Hello community,
here is the log from the commit of package pure-ftpd for openSUSE:Factory checked in at 2016-01-21 23:42:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pure-ftpd (Old)
and /work/SRC/openSUSE:Factory/.pure-ftpd.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pure-ftpd"
Changes:
--------
--- /work/SRC/openSUSE:Factory/pure-ftpd/pure-ftpd.changes 2015-06-06 09:54:27.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.pure-ftpd.new/pure-ftpd.changes 2016-01-22 01:07:18.000000000 +0100
@@ -1,0 +2,32 @@
+Sat Jan 16 13:41:42 UTC 2016 - mpluskal@suse.com
+
+- Add gpg signature
+
+-------------------------------------------------------------------
+Fri Jan 8 10:58:04 UTC 2016 - tchvatal@suse.com
+
+- Version update to 1.0.42:
+ - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
+ compiled with libsodium.
+ - The connection is now dropped if HTTP commands are received.
+ - LDAP force_default_gid and force_default_uid now work as documented.
+ - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
+ 1.0.22 circa 2009, but disabled back then due to client compatibility
+ concerns) is now on by default, except in broken clients compatibility mode.
+ - libmariadb is looked for in addition to libmysqlclient
+ - MySQL: my_make_scrambled_password() is not always an exported
+ symbol any more, so pure-ftpd now ships a reimplementation.
+ - openssl/ec.h is not available on some Linux distributions that
+ disable EC in OpenSSL. This is being tested by autoconf.
+ - New command-line switch: -2/--certfile= to set the path to the
+ certificate file when using TLS.
+ - Support for TCP_FASTOPEN added on Linux
+ - The LDAP configuration file didn't allow a default gid without also
+ defining a default uid. This is no longer the case.
+ - OpenBSD's glob() left the glob_t structure uninitialized if the
+ pattern was larger than PATH_MAX, causing globfree() to free() an
+ unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.
+- Refresh patch:
+ * pure-ftpd-1.0.20_config.patch
+
+-------------------------------------------------------------------
Old:
----
pure-ftpd-1.0.39.tar.gz
New:
----
pure-ftpd-1.0.42.tar.gz
pure-ftpd-1.0.42.tar.gz.sig
pure-ftpd.keyring
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pure-ftpd.spec ++++++
--- /var/tmp/diff_new_pack.XDsreM/_old 2016-01-22 01:07:20.000000000 +0100
+++ /var/tmp/diff_new_pack.XDsreM/_new 2016-01-22 01:07:20.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pure-ftpd
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,19 +17,21 @@
Name: pure-ftpd
-Version: 1.0.39
+Version: 1.0.42
Release: 0
Summary: A Lightweight, Fast, and Secure FTP Server
License: BSD-3-Clause
Group: Productivity/Networking/Ftp/Servers
Url: http://www.pureftpd.org
-Source: ftp://ftp.pureftpd.org/pub/%{name}/releases/%{name}-%{version}.tar.gz
-Source1: %{name}.init
-Source2: %{name}.pamd
-Source3: %{name}.xinetd
-Source4: %{name}.xml
-Source5: %{name}.firewall
-Source6: %{name}.service
+Source0: ftp://ftp.pureftpd.org/pub/%{name}/releases/%{name}-%{version}.tar.gz
+Source1: ftp://ftp.pureftpd.org/pub/%{name}/releases/%{name}-%{version}.tar.gz.sig
+Source2: %{name}.keyring
+Source3: %{name}.init
+Source4: %{name}.pamd
+Source5: %{name}.xinetd
+Source6: %{name}.xml
+Source7: %{name}.firewall
+Source8: %{name}.service
# PATCH-FEATURE-OPENSUSE %{name}-1.0.20_config.patch -- Custom service configs.
Patch0: %{name}-1.0.20_config.patch
# PATCH-FEATURE-OPENSUSE %{name}-1.0.20_doc.patch -- Adjust command paths on documentation.
@@ -124,20 +126,20 @@
install -m 0644 configuration-file/pure-ftpd.conf \
%{buildroot}%{_sysconfdir}/%{name}
-install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/pure-ftpd
-install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/xinetd.d/pure-ftpd
+install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/pure-ftpd
+install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/xinetd.d/pure-ftpd
install -m 0644 pureftpd.schema %{buildroot}%{_sysconfdir}/openldap/schema/
install -d %{buildroot}%{_datadir}/omc/svcinfo.d/
-install -m 0644 %{SOURCE4} %{buildroot}%{_datadir}/omc/svcinfo.d/
+install -m 0644 %{SOURCE6} %{buildroot}%{_datadir}/omc/svcinfo.d/
install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
-install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
+install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%if 0%{?suse_version} > 1140
-install -D -m0644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}.service
+install -D -m0644 %{SOURCE8} %{buildroot}%{_unitdir}/%{name}.service
ln -sf service %{buildroot}%{_sbindir}/rc%{name}
%else
-install -D -m 0755 %{SOURCE1} %{buildroot}%{_initddir}/%{name}
+install -D -m 0755 %{SOURCE3} %{buildroot}%{_initddir}/%{name}
mkdir -p %{buildroot}%{_sbindir}
ln -sf %{_initddir}/%{name} %{buildroot}%{_sbindir}/rc%{name}
%endif
++++++ pure-ftpd-1.0.20_config.patch ++++++
--- /var/tmp/diff_new_pack.XDsreM/_old 2016-01-22 01:07:21.000000000 +0100
+++ /var/tmp/diff_new_pack.XDsreM/_new 2016-01-22 01:07:21.000000000 +0100
@@ -155,7 +155,7 @@
-@@ -453,3 +469,4 @@ CustomerProof yes
+@@ -459,3 +475,4 @@ CustomerProof yes
# FileSystemCharset big5
# ClientCharset big5
@@ -164,27 +164,21 @@
===================================================================
--- pureftpd-mysql.conf.orig
+++ pureftpd-mysql.conf
-@@ -19,17 +19,18 @@
-
- # Optional : define the location of mysql.sock if the server runs on this host.
-
--MYSQLSocket /tmp/mysql.sock
-+MYSQLSocket /var/lib/mysql/mysql.sock
+@@ -23,13 +23,13 @@ MYSQLSocket /var/run/mysqld/mysqld.s
# Mandatory : user to bind the server as.
-
-MYSQLUser root
--
-+#
+# using the Database root user is always a bad idea.
-+#
+MYSQLUser ftpd
- # Mandatory : user password. You must have a password.
+ # Mandatory : user password. You must have a password.
+-
-MYSQLPassword rootpw
-+MYSQLPassword ftpdpw
++# using the Database root user is always a bad idea.
++MYSQLPassword ftpdpassword
# Mandatory : database to open.
++++++ pure-ftpd-1.0.39.tar.gz -> pure-ftpd-1.0.42.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/ChangeLog new/pure-ftpd-1.0.42/ChangeLog
--- old/pure-ftpd-1.0.39/ChangeLog 2015-05-31 17:05:50.000000000 +0200
+++ new/pure-ftpd-1.0.42/ChangeLog 2015-07-26 17:45:02.000000000 +0200
@@ -1,4 +1,30 @@
+* Version 1.0.42:
+ - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
+compiled with libsodium.
+ - The connection is now dropped if HTTP commands are received.
+ - LDAP force_default_gid and force_default_uid now work as documented.
+ - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
+1.0.22 circa 2009, but disabled back then due to client compatibility
+concerns) is now on by default, except in broken clients compatibility mode.
+
+* Version 1.0.41:
+ - libmariadb is looked for in addition to libmysqlclient
+ - MySQL: my_make_scrambled_password() is not always an exported
+symbol any more, so pure-ftpd now ships a reimplementation.
