diff options
author | salo <salo> | 2003-05-29 20:08:41 +0000 |
---|---|---|
committer | salo <salo> | 2003-05-29 20:08:41 +0000 |
commit | 4c8d24e7fe22a3f696a85766022e689d4e219fdc (patch) | |
tree | bdd75d942340de87aa55e095df84d03d574f01a0 /net | |
parent | 0dc57e617409eae78eaf1a254af45ee2c8afe402 (diff) | |
download | pkgsrc-4c8d24e7fe22a3f696a85766022e689d4e219fdc.tar.gz |
Updated to 1.2.0.
- take over maintainership, MAINTAINER is not reachable on his mail anymore
(non-existent domain).
Changes:
Logging has been enhanced, including syslog support. IPv6 support has been
added. STRU, MODE, STOU, HELP, and SITE HELP have been implemented. Better
control of which commands to allow has been added. pam_session support has
been added. Error messages have been improved. There are lots of bugfixes
and new configuration options.
- Eliminate crypt() not defined warning.
- "grep -q" is not standard to redirect to /dev/null instead.
- Make banned_email_file work second time around.
- Add force_dot_files to work around broken clients. The behaviour when
enabled is very wu-ftpd like.
- Implement SITE HELP - should work around IE bug?
- Update README, vsftpd.conf with references to read the manual page!
- Log revamp: add dual_log_enable to log to xferlog AND vsftpd.log.
- Log revamp: add syslog_enable to log vsftpd.log to syslog().
- Add "background" option to background the listener process.
- Fix warning is vsftpd.8 man page, Bill Nottingham <notting@redhat.com>.
- Fix tcp wrappers support to NOT emit loads of Bad file descriptor messages
to the system log.
- Add ability to make bandwidth limiter smoother by using e.g.
trans_chunk_size=8192.
- Add ability for virtual users to use local privs non anon privs, via
virtual_use_local_privs=YES.
- Fix sendfile() fallback on FreeBSD, thanks to Adam Stroud
<adstro@stny.rr.com>.
- Add pam_session support, as well as utmp and wtmp logging for local logins
(when using a PAM build). Tested pam_limits maxlogins works.
- Ensure the source IP address for PORT connects is always the same as the
control connection local IP address. Previously it was not when NOT using
connect_from_port_20 in the presence of multiple local IP addresses.
- Oops - make max_per_ip and max_clients work with the two process model
when both connect_from_port_20 and chown_uploads are false.
- Initial IPv6 support (EPSV only).
- Add EPRT support to IPv6.
- Fix "ls .file" to list .file even if the ls -a flag is not present. Noted
by and thanks to Sean Millichamp <sean@enertronllc.com>.
- Better error messages for config file parse fail: include setting name.
- Fix bug in str_split_text where text is greater than 1 character long!
- Make it build on Solaris8 - switch from utmp to utmpx and handle missing
LOG_FTP.
- Always check for VSFTPD_LOAD_CONF environment variable.
- Implement HELP properly (should help broken clients).
- Fix FreeBSD build (no utmpx.h, so disable feature).
- Fix chown_uploads.
- "Guess fix" for FreeBSD reported bug. I reckon FreeBSD is returning -EINTR
from a blocking close but still closing the fd, despite the error return. So
cater for this. Reported by Drew Vogel <dvogel@intercarve.net>.
- Add download_enable and dirlist_enable. Useful in conjunction with the
per-user config stuff.
- Add chmod_enable.
- Implement STRU and MODE for _old_, broken clients!
- Log connects.
- Fix 500 OOPS with chown_uploads and an APPE command.
- Improve some error messages: die -> die2 for more information.
- Repair max_per_ip (problem comparing IPv4 addresses).
- Make chown_uploads work with virtual users.
- Chmod files to 0600 before chown_uploads kicks in.
- Add STOU support.
- Add cmds_allowed config parameter.
- Add some FAQ entries.
