Hello community, here is the log from the commit of package pure-ftpd for openSUSE:Factory checked in at 2016-01-21 23:42:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pure-ftpd (Old) and /work/SRC/openSUSE:Factory/.pure-ftpd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pure-ftpd" Changes: -------- --- /work/SRC/openSUSE:Factory/pure-ftpd/pure-ftpd.changes 2015-06-06 09:54:27.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pure-ftpd.new/pure-ftpd.changes 2016-01-22 01:07:18.000000000 +0100 @@ -1,0 +2,32 @@ +Sat Jan 16 13:41:42 UTC 2016 - [email protected] + +- Add gpg signature + +------------------------------------------------------------------- +Fri Jan 8 10:58:04 UTC 2016 - [email protected] + +- Version update to 1.0.42: + - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not + compiled with libsodium. + - The connection is now dropped if HTTP commands are received. + - LDAP force_default_gid and force_default_uid now work as documented. + - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd + 1.0.22 circa 2009, but disabled back then due to client compatibility + concerns) is now on by default, except in broken clients compatibility mode. + - libmariadb is looked for in addition to libmysqlclient + - MySQL: my_make_scrambled_password() is not always an exported + symbol any more, so pure-ftpd now ships a reimplementation. + - openssl/ec.h is not available on some Linux distributions that + disable EC in OpenSSL. This is being tested by autoconf. + - New command-line switch: -2/--certfile= to set the path to the + certificate file when using TLS. + - Support for TCP_FASTOPEN added on Linux + - The LDAP configuration file didn't allow a default gid without also + defining a default uid. This is no longer the case. + - OpenBSD's glob() left the glob_t structure uninitialized if the + pattern was larger than PATH_MAX, causing globfree() to free() an + unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34. +- Refresh patch: + * pure-ftpd-1.0.20_config.patch + +------------------------------------------------------------------- Old: ---- pure-ftpd-1.0.39.tar.gz New: ---- pure-ftpd-1.0.42.tar.gz pure-ftpd-1.0.42.tar.gz.sig pure-ftpd.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pure-ftpd.spec ++++++ --- /var/tmp/diff_new_pack.XDsreM/_old 2016-01-22 01:07:20.000000000 +0100 +++ /var/tmp/diff_new_pack.XDsreM/_new 2016-01-22 01:07:20.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package pure-ftpd # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,19 +17,21 @@ Name: pure-ftpd -Version: 1.0.39 +Version: 1.0.42 Release: 0 Summary: A Lightweight, Fast, and Secure FTP Server License: BSD-3-Clause Group: Productivity/Networking/Ftp/Servers Url: http://www.pureftpd.org -Source: ftp://ftp.pureftpd.org/pub/%{name}/releases/%{name}-%{version}.tar.gz -Source1: %{name}.init -Source2: %{name}.pamd -Source3: %{name}.xinetd -Source4: %{name}.xml -Source5: %{name}.firewall -Source6: %{name}.service +Source0: ftp://ftp.pureftpd.org/pub/%{name}/releases/%{name}-%{version}.tar.gz +Source1: ftp://ftp.pureftpd.org/pub/%{name}/releases/%{name}-%{version}.tar.gz.sig +Source2: %{name}.keyring +Source3: %{name}.init +Source4: %{name}.pamd +Source5: %{name}.xinetd +Source6: %{name}.xml +Source7: %{name}.firewall +Source8: %{name}.service # PATCH-FEATURE-OPENSUSE %{name}-1.0.20_config.patch -- Custom service configs. Patch0: %{name}-1.0.20_config.patch # PATCH-FEATURE-OPENSUSE %{name}-1.0.20_doc.patch -- Adjust command paths on documentation. @@ -124,20 +126,20 @@ install -m 0644 configuration-file/pure-ftpd.conf \ %{buildroot}%{_sysconfdir}/%{name} -install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/pure-ftpd -install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/xinetd.d/pure-ftpd +install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/pure-ftpd +install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/xinetd.d/pure-ftpd install -m 0644 pureftpd.schema %{buildroot}%{_sysconfdir}/openldap/schema/ install -d %{buildroot}%{_datadir}/omc/svcinfo.d/ -install -m 0644 %{SOURCE4} %{buildroot}%{_datadir}/omc/svcinfo.d/ +install -m 0644 %{SOURCE6} %{buildroot}%{_datadir}/omc/svcinfo.d/ install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ -install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} +install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} %if 0%{?suse_version} > 1140 -install -D -m0644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}.service +install -D -m0644 %{SOURCE8} %{buildroot}%{_unitdir}/%{name}.service ln -sf service %{buildroot}%{_sbindir}/rc%{name} %else -install -D -m 0755 %{SOURCE1} %{buildroot}%{_initddir}/%{name} +install -D -m 0755 %{SOURCE3} %{buildroot}%{_initddir}/%{name} mkdir -p %{buildroot}%{_sbindir} ln -sf %{_initddir}/%{name} %{buildroot}%{_sbindir}/rc%{name} %endif ++++++ pure-ftpd-1.0.20_config.patch ++++++ --- /var/tmp/diff_new_pack.XDsreM/_old 2016-01-22 01:07:21.000000000 +0100 +++ /var/tmp/diff_new_pack.XDsreM/_new 2016-01-22 01:07:21.000000000 +0100 @@ -155,7 +155,7 @@ -@@ -453,3 +469,4 @@ CustomerProof yes +@@ -459,3 +475,4 @@ CustomerProof yes # FileSystemCharset big5 # ClientCharset big5 @@ -164,27 +164,21 @@ =================================================================== --- pureftpd-mysql.conf.orig +++ pureftpd-mysql.conf -@@ -19,17 +19,18 @@ - - # Optional : define the location of mysql.sock if the server runs on this host. - --MYSQLSocket /tmp/mysql.sock -+MYSQLSocket /var/lib/mysql/mysql.sock +@@ -23,13 +23,13 @@ MYSQLSocket /var/run/mysqld/mysqld.s # Mandatory : user to bind the server as. - -MYSQLUser root -- -+# +# using the Database root user is always a bad idea. -+# +MYSQLUser ftpd - # Mandatory : user password. You must have a password. + # Mandatory : user password. You must have a password. +- -MYSQLPassword rootpw -+MYSQLPassword ftpdpw ++# using the Database root user is always a bad idea. ++MYSQLPassword ftpdpassword # Mandatory : database to open. ++++++ pure-ftpd-1.0.39.tar.gz -> pure-ftpd-1.0.42.