Package Release Info

pure-ftpd-1.0.51-bp155.1.9

Update Info: Base Release
Available in Package Hub : 15 SP5

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

pure-ftpd

Change Logs

* Mon Aug 01 2022 Dirk Müller <dmueller@suse.com>
- update to 1.0.51:
  * Compatibility with OpenSSL 1.1.0 was improved.
  * PostgreSQL: the port number is not escaped any more in connection
    strings.
  * TLS tickets are issued but not renewed - This fixes compatibility
    issues with some clients.
  * PureDB: additional checks for corrupted databases have been added,
    and synchronization to disk uses F_FULLFSYNC on macOS X.
* Wed Jan 19 2022 Antoine Belvire <antoine.belvire@opensuse.org>
- Update to version 1.0.50:
  * Support for MD5, SHA1 and MySQL PASSWORD() function were removed for
    password hashing. You should now use scrypt, argon2 or the system crypt(3)
    function.
  * Soft fail if a USER command is received without TLS and the server is
    configured to enforce TLS. Previously, the session was immediately closed,
    but that was too brutal for some clients.
  * Allow connections from the class E network range -- apparently
    required in some cases when using Linux containers.
  * Large file listings used to require way more stack allocations than
    necessary, possibly reaching hard-coded limits and causing a forced
    session close. This has been fixed. (boo#1160111, CVE-2019-20176)
  * The SPSV command has been removed.
  * Under some circunstances, the server would not start when configured
    with directory aliases. This has been fixed.
  * PostgreSQL: hard-coded global configuration strings were not escaped.
    This has been fixed.
  * A warning is now printed when a transfer happens in ASCII mode, as
    this is rarely intentional.
  * Compilation with --without-ascii is now possible again.
  * Configuration options for features that have been disabled at
    compile-time are not parsed any more.
  * When virtual quotas were configured, files were removed after an
    upload if the size quota was exceeded, but not during the upload. This
    has been fixed. (boo#1190205, CVE-2021-40524)
  * A configuration file can now include other files with the `Include`
    directive.
  * Fix an out-of-bound read (boo#1164805, CVE-2020-9365).
  * Fix a potential uninitialized pointer vulnerability (boo#1165134,
    CVE-2020-9274).
- Build with libsodium-devel to support Argon password scheme.
- Remove obsolete `---with-rfc2640`: Support for RFC 2640 has been removed in
  version 1.0.48.
- Rebase patch for bnc#407363:
  * Remove pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch
  * Add pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch
Version: 1.0.49-bp154.2.32
* Wed Oct 20 2021 Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * pure-ftpd.service
* Mon May 03 2021 Luigi Baldoni <aloisio@gmx.com>
- Small cleanup
Version: 1.0.49-bp153.2.1
* Sat May 01 2021 Luigi Baldoni <aloisio@gmx.com>
- Fix build
Version: 1.0.49-bp152.1.1
* Wed May 06 2020 Peter Simons <psimons@suse.com>
- Update to version 1.0.49.
  * Refresh pure-ftpd-1.0.20_ftpwho_path.patch to
    pure-ftpd-1.0.49_ftpwho_path.patch.
* Tue Mar 17 2020 Max Lin <mlin@suse.com>
- BuildRequires postgresql-server-devel on Leap version >= 15.2
* Thu Dec 05 2019 Josef Möllers <josef.moellers@suse.com>
- Add pam_keyinit.so to PAM config file.
  [pure-ftpd.pamd, bsc#1144058]
* Fri Jul 26 2019 matthias.gerstner@suse.com
- removal of version checks for outdated distributions
* Thu Jul 25 2019 matthias.gerstner@suse.com
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
  firewalld, see [1].
  [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
Version: 1.0.47-bp150.3.3.1
* Tue Jun 18 2019 Peter Simons <psimons@suse.com>
- Add missing run-time dependency on system-user-ftp to ensure that
  user exits. [boo#1136997]
- Processed the spec file with spec-cleaner version 1.1.3.
* Tue Apr 09 2019 Christophe Giboudeaux <christophe@krop.fr>
- Add the missing build dependency for Tumbleweed.
* Fri Mar 01 2019 psimons@suse.com
- Apply "pure-ftpd-malloc-limit.patch" to add a configuration
  option that sets the process memory limit used by "ls" for
  globbing. The value can be specified as optional third argument
  to "-L" (or LimitRecursion in config file). Because it's
