Home | History | Annotate | Download | only in ftpd
History log of /src/libexec/ftpd/Makefile
RevisionDateAuthorComments
 1.70  25-Nov-2023  prlw1 ftpd: deduplicate gcc warning avoidance
OK lukem@
 1.69  03-Jun-2023  lukem bsd.own.mk: rename GCC_NO_* to CC_WNO_*

Rename compiler-warning-disable variables from
GCC_NO_warning
to
CC_WNO_warning
where warning is the full warning name as used by the compiler.

GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH

Using the convention CC_compilerflag, where compilerflag
is based on the full compiler flag name.
 1.68  15-Jun-2020  christos Rename blacklist -> blocklist
 1.67  15-Oct-2019  christos use strncpy...
 1.66  13-Oct-2019  mrg introduce some common variables for use in GCC warning disables:

GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)

use these to turn off warnings for most GCC-8 complaints. many
of these are false positives, most of the real bugs are already
commited, or are yet to come.


we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
 1.65  25-Feb-2018  mrg branches: 1.65.4;
add LIBKRB5_LDADD/LIBKRB5_DPADD and their static counterparts
to bsd.prog.mk. use them instead of hard coding various lists
of libraries for krb5.

this fixes static builds.
 1.64  25-Jan-2015  christos blacklist hooks
 1.63  14-Aug-2011  christos branches: 1.63.20;
remove gcc-4.5 hack
 1.62  22-Jun-2011  mrg apply some -Wno-error and/or -fno-strict-aliasing.


all of this should be looked at closer, but some of them are not
very trivial.
 1.61  24-Apr-2011  elric We no longer need -I/usr/include/krb5.
 1.60  15-Mar-2009  lukem Fix WARNS=4 issues (const & sign mismatches, etc)
Ensure various ftpd.conf values can't exceed their underlying types.
 1.59  16-Sep-2008  lukem branches: 1.59.6;
Support building with -DNO_INTERNAL_LS
 1.58  27-Mar-2008  lukem branches: 1.58.4;
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.

This is independent of (and effectively exclusive to) USE_SKEY support.

Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.
 1.57  14-Dec-2006  he Complete the move of string_to_flags() and flags_to_string() from the
bin/ls sources to libutil:
o Bump libutil minor version number
o Fix uses to include <util.h> to pick up the function definitions
o Fix most uses of flags_to_string() to release the now-malloc()ed result
 1.56  23-Mar-2006  wiz branches: 1.56.4; 1.56.8;
Remove more references to kerberosIV.
 1.55  09-Mar-2005  christos Add -lcrypt where -lcrypto is specified.
 1.54  04-Mar-2005  he Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications. The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.

Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.

Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.

Discussed with thorpej and christos.
 1.53  20-Feb-2005  christos Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined,
then we don't fall back to other authentications even if PAM fails due
to a system error (e.g. configuration problem).
 1.52  10-Jan-2005  lukem Only compile in IPv6 support if ${USE_INET6} != "no"

MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
 1.51  23-Jul-2003  itojun split MKKERBEROS4 from MKKERBEROS. based on work by lha at stacken.kth.se
(build confirmed with both MKKERBEROS4=yes and MKKERBEROS4=no)
 1.50  18-Sep-2002  lukem use bsd.own.mk instead of the (obvious typo of) bsd.obj.mk
 1.49  22-Aug-2002  christos enable utmpx support. this doesn't work correctly for chrooted ftpd's, but
I am leaving it to luke to fix.
 1.48  20-Aug-2002  christos Disable UTMPX support for now, because ftpd might chroot and we need
to keep files open.
 1.47  19-Aug-2002  lukem Use ${NETBSDSRCDIR}/some/path instead of ${.CURDIR}/../../some/path
 1.46  22-Mar-2002  thorpej branches: 1.46.2;
Split the notion of building Hesiod, Kerberos, S/key, and YP
infrastructure and using that infrastructure in programs.

* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
of the infratsructure (libraries, support programs, etc.)

* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
building of support for using the corresponding API
in various libraries/programs that can use it.