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/ChangeLog new/pure-ftpd-1.0.42/ChangeLog --- old/pure-ftpd-1.0.39/ChangeLog 2015-05-31 17:05:50.000000000 +0200 +++ new/pure-ftpd-1.0.42/ChangeLog 2015-07-26 17:45:02.000000000 +0200 @@ -1,4 +1,30 @@ +* Version 1.0.42: + - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not +compiled with libsodium. + - The connection is now dropped if HTTP commands are received. + - LDAP force_default_gid and force_default_uid now work as documented. + - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd +1.0.22 circa 2009, but disabled back then due to client compatibility +concerns) is now on by default, except in broken clients compatibility mode. + +* Version 1.0.41: + - libmariadb is looked for in addition to libmysqlclient + - MySQL: my_make_scrambled_password() is not always an exported +symbol any more, so pure-ftpd now ships a reimplementation. + - openssl/ec.h is not available on some Linux distributions that +disable EC in OpenSSL. This is being tested by autoconf. + - New command-line switch: -2/--certfile= to set the path to the +certificate file when using TLS. + +* Version 1.0.40: + - Support for TCP_FASTOPEN added on Linux + - The LDAP configuration file didn't allow a default gid without also +defining a default uid. This is no longer the case. + - OpenBSD's glob() left the glob_t structure uninitialized if the +pattern was larger than PATH_MAX, causing globfree() to free() an +unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34. + * Version 1.0.39: - Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5) - Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/NEWS new/pure-ftpd-1.0.42/NEWS --- old/pure-ftpd-1.0.39/NEWS 2015-05-31 17:22:35.000000000 +0200 +++ new/pure-ftpd-1.0.42/NEWS 2015-07-26 17:29:55.000000000 +0200 @@ -1,4 +1,29 @@ +* Version 1.0.42: + - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not +compiled with libsodium. + - The connection is now dropped if HTTP commands are received. + - LDAP force_default_gid and force_default_uid now work as documented. + - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd +1.0.22 circa 2009, but disabled back then due to client compatibility +concerns) is now on by default, except in broken clients compatibility mode. + +* Version 1.0.41: + - MariaDB and MySQL 5.5+ are now fully supported + - MySQL <= 4.0.0 is not supported any more + - Some Linux distributions ship a version of OpenSSH without support +for ECC. Pure-FTPd can now be compiled on these. + - New command-line switch: -2/--certfile= to set the path to the +certificate file when using TLS. + +* Version 1.0.40: + - Support for TCP_FASTOPEN added on Linux + - The LDAP configuration file didn't allow a default gid without also +defining a default uid. This is no longer the case. + - The process handling a user session could be crashed by trying to +match a file pattern longer than the maximum length for a path. This +has been fixed. Upgrading is recommended. + * Version 1.0.39: - Compilation fix for ancient versions of OpenSSL. - TLS sockets shutdown fixed in order to prevent incomplete transfers. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/README new/pure-ftpd-1.0.42/README --- old/pure-ftpd-1.0.39/README 2015-05-31 17:16:46.000000000 +0200 +++ new/pure-ftpd-1.0.42/README 2015-07-26 16:56:42.000000000 +0200 @@ -1,6 +1,6 @@ .:. PURE-FTPD .:. - Documentation for version 1.0.39 + Documentation for version 1.0.42 ------------------------ BLURB ------------------------ @@ -568,10 +568,8 @@ **** Usage with TCPserver **** -TCPServer is part of the ucspi-tcp package by Dan Bernstein. It's less -bloated than inetd, less D.O.S.-prone and has interesting filtering -abilities. The simplest way of running Pure-FTPd with TCPserver is the -following command: +TCPServer is part of the ucspi-tcp package by Dan Bernstein. +The simplest way of running Pure-FTPd with TCPserver is the following command: tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd & @@ -653,11 +651,13 @@ - '-1': log the PID of each session in syslog output. +- '-2 <file>': when using TLS, set the path to the certificate file. + - '-4': only listen to IPv4 connections. - '-6': don't listen to IPv4, only listen to IPv6. -- '-a <gid>': Authenticated users will be granted access to their home +- '-a <gid>': authenticated users will be granted access to their home directory and nothing else (chroot) . This is especially useful for users without shell access, for instance, WWW-hosting services shared by several customers. Only member of group number <gid> will have unrestricted access diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/README.LDAP new/pure-ftpd-1.0.42/README.LDAP --- old/pure-ftpd-1.0.39/README.LDAP 2015-05-22 15:49:14.000000000 +0200 +++ new/pure-ftpd-1.0.42/README.LDAP 2015-07-09 20:05:24.000000000 +0200 @@ -129,10 +129,10 @@ Then, you have to run the pure-ftpd command with '-l ldap:' (it's an 'ell' not a 'one') followed by the path of that configuration file. Here's an -example with tcpserver: +example: -tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd -l ldap:/etc/pureftpd-ldap.conf & +pure-ftpd -l ldap:/etc/pureftpd-ldap.conf -B You can mix different authentication methods. For instance, if you want to use system (/etc/passwd) accounts when an account is not found in a LDAP diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/README.MySQL new/pure-ftpd-1.0.42/README.MySQL --- old/pure-ftpd-1.0.39/README.MySQL 2015-05-22 15:57:09.000000000 +0200 +++ new/pure-ftpd-1.0.42/README.MySQL 2015-07-09 20:05:24.000000000 +0200 @@ -1,21 +1,18 @@ -If you never heard about MySQL before, *DON'T* enable MySQL support in -Pure-FTPd. MySQL is useless if you don't have to manage many shared -accounts. But well... if you want to learn about MySQL anyway, here's a good -starting point: http://www.mysql.com/ . - - ------------------------ MYSQL SUPPORT ------------------------ + ------------------------ MYSQL/MARIADB SUPPORT ------------------------ When MySQL is enabled, all account info is fetched from a central MySQL -database. +or MariaDB database. -To compile the server with MySQL support, you first have to build and -install the MySQL client libraries. MySQL is freely available from -http://www.mysql.com/ and binary packages are included in many major +To compile the server with MySQL/MariaDB