Next | Query returned 55 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2020-06-30 13:10:26 by Jonathan Perkin | Files touched by this commit (1)
Log message:
pure-ftpd: SunOS needs _XOPEN_SOURCE=600 for CMSG bits.
   2020-03-11 12:47:19 by Nia Alarie | Files touched by this commit (5) | Package updated
Log message:
pure-ftpd: Update to 1.0.49

* Version 1.0.49:
 - This version fixes a regression introduced in version 1.0.48 that broke
the external authentication feature. Reported by Peter Hudec, thanks!
 - Sockets from `pure-authd` and `pure-extauth` are now always owned by
`root` in order to cope with the absence of `CAP_DAC_OVERRIDE` on Linux.
Suggested by Arkadiusz Miśkiewicz, thanks!

* Version 1.0.48:
 - SNI support has been added. A new service, `pure-certd`, can run
external code written in any language in order to map SNI names to TLS certificates.
 - External authentication handlers get a new
`AUTHD_CLIENT_SNI_NAME` environment variable set when the client uses SNI.
 - TLS certificates and keys can now be in different files.
 - `make install` does not overwrite existing configuration files any
more. The example files layout has changed.
 - TLS 1.3 is enabled when using OpenSSL 1.1.x.
 - TLS < 1.2 is disabled by default.
 - Quirks for obsolete OpenSSL versions have been removed.
 - Username _ftp can be used as an alternative to ftp everywhere.
 - Password hashing parameters are now chosen according to locally
available resources. The `pure-pw` command gets to new switches: `-C` (as
a hint regarding the number of simultaneous login attempts) and `-M`
(total memory, in MB, to reserve for password hashing).
 - New translation: Albanian, thanks to Moisi Xhaferaj.
 - The `PRET` command has been added. It can avoid opening useless data
connections for nonexistent content.
 - Dot-files are always displayed. We don't lie any more in some
commands while not lying in other commands to respect the protocol.
 - Support for RFC 2640 has been removed from the free version, as it
was early, experimental, slow, mostly broken and unmaintained code.
 - The `NLST` command doesn't perform globbing any more.
 - The `MLSD` command now prepends the path to file names.

* Version 1.0.47:
 - Unlike other directory listing commands, the STAT command should
use TLS on the control channel even if TLS has been disabled on the data
channel. It wasn't the case; this has been fixed. Thanks to Carlo
Cannas.
 - Return a 451 error code instead of 226 on aborted uploads.
 - The system user "_ftp" can be used as an alternative to \ 
"ftp" for
anonymous sessions.
 - Compatibility with libsodium > 1.0.12 was added (including minimal
mode).

* Version 1.0.46:
 - The server can now be linked against OpenSSL 1.1.x with the strict API.
 - Unmaintained contributions have been removed.
 - Globbing: the number of * in an expression has been limited to 3.

* Version 1.0.45:
 - TLS v1.0 sessions are now refused.
 - Version 1.0.44 didn't properly parse the TLSCipherSuite directive.
This has been fixed.

* Version 1.0.44:
 - The Perl and Python wrappers are gone. The daemon can now use a
configuration file without requiring external dependencies.
 - Pure-FTPd can now be linked against OpenSSL 1.1.x
 - The QUIT command didn't work properly when the server was compiled
without support for RFC2640. This has been fixed.
 - 3DES was removed from the default cipher suite.

* Version 1.0.43:
 - Passwords can now be hashed using Argon2.
 - The -J switch didn't work any more in 1.0.42. This has been fixed.
 - The default cipher suite was simplified.
 - Authentication against system accounts is compatible with OpenBSD 6.0.
 - Fixed: protocol conformance when TLS sessions are refused.
 - Altlog records can now be sent to `stdout`/`stderr`.

* Version 1.0.42:
 - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
compiled with libsodium.
 - The connection is now dropped if HTTP commands are received.
 - LDAP force_default_gid and force_default_uid now work as documented.
 - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
1.0.22 circa 2009, but disabled back then due to client compatibility
concerns) is now on by default, except in broken clients compatibility mode.