Diffstat (limited to 'net')
-rw-r--r-- | net/vsftpd/DESCR | 10 | ||||
-rw-r--r-- | net/vsftpd/Makefile | 11 | ||||
-rw-r--r-- | net/vsftpd/distinfo | 15 | ||||
-rw-r--r-- | net/vsftpd/patches/patch-ac | 19 | ||||
-rw-r--r-- | net/vsftpd/patches/patch-ad | 14 | ||||
-rw-r--r-- | net/vsftpd/patches/patch-ae | 9 | ||||
-rw-r--r-- | net/vsftpd/patches/patch-af | 37 | ||||
-rw-r--r-- | net/vsftpd/patches/patch-ah | 22 |
8 files changed, 89 insertions, 48 deletions
diff --git a/net/vsftpd/DESCR b/net/vsftpd/DESCR index 4f378bbb24a..5599abe96d6 100644 --- a/net/vsftpd/DESCR +++ b/net/vsftpd/DESCR @@ -1,8 +1,8 @@ -vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. Obviously -this is not a guarantee, but a reflection that I have written the entire -codebase with security in mind, and carefully designed the program to be -resilient to attack. +vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. +Obviously this is not a guarantee, but a reflection that I have written +the entire codebase with security in mind, and carefully designed the program +to be resilient to attack. Recent evidence suggests that vsftpd is also extremely fast (and this is -before any explicit performance tuning!) In tests against wu-ftpd, vsftpd +before any explicit performance tuning!) In tests against wu-ftpd, vsftpd was always faster, supporting over twice as many users in some tests. diff --git a/net/vsftpd/Makefile b/net/vsftpd/Makefile index bc364f76d81..495fa544797 100644 --- a/net/vsftpd/Makefile +++ b/net/vsftpd/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.3 2003/05/09 23:31:38 salo Exp $ +# $NetBSD: Makefile,v 1.4 2003/05/29 20:08:41 salo Exp $ # -DISTNAME= vsftpd-1.1.3 +DISTNAME= vsftpd-1.2.0 CATEGORIES= net MASTER_SITES= ftp://vsftpd.beasts.org/users/cevans/ -MAINTAINER= vaneth@krasnik.org +MAINTAINER= salo@netbsd.org HOMEPAGE= http://vsftpd.beasts.org/ COMMENT= FTP server that aims to be very secure @@ -30,6 +30,10 @@ CONF_FILES= ${EGDIR}/vsftpd.conf.default ${PKG_SYSCONFDIR}/vsftpd.conf MAKE_DIRS= /var/chroot OWN_DIRS= /var/chroot/vsftpd +.if defined(USE_INET6) && !empty(USE_INET6:M[Yy][Ee][Ss]) +BUILD_DEFS+= USE_INET6 +.endif + post-patch: @cd ${WRKSRC} && \ for f in vsftpd.8 vsftpd.conf.5 vsftpd.conf; do \ @@ -47,4 +51,5 @@ do-install: cd ${WRKSRC} && ${INSTALL_DATA} FAQ INSTALL README TUNING ${DOCDIR} .include "../../security/tcp_wrappers/buildlink2.mk" + .include "../../mk/bsd.pkg.mk" diff --git a/net/vsftpd/distinfo b/net/vsftpd/distinfo index 84ba0ea1e07..18df92ae547 100644 --- a/net/vsftpd/distinfo +++ b/net/vsftpd/distinfo @@ -1,11 +1,12 @@ -$NetBSD: distinfo,v 1.3 2003/05/09 23:31:38 salo Exp $ +$NetBSD: distinfo,v 1.4 2003/05/29 20:08:41 salo Exp $ -SHA1 (vsftpd-1.1.3.tar.gz) = 495ae55456d4c1ddc44066a6d09a51d26084cf1b -Size (vsftpd-1.1.3.tar.gz) = 120817 bytes +SHA1 (vsftpd-1.2.0.tar.gz) = e5646be4d41e2b4e557767b9d194fcd9ee018fb6 +Size (vsftpd-1.2.0.tar.gz) = 130025 bytes SHA1 (patch-aa) = 7e42db098d0d2261d5f02b36f7cba4ec6d91c6a0 SHA1 (patch-ab) = 18431ae27f53270ad4c19b0530e55348397fe143 -SHA1 (patch-ac) = fffe0b8fc53ef2f55487210ab8ca03b2dd031ec9 -SHA1 (patch-ad) = aa5821e2f6d53e07b6f95e5e04e09d8079721290 -SHA1 (patch-ae) = 15bdc5d0fd4adb214f0397ab028e49418b864d5c -SHA1 (patch-af) = 5f936624330894211475c9a489059d97ed685419 +SHA1 (patch-ac) = 46ff47e7d8b510ccc89905726e4a63a18d678318 +SHA1 (patch-ad) = d6bec600b2833acdacecd33d7d52b5ac0d918d6c +SHA1 (patch-ae) = 03121282f1854effcbb004c6a020fb6d012fd424 +SHA1 (patch-af) = 511ff199cecd1563e1c796a8a2f265c1e645cfa8 SHA1 (patch-ag) = d780ab4fef3e2997d4e57c4dbb3e64be8d6768df +SHA1 (patch-ah) = b1f41ec1de6190b838b4e829fb25a7bb6dfa71de