support, you first have to build and +install the MySQL client libraries. MariaDB is freely available from +https://mariadb.org/ and binary packages are included in many major distributions. But if you choose a binary form, don't forget to also install -the development packages if they are available separately. +the development packages if they are available separately. For example, on +Debian/Ubuntu systems, the package to install is called +libmariadb-client-lgpl-dev. Then, configure Pure-FTPd with --with-mysql and your favorite extra gadgets: @@ -70,12 +67,11 @@ Save the configuration file anywhere. Let's say /etc/pureftpd-mysql.conf . Then, you have to run the pure-ftpd command with '-l mysql:' (it's an 'ell' -not a 'one') followed by the path of that configuration file. Here's an -example with tcpserver: - +not a 'one') followed by the path of that configuration file. -tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd -l mysql:/etc/pureftpd-mysql.conf & +Example: +pure-ftpd -l mysql:/etc/pureftpd-mysql.conf -B You can mix different authentication methods. For instance, if you want to use system (/etc/passwd) accounts when an account is not found in a MySQL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/README.PGSQL new/pure-ftpd-1.0.42/README.PGSQL --- old/pure-ftpd-1.0.39/README.PGSQL 2015-05-22 15:54:34.000000000 +0200 +++ new/pure-ftpd-1.0.42/README.PGSQL 2015-07-09 20:05:24.000000000 +0200 @@ -64,10 +64,9 @@ Then, you have to run the pure-ftpd command with '-l pgsql:' (it's an 'ell' not a 'one') followed by the path of that configuration file. Here's an -example with tcpserver: +example: - -tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd -l pgsql:/etc/pureftpd-pgsql.conf & +pure-ftpd -l pgsql:/etc/pureftpd-pgsql.conf -B You can mix different authentication methods. For instance, if you want to diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/config.h.in new/pure-ftpd-1.0.42/config.h.in --- old/pure-ftpd-1.0.39/config.h.in 2015-05-31 17:17:45.000000000 +0200 +++ new/pure-ftpd-1.0.42/config.h.in 2015-07-26 16:58:14.000000000 +0200 @@ -196,6 +196,9 @@ /* Define to 1 if you have the `m' library (-lm). */ #undef HAVE_LIBM +/* Define to 1 if you have the `mariadb' library (-lmariadb). */ +#undef HAVE_LIBMARIADB + /* Define to 1 if you have the `mysqlclient' library (-lmysqlclient). */ #undef HAVE_LIBMYSQLCLIENT @@ -236,6 +239,9 @@ /* Define to 1 if you have the `madvise' function. */ #undef HAVE_MADVISE +/* Define to 1 if you have the `make_scrambled_password' function. */ +#undef HAVE_MAKE_SCRAMBLED_PASSWORD + /* Define to 1 if you have the `mapviewoffile' function. */ #undef HAVE_MAPVIEWOFFILE @@ -257,9 +263,6 @@ /* Define to 1 if you have the `munmap' function. */ #undef HAVE_MUNMAP -/* Define to 1 if you have the `mysql_real_escape_string' function. */ -#undef HAVE_MYSQL_REAL_ESCAPE_STRING - /* Define to 1 if you have the `my_make_scrambled_password' function. */ #undef HAVE_MY_MAKE_SCRAMBLED_PASSWORD @@ -278,6 +281,9 @@ /* obsolete pam */ #undef HAVE_OLD_PAM +/* Define to 1 if you have the <openssl/ec.h> header file. */ +#undef HAVE_OPENSSL_EC_H + /* Define to 1 if you have the <openssl/ssl.h> header file. */ #undef HAVE_OPENSSL_SSL_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/configuration-file/pure-config.pl.in new/pure-ftpd-1.0.42/configuration-file/pure-config.pl.in --- old/pure-ftpd-1.0.39/configuration-file/pure-config.pl.in 2015-02-21 18:49:11.000000000 +0100 +++ new/pure-ftpd-1.0.42/configuration-file/pure-config.pl.in 2015-07-09 20:05:24.000000000 +0200 @@ -60,6 +60,7 @@ AltLog => "-O", PIDFile => "-g", TLSCipherSuite => "-J", + CertFile => "-2", ); my %numeric_switch_for = ( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/configuration-file/pure-config.py.in new/pure-ftpd-1.0.42/configuration-file/pure-config.py.in --- old/pure-ftpd-1.0.39/configuration-file/pure-config.py.in 2015-02-21 18:52:10.000000000 +0100 +++ new/pure-ftpd-1.0.42/configuration-file/pure-config.py.in 2015-07-09 20:05:24.000000000 +0200 @@ -114,6 +114,7 @@ ["PIDFile\s+(\S+)", "-g", None ], ["TLSCipherSuite\s+(\S+)", "-J", None ], ["PerUserLimits\s+([:0-9]+)", "-y", None ], + ["CertFile\s+(\S+)", "-2", None ], ["TLS\s+(\d)", "-Y", None ]) for option in option_tuple: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/configuration-file/pure-ftpd.conf.in new/pure-ftpd-1.0.42/configuration-file/pure-ftpd.conf.in --- old/pure-ftpd-1.0.39/configuration-file/pure-ftpd.conf.in 2015-02-21 19:56:05.000000000 +0100 +++ new/pure-ftpd-1.0.42/configuration-file/pure-ftpd.conf.in 2015-07-09 20:05:24.000000000 +0200 @@ -427,13 +427,19 @@ # Prefix with -C: in order to require valid client certificates. # If -C: is used, make sure that clients' public keys are installed # on the server. -# SSL is disabled by default. TLS 1.0, 1.1 and 1.2 are availale by +# SSL is disabled by default. TLS 1.0, 1.1 and 1.2 are available by # default. # TLSCipherSuite HIGH +# Certificate file, for TLS + +# CertFile /etc/ssl/private/pure-ftpd.pem + + + # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6) # By default, both IPv4 and IPv6 are enabled. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/configure new/pure-ftpd-1.0.42/configure --- old/pure-ftpd-1.0.39/configure 2015-05-31 17:16:55.000000000 +0200 +++ new/pure-ftpd-1.0.42/configure 2015-07-26 16:57:30.