* Version 1.0.41:
 - libmariadb is looked for in addition to libmysqlclient
 - MySQL: my_make_scrambled_password() is not always an exported
symbol any more, so pure-ftpd now ships a reimplementation.
 - openssl/ec.h is not available on some Linux distributions that
disable EC in OpenSSL. This is being tested by autoconf.
 - New command-line switch: -2/--certfile= to set the path to the
certificate file when using TLS.

* Version 1.0.40:
 - Support for TCP_FASTOPEN added on Linux
 - The LDAP configuration file didn't allow a default gid without also
defining a default uid. This is no longer the case.
 - OpenBSD's glob() left the glob_t structure uninitialized if the
pattern was larger than PATH_MAX, causing globfree() to free() an
unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.

* Version 1.0.39:
 - Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5)
 - Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)

* Version 1.0.38:
 - The default cipher suite is now \ 
ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-S \ 
HA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES2 \ 
56-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:EC \ 
DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA \ 
-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-S \ 
HA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES12 \ 
8-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM- \ 
SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:C \ 
AMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-D \ 
ES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH
 - TLS forward secrecy support was added. DH parameters are loaded from
TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve
is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically
selected when using LibreSSL.
 - scrypt hashed passwords can be used in the MySQL, PostgreSQL and
LDAP backends.

* Version 1.0.37:
 - The -C: prefix can be added to the cipher suite in order to make valid
client certificates mandatory. This is no longer a compile-time option.
 - The Clear Command Channel (CCC) command is now supported.
 - pure-config.py is compatible with Python 3.
 - SSL (v2, v3) is refused by default.
 - The PureDB backend supports the scrypt function in order to hash
passwords. This is the preferred algorithm, but requires the presence
of libsodium.
 - DES-hashed passwords are not supported any more.
 - LDAP uid and gid values can over overridden in the LDAP configuration file.
 - New LDAPUseTLS directive for LDAP.
 - RC4 was killed.

* Version 1.0.36:
 - The safe_write()/safe_read() factorization broke extauth. Using
safe_read_partial() to read from the extauth pipe wasn't enough.
Bug reported by Rasmus Fauske.
 - Improved autoconf detection of -fstack-protector and -fPIE
 - If 10 digits are not enough to print the size of a file in an
ls-like output, bump the max number of digits to 18. This adds support for
files up to 1 exabyte.
 - Pure-FTPd can be compiled with Cygwin, ASLR/DEP is enabled by
default on Windows, and ASCII downloads on Windows have been fixed.
 - A new undocumented macro, ALLOW_EVERYTHING_IN_FILE_NAMES, allows
any characters in a file name. Disabled by default.
 - Don't display dot files (except . and ..) if dot_read_ok is 0 in
donlist() - but not in sglob() yet. This change is purely cosmetic. There are
many ways to figure out if a file exists.
   2020-02-25 15:10:44 by Leonardo Taccari | Files touched by this commit (1) | Package updated
Log message:
pure-ftpd: Reset MAINTAINER to pkgsrc-users@

Email address seems no longer deliverable (if you are the maintainer and
reading that and/or if the problem was just temporary please let me
know and I will update it!).
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2017-09-03 10:53:18 by Thomas Klausner | Files touched by this commit (165)
Log message:
Follow some redirects.
   2017-01-19 19:52:30 by Alistair G. Crooks | Files touched by this commit (352)
Log message:
Convert all occurrences (353 by my count) of

	MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
   2016-10-09 23:42:04 by Thomas Klausner | Files touched by this commit (110)
Log message:
Recursive bump for all users of pgsql now that the default is 95.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2016-02-25 17:20:53 by Jonathan Perkin | Files touched by this commit (47)
Log message:
Use OPSYSVARS.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Next | Query returned 55 messages, browsing 1 to 10 | Previous