head 1.6; access; symbols pkgsrc-2026Q1:1.6.0.50 pkgsrc-2026Q1-base:1.6 pkgsrc-2025Q4:1.6.0.48 pkgsrc-2025Q4-base:1.6 pkgsrc-2025Q3:1.6.0.46 pkgsrc-2025Q3-base:1.6 pkgsrc-2025Q2:1.6.0.44 pkgsrc-2025Q2-base:1.6 pkgsrc-2025Q1:1.6.0.42 pkgsrc-2025Q1-base:1.6 pkgsrc-2024Q4:1.6.0.40 pkgsrc-2024Q4-base:1.6 pkgsrc-2024Q3:1.6.0.38 pkgsrc-2024Q3-base:1.6 pkgsrc-2024Q2:1.6.0.36 pkgsrc-2024Q2-base:1.6 pkgsrc-2024Q1:1.6.0.34 pkgsrc-2024Q1-base:1.6 pkgsrc-2023Q4:1.6.0.32 pkgsrc-2023Q4-base:1.6 pkgsrc-2023Q3:1.6.0.30 pkgsrc-2023Q3-base:1.6 pkgsrc-2023Q2:1.6.0.28 pkgsrc-2023Q2-base:1.6 pkgsrc-2023Q1:1.6.0.26 pkgsrc-2023Q1-base:1.6 pkgsrc-2022Q4:1.6.0.24 pkgsrc-2022Q4-base:1.6 pkgsrc-2022Q3:1.6.0.22 pkgsrc-2022Q3-base:1.6 pkgsrc-2022Q2:1.6.0.20 pkgsrc-2022Q2-base:1.6 pkgsrc-2022Q1:1.6.0.18 pkgsrc-2022Q1-base:1.6 pkgsrc-2021Q4:1.6.0.16 pkgsrc-2021Q4-base:1.6 pkgsrc-2021Q3:1.6.0.14 pkgsrc-2021Q3-base:1.6 pkgsrc-2021Q2:1.6.0.12 pkgsrc-2021Q2-base:1.6 pkgsrc-2021Q1:1.6.0.10 pkgsrc-2021Q1-base:1.6 pkgsrc-2020Q4:1.6.0.8 pkgsrc-2020Q4-base:1.6 pkgsrc-2020Q3:1.6.0.6 pkgsrc-2020Q3-base:1.6 pkgsrc-2020Q2:1.6.0.4 pkgsrc-2020Q2-base:1.6 pkgsrc-2020Q1:1.6.0.2 pkgsrc-2020Q1-base:1.6 pkgsrc-2019Q4:1.5.0.18 pkgsrc-2019Q4-base:1.5 pkgsrc-2019Q3:1.5.0.14 pkgsrc-2019Q3-base:1.5 pkgsrc-2019Q2:1.5.0.12 pkgsrc-2019Q2-base:1.5 pkgsrc-2019Q1:1.5.0.10 pkgsrc-2019Q1-base:1.5 pkgsrc-2018Q4:1.5.0.8 pkgsrc-2018Q4-base:1.5 pkgsrc-2018Q3:1.5.0.6 pkgsrc-2018Q3-base:1.5 pkgsrc-2018Q2:1.5.0.4 pkgsrc-2018Q2-base:1.5 pkgsrc-2018Q1:1.5.0.2 pkgsrc-2018Q1-base:1.5 pkgsrc-2017Q4:1.4.0.60 pkgsrc-2017Q4-base:1.4 pkgsrc-2017Q3:1.4.0.58 pkgsrc-2017Q3-base:1.4 pkgsrc-2017Q2:1.4.0.54 pkgsrc-2017Q2-base:1.4 pkgsrc-2017Q1:1.4.0.52 pkgsrc-2017Q1-base:1.4 pkgsrc-2016Q4:1.4.0.50 pkgsrc-2016Q4-base:1.4 pkgsrc-2016Q3:1.4.0.48 pkgsrc-2016Q3-base:1.4 pkgsrc-2016Q2:1.4.0.46 pkgsrc-2016Q2-base:1.4 pkgsrc-2016Q1:1.4.0.44 pkgsrc-2016Q1-base:1.4 pkgsrc-2015Q4:1.4.0.42 pkgsrc-2015Q4-base:1.4 pkgsrc-2015Q3:1.4.0.40 pkgsrc-2015Q3-base:1.4 pkgsrc-2015Q2:1.4.0.38 pkgsrc-2015Q2-base:1.4 pkgsrc-2015Q1:1.4.0.36 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.4.0.34 pkgsrc-2014Q4-base:1.4 pkgsrc-2014Q3:1.4.0.32 pkgsrc-2014Q3-base:1.4 pkgsrc-2014Q2:1.4.0.30 pkgsrc-2014Q2-base:1.4 pkgsrc-2014Q1:1.4.0.28 pkgsrc-2014Q1-base:1.4 pkgsrc-2013Q4:1.4.0.26 pkgsrc-2013Q4-base:1.4 pkgsrc-2013Q3:1.4.0.24 pkgsrc-2013Q3-base:1.4 pkgsrc-2013Q2:1.4.0.22 pkgsrc-2013Q2-base:1.4 pkgsrc-2013Q1:1.4.0.20 pkgsrc-2013Q1-base:1.4 pkgsrc-2012Q4:1.4.0.18 pkgsrc-2012Q4-base:1.4 pkgsrc-2012Q3:1.4.0.16 pkgsrc-2012Q3-base:1.4 pkgsrc-2012Q2:1.4.0.14 pkgsrc-2012Q2-base:1.4 pkgsrc-2012Q1:1.4.0.12 pkgsrc-2012Q1-base:1.4 pkgsrc-2011Q4:1.4.0.10 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q3:1.4.0.8 pkgsrc-2011Q3-base:1.4 pkgsrc-2011Q2:1.4.0.6 pkgsrc-2011Q2-base:1.4 pkgsrc-2011Q1:1.4.0.4 pkgsrc-2011Q1-base:1.4 pkgsrc-2010Q4:1.4.0.2 pkgsrc-2010Q4-base:1.4 pkgsrc-2010Q3:1.3.0.42 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.40 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.38 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.36 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.34 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.32 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.30 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.28 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.26 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.24 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.22 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.20 pkgsrc-2008Q1:1.3.0.18 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.16 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.14 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.12 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.10 pkgsrc-2007Q1-base:1.3 pkgsrc-2006Q4:1.3.0.8 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.6 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.4 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.2 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.2.0.18 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.16 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.14 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.12 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.10 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.8 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.2.0.6 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.4 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.2.0.2 pkgsrc-2003Q4-base:1.2; locks; strict; comment @# @; 1.6 date 2020.02.09.20.56.47; author rillig; state Exp; branches; next 1.5; commitid qQ6ClouRHgaQG2WB; 1.5 date 2018.02.09.16.46.42; author triaxx; state Exp; branches; next 1.4; commitid GVhDcLLhDeY6McqA; 1.4 date 2010.11.08.17.10.55; author abs; state Exp; branches; next 1.3; 1.3 date 2006.01.13.18.12.46; author