diff options
author | christos <christos@pkgsrc.org> | 2019-10-07 19:29:47 +0000 |
---|---|---|
committer | christos <christos@pkgsrc.org> | 2019-10-07 19:29:47 +0000 |
commit | d392721ba52dedeefe3d95cfa05ab5be6373f576 (patch) | |
tree | 61e8dd21beb8cb914f7ba51a2b9945f44f196987 /net | |
parent | eeaf2a9fb9457967d9c3ec7409ebb3fd49017380 (diff) | |
download | pkgsrc-d392721ba52dedeefe3d95cfa05ab5be6373f576.tar.gz |
- update to 1.3.6
- add blacklistd support.
Diffstat (limited to 'net')
-rw-r--r-- | net/proftpd/Makefile | 6 | ||||
-rw-r--r-- | net/proftpd/Makefile.common | 10 | ||||
-rw-r--r-- | net/proftpd/PLIST | 14 | ||||
-rw-r--r-- | net/proftpd/distinfo | 19 | ||||
-rw-r--r-- | net/proftpd/patches/patch-Make.rules.in | 11 | ||||
-rw-r--r-- | net/proftpd/patches/patch-include_pfilter.h | 6 | ||||
-rw-r--r-- | net/proftpd/patches/patch-modules_mod__auth.c | 39 | ||||
-rw-r--r-- | net/proftpd/patches/patch-src_main.c | 32 | ||||
-rw-r--r-- | net/proftpd/patches/patch-src_pfilter.c | 44 |
9 files changed, 160 insertions, 21 deletions
diff --git a/net/proftpd/Makefile b/net/proftpd/Makefile index fd161d62770..5c700366784 100644 --- a/net/proftpd/Makefile +++ b/net/proftpd/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.87 2019/08/11 13:22:28 wiz Exp $ +# $NetBSD: Makefile,v 1.88 2019/10/07 19:29:47 christos Exp $ -PKGREVISION= 2 +#PKGREVISION= 2 .include "../../net/proftpd/Makefile.common" COMMENT= Highly configurable FTP server software @@ -54,7 +54,7 @@ INSTALLATION_DIRS+= share/doc/proftpd INSTALLATION_DIRS+= share/examples/proftpd post-install: -.for i in NEWS README README.IPv6 README.LDAP README.PAM README.capabilities \ +.for i in NEWS README.md README.IPv6 README.LDAP README.PAM README.capabilities \ README.classes README.controls README.facl README.modules ${INSTALL_DATA} ${WRKSRC}/${i} ${DESTDIR}${PREFIX}/share/doc/proftpd .endfor diff --git a/net/proftpd/Makefile.common b/net/proftpd/Makefile.common index b140b9918c0..64479d296f2 100644 --- a/net/proftpd/Makefile.common +++ b/net/proftpd/Makefile.common @@ -1,18 +1,18 @@ -# $NetBSD: Makefile.common,v 1.7 2019/05/14 11:39:38 kim Exp $ +# $NetBSD: Makefile.common,v 1.8 2019/10/07 19:29:47 christos Exp $ # used by net/proftpd/Makefile # used by net/proftpd/Makefile.module -DISTNAME= proftpd-1.3.5d +DISTNAME= proftpd-1.3.6 CATEGORIES= net MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ MASTER_SITES+= ftp://ftp.servus.at/ProFTPD/distrib/source/ MASTER_SITES+= ftp://ftp.fsn.hu/pub/proftpd/distrib/source/ -PATCH_SITES= https://github.com/proftpd/proftpd/commit/ -PATCH_DIST_STRIP= -p1 +#PATCH_SITES= https://github.com/proftpd/proftpd/commit/ +#PATCH_DIST_STRIP= -p1 # For CVE-2017-7418 -PATCHFILES= ecff21e0d0e84f35c299ef91d7fda088e516d4ed.patch +#PATCHFILES= ecff21e0d0e84f35c299ef91d7fda088e516d4ed.patch MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.proftpd.org/ diff --git a/net/proftpd/PLIST b/net/proftpd/PLIST index 11a7af52a9e..5861fc8eaac 100644 --- a/net/proftpd/PLIST +++ b/net/proftpd/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.27 2015/09/25 10:01:37 wiedi Exp $ +@comment $NetBSD: PLIST,v 1.28 2019/10/07 19:29:47 christos Exp $ bin/ftpasswd bin/ftpcount bin/ftpdctl @@ -11,12 +11,14 @@ include/proftpd/ascii.h include/proftpd/auth.h include/proftpd/bindings.h include/proftpd/buildstamp.h +include/proftpd/ccan-json.h include/proftpd/child.h include/proftpd/class.h include/proftpd/cmd.h include/proftpd/compat.h include/proftpd/conf.h include/proftpd/config.h +include/proftpd/configdb.h include/proftpd/ctrls.h include/proftpd/data.h include/proftpd/default_paths.h @@ -31,18 +33,20 @@ include/proftpd/filter.h include/proftpd/fsio.h include/proftpd/ftp.h include/proftpd/glibc-glob.h +include/proftpd/hanson-tpl.h include/proftpd/help.h include/proftpd/ident.h include/proftpd/inet.h +include/proftpd/json.h include/proftpd/lastlog.h include/proftpd/libsupp.h include/proftpd/log.h +include/proftpd/logfmt.h include/proftpd/memcache.h include/proftpd/mkhome.h include/proftpd/mod_ctrls.h include/proftpd/mod_dnsbl.h include/proftpd/mod_load.h -include/proftpd/mod_log.h include/proftpd/mod_quotatab.h include/proftpd/mod_sftp.h include/proftpd/mod_sql.h @@ -54,25 +58,27 @@ include/proftpd/netaddr.h include/proftpd/netio.h include/proftpd/options.h include/proftpd/parser.h +include/proftpd/pfilter.h include/proftpd/pidfile.h include/proftpd/pool.h include/proftpd/pr-syslog.h include/proftpd/privs.h include/proftpd/proctitle.h include/proftpd/proftpd.h +include/proftpd/redis.h include/proftpd/regexp.h include/proftpd/response.h include/proftpd/rlimit.h include/proftpd/scoreboard.h include/proftpd/session.h include/proftpd/sets.h +include/proftpd/signals.h include/proftpd/stash.h include/proftpd/str.h include/proftpd/support.h include/proftpd/table.h include/proftpd/throttle.h include/proftpd/timers.h -include/proftpd/tpl.h include/proftpd/trace.h include/proftpd/utf8.h include/proftpd/var.h @@ -129,7 +135,7 @@ sbin/in.proftpd sbin/proftpd share/doc/proftpd/Configuration.html share/doc/proftpd/NEWS -share/doc/proftpd/README +share/doc/proftpd/README.md share/doc/proftpd/README.IPv6 share/doc/proftpd/README.LDAP share/doc/proftpd/README.PAM diff --git a/net/proftpd/distinfo b/net/proftpd/distinfo index 073f13b4d21..5c2b81f10ac 100644 --- a/net/proftpd/distinfo +++ b/net/proftpd/distinfo @@ -1,13 +1,14 @@ -$NetBSD: distinfo,v 1.46 2017/04/05 17:36:00 kim Exp $ +$NetBSD: distinfo,v 1.47 2019/10/07 19:29:47 christos Exp $ -SHA1 (ecff21e0d0e84f35c299ef91d7fda088e516d4ed.patch) = a508c2b37482b178d8ff7b06e45d36044818b5f8 -RMD160 (ecff21e0d0e84f35c299ef91d7fda088e516d4ed.patch) = 5cc12fd67e6c722151f0d0c2a22365aff16f7219 -SHA512 (ecff21e0d0e84f35c299ef91d7fda088e516d4ed.patch) = 