Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pure-ftpd-1.0.51-lp160.1.1 RPM for s390x

From OpenSuSE Leap 16.0 for s390x

Name: pure-ftpd Distribution: openSUSE Leap 16.0
Version: 1.0.51 Vendor: openSUSE
Release: lp160.1.1 Build date: Thu Feb 29 15:59:24 2024
Group: Productivity/Networking/Ftp/Servers Build host: reproducible
Size: 638974 Source RPM: pure-ftpd-1.0.51-lp160.1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.pureftpd.org
Summary: A Lightweight, Fast, and Secure FTP Server
Pure-FTPd is a fast, production-quality, and standard-conforming FTP
server, based-on Troll-FTPd. Unlike other popular FTP servers, it has
no known security flaws, is trivial to set up, and is especially
designed for modern Linux kernels (setfsuid and sendfile capabilities)
. Features include: PAM support, IPv6, chroot()ed home directories,
virtual domains, built-in LS, anti-warez system, bandwidth throttling,
FXP, bounded ports for passive downloads, upload and download ratios,
Apache log files, and more.

Provides

Requires

License

BSD-3-Clause

Changelog

* Thu Feb 29 2024 Dominique Leuenberger <[email protected]>
  - Use %patch -P N instead of deprecated %patchN.
* Wed Oct 04 2023 Thorsten Kukuk <[email protected]>
  - Add pure-ftpd.ftpusers, the netcfg one is not maintained, outdated
    and will be removed.
  - pure-ftpd.pam: use own copy of ftpusers.
  - Remove hard systemd requires, it's not necessary.
* Mon Jan 16 2023 Stefan Schubert <[email protected]>
  - Migration of PAM settings to /usr/lib/pam.d.
* Mon Aug 01 2022 Dirk Müller <[email protected]>
  - update to 1.0.51:
    * Compatibility with OpenSSL 1.1.0 was improved.
    * PostgreSQL: the port number is not escaped any more in connection
      strings.
    * TLS tickets are issued but not renewed - This fixes compatibility
      issues with some clients.
    * PureDB: additional checks for corrupted databases have been added,
      and synchronization to disk uses F_FULLFSYNC on macOS X.
* Wed Jan 19 2022 Antoine Belvire <[email protected]>
  - Update to version 1.0.50:
    * Support for MD5, SHA1 and MySQL PASSWORD() function were removed for
      password hashing. You should now use scrypt, argon2 or the system crypt(3)
      function.
    * Soft fail if a USER command is received without TLS and the server is
      configured to enforce TLS. Previously, the session was immediately closed,
      but that was too brutal for some clients.
    * Allow connections from the class E network range -- apparently
      required in some cases when using Linux containers.
    * Large file listings used to require way more stack allocations than
      necessary, possibly reaching hard-coded limits and causing a forced
      session close. This has been fixed. (boo#1160111, CVE-2019-20176)
    * The SPSV command has been removed.
    * Under some circunstances, the server would not start when configured
      with directory aliases. This has been fixed.
    * PostgreSQL: hard-coded global configuration strings were not escaped.
      This has been fixed.
    * A warning is now printed when a transfer happens in ASCII mode, as
      this is rarely intentional.
    * Compilation with --without-ascii is now possible again.
    * