Commit graph

46 commits

Author SHA1 Message Date
wiz
a8730d5aa1 Bump PKGREVISION for mysql default change to 55. 2013-03-02 20:33:21 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
obache
64deda1dc9 recursive bump from cyrus-sasl libsasl2 shlib major bump. 2012-12-16 01:51:57 +00:00
asau
e059e7e469 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 17:18:07 +00:00
wiz
bc02f0655a Please pkglint. 2012-02-07 21:00:54 +00:00
morr
fa87d5f961 Update pure-ftpd to version 1.0.35 and add script to start pure-uploadscript.
Changes since 1.0.30:

 - An old-standing bug has been fixed: when a file was renamed and overwrote an existing file, the quota wasn't properly updated.
 - SITE UTIME now supports the 2-arguments syntax in addition to the 5-arguments syntax.
 - Support for the MFMT command has been implemented.
 - A default directory can now be specified when using the LDAP backend.
 - Support SHA1 password hashing in MySQL and PostgreSQL backends
 - Support for braces expansion in directory listings has been disabled - Cf. CVE-2011-0418
 - The list of allowed ciphers for SSL/TLS connections can now be specified (--tlsciphersuite / -J).
 - Shell-like escaping is now partially handled when emulating the "ls" command in order to improve compatibility with legacy clients.
 - Linking issues with MySQL support on Fedora have been solved.
2012-02-07 20:40:39 +00:00
obache
c374086366 Update pure-ftpd to 1.0.30.
* Version 1.0.30:
 - pure-quotacheck can now work with a large number of files.
 - OPTS UTF-8 is now an alias to OPTS UTF8.
 - Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411.
2011-04-02 08:00:58 +00:00
adam
6b0b5fc293 Satify pkglint needs and switch to .tar.bz2 2011-01-05 13:28:30 +00:00
zafer
0e67430902 additionally add LICENSE. 2010-10-27 20:13:59 +00:00
zafer
303f63d0c0 Update pure-ftpd to 1.0.29
Changelog:

Version 1.0.29:
    * Fixed corruption when downloading files larger than 4 Gb on a 32-bits arch.
    * Fixed error on exit on Linux.
    * Downloading should be slightly faster.

Version 1.0.28:

    * When —autorename is enabled, an upload script will now get the final file name instead of the original one.
    * The ALLO command now checks for the actual disk space in addition to the virtual quota.
    * ABOR on OSX has been fixed.
    * Fixed the virtual quota computation after an atomic upload has been resumed.
    * Fixed AUTH_ENCRYPTED.
    * A workaround against spurious disconnections with ncftp has been implemented.
2010-10-27 20:03:56 +00:00
obache
23d5901772 Update pure-ftpd to 1.0.27.
Based on PR#42711 by Fredrik Pettai.

Pkgsrc changes:
Honor VARBASE.

* Version 1.0.27:
 - IPv6 connections are accepted again (regression from version 1.0.26)
 - SSLv3 renegociation has been disabled
 - .pureftpd-upload-* files can be deleted by users with no quota.
 - The server can be forced to shut down on iPhone.

* Version 1.0.26:
 - Fix incompatibilities with Cyberduck and dramatically speed up directory
listings and transfers when TLS is enabled with some other clients like LFTP.
 - Allow authentication of non-chrooted users again. It was a regression
from version 1.0.25. Spotted by Juergen Daubert.

* Version 1.0.25:
 - The FTP server can now be built as a library for iPhone and iPod Touch.
 - Display symbolic links in the MSLD command as symbolic links, unless the
broken clients mode is enabled, just like STAT/LIST/NLST.
 - Enhanced compatibility with gcc 2.x and with custom installation paths.
 - Fix packaging issues, especially when the server isn't installed in the
default paths
 - Downloads now require less CPU and less memory.
 - Fix an infinite loop that could lead to a client process burning a CPU
core if the client didn't disconnect properly. Reported by Thomas Min and
Margus Kaidja.
 - Handle fake download resumes the traditional way for the sake of being
compatible with weird clients that insist on doing that.
 - The group name is now always displayed instead of the gid when it matches the
primary user group.

