summaryrefslogtreecommitdiff
path: root/net/vsftpd/Makefile
diff options
context:
space:
mode:
authortriaxx <triaxx@pkgsrc.org>2018-02-09 16:46:42 +0000
committertriaxx <triaxx@pkgsrc.org>2018-02-09 16:46:42 +0000
commitacd19e8844a802eb7746feaff91c60425760dced (patch)
tree4bd1f46c568f2e3afd66a84fcadc9d4a10a3216a /net/vsftpd/Makefile
parent733ff142928501652b5a686f0868a853331b53fb (diff)
downloadpkgsrc-acd19e8844a802eb7746feaff91c60425760dced.tar.gz
vsftpd: updated to 3.0.3
v2.3.5 ====== - Try and force glibc to cache zoneinfo files in an attempt to work around glibc parsing vulnerability. Thanks to Kingcope. - Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke <martin@meltin.net>. - Some simple fixes and cleanups from Thorsten Brehm <tbrehm@dspace.de>. - Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to steve willing <eiji-gravion@hotmail.com>. - Handle connect() failures properly. Thanks to Takayuki Nagata <tnagata@redhat.com>. - Add stronger checks for the configuration error of running with a writeable root directory inside a chroot(). This may bite people who carelessly turned on chroot_local_user but such is life. v3.0.0 ====== - Update vsf_findlibs.sh to work on Ubuntu 11.10+ - Make listen mode the default. - Add -Werror to build flags. - Fix missing "const" in ssl.c - Add seccompsandbox.c to support a seccomp filter sandbox; works against Ubuntu 12.04 ABI. - Rearrange ftppolicy.c a bit so the syscall list is easily comparable with seccompsandbox.c - Rename deprecated "sandbox" to "ptrace_sandbox". - Add a few more state checks to the privileged helper processes. - Add tunable "seccomp_sandbox", default on. - Use hardened build flags. Distros of course override these and provide their own build flags but no harm in showing how it could be done. - Retry creating a PASV socket upon port reuse race between bind() and listen(), patch from Ralph Wuerthner <ralph.wuerthner@de.ibm.com>. - Don't die() if recv() indicates a closed remote connection. Problem report on a Windows client from Herbert van den Bergh, <herbert.van.den.bergh@oracle.com>. - Add new config setting "allow_writeable_chroot" to help people in a bit of a spot with the v2.3.5 defensive change. Only applies to non-anonymous. - Remove a couple of fixed things from BUGS. - strlen() trunction fix -- no particular impact. - Apply some tidyups from mmoufid@yorku.ca. (vsftpd-3.0.0-pre1) - Fix delete_failed_uploads if there is a timeout. Report from Alejandro Hernández Hdez <aalejandrohdez@gmail.com>. - Fix other data channel bugs such as failure to log failure upon timeout. - Use exit codes a bit more consistently. - Fix bad interaction between SSL and trans_chunk_size. - Redo data timeout to fire properly for SSL sessions. - Redo idle timeout to fire properly for SSL sessions. - Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing. - Use 10 minutes as a max linger time just in case an alarm gets lost. (vsftpd-3.0.0-pre2) - Change PR_SET_NO_NEW_PRIVS define, from Kees Cook. - Add AES128-SHA to default SSL cipher suites for FileZilla compatibility. Unfortunately the default vsftpd SSL confiuration still doesn't fully work with FileZilla, because FileZilla has a data connection security problem: no client certificate presentation and no session reuse. At least the error message is now very clear. - Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst a data transfer is in progress. - Fix delete_failed_uploads for anonymous sessions. - Don't listen for urgent data if the control connection is SSL, due to possible protocol synchronization issues. v3.0.1 ====== - Fix some seccomp related build errors on certain CentOS and Debian versions. - Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort() opens