pkg/42711: net/pure-ftpd update [patch included]

[pettai%nordu.net@localhost]

>Number:         42711
>Category:       pkg
>Synopsis:       net/pure-ftpd update [patch included]
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 31 13:45:00 +0000 2010
>Originator:     Fredrik Pettai
>Release:        NetBSD 5.0_STABLE
>Organization:
NORDUnet A/S
>Environment:
>Description:
net/pure-ftpd in pkgsrc-current needs updating, lot of fixes have been applied.

Changelog:

* Version 1.0.27:
 - Have pureftpd_shutdown() shut the server down even if a client is
connected on iPhone.
 - Allow users with no quota to delete .pureftpd-upload-* files.
 - Unbreak ipv6 support, reported by Brad Smith.
 - Disable SSLv3 renegotiation if an old SSL library is used. If you really
want to re-enable SSLv3 renegotiation, even with a recent library, you can
always define ACCEPT_SSL_RENEGOTIATION.

* Version 1.0.26:
 - Fix incompatibilities with Cyberduck when TLS is enabled.
 - Don't TLS_accept() immediately after accept(). Reply on the connection
socket first, so that clients don't have to wait before knowing that they
can actually use TLS. It avoids lags with LFTP and hangs with Cyberduck.
 - Properly change the process name on Linux when the -S option is used, by
Margus Kaidja.
 - Unbreak authentication of non-chrooted users. Thanks to Juergen Daubert
for the bug report.

* Version 1.0.25:
 - Show symlinks as symlinks in MLSD, except when the broken client
compatibility mode is turned on and links are not dangling (just like the
old LIST and NLIST commands). Reported by Mime Cuvalo.
 - More gcc 2 compatibility, thanks to Todd Rinaldo.
 - Properly handle custom paths in man pages. Thanks to Scott Haneda and
Mathieu Parisot.
 - Have $localstatedir default to /var as it used to be unless
--localstatedir=... is explicitely passed to ./configure
 - Use @VERSION@ in man pages.
 - --without-pam disables PAM on OSX and iPhone.
 - Allow cross-compilation.
 - Experimental iPhone target.
 - Change the way it links, building a library first.
 - Don't use mmap() any more for downloads. It's too slow.
 - Don't use hard-coded paths in order to find MySQL and PostgreSQL
libraries and header files. Use mysql_config and pg_config instead.
Suggested by John Alberts.
 - Log the DELE command similar to the RETR and STOR commands. Suggested by
Martin Fuxa.
 - The primary group gets cached so that it's always displayed in directory
listings.
 - Avoid a client process to burn CPU in an infinite loop if the command
channel gets disconnected before the data channel. Reported by Thomas Min
and Margus Kaidja.
 - Restore the traditional behavior of a download restarting at the end of a
file. For some weird reasons, some clients still insist on doing that. Don't
send a 55x return code, just let them download... nothing.
 - Documentation updates.

* Version 1.0.24:
 - Refuse empty passwords in LDAP bind mode. Reported by Henning Brauer.
 - The package can now be compiled with gcc 2.

* Version 1.0.23:
 - LDAP: accept "enabled" as a correct value for FTPStatus as it used
to be.
 - More useful error logging for OpenSSL errors.
 - Don't read certificates twice.
 - Fix compilation on Solaris with privsep, thanks to Ritesh Patel.
 - Don't replace : (as in IPv6 addresses) in host names. Thanks to Tero
Pelander.
 - Add SUP top AUXILIARY to LDAP schema, suggested by Zhang Huangbin.
 - Don't ignore dot files even if -D is not supplied with the MLSD command.
 - Deinline code
 - Throttling more reliable
 - STAT is now working over TLS
 - DH keys for ephemeral key exchange are now handled
 - Fix libiconv checking
 - The column was missing in the PassivePortRange comment (thanks to Igor
Alexadrov)
 - LDAP authentication through binding is now possible in addition to
passwords. This allows for the FTP server to run with an unprivileged LDAP
account. It also adds a warning if auth method password is used and doesn't find
a userPassword attribute. This usually indicates that the LDAP bind DN
cannot read the attributes, because it doesn't have sufficient privileges.
Contributed by Wilco Baan Hofman.
 - Perform charset conversions on directory names. Issue spotted by Xianghu
Zhao.
 - Almost a complete rewrite of the upload, download and TLS code for more
reliability
 - Seemlessly handle ABOR without any SIGURG
 - Try to immediately handle any kind of disconnection
 - Use poll() rather than select() as much as possible
 - Distinguish aborted (even the hard way) and completed download and upload
operations in log files
 - Minor corrections to he French messages
 - Don't use atomic uploads unless --notruncate or --autorename have been
enabled
 - Take care of removing .pureftpd-upload-* files in every possible case
 - List up to 10000 files per directory per default instead of 2000
 - Don't mess with TCP_NOPUSH, as it interferes with OpenSSL
 - New compile-time option: --with-implicittls in order to build a FTPS-only
server
 - ./configure --localstatedir can now be used in order to avoid storing the
scoreboard and other dynamic files in /var/run/
 - Quota handling reworked (easier, and way more reliable)
 - RNTO support even when quota are enabled.
 - A bunch of return codes were fixed to be more RFC-conformant.
 - ALLO command is now actually checking if an upload can occur without
blowing the quota.
 - Don't change the TCP window size. Admins should do this as part of their
system configuration.
 - Privsep is now enabled by default. Use --without-privsep to disable.
 - --without-banner is gone. If you have a cookie file (-F), the default
banner won't be displayed.
 - Compile with PAM by default on OSX.
 - Switch the privsep process to _pure-ftpd or pure-ftpd when no privileged
call is actually necessary. Since only the effective uid chances, it's not
brutally useful yet, but it paves the way for forthcoming changes.
 - Install man pages with local paths instead of hard-coded ones.

