Commit graph

40 commits

Author SHA1 Message Date
joerg
3666b9f3c4 CFLAGS must be modified after including bsd.prefs.mk.
XXX pkglint should detect this
2009-08-13 20:20:24 +00:00
joerg
62d1ba2bac Remove @dirrm entries from PLISTs 2009-06-14 18:03:28 +00:00
obache
97a950023a regen for missing patch-ae. 2008-11-03 05:29:29 +00:00
abs
df1dc3d9d1 Updated net/vsftpd to 2.0.7 - needed for recent FileZilla to with with SSL
v2.0.5

- Apply fix for O_NONBLOCK vs. XFS DMAPI filesystem. Thanks to Sudha Srinivasan
<sudhas@sgi.com>.
- Fix build warnings exposed by my upgrade to Fedora Core 5 / GCC4.1.1.
- Be more honest in FEAT response if PORT or PASV are disabled! Reported by
Charles Honton <chas@honton.org>. Allows MS Explorer to get the transfer mode
correct.
- pam_pwdb.so -> pam_unix.so in example PAM file. Thanks to
Rhodes, Colin <colin.rhodes@airways.co.nz>.
- Add FAQ issue regarding "chroot fails with SSL" - in fact, sshd is being hit
here instead ;-)
- Minor man page doc tweaks.
- Tiny bit of paranoia in privops.c.
- Revert change to reject anonymous logins before asking for password. This
fixes complaints about IE not showing the FTP login dialog.
- Change SSL certificate load to cater for chaining too.
- Added delay_failed_login and delay_successful_login to help limit resources
taken by brute force attacks.
- Kick session after a few login fails. Allows IP blocking solutions to be more
immediately effective.
- Replace setenv() with more portable putenv(). First part of Solaris fix.
- Replace tm_gmtoff usage with timezone and daylight. Second part of Solaris
fix.
- Set PAM items TTY and RUSER if possible.
- OpenBSD build warning fixes.
- So, timezone and daylight are not available on BSD, so redo the whole TZ
thing again. Should use only very portable constructs now.

v2.0.6

- Fix delay_failed_login typo. Oops.
- Patch the getcwd and readlink sysutil helpers to reflect that they wouldn't
like a 0-sized buf. No caller is affected. Thanks Ilja van Sprundel
<ilja@suresec.org>.
- Allow a (fake) reauth as the same user as the logged in user. Should resolve
.NET related report from Sabo Jim <Jim.Sabo@thomson.net>.
- Tweak from Lucian Adrian Grijincu <lucian.grijincu@gmail.com> to take
unnecessary port calculations out of a loop.
- Fix byte I/O accounting in the error path of do_file_send_rwloop, thanks to
<echen@siac.com>.
- Don't log FireFox's attempts to RETR directories! Reported by
Nixdorf, Tim <tnixdorf@dnps.com>.
- Fix STOU sending the same 150 status line twice - oops! Reported by
<yamazaki@iij.ad.jp>.
- Fix xferlog format for virtual (guest) users, reported by Andy Fletcher
<andy@withnail.org>.
- Fix bug with empty user list file and userlist_deny=NO. Reported by
Marcin Zawadzki/GlobalVanet.com <marcin.zawadzki@globalvanet.com>.
- Pretend we have proper UTF8 support and respond positively to OPTS UTF8 ON.
Thanks Stanislav Maslovski <stanislav.maslovski@gmail.com>.
- Add control over the file permissions used in the chown()ing of anonymous
uploads: chown_upload_mode (default 0600 as before). Suggestion from
An Pham <apham@medforcetech.com>.
- Do a retry getting the active ftp socket in vsf_privop_get_ftp_port_sock();
should help buggy Solaris systems. Reported by Michael Masterson
<mjmasterson@xo.com>.
- Add debug_ssl option to dump out some SSL connection details.
- Use code 522, not 521, to indicate that the server requires an encrypted
data connection. Still does not seem to coax lftp to retry :(
- Recognize OPTS pre-login.
- A whole ton of SSL improvements, including ability to force requirement of
a client cert; data and control channel client cert cross checking. Ability
to require fully valid / authentic client certs. No cert-based auth yet.
- Change my e-mail to my GMail account.