wiz; state Exp; branches; next 1.2; 1.2 date 2003.05.29.20.08.42; author salo; state Exp; branches; next 1.1; 1.1 date 2003.05.09.23.31.40; author salo; state Exp; branches; next ; desc @@ 1.6 log @net/vsftpd: fix paths in configuration file and manual pages This fixes PR pkg/54898. @ text @$NetBSD: patch-ac,v 1.5 2018/02/09 16:46:42 triaxx Exp $ Use PKG_SYSCONFDIR instead of hardcoding /etc --- vsftpd.conf.orig 2011-12-17 18:24:40.000000000 +0000 +++ vsftpd.conf @@@@ -1,4 +1,4 @@@@ -# Example config file /etc/vsftpd.conf +# Example config file @@PKG_SYSCONFDIR@@/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. @@@@ -87,7 +87,7 @@@@ connect_from_port_20=YES # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) -#banned_email_file=/etc/vsftpd.banned_emails +#banned_email_file=@@PKG_SYSCONFDIR@@/vsftpd.banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of @@@@ -98,7 +98,7 @@@@ connect_from_port_20=YES #chroot_local_user=YES #chroot_list_enable=YES # (default follows) -#chroot_list_file=/etc/vsftpd.chroot_list +#chroot_list_file=@@PKG_SYSCONFDIR@@/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large @ 1.5 log @vsftpd: updated to 3.0.3 v2.3.5 ====== - Try and force glibc to cache zoneinfo files in an attempt to work around glibc parsing vulnerability. Thanks to Kingcope. - Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke . - Some simple fixes and cleanups from Thorsten Brehm . - Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to steve willing . - Handle connect() failures properly. Thanks to Takayuki Nagata . - Add stronger checks for the configuration error of running with a writeable root directory inside a chroot(). This may bite people who carelessly turned on chroot_local_user but such is life. v3.0.0 ====== - Update vsf_findlibs.sh to work on Ubuntu 11.10+ - Make listen mode the default. - Add -Werror to build flags. - Fix missing "const" in ssl.c - Add seccompsandbox.c to support a seccomp filter sandbox; works against Ubuntu 12.04 ABI. - Rearrange ftppolicy.c a bit so the syscall list is easily comparable with seccompsandbox.c - Rename deprecated "sandbox" to "ptrace_sandbox". - Add a few more state checks to the privileged helper processes. - Add tunable "seccomp_sandbox", default on. - Use hardened build flags. Distros of course override these and provide their own build flags but no harm in showing how it could be done. - Retry creating a PASV socket upon port reuse race between bind() and listen(), patch from Ralph Wuerthner . - Don't die() if recv() indicates a closed remote connection. Problem report on a Windows client from Herbert van den Bergh, . - Add new config setting "allow_writeable_chroot" to help people in a bit of a spot with the v2.3.5 defensive change. Only applies to non-anonymous. - Remove a couple of fixed things from BUGS. - strlen() trunction fix -- no particular impact. - Apply some tidyups from mmoufid@@yorku.ca. (vsftpd-3.0.0-pre1) - Fix delete_failed_uploads if there is a timeout. Report from Alejandro Hernández Hdez . - Fix other data channel bugs such as failure to log failure upon timeout. - Use exit codes a bit more consistently. - Fix bad interaction between SSL and trans_chunk_size. - Redo data timeout to fire properly for SSL sessions. - Redo idle timeout to fire properly for SSL sessions. - Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing. - Use 10 minutes as a max linger time just in case an alarm gets lost. (vsftpd-3.0.0-pre2) - Change PR_SET_NO_NEW_PRIVS define, from Kees Cook. - Add AES128-SHA to default SSL cipher suites for FileZilla compatibility. Unfortunately the default vsftpd SSL confiuration still doesn't fully work with FileZilla, because FileZilla has a data connection security problem: no client certificate presentation and no session reuse. At least the error message is now very clear. - Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst a data transfer is in progress. - Fix delete_failed_uploads for anonymous sessions. - Don't listen for urgent data if the control connection is SSL, due to possible protocol synchronization issues. v3.0.1 ====== - Fix some seccomp related build errors on certain CentOS and Debian versions. - Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort() opens and maps /proc/meminfo but only for larger item counts? - Seccomp filter sandbox: deny socket() gracefully for text_userdb_names. - Fix various NULL crashes with nonsensical config settings. Noted by Tianyin Xu . - Force cast to unsigned char in is* char functions. - Fix harmless integer issues in strlist.c. - Started on a (possibly ill-advised?) crusade to compile cleanly with Wconversion. Decided to suspend the effort half-way through. v3.0.2 ====== - One more seccomp policy fix: mremap (denied). - Support STOU with no filename, uses a STOU. prefix. v3.0.3 ====== - Increase VSFTP_AS_LIMIT to 200MB; various reports. - Make the PWD