Module Name: othersrc Committed By: lukem Date: Tue Jan 29 23:14:48 UTC 2019
Modified Files: othersrc/libexec/tnftpd: ChangeLog Log Message: changes so far this year To generate a diff of this commit: cvs rdiff -u -r1.60 -r1.61 othersrc/libexec/tnftpd/ChangeLog Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: othersrc/libexec/tnftpd/ChangeLog diff -u othersrc/libexec/tnftpd/ChangeLog:1.60 othersrc/libexec/tnftpd/ChangeLog:1.61 --- othersrc/libexec/tnftpd/ChangeLog:1.60 Mon Mar 25 04:29:01 2013 +++ othersrc/libexec/tnftpd/ChangeLog Tue Jan 29 23:14:48 2019 @@ -1,4 +1,46 @@ -$NetBSD: ChangeLog,v 1.60 2013/03/25 04:29:01 lukem Exp $ +$NetBSD: ChangeLog,v 1.61 2019/01/29 23:14:48 lukem Exp $ + + +Tue Jan 29 23:12:52 UTC 2019 lukem + + * Limit fnmatch(), fts(), strsuftollx() recursion to avoid + DoS attacks. From Maksymilian Arciemowicz. + + * Improve glob(): + * Switch from a recursive pattern matching algorithm to handle + '*' to a backtracking one. Avoids DoS attacks with patterns + "a*a*a*a*a*...b" matching against "aaaaaaaaaaaa...". + See https://research.swtch.com/glob + * Bump the glob limits to 512KB for total string size and 64KB + path entries. The old limits were too small for some + important FTP use cases like a pkgsrc repository. + + * Add --with-blacklist to enable support for NetBSD blacklist daemon. + + * Save struct passwd.pw_class if it exists. Inspired by FreeBSD. + + * Sync libnetbsd replacements with NetBSD: + * ANSI C, coding, style, copyright improvements. + * Fix fparseln() parsing issues. + * Fix fts() error handling issues. + * Improve strmode() to support S_IFDOOR. + * Fix strsuftollx() error message and base 10 handling. + * Provide explicit_memset() replacement. + + * Update to NetBSD-ftpd as at 20190129: + * Fix violations of the sequence point rule. + * Add volatile for gcc 5. + * Check that stat and fstat succeed. + * Support blacklistd(8) hooks. + * Clear utmpx struct before writing it to wtmpx files. + * Fix directory stream leaks. + * Use explicit_memset(3) instead of memset(3) to clear password. + * Fix scope of variable. PR/50665. + * Ensure that closing socket exists. CID 603440. + * Add -f option to ftpd to stay in foreground with -D. PR/53221. + * Update version to "NetBSD-ftpd 20180428". + + * Remove endorsment clause from some of my licenses. Mon Mar 25 03:51:20 UTC 2013 lukem