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for pure-ftpd 1.0.39. +# Generated by GNU Autoconf 2.69 for pure-ftpd 1.0.42. # # Report bugs to <bugs at pureftpd dot org>. # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='pure-ftpd' PACKAGE_TARNAME='pure-ftpd' -PACKAGE_VERSION='1.0.39' -PACKAGE_STRING='pure-ftpd 1.0.39' +PACKAGE_VERSION='1.0.42' +PACKAGE_STRING='pure-ftpd 1.0.42' PACKAGE_BUGREPORT='bugs at pureftpd dot org' PACKAGE_URL='' @@ -1337,7 +1337,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pure-ftpd 1.0.39 to adapt to many kinds of systems. +\`configure' configures pure-ftpd 1.0.42 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1403,7 +1403,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pure-ftpd 1.0.39:";; + short | recursive ) echo "Configuration of pure-ftpd 1.0.42:";; esac cat <<\_ACEOF @@ -1567,7 +1567,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pure-ftpd configure 1.0.39 +pure-ftpd configure 1.0.42 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2276,7 +2276,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pure-ftpd $as_me 1.0.39, which was +It was created by pure-ftpd $as_me 1.0.42, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3148,7 +3148,7 @@ # Define the identity of the package. PACKAGE='pure-ftpd' - VERSION='1.0.39' + VERSION='1.0.42' cat >>confdefs.h <<_ACEOF @@ -7406,12 +7406,13 @@ done -for ac_header in openssl/ssl.h +for ac_header in openssl/ssl.h openssl/ec.h do : - ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default" -if test "x$ac_cv_header_openssl_ssl_h" = xyes; then : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_SSL_H 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi @@ -13303,8 +13304,8 @@ LDFLAGS="$LDFLAGS -L${withval}/lib -L${withval}/lib/mysql -L${withval}/mysql/lib" CPPFLAGS="$CPPFLAGS -I${withval}/include -I${withval}/include/mysql -I${withval}/mysql/include" else - CFLAGS="$CFLAGS `mysql_config --cflags`" - LDFLAGS="$LDFLAGS `mysql_config --libs`" + CFLAGS="$CFLAGS `mariadb_config --cflags 2> /dev/null || mysql_config --cflags`" + LDFLAGS="$LDFLAGS `mariadb_config --libs 2> /dev/null || mysql_config --libs`" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for floor in -lm" >&5 $as_echo_n "checking for floor in -lm... " >&6; } @@ -13400,7 +13401,57 @@ $as_echo "#define WITH_MYSQL /**/" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mysql_init in -lmysqlclient" >&5 + ac_fn_c_check_func "$LINENO" "mysql_init" "ac_cv_func_mysql_init" +if test "x$ac_cv_func_mysql_init" = xyes; then : + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mysql_init in -lmariadb" >&5 +$as_echo_n "checking for mysql_init in -lmariadb... " >&6; } +if ${ac_cv_lib_mariadb_mysql_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lmariadb $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char mysql_init (); +int +main () +{ +return mysql_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_mariadb_mysql_init=yes +else + ac_cv_lib_mariadb_mysql_init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_mariadb_mysql_init" >&5 +$as_echo "$ac_cv_lib_mariadb_mysql_init" >&6; } +if test "x$ac_cv_lib_mariadb_mysql_init" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBMARIADB 1 +_ACEOF + + LIBS="-lmariadb $LIBS" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mysql_init in -lmysqlclient" >&5 $as_echo_n "checking for mysql_init in -lmysqlclient... " >&6; } if ${ac_cv_lib_mysqlclient_mysql_init+:} false; then : $as_echo_n "(cached) " >&6 @@ -13447,6 +13498,12 @@ as_fn_error $? "libmysqlclient is needed for MySQL support" "$LINENO" 5 fi + +fi + + +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether mysql clients can run" >&5 $as_echo_n "checking whether mysql clients can run... " >&6; } if test "$cross_compiling" = yes; then : @@ -13482,7 +13539,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - for ac_func in mysql_real_escape_string my_make_scrambled_password + for ac_func in my_make_scrambled_password make_scrambled_password do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -14535,7 +14592,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pure-ftpd $as_me 1.0.39, which was +This file was extended by pure-ftpd $as_me 1.0.42, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14601,7 +14658,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -pure-ftpd config.status 1.0.39 +pure-ftpd config.status 1.0.42 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/configure.ac new/pure-ftpd-1.0.42/configure.ac --- old/pure-ftpd-1.0.39/configure.ac 2015-05-31 17:16:42.000000000 +0200 +++ new/pure-ftpd-1.0.42/configure.ac 2015-07-26 16:56:36.000000000 +0200 @@ -1,7 +1,7 @@ dnl AM_ACLOCAL_INCLUDE(m4) AC_PREREQ(2.65) -AC_INIT([pure-ftpd],[1.0.39],[bugs at pureftpd dot org]) +AC_INIT([pure-ftpd],[1.0.42],[bugs at pureftpd dot org]) AC_CONFIG_SRCDIR(src/ftpd.c) AC_CONFIG_HEADERS([config.h]) AM_INIT_AUTOMAKE([1.9 dist-bzip2 tar-ustar]) @@ -142,7 +142,7 @@ AC_CHECK_HEADERS(windows.h io.h) AC_CHECK_HEADERS(crypt.h) AC_CHECK_HEADERS(utime.h) -AC_CHECK_HEADERS(openssl/ssl.h) +AC_CHECK_HEADERS(openssl/ssl.h openssl/ec.h) AC_CHECK_HEADERS(CoreFoundation/CoreFoundation.h) AC_CHECK_HEADERS(iconv.h) AC_SYS_POSIX_TERMIOS @@ -1290,15 +1290,19 @@ LDFLAGS="$LDFLAGS -L${withval}/lib -L${withval}/lib/mysql -L${withval}/mysql/lib" CPPFLAGS="$CPPFLAGS -I${withval}/include -I${withval}/include/mysql -I${withval}/mysql/include" else - CFLAGS="$CFLAGS `mysql_config --cflags`" - LDFLAGS="$LDFLAGS `mysql_config --libs`" + CFLAGS="$CFLAGS `mariadb_config --cflags 2> /dev/null || mysql_config --cflags`" + LDFLAGS="$LDFLAGS `mariadb_config --libs 2> /dev/null || mysql_config --libs`" fi AC_CHECK_LIB(m, floor) AC_CHECK_LIB(z, gzclose) with_mysql="yes" AC_DEFINE(WITH_MYSQL,,[with mysql]) - AC_CHECK_LIB(mysqlclient, mysql_init, , - [AC_MSG_ERROR(libmysqlclient is needed for MySQL support)]) + AC_CHECK_FUNC(mysql_init, , [ + AC_CHECK_LIB(mariadb, mysql_init, , [ + AC_CHECK_LIB(mysqlclient, mysql_init, , + [AC_MSG_ERROR(libmysqlclient is needed for MySQL support)]) + ]) + ]) AC_MSG_CHECKING(whether mysql clients can run) AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <stdio.h> @@ -1313,7 +1317,7 @@ AC_MSG_ERROR(Your MySQL client libraries aren't properly installed) ],[]) AC_MSG_RESULT(yes) - AC_CHECK_FUNCS(mysql_real_escape_string my_make_scrambled_password) + AC_CHECK_FUNCS(my_make_scrambled_password make_scrambled_password) fi ]) AC_ARG_WITH(pgsql, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/man/pure-ftpd.8.in new/pure-ftpd-1.0.42/man/pure-ftpd.8.in --- old/pure-ftpd-1.0.39/man/pure-ftpd.8.in 2015-02-21 21:47:13.000000000 +0100 +++ new/pure-ftpd-1.0.42/man/pure-ftpd.8.in 2015-07-09 20:05:24.000000000 +0200 @@ -9,7 +9,7 @@ pure\-ftpd \- simple File Transfer Protocol server .SH "SYNOPSIS" -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-J ciphers] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v bonjour name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] +.B pure\-ftpd [\-0] [\-1] [\-2] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-J