response more RFC compliant; report from Barry Kelly . - Remove the trailing period from EPSV response to work around BT Internet issues; report from Tim Bishop . - Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil . At least, syslogging seems to work on my Fedora now. - Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I probably have a different distro / libc / etc. and there are multiple reports. - Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle this case gracefully. Report from Vasily Averin . - List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. - Make some compile-time SSL defaults (such as correct client shutdown handling) stricter. - Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms delays. From Tim Kosse . - Kill the FTP session if we see HTTP protocol commands, to avoid cross-protocol attacks. A report from Jann Horn . - Kill the FTP session if we see session re-use failure. A report from Tim Kosse . (vsftpd-3.0.3pre1) - Enable ECDHE, Tim Kosse . - Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384. - Minor SSL logging improvements. - Un-default tunable_strict_ssl_write_shutdown again. We still have tunable_strict_ssl_read_eof defaulted now, which is the important one to prove upload integrity. (vsftpd-3.0.3pre2) @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.4 2010/11/08 17:10:55 abs Exp $ d9 1 a9 1 +# Example config file @@PKG_SYSCONFDIR/vsftpd/vsftpd.conf d18 1 a18 1 +#banned_email_file=@@PKG_SYSCONFDIR/vsftpd/vsftpd.banned_emails d27 1 a27 1 +#chroot_list_file=@@PKG_SYSCONFDIR/vsftpd/vsftpd.chroot_list @ 1.4 log @Updated net/vsftpd to 2.3.2 Changes since 2.0.7 - Remove .postlogin.c.swp (thanks Kaibin Li )! - findlibs repairs for libcap; builds on my Ubuntu 6.06 again. - Apply patch to fix "error: assignment of read-only member '__in'" build error on broken systems where the WIFEXITED() etc. macros write to their argument. Thanks Ingo Terpelle . - Replace spaces in xferlog with underscores, report from Michael Wittauer . - Reload default config values before re-parsing config file on SIGHUP. This makes the values correct in the case a setting was removed from the file. - Do not issue an FTP response for a blank line on the control channel. Fixes issues with some broken NAT devices. ProFTPd does the same, so hopefully nothing will break. Report from Frank Bulk . - Replace usage of broken _syscall() with syscall(). Fixes build errors for those without libcap-devel installed. - Add implicit SSL support with implicit_ssl option. - Remove arbitrary restriction on one process model + SSL. - Set a session ID on the SSL context. - Add the skeleton of a built-in ptrace sandbox. Not yet useful for anything other than catching compile errors. Yes, I'm crazy :P - Use PR_SET_PDEATHSIG all over the place so that when the listener is killed, existing sessions are booted too. - Use SSL_peek; makes SSL pipelining work. Note that I never found any SSL client that need it, but still a nice code clean-up. - Change ASCII download behaviour so \r\n does not become \r\r\n. This mirrors proftpd behaviour instead of wu-ftpd. Thanks Paul Abel . - Switch all sighandlers to the synchronous ones. Prevents us having to block and unblock signals all the time. - Add a "use alarm" option to synchronous signal handlers, to ensure the race condition against a blocking call does not result in a permanent non-delivery. - Use SIGTERM for privileged parent process shutdown, so they can still update u/wtmp properly. - Do RAND_load_file from /dev/urandom in the child context because I don't trust the OpenSSL API vs. fork(). Different children do have different RNG state; this is defense in depth. - More thoroughly close the remote ends of the priv_sock, ensuring that child death results in no blocking in the parent. This is a matter of tidyness; the SIGCHLD handler will reliably tear down the parent. - Do the same for the SSL slave / consumer channels. - Fix OpenBSD build. - Move SSL data handling into the SSL slave process. Incurs some extra overhead in terms of context switches and copies, but it enables this next item: - By default, require SSL data connections to exhibit SSL session re-use of the control channel. Unlike the cert thing, this _is_ something we can turn on by default as most clients seem to do reuse. Yay. - Change 522 response for SSL connection fail to note when session reuse is required. (v2.1.0pre1 here) - More work on the inbuilt ptrace()-sandbox support. - Clear the idle alarm when starting data transfer if there is no data alarm. - Fix syslog format; don't embed 2nd copy of date, pid. Thanks to Ren - Lock file before truncating it for upload. Fixes various simultaneous upload corruption issues. - Make sure to give 426 error code on uploads if ABOR was received. - Add cmds_denied option to complement cmds_allowed. - Ignore lines in config file containing only white space. - Require