As discussed on tech-toolchain.
 1.45  01-Dec-2001  lukem - enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5)
- enable WARNS=2
 1.44  30-Nov-2000  lukem - move password checking into separate valid_passwd() function, to assist
in porting to other systems.
- don't syslog() or setproctitle() "ACCT" lines (as per "PASS")
- replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the
latter #ifdef BSD4_4
- don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile
support if this is to be used on NetBSD.
 1.43  03-Jul-2000  matt Make things builds with GCC 2.96
 1.42  20-Jun-2000  thorpej branches: 1.42.2;
Merge a bunch of things from crypto-us and crypto-intl into basesrc,
adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate
bsd.crypto.mk.

There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
 1.41  14-Jun-2000  lukem major overhaul (just before netbsd 1.5 :-):

* implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD.
we already supported SIZE and MDTM. add the appropriate FEAT output lines.

* migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c

* make dataconn(), feat(), lookup(), opts() and sizecmd() public

* modify struct tab so that it has a `flags' instead of `implemented' element,
and remove the `hasopts' element. If flags == 1, the command is implemented.
if flags == 2, the command is implemented and takes options

* add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..")

* modify lreply() so that lreply(-2, ...) just outputs the given info without
a prefix or trailing \r\n. this saves doing b = printf(); total_* += b;

* enhance statcmd(). still needs work in the LPRT status stuff.

* crank version
 1.40  05-Mar-2000  lukem branches: 1.40.2;
* don't bother with a version[] string, just use the macro as appropriate
* clean some more of the GLOBAL stuff
* fix unused var if -UHASSETPROCTITLE
 1.39  18-Dec-1999  lukem * move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit

The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1
 1.38  16-Dec-1999  lukem install ftpusers(5) as ftpchroot(5). more cleanups
 1.37  16-Dec-1999  lukem separate ftpd.conf(5) and ftpusers(5) out from ftpd(8).

xxx: still needs a bit of work
 1.36  07-Dec-1999  lukem * change ftpd_popen() to take char *argv[] instead of char *cmd.
the string tokenisation must be performed by the caller (which is
generally easy because it's almost always a static command).
* change do_conversion() to return a char *argv[] instead of char *cmd.
tokenisation of the command is done internally.
* change retrieve() to take char *argv[] instead of char *cmd.
(to take advantage of the above changes). fixes [bin/8173]
* use fparseln() instead of fgetln()
* store conversions in listed order (rather than reverse order)
* use stringlists instead of handrolling code to manage an argv.
 1.35  20-Jul-1999  mrg branches: 1.35.4;
optionally include CRYPTOPATH Makefile.frag files.
 1.34  12-Jul-1999  thorpej Use bsd.crypto.mk.
 1.33  02-Jul-1999  itojun dual-stack ftpd. run this from inetd, like:
>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
 1.32  26-Jun-1999  danw Remove the .ifdef to compile without optimization on powerpc since the
bug that it was working around doesn't seem to exist in egcs
 1.31  17-May-1999  lukem features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
summary is displayed upon exit (and syslogged). inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
should remove the majority of the `hanging ftpd' problems that
people were still seeing. inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
chroot()ed area for `LIST' to work. based on [bin/4497] from
"Soren S. Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.

internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
means ``send line with 4 space prefix''. don't print a space after
the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
for more flexible error reporting
 1.30  18-Feb-1999  scottr Remove the crypto-related bits until such time as we have a fully-
integrated source tree. Export-controlled versions of these are now
built during the domestic build process.
 1.29  28-Dec-1998  lukem * replace LOG(CMD|BYTES) macros with logcmd(), which is a cleaner
solution with less code replication. use realpath() in logcmd() so
that all logged filenames are sane.
* support `REST STREAM' in `FEAT' reply (from draft-ietf-ftpext-mlst-05)
* in 'HELP', suffix unimplemented commands with `-' instead of `*'; the
former is easier to differentiate from `+'.
* deprecate curdir() now that logcmd() doesn't use it.
* ensure all filename buffers are at least MAXPATHLEN+1 in size.
* move jmp_buf errcatch out of extern.h, removing need to #include <setjmp.h>
in every file.
 1.28  06-Sep-1998  lukem * complete fix for `multiple replies returned for single parse error'
problem; move `hasyyerrored' state flag out of yylex() so that
check_{login,modify} can also set it.
* check result of check_login for PORT command
* set initial timeout before the "setjmp(); for(;;) yyparse()",
otherwise an invalid command after login incorrectly sets the timeout
to 5 minutes (rather than what was set in ftpd.conf)
* replace (char *)0 with NULL
* move yyerror() from ftpd.c to ftpcmd.y
* remove need for -Dunix, by using the version string from ftpd.c
(instead of `BSD-199506')
* move all extern-ed vars into extern.h
 1.27  13-Apr-1998  lukem fix disabling of optimization on powerpc (set COPTS *after* <bsd.prog.mk>...)
 1.26  09-Apr-1998  tv .y.c <sys.mk> rule fixes. Don't create a y.tab.h file unless asked for,
and use smarter creation of the header file.
 1.25  11-Nov-1997  mrg add a "checkportcmd <class>" option that stops ftp bounce attacks.
 1.24  12-Oct-1997  mycroft branches: 1.24.2;
SRCS must be defined *before* bsd.prog.mk is included...
 1.23  12-Oct-1997  mycroft Add some krb5 hooks, though it probably doesn't work yet.
 1.22  12-Oct-1997  mycroft Oops; fix typo.
 1.21  12-Oct-1997  mycroft Conditionalize s/key support.
 1.20  08-Oct-1997  mrg merge lite-2 Makefiles (rcsids), and turn on WARNS for all of libexec.
 1.19  01-Jul-1997  christos Add WARNS=1
 1.18  18-Jun-1997  christos - Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
 1.17  14-Jun-1997  lukem * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
 1.16  27-Apr-1997  lukem * fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au>
* move resetting of CFLAGS on powerpc to before optional CFLAGS settings
* minor code & man page cleanups
 1.15  19-Apr-1997  thorpej Don't compile this with -O on the PowerPC - cc1 cores.
 1.14  30-Mar-1997  cjs Changes to make anonymous uploads more secure. For anonymous users:
* Set umask to 707;
* Disable UMASK, CHMOD, DELE, RMD and MKD commands.
Compile-time options let you change that umask and go back to the
old, insecure way if you like.
 1.13  16-Feb-1996  cgd add -Dunix to CFLAGS
 1.12  11-Apr-1995  cgd clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
 1.11  22-Dec-1994  cgd specify man pages the new way.
 1.10  25-Jul-1994  brezak As long as KERBEROS is here at least let it compile cleanly...
 1.9  29-Jun-1994  deraadt branches: 1.9.2;
4.4-lite, plus our local changes
 1.8  24-May-1994  deraadt add skey support
 1.7  14-Apr-1994  cgd use setproctitle
 1.6  30-Mar-1994  cgd some changes to make Kerberos a bit easier to use. from
Michael Graff <explorer@vorpal.com>, with some work by myself...
 1.5  07-Oct-1993  cgd always use libcrypt
 1.4  01-Aug-1993  mycroft Add RCS identifiers.
 1.3  26-Apr-1993  cgd changed to use new libcrypt scheme.
 1.2  22-Mar-1993  cgd added support for using real crypt
 1.1  21-Mar-1993  cgd branches: 1.1.1;
Initial revision
 1.1.1.2  29-Mar-1997  cjs Lite-1 Import.
 1.1.1.1  21-Mar-1993  cgd initial import of 386bsd-0.1 sources
 1.9.2.1  19-Aug-1994  mycroft update from trunk
 1.24.2.1  11-Nov-1997  mrg pull up from trunk: add a "checkportcmd <class>" option that stops ftp bounce attacks.
 1.35.4.1  27-Dec-1999  wrstuden Pull up to last week's -current.
 1.40.2.1  22-Jun-2000  minoura Sync w/ netbsd-1-5-base.
 1.42.2.3  26-Aug-2004  jmc Pullup rev 1.45-1.51 + patch (requested by he in ticket #158)

Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
 1.42.2.2  29-Mar-2001  lukem sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28

a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
 1.42.2.1  20-Jun-2000  lukem file Makefile was added on branch netbsd-1-5 on 2001-03-29 14:14:16 +0000
 1.46.2.1  31-Aug-2004  jmc Pullup rev 1.47-1.51 + patch (requested by he in ticket #1739)

Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
 1.56.8.1  18-Sep-2008  bouyer Pull up following revision(s) (requested by lukem in ticket #1201):
libexec/ftpd/ftpd.c: revision 1.183
libexec/ftpd/Makefile: revision 1.58
libexec/ftpd/version.h: revision 1.66
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.
This is independent of (and effectively exclusive to) USE_SKEY support.
Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.
 1.56.4.1  18-Sep-2008  bouyer Pull up following revision(s) (requested by lukem in ticket #1201):
libexec/ftpd/ftpd.c: revision 1.183
libexec/ftpd/Makefile: revision 1.58
libexec/ftpd/version.h: revision 1.66
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.
This is independent of (and effectively exclusive to) USE_SKEY support.
Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.
 1.58.4.1  24-Sep-2008  wrstuden Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
 1.59.6.1  13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.63.20.1  30-Apr-2015  riz Pull up blacklistd(8), requested by christos in ticket #711:
crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2
crypto/external/bsd/openssh/dist/kexc25519.c up to 1.3
crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3
crypto/external/bsd/openssh/dist/bitmap.c up to 1.2 plus patch
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1
crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.1
crypto/external/bsd/openssh/dist/blf.h up to 1.1
crypto/external/bsd/openssh/dist/blocks.c up to 1.3
crypto/external/bsd/openssh/dist/blowfish.c up to 1.2
crypto/external/bsd/openssh/dist/chacha.c up to 1.3
crypto/external/bsd/openssh/dist/chacha.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3
crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/crypto_api.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/digest-libc.c up to 1.3
crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3
crypto/external/bsd/openssh/dist/digest.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ge25519.c up to 1.3
crypto/external/bsd/openssh/dist/ge25519.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1
crypto/external/bsd/openssh/dist/hash.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/kexc25519c.c up to 1.3
crypto/external/bsd/openssh/dist/kexc25519s.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/rijndael.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/rijndael.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/sc25519.c up to 1.3
crypto/external/bsd/openssh/dist/sc25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.h up to 1.4
crypto/external/bsd/openssh/dist/ssherr.c up to 1.3
crypto/external/bsd/openssh/dist/ssherr.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshkey.c up to 1.3
crypto/external/bsd/openssh/dist/sshkey.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/verify.c up to 1.3
crypto/external/bsd/openssh/dist/opacket.c up to 1.2
crypto/external/bsd/openssh/dist/umac128.c up to 1.1
crypto/external/bsd/openssh/dist/pfilter.c up to 1.2
crypto/external/bsd/openssh/dist/pfilter.h up to 1.1
crypto/external/bsd/openssh/dist/bitmap.h up to 1.2
crypto/external/bsd/openssh/dist/opacket.h up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.c up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.h up to 1.2
crypto/external/bsd/openssh/dist/auth2-jpake.c delete
crypto/external/bsd/openssh/dist/compress.c delete
crypto/external/bsd/openssh/dist/compress.h delete
crypto/external/bsd/openssh/dist/jpake.c delete
crypto/external/bsd/openssh/dist/jpake.h delete
crypto/external/bsd/openssh/dist/schnorr.c delete
crypto/external/bsd/openssh/dist/schnorr.h delete
crypto/external/bsd/openssh/dist/strtonum.c 1.1
crypto/external/bsd/openssh/Makefile.inc up to 1.8
crypto/external/bsd/openssh/bin/Makefile.inc up to 1.3
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2
crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.12
crypto/external/bsd/openssh/dist/PROTOCOL up to 1.5
crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.2
crypto/external/bsd/openssh/dist/addrmatch.c up to 1.8
