* Mon Aug 01 2022 Dirk Müller <dmueller@suse.com>
- update to 1.0.51:
* Compatibility with OpenSSL 1.1.0 was improved.
* PostgreSQL: the port number is not escaped any more in connection
strings.
* TLS tickets are issued but not renewed - This fixes compatibility
issues with some clients.
* PureDB: additional checks for corrupted databases have been added,
and synchronization to disk uses F_FULLFSYNC on macOS X.
* Wed Jan 19 2022 Antoine Belvire <antoine.belvire@opensuse.org>
- Update to version 1.0.50:
* Support for MD5, SHA1 and MySQL PASSWORD() function were removed for
password hashing. You should now use scrypt, argon2 or the system crypt(3)
function.
* Soft fail if a USER command is received without TLS and the server is
configured to enforce TLS. Previously, the session was immediately closed,
but that was too brutal for some clients.
* Allow connections from the class E network range -- apparently
required in some cases when using Linux containers.
* Large file listings used to require way more stack allocations than
necessary, possibly reaching hard-coded limits and causing a forced
session close. This has been fixed. (boo#1160111, CVE-2019-20176)
* The SPSV command has been removed.
* Under some circunstances, the server would not start when configured
with directory aliases. This has been fixed.
* PostgreSQL: hard-coded global configuration strings were not escaped.
This has been fixed.
* A warning is now printed when a transfer happens in ASCII mode, as
this is rarely intentional.
* Compilation with --without-ascii is now possible again.
* Configuration options for features that have been disabled at
compile-time are not parsed any more.
* When virtual quotas were configured, files were removed after an
upload if the size quota was exceeded, but not during the upload. This
has been fixed. (boo#1190205, CVE-2021-40524)
* A configuration file can now include other files with the `Include`
directive.
* Fix an out-of-bound read (boo#1164805, CVE-2020-9365).
* Fix a potential uninitialized pointer vulnerability (boo#1165134,
CVE-2020-9274).
- Build with libsodium-devel to support Argon password scheme.
- Remove obsolete `---with-rfc2640`: Support for RFC 2640 has been removed in
version 1.0.48.
- Rebase patch for bnc#407363:
* Remove pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch
* Add pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch
Version: 1.0.49-bp152.1.1
* Wed May 06 2020 Peter Simons <psimons@suse.com>
- Update to version 1.0.49.
* Refresh pure-ftpd-1.0.20_ftpwho_path.patch to
pure-ftpd-1.0.49_ftpwho_path.patch.
* Tue Mar 17 2020 Max Lin <mlin@suse.com>
- BuildRequires postgresql-server-devel on Leap version >= 15.2
* Thu Dec 05 2019 Josef Möllers <josef.moellers@suse.com>
- Add pam_keyinit.so to PAM config file.
[pure-ftpd.pamd, bsc#1144058]
* Fri Jul 26 2019 matthias.gerstner@suse.com
- removal of version checks for outdated distributions
* Thu Jul 25 2019 matthias.gerstner@suse.com
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
firewalld, see [1].
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
Version: 1.0.47-bp150.2.3
* Sun Feb 18 2018 avindra@opensuse.org
- Version update to 1.0.47:
* If TLS was only enabled on the control channel (-Y 1), the STAT
command would send its output as other directory listing
commands, breaking the TLS stream. This has been fixed.
* The system user “_ftp” can be used as an alternative to “ftp”
for anonymous sessions.
* Compatibility with libsodium > 1.0.12 was added (including
minimal mode).
* The prefix for Argon2-hashed passwords in LDAP has been changed
to “{argon2}” (from “{argon2i}”). Ditto for MySQL and
PostgreSQL: the authentication method is now called “argon2”
instead of “argon2i”, and includes both Argon2i and Argon2id.