ciphers] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v bonjour name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] .br Alternative style : @@ -18,6 +18,8 @@ .br \-1 \-\-logpid .br +\-2 \-\-certfile +.br \-4 \-\-ipv4only .br \-6 \-\-ipv6only @@ -153,6 +155,9 @@ .B none is set. .TP +.B \-2 file +When using TLS, set the path to the certificate file. +.TP .B \-4 Listen only to IPv4 connections. .TP diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/pam/pure-ftpd new/pure-ftpd-1.0.42/pam/pure-ftpd --- old/pure-ftpd-1.0.39/pam/pure-ftpd 2011-09-07 07:02:03.000000000 +0200 +++ new/pure-ftpd-1.0.42/pam/pure-ftpd 2015-06-14 00:11:14.000000000 +0200 @@ -4,7 +4,6 @@ # Install it in /etc/pam.d/pure-ftpd or add to /etc/pam.conf auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed -auth required pam_stack.so service=system-auth auth required pam_shells.so auth required pam_nologin.so diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/pureftpd-mysql.conf new/pure-ftpd-1.0.42/pureftpd-mysql.conf --- old/pure-ftpd-1.0.39/pureftpd-mysql.conf 2015-05-21 12:18:58.000000000 +0200 +++ new/pure-ftpd-1.0.42/pureftpd-mysql.conf 2015-07-09 20:05:24.000000000 +0200 @@ -19,7 +19,7 @@ # Optional : define the location of mysql.sock if the server runs on this host. -MYSQLSocket /tmp/mysql.sock +MYSQLSocket /var/run/mysqld/mysqld.sock # Mandatory : user to bind the server as. @@ -39,9 +39,9 @@ # Mandatory : how passwords are stored # Valid values are : "cleartext", "scrypt", "crypt", "sha1", "md5", "password" and "any" -# ("password" = MySQL password() function) +# ("password" = MySQL password() function, which is sha1(sha1(password))) -MYSQLCrypt cleartext +MYSQLCrypt scrypt # In the following directives, parts of the strings are replaced at diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/pureftpd-pgsql.conf new/pure-ftpd-1.0.42/pureftpd-pgsql.conf --- old/pure-ftpd-1.0.39/pureftpd-pgsql.conf 2015-05-22 16:24:23.000000000 +0200 +++ new/pure-ftpd-1.0.42/pureftpd-pgsql.conf 2015-07-09 20:05:24.000000000 +0200 @@ -37,7 +37,7 @@ # Mandatory : how passwords are stored # Valid values are : "cleartext", "scrypt", "crypt", "md5", "sha1" and "any" -PGSQLCrypt cleartext +PGSQLCrypt scrypt # In the following directives, parts of the strings are replaced at diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/alt_arc4random.c new/pure-ftpd-1.0.42/src/alt_arc4random.c --- old/pure-ftpd-1.0.39/src/alt_arc4random.c 2015-05-21 14:52:56.000000000 +0200 +++ new/pure-ftpd-1.0.42/src/alt_arc4random.c 2015-06-14 00:11:14.000000000 +0200 @@ -145,6 +145,7 @@ pure_memzero(rs_buf, RSBUFSZ); rs_count = 1600000; + rs_stir_pid = getpid(); } static inline void @@ -152,9 +153,10 @@ { pid_t pid = getpid(); - if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) { - rs_stir_pid = pid; + if (rs_count <= len || !rs_initialized) { _rs_stir(); + } else if (rs_stir_pid != pid) { + abort(); } else { rs_count -= len; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/bsd-glob.c new/pure-ftpd-1.0.42/src/bsd-glob.c --- old/pure-ftpd-1.0.39/src/bsd-glob.c 2015-02-17 19:12:44.000000000 +0100 +++ new/pure-ftpd-1.0.42/src/bsd-glob.c 2015-06-14 01:12:09.000000000 +0200 @@ -151,9 +151,6 @@ Char *bufnext, *bufend, patbuf[PATH_MAX]; struct glob_lim limit = { 0, 0, 0 }; - if (strlen(pattern) >= PATH_MAX) { - return GLOB_NOMATCH; - } pglob->gl_maxdepth = maxdepth; pglob->gl_maxfiles = maxfiles; patnext = (unsigned char *) pattern; @@ -174,6 +171,9 @@ pglob->gl_pathc >= INT_MAX - pglob->gl_offs - 1) { return GLOB_NOSPACE; } + if (strlen(pattern) >= PATH_MAX) { + return GLOB_NOMATCH; + } bufnext = patbuf; bufend = bufnext + PATH_MAX - 1; if (flags & GLOB_NOESCAPE) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/crypto.c new/pure-ftpd-1.0.42/src/crypto.c --- old/pure-ftpd-1.0.39/src/crypto.c 2015-05-22 17:22:36.000000000 +0200 +++ new/pure-ftpd-1.0.42/src/crypto.c 2015-07-09 20:05:24.000000000 +0200 @@ -27,14 +27,14 @@ */ #ifdef HAVE_LIBSODIUM -static char *hexify(char * const result, const unsigned char *digest, - const size_t size_result, size_t size_digest) +char *hexify(char * const result, const unsigned char *digest, + const size_t size_result, size_t size_digest) { return sodium_bin2hex(result, size_result, digest, size_digest); } #else -static char *hexify(char * const result, const unsigned char *digest, - const size_t size_result, size_t size_digest) +char *hexify(char * const result, const unsigned char *digest, + const size_t size_result, size_t size_digest) { static const char * const hexchars = "0123456789abcdef"; char *result_pnt = result; @@ -57,101 +57,115 @@ /* Encode a buffer to Base64 */ -static char *base64ify(char * const result, const unsigned char *digest, - const size_t size_result, size_t size_digest) +char *base64ify(char * const b64, const unsigned char *bin, + size_t b64_maxlen, size_t bin_len) { - static const char * const b64chars = +#define B64_PAD '=' + + static const char b64chars[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - char *result_pnt = result; + char *b64_w = b64; - if (size_result < (((size_digest + 2U) / 3U) * 4U + 1U)) { + if (b64_maxlen < (((bin_len + 2U) / 3U) * 4U + 1U)) { return NULL; } - while (size_digest > (size_t) 2U) { - const unsigned char t0 = (unsigned char) *digest++; - const unsigned char t1 = (unsigned char) *digest++; - const unsigned char t2 = (unsigned char) *digest++; - - *result_pnt++ = b64chars[(t0 >> 2) & 63]; - *result_pnt++ = b64chars[((t0 << 4) & 48) | ((t1 >> 4) & 15)]; - *result_pnt++ = b64chars[((t1 << 2) & 60) | ((t2 >> 6) & 3)]; - *result_pnt++ = b64chars[t2 & 63]; - size_digest -= (size_t) 3U; - } - if (size_digest > (size_t) 0U) { - const unsigned char t0 = (unsigned char) digest[0]; - - *result_pnt++ = b64chars[(t0 >> 2) & 63]; - if (size_digest == 1U) { - *result_pnt++ = b64chars[((t0 << 4) & 48)]; - *result_pnt++ = '='; + while (bin_len > (size_t) 2U) { + const unsigned char t0 = (unsigned char) *bin++; + const unsigned char t1 = (unsigned char) *bin++; + const unsigned char t2 = (unsigned char) *bin++; + + *b64_w++ = b64chars[(t0 >> 2) & 63]; + *b64_w++ = b64chars[((t0 << 4) & 48) | ((t1 >> 4) & 