v2.0.7

- Fix finding libcap for the link on Slackware systems, thanks to Roman
Kravchenko <roman@atech.lv>.
- Fix build on Solaris 2.8 due to non-standard C, thanks to IIDA Yosiaki
<y-iida@secom.co.jp>.
- Fix man page typo, thanks Matt Selsky <selsky@columbia.edu>.
- Bring the PASV listen() into the bind() retry loop to resolve a race under
extreme load. Thanks to Curtis Taylor <cjt@us.ibm.com>.
- Enhance logging for debug_ssl.
- Shutdown the SSL data connections properly. This prevents clients such as
recent FileZilla from complaining. Reported by various people.
- Add option to enforce proper SSL shutdown on uploads. Left it off after much
agonizing because clients are so broken in this area.
- Add option to delete failed uploads.
2008-09-22 11:02:21 +00:00
joerg
3b0d97b0de Add DESTDIR support. 2008-06-20 01:09:05 +00:00
minskim
f1ff987e15 vsftpd needs libcrypt on Linux when pam is not used.
Based on the patch provided by Matteo in PR 33801.
2007-12-22 23:07:37 +00:00
jlam
4390d56940 Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user.  This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.

(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
    unprivileged.mk.  These two variables are lists of other bmake
    variables that define package-specific users and groups.  Packages
    that have user-settable variables for users and groups, e.g. apache
    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
    etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
    and ${UNPRIVILEGED_GROUP}.

(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
2007-07-04 20:54:31 +00:00
rillig
2829e658f2 Mechanically replaced man/* with ${PKGMANDIR}/* in the definition of
INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
${PREFIX}/${PKGMANDIR}.

Fixes PR 35265, although I did not use the patch provided therein.
2007-01-07 09:13:46 +00:00
tv
cbf063eee3 Require "inet6" option instead of using deprecated USE_INET6; also don't
set that in PKG_SUGGESTED_OPTIONS (it's up to bsd.pkg.mk to do that).
2007-01-03 15:54:56 +00:00
joerg
96f6b62c58 Explicitly error out if inet6 support is not present or disabled.
From PR 25674.
2006-10-05 15:20:28 +00:00
joerg
0ad6a280a0 Improve linkage but not using the crappy shell script from vsftpd,
which doesn't work correctly e.g. on Solaris. Make PAM optional,
but since the option is on by default, nothing changes.
Fix compilation on Solaris based on input from Stefan Pfetzing
in PR 33494.
2006-05-16 21:08:50 +00:00
jlam
802ce74fcb Modify packages that set PKG_USERS and PKG_GROUPS to follow the new
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
2006-04-23 00:12:35 +00:00
jlam
9c8b5ede43 Point MAINTAINER to pkgsrc-users@NetBSD.org in the case where no
developer is officially maintaining the package.

The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list).  Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
2006-03-04 21:28:51 +00:00
wiz
6b956f7411 Fix tcpwrappers option. Since it is on by default, bump PKGREVISION.
From Hironaga KOJIMA in private mail.
2006-01-30 18:07:06 +00:00
wiz
57cd63c79d Update to 2.0.4, based on 2.0.1 update from Ove Soerensen in PR 26811.
Add ssl (default off) and tcpwrappers (default on) options.

Changes:

- Improve logging (log deletes, renames, chmods, etc. as requested by users).
- Add no_log_lock to work around Solaris / Veritas locking hangs.
- Add EPRT, EPSV, PASV and TVFS to FEAT response.
- Implement use of MDTM to set timestamps.
- Recognize FEAT prior to login.
- Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data
connections! Hurrah.
- Increase max size of .message files to 4000 characters, thanks to Eric
Pancer for the report.
- Add easy builddefs.h ability to disable PAM builds even when PAM is installed.
- Report vsftpd version in STAT output.
- Add REFS file.
- Change parent<->child socket comms from DGRAM to STREAM for increased
reliability. The main benefit is should the parent be killed (or crash out)
then the child won't block on a read() that will never return.
- Make str_reserve reserve space for the trailing zero as well, so we don't
cause a reallocation if we exactly fill the buffer.
- Optimize the sending of strings over the parent<->child comms links.
- Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly
compiled out.
- Fix vsftpd.conf.5 typos, thanks to Dmitry V. Levin
- If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring
totally. Thanks to Brad
- Lose Makefile.sun and README.solaris special cases.
- Add SSL / TLS info to SECURITY texts.
- Add README.ssl
- Add documentation for new SSL options to vsftpd.conf.5.
- Add support for CWD ~ (and in general support ~ at start of any filename).
Also support stuff like ~chris/pics, if tilde_user_enable=YES is set. Note that
all of this is for very very broken clients :-(
- Fix compile warnings.
- Update INSTALL with (recent) OS X as a working platform.