* Version 1.0.24:
 - When using LDAP in BIND mode, empty passwords are refused. Reported by
Henning Brauer.

* Version 1.0.23:
 - The LDAP schema has been fixed.
 - LDAP authentication through binding is now possible in addition to
passwords. This allows for the FTP server to run with an unprivileged LDAP
account.
 - In LDAP objects, the "enabled" value is accepted again as a FTPStatus
property.
 - Privilege separation is now enabled by default.
 - The server should now properly compile on Solaris with privsep.
 - Charset conversions are properly made on directory names.
 - Transfers now handle every kind of disconnection.
 - More informative log messages for errors and activity reporting.
 - Virtual quotas are way more reliable and uploads are interrupted as soon as
quotas are exceeded.
 - Atomic uploads are only used when necessary and only if --notruncate is
enabled.
 - Dangling .pureftpd-upload files should be a thing of past.
 - Enhanced conformance with RFCs and better compatibility with FTP clients.
 - Improved SSL performance, compatibility and commands support.
 - By default, up to 10000 files per directory can be listed instead of 2000.
 - ALLO can now tell clients whether an upload would blow quotas before the
upload actually starts.
 - PAM is now enabled by default on OSX.
 - Switch euid to the _pure-ftpd account (unless it's nonexistent) in the
privsep process.
 - --without-banner is not necessary any more. Having a cookie file
(--fortunefile=...) automatically disables the default banner, thus allowing
full customization of the welcome banner.
 - ./configure --localstatedir is now honored in order to change the
run-time directory.
 - Support for building a FTPS (implicit SSL/TLS) server, using
--with-implicittls

* Version 1.0.22:
 - the LDAP authentication backend now supports TLS encryption.
 - TLS encryption is supported on data channels.
 - downloads require way less CPU time on platforms with slow mmap() calls.
 - MySQL 5+ stored procedures can now be used in the authentication process.
 - time zones issues should be fixed for good.
 - on-demand directories can now be created with any set of permissions.
 - password scrambling of MySQL 5+ is now supported.
 - a catalan translation has been contributed.
 - spurious disconnections due to some clients keepalive tricks have
been fixed.
 - custom authentication handlers are now informed about the encryption
status of the session.
 - standard-conformance and compatibility with several clients have improved.
 - large files are now supported by default.
 - enhanced support for Solaris.
 - a bunch of bug fixes, optimizations and compatibility with newer
libraries and operating system versions.
 - "ftp" and "anonymous" user names can have passwords if the -E switch (no
anonymous logins) is specified.
 - in compatibility mode, non-dangling symbolic links are now displayed as
if they were regular files/directories.
 - --with-everything now includes privsep.
2010-02-04 12:34:08 +00:00
obache
df3e496c12 replace spaces with tabs. 2010-02-04 12:03:51 +00:00
joerg
62d1ba2bac Remove @dirrm entries from PLISTs 2009-06-14 18:03:28 +00:00
joerg
ba171a91fa Add DESTDIR support. 2008-06-12 02:14:13 +00:00
obache
457dc30100 And also rewrite certificate file path in document. 2007-08-26 08:06:48 +00:00
wiz
6e2c35c083 pkglint cleanup; update HOMEPAGE/MASTER_SITES.
From Sergey Svishchev in private mail.
2007-02-22 19:01:13 +00:00
ghen
9dee92219a When SSL is enabled, set the hardcoded certificate file path to
${SSLKEYS}/pure-ftpd.pem instead of /etc/ssl/private/pure-ftpd.pem.
2006-11-15 18:09:19 +00:00
ghen
2eca3d9f2c The databases/openldap package has been split in -client and -server component
packages.  Convert LDAP-based applications to depend on openldap-client, and
bump PKGREVISION for those that depend on it by default.
2006-05-31 18:22:23 +00:00
ghen
695716e802 Point to the correct subdir of the http mirror. 2006-02-28 14:06:40 +00:00
ghen
772755b3e3 Reindent. 2006-02-24 18:17:43 +00:00
ghen
03ad8dcc80 Update pure-ftpd to version 1.0.21 and add an option for (experimental) utf8-
support, from unex@linija.org via PR pkg/32901.

