patch-work
diff --git a/‎README
Lines changed: 2 additions & 2 deletions b/‎README
Lines changed: 2 additions & 2 deletions
diff --git a/‎README.LDAP
Lines changed: 1 addition & 5 deletions b/‎README.LDAP
Lines changed: 1 addition & 5 deletions
diff --git a/‎README.MySQL
Lines changed: 6 additions & 8 deletions b/‎README.MySQL
Lines changed: 6 additions & 8 deletions
diff --git a/‎README.PGSQL
Lines changed: 4 additions & 5 deletions b/‎README.PGSQL
Lines changed: 4 additions & 5 deletions
diff --git a/‎README.Virtual-Users
Lines changed: 1 addition & 2 deletions b/‎README.Virtual-Users
Lines changed: 1 addition & 2 deletions
diff --git a/‎configure.ac
Lines changed: 0 additions & 53 deletions b/‎configure.ac
Lines changed: 0 additions & 53 deletions
diff --git a/‎pureftpd-mysql.conf
Lines changed: 2 additions & 3 deletions b/‎pureftpd-mysql.conf
Lines changed: 2 additions & 3 deletions
diff --git a/‎pureftpd-pgsql.conf
Lines changed: 2 additions & 2 deletions b/‎pureftpd-pgsql.conf
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Makefile.am
Lines changed: 0 additions & 4 deletions b/‎src/Makefile.am
Lines changed: 0 additions & 4 deletions
@@ -1446,8 +1446,8 @@ sample output of 'pure-ftpwho -v':
 After an upload, any external program or shell script can be spawned with the
 name of the newly uploaded file as an argument. You can use that feature to
 automatically send a mail when a new file arrives. Or you can pass it to a
-moderation system, an anti-virus, a MD5 signature generator or whatever you
-decide can be done with a file.
+moderation system, an anti-virus, a digest generator or whatever you decide
+can be done with a file.
 
 To support this, the server has to be configured --with-uploadscript at
 compilation time. Upload scripts won't be spawned on unreadable directories.
 
@@ -168,11 +168,7 @@ userPassword: {scrypt}$7$C6..../....YzvCLmJDYJpH76BxlZB9fCpCEj2AbGQHoLiG9I/VRO1$
 
 
 'userPassword' is the password hashed with the system 'crypt' function,
-MD5, SHA, SMD5, SSHA, SCRYPT or ARGON2.
-
-Do not use MD5, SHA, SMD5 or SSHA except if you really have to. Use {crypt}
-with the strongest algorithm supported by your implementation. Or better,
-use {scrypt} or {argon2}.
+SCRYPT or ARGON2.
 
 Please note that a login can only contains common characters: A...Z, a...z,
 0...9, -, ., _, space, :, @ and ' . For paranoia purposes, other characters
 
@@ -87,14 +87,12 @@ You just have to have fields with the following info:
 - The user's login.
 
 - The user's password, hashed using argon2 (argon2id or argon2i), scrypt or
-crypt(3). SHA1, MD5, and MySQL's password() format are supported for legacy
-reasons, but shouldn't be used any more. Pure-FTPd also accepts the "any"
-value for the MySQLCrypt field. With "any", all hash functions are
-sequentially tried.
-
-* RECOMMENDATION: Do not use SHA1, MD5, or, obviously, plaintext. Unless your
-system provides a decent crypt() function, use a MySQL function to verify
-the hashed password or use argon2/scrypt.
+crypt(3). Pure-FTPd also accepts the "any" value for the MySQLCrypt field.
+With "any", all hash functions are sequentially tried.
+
+* RECOMMENDATION: Do not use plaintext. Unless your system provides a decent
+crypt() function, use a MySQL function to verify the hashed password or use
+argon2/scrypt.
 
 - The system uid to map the user to. This can be a numeric id or a user
 name, looked up at run-time.
 
@@ -82,14 +82,13 @@ You just have to have fields with the following info:
 
 - The user's login.
 
-- The user's password, hashed using argon2, scrypt or crypt(3). SHA1 and MD5
-are also supported for legacy reasons, but shouldn't be used any more.
+- The user's password, hashed using argon2, scrypt or crypt(3).
 Pure-FTPd also accepts the "any" value for the PGSQLCrypt field.
 With "any", all hash functions are sequentially tried.
 