At this point: v2.0.0 released!
===============================

- Add -lcrypto for the SSL build; needed for some systems! Thanks to Nelson
Chang
- Oops; fix session bale out if an empty length password is given.
- Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so).
- Fix vsftpd.conf.5 man page error in "ssl_sslv3", thanks to Etienne Chevillard
- Clarify licensing: I allow linking of my GPL software with the OpenSSL
libraries. Thanks to Jonas Bofjall
- Add COPYRIGHT.
- Fix build on OpenBSD, FreeBSD, probably NetBSD too (they aren't SuSv2
compliant; timezone should be a variable not a function).
- Fix build where PAM build is enabled but PAM headers are missing.
- Fix build on RHEL3 (remove errant include from twoprocess.c).

At this point: v2.0.1 released!
===============================

- Fix FAQ typo, thanks to Jose Santiago Oyervides Gonzalez
- Emit data transfer status messages (success / failure) after flushing and
waiting for the full data transfer to reach the client. This should help work
around buggy FTP clients such as FlashFXP, which is known to truncate files
incorrectly.
(v2.0.2pre1)
- Make str_empty actually allocate an empty string.
- Change the ASCII receive code to ONLY rip out \r if it is just before a \n;
someone finally complained about this.
(v2.0.2pre2)
- Enable AIX Large File Support #define from Tomas gren
- Add a couple of FAQ entries.
- Fix time delta code areas to cope with negative deltas, which will occur
if the clock is adjusted backwards. Thanks to Andrew Anderson
for a great report.
- Fix "errno" checks to be robust in multiple places; previously, calls to
failing library calls could be made inbetween the original library call and
the "errno" reads. Thanks to Andrew Anderson for a great
report.
- Make bandwidth limiter work with SSL data connections.
(v2.0.2pre3)
- Note that the SSL / bandwidth limiter bug fixed a much more serious bug:
SSL data connection dropouts after data_connection_timeout seconds.
- Typo fixes.

At this point: v2.0.2 released! (need to get the SSL dropout fix out)
=====================================================================

- Document what regex expressions are supported in the man page.
- New settings rsa_private_key_file and dsa_private_key_file to allow
separate files for the certificates and private keys.
- Initial, simple fix for timed out processes not exiting when SSL is in use.
Better fix (which reports timeout to client properly) to follow.
- Add which setsockopt option failed to die("setsockopt") calls.
- Fix when running on recent OpenBSDs - OpenBSD change broke vsftpd. Lower
linger timeout from INT_MAX to 32767 (SHORT_MAX). Reported by
Ewoud van der Vliet and Ed Vazquez (v2.0.3pre1)
- Fix error with IPv4 connections to IPv6 listeners and PORT type data
connections when connect_from_port_20 is set. RedHat bugzilla 134541. Reported
by Joe Orton, Radek Vokal and Andreas Kupfer
- Remove vsf_sysutil_sockaddr_same_family (unused).
- Support protocol 1 (IPv4) in EPRT.
- Add ssl.c to AUDIT.
- Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list.
- Allow "EPSV 1" to mean IPv4 EPSV.
- Report dummy IP but correct port with IPv6 / PASV.
- Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write;
fixes SSL upload failures when data timeouts are in use with some clients.
Specifically, I used the test case FileZilla 2.2.12a on Windows XP. Reported
by Lee Lawrence (using CuteFTP and BackupEdge) and
Christian DELAIR (using lftp, FileZilla and
SmartFTP). Thanks to these two people for valuable help.
(v2.0.3pre2)
- Implicitly disable connect_from_port_20 and chown_uploads when a non-root
user is using run_as_launching_user.
- Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure
anonymous-only solution (useful when you don't have root access and a range
of acceptable anonymous passwords as credentials).
- Use SSL BIO callbacks to fix data connection timeout checks; the checks
weren't all occurring promply.

