Subject: pkg/22680: Pure-ftpd update and additions
To: None <gnats-bugs@gnats.netbsd.org>
From: None <jon@apa.bahz.se>
List: netbsd-bugs
Date: 09/04/2003 15:12:08
>Number:         22680
>Category:       pkg
>Synopsis:       Pure-ftpd update and additions
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Sep 04 12:13:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Jon Olsson
>Release:        NetBSD 1.6X
>Organization:
Monkey Mafia
>Environment:
System: NetBSD apa.bahz.se 1.6X NetBSD 1.6X (APA) #0: Wed Sep 3 12:58:38 CEST 2003 jon@apa.bahz.se:/home/jon/tmpsrc/src/sys/arch/i386/compile/APA i386
Architecture: i386
Machine: i386
>Description:
	1.0.16 was released on august 11. adding nice stuff like SSL/TLS support.

	Also, my patch adds documentation files and cleans up some configuration
	switches, and additionally adds some build variables.

	Changelog:

* Version 1.0.16a:
    Fix typo (sizeof_resolved instead of sizeof resolved) in
src/bsd-realpath.c . Not a vulnerability because it happens in the good way,
but it sometimes used to break uploadscript.

* Version 1.0.16:
    An obsolete comment in pure-ftpd.conf was fixed : RPMs don't parse
/etc/sysconf/pure-ftpd any more.
    Recognize the '##' prefix as a shadowed password - make
authentication work on Solaris with shadow/NIS.
    Add back some random sleep() between authentication failures in
addition to the exponential sleep. Zzzzz... sleeping is good in summer...
    Upgrade to automake 1.7.5.
    The list of options in the pure-ftpd(8) man page was reordered -
Thanks to our beloved Claudiu Costin.
    SSL/TLS support was added (bits in src/{ftpd.c,ftp_parser.c,tls.c,tls.h,
configure.ac}, new doc: README.TLS, new globals: tls_ctx, tls_cnx). New
related commands were introduced : AUTH, PBSZ and PROT.
    Uploaded files are now removed when realpath() fails and
bsd_realpath() was modified to fall back to getcwd()/chdir() if we
can't get a descriptor on the current directory because it is not
readable. It fixes pure-uploadscript on some platforms like MacOS X.
    HAVE_BROKEN_REALPATH is gone. USE_BUILTIN_REALPATH is born.
    A typo in the Python configuration file wrapper was fixed : -t was used in
place of -y.
    MacOS X Panther has a lousy getnameinfo() implementation that doesn't fill
the buffer when no DNS entry is found for a host and a numerical result wasn't
explicitely asked. As a result, Pure-FTPd didn't even start on Panther (saying
"bad IP address") . We now check for EAI_NONAME if available and we retry with
NI_NUMERICHOST if this is what getnameinfo() returns. Thanks to Yann Bizeul
for his valuable help on this issue.
    Implement a working strdup() replacement in puredb for systems lacking it.
    Some MAXPATHLEN / MAXPATHLEN + 1 cleanups. Basically when paths are
generated by our own functions, we use MAXPATHLEN for the complete
zero-terminated string. When a buffer is passed to a libc function, we reserve
a MAXPATHLEN + 1 buffer and give a MAXPATHLEN size, just to avoid bad
surprises if an off-by-one ever occurs in a getcwd() like function.
    Don't use make_scrambled_password() in the MySQL backend because the API
changed since MySQL 4.1.
    Removed fixed-size constant arrays in src/crypto.c because of MacOS X
linker bugs (grrr...) .

>How-To-Repeat:
	n/a
>Fix:
	apply the following patch, relative to /usr/pkgsrc:

Index: mk/bsd.pkg.defaults.mk
===================================================================
RCS file: /cvsroot/pkgsrc/mk/bsd.pkg.defaults.mk,v
retrieving revision 1.178
diff -u -r1.178 bsd.pkg.defaults.mk
--- mk/bsd.pkg.defaults.mk	2003/09/03 13:56:28	1.178
+++ mk/bsd.pkg.defaults.mk	2003/09/04 12:03:15
@@ -1556,6 +1556,21 @@
 # Possible: YES, NO
 # Default: NO
 
+PURE_FTPD_USE_VIRTUAL_CHROOT?=	NO
+# Enable the ability to follow symlinks outside a chroot jail
+# Possible: YES, NO
+# Default: NO
+
+PURE_FTPD_USE_TLS?= NO
+# Enable SSL/TLS support.
+# Possible: YES, NO
+# Default: NO
+
+PURE_FTPD_USE_NO_BANNER?= NO
+# Disable the initial banner
+# Possible: YES, NO
+# Default: NO
+
 #SAMBA_USE_LDAP=YES
 # Add support for LDAP.
 # Possible: YES, not defined
Index: net/pure-ftpd/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/net/pure-ftpd/Makefile,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 Makefile
--- net/pure-ftpd/Makefile	2003/07/12 14:43:08	1.1.1.1
+++ net/pure-ftpd/Makefile	2003/09/04 12:03:15
@@ -1,9 +1,17 @@
 # $NetBSD: Makefile,v 1.1.1.1 2003/07/12 14:43:08 salo Exp $
 #
 