+ - openssl/ec.h is not available on some Linux distributions that
+disable EC in OpenSSL. This is being tested by autoconf.
+ - New command-line switch: -2/--certfile= to set the path to the
+certificate file when using TLS.
+
+* Version 1.0.40:
+ - Support for TCP_FASTOPEN added on Linux
+ - The LDAP configuration file didn't allow a default gid without also
+defining a default uid. This is no longer the case.
+ - OpenBSD's glob() left the glob_t structure uninitialized if the
+pattern was larger than PATH_MAX, causing globfree() to free() an
+unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.
+
* Version 1.0.39:
- Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5)
- Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/NEWS new/pure-ftpd-1.0.42/NEWS
--- old/pure-ftpd-1.0.39/NEWS 2015-05-31 17:22:35.000000000 +0200
+++ new/pure-ftpd-1.0.42/NEWS 2015-07-26 17:29:55.000000000 +0200
@@ -1,4 +1,29 @@
+* Version 1.0.42:
+ - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
+compiled with libsodium.
+ - The connection is now dropped if HTTP commands are received.
+ - LDAP force_default_gid and force_default_uid now work as documented.
+ - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
+1.0.22 circa 2009, but disabled back then due to client compatibility
+concerns) is now on by default, except in broken clients compatibility mode.
+
+* Version 1.0.41:
+ - MariaDB and MySQL 5.5+ are now fully supported
+ - MySQL <= 4.0.0 is not supported any more
+ - Some Linux distributions ship a version of OpenSSH without support
+for ECC. Pure-FTPd can now be compiled on these.
+ - New command-line switch: -2/--certfile= to set the path to the
+certificate file when using TLS.
+
+* Version 1.0.40:
+ - Support for TCP_FASTOPEN added on Linux
+ - The LDAP configuration file didn't allow a default gid without also
+defining a default uid. This is no longer the case.
+ - The process handling a user session could be crashed by trying to
+match a file pattern longer than the maximum length for a path. This
+has been fixed. Upgrading is recommended.
+
* Version 1.0.39:
- Compilation fix for ancient versions of OpenSSL.
- TLS sockets shutdown fixed in order to prevent incomplete transfers.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/README new/pure-ftpd-1.0.42/README
--- old/pure-ftpd-1.0.39/README 2015-05-31 17:16:46.000000000 +0200
+++ new/pure-ftpd-1.0.42/README 2015-07-26 16:56:42.000000000 +0200
@@ -1,6 +1,6 @@
.:. PURE-FTPD .:.
- Documentation for version 1.0.39
+ Documentation for version 1.0.42
------------------------ BLURB ------------------------
@@ -568,10 +568,8 @@
**** Usage with TCPserver ****
-TCPServer is part of the ucspi-tcp package by Dan Bernstein. It's less
-bloated than inetd, less D.O.S.-prone and has interesting filtering
-abilities. The simplest way of running Pure-FTPd with TCPserver is the
-following command:
+TCPServer is part of the ucspi-tcp package by Dan Bernstein.
+The simplest way of running Pure-FTPd with TCPserver is the following command:
tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd &
@@ -653,11 +651,13 @@
- '-1': log the PID of each session in syslog output.
+- '-2 <file>': when using TLS, set the path to the certificate file.
+
- '-4': only listen to IPv4 connections.
- '-6': don't listen to IPv4, only listen to IPv6.
-- '-a <gid>': Authenticated users will be granted access to their home
+- '-a <gid>': authenticated users will be granted access to their home
directory and nothing else (chroot) . This is especially useful for users
without shell access, for instance, WWW-hosting services shared by several
customers. Only member of group number <gid> will have unrestricted access
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/README.LDAP new/pure-ftpd-1.0.42/README.LDAP
--- old/pure-ftpd-1.0.39/README.LDAP 2015-05-22 15:49:14.000000000 +0200
+++ new/pure-ftpd-1.0.42/README.LDAP 2015-07-09 20:05:24.000000000 +0200
@@ -129,10 +129,10 @@
Then, you have to run the pure-ftpd command with '-l ldap:' (it's an 'ell'
not a 'one') followed by the path of that configuration file. Here's an
-example with tcpserver:
+example:
-tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd -l ldap:/etc/pureftpd-ldap.conf &
+pure-ftpd -l ldap:/etc/pureftpd-ldap.conf -B
You can mix different authentication methods. For instance, if you want to
use system (/etc/passwd) accounts when an account is not found in a LDAP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/README.MySQL new/pure-ftpd-1.0.42/README.MySQL
--- old/pure-ftpd-1.0.39/README.MySQL 2015-05-22 15:57:09.000000000 +0200
+++ new/pure-ftpd-1.0.42/README.MySQL 2015-07-09 20:05:24.000000000 +0200
@@ -1,21 +1,18 @@
-If you never heard about MySQL before, *DON'T* enable MySQL support in
-Pure-FTPd. MySQL is useless if you don't have to manage many shared
-accounts. But well... if you want to learn about MySQL anyway, here's a good
-starting point: http://www.mysql.com/ .
-
- ------------------------ MYSQL SUPPORT ------------------------
+ ------------------------ MYSQL/MARIADB SUPPORT ------------------------
When MySQL is enabled, all account info is fetched from a central MySQL
-database.
+or MariaDB database.
-To compile the server with MySQL support, you first have to build and
-install the MySQL client libraries. MySQL is freely available from
-http://www.mysql.com/ and binary packages are included in many major
+To compile the server with MySQL/MariaDB support, you first have to build and
+install the MySQL client libraries. MariaDB is freely available from
+https://mariadb.org/ and binary packages are included in many major
distributions. But if you choose a binary form, don't forget to also install
-the development packages if they are available separately.
+the development packages if they are available separately. For example, on
+Debian/Ubuntu systems, the package to install is called
+libmariadb-client-lgpl-dev.
Then, configure Pure-FTPd with --with-mysql and your favorite extra gadgets:
@@ -70,12 +67,11 @@
Save the configuration file anywhere. Let's say /etc/pureftpd-mysql.conf .
Then, you have to run the pure-ftpd command with '-l mysql:' (it's an 'ell'
-not a 'one') followed by the path of that configuration file. Here's an
-example with tcpserver:
-
+not a 'one') followed by the path of that configuration file.
-tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd -l mysql:/etc/pureftpd-mysql.conf &
+Example:
+pure-ftpd -l mysql:/etc/pureftpd-mysql.conf -B
You can mix different authentication methods. For instance, if you want to
use system (/etc/passwd) accounts when an account is not found in a MySQL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/README.PGSQL new/pure-ftpd-1.0.42/README.PGSQL
--- old/pure-ftpd-1.0.39/README.PGSQL 2015-05-22 15:54:34.000000000 +0200
+++ new/pure-ftpd-1.0.42/README.PGSQL 2015-07-09 20:05:24.000000000 +0200
@@ -64,10 +64,9 @@
Then, you have to run the pure-ftpd command with '-l pgsql:' (it's an 'ell'
not a 'one') followed by the path of that configuration file. Here's an
-example with tcpserver:
+example:
-
-tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd -l pgsql:/etc/pureftpd-pgsql.conf &
+pure-ftpd -l pgsql:/etc/pureftpd-pgsql.conf -B
You can mix different authentication methods. For instance, if you want to
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/config.h.in new/pure-ftpd-1.0.42/config.h.in
--- old/pure-ftpd-1.0.39/config.h.in 2015-05-31 17:17:45.000000000 +0200
+++ new/pure-ftpd-1.0.42/config.h.in 2015-07-26 16:58:14.000000000 +0200
@@ -196,6 +196,9 @@
/* Define to 1 if you have the `m' library (-lm). */
#undef HAVE_LIBM
+/* Define to 1 if you have the `mariadb' library (-lmariadb). */
+#undef HAVE_LIBMARIADB
+
/* Define to 1 if you have the `mysqlclient' library (-lmysqlclient). */
#undef HAVE_LIBMYSQLCLIENT
@@ -236,6 +239,9 @@
/* Define to 1 if you have the `madvise' function. */
#undef HAVE_MADVISE
+/* Define to 1 if you have the `make_scrambled_password' function. */
+#undef HAVE_MAKE_SCRAMBLED_PASSWORD
+
/* Define to 1 if you have the `mapviewoffile' function. */
#undef HAVE_MAPVIEWOFFILE
@@ -257,9 +263,6 @@
/* Define to 1 if you have the `munmap' function. */
#undef HAVE_MUNMAP
-/* Define to 1 if you have the `mysql_real_escape_string' function. */
-#undef HAVE_MYSQL_REAL_ESCAPE_STRING
-
/* Define to 1 if you have the `my_make_scrambled_password' function. */
#undef HAVE_MY_MAKE_SCRAMBLED_PASSWORD
@@ -278,6 +281,9 @@
/* obsolete pam */
#undef HAVE_OLD_PAM
+/* Define to 1 if you have the header file. */
+#undef HAVE_OPENSSL_EC_H
+
/* Define to 1 if you have the header file. */
#undef HAVE_OPENSSL_SSL_H
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/configuration-file/pure-config.pl.in new/pure-ftpd-1.0.42/configuration-file/pure-config.pl.in
--- old/pure-ftpd-1.0.39/configuration-file/pure-config.pl.in 2015-02-21 18:49:11.000000000 +0100
+++ new/pure-ftpd-1.0.42/configuration-file/pure-config.pl.in 2015-07-09 20:05:24.000000000 +0200
@@ -60,6 +60,7 @@
AltLog => "-O",
PIDFile => "-g",
TLSCipherSuite => "-J",
+ CertFile => "-2",
);
my %numeric_switch_for = (
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/configuration-file/pure-config.py.in new/pure-ftpd-1.0.42/configuration-file/pure-config.py.in
--- old/pure-ftpd-1.0.39/configuration-file/pure-config.py.in 2015-02-21 18:52:10.000000000 +0100
+++ new/pure-ftpd-1.0.42/configuration-file/pure-config.py.in 2015-07-09 20:05:24.000000000 +0200
@@ -114,6 +114,7 @@
["PIDFile\s+(\S+)", "-g", None ],
["TLSCipherSuite\s+(\S+)", "-J", None ],
["PerUserLimits\s+([:0-9]+)", "-y", None ],
+ ["CertFile\s+(\S+)", "-2", None ],
["TLS\s+(\d)", "-Y", None ])
for option in option_tuple:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/configuration-file/pure-ftpd.conf.in new/pure-ftpd-1.0.42/configuration-file/pure-ftpd.conf.in
--- old/pure-ftpd-1.0.39/configuration-file/pure-ftpd.conf.in 2015-02-21 19:56:05.000000000 +0100
+++ new/pure-ftpd-1.0.42/configuration-file/pure-ftpd.conf.in 2015-07-09 20:05:24.000000000 +0200
@@ -427,13 +427,19 @@
# Prefix with -C: in order to require valid client certificates.
# If -C: is used, make sure that clients' public keys are installed
# on the server.
-# SSL is disabled by default. TLS 1.0, 1.1 and 1.2 are availale by
+# SSL is disabled by default. TLS 1.0, 1.1 and 1.2 are available by
# default.
# TLSCipherSuite HIGH
+# Certificate file, for TLS
+
+# CertFile /etc/ssl/private/pure-ftpd.pem
+
+
+
# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
# By default, both IPv4 and IPv6 are enabled.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/configure new/pure-ftpd-1.0.42/configure
--- old/pure-ftpd-1.0.39/configure 2015-05-31 17:16:55.000000000 +0200
+++ new/pure-ftpd-1.0.42/configure 2015-07-26 16:57:30.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for pure-ftpd 1.0.39.
+# Generated by GNU Autoconf 2.69 for pure-ftpd 1.0.42.
#
# Report bugs to <bugs at pureftpd dot org>.
#
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='pure-ftpd'
PACKAGE_TARNAME='pure-ftpd'
-PACKAGE_VERSION='1.0.39'
-PACKAGE_STRING='pure-ftpd 1.0.39'
+PACKAGE_VERSION='1.0.42'
+PACKAGE_STRING='pure-ftpd 1.0.42'
PACKAGE_BUGREPORT='bugs at pureftpd dot org'
PACKAGE_URL=''
@@ -1337,7 +1337,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures pure-ftpd 1.0.39 to adapt to many kinds of systems.
+\`configure' configures pure-ftpd 1.0.42 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1403,7 +1403,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of pure-ftpd 1.0.39:";;
+ short | recursive ) echo "Configuration of pure-ftpd 1.0.42:";;
esac
cat <<\_ACEOF
@@ -1567,7 +1567,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-pure-ftpd configure 1.0.39
+pure-ftpd configure 1.0.42
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2276,7 +2276,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by pure-ftpd $as_me 1.0.39, which was
+It was created by pure-ftpd $as_me 1.0.42, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3148,7 +3148,7 @@