At this point: v2.0.3 released! (need to get about three imporant fixes out)
============================================================================

- Add explicit "This FTP server does not allow anonymous logins" message.
- Add paranoid checks to sysutil.c for large values / lengths.
- Fix incorrect comment about ASCII and SIZE in the vsftpd.conf example.
- Load per-IP config files earlier; allows more settings to be tuned on a
per-IP level. Suggested by Reber Tobias
- Fix MDTM on non-existant files. Reported by Ken A
- {} regex fix so that {*} correctly matches everything. Reported by
Tom Van de Wiele
- Add "mdtm_write" option to disable MDTM being able to set file timestamps.
- Fix HPUX build, thanks to Kevin Vajk
- Add optional file locking support via lock_upload_files (default on).
- Apply LDFLAGS patch from Mads Martin Joergensen
- Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once
at startup.
- Apply patch to fix timezone issues (caused by chroot() interacting badly with
newer glibc versions). Thanks to Dmitry V. Levin and
Mads Martin Joergensen

At this point: v2.0.4 released!
===============================
2006-01-13 18:12:46 +00:00
joerg
b410304a01 Use SUBST framework. 2006-01-08 05:07:05 +00:00
jlam
dc9594e09d Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
2005-12-29 06:21:30 +00:00
rillig
7a95adad42 The real user name in PKG_USERS does not need to be escaped with double
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
2005-08-23 11:48:47 +00:00
reed
ee8be9d0c1 RCD_SCRIPTS_EXAMPLEDIR is no longer customizable.
And always is defined as share/examples/rc.d
which was the default before.

This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.

This was discussed on tech-pkg in late January and late April.

Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
2005-05-02 20:33:57 +00:00
tv
f816d81489 Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. 2005-04-11 21:44:48 +00:00
uebayasi
71960dee9e Fix quoting. 2005-03-07 09:41:45 +00:00
agc
b12d62efb5 Add RMD160 digests. 2005-02-24 12:13:41 +00:00
jlam
0cead0578e Set INSTALLATION_DIRS to create some directories used by the do-install
target that appears later in the Makefile.  Also move inclusion of
buildlink3.mk files above target definitions, as per style guidelines.
2005-02-02 23:12:52 +00:00
reed
32d8f290c2 The default location of the pkgsrc-installed rc.d scripts is now
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.

This is from ideas from Greg Woods and others.

Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
2004-12-28 02:47:40 +00:00
wiz
6e02d7ee41 Rename ALL_TARGET to BUILD_TARGET for consistency with other *_TARGETs.
Suggested by Roland Illig, ok'd by various.
2004-12-03 15:14:50 +00:00
xtraeme
a571307b1d s/\/var/@VARBASE@/ 2004-11-11 13:51:31 +00:00
xtraeme
0ca3fdce51 * Use += for CFLAGS not =
* Use VARBASE
2004-11-11 13:48:43 +00:00
tv
c487cb967a Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
2004-10-03 00:12:51 +00:00
salo
57e8d0fff4 Updated to version 1.2.2.
Changes:

- remove superfluous .if around BUILD_DEFS
- drop maintainership, i don't really use the package anymore
- XXX: this package doesn't compile on non-IPv6 enabled operating systems

1.2.2:
======
- Fix FreeBSD 5.1/5.2 issue with time_t being long long on that platform.
- Tweak vsftpd.conf.5 to avoid automated mails from ESR ;-)
- Add -v flag which just outputs the version and exits.
- Fix nasty issue resulting in listener instability under extreme load
  (root cause was re-entering malloc/free).
- Fix build with modern glibc-2.3 and no libcap on Linux.
- Fix 64-bit file support on Solaris.
- Add initial support for running as the user which launched vsftpd,
  i.e. no root needed. Warning - easy to create insecurity if you use
  this without knowing what you are doing.
- For above run-as-launching-user support: make CDUP re-use CWD code
  so that deny_file of *..* is useful.
- Attempt fix of 64-bit file support on FreeBSD (may need another go).
2004-05-09 00:29:22 +00:00
reed
9c790735db mk/bsd.pkg.install.mk now automatically registers
the RCD_SCRIPTS rc.d script(s) to the PLIST.

This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.

This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)

These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)

I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.

Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
  hard-coded etc/rc.d. These need to be fixed.
- maybe  remove from mk/${OPSYS}.pkg.dist mtree specifications too.
2004-04-23 22:07:52 +00:00
salo
1a345998a8 bl3ify 2004-04-02 20:17:44 +00:00
salo
6c02b1e09e Update to version 1.2.1.
Changes:

- Apply NetBSD patch to sysdeputil.c to activate a few features. Thanks to
  Lubomir Sedlacik <salo@netbsd.org>.
- Apply fix for broken clients that terminate commands with \r\r\n. Thanks
  to Andrey Chernomyrdin <andrey@excom.spb.su>.
- AIX send_file support, thanks to Tomas Ogren <stric@ing.umu.se>.
- Fix typos in vsftpd.conf.5, thanks to SEKINE Tatsuo <tsekine@sdri.co.jp>.
- Simple -F flag support to LIST and NLST. Needed for some broken clients.
- Add simple ? wildcard in pattern matching.
- Make pasv_min_port and pasv_max_port work if they are the same value.
  Thanks to Marvin Solomon <solomon@cs.wisc.edu>.
- Paranoia: ignore user_config_dir if username has a / in it.
- Implement stub ALLO command to keep busybox/ftpput happy.
- Implement REIN, ACCT and SMNT stubs.
- Implement FEAT along with an OPTS stub.
- Implement STAT (no-args version).
- Implement STAT (file/dir).
- Add very simple access control via hide_file and deny_file. These should
  NOT be used for securing content as they are very dumb!  Filesystem
  permissions are still the recommended way for securing important content.
- Allow unsetting of string values with option= (i.e. blank).
- Default virtual users to being chroot()'ed to the guest_user's home
  directory, if virtual_use_local_privs is not set.
- Add support for "user_sub_token", where you can set the home directory
  of guest_user to "/home/virtual/$USER", and "user_sub_token" to "$USER"
  to have a root directory auto generated based on username logging in,
  e.g.  fred logs in and gets chroot()'ed in /home/virtual/fred.
- Fix bug in str_replace_text if replace token matches at end of string.
- Recognize P@SW as PASV; works around an SMC router bug.
- Accept an async ABOR sequence if it arrives via non-urgent data.  Fixes
  issue with Cisco routers. Thanks to Eddie Corns <E.Corns@ed.ac.uk>.
- Implement simple {,} support in pattern matcher (nested not handled).
  Handy to use with hide_file and deny_file options.
- Fix port range with pasv_min_port and pasv_max_port to use the full range
  (the upper limit wasn't being used very often!).
- Activate SO_REUSEADDR on passive listen sockets - makes servers with
  restricted port ranges much more useable!
- Add secure_email_list_enable, to provide simple anonymous password control.
  For some cases, it's better than the hassle of virtual users. Idea thanks
  to Malcolm O'Callaghan, <mjo@stamps.com>.
- Add some FAQ entries.
- Fix issue with failure to call openlog() before using tcp_wrappers. Part
  of RH bugzilla #89765. (The more serious part was fixed with v1.2.0).
2004-01-01 04:39:22 +00:00
grant
ca3be631f2 s/netbsd.org/NetBSD.org/ 2003-07-17 22:50:55 +00:00
salo
dc2437e0d6 Updated to 1.2.0.
- take over maintainership, MAINTAINER is not reachable on his mail anymore
  (non-existent domain).

Changes:

Logging has been enhanced, including syslog support.  IPv6 support has been
added.  STRU, MODE, STOU, HELP, and SITE HELP have been implemented.  Better
control of which commands to allow has been added.  pam_session support has
been added.  Error messages have been improved.  There are lots of bugfixes
and new configuration options.