15)]; + *b64_w++ = b64chars[((t1 << 2) & 60) | ((t2 >> 6) & 3)]; + *b64_w++ = b64chars[t2 & 63]; + bin_len -= (size_t) 3U; + } + if (bin_len > (size_t) 0U) { + const unsigned char t0 = (unsigned char) bin[0]; + + *b64_w++ = b64chars[(t0 >> 2) & 63]; + if (bin_len == 1U) { + *b64_w++ = b64chars[((t0 << 4) & 48)]; + *b64_w++ = B64_PAD; } else { - const unsigned char t1 = (unsigned char) digest[1]; + const unsigned char t1 = (unsigned char) bin[1]; - *result_pnt++ = b64chars[((t0 << 4) & 48) | ((t1 >> 4) & 15)]; - *result_pnt++ = b64chars[((t1 << 2) & 60)]; + *b64_w++ = b64chars[((t0 << 4) & 48) | ((t1 >> 4) & 15)]; + *b64_w++ = b64chars[((t1 << 2) & 60)]; } - *result_pnt++ = '='; + *b64_w++ = B64_PAD; } - *result_pnt = 0; + *b64_w = 0; - return result; + return b64; } /* Decode a Base64 encoded string */ -static char *debase64ify(char * const result, const unsigned char *encoded, - const size_t size_result, size_t size_encoded, - size_t *size_decoded) -{ - const unsigned char rev64chars[] = { - 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, - 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, - 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 0U, 62U, 0U, 0U, 0U, 63U, 52U, 53U, - 54U, 55U, 56U, 57U, 58U, 59U, 60U, 61U, 0U, 0U, 0U, 255U, 0U, 0U, 0U, - 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 16U, 17U, 18U, 19U, 20U, 21U, 22U, 23U, 24U, 25U, 0U, 0U, 0U, 0U, 0U, - 0U, 26U, 27U, 28U, 29U, 30U, 31U, 32U, 33U, 34U, 35U, 36U, 37U, 38U, - 39U, 40U, 41U, 42U, 43U, 44U, 45U, 46U, 47U, 48U, 49U, 50U, 51U +static unsigned char * +debase64ify(unsigned char * const bin, const char *b64, + size_t bin_maxlen, size_t b64_len, size_t * const bin_len_p) +{ +#define REV64_EOT 128U +#define REV64_NONE 64U +#define REV64_PAD '=' + + static const unsigned char rev64chars[256] = { + REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, + REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, + REV64_NONE, REV64_NONE, REV64_NONE, 62U, REV64_NONE, REV64_NONE, REV64_NONE, 63U, 52U, 53U, 54U, 55U, 56U, 57U, 58U, 59U, 60U, 61U, REV64_NONE, REV64_NONE, REV64_NONE, REV64_EOT, REV64_NONE, REV64_NONE, REV64_NONE, 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, + 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 16U, 17U, 18U, 19U, 20U, 21U, 22U, 23U, 24U, 25U, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, 26U, 27U, 28U, 29U, 30U, 31U, 32U, 33U, 34U, 35U, 36U, 37U, 38U, 39U, 40U, 41U, 42U, + 43U, 44U, 45U, 46U, 47U, 48U, 49U, 50U, 51U, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, + REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, + REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, + REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, + REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, + REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, + REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE }; - size_t ch = size_encoded; - char *result_pnt = result; - int extra = 0; - - if (size_result < (((size_encoded + 3U) / 4U) * 3U + 1U)) { + const unsigned char *b64_u = (const unsigned char *) b64; + unsigned char *bin_w = bin; + unsigned char mask; + unsigned char t0, t1, t2, t3; + uint32_t t; + size_t i; + + if (b64_len % 4U != 0U || (i = b64_len / 4U) <= 0U || + bin_maxlen < i * 3U - + (b64_u[b64_len - 1U] == REV64_PAD) - (b64_u[b64_len - 2U] == REV64_PAD)) { return NULL; } - while (ch > (size_t) 0U) { - if (encoded[--ch] > 'z') { - return NULL; - } - } - while (size_encoded > (size_t) 3U) { - const unsigned char t1 = rev64chars[encoded[1]]; - const unsigned char t2 = rev64chars[encoded[2]]; - const unsigned char t3 = rev64chars[encoded[3]]; - /* - * I'm very proud : bit shifts and masks were done without writing - * down anything on a piece of paper, and the first try worked :) - */ - *result_pnt++ = (char) ((rev64chars[encoded[0]] << 2) | ((t1 & 48) >> 4)); - *result_pnt++ = (char) (((t1 & 15) << 4) | ((t2 & 60) >> 2)); - *result_pnt++ = (char) (((t2 & 3) << 6) | t3); - if (t3 == 255U) { - if (t2 == 255U) { - extra = 2; - } else { - extra = 1; + while (i-- > 0U) { + t0 = rev64chars[*b64++]; + t1 = rev64chars[*b64++]; + t2 = rev64chars[*b64++]; + t3 = rev64chars[*b64++]; + t = ((uint32_t) t3) | ((uint32_t) t2 << 6) | + ((uint32_t) t1 << 12) | ((uint32_t) t0 << 18); + mask = t0 | t1 | t2 | t3; + if ((mask & (REV64_NONE | REV64_EOT)) != 0U) { + if ((mask & REV64_NONE) != 0U || i > 0U) { + return NULL; } break; } - encoded += 4; - size_encoded -= (size_t) 4U; + *bin_w++ = (unsigned char) (t >> 16); + *bin_w++ = (unsigned char) (t >> 8); + *bin_w++ = (unsigned char) t; } - *size_decoded = (size_t) (result_pnt - result) - extra; - *result_pnt = 0; - - return result; + if ((mask & REV64_EOT) != 0U) { + if (((t0 | t1) & REV64_EOT) != 0U || t3 != REV64_EOT) { + return NULL; + } + *bin_w++ = (unsigned char) (t >> 16); + if (t2 != REV64_EOT) { + *bin_w++ = (unsigned char) (t >> 8); + } + } + if (bin_len_p != NULL) { + *bin_len_p = (size_t) (bin_w - bin); + } + return bin; } /* Compute a simple hex SHA1 digest of a C-string */ @@ -210,8 +224,8 @@ size_t sizeof_hash_and_salt; static char decoded[512]; - if (debase64ify(decoded, (const unsigned char *) stored, - sizeof decoded, strlen(stored), &decoded_len) == NULL) { + if (debase64ify(decoded, stored, sizeof decoded, + strlen(stored), &decoded_len) == NULL) { return NULL; /* huge salt, better abort */ } if (decoded_len < sizeof digest) { @@ -256,8 +270,8 @@ size_t sizeof_hash_and_salt; static char decoded[512]; - if (debase64ify(decoded, (const unsigned char *) stored, - sizeof decoded, strlen(stored), &decoded_len) == NULL) { + if (debase64ify(decoded, stored, sizeof decoded, + strlen(stored), &decoded_len) == NULL) { return NULL; /* huge salt, better abort */ } if (decoded_len < sizeof digest) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/crypto.h new/pure-ftpd-1.0.42/src/crypto.h --- old/pure-ftpd-1.0.39/src/crypto.h 2015-02-17 19:12:45.000000000 +0100 +++ new/pure-ftpd-1.0.42/src/crypto.h 2015-07-09 20:05:24.000000000 +0200 @@ -1,6 +1,8 @@ #ifndef __CRYPTO_H__ #define __CRYPTO_H__ 1 +#include <stdlib.h> + #if SIZEOF_SHORT == 4 typedef short crypto_int4; typedef unsigned short crypto_uint4; @@ -27,5 +29,7 @@ char *crypto_hash_ssha1(const char *string, const char *stored); char *crypto_hash_md5(const char *string, const int hex); char *crypto_hash_smd5(const char *string, const char *stored); +char *hexify(char * const result, const unsigned char *digest, + const size_t size_result, size_t size_digest); #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/ftp_parser.c new/pure-ftpd-1.0.42/src/ftp_parser.c --- old/pure-ftpd-1.0.39/src/ftp_parser.c 2015-02-22 00:44:45.000000000 +0100 +++ new/pure-ftpd-1.0.42/src/ftp_parser.c 2015-07-26 16:54:55.000000000 +0200 @@ -692,6 +692,14 @@ } else if (!strcmp(cmd, "abor")) { addreply_noformat(226, MSG_ABOR_SUCCESS); #ifndef MINIMAL + } else if (!strcmp(cmd, "connect") || + !strcmp(cmd, "delete") || + !strcmp(cmd, "get") || + !strcmp(cmd, "head") || + !strcmp(cmd, "options") || + !strcmp(cmd, "post") || + !strcmp(cmd, "put")) { + die(500, LOG_INFO, "HTTP command: [%s]", cmd); } else if (!strcmp(cmd, "site")) { if ((sitearg = arg) != NULL) { while (*sitearg != 0 && !isspace((unsigned char) *sitearg)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/ftpd.c new/pure-ftpd-1.0.42/src/ftpd.c --- old/pure-ftpd-1.0.39/src/ftpd.c 2015-05-21 12:40:08.000000000 +0200 +++ new/pure-ftpd-1.0.42/src/ftpd.c 2015-07-09 20:05:24.000000000 +0200 @@ -335,6 +335,7 @@ client_fflush(); } if (len > replybuf_left) { + va_end(va); abort(); } memcpy(replybuf_pos, buf, len); @@ -624,6 +625,7 @@ char line[MAX_SYSLOG_LINE]; if (no_syslog != 0) { + va_end(va); return; } va_start(va, format); @@ -5420,6 +5422,13 @@ strerror(old_errno)); return; } +# ifdef TCP_FASTOPEN + { + int tfo = maxusers > 0U ? 3U + maxusers / 8U : DEFAULT_BACKLOG; + setsockopt(listenfd, IPPROTO_TCP, TCP_FASTOPEN, + (void *) &tfo, sizeof tfo); + } +# endif if (bind(listenfd, res->ai_addr, (socklen_t) res->ai_addrlen) != 0 || listen(listenfd, maxusers > 0U ? 3U + maxusers / 8U : DEFAULT_BACKLOG) != 0) { @@ -5443,6 +5452,13 @@ (void) setsockopt(listenfd6, IPPROTO_IPV6, IPV6_V6ONLY, (char *) &on, sizeof on); # endif +# ifdef TCP_FASTOPEN + { + int tfo = maxusers > 0U ? 3U + maxusers / 8U : DEFAULT_BACKLOG; + setsockopt(listenfd6, IPPROTO_TCP, TCP_FASTOPEN, + (void *) &tfo, sizeof tfo); + } +# endif if (bind(listenfd6, res6->ai_addr, (socklen_t) res6->ai_addrlen) != 0 || listen(listenfd6, maxusers > 0U ? @@ -5782,6 +5798,11 @@ } #endif #ifdef WITH_TLS + case '2': + if ((cert_file = strdup(optarg)) == NULL) { + die_mem(); + } + break; case 'Y': { if ((enforce_tls_auth = atoi(optarg)) < 0 || enforce_tls_auth > 3) { die(421, LOG_ERR, MSG_CONF_ERR ": TLS"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/ftpd_p.h new/pure-ftpd-1.0.42/src/ftpd_p.h --- old/pure-ftpd-1.0.39/src/ftpd_p.h 2015-02-17 19:12:45.000000000 +0100 +++ new/pure-ftpd-1.0.42/src/ftpd_p.h 2015-07-09 20:05:24.000000000 +0200 @@ -104,7 +104,7 @@ "y:" #endif #ifdef WITH_TLS - "Y:J:" + "2:Y:J:" #endif "zZ"; @@ -112,12 +112,15 @@ static struct option long_options[] = { { "notruncate", 0, NULL, '0' }, { "logpid", 0, NULL, '1' }, +# ifdef WITH_TLS + { "certfile", 1, NULL, '2' }, +# endif { "ipv4only", 0, NULL, '4' }, { "ipv6only", 0, NULL, '6' }, -#ifdef WITH_RFC2640 +# ifdef WITH_RFC2640 { "fscharset", 1, NULL, '8' }, { "clientcharset", 1, NULL, '9' }, -#endif +# endif { "chrooteveryone", 0, NULL, 'A' }, { "trustedgid", 1, NULL, 'a' }, { "brokenclientscompatibility", 0, NULL, 'b' }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/globals.h new/pure-ftpd-1.0.42/src/globals.h --- old/pure-ftpd-1.0.39/src/globals.h 2015-05-20 15:36:20.000000000 +0200 +++ new/pure-ftpd-1.0.42/src/globals.h 2015-07-09 20:05:24.000000000 +0200 @@ -166,6 +166,7 @@ GLOBAL(const char *tlsciphersuite, TLS_DEFAULT_CIPHER_SUITE); GLOBAL0(signed char ssl_disabled); GLOBAL0(signed char ssl_verify_client_cert); +GLOBAL(const char *cert_file, TLS_CERTIFICATE_FILE); #endif GLOBAL0(char *atomic_prefix); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/log_ldap.c new/pure-ftpd-1.0.42/src/log_ldap.c --- old/pure-ftpd-1.0.39/src/log_ldap.c 2015-05-21 15:45:55.000000000 +0200 +++ new/pure-ftpd-1.0.42/src/log_ldap.c 2015-07-26 16:45:36.000000000 +0200 @@ -441,7 +441,9 @@ goto error; } /* only force the uid if default_uid has been set */ - if (!force_default_uid && default_uid > 0) { + if (force_default_uid != 0 && default_uid > (uid_t) 0) { + pwret.pw_uid = default_uid; + } else { if ((pw_uid_s = pw_ldap_getvalue(ld, res, LDAP_FTPUID)) == NULL || *pw_uid_s == 0 || (pwret.pw_uid = (uid_t) strtoul(pw_uid_s, NULL, 10)) <= (uid_t) 0) { @@ -453,13 +455,13 @@ pwret.pw_uid = default_uid; } } - } else { - pwret.pw_uid = default_uid; } free((void *) pw_uid_s); pw_uid_s = NULL; /* only force the gid if default_gid has been set */ - if (!force_default_gid && default_uid > 0) { + if (force_default_gid != 0 && default_gid > (gid_t) 0) { + pwret.pw_gid = default_gid; + } else { if ((pw_gid_s = pw_ldap_getvalue(ld, res, LDAP_FTPGID)) == NULL || *pw_gid_s == 0 || (pwret.pw_gid = (gid_t) strtoul(pw_gid_s, NULL, 10)) <= (gid_t) 0) { @@ -471,8 +473,6 @@ pwret.pw_gid = default_gid; } } - } else { - pwret.pw_gid = default_gid; } free((void *) pw_gid_s); pw_gid_s = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/log_mysql.c new/pure-ftpd-1.0.42/src/log_mysql.c --- old/pure-ftpd-1.0.39/src/log_mysql.c 2015-05-21 12:52:57.000000000 +0200 +++ new/pure-ftpd-1.0.42/src/log_mysql.c 2015-07-09 20:05:24.000000000 +0200 @@ -8,6 +8,7 @@ # include "log_mysql.h" # include "messages.h" # include "crypto.h" +# include "crypto-sha1.h" # include "alt_arc4random.h" # include "utils.h" @@ -47,23 +48,28 @@ size_t from_len; size_t to_len; char *to; - unsigned long tolen; + unsigned long escaped_len; unsigned int t; - unsigned char t1, t2; + unsigned char t1, t2, t3, t4; if (from == NULL) { return NULL; } from_len = strlen(from); to_len = from_len * 2U + (size_t) 1U; - if ((to = malloc(to_len + (size_t) 2U)) == NULL) { + if ((to = malloc(to_len + (size_t) 4U)) == NULL) { return NULL; } t = zrand(); t1 = t & 0xff; t2 = (t >> 8) & 0xff; + t = zrand(); + t3 = t & 0xff; + t4 = (t >> 8) & 0xff; to[to_len] = (char) t1; to[to_len + 1] = (char) t2; + to[to_len + 2] = (char) t3; + to[to_len + 3] = (char) t4; /* * I