  optional, the old configuration files will still work without
  change with new binaries and update will be smooth. This change
  allows sites that store an extremely large set of files inside a
  single directory to tune their installation so that the "ls"
  command in that directory will succeed without exceeding the ftpd
  process memory limit. [bsc#1119187]
Version: 1.0.47-bp150.2.3
* Sun Feb 18 2018 avindra@opensuse.org
- Version update to 1.0.47:
  * If TLS was only enabled on the control channel (-Y 1), the STAT
    command would send its output as other directory listing
    commands, breaking the TLS stream. This has been fixed.
  * The system user “_ftp” can be used as an alternative to “ftp”
    for anonymous sessions.
  * Compatibility with libsodium > 1.0.12 was added (including
    minimal mode).
  * The prefix for Argon2-hashed passwords in LDAP has been changed
    to “{argon2}” (from “{argon2i}”). Ditto for MySQL and
    PostgreSQL: the authentication method is now called “argon2”
    instead of “argon2i”, and includes both Argon2i and Argon2id.
- use https for main site and source download
- switch to bz2 tarball (smaller)
* Thu Jun 15 2017 tchvatal@suse.com
- Version update to 1.0.46:
  * Fix build with openssl-1.1
  * The Perl and Python wrappers are gone
  * TLS v1.0 sessions are now refused
  * Unmaintained contributions have been removed
  * File globbing could take up to `GLOB_TIMEOUT` seconds
    (17 seconds by default) when matching some patterns, no matter what the
    configured recursion level was.
- Refresh patches:
  * pure-ftpd-1.0.20_config.patch
  * pure-ftpd-1.0.20_doc.patch
- Drop patch pure-ftpd-1.0.32-portrange.patch
  * The upstream no longer provide pure-config.pl/py scripts for launching
  * This also means the initscript and service were tweaked to reflect this
- Disable xinetd on systemd having versions where we can stick to socket
  based services instead
  * By default it does not make sense to have this service socket activated
    tho so leave it to user to provide this
* Wed Jun 14 2017 psimons@suse.com
- Fix broken pure-ftpd.init script. We cannot use startproc to run
  /usr/sbin/pure-config.pl, because the utility assumes that the
  name of that executable matches the name of the started process,
  which it does not in our case. Furthermore, the start script will
  write a status message to stdout, so we don't have to do it in
  the init script. [bsc#1042690]
* Sat May 27 2017 psimons@suse.com
- Fix build on SUSE:SLE-11, which doesn't define the RPM variable
  %{_initddir}, so we have to use %{_sysconfdir}/init.d instead.
* Fri May 19 2017 psimons@suse.com
- pure-ftpd-apparmor.patch: Add an AppArmor profile (based on the
  one from SLE11).
- The Factory version of pure-ftp will replace the older package in
  SLE-11 as per fate#321125. That update brings the following
  changes:
  * These patches have been updated and renamed in the process:
  * pure-ftpd-1.0.22-default_tcp_sedrcv_buffer_size.patch is now
    in pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch.
  * pure-ftpd-1.0.21-portrange.patch is now in
    pure-ftpd-1.0.32-portrange.patch.
  * pure-ftpd-1.0.32-cap-audit-write.patch is now in
    pure-ftpd-1.0.36-cap-audit-control.patch.
  * These patches are obsolete now and have been removed:
  * 0001-Act-like-a-server-even-in-TLS-mode-when-in-active-mo.patch
  * 0002-Init-a-TLS-data-session-after-having-sent-the-go-ahe.patch
  * 0003-add-opt_a-to-donlist.patch
  * 0004-support-stat-over-tls.patch
  * 0005-speedup-TLS-listing.patch
  * pure-ftpd-1.0.20_config_minuid.patch
  * pure-ftpd-1.0.22-fix-listing-if-directory-has-white-space-in-it.patch
  * pure-ftpd-1.0.22-flush-cmd-after-tls.patch
  * pure-ftpd-1.0.22-oes-bugfix-1.patch
  * pure-ftpd-1.0.22-oes-bugfix-2.patch
  * pure-ftpd-1.0.22-oes-bugfix.patch
  * pure-ftpd-1.0.22-oes-disable-ascii.patch
  * pure-ftpd-1.0.22-oes_remote_server.patch
  * pure-ftpd-1.0.22-wait-on-tls-handshake.patch
  * pure-ftpd-allow-crypto-settings.patch
  * pure-ftpd-remove-gpl-code.patch
* Fri Aug 05 2016 tchvatal@suse.com
- Kill omc xml file useless nowdays
- Version update to 1.0.43:
  * -J switch has been fixed
  * openBSD compat changes
  * Passwords are now hashed using Argon2i, default for puredb accounts now
* Tue May 10 2016 wr@rosenauer.org
- fix systemd unit file so the service actually starts (boo#872430)