- Eliminate crypt() not defined warning.
- "grep -q" is not standard to redirect to /dev/null instead.
- Make banned_email_file work second time around.
- Add force_dot_files to work around broken clients. The behaviour when
  enabled is very wu-ftpd like.
- Implement SITE HELP - should work around IE bug?
- Update README, vsftpd.conf with references to read the manual page!
- Log revamp: add dual_log_enable to log to xferlog AND vsftpd.log.
- Log revamp: add syslog_enable to log vsftpd.log to syslog().
- Add "background" option to background the listener process.
- Fix warning is vsftpd.8 man page, Bill Nottingham <notting@redhat.com>.
- Fix tcp wrappers support to NOT emit loads of Bad file descriptor messages
  to the system log.
- Add ability to make bandwidth limiter smoother by using e.g.
  trans_chunk_size=8192.
- Add ability for virtual users to use local privs non anon privs, via
  virtual_use_local_privs=YES.
- Fix sendfile() fallback on FreeBSD, thanks to Adam Stroud
  <adstro@stny.rr.com>.
- Add pam_session support, as well as utmp and wtmp logging for local logins
  (when using a PAM build). Tested pam_limits maxlogins works.
- Ensure the source IP address for PORT connects is always the same as the
  control connection local IP address. Previously it was not when NOT using
  connect_from_port_20 in the presence of multiple local IP addresses.
- Oops - make max_per_ip and max_clients work with the two process model
  when both connect_from_port_20 and chown_uploads are false.
- Initial IPv6 support (EPSV only).
- Add EPRT support to IPv6.
- Fix "ls .file" to list .file even if the ls -a flag is not present. Noted
  by and thanks to Sean Millichamp <sean@enertronllc.com>.
- Better error messages for config file parse fail: include setting name.
- Fix bug in str_split_text where text is greater than 1 character long!
- Make it build on Solaris8 - switch from utmp to utmpx and handle missing
  LOG_FTP.
- Always check for VSFTPD_LOAD_CONF environment variable.
- Implement HELP properly (should help broken clients).
- Fix FreeBSD build (no utmpx.h, so disable feature).
- Fix chown_uploads.
- "Guess fix" for FreeBSD reported bug. I reckon FreeBSD is returning -EINTR
  from a blocking close but still closing the fd, despite the error return. So
  cater for this. Reported by Drew Vogel <dvogel@intercarve.net>.
- Add download_enable and dirlist_enable. Useful in conjunction with the
  per-user config stuff.
- Add chmod_enable.
- Implement STRU and MODE for _old_, broken clients!
- Log connects.
- Fix 500 OOPS with chown_uploads and an APPE command.
- Improve some error messages: die -> die2 for more information.
- Repair max_per_ip (problem comparing IPv4 addresses).
- Make chown_uploads work with virtual users.
- Chmod files to 0600 before chown_uploads kicks in.
- Add STOU support.
- Add cmds_allowed config parameter.
- Add some FAQ entries.
2003-05-29 20:08:41 +00:00
salo
8358aa2101 Updated to version 1.1.3.
Addresses PR pkg/21410 by Jens Liebau.

- honour PKG_SYSCONFDIR
- rcd script, standalone mode support
- tcp wrappers support
- install vsftpd:vsftpd user
- new HOMEPAGE and MASTER_SITES

1.1.3:
======
- Support for tcp_wrappers.
- First stab at Solaris sendfilev() support.
- Don't bomb out the listener on SIGHUP if the config became invalid.
- End vsf_findlibs.sh with "exit 0;" - thanks Lars Hecking <lhecking@nmrc.ie>!
- Integrate with tcp_wrappers - load config based on VSFTPD_LOAD_CONF
  environment variables. Allows per-IP configurability in standalone mode.
- Fix build without tcp_wrappers.
- Fix Solaris sendfilev() support - interruption via a signal returns EINTR
  rather than a partial byte count!
- Add to EXAMPLE/ - PER_IP_CONFIG and INTERNET_SITE_NOINETD

1.1.2:
======
- Add per-IP connection limits in standalone mode.
- Add logging of refused connect due to global or IP connection limits.
- (Many thanks for testing and suggestions from Rob van Nieuwkerk
  <robn@verdi.et.tudelft.nl> and Adrian Reber <adrian@lisas.de>.
- Make connection limit exceeded messages nonblocking.
- Don't exit the listener if fork fails.

1.1.1:
======
- Fix port_promiscuous, oops! Thanks to Bjørn-Ove Heimsund
  <bjornoh@mi.uib.no>.
- Fix to support umasks which create executable files. Reported by
  "Martin, Andreas" <AMartin@hegau-klinikum.de>.
- Make the messages more.. professional :( Thanks to Steven G. Taylor
  <staylor@redhat.com>.
- Allow anon users to append to files if they can delete files! Suggestion
  from Michael Leuchtenburg <michael@slashhome.org>.
- Hopefully fix Solaris build (-lresolv)
- Replace atoll() with a homebrew - modern FreeBSD, OpenBSD lack it.
- Different solution for a umask which creates executable files:
  file_open_mode.
- First attempt at Tru64 build, working with <Sulla17@aol.com>.
- A few minor FAQ additions.
- Change date format in the log from Sep 09 -> Sep  9. Avoids breaking some
  broken log parsers.
- Make "INSTALL" better and clearer.
- Fix passwd_chroot_enable, reported by James Jones <james@richland.edu>.
- Finish Tru64 building :-)
- Add tunable_no_anon_password as asked for by Stephen Quinney
  <stephen.quinney@computing-services.oxford.ac.uk>.