and maps /proc/meminfo but only for larger item counts? - Seccomp filter sandbox: deny socket() gracefully for text_userdb_names. - Fix various NULL crashes with nonsensical config settings. Noted by Tianyin Xu <tixu@cs.ucsd.edu>. - Force cast to unsigned char in is* char functions. - Fix harmless integer issues in strlist.c. - Started on a (possibly ill-advised?) crusade to compile cleanly with Wconversion. Decided to suspend the effort half-way through. v3.0.2 ====== - One more seccomp policy fix: mremap (denied). - Support STOU with no filename, uses a STOU. prefix. v3.0.3 ====== - Increase VSFTP_AS_LIMIT to 200MB; various reports. - Make the PWD response more RFC compliant; report from Barry Kelly <barry@modeltwozero.com>. - Remove the trailing period from EPSV response to work around BT Internet issues; report from Tim Bishop <tdb@mirrorservice.org>. - Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil <mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now. - Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I probably have a different distro / libc / etc. and there are multiple reports. - Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle this case gracefully. Report from Vasily Averin <vvs@odin.com>. - List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. - Make some compile-time SSL defaults (such as correct client shutdown handling) stricter. - Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms delays. From Tim Kosse <tim.kosse@filezilla-project.org>. - Kill the FTP session if we see HTTP protocol commands, to avoid cross-protocol attacks. A report from Jann Horn <jann@thejh.net>. - Kill the FTP session if we see session re-use failure. A report from Tim Kosse <tim.kosse@filezilla-project.org>. (vsftpd-3.0.3pre1) - Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>. - Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384. - Minor SSL logging improvements. - Un-default tunable_strict_ssl_write_shutdown again. We still have tunable_strict_ssl_read_eof defaulted now, which is the important one to prove upload integrity. (vsftpd-3.0.3pre2)
Diffstat (limited to 'net/vsftpd/Makefile')
-rw-r--r--net/vsftpd/Makefile15
1 files changed, 11 insertions, 4 deletions
diff --git a/net/vsftpd/Makefile b/net/vsftpd/Makefile
index 014e99b7c30..3309415b257 100644
--- a/net/vsftpd/Makefile
+++ b/net/vsftpd/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.43 2016/04/12 08:07:50 wiz Exp $
+# $NetBSD: Makefile,v 1.44 2018/02/09 16:46:42 triaxx Exp $
-DISTNAME= vsftpd-2.3.4
-PKGREVISION= 5
+DISTNAME= vsftpd-3.0.3
CATEGORIES= net
MASTER_SITES= http://security.appspot.com/downloads/
@@ -32,6 +31,7 @@ INSTALLATION_DIRS= libexec ${PKGMANDIR}/man5 ${PKGMANDIR}/man8 \
SUBST_CLASSES+= paths
SUBST_FILES.paths= vsftpd.8 vsftpd.conf.5 vsftpd.conf
SUBST_SED.paths+= -e 's,@PKG_SYSCONFDIR@,${PKG_SYSCONFDIR},g'
+SUBST_SED.paths+= -e 's,@VARBASE@,${VARBASE},g'
SUBST_STAGE.paths= post-patch
MAKE_ENV+= LIBS=${LIBS:Q}
@@ -44,6 +44,13 @@ SUBST_STAGE.dirfd= pre-build
SUBST_FILES.dirfd= port/solaris_bogons.h
SUBST_SED.dirfd= -e '/dirfd_extras/d'
.endif
+.if ${OPSYS} == "FreeBSD"
+SUBST_CLASSES+= idirafter
+SUBST_MESSAGE.idirafter=Fix buggy -idirafter for clang
+SUBST_STAGE.idirafter= pre-build
+SUBST_FILES.idirafter= Makefile
+SUBST_SED.idirafter= -e 's,-idirafter ,-I,'
+.endif
VSFTPD_USER?= vsftpd
VSFTPD_GROUP?= vsftpd
@@ -53,7 +60,7 @@ PKG_USERS= ${VSFTPD_USER}:${VSFTPD_GROUP}
PKG_GROUPS_VARS+= VSFTPD_GROUP
PKG_USERS_VARS+= VSFTPD_USER
-CFLAGS+= -DPKG_SYSCONFDIR="\"${PKG_SYSCONFDIR}\""
+CFLAGS+= -DPKG_SYSCONFDIR="\"${PKG_SYSCONFDIR}\"" -DVARBASE="\"${VARBASE}\""
LIBS.SunOS= -lsocket -lnsl -lrt -lsendfile -lresolv
.include "options.mk"