crypto/external/bsd/openssh/dist/atomicio.c up to 1.6
crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4
crypto/external/bsd/openssh/dist/auth-chall.c up to 1.6
crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.7
crypto/external/bsd/openssh/dist/auth-options.c up to 1.9
crypto/external/bsd/openssh/dist/auth-options.h up to 1.6
crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.4
crypto/external/bsd/openssh/dist/auth-rh-rsa.c up to 1.6
crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.5
crypto/external/bsd/openssh/dist/auth-rsa.c up to 1.10
crypto/external/bsd/openssh/dist/auth.c up to 1.12
crypto/external/bsd/openssh/dist/auth.h up to 1.10
crypto/external/bsd/openssh/dist/auth1.c up to 1.11
crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.8
crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.4
crypto/external/bsd/openssh/dist/auth2-none.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11
crypto/external/bsd/openssh/dist/auth2.c up to 1.11
crypto/external/bsd/openssh/dist/authfd.c up to 1.8
crypto/external/bsd/openssh/dist/authfd.h up to 1.5
crypto/external/bsd/openssh/dist/authfile.c up to 1.10
crypto/external/bsd/openssh/dist/authfile.h up to 1.6
crypto/external/bsd/openssh/dist/bufaux.c up to 1.7
crypto/external/bsd/openssh/dist/bufbn.c up to 1.5
crypto/external/bsd/openssh/dist/bufec.c up to 1.5
crypto/external/bsd/openssh/dist/buffer.c up to 1.6
crypto/external/bsd/openssh/dist/buffer.h up to 1.7
crypto/external/bsd/openssh/dist/canohost.c up to 1.8
crypto/external/bsd/openssh/dist/channels.c up to 1.13
crypto/external/bsd/openssh/dist/channels.h up to 1.10
crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7
crypto/external/bsd/openssh/dist/cipher-bf1.c up to 1.6
crypto/external/bsd/openssh/dist/cipher.c up to 1.7
crypto/external/bsd/openssh/dist/cipher.h up to 1.7
crypto/external/bsd/openssh/dist/clientloop.c up to 1.13
crypto/external/bsd/openssh/dist/compat.c up to 1.9
crypto/external/bsd/openssh/dist/compat.h up to 1.6
crypto/external/bsd/openssh/dist/deattack.c up to 1.4
crypto/external/bsd/openssh/dist/deattack.h up to 1.4
crypto/external/bsd/openssh/dist/dh.c up to 1.8
crypto/external/bsd/openssh/dist/dh.h up to 1.4
crypto/external/bsd/openssh/dist/dispatch.c up to 1.5
crypto/external/bsd/openssh/dist/dispatch.h up to 1.4
crypto/external/bsd/openssh/dist/dns.c up to 1.11
crypto/external/bsd/openssh/dist/dns.h up to 1.6
crypto/external/bsd/openssh/dist/groupaccess.c up to 1.5
crypto/external/bsd/openssh/dist/gss-genr.c up to 1.7
crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8
crypto/external/bsd/openssh/dist/gss-serv.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.h up to 1.7
crypto/external/bsd/openssh/dist/includes.h up to 1.4
crypto/external/bsd/openssh/dist/kex.c up to 1.10
crypto/external/bsd/openssh/dist/kex.h up to 1.9
crypto/external/bsd/openssh/dist/kexdh.c up to 1.4
crypto/external/bsd/openssh/dist/kexdhc.c up to 1.6
crypto/external/bsd/openssh/dist/kexdhs.c up to 1.8
crypto/external/bsd/openssh/dist/kexecdh.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhc.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhs.c up to 1.5
crypto/external/bsd/openssh/dist/kexgex.c up to 1.4
crypto/external/bsd/openssh/dist/kexgexc.c up to 1.6
crypto/external/bsd/openssh/dist/kexgexs.c up to 1.8
crypto/external/bsd/openssh/dist/key.c up to 1.16
crypto/external/bsd/openssh/dist/key.h up to 1.9
crypto/external/bsd/openssh/dist/krl.c up to 1.5
crypto/external/bsd/openssh/dist/krl.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/mac.c up to 1.11
crypto/external/bsd/openssh/dist/mac.h up to 1.5
crypto/external/bsd/openssh/dist/match.c up to 1.5
crypto/external/bsd/openssh/dist/misc.c up to 1.10
crypto/external/bsd/openssh/dist/misc.h up to 1.9 plus patch
crypto/external/bsd/openssh/dist/moduli.c up to 1.8
crypto/external/bsd/openssh/dist/monitor.c up to 1.14
crypto/external/bsd/openssh/dist/monitor.h up to 1.7
crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5
crypto/external/bsd/openssh/dist/monitor_mm.c up to 1.6