write_enable / anon_upload_enable / etc. to process STOU. - FC10 patch (vsftpd-1.0.1-missingok.patch): tweak to logrotate file. - FC10 patch (vsftpd-1.2.1-nonrootconf.patch): bail if the config file is not owned by the currently running user. - FC10 patch (vsftpd-2.0.1-tcp_wrappers.patch): explicitly call openlog() to avoid syslog() bug where some settings are not initialized. - FC10 patch (vsftpd-2.0.3-daemonize_fds.patch): when backgrounding, replace fd 0,1,2 with /dev/null fd. - FC10 patch (vsftpd-2.0.5-correct_comments.patch): comment tweaks in the sample config file. - FC10 patch (vsftpd-2.0.5-fix_unique.patch): use the default filename given by STOU if it is available. - FC10 patch (vsftpd-2.0.5-pam_end.patch): call pam_end() properly so modules can act on errors if they want. - FC10 patch (vsftpd-2.0.5-pasv_dot.patch): Strict RFC compliance for PASV command; add a trailing period. - FC10 patch (vsftpd-2.0.5-uname_size.patch): allow longer usernames. It's not 1990 any more, so trust PAM etc. to not stack-buffer-overflow. - FC10 patch (vsftpd-2.0.5-underscore_uname.patch): permit username to start with underscore or period. - FC10 patch (vsftpd-2.0.6-listen.patch): default listen to YES. - Fix crash on SIGHUP introduced in 2.1.0pre1. Oops. - FC10 patch (vsftpd-2.0.5-bind_denied.patch): retry PASV bind() on EACCES too, which can happen on SELinux systems. - Default resource limit for child processes: 100MB address space. - Finishing touches to the initial sandbox policy; only permit connect() to the host on the control channel being the nicest touch. (v2.1.0pre2 here) - Fix 64-bit build (oops)! Thanks Martin Nagy . - Fix config of SSL built in; not enabled; two process model. Report from Martin. - Shutdown the command connection in the priv parent's SIGTERM handler; kills of children where the PR_SET_PDEATHSIG cannot due to different user ids. (v2.1.0pre3 here) - Fix build on FC10. - Some FAQ tweaks. - Permit fcntl(F_GETFD) in sandbox policy. Needed for FC10. Not sure where it comes from but it is harmless. (My guess would be glibc-2.9's new support for using O_CLOEXEC more). - Fix build warning on 64-bit. - Fix build on OpenBSD again. (v2.1.0pre4 here) - Bring userlist_deny handling inside the max_login_fail accounting. At this point: v2.1.0 released! =============================== - Apply Tavis' RLIMIT_NOFILE trick in the twoprocess model's initial unprivileged child. - Fix build error due to __NR_utimes. - Ugh. Can't use RLIMIT_NOFILE in the SSL case because the process later receives data transfer fd's via recvmsg(). It's a total shame because doing the SSL handshake under even lower privs would be a real boost. (v2.1.1pre1 here) - Fix some declarations occuring in the middle of a block; broke older more strict compilers. - Handle the case where libcap is now libcap.so.2; fixes build on my new Ubuntu 9.04. - Enhance 522 error message to point to require_ssl_reuse option. - Fix NASTY regression whereby data transfer timeouts would fire incorrectly under SSL transfers. In addition, the transfer rate caps were not working under SSL transfers. Reported by several people. - Use the login delay machinery for userlist-based denials too. Thanks to Tomas Hoger for the patch. - Fix another tedious regression whereby absent per-user config files were causing a session fail rather than being gracefully ignored. - Use the somewhat new CLONE_NEWPID / CLONE_NEWIPC to provide more isolation in the vsftpd low-priv processes (CLONE_NEWNET pending). - Use RLIMIT_NPROC to disallow fork()ing etc. in processes that do not need to create new ones. - Add "isolate" config flag to disable the new weird clone() flags if necessary. At this point: v2.1.1 released! =============================== - Fix compile error in sysdeputil.c on some Linux systems. At this point: v2.1.2 released! =============================== - Fix compile on systems with no RLIMIT_NPROC, oops. - Change some unsigned int to socklen_t's to avoid warnings on various platforms, e.g. AIX. - Add some syscall constants to ptracesandbox.c to fix the build on systems with 2.4 kernel headers. - Look for libs in /lib64 and /usr/lib64 too (Fixes Fedora 11 x86_64 compile). - Fix EACCES mapping, thanks Solar Designer . - Dont emit a bogus "OOPS: " message upon a QUIT, report from Solar Designer . - Tweak example vsftpd.conf to add commented out chroot_local_user=YES, from Ivan I. Grushin . - Where available, use CLONE_NEWNET to isolate the untrusted processes so that they can't do arbitrary connect() and instead have to ask the privileged process for sockets. Moderate code disturbance - hope for no breakage :-/ - Disable implicit activation of one_process_model so that an anonymous setup can benefit from the no-network isolation of the unprivileged process (where available). (vsftpd-2.2.0pre1) - Call pam_get_item(PAM_USER) after authentication in case a PAM module