SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pure-ftpd-1.0.46-75.1.x86_64.rpm :

* Thu Jun 15 2017 tchvatalAATTsuse.com- Version update to 1.0.46:
* Fix build with openssl-1.1
* The Perl and Python wrappers are gone
* TLS v1.0 sessions are now refused
* Unmaintained contributions have been removed
* File globbing could take up to `GLOB_TIMEOUT` seconds (17 seconds by default) when matching some patterns, no matter what the configured recursion level was.- Refresh patches:
* pure-ftpd-1.0.20_config.patch
* pure-ftpd-1.0.20_doc.patch- Drop patch pure-ftpd-1.0.32-portrange.patch
* The upstream no longer provide pure-config.pl/py scripts for launching
* This also means the initscript and service were tweaked to reflect this- Disable xinetd on systemd having versions where we can stick to socket based services instead
* By default it does not make sense to have this service socket activated tho so leave it to user to provide this
* Wed Jun 14 2017 psimonsAATTsuse.com- Fix broken pure-ftpd.init script. We cannot use startproc to run /usr/sbin/pure-config.pl, because the utility assumes that the name of that executable matches the name of the started process, which it does not in our case. Furthermore, the start script will write a status message to stdout, so we don\'t have to do it in the init script. [bsc#1042690]
* Sat May 27 2017 psimonsAATTsuse.com- Fix build on SUSE:SLE-11, which doesn\'t define the RPM variable %{_initddir}, so we have to use %{_sysconfdir}/init.d instead.
* Fri May 19 2017 psimonsAATTsuse.com- pure-ftpd-apparmor.patch: Add an AppArmor profile (based on the one from SLE11).- The Factory version of pure-ftp will replace the older package in SLE-11 as per fate#321125. That update brings the following changes:
* These patches have been updated and renamed in the process:
* pure-ftpd-1.0.22-default_tcp_sedrcv_buffer_size.patch is now in pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch.
* pure-ftpd-1.0.21-portrange.patch is now in pure-ftpd-1.0.32-portrange.patch.
* pure-ftpd-1.0.32-cap-audit-write.patch is now in pure-ftpd-1.0.36-cap-audit-control.patch.
* These patches are obsolete now and have been removed:
* 0001-Act-like-a-server-even-in-TLS-mode-when-in-active-mo.patch
* 0002-Init-a-TLS-data-session-after-having-sent-the-go-ahe.patch
* 0003-add-opt_a-to-donlist.patch
* 0004-support-stat-over-tls.patch
* 0005-speedup-TLS-listing.patch
* pure-ftpd-1.0.20_config_minuid.patch
* pure-ftpd-1.0.22-fix-listing-if-directory-has-white-space-in-it.patch
* pure-ftpd-1.0.22-flush-cmd-after-tls.patch
* pure-ftpd-1.0.22-oes-bugfix-1.patch
* pure-ftpd-1.0.22-oes-bugfix-2.patch
* pure-ftpd-1.0.22-oes-bugfix.patch
* pure-ftpd-1.0.22-oes-disable-ascii.patch
* pure-ftpd-1.0.22-oes_remote_server.patch
* pure-ftpd-1.0.22-wait-on-tls-handshake.patch
* pure-ftpd-allow-crypto-settings.patch
* pure-ftpd-remove-gpl-code.patch
* Fri Aug 05 2016 tchvatalAATTsuse.com- Kill omc xml file useless nowdays- Version update to 1.0.43:
* -J switch has been fixed
* openBSD compat changes
* Passwords are now hashed using Argon2i, default for puredb accounts now
* Tue May 10 2016 wrAATTrosenauer.org- fix systemd unit file so the service actually starts (boo#872430)
* Thu Apr 14 2016 tchvatalAATTsuse.com- Add -fvisibility=hidden for bnc#971980
* Sat Jan 16 2016 mpluskalAATTsuse.com- Add gpg signature
* Fri Jan 08 2016 tchvatalAATTsuse.com- Version update to 1.0.42: - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not compiled with libsodium. - The connection is now dropped if HTTP commands are received. - LDAP force_default_gid and force_default_uid now work as documented. - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd 1.0.22 circa 2009, but disabled back then due to client compatibility concerns) is now on by default, except in broken clients compatibility mode. - libmariadb is looked for in addition to libmysqlclient - MySQL: my_make_scrambled_password() is not always an exported symbol any more, so pure-ftpd now ships a reimplementation. - openssl/ec.h is not available on some Linux distributions that disable EC in OpenSSL. This is being tested by autoconf. - New command-line switch: -2/--certfile= to set the path to the certificate file when using TLS. - Support for TCP_FASTOPEN added on Linux - The LDAP configuration file didn\'t allow a default gid without also defining a default uid. This is no longer the case. - OpenBSD\'s glob() left the glob_t structure uninitialized if the pattern was larger than PATH_MAX, causing globfree() to free() an unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.- Refresh patch:
* pure-ftpd-1.0.20_config.patch
* Fri Jun 05 2015 tchvatalAATTsuse.com- Reenable sle11 builds I need for testing.