-DISTNAME=	pure-ftpd-1.0.15
+DISTNAME=	pure-ftpd-1.0.16a
 CATEGORIES=	net
-MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=pureftpd/}
+MASTER_SITES=	ftp://ftp.pureftpd.org/pub/pure-ftpd/releases/ \
+		ftp://ftp2.fr.pureftpd.org/pub/mirrors/ftp.fr.pureftpd.org/pub/pure-ftpd/releases/ \
+		ftp://ftp3.fr.pureftpd.org/pure-ftpd/releases/ \
+		ftp://ftp.dk.pureftpd.org/mirrors/pure-ftpd/releases/ \
+		ftp://ftp.es.pureftpd.org/mirror/pureftpd/latest/releases/ \
+		ftp://ftp.nl.pureftpd.org/pub/pure-ftpd/releases/ \
+		ftp://ftp.fr.pureftpd.org/pub/pure-ftpd/releases/ \
+		ftp://ftp.cn.pureftpd.org/pub/pureftpd/pure-ftpd/releases/ \
+		${MASTER_SITE_SOURCEFORGE:=pureftpd/}
 
 MAINTAINER=	dawszy@arhea.net
 HOMEPAGE=	http://www.pureftpd.org/
@@ -13,16 +21,9 @@
 USE_PKGINSTALL=	YES
 GNU_CONFIGURE=	YES
 
-CONFIGURE_ARGS+=	--with-sysquotas	\
-			--with-ftpwho		\
-			--with-virtualvhosts	\
-			--with-virtualchroot	\
-			--with-diraliases	\
-			--with-ratios		\
-			--with-throttling	\
-			--with-altlog		\
-			--with-puredb		\
-			--with-quotas
+CONFIGURE_ARGS+=	--with-everything	\
+			--with-paranoidmsg	\
+			--with-privsep
 
 .include "../../mk/bsd.prefs.mk"
 
@@ -39,6 +40,30 @@
 BUILD_DEFS+=		PURE_FTPD_USE_PGSQL
 .endif
 
+.if defined(PURE_FTPD_USE_VIRTUAL_CHROOT) && !empty(PURE_FTPD_USE_VIRTUAL_CHROOT:M[Yy][Ee][Ss])
+CONFIGURE_ARGS+=	--with-virtualchroot
+BUILD_DEFS+=		PURE_FTPD_USE_VIRTUAL_CHROOT
+.endif
+
+.if defined(PURE_FTPD_USE_TLS) && !empty(PURE_FTPD_USE_TLS:M[Yy][Ee][Ss])
+CONFIGURE_ARGS+=	--with-tls
+BUILD_DEFS+=		PURE_FTPD_USE_TLS
+.endif
+
+.if defined(PURE_FTPD_USE_NO_BANNER) && !empty(PURE_FTPD_USE_NO_BANNER:M[Yy][Ee][Ss])
+CONFIGURE_ARGS+=	--without-banner
+BUILD_DEFS+=		PURE_FTPD_USE_NO_BANNER
+.endif
+
 RCD_SCRIPTS=	pure_ftpd
+
+DOCS+=	README README.Configuration-File README.Contrib README.TLS \
+	README.Virtual-Users README.Authentication-Modules
+
+post-install:
+	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/pure-ftpd
+.for docfile in ${DOCS}
+	${INSTALL_DATA} ${WRKSRC}/${docfile} ${PREFIX}/share/doc/pure-ftpd
+.endfor
 
 .include "../../mk/bsd.pkg.mk"
Index: net/pure-ftpd/PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/net/pure-ftpd/PLIST,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 PLIST
--- net/pure-ftpd/PLIST	2003/07/12 14:43:08	1.1.1.1
+++ net/pure-ftpd/PLIST	2003/09/04 12:03:15
@@ -18,3 +18,9 @@
 sbin/pure-mrtginfo
 sbin/pure-quotacheck
 sbin/pure-uploadscript
+share/doc/pure-ftpd/README
+share/doc/pure-ftpd/README.Authentication-Modules
+share/doc/pure-ftpd/README.Configuration-File
+share/doc/pure-ftpd/README.Contrib
+share/doc/pure-ftpd/README.TLS
+share/doc/pure-ftpd/README.Virtual-Users
Index: net/pure-ftpd/distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/net/pure-ftpd/distinfo,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 distinfo
--- net/pure-ftpd/distinfo	2003/07/12 14:43:08	1.1.1.1
+++ net/pure-ftpd/distinfo	2003/09/04 12:03:15
@@ -1,4 +1,4 @@
 $NetBSD: distinfo,v 1.1.1.1 2003/07/12 14:43:08 salo Exp $
 
-SHA1 (pure-ftpd-1.0.15.tar.gz) = 301384e4967b325b439235abe661c406d6f036a3
-Size (pure-ftpd-1.0.15.tar.gz) = 495335 bytes
+SHA1 (pure-ftpd-1.0.16a.tar.gz) = 7795efc25595c86224912d42a18eb9527faebd10
+Size (pure-ftpd-1.0.16a.tar.gz) = 509865 bytes

>Release-Note:
>Audit-Trail:
>Unformatted:
 Pure-ftpd 1.0.16 was release a while ago, adding some neat features.
 	NetBSD 1.6X