remapped the username. Based on a patch from John McNair . - Apply a couple of IPv6 fixes from Corinna Schultz , particularly when MS operating systems are talking on link local addresses. - Handle the error case for accepting a PASV connection in the two process model properly. - Pull in a couple of minor tidyup patches from Openwall. - Add "-o" command line option to specify option, e.g. vsftpd -olisten=NO. Also respect ordering with respect config files, e.g. vsftpd -olisten=NO /etc/vsftpd.conf -olocal_enable=NO Inspiration from Solar / Openwall. (vsftpd-2.2.0pre2) - Revert listen to be "NO" by default and also set max_per_ip / max_clients to 2000 / 50 as a default. Thanks to Solar. - Sanity check for admin: check config files are regular files. - Error out if opening the per-user config file gives an error other than ENOENT. Thanks Solar (who is on fire today ;-) (vsftpd-2.2.0pre3) - Apply some typo fixes from Solar. - Error out on read() errors when reading config files. (vsftpd-2.2.0pre4) - Add tunable_isolate_network to parseconf.c, thanks Stefan Pfetzing . - Don't try and use CLONE_NEWPID etc. if we get EPERM -- may happen even to root if using linux-vserver. Also thanks to Stefan Pfetzing . - Couple of typo tweaks from Cristi Terpea . - Change // style comments to /* style. - Fix pointer aliasing issue in new PAM_USER item support, thanks to Solar. At this point: v2.2.0 released! =============================== - Apply patch to set SSL context timeout to maximum, from Tim Kosse . Should prevent data connection failures after a long transfer or idle period. - Apply async-safety signal tweaks from Solar. - Fix crash regression with the pasv_address option enabled. - Typo fix and look for libnsl in /lib64, from Robby Workman . - When asking the client to send us a cert, make sure we broadcast some suitable certificates. Fixes compatibility with the z/OS FTP client when tunable_ssl_request_cert=YES. - Rip out the silly "cached time" concept. Simplifies things and fixes incorrect transfer time bug reported by Rajeev V. Pillai. Explicitly pass around the cached current time in seconds in the one place that needs to avoid repeated gettimeofday() calls (directory listing). - Do the login fail delay in the parent process for cases where we checked a username / password. At this point: v2.2.1 released! =============================== - Change "File receive OK." to "Transfer complete." to placate some broken clients. Thanks Holger Kiehl . - Fix erroneous "child died" upon FTP client connect, when under load. Awesome thanks to Holger Kiehl for running diagnostic tests on his live server. - Boot the session if an overly long line is encountered. (vsftpd-2.2.2pre1) At this point: v2.2.2 released! =============================== - Add extremely simply HTTP support. It's very experimental, ignorant of HTTP protocol and headers, and likely has all sorts of other issues. The use case it might satisfy is if you need to serve simple static unathenticated content with large levels of paranoia. - Fix port_promiscuous breakage. Report from Soeren . (v2.3.0pre1) - Minor FAQ update. - Use a larger address space limit if using text_userdb_names=YES - Always use CLONE_NEWNET if possible when in HTTP mode. - Change REST + STOR so that it's possible to overwrite part of file without truncating it. (v2.3.0pre2) - Boot the session if we see a USER where encryption was required. May prevent the transmission of plaintext passwords by buggy clients. Idea from Marcin Hlybin . - Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n fixups. At this point: v2.3.0 released! =============================== - Fix silly regression re: log files being overwritten from the start. - Rename a few file-open functions to make it clearer what they do. At this point: v2.3.1 released! =============================== - Argh! Fix version number. At this point: v2.3.2 released! =============================== @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.3 2006/01/13 18:12:46 wiz Exp $ d5 1 a5 1 --- vsftpd.conf.orig 2009-10-19 02:04:23.000000000 +0000 d9 1 a9 1 +# Example config file @@PKG_SYSCONFDIR@@/vsftpd.conf d18 1 a18 1 +#banned_email_file=@@PKG_SYSCONFDIR@@/vsftpd.banned_emails d22 1 a22 1 @@@@ -95,7 +95,7 @@@@ connect_from_port_20=YES d27 1 a27 1 +#chroot_list_file=@@PKG_SYSCONFDIR@@/vsftpd.chroot_list @ 1.3 log @Update to 2.0.4, based on 2.0.1 update from Ove Soerensen in PR 26811. Add ssl (default off) and tcpwrappers (default on) options. Changes: - Improve logging (log deletes, renames, chmods, etc. as requested by users). - Add no_log_lock to work around Solaris / Veritas locking hangs. - Add EPRT, EPSV, PASV and TVFS to FEAT response. - Implement use of MDTM to set timestamps. - Recognize FEAT prior to login. - Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data connections! Hurrah. - Increase max size of .message files to 4000 