Changes:

* When SHA1HANDSOFF is defined, we shouldn't cast a pointer to a large union to
  a char buffer, because of alignment required by some architectures.
* WITH_THROTTLING should actually be THROTTLING in src/log_extauth.c . It fixes
  throttling with extauth. Reported and fixed by Marcus Merighi <mcmer@tor.at>
  through Brad our beloved OpenBSD maintainer.
* Rendezvous has been renamed Bonjour.
* A double-close in the CHMOD command has been fixed.
* The old PAM sample has been removed.
* -F option added to pure-pw.
* MAX_USER_LENGTH has been bumped to 127 due to popular demand.
* pam/* can now be used if security/* doesn't exist. Fixes PAM detection on
  MacOS X.
* Call tzset() in chrooted apps in order to get correct time zones in syslog
  messages.
* simplify() simplifies paths ending by /. and /..
* MySQL's hash_password() needs 3 arguments since mySQL 4.1.
* Experimental support for RFC2640 (UTF-8 filename encoding) has been added,
  derived from code by Jui-Nan Lin  ===>  added as "utf8" pkgsrc option.
* The LDAP schema has been changed: FTPStatus should be a boolean.
* New switch: -p (--pidfile=) for pure-authd and pure-uploadscript, by Old
  Sparky.
* By popular request, even non-chrooted users are now denied access if their
  home directory is not mounted.
* If die() is called during a TLS-enabled session, encrypt the death message.
  Contributed by Cynix.
* Don't wrongly abort transfer during file upload. Fix by Patrick Gosling.
* WITH_LARGE_FILES is now defined by default.
* sendfile64() support on Linux.
* privsep and main processes were swapped out so that pure-ftpwho displays the
  right pid.
* OPTS MLST has been implemented.
* SITE UTIME has been implemented.
* TCP_CORK is on by default again. A new configure switch, --without-cork, can
  disable it.
* Correctly format %c and %% in fakesprintf().
* The connection socket is now created with the Nagle algorithm disabled.  It
  was the trick to dramatically improve performance when transfering a lot of
  small files.
* Updated getopt_long() and realpath() substitutes.
* Allow logging to named pipes (thanks to Steve Marple).
* Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server.
* Documentation updates.
* MySQL errors are now logged.
2006-02-24 14:35:30 +00:00
ghen
ba15cdab53 * properly mark the legacy variables.
* remove the -I flag for mysql option as this is handled by the bl3.mk file.
2006-02-24 09:15:38 +00:00
ghen
783de2a95c Install the README files for the LDAP, MySQL and PgSQL options.
Bump PKGREVISION.  Ok for wiz.
2006-01-24 22:46:48 +00:00
xtraeme
eadc9131c8 Bump PKGREVISION due to mysql.buildlink3.mk changes (default mysql
pkg has been changed to 5.x). Reminded by wiz... thanks.
2006-01-08 18:35:08 +00:00
jlam
dc9594e09d Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
2005-12-29 06:21:30 +00:00
rillig
579e977969 Ran "pkglint --autofix", which corrected some of the quoting issues in
CONFIGURE_ARGS.
2005-12-05 23:55:01 +00:00
tv
0d9f8447a9 Don't enable privsep on Interix, which has no SCM_RIGHTS support. 2005-11-03 16:59:47 +00:00
reed
ee8be9d0c1 RCD_SCRIPTS_EXAMPLEDIR is no longer customizable.
And always is defined as share/examples/rc.d
which was the default before.

