kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net/vsftpd/options.mk
abs df1dc3d9d1 Updated net/vsftpd to 2.0.7 - needed for recent FileZilla to with with SSL 
v2.0.5

- Apply fix for O_NONBLOCK vs. XFS DMAPI filesystem. Thanks to Sudha Srinivasan
<sudhas@sgi.com>.
- Fix build warnings exposed by my upgrade to Fedora Core 5 / GCC4.1.1.
- Be more honest in FEAT response if PORT or PASV are disabled! Reported by
Charles Honton <chas@honton.org>. Allows MS Explorer to get the transfer mode
correct.
- pam_pwdb.so -> pam_unix.so in example PAM file. Thanks to
Rhodes, Colin <colin.rhodes@airways.co.nz>.
- Add FAQ issue regarding "chroot fails with SSL" - in fact, sshd is being hit
here instead ;-)
- Minor man page doc tweaks.
- Tiny bit of paranoia in privops.c.
- Revert change to reject anonymous logins before asking for password. This
fixes complaints about IE not showing the FTP login dialog.
- Change SSL certificate load to cater for chaining too.
- Added delay_failed_login and delay_successful_login to help limit resources
taken by brute force attacks.
- Kick session after a few login fails. Allows IP blocking solutions to be more
immediately effective.
- Replace setenv() with more portable putenv(). First part of Solaris fix.
- Replace tm_gmtoff usage with timezone and daylight. Second part of Solaris
fix.
- Set PAM items TTY and RUSER if possible.
- OpenBSD build warning fixes.
- So, timezone and daylight are not available on BSD, so redo the whole TZ
thing again. Should use only very portable constructs now.

v2.0.6

- Fix delay_failed_login typo. Oops.
- Patch the getcwd and readlink sysutil helpers to reflect that they wouldn't
like a 0-sized buf. No caller is affected. Thanks Ilja van Sprundel
<ilja@suresec.org>.
- Allow a (fake) reauth as the same user as the logged in user. Should resolve
.NET related report from Sabo Jim <Jim.Sabo@thomson.net>.
- Tweak from Lucian Adrian Grijincu <lucian.grijincu@gmail.com> to take
unnecessary port calculations out of a loop.
- Fix byte I/O accounting in the error path of do_file_send_rwloop, thanks to
<echen@siac.com>.
- Don't log FireFox's attempts to RETR directories! Reported by
Nixdorf, Tim <tnixdorf@dnps.com>.
- Fix STOU sending the same 150 status line twice - oops! Reported by
<yamazaki@iij.ad.jp>.
- Fix xferlog format for virtual (guest) users, reported by Andy Fletcher
<andy@withnail.org>.
- Fix bug with empty user list file and userlist_deny=NO. Reported by
Marcin Zawadzki/GlobalVanet.com <marcin.zawadzki@globalvanet.com>.
- Pretend we have proper UTF8 support and respond positively to OPTS UTF8 ON.
Thanks Stanislav Maslovski <stanislav.maslovski@gmail.com>.
- Add control over the file permissions used in the chown()ing of anonymous
uploads: chown_upload_mode (default 0600 as before). Suggestion from
An Pham <apham@medforcetech.com>.
- Do a retry getting the active ftp socket in vsf_privop_get_ftp_port_sock();
should help buggy Solaris systems. Reported by Michael Masterson
<mjmasterson@xo.com>.
- Add debug_ssl option to dump out some SSL connection details.
- Use code 522, not 521, to indicate that the server requires an encrypted
data connection. Still does not seem to coax lftp to retry :(
- Recognize OPTS pre-login.
- A whole ton of SSL improvements, including ability to force requirement of
a client cert; data and control channel client cert cross checking. Ability
to require fully valid / authentic client certs. No cert-based auth yet.
- Change my e-mail to my GMail account.

v2.0.7

- Fix finding libcap for the link on Slackware systems, thanks to Roman
Kravchenko <roman@atech.lv>.
- Fix build on Solaris 2.8 due to non-standard C, thanks to IIDA Yosiaki
<y-iida@secom.co.jp>.
- Fix man page typo, thanks Matt Selsky <selsky@columbia.edu>.
- Bring the PASV listen() into the bind() retry loop to resolve a race under
extreme load. Thanks to Curtis Taylor <cjt@us.ibm.com>.
- Enhance logging for debug_ssl.
- Shutdown the SSL data connections properly. This prevents clients such as
recent FileZilla from complaining. Reported by various people.
- Add option to enforce proper SSL shutdown on uploads. Left it off after much
agonizing because clients are so broken in this area.
- Add option to delete failed uploads.
2008-09-22 11:02:21 +00:00

54 lines
1.6 KiB
Makefile
Raw Blame History

# $NetBSD: options.mk,v 1.6 2008/09/22 11:02:21 abs Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.vsftpd
PKG_SUPPORTED_OPTIONS= pam ssl tcpwrappers
PKG_SUGGESTED_OPTIONS= pam tcpwrappers
PKG_OPTIONS_REQUIRED_GROUPS= inet6 # require inet6 capability
PKG_OPTIONS_GROUP.inet6= inet6
.include "../../mk/bsd.options.mk"
.if !empty(PKG_OPTIONS:Minet6)
CONFIGURE_ARGS+= --enable-ipv6
.else
BROKEN= Needs ipv6 option enabled.
.endif
.if !empty(PKG_OPTIONS:Mpam)
.include "../../mk/pam.buildlink3.mk"
LIBS+= -L${PAMBASE}
LIBS+= ${COMPILER_RPATH_FLAG}${PAMBASE}
LIBS+= -lpam
.else
LIBS.Linux= -lcrypt
#
SUBST_CLASSES+= pam
SUBST_FILES.pam= builddefs.h
SUBST_SED.pam+= -e 's,define VSF_BUILD_PAM,undef VSF_BUILD_PAM,g'
SUBST_STAGE.pam= pre-configure
.endif
.if !empty(PKG_OPTIONS:Mssl)
.include "../../security/openssl/buildlink3.mk"
SUBST_CLASSES+= ssl
SUBST_FILES.ssl= builddefs.h
SUBST_SED.ssl+= -e 's,undef VSF_BUILD_SSL,define VSF_BUILD_SSL,g'
SUBST_SED.ssl+= -e 's,/usr/share/ssl/certs/vsftpd.pem,${SSLCERTS}/vsftpd.pem,g'
SUBST_STAGE.ssl= pre-configure
LIBS+= -L${BUILDLINK_PREFIX.openssl}
LIBS+= ${COMPILER_RPATH_FLAG}${BUILDLINK_PREFIX.openssl}
LIBS+= -lssl -lcrypto
.endif
.if !empty(PKG_OPTIONS:Mtcpwrappers)
.include "../../security/tcp_wrappers/buildlink3.mk"
SUBST_CLASSES+= tcpwrappers
SUBST_FILES.tcpwrappers= builddefs.h
SUBST_SED.tcpwrappers+= -e 's,undef VSF_BUILD_TCPWRAPPERS,define VSF_BUILD_TCPWRAPPERS,g'
SUBST_STAGE.tcpwrappers= pre-configure
LIBS+= -L${BUILDLINK_PREFIX.tcp_wrappers}
LIBS+= ${COMPILER_RPATH_FLAG}${BUILDLINK_PREFIX.tcp_wrappers}
LIBS+= -lwrap
.endif
Reference in a new issue View git blame Copy permalink