crypto/external/bsd/openssh/dist/monitor_mm.h up to 1.4
crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11
crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8
crypto/external/bsd/openssh/dist/msg.c up to 1.4
crypto/external/bsd/openssh/dist/msg.h up to 1.4
crypto/external/bsd/openssh/dist/mux.c up to 1.11
crypto/external/bsd/openssh/dist/myproposal.h up to 1.10
crypto/external/bsd/openssh/dist/namespace.h up to 1.5
crypto/external/bsd/openssh/dist/packet.c up to 1.18
crypto/external/bsd/openssh/dist/packet.h up to 1.11
crypto/external/bsd/openssh/dist/pathnames.h up to 1.9
crypto/external/bsd/openssh/dist/pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7
crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4
crypto/external/bsd/openssh/dist/reallocarray.c new
crypto/external/bsd/openssh/dist/readconf.c up to 1.13
crypto/external/bsd/openssh/dist/readconf.h up to 1.12
crypto/external/bsd/openssh/dist/readpass.c up to 1.6
crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7
crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9
crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4
crypto/external/bsd/openssh/dist/rsa.c up to 1.5
crypto/external/bsd/openssh/dist/rsa.h up to 1.4
crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5
crypto/external/bsd/openssh/dist/scp.1 up to 1.9
crypto/external/bsd/openssh/dist/scp.c up to 1.11
crypto/external/bsd/openssh/dist/servconf.c up to 1.17
crypto/external/bsd/openssh/dist/servconf.h up to 1.11
crypto/external/bsd/openssh/dist/serverloop.c up to 1.12
crypto/external/bsd/openssh/dist/session.c up to 1.14
crypto/external/bsd/openssh/dist/session.h up to 1.4
crypto/external/bsd/openssh/dist/sftp-client.c up to 1.13
crypto/external/bsd/openssh/dist/sftp-client.h up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.c up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.h up to 1.5
crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.8
crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.9
crypto/external/bsd/openssh/dist/sftp-server.c up to 1.11
crypto/external/bsd/openssh/dist/sftp.1 up to 1.11
crypto/external/bsd/openssh/dist/sftp.c up to 1.15
crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.9
crypto/external/bsd/openssh/dist/ssh-add.c up to 1.10
crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.8
crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.14
crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.5
crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.13
crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.16
crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.10
crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.13
crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.9
crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.7
crypto/external/bsd/openssh/dist/ssh.1 up to 1.14
crypto/external/bsd/openssh/dist/ssh.c up to 1.16
crypto/external/bsd/openssh/dist/ssh2.h up to 1.6
crypto/external/bsd/openssh/dist/ssh_config up to 1.8
crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.13
crypto/external/bsd/openssh/dist/sshconnect.c up to 1.11
crypto/external/bsd/openssh/dist/sshconnect.h up to 1.6
crypto/external/bsd/openssh/dist/sshconnect1.c up to 1.6
crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.19
crypto/external/bsd/openssh/dist/sshd.8 up to 1.13
crypto/external/bsd/openssh/dist/sshd.c up to 1.18
crypto/external/bsd/openssh/dist/sshd_config up to 1.13
crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.17
crypto/external/bsd/openssh/dist/sshlogin.c up to 1.6
crypto/external/bsd/openssh/dist/sshpty.c up to 1.4
crypto/external/bsd/openssh/dist/uidswap.c up to 1.4
crypto/external/bsd/openssh/dist/umac.c up to 1.9
crypto/external/bsd/openssh/dist/version.h up to 1.14
crypto/external/bsd/openssh/dist/xmalloc.c up to 1.5
crypto/external/bsd/openssh/lib/Makefile up to 1.17 plus patch
crypto/external/bsd/openssh/lib/shlib_version up to 1.13
distrib/sets/lists/base/ad.aarch64 patch
distrib/sets/lists/base/ad.arm patch
distrib/sets/lists/base/ad.mips patch
distrib/sets/lists/base/ad.powerpc patch