This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.

This was discussed on tech-pkg in late January and late April.

Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
2005-05-02 20:33:57 +00:00
tv
f816d81489 Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. 2005-04-11 21:44:48 +00:00
agc
b12d62efb5 Add RMD160 digests. 2005-02-24 12:13:41 +00:00
reed
32d8f290c2 The default location of the pkgsrc-installed rc.d scripts is now
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.

This is from ideas from Greg Woods and others.

Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
2004-12-28 02:47:40 +00:00
xtraeme
54d05fa49a Remove obsolete variables. You'll want to use:
PKG_OPTIONS.<pkg>+= foo blah
2004-11-17 19:56:49 +00:00
xtraeme
c5b686aff3 Use mk/mysql.buildlink3.mk instead of databases/mysql-client/buildlink3.mk,
so that we'd not force dependance on specific MySQL version, and instead pick
the currently installed mysql*-client (or install the default if there
is no mysql-client package installed yet)

this makes package buildable with arbitrary MySQL version, such as 3.23.x,
4.0.x or 4.1.x
2004-10-29 07:07:44 +00:00
cube
23a3f3fe30 Update to version 1.0.20.
pkgsrc changes:
 o move to bsd.options.mk framework
 o add ldap options

package changes:
 o On MacOS X Panther and Tiger, clients were sometimes rejected when they
   has no reverse DNS entry and DNS resolution was enabled. This has been
   fixed.  Thanks to Yann Thomas Gerard <inside@parasiterecords.com> .
 o The command-line parser was broken on FreeBSD and Solaris in version
   1.0.19. This has also been fixed.
2004-10-20 11:10:29 +00:00
reed
62071c8b2f RCD_SCRIPTS_EXAMPLEDIR was just changed to be a relative directory
under ${PREFIX} instead of being an absolute path.

So fix the references using RCD_SCRIPTS_EXAMPLEDIR to be
${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}.

This should have no changes to use before.

Please note that the MESSAGE files in most cases are wrong in the
first place. We have automated mechanisms and could have an automated
message for explaining rc.d script usage. (This is something to do!)
2004-10-11 22:14:51 +00:00
tv
c487cb967a Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
2004-10-03 00:12:51 +00:00
recht
8dc45652d4 Use the new mk/pgsql.buildlink3.mk to select the correct PostgreSQL
version.
2004-07-24 22:45:14 +00:00
recht
6dfa389b8f update to pure-ftpd-1.0.19
patch provided by Sergio Jimenez in PR pkg/26381

* Version 1.0.19:
 - A workaround for pure-ftpwho not working on OpenBSD has been added.
 - Real disk space is no more shown.
 - A possible denial of service when too many users were connected should be
fixed. Reported by Agri <agri@desnol.ru>, thanks!
2004-07-20 22:04:15 +00:00
reed
2d4122dd45 Fix references to rc.d scripts. This package uses RCD_SCRIPTS
which installs to ${RCD_SCRIPTS_EXAMPLEDIR}. But the MESSAGE
referred to wrong hard-coded location if the RCD_SCRIPTS_EXAMPLEDIR
was not the default. So use RCD_SCRIPTS_EXAMPLEDIR instead.

PKGREVISION not bumped because if someone had changed
RCD_SCRIPTS_EXAMPLEDIR before recent change of autoregistration
of rc.d script in PLIST, then it could not have been packaged
in first place.

Note that this commit does not imply that the MESSAGE is correct.
In some cases, the MESSAGE is clearly wrong such as suggesting
running the rc.d script from the example directory (which will work
although).
2004-04-23 22:43:20 +00:00
reed
9c790735db mk/bsd.pkg.install.mk now automatically registers
the RCD_SCRIPTS rc.d script(s) to the PLIST.

This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.