* Fri Jun 05 2015 tchvatalAATTsuse.com- Remove gpg/keyring, not provided now by upstream- Cleanup with spec-cleaner- Update to latest upstream 1.0.39:
* Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5)
* Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)
* The default cipher suite is now ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH
* TLS forward secrecy support was added. DH parameters are loaded from TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically selected when using LibreSSL.
* scrypt hashed passwords can be used in the MySQL, PostgreSQL and LDAP backends.
* The -C: prefix can be added to the cipher suite in order to make valid client certificates mandatory. This is no longer a compile-time option.
* The Clear Command Channel (CCC) command is now supported.
* pure-config.py is compatible with Python 3.
* SSL (v2, v3) is refused by default.
* The PureDB backend supports the scrypt function in order to hash passwords. This is the preferred algorithm, but requires the presence of libsodium.
* DES-hashed passwords are not supported any more.
* LDAP uid and gid values can over overridden in the LDAP configuration file.
* RC4 was killed.- Refreshed patches:
* pure-ftpd-1.0.20_config.patch
* pure-ftpd-1.0.20_doc.patch
* pure-ftpd-1.0.20_ftpwho_path.patch
* Wed Apr 09 2014 crrodriguezAATTopensuse.org- Remove all init scripts but keep the rc link working.
* Wed Jan 23 2013 mvyskocilAATTsuse.com- fix bnc#789833: pure-ftpd login failes
* pure-ftpd-1.0.36-cap-audit-control.patch- remove oes related patches have never used at openSUSE
* pure-ftpd-1.0.20-oes_remote_server.patch
* pure-ftpd-1.0.22-oes-bugfix-534424.patch- change old PreReq to Requires(pre)- add version to pureftpd symbol
* Thu Nov 29 2012 sbrabecAATTsuse.cz- Verify GPG signature.
* Wed Aug 29 2012 mvyskocilAATTsuse.cz- add gpg signature file for easier verification
* Wed Aug 29 2012 crrodriguezAATTopensuse.org- systemd: Do not fork in the background
* Fri Apr 20 2012 highwaystar.ruAATTgmail.com- spec file: fixed pure-ftpd.service file installation
* Tue Apr 10 2012 mvyskocilAATTsuse.cz- update to 1.0.36 : - Sync built-in glob(3) code with OpenBSD-current, and remove code we don\'t use instead of ifdef\'ing it. - Repair checkproc() on Linux when support for capabitilies is compiled in. Reported by Eric Gouyer. - Don\'t read /dev/
*random every time we need a value. Just use arc4random() everywhere and seed it before we possibly chroot(). - Add support for MFMT, with the same code as SITE UTIME. - Support 2-arguments SITE UTIME. - LDAP: Add LDAPDefaultHomeDirectory, suggested by Landry Breuil. - Add SSL_OP_NO_SSLv3 to SSL options if the list of ciphers is prefixed by -S: , needed by Brad. - Use more paranoid compiler options whenever possible, and preliminary uncluttering of the autoconf script. - Try to cache locale-related data at startup after tzset(), rather than during a session. - Fix quota computation after rename() overwrites an existing file. Reported by Hiramoto Koujo, thanks! - Improved autoconf detection of -fstack-protector and -fPIE - If 10 digits are not enough to print the size of a file in an ls-like output, bump the max number of digits to 18. This adds support for files up to 1 exabyte. - Don\'t display dot files (except . and ..) if dot_read_ok is 0 in donlist() - but not in sglob() yet. This change is purely cosmetic. There are many ways to figure out if a file exists.- document bnc#756306: pure-ftpd umask setting not working properly
* /etc/pure-ftpd/pure-ftpd.conf contains a note about a side-effect of pam_umask- add native pure-ftpd.service for systemd-powered systems- use the same way how to start the daemon in sysvinit script and put $remote_fs dependency usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf --daemonize
* Wed Jun 22 2011 mvyskocilAATTsuse.cz- fix bnc#700611 - pure-ftpd fails with pam
* pure-ftpd-1.0.32-cap-audit-write.patch
* Fri May 27 2011 alexandreAATTexatati.com.br- Update to 1.0.32: - Support SHA1 password hashing in MySQL and PostgreSQL backends - Support for braces expansion in directory listings has been disabled - Cf. CVE-2011-0418- Aditional changes FROM 1.0.31: - Introduce --tlsciphersuite (-J) to set the list of allowed ciphers, thanks to Todd Rinaldo. - The -F switch has been documented in the built-in help. - Shell-like escaping is now partially handled when emulating the \"ls\" command. - Use my_make_scrambled_password() instead of make_scrambled_password(). Suggested by Arkadiusz Miskiewicz.- Refresh and fix patch for [bnc#407363]: - old: patch pure-ftpd-1.0.22-default_tcp_sedrcv_buffer_size.patch - new: patch pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch- Refresh PassivePortRange patch: - old: pure-ftpd-1.0.21-portrange.patch - new: pure-ftpd-1.0.32-portrange.patch
* Mon Apr 11 2011 mvyskocilAATTsuse.cz- update to 1.0.30
* pure-quotacheck can now work with a large number of files.