characters, thanks to Eric Pancer for the report. - Add easy builddefs.h ability to disable PAM builds even when PAM is installed. - Report vsftpd version in STAT output. - Add REFS file. - Change parent<->child socket comms from DGRAM to STREAM for increased reliability. The main benefit is should the parent be killed (or crash out) then the child won't block on a read() that will never return. - Make str_reserve reserve space for the trailing zero as well, so we don't cause a reallocation if we exactly fill the buffer. - Optimize the sending of strings over the parent<->child comms links. - Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly compiled out. - Fix vsftpd.conf.5 typos, thanks to Dmitry V. Levin - If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring totally. Thanks to Brad - Lose Makefile.sun and README.solaris special cases. - Add SSL / TLS info to SECURITY texts. - Add README.ssl - Add documentation for new SSL options to vsftpd.conf.5. - Add support for CWD ~ (and in general support ~ at start of any filename). Also support stuff like ~chris/pics, if tilde_user_enable=YES is set. Note that all of this is for very very broken clients :-( - Fix compile warnings. - Update INSTALL with (recent) OS X as a working platform. At this point: v2.0.0 released! =============================== - Add -lcrypto for the SSL build; needed for some systems! Thanks to Nelson Chang - Oops; fix session bale out if an empty length password is given. - Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so). - Fix vsftpd.conf.5 man page error in "ssl_sslv3", thanks to Etienne Chevillard - Clarify licensing: I allow linking of my GPL software with the OpenSSL libraries. Thanks to Jonas Bofjall - Add COPYRIGHT. - Fix build on OpenBSD, FreeBSD, probably NetBSD too (they aren't SuSv2 compliant; timezone should be a variable not a function). - Fix build where PAM build is enabled but PAM headers are missing. - Fix build on RHEL3 (remove errant include from twoprocess.c). At this point: v2.0.1 released! =============================== - Fix FAQ typo, thanks to Jose Santiago Oyervides Gonzalez - Emit data transfer status messages (success / failure) after flushing and waiting for the full data transfer to reach the client. This should help work around buggy FTP clients such as FlashFXP, which is known to truncate files incorrectly. (v2.0.2pre1) - Make str_empty actually allocate an empty string. - Change the ASCII receive code to ONLY rip out \r if it is just before a \n; someone finally complained about this. (v2.0.2pre2) - Enable AIX Large File Support #define from Tomas gren - Add a couple of FAQ entries. - Fix time delta code areas to cope with negative deltas, which will occur if the clock is adjusted backwards. Thanks to Andrew Anderson for a great report. - Fix "errno" checks to be robust in multiple places; previously, calls to failing library calls could be made inbetween the original library call and the "errno" reads. Thanks to Andrew Anderson for a great report. - Make bandwidth limiter work with SSL data connections. (v2.0.2pre3) - Note that the SSL / bandwidth limiter bug fixed a much more serious bug: SSL data connection dropouts after data_connection_timeout seconds. - Typo fixes. At this point: v2.0.2 released! (need to get the SSL dropout fix out) ===================================================================== - Document what regex expressions are supported in the man page. - New settings rsa_private_key_file and dsa_private_key_file to allow separate files for the certificates and private keys. - Initial, simple fix for timed out processes not exiting when SSL is in use. Better fix (which reports timeout to client properly) to follow. - Add which setsockopt option failed to die("setsockopt") calls. - Fix when running on recent OpenBSDs - OpenBSD change broke vsftpd. Lower linger timeout from INT_MAX to 32767 (SHORT_MAX). Reported by Ewoud van der Vliet and Ed Vazquez (v2.0.3pre1) - Fix error with IPv4 connections to IPv6 listeners and PORT type data connections when connect_from_port_20 is set. RedHat bugzilla 134541. Reported by Joe Orton, Radek Vokal and Andreas Kupfer - Remove vsf_sysutil_sockaddr_same_family (unused). - Support protocol 1 (IPv4) in EPRT. - Add ssl.c to AUDIT. - Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list. - Allow "EPSV 1" to mean IPv4 EPSV. - Report dummy IP but correct port with IPv6 / PASV. - Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write; fixes SSL upload failures when data timeouts are in use with some clients. Specifically, I used the test case FileZilla 2.2.12a on Windows XP. Reported by Lee Lawrence (using CuteFTP and BackupEdge) and Christian DELAIR (using lftp, FileZilla and SmartFTP). Thanks to these two people for valuable help. (v2.0.3pre2) - Implicitly disable connect_from_port_20 and chown_uploads when a non-root user is using