# Define the identity of the package.
PACKAGE='pure-ftpd'
- VERSION='1.0.39'
+ VERSION='1.0.42'
cat >>confdefs.h <<_ACEOF
@@ -7406,12 +7406,13 @@
done
-for ac_header in openssl/ssl.h
+for ac_header in openssl/ssl.h openssl/ec.h
do :
- ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default"
-if test "x$ac_cv_header_openssl_ssl_h" = xyes; then :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
-#define HAVE_OPENSSL_SSL_H 1
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
@@ -13303,8 +13304,8 @@
LDFLAGS="$LDFLAGS -L${withval}/lib -L${withval}/lib/mysql -L${withval}/mysql/lib"
CPPFLAGS="$CPPFLAGS -I${withval}/include -I${withval}/include/mysql -I${withval}/mysql/include"
else
- CFLAGS="$CFLAGS `mysql_config --cflags`"
- LDFLAGS="$LDFLAGS `mysql_config --libs`"
+ CFLAGS="$CFLAGS `mariadb_config --cflags 2> /dev/null || mysql_config --cflags`"
+ LDFLAGS="$LDFLAGS `mariadb_config --libs 2> /dev/null || mysql_config --libs`"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for floor in -lm" >&5
$as_echo_n "checking for floor in -lm... " >&6; }
@@ -13400,7 +13401,57 @@
$as_echo "#define WITH_MYSQL /**/" >>confdefs.h
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mysql_init in -lmysqlclient" >&5
+ ac_fn_c_check_func "$LINENO" "mysql_init" "ac_cv_func_mysql_init"
+if test "x$ac_cv_func_mysql_init" = xyes; then :
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mysql_init in -lmariadb" >&5
+$as_echo_n "checking for mysql_init in -lmariadb... " >&6; }
+if ${ac_cv_lib_mariadb_mysql_init+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lmariadb $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char mysql_init ();
+int
+main ()
+{
+return mysql_init ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_mariadb_mysql_init=yes
+else
+ ac_cv_lib_mariadb_mysql_init=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_mariadb_mysql_init" >&5
+$as_echo "$ac_cv_lib_mariadb_mysql_init" >&6; }
+if test "x$ac_cv_lib_mariadb_mysql_init" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBMARIADB 1
+_ACEOF
+
+ LIBS="-lmariadb $LIBS"
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mysql_init in -lmysqlclient" >&5
$as_echo_n "checking for mysql_init in -lmysqlclient... " >&6; }
if ${ac_cv_lib_mysqlclient_mysql_init+:} false; then :
$as_echo_n "(cached) " >&6
@@ -13447,6 +13498,12 @@
as_fn_error $? "libmysqlclient is needed for MySQL support" "$LINENO" 5
fi
+
+fi
+
+
+fi
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether mysql clients can run" >&5
$as_echo_n "checking whether mysql clients can run... " >&6; }
if test "$cross_compiling" = yes; then :
@@ -13482,7 +13539,7 @@
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
- for ac_func in mysql_real_escape_string my_make_scrambled_password
+ for ac_func in my_make_scrambled_password make_scrambled_password
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -14535,7 +14592,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by pure-ftpd $as_me 1.0.39, which was
+This file was extended by pure-ftpd $as_me 1.0.42, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -14601,7 +14658,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-pure-ftpd config.status 1.0.39
+pure-ftpd config.status 1.0.42
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/configure.ac new/pure-ftpd-1.0.42/configure.ac
--- old/pure-ftpd-1.0.39/configure.ac 2015-05-31 17:16:42.000000000 +0200
+++ new/pure-ftpd-1.0.42/configure.ac 2015-07-26 16:56:36.000000000 +0200
@@ -1,7 +1,7 @@
dnl AM_ACLOCAL_INCLUDE(m4)
AC_PREREQ(2.65)
-AC_INIT([pure-ftpd],[1.0.39],[bugs at pureftpd dot org])
+AC_INIT([pure-ftpd],[1.0.42],[bugs at pureftpd dot org])
AC_CONFIG_SRCDIR(src/ftpd.c)
AC_CONFIG_HEADERS([config.h])
AM_INIT_AUTOMAKE([1.9 dist-bzip2 tar-ustar])
@@ -142,7 +142,7 @@
AC_CHECK_HEADERS(windows.h io.h)
AC_CHECK_HEADERS(crypt.h)
AC_CHECK_HEADERS(utime.h)
-AC_CHECK_HEADERS(openssl/ssl.h)
+AC_CHECK_HEADERS(openssl/ssl.h openssl/ec.h)
AC_CHECK_HEADERS(CoreFoundation/CoreFoundation.h)
AC_CHECK_HEADERS(iconv.h)
AC_SYS_POSIX_TERMIOS
@@ -1290,15 +1290,19 @@
LDFLAGS="$LDFLAGS -L${withval}/lib -L${withval}/lib/mysql -L${withval}/mysql/lib"
CPPFLAGS="$CPPFLAGS -I${withval}/include -I${withval}/include/mysql -I${withval}/mysql/include"
else
- CFLAGS="$CFLAGS `mysql_config --cflags`"
- LDFLAGS="$LDFLAGS `mysql_config --libs`"
+ CFLAGS="$CFLAGS `mariadb_config --cflags 2> /dev/null || mysql_config --cflags`"
+ LDFLAGS="$LDFLAGS `mariadb_config --libs 2> /dev/null || mysql_config --libs`"
fi
AC_CHECK_LIB(m, floor)
AC_CHECK_LIB(z, gzclose)
with_mysql="yes"
AC_DEFINE(WITH_MYSQL,,[with mysql])
- AC_CHECK_LIB(mysqlclient, mysql_init, ,
- [AC_MSG_ERROR(libmysqlclient is needed for MySQL support)])
+ AC_CHECK_FUNC(mysql_init, , [
+ AC_CHECK_LIB(mariadb, mysql_init, , [
+ AC_CHECK_LIB(mysqlclient, mysql_init, ,
+ [AC_MSG_ERROR(libmysqlclient is needed for MySQL support)])
+ ])
+ ])
AC_MSG_CHECKING(whether mysql clients can run)
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include
@@ -1313,7 +1317,7 @@
AC_MSG_ERROR(Your MySQL client libraries aren't properly installed)
],[])
AC_MSG_RESULT(yes)
- AC_CHECK_FUNCS(mysql_real_escape_string my_make_scrambled_password)
+ AC_CHECK_FUNCS(my_make_scrambled_password make_scrambled_password)
fi ])
AC_ARG_WITH(pgsql,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/man/pure-ftpd.8.in new/pure-ftpd-1.0.42/man/pure-ftpd.8.in
--- old/pure-ftpd-1.0.39/man/pure-ftpd.8.in 2015-02-21 21:47:13.000000000 +0100
+++ new/pure-ftpd-1.0.42/man/pure-ftpd.8.in 2015-07-09 20:05:24.000000000 +0200
@@ -9,7 +9,7 @@
pure\-ftpd \- simple File Transfer Protocol server
.SH "SYNOPSIS"
-.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-J ciphers] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v bonjour name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
+.B pure\-ftpd [\-0] [\-1] [\-2] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-J ciphers] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v bonjour name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
.br
Alternative style :
@@ -18,6 +18,8 @@
.br
\-1 \-\-logpid
.br
+\-2 \-\-certfile
+.br
\-4 \-\-ipv4only
.br
\-6 \-\-ipv6only
@@ -153,6 +155,9 @@
.B none
is set.
.TP
+.B \-2 file
+When using TLS, set the path to the certificate file.
+.TP
.B \-4
Listen only to IPv4 connections.
.TP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/pam/pure-ftpd new/pure-ftpd-1.0.42/pam/pure-ftpd
--- old/pure-ftpd-1.0.39/pam/pure-ftpd 2011-09-07 07:02:03.000000000 +0200
+++ new/pure-ftpd-1.0.42/pam/pure-ftpd 2015-06-14 00:11:14.000000000 +0200
@@ -4,7 +4,6 @@
# Install it in /etc/pam.d/pure-ftpd or add to /etc/pam.conf
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
-auth required pam_stack.so service=system-auth
auth required pam_shells.so
auth required pam_nologin.so
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/pureftpd-mysql.conf new/pure-ftpd-1.0.42/pureftpd-mysql.conf
