CVS commit: pkgsrc/net/vsftpd

["David Brownlee" <abs%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   abs
Date:           Mon Nov  8 17:10:56 UTC 2010

Modified Files:
        pkgsrc/net/vsftpd: Makefile distinfo
        pkgsrc/net/vsftpd/patches: patch-aa patch-ab patch-ac patch-ad patch-ae
            patch-af

Log Message:
Updated net/vsftpd to 2.3.2

Changes since 2.0.7

- Remove .postlogin.c.swp (thanks Kaibin Li <kbli%fortinet.com@localhost>)!
- findlibs repairs for libcap; builds on my Ubuntu 6.06 again.
- Apply patch to fix "error: assignment of read-only member '__in'" build
error on broken systems where the WIFEXITED() etc. macros write to their
argument. Thanks Ingo Terpelle <it%exanto.de@localhost>.
- Replace spaces in xferlog with underscores, report from
Michael Wittauer <michael.wittauer%sonydadc.com@localhost>.
- Reload default config values before re-parsing config file on SIGHUP. This
makes the values correct in the case a setting was removed from the file.
- Do not issue an FTP response for a blank line on the control channel. Fixes
issues with some broken NAT devices. ProFTPd does the same, so hopefully
nothing will break. Report from Frank Bulk 
<fbulk%mypremieronline.com@localhost>.
- Replace usage of broken _syscall() with syscall(). Fixes build errors for
those without libcap-devel installed.
- Add implicit SSL support with implicit_ssl option.
- Remove arbitrary restriction on one process model + SSL.
- Set a session ID on the SSL context.
- Add the skeleton of a built-in ptrace sandbox. Not yet useful for anything
other than catching compile errors. Yes, I'm crazy :P
- Use PR_SET_PDEATHSIG all over the place so that when the listener is killed,
existing sessions are booted too.
- Use SSL_peek; makes SSL pipelining work. Note that I never found any SSL
client that need it, but still a nice code clean-up.
- Change ASCII download behaviour so \r\n does not become \r\r\n. This mirrors
proftpd behaviour instead of wu-ftpd. Thanks Paul Abel 
<pabel%fexcodcc.com@localhost>.
- Switch all sighandlers to the synchronous ones. Prevents us having to
block and unblock signals all the time.
- Add a "use alarm" option to synchronous signal handlers, to ensure the race
condition against a blocking call does not result in a permanent
non-delivery.
- Use SIGTERM for privileged parent process shutdown, so they can still update
u/wtmp properly.
- Do RAND_load_file from /dev/urandom in the child context because I don't
trust the OpenSSL API vs. fork(). Different children do have different RNG
state; this is defense in depth.
- More thoroughly close the remote ends of the priv_sock, ensuring that child
death results in no blocking in the parent. This is a matter of tidyness; the
SIGCHLD handler will reliably tear down the parent.
- Do the same for the SSL slave / consumer channels.
- Fix OpenBSD build.
- Move SSL data handling into the SSL slave process. Incurs some extra
overhead in terms of context switches and copies, but it enables this next
item:
- By default, require SSL data connections to exhibit SSL session re-use of
the control channel. Unlike the cert thing, this _is_ something we can turn
on by default as most clients seem to do reuse. Yay.
- Change 522 response for SSL connection fail to note when session reuse is
required.
(v2.1.0pre1 here)
- More work on the inbuilt ptrace()-sandbox support.
- Clear the idle alarm when starting data transfer if there is no data alarm.
- Fix syslog format; don't embed 2nd copy of date, pid. Thanks to
Ren
- Lock file before truncating it for upload. Fixes various simultaneous
upload corruption issues.
- Make sure to give 426 error code on uploads if ABOR was received.
- Add cmds_denied option to complement cmds_allowed.
- Ignore lines in config file containing only white space.
- Require write_enable / anon_upload_enable / etc. to process STOU.
- FC10 patch (vsftpd-1.0.1-missingok.patch): tweak to logrotate file.
- FC10 patch (vsftpd-1.2.1-nonrootconf.patch): bail if the config file is not
owned by the currently running user.
- FC10 patch (vsftpd-2.0.1-tcp_wrappers.patch): explicitly call openlog() to
avoid syslog() bug where some settings are not initialized.
- FC10 patch (vsftpd-2.0.3-daemonize_fds.patch): when backgrounding, replace
fd 0,1,2 with /dev/null fd.
- FC10 patch (vsftpd-2.0.5-correct_comments.patch): comment tweaks in the
sample config file.
- FC10 patch (vsftpd-2.0.5-fix_unique.patch): use the default filename given
by STOU if it is available.
- FC10 patch (vsftpd-2.0.5-pam_end.patch): call pam_end() properly so modules
can act on errors if they want.
- FC10 patch (vsftpd-2.0.5-pasv_dot.patch): Strict RFC compliance for PASV
command; add a trailing period.
- FC10 patch (vsftpd-2.0.5-uname_size.patch): allow longer usernames. It's not
1990 any more, so trust PAM etc. to not stack-buffer-overflow.
- FC10 patch (vsftpd-2.0.5-underscore_uname.patch): permit username to start
with underscore or period.
- FC10 patch (vsftpd-2.0.6-listen.patch): default listen to YES.
- Fix crash on SIGHUP introduced in 2.1.0pre1. Oops.
- FC10 patch (vsftpd-2.0.5-bind_denied.patch): retry PASV bind() on EACCES
too, which can happen on SELinux systems.
- Default resource limit for child processes: 100MB address space.
- Finishing touches to the initial sandbox policy; only permit connect() to
the host on the control channel being the nicest touch.
(v2.1.0pre2 here)
- Fix 64-bit build (oops)! Thanks Martin Nagy <mnagy%redhat.com@localhost>.
- Fix config of SSL built in; not enabled; two process model. Report from
Martin.
- Shutdown the command connection in the priv parent's SIGTERM handler; kills
of children where the PR_SET_PDEATHSIG cannot due to different user ids.
(v2.1.0pre3 here)
- Fix build on FC10.
- Some FAQ tweaks.
- Permit fcntl(F_GETFD) in sandbox policy. Needed for FC10. Not sure where it
comes from but it is harmless. (My guess would be glibc-2.9's new support for
using O_CLOEXEC more).
- Fix build warning on 64-bit.
- Fix build on OpenBSD again.
(v2.1.0pre4 here)
- Bring userlist_deny handling inside the max_login_fail accounting.