diff --git a/net/vsftpd/patches/patch-ac b/net/vsftpd/patches/patch-ac index 35c9b6b22f2..4949d741a96 100644 --- a/net/vsftpd/patches/patch-ac +++ b/net/vsftpd/patches/patch-ac @@ -1,14 +1,14 @@ -$NetBSD: patch-ac,v 1.1 2003/05/09 23:31:40 salo Exp $ +$NetBSD: patch-ac,v 1.2 2003/05/29 20:08:42 salo Exp $ ---- vsftpd.conf.orig 2003-05-10 01:04:11.000000000 +0200 -+++ vsftpd.conf 2003-05-10 01:14:57.000000000 +0200 +--- vsftpd.conf.orig 2003-01-21 02:15:34.000000000 +0100 ++++ vsftpd.conf 2003-05-29 20:19:35.000000000 +0200 @@ -1,4 +1,4 @@ -# Example config file /etc/vsftpd.conf +# Example config file @PKG_SYSCONFDIR@/vsftpd.conf # - # The default compiled in settings are very paranoid. This sample file + # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. -@@ -83,14 +83,14 @@ +@@ -88,14 +88,14 @@ # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) @@ -25,10 +25,15 @@ $NetBSD: patch-ac,v 1.1 2003/05/09 23:31:40 salo Exp $ # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large -@@ -98,3 +98,6 @@ +@@ -103,3 +103,11 @@ # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES -+# By default the server will run standalone. Comment out the option below when ++# By default the server will run standalone. Comment out the option below if +# running from inetd. +listen=YES ++ ++# Like the listen parameter, except vsftpd will listen on an IPv6 socket ++# instead of an IPv4 one. This parameter and the listen parameter are mutually ++# exlusive. ++#listen_ipv6=YES diff --git a/net/vsftpd/patches/patch-ad b/net/vsftpd/patches/patch-ad index 4c51d4feb7e..66b8ffb0926 100644 --- a/net/vsftpd/patches/patch-ad +++ b/net/vsftpd/patches/patch-ad @@ -1,18 +1,18 @@ -$NetBSD: patch-ad,v 1.1 2003/05/09 23:31:40 salo Exp $ +$NetBSD: patch-ad,v 1.2 2003/05/29 20:08:42 salo Exp $ ---- tunables.c.orig 2002-10-25 00:46:21.000000000 +0200 -+++ tunables.c 2003-05-10 00:28:13.000000000 +0200 -@@ -65,19 +65,19 @@ - unsigned int tunable_file_open_mode = 0666; +--- tunables.c.orig 2003-05-28 00:30:06.000000000 +0200 ++++ tunables.c 2003-05-29 19:39:20.000000000 +0200 +@@ -76,19 +76,19 @@ unsigned int tunable_max_per_ip = 0; + unsigned int tunable_trans_chunk_size = 0; -const char* tunable_secure_chroot_dir = "/usr/share/empty"; +const char* tunable_secure_chroot_dir = "/var/chroot/vsftpd"; const char* tunable_ftp_username = "ftp"; const char* tunable_chown_username = "root"; - const char* tunable_xferlog_file = "/var/log/vsftpd.log"; + const char* tunable_xferlog_file = "/var/log/xferlog"; + const char* tunable_vsftpd_log_file = "/var/log/vsftpd.log"; const char* tunable_message_file = ".message"; - /* XXX -> "secure"? */ -const char* tunable_nopriv_user = "nobody"; +const char* tunable_nopriv_user = "vsftpd"; const char* tunable_ftpd_banner = 0; diff --git a/net/vsftpd/patches/patch-ae b/net/vsftpd/patches/patch-ae index 7b4f28683bc..975a0315e4d 100644 --- a/net/vsftpd/patches/patch-ae +++ b/net/vsftpd/patches/patch-ae @@ -1,8 +1,8 @@ -$NetBSD: patch-ae,v 1.1 2003/05/09 23:31:41 salo Exp $ +$NetBSD: patch-ae,v 1.2 2003/05/29 20:08:42 salo Exp $ ---- vsftpd.8.orig 2001-03-12 02:14:07.000000000 +0100 -+++ vsftpd.8 2003-05-10 00:26:17.000000000 +0200 -@@ -20,7 +20,7 @@ +--- vsftpd.8.orig 2002-12-20 19:14:46.000000000 +0100 ++++ vsftpd.8 2003-05-29 19:41:29.000000000 +0200 +@@ -20,6 +20,6 @@ An optional .Op configuration file may be given on the command line. The default configuration file is @@ -10,4 +10,3 @@ $NetBSD: patch-ae,v 1.1 2003/05/09 23:31:41 salo Exp $ +.Pa @PKG_SYSCONFDIR@/vsftpd.conf . .Sh SEE ALSO .Xr vsftpd.conf 5 - diff --git a/net/vsftpd/patches/patch-af b/net/vsftpd/patches/patch-af