--- old/pure-ftpd-1.0.39/pureftpd-mysql.conf 2015-05-21 12:18:58.000000000 +0200
+++ new/pure-ftpd-1.0.42/pureftpd-mysql.conf 2015-07-09 20:05:24.000000000 +0200
@@ -19,7 +19,7 @@
# Optional : define the location of mysql.sock if the server runs on this host.
-MYSQLSocket /tmp/mysql.sock
+MYSQLSocket /var/run/mysqld/mysqld.sock
# Mandatory : user to bind the server as.
@@ -39,9 +39,9 @@
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "scrypt", "crypt", "sha1", "md5", "password" and "any"
-# ("password" = MySQL password() function)
+# ("password" = MySQL password() function, which is sha1(sha1(password)))
-MYSQLCrypt cleartext
+MYSQLCrypt scrypt
# In the following directives, parts of the strings are replaced at
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/pureftpd-pgsql.conf new/pure-ftpd-1.0.42/pureftpd-pgsql.conf
--- old/pure-ftpd-1.0.39/pureftpd-pgsql.conf 2015-05-22 16:24:23.000000000 +0200
+++ new/pure-ftpd-1.0.42/pureftpd-pgsql.conf 2015-07-09 20:05:24.000000000 +0200
@@ -37,7 +37,7 @@
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "scrypt", "crypt", "md5", "sha1" and "any"
-PGSQLCrypt cleartext
+PGSQLCrypt scrypt
# In the following directives, parts of the strings are replaced at
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/alt_arc4random.c new/pure-ftpd-1.0.42/src/alt_arc4random.c
--- old/pure-ftpd-1.0.39/src/alt_arc4random.c 2015-05-21 14:52:56.000000000 +0200
+++ new/pure-ftpd-1.0.42/src/alt_arc4random.c 2015-06-14 00:11:14.000000000 +0200
@@ -145,6 +145,7 @@
pure_memzero(rs_buf, RSBUFSZ);
rs_count = 1600000;
+ rs_stir_pid = getpid();
}
static inline void
@@ -152,9 +153,10 @@
{
pid_t pid = getpid();
- if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) {
- rs_stir_pid = pid;
+ if (rs_count <= len || !rs_initialized) {
_rs_stir();
+ } else if (rs_stir_pid != pid) {
+ abort();
} else {
rs_count -= len;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/bsd-glob.c new/pure-ftpd-1.0.42/src/bsd-glob.c
--- old/pure-ftpd-1.0.39/src/bsd-glob.c 2015-02-17 19:12:44.000000000 +0100
+++ new/pure-ftpd-1.0.42/src/bsd-glob.c 2015-06-14 01:12:09.000000000 +0200
@@ -151,9 +151,6 @@
Char *bufnext, *bufend, patbuf[PATH_MAX];
struct glob_lim limit = { 0, 0, 0 };
- if (strlen(pattern) >= PATH_MAX) {
- return GLOB_NOMATCH;
- }
pglob->gl_maxdepth = maxdepth;
pglob->gl_maxfiles = maxfiles;
patnext = (unsigned char *) pattern;
@@ -174,6 +171,9 @@
pglob->gl_pathc >= INT_MAX - pglob->gl_offs - 1) {
return GLOB_NOSPACE;
}
+ if (strlen(pattern) >= PATH_MAX) {
+ return GLOB_NOMATCH;
+ }
bufnext = patbuf;
bufend = bufnext + PATH_MAX - 1;
if (flags & GLOB_NOESCAPE) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/crypto.c new/pure-ftpd-1.0.42/src/crypto.c
--- old/pure-ftpd-1.0.39/src/crypto.c 2015-05-22 17:22:36.000000000 +0200
+++ new/pure-ftpd-1.0.42/src/crypto.c 2015-07-09 20:05:24.000000000 +0200
@@ -27,14 +27,14 @@
*/
#ifdef HAVE_LIBSODIUM
-static char *hexify(char * const result, const unsigned char *digest,
- const size_t size_result, size_t size_digest)
+char *hexify(char * const result, const unsigned char *digest,
+ const size_t size_result, size_t size_digest)
{
return sodium_bin2hex(result, size_result, digest, size_digest);
}
#else
-static char *hexify(char * const result, const unsigned char *digest,
- const size_t size_result, size_t size_digest)
+char *hexify(char * const result, const unsigned char *digest,
+ const size_t size_result, size_t size_digest)
{
static const char * const hexchars = "0123456789abcdef";
char *result_pnt = result;
@@ -57,101 +57,115 @@
/* Encode a buffer to Base64 */
-static char *base64ify(char * const result, const unsigned char *digest,
- const size_t size_result, size_t size_digest)
+char *base64ify(char * const b64, const unsigned char *bin,
+ size_t b64_maxlen, size_t bin_len)
{
- static const char * const b64chars =
+#define B64_PAD '='
+
+ static const char b64chars[64] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
- char *result_pnt = result;
+ char *b64_w = b64;
- if (size_result < (((size_digest + 2U) / 3U) * 4U + 1U)) {
+ if (b64_maxlen < (((bin_len + 2U) / 3U) * 4U + 1U)) {
return NULL;
}
- while (size_digest > (size_t) 2U) {
- const unsigned char t0 = (unsigned char) *digest++;
- const unsigned char t1 = (unsigned char) *digest++;
- const unsigned char t2 = (unsigned char) *digest++;
-
- *result_pnt++ = b64chars[(t0 >> 2) & 63];
- *result_pnt++ = b64chars[((t0 << 4) & 48) | ((t1 >> 4) & 15)];
- *result_pnt++ = b64chars[((t1 << 2) & 60) | ((t2 >> 6) & 3)];
- *result_pnt++ = b64chars[t2 & 63];
- size_digest -= (size_t) 3U;
- }
- if (size_digest > (size_t) 0U) {
- const unsigned char t0 = (unsigned char) digest[0];
-
- *result_pnt++ = b64chars[(t0 >> 2) & 63];
- if (size_digest == 1U) {
- *result_pnt++ = b64chars[((t0 << 4) & 48)];
- *result_pnt++ = '=';
+ while (bin_len > (size_t) 2U) {
+ const unsigned char t0 = (unsigned char) *bin++;
+ const unsigned char t1 = (unsigned char) *bin++;
+ const unsigned char t2 = (unsigned char) *bin++;
+
+ *b64_w++ = b64chars[(t0 >> 2) & 63];
+ *b64_w++ = b64chars[((t0 << 4) & 48) | ((t1 >> 4) & 15)];
+ *b64_w++ = b64chars[((t1 << 2) & 60) | ((t2 >> 6) & 3)];
+ *b64_w++ = b64chars[t2 & 63];
+ bin_len -= (size_t) 3U;
+ }
+ if (bin_len > (size_t) 0U) {
+ const unsigned char t0 = (unsigned char) bin[0];
+
+ *b64_w++ = b64chars[(t0 >> 2) & 63];
+ if (bin_len == 1U) {
+ *b64_w++ = b64chars[((t0 << 4) & 48)];
+ *b64_w++ = B64_PAD;
} else {
- const unsigned char t1 = (unsigned char) digest[1];
+ const unsigned char t1 = (unsigned char) bin[1];
- *result_pnt++ = b64chars[((t0 << 4) & 48) | ((t1 >> 4) & 15)];
- *result_pnt++ = b64chars[((t1 << 2) & 60)];
+ *b64_w++ = b64chars[((t0 << 4) & 48) | ((t1 >> 4) & 15)];
+ *b64_w++ = b64chars[((t1 << 2) & 60)];
}
- *result_pnt++ = '=';
+ *b64_w++ = B64_PAD;
}
- *result_pnt = 0;
+ *b64_w = 0;
- return result;
+ return b64;
}
/* Decode a Base64 encoded string */
-static char *debase64ify(char * const result, const unsigned char *encoded,
- const size_t size_result, size_t size_encoded,
- size_t *size_decoded)
-{
- const unsigned char rev64chars[] = {
- 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U,
- 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U,
- 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 62U, 0U, 0U, 0U, 63U, 52U, 53U,
- 54U, 55U, 56U, 57U, 58U, 59U, 60U, 61U, 0U, 0U, 0U, 255U, 0U, 0U, 0U,
- 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
- 16U, 17U, 18U, 19U, 20U, 21U, 22U, 23U, 24U, 25U, 0U, 0U, 0U, 0U, 0U,
- 0U, 26U, 27U, 28U, 29U, 30U, 31U, 32U, 33U, 34U, 35U, 36U, 37U, 38U,