At this point: v2.1.0 released!
===============================

- Apply Tavis' RLIMIT_NOFILE trick in the twoprocess model's initial
unprivileged child.
- Fix build error due to __NR_utimes.
- Ugh. Can't use RLIMIT_NOFILE in the SSL case because the process later
receives data transfer fd's via recvmsg(). It's a total shame because doing
the SSL handshake under even lower privs would be a real boost.
(v2.1.1pre1 here)
- Fix some declarations occuring in the middle of a block; broke older more
strict compilers.
- Handle the case where libcap is now libcap.so.2; fixes build on my new
Ubuntu 9.04.
- Enhance 522 error message to point to require_ssl_reuse option.
- Fix NASTY regression whereby data transfer timeouts would fire incorrectly
under SSL transfers. In addition, the transfer rate caps were not working
under SSL transfers. Reported by several people.
- Use the login delay machinery for userlist-based denials too. Thanks to
Tomas Hoger <thoger%redhat.com@localhost> for the patch.
- Fix another tedious regression whereby absent per-user config files were
causing a session fail rather than being gracefully ignored.
- Use the somewhat new CLONE_NEWPID / CLONE_NEWIPC to provide more isolation
in the vsftpd low-priv processes (CLONE_NEWNET pending).
- Use RLIMIT_NPROC to disallow fork()ing etc. in processes that do not need
to create new ones.
- Add "isolate" config flag to disable the new weird clone() flags if
necessary.

At this point: v2.1.1 released!
===============================

- Fix compile error in sysdeputil.c on some Linux systems.

