%f variables
  properly.
- Bug 3434 - TraceLog contains messages even with "Trace DEFAULT:0" configured.
- Bug 3435 - Encoding/decoding conversion can cause CPU spike.
- Bug 3436 - Support build-time option to disable use of nonblocking open of
  log files.  Use --disable-nonblocking-log-open to get the pre-1.3.3 behavior
  of opening log files.
- Bug 3437 - UseImplicitSSL TLSOption causes PBSZ/PROT commands to fail.
- Bug 3439 - Encoding fails if an NLS-enabled proftpd starts in a UTF8 locale.
- Bug 3446 - .ftpaccess ignored in some cases.
- Bug 3447 - mod_sftp can become confused during large recursive SCP uploads.
- Bug 3448 - Ensure that STAT/LSTAT/FSTAT SFTP requests do not use cached/stale
  data.
- Bug 3449 - mod_sftp does not properly handle the O_TRUNC flag in a SFTP OPEN
  request.
- Bug 3450 - mod_sftp does not properly handle the O_APPEND flag in a SFTP OPEN
  request.
- Bug 3451 - WinSCP can't upload files using protocol version 5 with mod_sftp.
- Bug 3452 - mod_sftp does not advertise its supported SFTP extensions for
  protocol version 5.
- Bug 3454 - msgfmt(1) options used for generating NLS files are not compatible
  with Solaris' msgfmt.
- Bug 3456 - Problem attempting to recursively download a directory via SCP.
- Bug 3458 - mod_sftp incorrectly performs OpenSSL cleanup.
- Bug 3459 - mod_radius segfaults during incorrect login due to stale data.
- Bug 3460 - REALPATH SFTP request can cause improperly cached directory
  configuration.
- Bug 3462 - ftpasswd script's --delete-user option does not work.
- Bug 3463 - ftpasswd script's --delete-group option does not work.
- Bug 3465 - SIGSEGV at LIST after CCC.
- Bug 3470 - Deferred resolution <Directory> paths not handled properly by
  mod_sftp.
- Bug 3469 - ExtendedLog's %f variable not properly expanded for DELE if path
  begins with tilde ('~').
- Bug 3467 - mod_ifsession does not merge <Directory> blocks properly.
- Bug 3471 - Null values in allow/deny rules causes mod_wrap2 to segfault.
- Bug 3472 - mod_sftp publickey authentication fails for large keys.
- Bug 3424 - Bad LDAP lookup can cause mod_ldap segfault under some conditions.
- Bug 3476 - LIST/NLST of path starting with "-" fails.
- Bug 3475 - Add new 'noGetgrouplist' AuthUnixOption to work around buggy
  libc code.
- Bug 3474 - Using SQLite database and SQLLog directive can lead to problems
  under load.
2010-11-07 12:21:09 +00:00
wiz
3f909d8dfd Fix test ==.
Reported by Robert Elz in PR 43046.
2010-03-23 13:45:28 +00:00
kim
c121cd4984 Upgrade proftpd to 1.3.3 (bug fixes, see the NEWS file for a full list). 2010-03-21 21:24:25 +00:00
tonnerre
5d5b8fe65d Upgrade proftpd to version 1.3.2c.
Changes since version 1.3.2:
 * Added Taiwan translation.
 * Added a workaround in mod_tls to deal with the vulnerability found in
   SSL/TLS protocol during renegotiation (CVE-2009-3555).  Good
   descriptions of this vulnerability can be found here:

     http://extendedsubset.com/?p=8
     http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

   The workaround implemented in mod_tls (Bug#3324) is one of the suggested
   mitigation approaches: the server now refuses all client-initiated
   SSL/TLS session renegotiations.
 * Bug and regression fixes.
 * Added French, Bulgarian, Korean translations.
 * Various bug and regression fixes.
2009-12-21 00:41:43 +00:00
joerg
3900f91ff1 Convert @exec/@unexec to @pkgdir or drop it. 2009-06-14 21:00:03 +00:00
joerg
62d1ba2bac Remove @dirrm entries from PLISTs 2009-06-14 18:03:28 +00:00
wiz
60f460ab01 Use standard location for LICENSE line (in MAINTAINER/HOMEPAGE/COMMENT
block). Uncomment some commented out LICENSE lines while here.
2009-05-19 08:59:00 +00:00
tron
73be99d8db Fix (de)installation of a binary version of this package.
Bump the package revision because the package list changed.
2009-02-09 11:57:48 +00:00
kim
610d275923 Upgrade proftpd to 1.3.2 2009-02-08 07:28:44 +00:00
shattered
c909d3afef - rc.d script: replace interpreter, add 'reload' command
- install 'ftpasswd' script from contrib

OK by kim@.
2009-01-11 22:47:54 +00:00
kim
cc2c20fcca Grrr, cannot patch next to RCS id strings, so use sed instead. 2008-12-28 08:56:59 +00:00
kim
02faf31054 Fix the "pam" option to leave out PAM when it is not wanted.
Add an "inet6" option for enabling IPv6 support.
Add a "ban" option for enabling mod_ban.
Make the "wrap" option compile all binaries successfully.
Fix generating language catalog with older versions of msgfmt.
2008-12-28 08:42:01 +00:00
martti
943448f6bd Updated net/proftpd to 1.3.2rc3
* Bug fixes
2008-11-21 08:00:36 +00:00
obache
c68a13cad8 Need msgfmt to build. Fixes PR 39692. 2008-10-04 02:25:59 +00:00