pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/net/vsftpd



Module Name:    pkgsrc
Committed By:   abs
Date:           Mon Sep 22 11:02:21 UTC 2008

Modified Files:
        pkgsrc/net/vsftpd: Makefile distinfo options.mk
        pkgsrc/net/vsftpd/patches: patch-ad patch-af
Removed Files:
        pkgsrc/net/vsftpd/patches: patch-ag

Log Message:
Updated net/vsftpd to 2.0.7 - needed for recent FileZilla to with with SSL

v2.0.5

- Apply fix for O_NONBLOCK vs. XFS DMAPI filesystem. Thanks to Sudha Srinivasan
<sudhas%sgi.com@localhost>.
- Fix build warnings exposed by my upgrade to Fedora Core 5 / GCC4.1.1.
- Be more honest in FEAT response if PORT or PASV are disabled! Reported by
Charles Honton <chas%honton.org@localhost>. Allows MS Explorer to get the 
transfer mode
correct.
- pam_pwdb.so -> pam_unix.so in example PAM file. Thanks to
Rhodes, Colin <colin.rhodes%airways.co.nz@localhost>.
- Add FAQ issue regarding "chroot fails with SSL" - in fact, sshd is being hit
here instead ;-)
- Minor man page doc tweaks.
- Tiny bit of paranoia in privops.c.
- Revert change to reject anonymous logins before asking for password. This
fixes complaints about IE not showing the FTP login dialog.
- Change SSL certificate load to cater for chaining too.
- Added delay_failed_login and delay_successful_login to help limit resources
taken by brute force attacks.
- Kick session after a few login fails. Allows IP blocking solutions to be more
immediately effective.
- Replace setenv() with more portable putenv(). First part of Solaris fix.
- Replace tm_gmtoff usage with timezone and daylight. Second part of Solaris
fix.
- Set PAM items TTY and RUSER if possible.
- OpenBSD build warning fixes.
- So, timezone and daylight are not available on BSD, so redo the whole TZ
thing again. Should use only very portable constructs now.

v2.0.6

- Fix delay_failed_login typo. Oops.
- Patch the getcwd and readlink sysutil helpers to reflect that they wouldn't
like a 0-sized buf. No caller is affected. Thanks Ilja van Sprundel
<ilja%suresec.org@localhost>.
- Allow a (fake) reauth as the same user as the logged in user. Should resolve
.NET related report from Sabo Jim <Jim.Sabo%thomson.net@localhost>.
- Tweak from Lucian Adrian Grijincu <lucian.grijincu%gmail.com@localhost> to 
take
unnecessary port calculations out of a loop.
- Fix byte I/O accounting in the error path of do_file_send_rwloop, thanks to
<echen%siac.com@localhost>.
- Don't log FireFox's attempts to RETR directories! Reported by
Nixdorf, Tim <tnixdorf%dnps.com@localhost>.
- Fix STOU sending the same 150 status line twice - oops! Reported by
<yamazaki%iij.ad.jp@localhost>.
- Fix xferlog format for virtual (guest) users, reported by Andy Fletcher
<andy%withnail.org@localhost>.
- Fix bug with empty user list file and userlist_deny=NO. Reported by
Marcin Zawadzki/GlobalVanet.com <marcin.zawadzki%globalvanet.com@localhost>.
- Pretend we have proper UTF8 support and respond positively to OPTS UTF8 ON.
Thanks Stanislav Maslovski <stanislav.maslovski%gmail.com@localhost>.
- Add control over the file permissions used in the chown()ing of anonymous
uploads: chown_upload_mode (default 0600 as before). Suggestion from
An Pham <apham%medforcetech.com@localhost>.
- Do a retry getting the active ftp socket in vsf_privop_get_ftp_port_sock();
should help buggy Solaris systems. Reported by Michael Masterson
<mjmasterson%xo.com@localhost>.
- Add debug_ssl option to dump out some SSL connection details.
- Use code 522, not 521, to indicate that the server requires an encrypted
data connection. Still does not seem to coax lftp to retry :(
- Recognize OPTS pre-login.
- A whole ton of SSL improvements, including ability to force requirement of
a client cert; data and control channel client cert cross checking. Ability
to require fully valid / authentic client certs. No cert-based auth yet.
- Change my e-mail to my GMail account.

v2.0.7

- Fix finding libcap for the link on Slackware systems, thanks to Roman
Kravchenko <roman%atech.lv@localhost>.
- Fix build on Solaris 2.8 due to non-standard C, thanks to IIDA Yosiaki
<y-iida%secom.co.jp@localhost>.
- Fix man page typo, thanks Matt Selsky <selsky%columbia.edu@localhost>.
- Bring the PASV listen() into the bind() retry loop to resolve a race under
extreme load. Thanks to Curtis Taylor <cjt%us.ibm.com@localhost>.
- Enhance logging for debug_ssl.
- Shutdown the SSL data connections properly. This prevents clients such as
recent FileZilla from complaining. Reported by various people.
- Add option to enforce proper SSL shutdown on uploads. Left it off after much
agonizing because clients are so broken in this area.
- Add option to delete failed uploads.


To generate a diff of this commit:
cvs rdiff -r1.28 -r1.29 pkgsrc/net/vsftpd/Makefile
cvs rdiff -r1.9 -r1.10 pkgsrc/net/vsftpd/distinfo
cvs rdiff -r1.5 -r1.6 pkgsrc/net/vsftpd/options.mk
cvs rdiff -r1.3 -r1.4 pkgsrc/net/vsftpd/patches/patch-ad
cvs rdiff -r1.4 -r1.5 pkgsrc/net/vsftpd/patches/patch-af
cvs rdiff -r1.3 -r0 pkgsrc/net/vsftpd/patches/patch-ag

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



Home | Main Index | Thread Index | Old Index