* OPTS UTF-8 is now an alias to OPTS UTF8.
* Fix a STARTTLS flaw similar to Postfix’s CVE-2011-0411. If you’re using TLS, upgrading is recommended.
* Provide ANSI-compliant MySQL configuration example.
* Fix some issues with man pages.
* Thu Oct 07 2010 mvyskocilAATTsuse.cz- add pure-ftpd-1.0.22-oes-bugfix-534424.patch for tracking OES patches- use macro with_oes to determine if OES patches might be applied or not
* Tue Sep 14 2010 cristian.rodriguezAATTopensuse.org- Use with-rfc2640 [bnc#638626]
* Tue Jul 20 2010 cristian.rodriguezAATTopensuse.org- add missing buildRequires on libcap-devel
* Tue May 25 2010 cristian.rodriguezAATTopensuse.org- $remote_fs --> network-remotefs
* Fri May 14 2010 alexandreAATTexatati.com.br- Added \"--with-virtualchroot\" option;- Spec file cleaned with spec-cleaner;- updated to version 1.0.29: - max_dlmap_size was size_t instead off_t, causing misalignment while downloading > 4 Gb files on a 32-bits arch. - pread() vs lseek()+read() was a useless optimization, since pread() doesn\'t change the file position and further reads weren\'t going through plain read() calls. - iconv_fd_
* should be initialized by (iconv_t) -1 as we test them upon exit. Fixes segfaults on glibc. - pure-uploadscript tries to reach the pipe during 30 seconds instead of 10.- changes in version 1.0.28: - FTPD_PAM_SERVICE_NAME can be defined in order to change the PAM service name. - When an upload gets renamed (--autorename), send the new name to the uploadscript instead of the original one. - The ALLO command now checks for the actual disk space in addition to the virtal quota. - Work around OSX broken poll() - After an atomic resumed upload, don\'t append the previous file size to the quota. - Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset is UTF8. - Fix AUTHD_ENCRYPTED - Reset the CWD failures counter after a successful directory has been created. It avoids spurious disconnections with ncftp. - Support for iPhone has been moved to another branch. - Fix crash with PostgreSQL.