At this point: v2.1.2 released!
===============================

- Fix compile on systems with no RLIMIT_NPROC, oops.
- Change some unsigned int to socklen_t's to avoid warnings on various
platforms, e.g. AIX.
- Add some syscall constants to ptracesandbox.c to fix the build on systems
with 2.4 kernel headers.
- Look for libs in /lib64 and /usr/lib64 too (Fixes Fedora 11 x86_64 compile).
- Fix EACCES mapping, thanks Solar Designer <solar%openwall.com@localhost>.
- Dont emit a bogus "OOPS: " message upon a QUIT, report from Solar Designer
<solar%openwall.com@localhost>.
- Tweak example vsftpd.conf to add commented out chroot_local_user=YES,
from Ivan I. Grushin <mcgru%intrice.ru@localhost>.
- Where available, use CLONE_NEWNET to isolate the untrusted processes so that
they can't do arbitrary connect() and instead have to ask the privileged
process for sockets. Moderate code disturbance - hope for no breakage :-/
- Disable implicit activation of one_process_model so that an anonymous setup
can benefit from the no-network isolation of the unprivileged process (where
available).
(vsftpd-2.2.0pre1)
- Call pam_get_item(PAM_USER) after authentication in case a PAM module
remapped the username. Based on a patch from John McNair 
<john.mcnair%ihg.com@localhost>.
- Apply a couple of IPv6 fixes from Corinna Schultz 
<corinna.schultz%gmail.com@localhost>,
particularly when MS operating systems are talking on link local addresses.
- Handle the error case for accepting a PASV connection in the two process
model properly.
- Pull in a couple of minor tidyup patches from Openwall.
- Add "-o" command line option to specify option, e.g. vsftpd -olisten=NO. Also
respect ordering with respect config files, e.g.
vsftpd -olisten=NO /etc/vsftpd.conf -olocal_enable=NO
Inspiration from Solar / Openwall.
(vsftpd-2.2.0pre2)
- Revert listen to be "NO" by default and also set max_per_ip / max_clients
to 2000 / 50 as a default. Thanks to Solar.
- Sanity check for admin: check config files are regular files.
- Error out if opening the per-user config file gives an error other than
ENOENT. Thanks Solar (who is on fire today ;-)
(vsftpd-2.2.0pre3)
- Apply some typo fixes from Solar.
- Error out on read() errors when reading config files.
(vsftpd-2.2.0pre4)
- Add tunable_isolate_network to parseconf.c, thanks Stefan Pfetzing
<dreamind%dreamind.de@localhost>.
- Don't try and use CLONE_NEWPID etc. if we get EPERM -- may happen even to
root if using linux-vserver. Also thanks to Stefan Pfetzing
<dreamind%dreamind.de@localhost>.
- Couple of typo tweaks from Cristi Terpea <cristi.terpea%fortech.ro@localhost>.
- Change // style comments to /* style.
- Fix pointer aliasing issue in new PAM_USER item support, thanks to Solar.

At this point: v2.2.0 released!
===============================

- Apply patch to set SSL context timeout to maximum, from Tim Kosse
<tim.kosse%filezilla-project.org@localhost>. Should prevent data connection 
failures
after a long transfer or idle period.
- Apply async-safety signal tweaks from Solar.
- Fix crash regression with the pasv_address option enabled.
- Typo fix and look for libnsl in /lib64, from Robby Workman
<rworkman%slackware.com@localhost>.
- When asking the client to send us a cert, make sure we broadcast some suitable
certificates. Fixes compatibility with the z/OS FTP client when
tunable_ssl_request_cert=YES.
- Rip out the silly "cached time" concept. Simplifies things and fixes
incorrect transfer time bug reported by Rajeev V. Pillai. Explicitly pass around
the cached current time in seconds in the one place that needs to avoid
repeated gettimeofday() calls (directory listing).
- Do the login fail delay in the parent process for cases where we checked
a username / password.

At this point: v2.2.1 released!
===============================

- Change "File receive OK." to "Transfer complete." to placate some broken
clients. Thanks Holger Kiehl <Holger.Kiehl%dwd.de@localhost>.
- Fix erroneous "child died" upon FTP client connect, when under load. Awesome
thanks to Holger Kiehl <Holger.Kiehl%dwd.de@localhost> for running diagnostic 
tests on
his live server.
- Boot the session if an overly long line is encountered.
(vsftpd-2.2.2pre1)

At this point: v2.2.2 released!
===============================

- Add extremely simply HTTP support. It's very experimental, ignorant of HTTP
protocol and headers, and likely has all sorts of other issues. The use case
it might satisfy is if you need to serve simple static unathenticated content
with large levels of paranoia.
- Fix port_promiscuous breakage. Report from Soeren 
<soeren84%fastmail.net@localhost>.
(v2.3.0pre1)
- Minor FAQ update.
- Use a larger address space limit if using text_userdb_names=YES
- Always use CLONE_NEWNET if possible when in HTTP mode.
- Change REST + STOR so that it's possible to overwrite part of file without
truncating it.
(v2.3.0pre2)
- Boot the session if we see a USER where encryption was required. May prevent
the transmission of plaintext passwords by buggy clients. Idea from
Marcin Hlybin <marcin%rootnode.net@localhost>.
- Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n
fixups.

At this point: v2.3.0 released!
===============================

- Fix silly regression re: log files being overwritten from the start.
- Rename a few file-open functions to make it clearer what they do.

At this point: v2.3.1 released!
===============================

- Argh! Fix version number.

At this point: v2.3.2 released!
===============================


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 pkgsrc/net/vsftpd/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/net/vsftpd/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/vsftpd/patches/patch-aa \
    pkgsrc/net/vsftpd/patches/patch-ad pkgsrc/net/vsftpd/patches/patch-ae
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/vsftpd/patches/patch-ab
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/vsftpd/patches/patch-ac
cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/vsftpd/patches/patch-af

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.