This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)

These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)

I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.

Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
  hard-coded etc/rc.d. These need to be fixed.
- maybe  remove from mk/${OPSYS}.pkg.dist mtree specifications too.
2004-04-23 22:07:52 +00:00
recht
0fb751412e update to 1.0.18
* Version 1.0.18:
 - A new, nice-looking PDF version of the documentation is now available from
http://www.pureftpd.org/readme.pdf . Contributed by Torgny Wernersson.
 - The beast now compiles and links against MySQL 4.1.x, but passwords must
not be hashed with MySQL-specific hashing function.
 - Buglets were fixed in the documentation.
 - Two new translations were added : hungarian and catalan. Contributed by
Bánhalmi Csaba and Contributed by Oriol Magrané.
 - The server now uses distinct IPv4 and IPv6 to listen to both protocols on
all operating systems. A new switch, -6, forces the server to only listen to
IPv6.
 - W3C and CLF alternative log formats are now more standard conformant.
 - Pure-FTPd can now produce WU-FTPd (xferlog) compatible log files.
 - Support for Rendezvous was added on MacOS X.
 - Support for Apple / GNUStep plist data output was added to pure-ftpwho.
 - UTF-8 characters are now supported in file names. A new switch,
--without-unicode, can be used to filter out non-latin characters.
2004-03-07 11:42:10 +00:00
jlam
4d57bcc846 bl3ify 2004-01-30 11:31:37 +00:00
xtraeme
22b580daff Update to 1.0.17a
Changes:

* Version 1.0.17a:

 + An old standing issue has been fixed : ungracefully aborted transfers
   caused the session to exit without removing ftpwho entry and atomic
   files. This fix also speeds up ftpwho and peruserlimit.

* Version 1.0.17:

 + The SSL certificate file can now be changed through a new configuration
   switch, --with-certfile. It doesn't depend on sysconfdir any more and it
   defaults to the original location : /etc/ssl/private/pure-ftpd.pem.
 + Shadowed NIS accounts and MacOS X Panther system accounts are now
   processed by the pure-pwconvert tool.
 + The server doesn't reject users any more on Linux when capabilities are
   used.
 + The documentation has been improved (man pages, README, FAQ, typos).
 + Optimizations have been made.
 + SO_REUSEPORT is now used on FreeBSD to always bind the ftp-data port.
 + SSL-related error messages are now more explicit.
 + The SITE TIME command has been implemented.
 + The sample PAM configuration file has been rewritten.
 + A logfile parser has been added to the contribs.
 + MacOS X Panther specific instructions have been added.
 + Upload is now atomic. A file is uploaded with a temporary name and it
   gets its final name only once the upload has been completed. If a file
   already exists with the same name, the content can be preserved until the
   new content has been fully transfered (using the new --notruncate run-time
    switch).
   Web servers will no more serve partially transfered files during uploads.
   The new handling of uploads also limits the races in virtual quota
   handling.

* Version 1.0.16c:

 + The PAM backend and the CGI mode were accidentally broken in version
   1.0.16b. This version fixes both issues.
 + The Norwegian translation has been updated.

* Version 1.0.16b:

 + The server now properly compiles with SSL/TLS on RedHat 9 systems.
 + pure-ftpwho now outputs nice-looking XHTML 1.1 conformant code, an XSS
   issue has been fixed and the local host name is now properly displayed in
   verbose mode.
 + The path to SSL certificates now follows the --sysconfdir prefix.
 + Minor optimizations have been made.
 + IPv4 and IPv6 addresses will now listen for connections even
   without the -4 switch on NetBSD and FreeBSD.
2003-12-18 04:26:05 +00:00
jschauma
fe19bb05b5 PKGREVISION++ after openssl update. 2003-11-12 03:39:39 +00:00
salo
016dde61b8 Update to version 1.0.16a.
Based on PR pkg/22680 by Jon Olsson.

