SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pure-ftpd-1.0.51-117.9.x86_64.rpm :

* Thu Feb 29 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN.
* Wed Oct 04 2023 Thorsten Kukuk - Add pure-ftpd.ftpusers, the netcfg one is not maintained, outdated and will be removed.- pure-ftpd.pam: use own copy of ftpusers.- Remove hard systemd requires, it\'s not necessary.
* Mon Jan 16 2023 Stefan Schubert - Migration of PAM settings to /usr/lib/pam.d.
* Mon Aug 01 2022 Dirk Müller - update to 1.0.51:
* Compatibility with OpenSSL 1.1.0 was improved.
* PostgreSQL: the port number is not escaped any more in connection strings.
* TLS tickets are issued but not renewed - This fixes compatibility issues with some clients.
* PureDB: additional checks for corrupted databases have been added, and synchronization to disk uses F_FULLFSYNC on macOS X.
* Wed Jan 19 2022 Antoine Belvire - Update to version 1.0.50:
* Support for MD5, SHA1 and MySQL PASSWORD() function were removed for password hashing. You should now use scrypt, argon2 or the system crypt(3) function.
* Soft fail if a USER command is received without TLS and the server is configured to enforce TLS. Previously, the session was immediately closed, but that was too brutal for some clients.
* Allow connections from the class E network range -- apparently required in some cases when using Linux containers.
* Large file listings used to require way more stack allocations than necessary, possibly reaching hard-coded limits and causing a forced session close. This has been fixed. (boo#1160111, CVE-2019-20176)
* The SPSV command has been removed.
* Under some circunstances, the server would not start when configured with directory aliases. This has been fixed.
* PostgreSQL: hard-coded global configuration strings were not escaped. This has been fixed.
* A warning is now printed when a transfer happens in ASCII mode, as this is rarely intentional.
* Compilation with --without-ascii is now possible again.
* Configuration options for features that have been disabled at compile-time are not parsed any more.
* When virtual quotas were configured, files were removed after an upload if the size quota was exceeded, but not during the upload. This has been fixed. (boo#1190205, CVE-2021-40524)
* A configuration file can now include other files with the `Include` directive.
* Fix an out-of-bound read (boo#1164805, CVE-2020-9365).
* Fix a potential uninitialized pointer vulnerability (boo#1165134, CVE-2020-9274).- Build with libsodium-devel to support Argon password scheme.- Remove obsolete `---with-rfc2640`: Support for RFC 2640 has been removed in version 1.0.48.- Rebase patch for bnc#407363:
* Remove pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch
* Add pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch
* Wed Oct 20 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Modified:
* pure-ftpd.service
* Mon May 03 2021 Luigi Baldoni - Small cleanup
* Sat May 01 2021 Luigi Baldoni - Fix build
* Wed May 06 2020 Peter Simons - Update to version 1.0.49.
* Refresh pure-ftpd-1.0.20_ftpwho_path.patch to pure-ftpd-1.0.49_ftpwho_path.patch.
* Tue Mar 17 2020 Max Lin - BuildRequires postgresql-server-devel on Leap version >= 15.2
  
ICM