run_as_launching_user. - Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure anonymous-only solution (useful when you don't have root access and a range of acceptable anonymous passwords as credentials). - Use SSL BIO callbacks to fix data connection timeout checks; the checks weren't all occurring promply. At this point: v2.0.3 released! (need to get about three imporant fixes out) ============================================================================ - Add explicit "This FTP server does not allow anonymous logins" message. - Add paranoid checks to sysutil.c for large values / lengths. - Fix incorrect comment about ASCII and SIZE in the vsftpd.conf example. - Load per-IP config files earlier; allows more settings to be tuned on a per-IP level. Suggested by Reber Tobias - Fix MDTM on non-existant files. Reported by Ken A - {} regex fix so that {*} correctly matches everything. Reported by Tom Van de Wiele - Add "mdtm_write" option to disable MDTM being able to set file timestamps. - Fix HPUX build, thanks to Kevin Vajk - Add optional file locking support via lock_upload_files (default on). - Apply LDFLAGS patch from Mads Martin Joergensen - Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once at startup. - Apply patch to fix timezone issues (caused by chroot() interacting badly with newer glibc versions). Thanks to Dmitry V. Levin and Mads Martin Joergensen At this point: v2.0.4 released! =============================== @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.2 2003/05/29 20:08:42 salo Exp $ d3 3 a5 1 --- vsftpd.conf.orig 2005-05-21 00:52:54.000000000 +0200 d13 1 a13 1 @@@@ -86,14 +86,14 @@@@ connect_from_port_20=YES d22 2 a23 1 # users to NOT chroot(). a30 12 @@@@ -101,3 +101,11 @@@@ connect_from_port_20=YES # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES +# By default the server will run standalone. Comment out the option below if +# running from inetd. +listen=YES + +# Like the listen parameter, except vsftpd will listen on an IPv6 socket +# instead of an IPv4 one. This parameter and the listen parameter are mutually +# exlusive. +#listen_ipv6=YES @ 1.2 log @Updated to 1.2.0. - take over maintainership, MAINTAINER is not reachable on his mail anymore (non-existent domain). Changes: Logging has been enhanced, including syslog support. IPv6 support has been added. STRU, MODE, STOU, HELP, and SITE HELP have been implemented. Better control of which commands to allow has been added. pam_session support has been added. Error messages have been improved. There are lots of bugfixes and new configuration options. - Eliminate crypt() not defined warning. - "grep -q" is not standard to redirect to /dev/null instead. - Make banned_email_file work second time around. - Add force_dot_files to work around broken clients. The behaviour when enabled is very wu-ftpd like. - Implement SITE HELP - should work around IE bug? - Update README, vsftpd.conf with references to read the manual page! - Log revamp: add dual_log_enable to log to xferlog AND vsftpd.log. - Log revamp: add syslog_enable to log vsftpd.log to syslog(). - Add "background" option to background the listener process. - Fix warning is vsftpd.8 man page, Bill Nottingham . - Fix tcp wrappers support to NOT emit loads of Bad file descriptor messages to the system log. - Add ability to make bandwidth limiter smoother by using e.g. trans_chunk_size=8192. - Add ability for virtual users to use local privs non anon privs, via virtual_use_local_privs=YES. - Fix sendfile() fallback on FreeBSD, thanks to Adam Stroud . - Add pam_session support, as well as utmp and wtmp logging for local logins (when using a PAM build). Tested pam_limits maxlogins works. - Ensure the source IP address for PORT connects is always the same as the control connection local IP address. Previously it was not when NOT using connect_from_port_20 in the presence of multiple local IP addresses. - Oops - make max_per_ip and max_clients work with the two process model when both connect_from_port_20 and chown_uploads are false. - Initial IPv6 support (EPSV only). - Add EPRT support to IPv6. - Fix "ls .file" to list .file even if the ls -a flag is not present. Noted by and thanks to Sean Millichamp . - Better error messages for config file parse fail: include setting name. - Fix bug in str_split_text where text is greater than 1 character long! - Make it build on Solaris8 - switch from utmp to utmpx and handle missing LOG_FTP. - Always check for VSFTPD_LOAD_CONF environment variable. - Implement HELP properly (should help broken clients). - Fix FreeBSD build (no utmpx.h, so disable feature). - Fix chown_uploads. - "Guess fix" for FreeBSD reported bug. I reckon FreeBSD is returning -EINTR from a blocking close but still closing the fd, despite the error return. So cater for this. Reported by Drew Vogel . - Add download_enable and dirlist_enable. Useful in conjunction with the