- 39U, 40U, 41U, 42U, 43U, 44U, 45U, 46U, 47U, 48U, 49U, 50U, 51U
+static unsigned char *
+debase64ify(unsigned char * const bin, const char *b64,
+ size_t bin_maxlen, size_t b64_len, size_t * const bin_len_p)
+{
+#define REV64_EOT 128U
+#define REV64_NONE 64U
+#define REV64_PAD '='
+
+ static const unsigned char rev64chars[256] = {
+ REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE,
+ REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE,
+ REV64_NONE, REV64_NONE, REV64_NONE, 62U, REV64_NONE, REV64_NONE, REV64_NONE, 63U, 52U, 53U, 54U, 55U, 56U, 57U, 58U, 59U, 60U, 61U, REV64_NONE, REV64_NONE, REV64_NONE, REV64_EOT, REV64_NONE, REV64_NONE, REV64_NONE, 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U,
+ 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 16U, 17U, 18U, 19U, 20U, 21U, 22U, 23U, 24U, 25U, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, 26U, 27U, 28U, 29U, 30U, 31U, 32U, 33U, 34U, 35U, 36U, 37U, 38U, 39U, 40U, 41U, 42U,
+ 43U, 44U, 45U, 46U, 47U, 48U, 49U, 50U, 51U, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE,
+ REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE,
+ REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE,
+ REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE,
+ REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE,
+ REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE,
+ REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE
};
- size_t ch = size_encoded;
- char *result_pnt = result;
- int extra = 0;
-
- if (size_result < (((size_encoded + 3U) / 4U) * 3U + 1U)) {
+ const unsigned char *b64_u = (const unsigned char *) b64;
+ unsigned char *bin_w = bin;
+ unsigned char mask;
+ unsigned char t0, t1, t2, t3;
+ uint32_t t;
+ size_t i;
+
+ if (b64_len % 4U != 0U || (i = b64_len / 4U) <= 0U ||
+ bin_maxlen < i * 3U -
+ (b64_u[b64_len - 1U] == REV64_PAD) - (b64_u[b64_len - 2U] == REV64_PAD)) {
return NULL;
}
- while (ch > (size_t) 0U) {
- if (encoded[--ch] > 'z') {
- return NULL;
- }
- }
- while (size_encoded > (size_t) 3U) {
- const unsigned char t1 = rev64chars[encoded[1]];
- const unsigned char t2 = rev64chars[encoded[2]];
- const unsigned char t3 = rev64chars[encoded[3]];
- /*
- * I'm very proud : bit shifts and masks were done without writing
- * down anything on a piece of paper, and the first try worked :)
- */
- *result_pnt++ = (char) ((rev64chars[encoded[0]] << 2) | ((t1 & 48) >> 4));
- *result_pnt++ = (char) (((t1 & 15) << 4) | ((t2 & 60) >> 2));
- *result_pnt++ = (char) (((t2 & 3) << 6) | t3);
- if (t3 == 255U) {
- if (t2 == 255U) {
- extra = 2;
- } else {
- extra = 1;
+ while (i-- > 0U) {
+ t0 = rev64chars[*b64++];
+ t1 = rev64chars[*b64++];
+ t2 = rev64chars[*b64++];
+ t3 = rev64chars[*b64++];
+ t = ((uint32_t) t3) | ((uint32_t) t2 << 6) |
+ ((uint32_t) t1 << 12) | ((uint32_t) t0 << 18);
+ mask = t0 | t1 | t2 | t3;
+ if ((mask & (REV64_NONE | REV64_EOT)) != 0U) {
+ if ((mask & REV64_NONE) != 0U || i > 0U) {
+ return NULL;
}
break;
}
- encoded += 4;
- size_encoded -= (size_t) 4U;
+ *bin_w++ = (unsigned char) (t >> 16);
+ *bin_w++ = (unsigned char) (t >> 8);
+ *bin_w++ = (unsigned char) t;
}
- *size_decoded = (size_t) (result_pnt - result) - extra;
- *result_pnt = 0;
-
- return result;
+ if ((mask & REV64_EOT) != 0U) {
+ if (((t0 | t1) & REV64_EOT) != 0U || t3 != REV64_EOT) {
+ return NULL;
+ }
+ *bin_w++ = (unsigned char) (t >> 16);
+ if (t2 != REV64_EOT) {
+ *bin_w++ = (unsigned char) (t >> 8);
+ }
+ }
+ if (bin_len_p != NULL) {
+ *bin_len_p = (size_t) (bin_w - bin);
+ }
+ return bin;
}
/* Compute a simple hex SHA1 digest of a C-string */
@@ -210,8 +224,8 @@
size_t sizeof_hash_and_salt;
static char decoded[512];
- if (debase64ify(decoded, (const unsigned char *) stored,
- sizeof decoded, strlen(stored), &decoded_len) == NULL) {
+ if (debase64ify(decoded, stored, sizeof decoded,
+ strlen(stored), &decoded_len) == NULL) {
return NULL; /* huge salt, better abort */
}
if (decoded_len < sizeof digest) {
@@ -256,8 +270,8 @@
size_t sizeof_hash_and_salt;
static char decoded[512];
- if (debase64ify(decoded, (const unsigned char *) stored,
- sizeof decoded, strlen(stored), &decoded_len) == NULL) {
+ if (debase64ify(decoded, stored, sizeof decoded,
+ strlen(stored), &decoded_len) == NULL) {
return NULL; /* huge salt, better abort */
}
if (decoded_len < sizeof digest) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/crypto.h new/pure-ftpd-1.0.42/src/crypto.h
--- old/pure-ftpd-1.0.39/src/crypto.h 2015-02-17 19:12:45.000000000 +0100
+++ new/pure-ftpd-1.0.42/src/crypto.h 2015-07-09 20:05:24.000000000 +0200
@@ -1,6 +1,8 @@
#ifndef __CRYPTO_H__
#define __CRYPTO_H__ 1
+#include
+
#if SIZEOF_SHORT == 4
typedef short crypto_int4;
typedef unsigned short crypto_uint4;
@@ -27,5 +29,7 @@
char *crypto_hash_ssha1(const char *string, const char *stored);
char *crypto_hash_md5(const char *string, const int hex);
char *crypto_hash_smd5(const char *string, const char *stored);
+char *hexify(char * const result, const unsigned char *digest,
+ const size_t size_result, size_t size_digest);
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/ftp_parser.c new/pure-ftpd-1.0.42/src/ftp_parser.c
--- old/pure-ftpd-1.0.39/src/ftp_parser.c 2015-02-22 00:44:45.000000000 +0100
+++ new/pure-ftpd-1.0.42/src/ftp_parser.c 2015-07-26 16:54:55.000000000 +0200
@@ -692,6 +692,14 @@
} else if (!strcmp(cmd, "abor")) {
addreply_noformat(226, MSG_ABOR_SUCCESS);
#ifndef MINIMAL
+ } else if (!strcmp(cmd, "connect") ||
+ !strcmp(cmd, "delete") ||
+ !strcmp(cmd, "get") ||
+ !strcmp(cmd, "head") ||
+ !strcmp(cmd, "options") ||
+ !strcmp(cmd, "post") ||
+ !strcmp(cmd, "put")) {
+ die(500, LOG_INFO, "HTTP command: [%s]", cmd);
} else if (!strcmp(cmd, "site")) {
if ((sitearg = arg) != NULL) {
while (*sitearg != 0 && !isspace((unsigned char) *sitearg)) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/ftpd.c new/pure-ftpd-1.0.42/src/ftpd.c
--- old/pure-ftpd-1.0.39/src/ftpd.c 2015-05-21 12:40:08.000000000 +0200
+++ new/pure-ftpd-1.0.42/src/ftpd.c 2015-07-09 20:05:24.000000000 +0200
@@ -335,6 +335,7 @@
client_fflush();
}
if (len > replybuf_left) {
+ va_end(va);
abort();
}
memcpy(replybuf_pos, buf, len);
@@ -624,6 +625,7 @@
char line[MAX_SYSLOG_LINE];
if (no_syslog != 0) {
+ va_end(va);
return;
}
va_start(va, format);
@@ -5420,6 +5422,13 @@
strerror(old_errno));
return;
}
+# ifdef TCP_FASTOPEN
+ {
+ int tfo = maxusers > 0U ? 3U + maxusers / 8U : DEFAULT_BACKLOG;
+ setsockopt(listenfd, IPPROTO_TCP, TCP_FASTOPEN,
+ (void *) &tfo, sizeof tfo);
+ }
+# endif
if (bind(listenfd, res->ai_addr, (socklen_t) res->ai_addrlen) != 0 ||
listen(listenfd, maxusers > 0U ?