7cfadcdb33eff71925d61c78d9d54fe171df3c161d43a940485bd70965046da4ad82d2381d94452dee80548b3131be6801d4f85bbfb2fc3afc7b9a872a00d707 -Size (ecff21e0d0e84f35c299ef91d7fda088e516d4ed.patch) = 3851 bytes -SHA1 (proftpd-1.3.5d.tar.gz) = e7271c9f6df331eda393a834ad66ff60eff134ca -RMD160 (proftpd-1.3.5d.tar.gz) = 2052a7c41824c8ce9558fd11c78843b1b07ab6e7 -SHA512 (proftpd-1.3.5d.tar.gz) = 3297ddd1f11d46123bbe46488d75fa7a6dcdf2c2d6e7e880a78a427f9f1e9901878dab179e41092e0b9864a615d8ba0b0bf444d4f829870e993e3169c7141c37 -Size (proftpd-1.3.5d.tar.gz) = 29966560 bytes +SHA1 (proftpd-1.3.6.tar.gz) = 7e9269f9448c37f82e6faa9edaa3186ff5ba82d2 +RMD160 (proftpd-1.3.6.tar.gz) = 5da3934e46ea517ee6652382e5e3a9f87e591dd6 +SHA512 (proftpd-1.3.6.tar.gz) = 2a3ca76a0c35ba31e9d79f7f652f4f35768262f5039c5dc04ef83ac9218f624645ac6cee445af4ec6a8c59a9bdad1e7b48e0e90cd13934cbe7c3e77a2f6013c0 +Size (proftpd-1.3.6.tar.gz) = 20251898 bytes +SHA1 (patch-Make.rules.in) = 6ce8ab0f65270f701b455a3fd3f008c9f24511c3 SHA1 (patch-Makefile.in) = 332dcd9d773770c10d876dc9da1dc7f6b1c15421 SHA1 (patch-contrib_mod__sftp_Makefile.in) = 8a805d777597b4fb06a45b484373880e535a0cee SHA1 (patch-contrib_mod_tls.c) = e36dfa9427804b41eb2ad49378b62890325d50ed +SHA1 (patch-include_pfilter.h) = 399ba8873e6a58db89c3be44b4f09a1f4ab04e60 +SHA1 (patch-modules_mod__auth.c) = b1ff5c3236edabce5016da3230e0bd30ec92db48 +SHA1 (patch-src_main.c) = c00e1b1830d36d17bea5a10d8e13ec2328d3df88 +SHA1 (patch-src_pfilter.c) = 0f83e751072586f2b6359952b09328d820accc8f diff --git a/net/proftpd/patches/patch-Make.rules.in b/net/proftpd/patches/patch-Make.rules.in new file mode 100644 index 00000000000..9b1138354f8 --- /dev/null +++ b/net/proftpd/patches/patch-Make.rules.in @@ -0,0 +1,11 @@ +--- Make.rules.in.orig 2015-05-27 20:25:54.000000000 -0400 ++++ Make.rules.in 2016-01-25 21:48:47.000000000 -0500 +@@ -110,3 +110,8 @@ + + FTPWHO_OBJS=ftpwho.o scoreboard.o misc.o + BUILD_FTPWHO_OBJS=utils/ftpwho.o utils/scoreboard.o utils/misc.o ++ ++CPPFLAGS+=-DHAVE_BLACKLIST ++LIBS+=-lblacklist ++OBJS+= pfilter.o ++BUILD_OBJS+= src/pfilter.o diff --git a/net/proftpd/patches/patch-include_pfilter.h b/net/proftpd/patches/patch-include_pfilter.h new file mode 100644 index 00000000000..b25ffd9cb87 --- /dev/null +++ b/net/proftpd/patches/patch-include_pfilter.h @@ -0,0 +1,6 @@ +--- /dev/null 2016-01-22 17:30:55.000000000 -0500 ++++ include/pfilter.h 2016-01-22 16:18:33.000000000 -0500 +@@ -0,0 +1,3 @@ ++ ++void pfilter_notify(int); ++void pfilter_init(void); diff --git a/net/proftpd/patches/patch-modules_mod__auth.c b/net/proftpd/patches/patch-modules_mod__auth.c new file mode 100644 index 00000000000..de00d1af242 --- /dev/null +++ b/net/proftpd/patches/patch-modules_mod__auth.c @@ -0,0 +1,39 @@ +$NetBSD: patch-modules_mod__auth.c,v 1.1 2019/10/07 19:29:47 christos Exp $ + +Add packet filter + +--- modules/mod_auth.c.orig 2017-04-09 22:31:02.000000000 -0400 ++++ modules/mod_auth.c 2019-10-07 15:10:42.316419545 -0400 +@@ -28,6 +28,7 @@ + + #include "conf.h" + #include "privs.h" ++#include "pfilter.h" + + #ifdef HAVE_USERSEC_H + # include <usersec.h> +@@ -97,6 +98,8 @@ + _("Login timeout (%d %s): closing control connection"), TimeoutLogin, + TimeoutLogin != 1 ? "seconds" : "second"); + ++ pfilter_notify(1); ++ + /* It's possible that any listeners of this event might terminate the + * session process themselves (e.g. mod_ban). So write out that the + * TimeoutLogin has been exceeded to the log here, in addition to the +@@ -1095,6 +1098,7 @@ + pr_memscrub(pass, strlen(pass)); + } + ++ pfilter_notify(1); + pr_log_auth(PR_LOG_NOTICE, "SECURITY VIOLATION: Root login attempted"); + return 0; + } +@@ -1952,6 +1956,7 @@ + return 1; + + auth_failure: ++ pfilter_notify(1); + if (pass) + pr_memscrub(pass, strlen(pass)); + session.user = session.group = NULL; diff --git a/net/proftpd/patches/patch-src_main.c b/net/proftpd/patches/patch-src_main.c new file mode 100644 index 00000000000..cf34663b161 --- /dev/null +++ b/net/proftpd/patches/patch-src_main.c @@ -0,0 +1,32 @@ +$NetBSD: patch-src_main.c,v 1.1 2019/10/07 19:29:47 christos Exp $ + +Add packet filter + +--- src/main.c.orig 2017-04-09 22:31:02.000000000 -0400 ++++ src/main.c 2019-10-07 15:09:12.516004304 -0400 +@@ -41,6 +41,7 @@ + #endif + + #include "privs.h" ++#include "pfilter.h" + + int (*cmd_auth_chk)(cmd_rec *); + void (*cmd_handler)(server_rec *, conn_t *); +@@ -1089,6 +1090,7 @@ + pid_t pid; + sigset_t sig_set; + ++ pfilter_init(); + if (no_fork == FALSE) { + + /* A race condition exists on heavily loaded servers where the parent +@@ -1206,7 +1208,8 @@ + + /* Reseed pseudo-randoms */ + srand((unsigned int) (time(NULL) * getpid())); +- ++#else ++ pfilter_init(); + #endif /* PR_DEVEL_NO_FORK */ + + /* Child is running here */ diff --git a/net/proftpd/patches/patch-src_pfilter.c b/net/proftpd/patches/patch-src_pfilter.c new file mode 100644 index 00000000000..c204a3a9177 --- /dev/null +++ b/net/proftpd/patches/patch-src_pfilter.c @@ -0,0 +1,44 @@ +--- /dev/null 2016-01-22 17:30:55.000000000 -0500 ++++ src/pfilter.c 2016-01-22 16:37:55.000000000 -0500 +@@ -0,0 +1,41 @@ ++#include "pfilter.h" ++#include "conf.h" ++#include "privs.h" ++#ifdef HAVE_BLACKLIST ++#include <blacklist.h> ++#endif ++ ++static struct blacklist *blstate; ++ ++void ++pfilter_init(void) ++{ ++#ifdef HAVE_BLACKLIST ++ if (blstate == NULL) ++ blstate = blacklist_open(); ++#endif ++} ++ ++void ++pfilter_notify(int a) ++{ ++#ifdef HAVE_BLACKLIST ++ conn_t *c = session.c; ++ int fd; ++ ++ if (c == NULL) ++ return; ++ if (c->rfd != -1) ++ fd = c->rfd; ++ else if (c->wfd != -1) ++ fd = c->wfd; ++ else ++ return; ++ ++ if (blstate == NULL) ++ pfilter_init(); ++ if (blstate == NULL) ++ return; ++ (void)blacklist_r(blstate, a, fd, "proftpd"); ++#endif ++} |