-* RECOMMENDATION: Do not use SHA1, MD5, or, obviously, plaintext. Unless your
-system provides a decent crypt() function, use a PostgreSQL function to verify
-the hashed password or use argon2/scrypt.
+* RECOMMENDATION: Do not use plaintext. Unless your system provides a
+decent crypt() function, use a PostgreSQL function to verify the hashed
+password or use argon2/scrypt.
 
 - The system uid to map the user to. This can be a numeric id or a user
 name, looked up at run-time.
 
@@ -53,8 +53,7 @@ Fields can be left empty (exceptions: account, password, uid, gid, home
 directory) .
 
 Passwords are compatible with the hashing function used in /etc/passwd or
-/etc/master.passwd . They are crypto hashed with blowfish, md5, multiple-des
-and simple des, in this order, according to what your system has support fort.
+/etc/master.passwd.
 
 
     ------------------------ CREATING A NEW USER ------------------------
 
@@ -1132,59 +1132,6 @@ AC_DEFINE(USE_BUILTIN_REALPATH)
 ],[AC_MSG_RESULT(no)
 AC_DEFINE(USE_BUILTIN_REALPATH)])
 
-AC_MSG_CHECKING(whether you already have a standard MD5 implementation)
-AC_RUN_IFELSE([AC_LANG_SOURCE([[
-#include <stdio.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <md5.h>
-
-int main(void)
-{
-    MD5_CTX ctx;
-    char b[33];
-    
-    MD5Init(&ctx);
-    MD5Update(&ctx, (const unsigned char *) "test", 4U);
-    MD5End(&ctx, b);
-    b[32] = 0;
-
-    return strcasecmp(b, "098f6bcd4621d373cade4e832627b4f6");
-}
-]])],[
-AC_MSG_RESULT(yes)
-AC_DEFINE(USE_SYSTEM_CRYPT_MD5,,[Define if you already have standard
-MD5 functions])
-],[AC_MSG_RESULT(no)
-],[AC_MSG_RESULT(assuming no)])
-
-AC_MSG_CHECKING(whether you already have a standard SHA1 implementation)
-AC_RUN_IFELSE([AC_LANG_SOURCE([[
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sha1.h>
-
-int main(void)
-{
-    SHA1_CTX ctx;
-    char b[41];
-    
-    SHA1Init(&ctx);
-    SHA1Update(&ctx, (const unsigned char *) "test", 4U);
-    SHA1End(&ctx, b);
-    b[40] = 0;
-    
-    return strcasecmp(b, "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3");
-}
-]])],[
-AC_MSG_RESULT(yes)
-AC_DEFINE(USE_SYSTEM_CRYPT_SHA1,,[Define if you already have standard
-SHA1 functions])
-],[AC_MSG_RESULT(no)
-],[AC_MSG_RESULT(assuming no)])
-
 AC_MSG_CHECKING([whether we are inside a Virtuozzo virtual host])
 if test -d /proc/vz; then
   AC_MSG_RESULT(yes)
 
@@ -38,10 +38,9 @@ MYSQLDatabase   pureftpd
 
 
 # Mandatory : how passwords are stored
-# Valid values are : "cleartext", "argon2", "scrypt", "crypt", "sha1", "md5", "password" and "any"
-# ("password" = MySQL password() function, which is sha1(sha1(password)))
+# Valid values are : "cleartext", "argon2", "scrypt", "crypt", and "any"
 
-MYSQLCrypt      scrypt
+MYSQLCrypt      argon2
 
 
 # In the following directives, parts of the strings are replaced at
 
@@ -35,9 +35,9 @@ PGSQLDatabase   pureftpd
 
 
 # Mandatory : how passwords are stored
-# Valid values are : "cleartext", "argon2", "scrypt", "crypt", "md5", "sha1" and "any"
+# Valid values are : "cleartext", "argon2", "scrypt", "crypt", and "any"
 
-PGSQLCrypt      scrypt
+PGSQLCrypt      argon2
 
 
 # In the following directives, parts of the strings are replaced at
 
@@ -40,10 +40,6 @@ libpureftpd_a_SOURCES = \
 	caps.h \
 	crypto.c \
 	crypto.h \
-	crypto-md5.c \
-	crypto-md5.h \
-	crypto-sha1.c \
-	crypto-sha1.h \
 	daemons.c \
 	diraliases.h \
 	diraliases.c \