support, from unex@linija.org via PR pkg/32901.
Changes:
* When SHA1HANDSOFF is defined, we shouldn't cast a pointer to a large union to
a char buffer, because of alignment required by some architectures.
* WITH_THROTTLING should actually be THROTTLING in src/log_extauth.c . It fixes
throttling with extauth. Reported and fixed by Marcus Merighi <mcmer@tor.at>
through Brad our beloved OpenBSD maintainer.
* Rendezvous has been renamed Bonjour.
* A double-close in the CHMOD command has been fixed.
* The old PAM sample has been removed.
* -F option added to pure-pw.
* MAX_USER_LENGTH has been bumped to 127 due to popular demand.
* pam/* can now be used if security/* doesn't exist. Fixes PAM detection on
MacOS X.
* Call tzset() in chrooted apps in order to get correct time zones in syslog
messages.
* simplify() simplifies paths ending by /. and /..
* MySQL's hash_password() needs 3 arguments since mySQL 4.1.
* Experimental support for RFC2640 (UTF-8 filename encoding) has been added,
derived from code by Jui-Nan Lin ===> added as "utf8" pkgsrc option.
* The LDAP schema has been changed: FTPStatus should be a boolean.
* New switch: -p (--pidfile=) for pure-authd and pure-uploadscript, by Old
Sparky.
* By popular request, even non-chrooted users are now denied access if their
home directory is not mounted.
* If die() is called during a TLS-enabled session, encrypt the death message.
Contributed by Cynix.
* Don't wrongly abort transfer during file upload. Fix by Patrick Gosling.
* WITH_LARGE_FILES is now defined by default.
* sendfile64() support on Linux.
* privsep and main processes were swapped out so that pure-ftpwho displays the
right pid.
* OPTS MLST has been implemented.
* SITE UTIME has been implemented.
* TCP_CORK is on by default again. A new configure switch, --without-cork, can
disable it.
* Correctly format %c and %% in fakesprintf().
* The connection socket is now created with the Nagle algorithm disabled. It
was the trick to dramatically improve performance when transfering a lot of
small files.
* Updated getopt_long() and realpath() substitutes.
* Allow logging to named pipes (thanks to Steve Marple).
* Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server.
* Documentation updates.
* MySQL errors are now logged.
pkgsrc changes:
o move to bsd.options.mk framework
o add ldap options
package changes:
o On MacOS X Panther and Tiger, clients were sometimes rejected when they
has no reverse DNS entry and DNS resolution was enabled. This has been
fixed. Thanks to Yann Thomas Gerard <inside@parasiterecords.com> .
o The command-line parser was broken on FreeBSD and Solaris in version
1.0.19. This has also been fixed.
patch provided by Sergio Jimenez in PR pkg/26381
* Version 1.0.19:
- A workaround for pure-ftpwho not working on OpenBSD has been added.
- Real disk space is no more shown.
- A possible denial of service when too many users were connected should be
fixed. Reported by Agri <agri@desnol.ru>, thanks!
* Version 1.0.18:
- A new, nice-looking PDF version of the documentation is now available from
http://www.pureftpd.org/readme.pdf . Contributed by Torgny Wernersson.
- The beast now compiles and links against MySQL 4.1.x, but passwords must
not be hashed with MySQL-specific hashing function.
- Buglets were fixed in the documentation.
- Two new translations were added : hungarian and catalan. Contributed by
Bánhalmi Csaba and Contributed by Oriol Magrané.
- The server now uses distinct IPv4 and IPv6 to listen to both protocols on
all operating systems. A new switch, -6, forces the server to only listen to
IPv6.
- W3C and CLF alternative log formats are now more standard conformant.
- Pure-FTPd can now produce WU-FTPd (xferlog) compatible log files.
- Support for Rendezvous was added on MacOS X.
- Support for Apple / GNUStep plist data output was added to pure-ftpwho.
- UTF-8 characters are now supported in file names. A new switch,
--without-unicode, can be used to filter out non-latin characters.
Changes:
* Version 1.0.17a:
+ An old standing issue has been fixed : ungracefully aborted transfers
caused the session to exit without removing ftpwho entry and atomic
files. This fix also speeds up ftpwho and peruserlimit.
* Version 1.0.17:
+ The SSL certificate file can now be changed through a new configuration
switch, --with-certfile. It doesn't depend on sysconfdir any more and it
defaults to the original location : /etc/ssl/private/pure-ftpd.pem.
+ Shadowed NIS accounts and MacOS X Panther system accounts are now
processed by the pure-pwconvert tool.
+ The server doesn't reject users any more on Linux when capabilities are
used.
+ The documentation has been improved (man pages, README, FAQ, typos).
+ Optimizations have been made.
+ SO_REUSEPORT is now used on FreeBSD to always bind the ftp-data port.
+ SSL-related error messages are now more explicit.