- use https for main site and source download
- switch to bz2 tarball (smaller)
* Thu Jun 15 2017 tchvatal@suse.com
- Version update to 1.0.46:
* Fix build with openssl-1.1
* The Perl and Python wrappers are gone
* TLS v1.0 sessions are now refused
* Unmaintained contributions have been removed
* File globbing could take up to `GLOB_TIMEOUT` seconds
(17 seconds by default) when matching some patterns, no matter what the
configured recursion level was.
- Refresh patches:
* pure-ftpd-1.0.20_config.patch
* pure-ftpd-1.0.20_doc.patch
- Drop patch pure-ftpd-1.0.32-portrange.patch
* The upstream no longer provide pure-config.pl/py scripts for launching
* This also means the initscript and service were tweaked to reflect this
- Disable xinetd on systemd having versions where we can stick to socket
based services instead
* By default it does not make sense to have this service socket activated
tho so leave it to user to provide this
* Wed Jun 14 2017 psimons@suse.com
- Fix broken pure-ftpd.init script. We cannot use startproc to run
/usr/sbin/pure-config.pl, because the utility assumes that the
name of that executable matches the name of the started process,
which it does not in our case. Furthermore, the start script will
write a status message to stdout, so we don't have to do it in
the init script. [bsc#1042690]
* Sat May 27 2017 psimons@suse.com
- Fix build on SUSE:SLE-11, which doesn't define the RPM variable
%{_initddir}, so we have to use %{_sysconfdir}/init.d instead.
* Fri May 19 2017 psimons@suse.com
- pure-ftpd-apparmor.patch: Add an AppArmor profile (based on the
one from SLE11).
- The Factory version of pure-ftp will replace the older package in
SLE-11 as per fate#321125. That update brings the following
changes:
* These patches have been updated and renamed in the process:
* pure-ftpd-1.0.22-default_tcp_sedrcv_buffer_size.patch is now
in pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch.
* pure-ftpd-1.0.21-portrange.patch is now in
pure-ftpd-1.0.32-portrange.patch.
* pure-ftpd-1.0.32-cap-audit-write.patch is now in
pure-ftpd-1.0.36-cap-audit-control.patch.
* These patches are obsolete now and have been removed:
* 0001-Act-like-a-server-even-in-TLS-mode-when-in-active-mo.patch
* 0002-Init-a-TLS-data-session-after-having-sent-the-go-ahe.patch
* 0003-add-opt_a-to-donlist.patch
* 0004-support-stat-over-tls.patch
* 0005-speedup-TLS-listing.patch
* pure-ftpd-1.0.20_config_minuid.patch
* pure-ftpd-1.0.22-fix-listing-if-directory-has-white-space-in-it.patch
* pure-ftpd-1.0.22-flush-cmd-after-tls.patch
* pure-ftpd-1.0.22-oes-bugfix-1.patch
* pure-ftpd-1.0.22-oes-bugfix-2.patch
* pure-ftpd-1.0.22-oes-bugfix.patch
* pure-ftpd-1.0.22-oes-disable-ascii.patch
* pure-ftpd-1.0.22-oes_remote_server.patch
* pure-ftpd-1.0.22-wait-on-tls-handshake.patch
* pure-ftpd-allow-crypto-settings.patch
* pure-ftpd-remove-gpl-code.patch
* Fri Aug 05 2016 tchvatal@suse.com
- Kill omc xml file useless nowdays
- Version update to 1.0.43:
* -J switch has been fixed
* openBSD compat changes
* Passwords are now hashed using Argon2i, default for puredb accounts now
* Tue May 10 2016 wr@rosenauer.org
- fix systemd unit file so the service actually starts (boo#872430)
* Thu Apr 14 2016 tchvatal@suse.com
- Add -fvisibility=hidden for bnc#971980
* Sat Jan 16 2016 mpluskal@suse.com
- Add gpg signature
* Fri Jan 08 2016 tchvatal@suse.com
- Version update to 1.0.42:
- Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
compiled with libsodium.
- The connection is now dropped if HTTP commands are received.
- LDAP force_default_gid and force_default_uid now work as documented.