1.1.0:
======
- large file (>2Gb) support).
- Fix .spec files to use /usr/local/sbin not /usr/sbin, noted by Bill Unruh
  <unruh@physics.ubc.ca>.
- Small doc tweaks and improvements(?)
- Add COPYING, the GNU GPL version 2.
- Add use_localtime config option to override the use of GMT times.
- Add tunable_check_shell (default YES) so people can disable this if they
  are not using PAM.
- AIX 5.1 build support, thanks to Jan-Frode Myklebust
  <janfrode@parallab.uib.no>.
- Add "hide_ids" option to show user/group in directory listings as "ftp".
  Request from Solar.
- Use the seemingly more portable setreuid() and setregid(), poxy HP.
- Use status 550 instead of 500 for known but disabled commands.
- Rename "dirchange.[ch]" to "banner.[ch]".
- Multiline connect banner support via "banner_file" config option.
- Minor error message changes.
- Add more FAQ entries.
- Add patch to specify PASV address - thanks to Mike McLean <mikem@redhat.com>.
- Drop the 2.4.0 kernel warning file
- Rudimentary standalone listener support - to be expanded in a later release.
- If sendfile() returns EINVAL just fall back to normal routines - handles
  non-pagecache backed files.
- Add "port_promiscuous" setting - should help enabling FXP.
- Modify anon_root and local_root to change directory _before_ applying the
  chroot().
- Open all files O_NONBLOCK to avoid pipes blocking on open.
- Support wu-ftpd style per-user chroot() via /./ in /etc/passwd HOMEDIR.
- Add SIGHUP support to new built in listener.
- Per-user config overrides, via "user_config_dir" - woohoo!
- Warning fixes, i.e. change "index" to "indexx" thanks to Olaf Kirch
  <okir@suse.de>.
- Make sure the standalone daemon doesn't leak zombies!
- Supposedly fix kernel messages about MSG_PEEK race - thanks to advice from
  Alexey <kuznet@ms2.inr.ac.ru>.
- Add global client limit for standalone mode.
- Add username that failed when we die with str_getpwnam.
- Add a bunch of documentation under EXAMPLES.
2003-05-09 23:31:38 +00:00
martti
a31371b23e Updated vsftpd to 1.0.1
- Fix potential leak in PAM handling code.
- Fix build in the non-PAM case
- Include filename and size in bytes in the "here comes the data" 150 message.
- Change link flags from "-s" to "-Wl,-s"
- Tidy up vsf_findlibs.sh
- Work with NFS mounted home dirs and root_squash
- Add FAQ.
- Improve "make install".
- Fix Solaris build (nanosleep is in a separate library, typical).
- Fix REST + STOR combination
- Make our 150 response code match wu-ftpd - allows broken "ange-ftp" of
  emacs to do a percentage complete indicator.
- Add anon_root and local_root
2002-08-22 11:24:06 +00:00
zuntum
d038a73ebd Move pkg/ files into package's toplevel directory 2001-10-31 22:52:58 +00:00
zuntum
7c41e9d964 Follow suggestion from Luke Mewburn and change it back to "an FTP" 2001-06-19 11:43:08 +00:00
zuntum
8cdd63ca40 I think it's "a", not "an" FTP server 2001-06-19 11:36:02 +00:00
zuntum
e0064c6220 Initial import of vsftpd-0.9.1
vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. Obviously
this is not a guarantee, but a reflection that I have written the entire
codebase with security in mind, and carefully designed the program to be
resilient to attack.

Recent evidence suggests that vsftpd is also extremely fast (and this is
before any explicit performance tuning!) In tests against wu-ftpd, vsftpd
was always faster, supporting over twice as many users in some tests.

Package provided by Jacek Latos <vaneth@krasnik.org> in pkg/13208;
minor modifications by me.
2001-06-19 11:32:02 +00:00