* Thu Apr 14 2016 tchvatal@suse.com
- Add -fvisibility=hidden for bnc#971980
* Sat Jan 16 2016 mpluskal@suse.com
- Add gpg signature
* Fri Jan 08 2016 tchvatal@suse.com
- Version update to 1.0.42:
  - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
    compiled with libsodium.
  - The connection is now dropped if HTTP commands are received.
  - LDAP force_default_gid and force_default_uid now work as documented.
  - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
    1.0.22 circa 2009, but disabled back then due to client compatibility
    concerns) is now on by default, except in broken clients compatibility mode.
  - libmariadb is looked for in addition to libmysqlclient
  - MySQL: my_make_scrambled_password() is not always an exported
    symbol any more, so pure-ftpd now ships a reimplementation.
  - openssl/ec.h is not available on some Linux distributions that
    disable EC in OpenSSL. This is being tested by autoconf.
  - New command-line switch: -2/--certfile= to set the path to the
    certificate file when using TLS.
  - Support for TCP_FASTOPEN added on Linux
  - The LDAP configuration file didn't allow a default gid without also
    defining a default uid. This is no longer the case.
  - OpenBSD's glob() left the glob_t structure uninitialized if the
    pattern was larger than PATH_MAX, causing globfree() to free() an
    unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.
- Refresh patch:
  * pure-ftpd-1.0.20_config.patch
* Fri Jun 05 2015 tchvatal@suse.com
- Reenable sle11 builds I need for testing.
* Fri Jun 05 2015 tchvatal@suse.com
- Reenable sle11 builds I need for testing.
* Wed Apr 09 2014 crrodriguez@opensuse.org
- Remove all init scripts but keep the rc link working.
* Wed Jan 23 2013 mvyskocil@suse.com
- fix bnc#789833: pure-ftpd login failes
  * pure-ftpd-1.0.36-cap-audit-control.patch
- remove oes related patches have never used at openSUSE
  * pure-ftpd-1.0.20-oes_remote_server.patch
  * pure-ftpd-1.0.22-oes-bugfix-534424.patch
- change old PreReq to Requires(pre)
- add version to pureftpd symbol
* Thu Nov 29 2012 sbrabec@suse.cz
- Verify GPG signature.
* Wed Aug 29 2012 mvyskocil@suse.cz
- add gpg signature file for easier verification
* Wed Aug 29 2012 crrodriguez@opensuse.org
- systemd: Do not fork in the background
* Fri Apr 20 2012 highwaystar.ru@gmail.com
- spec file: fixed pure-ftpd.service file installation
* Tue Apr 10 2012 mvyskocil@suse.cz
- update to 1.0.36 :
  - Sync built-in glob(3) code with OpenBSD-current, and remove code we
  don't use instead of ifdef'ing it.
  - Repair checkproc() on Linux when support for capabitilies is
  compiled in. Reported by Eric Gouyer.
  - Don't read /dev/*random every time we need a value. Just use
  arc4random() everywhere and seed it before we possibly chroot().
  - Add support for MFMT, with the same code as SITE UTIME.
  - Support 2-arguments SITE UTIME.
  - LDAP: Add LDAPDefaultHomeDirectory, suggested by Landry Breuil.
  - Add SSL_OP_NO_SSLv3 to SSL options if the list of ciphers is
  prefixed by -S: , needed by Brad.
  - Use more paranoid compiler options whenever possible, and preliminary
  uncluttering of the autoconf script.
  - Try to cache locale-related data at startup after tzset(), rather
  than during a session.
  - Fix quota computation after rename() overwrites an existing file.
  Reported by Hiramoto Koujo, thanks!
  - Improved autoconf detection of -fstack-protector and -fPIE
  - If 10 digits are not enough to print the size of a file in an
  ls-like output, bump the max number of digits to 18. This adds support for
  files up to 1 exabyte.
  - Don't display dot files (except . and ..) if dot_read_ok is 0 in
  donlist() - but not in sglob() yet. This change is purely cosmetic. There are
  many ways to figure out if a file exists.
- document bnc#756306: pure-ftpd umask setting not working properly
  * /etc/pure-ftpd/pure-ftpd.conf contains a note about a side-effect of pam_umask
- add native pure-ftpd.service for systemd-powered systems
- use the same way how to start the daemon in sysvinit script and put
  $remote_fs dependency
  usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf --daemonize
* Wed Jun 22 2011 mvyskocil@suse.cz
- fix bnc#700611 - pure-ftpd fails with pam
  * pure-ftpd-1.0.32-cap-audit-write.patch