really hate giving a buffer without any size to a 3rd party function. * The "to" buffer is allocated on the heap, not on the stack, if @@ -73,20 +79,17 @@ * possible instead of doing anything with the heap. We'll end up with * a segmentation violation, but without any possible exploit. */ -#ifdef HAVE_MYSQL_REAL_ESCAPE_STRING - tolen = mysql_real_escape_string(id_sql_server, to, from, from_len); -#else - /* MySQL 3 is obsolete. */ - tolen = mysql_escape_string(to, from, from_len); -#endif - if (tolen >= to_len || + escaped_len = mysql_real_escape_string(id_sql_server, to, from, from_len); + if (escaped_len >= to_len || (unsigned char) to[to_len] != t1 || - (unsigned char) to[to_len + 1] != t2) { + (unsigned char) to[to_len + 1] != t2 || + (unsigned char) to[to_len + 2] != t3 || + (unsigned char) to[to_len + 3] != t4) { for (;;) { *to++ = 0; } } - to[tolen] = 0; + to[escaped_len] = 0; return to; } @@ -455,31 +458,35 @@ } } if (crypto_mysql != 0) { -#if MYSQL_VERSION_ID < 40100 || defined(USE_OLD_MYSQL_SCRAMBLING) - unsigned long hash_res[2]; - char scrambled_password[MYSQL_CRYPT_LEN]; - -# if MYSQL_VERSION_ID < 40100 - hash_password(hash_res, password); -# else - hash_password(hash_res, password, strlen(password)); -# endif - snprintf(scrambled_password, sizeof scrambled_password, "%08lx%08lx", - hash_res[0], hash_res[1]); -#else char scrambled_password[42]; /* 2 * 20 (sha1 hash size) + 2 */ -# if MYSQL_VERSION_ID >= 40100 && MYSQL_VERSION_ID < 40101 - make_scrambled_password(scrambled_password, password, 1, NULL); -# else -# ifdef HAVE_MY_MAKE_SCRAMBLED_PASSWORD +# ifdef HAVE_MY_MAKE_SCRAMBLED_PASSWORD my_make_scrambled_password(scrambled_password, password, strlen(password)); -# else +# elif defined(HAVE_MAKE_SCRAMBLED_PASSWORD) make_scrambled_password(scrambled_password, password); -# endif +# else + { + SHA1_CTX ctx; + unsigned char h0[20], h1[20]; + char *p; + + SHA1Init(&ctx); + SHA1Update(&ctx, password, strlen(password)); + SHA1Final(h0, &ctx); + SHA1Init(&ctx); + SHA1Update(&ctx, h0, sizeof h0); + pure_memzero(h0, sizeof h0); + SHA1Final(h1, &ctx); + *scrambled_password = '*'; + hexify(scrambled_password + 1U, h1, + (sizeof scrambled_password) - 1U, sizeof h1); + *(p = scrambled_password) = '*'; + while (*p++ != 0) { + *p = (char) toupper((unsigned char) *p); + } + } # endif -#endif if (pure_strcmp(scrambled_password, spwd) == 0) { goto auth_ok; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/ls.c new/pure-ftpd-1.0.42/src/ls.c --- old/pure-ftpd-1.0.39/src/ls.c 2015-02-22 13:23:59.000000000 +0100 +++ new/pure-ftpd-1.0.42/src/ls.c 2015-06-14 00:11:14.000000000 +0200 @@ -924,6 +924,7 @@ /* Expand ~ here if needed */ alarm(GLOB_TIMEOUT); + memset(&g, 0, sizeof g); a = sglob(arg, opt_a ? (GLOB_PERIOD | GLOB_LIMIT) : GLOB_LIMIT, NULL, &g, max_ls_files + 2, max_ls_depth * 2); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/tls.c new/pure-ftpd-1.0.42/src/tls.c --- old/pure-ftpd-1.0.39/src/tls.c 2015-05-28 17:04:12.000000000 +0200 +++ new/pure-ftpd-1.0.42/src/tls.c 2015-07-26 17:30:24.000000000 +0200 @@ -25,12 +25,11 @@ # endif /* - * Unfortunately disabled by default, because it looks like a lot of clients - * don't support this properly yet. - * Feel free to enable it if none of your customers complains. + * Enabled by default since pure-ftpd 1.0.42, except in broken clients + * compatibility mode. */ # ifndef ONLY_ACCEPT_REUSED_SSL_SESSIONS -# define ONLY_ACCEPT_REUSED_SSL_SESSIONS 0 +# define ONLY_ACCEPT_REUSED_SSL_SESSIONS 1 # endif static void tls_error(const int line, int err) @@ -40,8 +39,7 @@ } if (err != 0) { logfile(LOG_ERR, "TLS [%s](%d): %s", - TLS_CERTIFICATE_FILE, line, - ERR_error_string(err, NULL)); + cert_file, line, ERR_error_string(err, NULL)); } _EXIT(EXIT_FAILURE); } @@ -224,12 +222,11 @@ _EXIT(EXIT_FAILURE); } } - if (SSL_CTX_use_certificate_chain_file(tls_ctx, - TLS_CERTIFICATE_FILE) != 1) { + if (SSL_CTX_use_certificate_chain_file(tls_ctx, cert_file) != 1) { die(421, LOG_ERR, - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE); + MSG_FILE_DOESNT_EXIST ": [%s]", cert_file); } - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE, + if (SSL_CTX_use_PrivateKey_file(tls_ctx, cert_file, SSL_FILETYPE_PEM) != 1) { tls_error(__LINE__, 0); } @@ -258,8 +255,7 @@ if (ssl_verify_client_cert) { SSL_CTX_set_verify(tls_ctx, SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER, NULL); - if (SSL_CTX_load_verify_locations(tls_ctx, - TLS_CERTIFICATE_FILE, NULL) != 1) { + if (SSL_CTX_load_verify_locations(tls_ctx, cert_file, NULL) != 1) { tls_error(__LINE__, 0); } } @@ -354,7 +350,7 @@ break; } # if ONLY_ACCEPT_REUSED_SSL_SESSIONS - if (SSL_session_reused(tls_data_cnx) == 0) { + if (broken_client_compat == 0 && SSL_session_reused(tls_data_cnx) == 0) { tls_error(__LINE__, 0); } # endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/tls.h new/pure-ftpd-1.0.42/src/tls.h --- old/pure-ftpd-1.0.39/src/tls.h 2015-05-31 16:43:23.000000000 +0200 +++ new/pure-ftpd-1.0.42/src/tls.h 2015-07-09 20:05:24.000000000 +0200 @@ -6,7 +6,9 @@ # include <openssl/ssl.h> # include <openssl/err.h> # include <openssl/rand.h> -# include <openssl/ec.h> +# ifdef HAVE_OPENSSL_EC_H +# include <openssl/ec.h> +# endif int tls_init_library(void); void tls_free_library(void); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/utils.c new/pure-ftpd-1.0.42/src/utils.c --- old/pure-ftpd-1.0.39/src/utils.c 2015-05-21 22:00:09.000000000 +0200 +++ new/pure-ftpd-1.0.42/src/utils.c 2015-07-09 20:05:24.000000000 +0200 @@ -25,8 +25,8 @@ while (i < len) { pnt_[i++] = 0U; } -} # endif +} int pure_memcmp(const void * const b1_, const void * const b2_, size_t len) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-ftpd-1.0.39/src/utils.h new/pure-ftpd-1.0.42/src/utils.h --- old/pure-ftpd-1.0.39/src/utils.h 2015-05-21 22:00:14.000000000 +0200 +++ new/pure-ftpd-1.0.42/src/utils.h 2015-06-14 00:11:14.000000000 +0200 @@ -8,7 +8,7 @@ #else void pure_memzero(void * const pnt, const size_t len); int pure_memcmp(const void * const b1_, const void * const b2_, size_t len); -int pure_strcmp(const char * const s1, const char * const s2); #endif +int pure_strcmp(const char * const s1, const char * const s2); #endif