per-user config stuff. - Add chmod_enable. - Implement STRU and MODE for _old_, broken clients! - Log connects. - Fix 500 OOPS with chown_uploads and an APPE command. - Improve some error messages: die -> die2 for more information. - Repair max_per_ip (problem comparing IPv4 addresses). - Make chown_uploads work with virtual users. - Chmod files to 0600 before chown_uploads kicks in. - Add STOU support. - Add cmds_allowed config parameter. - Add some FAQ entries. @ text @d1 1 a1 1 $NetBSD$ d3 2 a4 2 --- vsftpd.conf.orig 2003-01-21 02:15:34.000000000 +0100 +++ vsftpd.conf 2003-05-29 20:19:35.000000000 +0200 d11 1 a11 1 @@@@ -88,14 +88,14 @@@@ d28 1 a28 1 @@@@ -103,3 +103,11 @@@@ @ 1.1 log @Updated to version 1.1.3. Addresses PR pkg/21410 by Jens Liebau. - honour PKG_SYSCONFDIR - rcd script, standalone mode support - tcp wrappers support - install vsftpd:vsftpd user - new HOMEPAGE and MASTER_SITES 1.1.3: ====== - Support for tcp_wrappers. - First stab at Solaris sendfilev() support. - Don't bomb out the listener on SIGHUP if the config became invalid. - End vsf_findlibs.sh with "exit 0;" - thanks Lars Hecking ! - Integrate with tcp_wrappers - load config based on VSFTPD_LOAD_CONF environment variables. Allows per-IP configurability in standalone mode. - Fix build without tcp_wrappers. - Fix Solaris sendfilev() support - interruption via a signal returns EINTR rather than a partial byte count! - Add to EXAMPLE/ - PER_IP_CONFIG and INTERNET_SITE_NOINETD 1.1.2: ====== - Add per-IP connection limits in standalone mode. - Add logging of refused connect due to global or IP connection limits. - (Many thanks for testing and suggestions from Rob van Nieuwkerk and Adrian Reber . - Make connection limit exceeded messages nonblocking. - Don't exit the listener if fork fails. 1.1.1: ====== - Fix port_promiscuous, oops! Thanks to Bjørn-Ove Heimsund . - Fix to support umasks which create executable files. Reported by "Martin, Andreas" . - Make the messages more.. professional :( Thanks to Steven G. Taylor . - Allow anon users to append to files if they can delete files! Suggestion from Michael Leuchtenburg . - Hopefully fix Solaris build (-lresolv) - Replace atoll() with a homebrew - modern FreeBSD, OpenBSD lack it. - Different solution for a umask which creates executable files: file_open_mode. - First attempt at Tru64 build, working with . - A few minor FAQ additions. - Change date format in the log from Sep 09 -> Sep 9. Avoids breaking some broken log parsers. - Make "INSTALL" better and clearer. - Fix passwd_chroot_enable, reported by James Jones . - Finish Tru64 building :-) - Add tunable_no_anon_password as asked for by Stephen Quinney . 1.1.0: ====== - large file (>2Gb) support). - Fix .spec files to use /usr/local/sbin not /usr/sbin, noted by Bill Unruh . - Small doc tweaks and improvements(?) - Add COPYING, the GNU GPL version 2. - Add use_localtime config option to override the use of GMT times. - Add tunable_check_shell (default YES) so people can disable this if they are not using PAM. - AIX 5.1 build support, thanks to Jan-Frode Myklebust . - Add "hide_ids" option to show user/group in directory listings as "ftp". Request from Solar. - Use the seemingly more portable setreuid() and setregid(), poxy HP. - Use status 550 instead of 500 for known but disabled commands. - Rename "dirchange.[ch]" to "banner.[ch]". - Multiline connect banner support via "banner_file" config option. - Minor error message changes. - Add more FAQ entries. - Add patch to specify PASV address - thanks to Mike McLean . - Drop the 2.4.0 kernel warning file - Rudimentary standalone listener support - to be expanded in a later release. - If sendfile() returns EINVAL just fall back to normal routines - handles non-pagecache backed files. - Add "port_promiscuous" setting - should help enabling FXP. - Modify anon_root and local_root to change directory _before_ applying the chroot(). - Open all files O_NONBLOCK to avoid pipes blocking on open. - Support wu-ftpd style per-user chroot() via /./ in /etc/passwd HOMEDIR. - Add SIGHUP support to new built in listener. - Per-user config overrides, via "user_config_dir" - woohoo! - Warning fixes, i.e. change "index" to "indexx" thanks to Olaf Kirch . - Make sure the standalone daemon doesn't leak zombies! - Supposedly fix kernel messages about MSG_PEEK race - thanks to advice from Alexey . - Add global client limit for standalone mode. - Add username that failed when we die with str_getpwnam. - Add a bunch of documentation under EXAMPLES. @ text @d3 2 a4 2 --- vsftpd.conf.orig 2003-05-10 01:04:11.000000000 +0200 +++ vsftpd.conf 2003-05-10 01:14:57.000000000 +0200 d9 1 a9 1 # The default compiled in settings are very paranoid. This sample file d11 1 a11 1 @@@@ -83,14 +83,14 @@@@ d28 1 a28 1 @@@@ -98,3 +98,6 @@@@ d32 1 a32 1 +# By default the server will run standalone. Comment out the option below when d35 5 @