3U + maxusers / 8U : DEFAULT_BACKLOG) != 0) {
@@ -5443,6 +5452,13 @@
(void) setsockopt(listenfd6, IPPROTO_IPV6, IPV6_V6ONLY,
(char *) &on, sizeof on);
# endif
+# ifdef TCP_FASTOPEN
+ {
+ int tfo = maxusers > 0U ? 3U + maxusers / 8U : DEFAULT_BACKLOG;
+ setsockopt(listenfd6, IPPROTO_TCP, TCP_FASTOPEN,
+ (void *) &tfo, sizeof tfo);
+ }
+# endif
if (bind(listenfd6, res6->ai_addr,
(socklen_t) res6->ai_addrlen) != 0 ||
listen(listenfd6, maxusers > 0U ?
@@ -5782,6 +5798,11 @@
}
#endif
#ifdef WITH_TLS
+ case '2':
+ if ((cert_file = strdup(optarg)) == NULL) {
+ die_mem();
+ }
+ break;
case 'Y': {
if ((enforce_tls_auth = atoi(optarg)) < 0 || enforce_tls_auth > 3) {
die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/ftpd_p.h new/pure-ftpd-1.0.42/src/ftpd_p.h
--- old/pure-ftpd-1.0.39/src/ftpd_p.h 2015-02-17 19:12:45.000000000 +0100
+++ new/pure-ftpd-1.0.42/src/ftpd_p.h 2015-07-09 20:05:24.000000000 +0200
@@ -104,7 +104,7 @@
"y:"
#endif
#ifdef WITH_TLS
- "Y:J:"
+ "2:Y:J:"
#endif
"zZ";
@@ -112,12 +112,15 @@
static struct option long_options[] = {
{ "notruncate", 0, NULL, '0' },
{ "logpid", 0, NULL, '1' },
+# ifdef WITH_TLS
+ { "certfile", 1, NULL, '2' },
+# endif
{ "ipv4only", 0, NULL, '4' },
{ "ipv6only", 0, NULL, '6' },
-#ifdef WITH_RFC2640
+# ifdef WITH_RFC2640
{ "fscharset", 1, NULL, '8' },
{ "clientcharset", 1, NULL, '9' },
-#endif
+# endif
{ "chrooteveryone", 0, NULL, 'A' },
{ "trustedgid", 1, NULL, 'a' },
{ "brokenclientscompatibility", 0, NULL, 'b' },
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/globals.h new/pure-ftpd-1.0.42/src/globals.h
--- old/pure-ftpd-1.0.39/src/globals.h 2015-05-20 15:36:20.000000000 +0200
+++ new/pure-ftpd-1.0.42/src/globals.h 2015-07-09 20:05:24.000000000 +0200
@@ -166,6 +166,7 @@
GLOBAL(const char *tlsciphersuite, TLS_DEFAULT_CIPHER_SUITE);
GLOBAL0(signed char ssl_disabled);
GLOBAL0(signed char ssl_verify_client_cert);
+GLOBAL(const char *cert_file, TLS_CERTIFICATE_FILE);
#endif
GLOBAL0(char *atomic_prefix);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/log_ldap.c new/pure-ftpd-1.0.42/src/log_ldap.c
--- old/pure-ftpd-1.0.39/src/log_ldap.c 2015-05-21 15:45:55.000000000 +0200
+++ new/pure-ftpd-1.0.42/src/log_ldap.c 2015-07-26 16:45:36.000000000 +0200
@@ -441,7 +441,9 @@
goto error;
}
/* only force the uid if default_uid has been set */
- if (!force_default_uid && default_uid > 0) {
+ if (force_default_uid != 0 && default_uid > (uid_t) 0) {
+ pwret.pw_uid = default_uid;
+ } else {
if ((pw_uid_s = pw_ldap_getvalue(ld, res, LDAP_FTPUID)) == NULL ||
*pw_uid_s == 0 ||
(pwret.pw_uid = (uid_t) strtoul(pw_uid_s, NULL, 10)) <= (uid_t) 0) {
@@ -453,13 +455,13 @@
pwret.pw_uid = default_uid;
}
}
- } else {
- pwret.pw_uid = default_uid;
}
free((void *) pw_uid_s);
pw_uid_s = NULL;
/* only force the gid if default_gid has been set */
- if (!force_default_gid && default_uid > 0) {
+ if (force_default_gid != 0 && default_gid > (gid_t) 0) {
+ pwret.pw_gid = default_gid;
+ } else {
if ((pw_gid_s = pw_ldap_getvalue(ld, res, LDAP_FTPGID)) == NULL ||
*pw_gid_s == 0 ||
(pwret.pw_gid = (gid_t) strtoul(pw_gid_s, NULL, 10)) <= (gid_t) 0) {
@@ -471,8 +473,6 @@
pwret.pw_gid = default_gid;
}
}
- } else {
- pwret.pw_gid = default_gid;
}
free((void *) pw_gid_s);
pw_gid_s = NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/log_mysql.c new/pure-ftpd-1.0.42/src/log_mysql.c
--- old/pure-ftpd-1.0.39/src/log_mysql.c 2015-05-21 12:52:57.000000000 +0200
+++ new/pure-ftpd-1.0.42/src/log_mysql.c 2015-07-09 20:05:24.000000000 +0200
@@ -8,6 +8,7 @@
# include "log_mysql.h"
# include "messages.h"
# include "crypto.h"
+# include "crypto-sha1.h"
# include "alt_arc4random.h"
# include "utils.h"
@@ -47,23 +48,28 @@
size_t from_len;
size_t to_len;
char *to;
- unsigned long tolen;
+ unsigned long escaped_len;
unsigned int t;
- unsigned char t1, t2;
+ unsigned char t1, t2, t3, t4;
if (from == NULL) {
return NULL;
}
from_len = strlen(from);
to_len = from_len * 2U + (size_t) 1U;
- if ((to = malloc(to_len + (size_t) 2U)) == NULL) {
+ if ((to = malloc(to_len + (size_t) 4U)) == NULL) {
return NULL;
}
t = zrand();
t1 = t & 0xff;
t2 = (t >> 8) & 0xff;
+ t = zrand();
+ t3 = t & 0xff;
+ t4 = (t >> 8) & 0xff;
to[to_len] = (char) t1;
to[to_len + 1] = (char) t2;
+ to[to_len + 2] = (char) t3;
+ to[to_len + 3] = (char) t4;
/*
* I really hate giving a buffer without any size to a 3rd party function.
* The "to" buffer is allocated on the heap, not on the stack, if
@@ -73,20 +79,17 @@
* possible instead of doing anything with the heap. We'll end up with
* a segmentation violation, but without any possible exploit.