* Version 1.0.22:
 - New catalan translation, by Taik0.
 - TLS support for LDAP, contributed by Marc Balmer.
 - pureftpd.schema contained two errors. Reported by Ulrich Zehl.
 - Fix usage of MySQL 5 stored procedures, by Bernhard Fischer.
 - Don't issue a warning in ./configure when the certfile does exist.
Reported by Michael Bowe.
 - Have LDAP FTPStatus work since the schema changed. Thanks to David Majorel.
 - Compatibility with newer OpenLDAP versions. Thanks to Johan Ström.
 - Don't hang up during uploads if we get any other command than QUIT and
ABORT.
 - SITE UTIME reads UTC time
 - A space is needed for inline content in response to the MLST command.
 - Time zone issues should be fixed for good. We have to redefine TZ,
tzset() is not enough on Linux when we are in a chroot environment.
 - Correctly respond to FEAT without removing extra features when passive
mode is disabled. Thanks to upb.
 - Better process name change setup for Linux.
 - Auto-created home directories are now created with mode 0777 (and
directory umask is applied), per common request. It's very important to
double check your umask.
 - Extend gid / uid to 10 digits in ls output. Extend file size as well.
 - Brazilian portuguese translation was updated.
 - Support new MySQL password scrambling, thanks to Jan Hudoba.
 - Larger mmap() chunks: downloads needs less CPU usage on platforms with
slow mmap() like OpenBSD.
 - Fix SecureFX compatibility.
 - Use PQescapeStringConn() for PostgreSQL instead of hand-made escaping.
 - messages_check.pl had to leave the package as it was GPL-licenced.
 - Don't respond to server that an upload succeeded before the temporary
file has been renamed.
 - TLS support on data channels, contributed by Rajat Upadhyaya from Novell
and Christian Cier-Zniewski.
 - Use sendfile() on recent Solaris versions in place of sendfilev().
 - Don't use a deprecated interface for Bonjour registration.
 - Tell authentication handlers if the connection is encrypted or not,
through a new AUTHD_ENCRYPTED environment variable. Suggested by Koczka
Ferenc.
 - README.Netfilter has been removed.
 - Create all directories, not only the basement when on-demand directory
creation is enabled and the user's home directory looks like /basement/./user.
Suggested by Frederico Gendorf.
 - Fixed error reporting when TLS support was compiled in, but TLS wasn't
enabled on the current session. Thanks to Arkadiusz Miskiewicz.
 - Log full path on file deletion. Thanks to Arkadiusz Miskiewicz.
 - Handle "ftp" and "anonymous" like normal accounts (with passwords) if -E
(no anonymous logins) is specified. Thanks to Arkadiusz Miskiewicz.
 - Sleep before answering a password failure, not the other way round. From
PLD Linux.
 - Fix gcc warning in puredb.
 - In broken mode, show symlinks as their real target. It can have side
effects, don't forget that broken mode is... broken mode.
 - Respect aliasing rules for sockaddr_storage usage.
 - Privsep is enabled by default in the installation GUI.
 - --with-everything now includes privsep.
 - update: fix compilation with gcc 2.x, reported by John Lightsey.
>How-To-Repeat:

>Fix:
# cvs diff -u
cvs diff: Diffing .
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/net/pure-ftpd/Makefile,v
retrieving revision 1.22
diff -u -r1.22 Makefile
--- Makefile    12 Jun 2008 02:14:41 -0000      1.22
+++ Makefile    31 Jan 2010 13:40:25 -0000
@@ -1,6 +1,6 @@
 # $NetBSD: Makefile,v 1.22 2008/06/12 02:14:41 joerg Exp $
 
-DISTNAME=              pure-ftpd-1.0.21
+DISTNAME=              pure-ftpd-1.0.27
 CATEGORIES=            net
 MASTER_SITES=          ftp://ftp.pureftpd.org/pub/pure-ftpd/releases/
 MASTER_SITES+=         http://download.pureftpd.org/pub/pure-ftpd/releases/
@@ -25,8 +25,8 @@
 
 .include "../../mk/bsd.prefs.mk"
 
-.if ${OPSYS} != "Interix"
-CONFIGURE_ARGS+=       --with-privsep
+.if ${OPSYS} = "Interix"
+CONFIGURE_ARGS+=       --without-privsep
 .endif
 
 .include "options.mk"
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/net/pure-ftpd/distinfo,v
retrieving revision 1.8
diff -u -r1.8 distinfo
--- distinfo    24 Feb 2006 14:35:30 -0000      1.8
+++ distinfo    31 Jan 2010 13:40:25 -0000
@@ -1,5 +1,5 @@
 $NetBSD: distinfo,v 1.8 2006/02/24 14:35:30 ghen Exp $
 
-SHA1 (pure-ftpd-1.0.21.tar.gz) = 0374031beb847d6a9aa61627c3db26cb81a28e92
-RMD160 (pure-ftpd-1.0.21.tar.gz) = 5f5a86f118cf34dc52650cebc38e50130ab0c7cf
-Size (pure-ftpd-1.0.21.tar.gz) = 594394 bytes
+SHA1 (pure-ftpd-1.0.27.tar.gz) = abd547ff4753e3e921e309175a786069393a8911
+RMD160 (pure-ftpd-1.0.27.tar.gz) = 1ac601910ba6b92ff7671259d4a6216cb4ba391b
+Size (pure-ftpd-1.0.27.tar.gz) = 568556 bytes
cvs diff: Diffing files