* Fri Feb 12 2010 msebenAATTnovell.com- updated to version 1.0.27: - Have pureftpd_shutdown() shut the server down even if a client is connected on iPhone. - Allow users with no quota to delete .pureftpd-upload-
* files. - Unbreak ipv6 support, reported by Brad Smith. - Disable SSLv3 renegotiation if an old SSL library is used. If you really want to re-enable SSLv3 renegotiation, even with a recent library, you can always define ACCEPT_SSL_RENEGOTIATION.- changes in version 1.0.26: - Fix incompatibilities with Cyberduck when TLS is enabled. - Don\'t TLS_accept() immediately after accept(). Reply on the connection socket first, so that clients don\'t have to wait before knowing that they can actually use TLS. It avoids lags with LFTP and hangs with Cyberduck. - Properly change the process name on Linux when the -S option is used, by Margus Kaidja. - Unbreak authentication of non-chrooted users. Thanks to Juergen Daubert for the bug report.- changes in version 1.0.25: - Show symlinks as symlinks in MLSD, except when the broken client compatibility mode is turned on and links are not dangling (just like the old LIST and NLIST commands). Reported by Mime Cuvalo. - More gcc 2 compatibility, thanks to Todd Rinaldo. - Properly handle custom paths in man pages. Thanks to Scott Haneda and Mathieu Parisot. - Have $localstatedir default to /var as it used to be unless - -localstatedir=... is explicitely passed to ./configure - Use AATTVERSIONAATT in man pages. - --without-pam disables PAM on OSX and iPhone. - Allow cross-compilation. - Experimental iPhone target. - Change the way it links, building a library first. - Don\'t use mmap() any more for downloads. It\'s too slow. - Don\'t use hard-coded paths in order to find MySQL and PostgreSQL libraries and header files. Use mysql_config and pg_config instead. Suggested by John Alberts. - Log the DELE command similar to the RETR and STOR commands. Suggested by Martin Fuxa. - The primary group gets cached so that it\'s always displayed in directory listings. - Avoid a client process to burn CPU in an infinite loop if the command channel gets disconnected before the data channel. Reported by Thomas Min and Margus Kaidja. - Restore the traditional behavior of a download restarting at the end of a file. For some weird reasons, some clients still insist on doing that. Don\'t send a 55x return code, just let them download... nothing. - Documentation updates.- changes in version 1.0.24: - Refuse empty passwords in LDAP bind mode. Reported by Henning Brauer. - The package can now be compiled with gcc 2.- changes in version 1.0.23: - LDAP: accept \"enabled\" as a correct value for FTPStatus as it used to be. - More useful error logging for OpenSSL errors. - Don\'t read certificates twice. - Fix compilation on Solaris with privsep, thanks to Ritesh Patel. - Don\'t replace : (as in IPv6 addresses) in host names. Thanks to Tero Pelander. - Add SUP top AUXILIARY to LDAP schema, suggested by Zhang Huangbin. - Don\'t ignore dot files even if -D is not supplied with the MLSD command. - Deinline code - Throttling more reliable - STAT is now working over TLS - DH keys for ephemeral key exchange are now handled - Fix libiconv checking - The column was missing in the PassivePortRange comment (thanks to Igor Alexadrov) - LDAP authentication through binding is now possible in addition to passwords. This allows for the FTP server to run with an unprivileged LDAP account. It also adds a warning if auth method password is used and doesn\'t find a userPassword attribute. This usually indicates that the LDAP bind DN cannot read the attributes, because it doesn\'t have sufficient privileges. Contributed by Wilco Baan Hofman. - Perform charset conversions on directory names. Issue spotted by Xianghu Zhao. - Almost a complete rewrite of the upload, download and TLS code for more reliability - Seemlessly handle ABOR without any SIGURG - Try to immediately handle any kind of disconnection - Use poll() rather than select() as much as possible - Distinguish aborted (even the hard way) and completed download and upload operations in log files - Minor corrections to he French messages - Don\'t use atomic uploads unless --notruncate or --autorename have been enabled - Take care of removing .pureftpd-upload-
* files in every possible case - List up to 10000 files per directory per default instead of 2000 - Don\'t mess with TCP_NOPUSH, as it interferes with OpenSSL - New compile-time option: --with-implicittls in order to build a FTPS-only server - ./configure --localstatedir can now be used in order to avoid storing the scoreboard and other dynamic files in /var/run/ - Quota handling reworked (easier, and way more reliable) - RNTO support even when quota are enabled. - A bunch of return codes were fixed to be more RFC-conformant. - ALLO command is now actually checking if an upload can occur without blowing the quota. - Don\'t change the TCP window size. Admins should do this as part of their system configuration. - Privsep is now enabled by default. Use --without-privsep to disable. - --without-banner is gone. If you have a cookie file (-F), the default banner won\'t be displayed. - Compile with PAM by default on OSX. - Switch the privsep process to _pure-ftpd or pure-ftpd when no privileged call is actually necessary. Since only the effective uid chances, it\'s not brutally useful yet, but it paves the way for forthcoming changes. - Install man pages with local paths instead of hard-coded ones.