*/
-#ifdef HAVE_MYSQL_REAL_ESCAPE_STRING
- tolen = mysql_real_escape_string(id_sql_server, to, from, from_len);
-#else
- /* MySQL 3 is obsolete. */
- tolen = mysql_escape_string(to, from, from_len);
-#endif
- if (tolen >= to_len ||
+ escaped_len = mysql_real_escape_string(id_sql_server, to, from, from_len);
+ if (escaped_len >= to_len ||
(unsigned char) to[to_len] != t1 ||
- (unsigned char) to[to_len + 1] != t2) {
+ (unsigned char) to[to_len + 1] != t2 ||
+ (unsigned char) to[to_len + 2] != t3 ||
+ (unsigned char) to[to_len + 3] != t4) {
for (;;) {
*to++ = 0;
}
}
- to[tolen] = 0;
+ to[escaped_len] = 0;
return to;
}
@@ -455,31 +458,35 @@
}
}
if (crypto_mysql != 0) {
-#if MYSQL_VERSION_ID < 40100 || defined(USE_OLD_MYSQL_SCRAMBLING)
- unsigned long hash_res[2];
- char scrambled_password[MYSQL_CRYPT_LEN];
-
-# if MYSQL_VERSION_ID < 40100
- hash_password(hash_res, password);
-# else
- hash_password(hash_res, password, strlen(password));
-# endif
- snprintf(scrambled_password, sizeof scrambled_password, "%08lx%08lx",
- hash_res[0], hash_res[1]);
-#else
char scrambled_password[42]; /* 2 * 20 (sha1 hash size) + 2 */
-# if MYSQL_VERSION_ID >= 40100 && MYSQL_VERSION_ID < 40101
- make_scrambled_password(scrambled_password, password, 1, NULL);
-# else
-# ifdef HAVE_MY_MAKE_SCRAMBLED_PASSWORD
+# ifdef HAVE_MY_MAKE_SCRAMBLED_PASSWORD
my_make_scrambled_password(scrambled_password, password,
strlen(password));
-# else
+# elif defined(HAVE_MAKE_SCRAMBLED_PASSWORD)
make_scrambled_password(scrambled_password, password);
-# endif
+# else
+ {
+ SHA1_CTX ctx;
+ unsigned char h0[20], h1[20];
+ char *p;
+
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, password, strlen(password));
+ SHA1Final(h0, &ctx);
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, h0, sizeof h0);
+ pure_memzero(h0, sizeof h0);
+ SHA1Final(h1, &ctx);
+ *scrambled_password = '*';
+ hexify(scrambled_password + 1U, h1,
+ (sizeof scrambled_password) - 1U, sizeof h1);
+ *(p = scrambled_password) = '*';
+ while (*p++ != 0) {
+ *p = (char) toupper((unsigned char) *p);
+ }
+ }
# endif
-#endif
if (pure_strcmp(scrambled_password, spwd) == 0) {
goto auth_ok;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/ls.c new/pure-ftpd-1.0.42/src/ls.c
--- old/pure-ftpd-1.0.39/src/ls.c 2015-02-22 13:23:59.000000000 +0100
+++ new/pure-ftpd-1.0.42/src/ls.c 2015-06-14 00:11:14.000000000 +0200
@@ -924,6 +924,7 @@
/* Expand ~ here if needed */
alarm(GLOB_TIMEOUT);
+ memset(&g, 0, sizeof g);
a = sglob(arg,
opt_a ? (GLOB_PERIOD | GLOB_LIMIT) : GLOB_LIMIT,
NULL, &g, max_ls_files + 2, max_ls_depth * 2);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/tls.c new/pure-ftpd-1.0.42/src/tls.c
--- old/pure-ftpd-1.0.39/src/tls.c 2015-05-28 17:04:12.000000000 +0200
+++ new/pure-ftpd-1.0.42/src/tls.c 2015-07-26 17:30:24.000000000 +0200
@@ -25,12 +25,11 @@
# endif
/*
- * Unfortunately disabled by default, because it looks like a lot of clients
- * don't support this properly yet.
- * Feel free to enable it if none of your customers complains.
+ * Enabled by default since pure-ftpd 1.0.42, except in broken clients
+ * compatibility mode.
*/
# ifndef ONLY_ACCEPT_REUSED_SSL_SESSIONS
-# define ONLY_ACCEPT_REUSED_SSL_SESSIONS 0
+# define ONLY_ACCEPT_REUSED_SSL_SESSIONS 1
# endif
static void tls_error(const int line, int err)
@@ -40,8 +39,7 @@
}
if (err != 0) {
logfile(LOG_ERR, "TLS [%s](%d): %s",
- TLS_CERTIFICATE_FILE, line,
- ERR_error_string(err, NULL));
+ cert_file, line, ERR_error_string(err, NULL));
}
_EXIT(EXIT_FAILURE);
}
@@ -224,12 +222,11 @@
_EXIT(EXIT_FAILURE);
}
}
- if (SSL_CTX_use_certificate_chain_file(tls_ctx,
- TLS_CERTIFICATE_FILE) != 1) {
+ if (SSL_CTX_use_certificate_chain_file(tls_ctx, cert_file) != 1) {
die(421, LOG_ERR,
- MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
+ MSG_FILE_DOESNT_EXIST ": [%s]", cert_file);
}
- if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
+ if (SSL_CTX_use_PrivateKey_file(tls_ctx, cert_file,
SSL_FILETYPE_PEM) != 1) {
tls_error(__LINE__, 0);
}
@@ -258,8 +255,7 @@
if (ssl_verify_client_cert) {
SSL_CTX_set_verify(tls_ctx, SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
SSL_VERIFY_PEER, NULL);
- if (SSL_CTX_load_verify_locations(tls_ctx,
- TLS_CERTIFICATE_FILE, NULL) != 1) {
+ if (SSL_CTX_load_verify_locations(tls_ctx, cert_file, NULL) != 1) {
tls_error(__LINE__, 0);
}
}
@@ -354,7 +350,7 @@
break;
}
# if ONLY_ACCEPT_REUSED_SSL_SESSIONS
- if (SSL_session_reused(tls_data_cnx) == 0) {
+ if (broken_client_compat == 0 && SSL_session_reused(tls_data_cnx) == 0) {
tls_error(__LINE__, 0);
}
# endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/tls.h new/pure-ftpd-1.0.42/src/tls.h
--- old/pure-ftpd-1.0.39/src/tls.h 2015-05-31 16:43:23.000000000 +0200
+++ new/pure-ftpd-1.0.42/src/tls.h 2015-07-09 20:05:24.000000000 +0200
@@ -6,7 +6,9 @@
# include
# include
# include
-# include
+# ifdef HAVE_OPENSSL_EC_H
+# include
+# endif
int tls_init_library(void);
void tls_free_library(void);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/utils.c new/pure-ftpd-1.0.42/src/utils.c
--- old/pure-ftpd-1.0.39/src/utils.c 2015-05-21 22:00:09.000000000 +0200
+++ new/pure-ftpd-1.0.42/src/utils.c 2015-07-09 20:05:24.000000000 +0200
@@ -25,8 +25,8 @@
while (i < len) {
pnt_[i++] = 0U;
}
-}
# endif
+}
int pure_memcmp(const void * const b1_, const void * const b2_, size_t len)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/utils.h new/pure-ftpd-1.0.42/src/utils.h
--- old/pure-ftpd-1.0.39/src/utils.h 2015-05-21 22:00:14.000000000 +0200
+++ new/pure-ftpd-1.0.42/src/utils.h 2015-06-14 00:11:14.000000000 +0200
@@ -8,7 +8,7 @@
#else
void pure_memzero(void * const pnt, const size_t len);
int pure_memcmp(const void * const b1_, const void * const b2_, size_t len);
-int pure_strcmp(const char * const s1, const char * const s2);
#endif
+int pure_strcmp(const char * const s1, const char * const s2);
#endif