Changes:

- add new build-time options: PURE_FTPD_USE_TLS, PURE_FTPD_USE_VIRTUAL_CHROOT
- make the MySQL support actually work
- install more documentation

1.0.16a:
========
- Fix typo (sizeof_resolved instead of sizeof resolved) in src/bsd-realpath.c
  Not a vulnerability because it happens in the good way, but it sometimes
  used to break uploadscript.

1.0.16:
=======
- An obsolete comment in pure-ftpd.conf was fixed : RPMs don't parse
  /etc/sysconf/pure-ftpd any more.
- Recognize the '##' prefix as a shadowed password - make authentication work
  on Solaris with shadow/NIS.
- Add back some random sleep() between authentication failures in addition to
  the exponential sleep. Zzzzz... sleeping is good in summer...
- Upgrade to automake 1.7.5.
- The list of options in the pure-ftpd(8) man page was reordered -
  Thanks to our beloved Claudiu Costin.
- SSL/TLS support was added (bits in src/{ftpd.c,ftp_parser.c,tls.c,tls.h,
  configure.ac}, new doc: README.TLS, new globals: tls_ctx, tls_cnx). New
  related commands were introduced : AUTH, PBSZ and PROT.
- Uploaded files are now removed when realpath() fails and bsd_realpath() was
  modified to fall back to getcwd()/chdir() if we can't get a descriptor on
  the current directory because it is not readable. It fixes pure-uploadscript
  on some platforms like MacOS X.
- HAVE_BROKEN_REALPATH is gone. USE_BUILTIN_REALPATH is born.
- A typo in the Python configuration file wrapper was fixed : -t was used in
  place of -y.
- MacOS X Panther has a lousy getnameinfo() implementation that doesn't fill
  the buffer when no DNS entry is found for a host and a numerical result
  wasn't explicitely asked. As a result, Pure-FTPd didn't even start on Panther
  (saying "bad IP address") . We now check for EAI_NONAME if available and we
  retry with NI_NUMERICHOST if this is what getnameinfo() returns. Thanks to
  Yann Bizeul for his valuable help on this issue.
- Implement a working strdup() replacement in puredb for systems lacking it.
- Some MAXPATHLEN / MAXPATHLEN + 1 cleanups. Basically when paths are
  generated by our own functions, we use MAXPATHLEN for the complete
  zero-terminated string. When a buffer is passed to a libc function, we reserve
  a MAXPATHLEN + 1 buffer and give a MAXPATHLEN size, just to avoid bad
  surprises if an off-by-one ever occurs in a getcwd() like function.
- Don't use make_scrambled_password() in the MySQL backend because the API
  changed since MySQL 4.1.
- Removed fixed-size constant arrays in src/crypto.c because of MacOS X linker
  bugs (grrr...) .
2003-09-20 16:56:39 +00:00
salo
faadf6f444 Reimported net/pureftpd as net/pure-ftpd to make it more consistent.
Updated to version 1.0.15.
Addresses PR pkg/21941 by Jon Olsson.

Changes:

- buildlink2-ify
- added PostgreSQL support (PURE_FTPD_USE_PGSQL)
- fixed MySQL support (missing bsd.prefs.mk include)

1.0.15:
=======
- A turkish translation has been added. Thanks to Mehmet Cokcevik
  <dns@netline.com.tr> .
- Various functional and portability fixes have been made to the
  handling of upload scripts, to the pure-pw command and to the
  automatic creation of home directories.
- Accounts in a puredb database can now be quickly listed ("pure-pw
  list").
- The anonymous FTP directory can now be overriden on the Windows
  port (using a WIN32_ANON_DIR environment variable).
- The default banner has been stripped down to look more
  professionnal (ie. boring).
- Transfer speed on BSD systems has been improved.
- The license of the whole package has changed from GPL to a simplified
  BSD license.
2003-07-12 14:43:08 +00:00