distrib/sets/lists/base/md.amd64 patch
distrib/sets/lists/base/md.sparc64 patch
distrib/sets/lists/base/mi patch
distrib/sets/lists/base/shl.mi patch
distrib/sets/lists/comp/ad.aarch64 patch
distrib/sets/lists/comp/ad.arm patch
distrib/sets/lists/comp/ad.mips patch
distrib/sets/lists/comp/ad.powerpc patch
distrib/sets/lists/comp/md.amd64 patch
distrib/sets/lists/comp/md.sparc64 patch
distrib/sets/lists/comp/mi patch
distrib/sets/lists/comp/shl.mi patch
distrib/sets/lists/debug/ad.aarch64 patch
distrib/sets/lists/debug/ad.arm patch
distrib/sets/lists/debug/ad.mips patch
distrib/sets/lists/debug/ad.powerpc patch
distrib/sets/lists/debug/md.amd64 patch
distrib/sets/lists/debug/md.sparc64 patch
distrib/sets/lists/debug/shl.mi patch
distrib/sets/lists/etc/mi patch
distrib/sets/lists/man/mi patch
etc/defaults/rc.conf 1.130
etc/mtree/NetBSD.dist.base 1.142
external/bsd/Makefile up to 1.48
external/bsd/blacklist/bin/Makefile up to 1.11 plus patch
external/bsd/blacklist/bin/blacklistctl.8 up to 1.6
external/bsd/blacklist/bin/blacklistctl.c up to 1.17
external/bsd/blacklist/bin/blacklistd.8 up to 1.10
external/bsd/blacklist/bin/blacklistd.c up to 1.32
external/bsd/blacklist/bin/blacklistd.conf.5 up to 1.2
external/bsd/blacklist/bin/conf.c up to 1.18
external/bsd/blacklist/bin/conf.h up to 1.6
external/bsd/blacklist/bin/internal.c up to 1.5
external/bsd/blacklist/bin/internal.h up to 1.12
external/bsd/blacklist/bin/run.c up to 1.12
external/bsd/blacklist/bin/run.h up to 1.5
external/bsd/blacklist/bin/state.c up to 1.15
external/bsd/blacklist/bin/state.h up to 1.5
external/bsd/blacklist/bin/support.c up to 1.6
external/bsd/blacklist/bin/support.h up to 1.5
external/bsd/blacklist/etc/rc.d/Makefile up to 1.1
external/bsd/blacklist/etc/rc.d/blacklistd up to 1.1
external/bsd/blacklist/etc/Makefile up to 1.3
external/bsd/blacklist/etc/blacklistd.conf up to 1.3
external/bsd/blacklist/etc/npf.conf up to 1.1
external/bsd/blacklist/Makefile up to 1.2
external/bsd/blacklist/Makefile.inc up to 1.3
external/bsd/blacklist/README up to 1.7
external/bsd/blacklist/TODO up to 1.7
external/bsd/blacklist/diff/ftpd.diff up to 1.1
external/bsd/blacklist/diff/named.diff up to 1.6
external/bsd/blacklist/diff/ssh.diff up to 1.6
external/bsd/blacklist/include/Makefile up to 1.1
external/bsd/blacklist/include/bl.h up to 1.12
external/bsd/blacklist/include/blacklist.h up to 1.3
external/bsd/blacklist/include/config.h new
external/bsd/blacklist/lib/Makefile up to 1.3
external/bsd/blacklist/lib/bl.c up to 1.24
external/bsd/blacklist/lib/blacklist.c up to 1.5
external/bsd/blacklist/lib/libblacklist.3 up to 1.3
external/bsd/blacklist/lib/shlib_version up to 1.1
external/bsd/blacklist/libexec/Makefile up to 1.1
external/bsd/blacklist/libexec/blacklistd-helper up to 1.4
external/bsd/blacklist/port/m4/.cvsignore up to 1.1
external/bsd/blacklist/port/Makefile.am up to 1.4
external/bsd/blacklist/port/_strtoi.h up to 1.1
external/bsd/blacklist/port/clock_gettime.c up to 1.2
external/bsd/blacklist/port/configure.ac up to 1.7
external/bsd/blacklist/port/fgetln.c up to 1.1
external/bsd/blacklist/port/fparseln.c up to 1.1
external/bsd/blacklist/port/getprogname.c up to 1.4
external/bsd/blacklist/port/pidfile.c up to 1.1
external/bsd/blacklist/port/popenve.c up to 1.2
external/bsd/blacklist/port/port.h up to 1.6
external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9
external/bsd/blacklist/port/strlcat.c up to 1.2
external/bsd/blacklist/port/strlcpy.c up to 1.2
external/bsd/blacklist/port/strtoi.c up to 1.3
external/bsd/blacklist/test/Makefile up to 1.2
external/bsd/blacklist/test/cltest.c up to 1.6
external/bsd/blacklist/test/srvtest.c up to 1.9
lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.23
libexec/ftpd/pfilter.c up to 1.1
libexec/ftpd/pfilter.h up to 1.1
libexec/ftpd/Makefile up to 1.64
libexec/ftpd/ftpd.c up to 1.201

Add blacklistd(8), a daemon to block and release network ports
on demand to mitigate abuse, and related changes to system daemons
to support it.
[christos, ticket #711]
 1.65.4.1  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411

RSS XML Feed