- The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
1.0.22 circa 2009, but disabled back then due to client compatibility
concerns) is now on by default, except in broken clients compatibility mode.
- libmariadb is looked for in addition to libmysqlclient
- MySQL: my_make_scrambled_password() is not always an exported
symbol any more, so pure-ftpd now ships a reimplementation.
- openssl/ec.h is not available on some Linux distributions that
disable EC in OpenSSL. This is being tested by autoconf.
- New command-line switch: -2/--certfile= to set the path to the
certificate file when using TLS.
- Support for TCP_FASTOPEN added on Linux
- The LDAP configuration file didn't allow a default gid without also
defining a default uid. This is no longer the case.
- OpenBSD's glob() left the glob_t structure uninitialized if the
pattern was larger than PATH_MAX, causing globfree() to free() an
unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.
- Refresh patch:
* pure-ftpd-1.0.20_config.patch
* Fri Jun 05 2015 tchvatal@suse.com
- Reenable sle11 builds I need for testing.
* Fri Jun 05 2015 tchvatal@suse.com
- Reenable sle11 builds I need for testing.
* Wed Apr 09 2014 crrodriguez@opensuse.org
- Remove all init scripts but keep the rc link working.
* Wed Jan 23 2013 mvyskocil@suse.com
- fix bnc#789833: pure-ftpd login failes
* pure-ftpd-1.0.36-cap-audit-control.patch
- remove oes related patches have never used at openSUSE
* pure-ftpd-1.0.20-oes_remote_server.patch
* pure-ftpd-1.0.22-oes-bugfix-534424.patch
- change old PreReq to Requires(pre)
- add version to pureftpd symbol
* Thu Nov 29 2012 sbrabec@suse.cz
- Verify GPG signature.
* Wed Aug 29 2012 mvyskocil@suse.cz
- add gpg signature file for easier verification
* Wed Aug 29 2012 crrodriguez@opensuse.org
- systemd: Do not fork in the background
* Fri Apr 20 2012 highwaystar.ru@gmail.com
- spec file: fixed pure-ftpd.service file installation
* Tue Apr 10 2012 mvyskocil@suse.cz
- update to 1.0.36 :
- Sync built-in glob(3) code with OpenBSD-current, and remove code we
don't use instead of ifdef'ing it.
- Repair checkproc() on Linux when support for capabitilies is
compiled in. Reported by Eric Gouyer.
- Don't read /dev/*random every time we need a value. Just use
arc4random() everywhere and seed it before we possibly chroot().
- Add support for MFMT, with the same code as SITE UTIME.
- Support 2-arguments SITE UTIME.
- LDAP: Add LDAPDefaultHomeDirectory, suggested by Landry Breuil.
- Add SSL_OP_NO_SSLv3 to SSL options if the list of ciphers is
prefixed by -S: , needed by Brad.
- Use more paranoid compiler options whenever possible, and preliminary
uncluttering of the autoconf script.
- Try to cache locale-related data at startup after tzset(), rather
than during a session.
- Fix quota computation after rename() overwrites an existing file.
Reported by Hiramoto Koujo, thanks!
- Improved autoconf detection of -fstack-protector and -fPIE
- If 10 digits are not enough to print the size of a file in an
ls-like output, bump the max number of digits to 18. This adds support for
files up to 1 exabyte.
- Don't display dot files (except . and ..) if dot_read_ok is 0 in
donlist() - but not in sglob() yet. This change is purely cosmetic. There are
many ways to figure out if a file exists.
- document bnc#756306: pure-ftpd umask setting not working properly
* /etc/pure-ftpd/pure-ftpd.conf contains a note about a side-effect of pam_umask
- add native pure-ftpd.service for systemd-powered systems
- use the same way how to start the daemon in sysvinit script and put
$remote_fs dependency
usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf --daemonize
* Wed Jun 22 2011 mvyskocil@suse.cz
- fix bnc#700611 - pure-ftpd fails with pam
* pure-ftpd-1.0.32-cap-audit-write.patch