+ The SITE TIME command has been implemented.
+ The sample PAM configuration file has been rewritten.
+ A logfile parser has been added to the contribs.
+ MacOS X Panther specific instructions have been added.
+ Upload is now atomic. A file is uploaded with a temporary name and it
gets its final name only once the upload has been completed. If a file
already exists with the same name, the content can be preserved until the
new content has been fully transfered (using the new --notruncate run-time
switch).
Web servers will no more serve partially transfered files during uploads.
The new handling of uploads also limits the races in virtual quota
handling.
* Version 1.0.16c:
+ The PAM backend and the CGI mode were accidentally broken in version
1.0.16b. This version fixes both issues.
+ The Norwegian translation has been updated.
* Version 1.0.16b:
+ The server now properly compiles with SSL/TLS on RedHat 9 systems.
+ pure-ftpwho now outputs nice-looking XHTML 1.1 conformant code, an XSS
issue has been fixed and the local host name is now properly displayed in
verbose mode.
+ The path to SSL certificates now follows the --sysconfdir prefix.
+ Minor optimizations have been made.
+ IPv4 and IPv6 addresses will now listen for connections even
without the -4 switch on NetBSD and FreeBSD.
Based on PR pkg/22680 by Jon Olsson.
Changes:
- add new build-time options: PURE_FTPD_USE_TLS, PURE_FTPD_USE_VIRTUAL_CHROOT
- make the MySQL support actually work
- install more documentation
1.0.16a:
========
- Fix typo (sizeof_resolved instead of sizeof resolved) in src/bsd-realpath.c
Not a vulnerability because it happens in the good way, but it sometimes
used to break uploadscript.
1.0.16:
=======
- An obsolete comment in pure-ftpd.conf was fixed : RPMs don't parse
/etc/sysconf/pure-ftpd any more.
- Recognize the '##' prefix as a shadowed password - make authentication work
on Solaris with shadow/NIS.
- Add back some random sleep() between authentication failures in addition to
the exponential sleep. Zzzzz... sleeping is good in summer...
- Upgrade to automake 1.7.5.
- The list of options in the pure-ftpd(8) man page was reordered -
Thanks to our beloved Claudiu Costin.
- SSL/TLS support was added (bits in src/{ftpd.c,ftp_parser.c,tls.c,tls.h,
configure.ac}, new doc: README.TLS, new globals: tls_ctx, tls_cnx). New
related commands were introduced : AUTH, PBSZ and PROT.
- Uploaded files are now removed when realpath() fails and bsd_realpath() was
modified to fall back to getcwd()/chdir() if we can't get a descriptor on
the current directory because it is not readable. It fixes pure-uploadscript
on some platforms like MacOS X.
- HAVE_BROKEN_REALPATH is gone. USE_BUILTIN_REALPATH is born.
- A typo in the Python configuration file wrapper was fixed : -t was used in
place of -y.
- MacOS X Panther has a lousy getnameinfo() implementation that doesn't fill
the buffer when no DNS entry is found for a host and a numerical result
wasn't explicitely asked. As a result, Pure-FTPd didn't even start on Panther
(saying "bad IP address") . We now check for EAI_NONAME if available and we
retry with NI_NUMERICHOST if this is what getnameinfo() returns. Thanks to
Yann Bizeul for his valuable help on this issue.
- Implement a working strdup() replacement in puredb for systems lacking it.
- Some MAXPATHLEN / MAXPATHLEN + 1 cleanups. Basically when paths are
generated by our own functions, we use MAXPATHLEN for the complete
zero-terminated string. When a buffer is passed to a libc function, we reserve
a MAXPATHLEN + 1 buffer and give a MAXPATHLEN size, just to avoid bad
surprises if an off-by-one ever occurs in a getcwd() like function.
- Don't use make_scrambled_password() in the MySQL backend because the API
changed since MySQL 4.1.
- Removed fixed-size constant arrays in src/crypto.c because of MacOS X linker
bugs (grrr...) .
Updated to version 1.0.15.
Addresses PR pkg/21941 by Jon Olsson.
Changes:
- buildlink2-ify
- added PostgreSQL support (PURE_FTPD_USE_PGSQL)
- fixed MySQL support (missing bsd.prefs.mk include)
1.0.15:
=======
- A turkish translation has been added. Thanks to Mehmet Cokcevik
<dns@netline.com.tr> .
- Various functional and portability fixes have been made to the
handling of upload scripts, to the pure-pw command and to the
automatic creation of home directories.
- Accounts in a puredb database can now be quickly listed ("pure-pw
list").
- The anonymous FTP directory can now be overriden on the Windows
port (using a WIN32_ANON_DIR environment variable).
- The default banner has been stripped down to look more
professionnal (ie. boring).
- Transfer speed on BSD systems has been improved.
- The license of the whole package has changed from GPL to a simplified
BSD license.