index a9dd9ca537c..7e25224afa7 100644 --- a/net/vsftpd/patches/patch-af +++ b/net/vsftpd/patches/patch-af @@ -1,7 +1,7 @@ -$NetBSD: patch-af,v 1.1 2003/05/09 23:31:41 salo Exp $ +$NetBSD: patch-af,v 1.2 2003/05/29 20:08:42 salo Exp $ ---- vsftpd.conf.5.orig 2002-11-09 16:41:11.000000000 +0100 -+++ vsftpd.conf.5 2003-05-10 00:25:51.000000000 +0200 +--- vsftpd.conf.5.orig 2003-05-28 00:50:28.000000000 +0200 ++++ vsftpd.conf.5 2003-05-29 19:45:56.000000000 +0200 @@ -4,7 +4,7 @@ .SH DESCRIPTION vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By @@ -11,7 +11,7 @@ $NetBSD: patch-af,v 1.1 2003/05/09 23:31:41 salo Exp $ However, you may override this by specifying a command line argument to vsftpd. The command line argument is the pathname of the configuration file for vsftpd. This behaviour is useful because you may wish to use an advanced -@@ -115,7 +115,7 @@ +@@ -128,7 +128,7 @@ different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is @@ -20,7 +20,7 @@ $NetBSD: patch-af,v 1.1 2003/05/09 23:31:41 salo Exp $ .BR chroot_list_file setting. -@@ -143,7 +143,7 @@ +@@ -156,7 +156,7 @@ .B deny_email_enable If activated, you may provide a list of anonymous password e-mail responses which cause login to be denied. By default, the file containing this list is @@ -29,7 +29,7 @@ $NetBSD: patch-af,v 1.1 2003/05/09 23:31:41 salo Exp $ .BR banned_email_file setting. -@@ -448,7 +448,7 @@ +@@ -528,7 +528,7 @@ .BR deny_email_enable is enabled. @@ -38,16 +38,25 @@ $NetBSD: patch-af,v 1.1 2003/05/09 23:31:41 salo Exp $ .TP .B banner_file This option is the name of a file containing text to display when someone -@@ -476,7 +476,7 @@ +@@ -556,7 +556,7 @@ .BR chroot_local_user is disabled. -Default: /etc/vsftpd.chroot_list +Default: @PKG_SYSCONFDIR@/vsftpd.chroot_list .TP - .B guest_username - See the boolean setting -@@ -551,10 +551,10 @@ + .B cmds_allowed + This options specifies a comma separated list of allowed FTP commands (post +@@ -638,7 +638,7 @@ + directory should not be writable by the ftp user. This directory is used + as a secure chroot() jail at times vsftpd does not require filesystem access. + +-Default: /usr/share/empty ++Default: /var/chroot/vsftpd + .TP + .B user_config_dir + This powerful option allows the override of any config option specified in +@@ -646,10 +646,10 @@ with an example. If you set .BR user_config_dir to be @@ -60,12 +69,12 @@ $NetBSD: patch-af,v 1.1 2003/05/09 23:31:41 salo Exp $ for the duration of the session. The format of this file is as detailed in this manual page! -@@ -565,7 +565,7 @@ +@@ -660,7 +660,7 @@ .BR userlist_enable option is active. -Default: /etc/vsftpd.user_list +Default: @PKG_SYSCONFDIR@/vsftpd.user_list - .TP - .B xferlog_file - This option is the name of the file to which we write the transfer log. The + .BR + .B vsftpd_log_file + This option is the name of the file to which we write the vsftpd style diff --git a/net/vsftpd/patches/patch-ah b/net/vsftpd/patches/patch-ah new file mode 100644 index 00000000000..57a210435ef --- /dev/null +++ b/net/vsftpd/patches/patch-ah @@ -0,0 +1,22 @@ +$NetBSD: patch-ah,v 1.1 2003/05/29 20:08:42 salo Exp $ + +--- sysdeputil.c.orig 2003-03-11 00:42:48.000000000 +0100 ++++ sysdeputil.c 2003-05-29 21:46:11.000000000 +0200 +@@ -70,6 +70,17 @@ + #define VSF_SYSDEP_HAVE_SETPROCTITLE + #endif + ++#if defined(__NetBSD__) ++ #include <stdlib.h> ++ #define VSF_SYSDEP_HAVE_SETPROCTITLE ++ #include <sys/param.h> ++ #if __NetBSD_Version__ >= 106070000 ++ #define WTMPX_FILE _PATH_WTMPX ++ #else ++ #undef VSF_SYSDEP_HAVE_UTMPX ++ #endif ++#endif ++ + #ifdef __hpux + #include <sys/socket.h> + #ifdef SF_DISCONNECT |