* Tue Jan 12 2010 msebenAATTnovell.com- modified portrange.patch - for PassivePortRange option in pure-ftpd.conf we could use now also syntax without colon (bnc#547578)- merged config.patch with config_minuid.patch
* Fri Jun 05 2009 cooloAATTnovell.com- fix build
* Mon May 25 2009 hvogelAATTsuse.de- Update to version 1.0.22 - New catalan translation - TLS support for LDAP - Fix usage of MySQL 5 stored procedures - Compatibility with newer OpenLDAP versions - Don\'t hang up during uploads if we get any other command than QUIT and ABORT. - SITE UTIME reads UTC time - A space is needed for inline content in response to the MLST command. - Time zone issues should be fixed for good. We have to redefine TZ, tzset() is not enough on Linux when we are in a chroot environment. - Correctly respond to FEAT without removing extra features when passive mode is disabled. Thanks to upb. - Better process name change setup for Linux. - Auto-created home directories are now created with mode 0777 (and directory umask is applied), per common request. It\'s very important to double check your umask. - Extend gid / uid to 10 digits in ls output. Extend file size as well. - Brazilian portuguese translation was updated. - Fix SecureFX compatibility. - Use PQescapeStringConn() for PostgreSQL instead of hand-made escaping. - Don\'t respond to server that an upload succeeded before the temporary file has been renamed. - TLS support on data channels - Use sendfile() on recent Solaris versions in place of sendfilev(). - Don\'t use a deprecated interface for Bonjour registration. - Tell authentication handlers if the connection is encrypted or not, through a new AUTHD_ENCRYPTED environment variable. - Create all directories, not only the basement when on-demand directory creation is enabled and the user\'s home directory looks like /basement/./user. - Fixed error reporting when TLS support was compiled in, but TLS wasn\'t enabled on the current session - Log full path on file deletion - Handle \"ftp\" and \"anonymous\" like normal accounts (with passwords) if -E (no anonymous logins) is specified. Thanks to Arkadiusz Miskiewicz. - Sleep before answering a password failure, not the other way round - In broken mode, show symlinks as their real target. It can have side effects, don\'t forget that broken mode is... broken mode. - Respect aliasing rules for sockaddr_storage usage. - Privsep is enabled by default in the installation GUI. - --with-everything now includes privsep. - update: fix compilation with gcc 2.x
* Thu Jan 15 2009 hvogelAATTsuse.de- Move PassivePortRange to numparic_switch_for [bnc#465954]
* Mon Sep 15 2008 hvogelAATTsuse.de- limit port range for passv to 30000:30100 to assist firewalling [bnc#420671]
* Mon Jul 21 2008 hvogelAATTsuse.de- do not use tcp send/receive buffer optimization. Might lead to strange side effects when allocating too much stack. [bnc#407363]
* Tue Apr 01 2008 mkoenigAATTsuse.de- remove dir /usr/share/omc/svcinfo.d as it is provided now by filesystem
* Thu Mar 20 2008 hvogelAATTsuse.de- Fix ldap schema [bnc:368864]- add Short-Description to init script
* Tue Mar 27 2007 mskibbeAATTsuse.de- change path to firewall script (#247352)
* Fri Mar 02 2007 mskibbeAATTsuse.de- change path to firewall script (#247352)
* Wed Feb 28 2007 mskibbeAATTsuse.de- pure-ftpd - Support for FATE #300687: Ports for SuSEfirewall added via packages (#246931)
* Thu Jan 11 2007 mskibbeAATTsuse.de- change path to xml service document (fate #301713)
* Wed Dec 06 2006 mskibbeAATTsuse.de- add service xml document (fate #301713 )
* Wed Sep 06 2006 mskibbeAATTsuse.de- fix bug Bug 203798 - Restarting the ftp server using the \"rcpure-ftpd stop/start\" doesn\'t stop/kill the existing client-server instances
* Mon Sep 04 2006 kukukAATTsuse.de- Add pam_loginuid.so to session management
* Thu Aug 31 2006 mskibbeAATTsuse.de- update to version 1.0.21 which o includes patch pure-ftpd-1.0.20-abort-transfer.patch o Rendezvous has been renamed Bonjour o The old PAM sample has been removed o -F option added to pure-pw o MAX_USER_LENGTH has been bumped to 127 due to popular demand o pam/
* can now be used if security/
* doesn\'t exist o simplify() simplifies paths ending by /. and /.. o Experimental support for RFC2640 (UTF-8 filename encoding) o The LDAP schema has been changed: FTPStatus should be a boolean o OPTS MLST has been implemented o SITE UTIME has been implemented o TCP_CORK is on by default again. A new configure switch, - -without-cork, can disable it o Correctly format %c and %% in fakesprintf() o The connection socket is now created with the Nagle algorithm disabled. It was the trick to dramatically improve performance when transfering a lot of small files o Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server
* Mon Aug 21 2006 kukukAATTsuse.de- Reorder auth section of PAM config file to make sure all modules will always be evaluated.
  
ICM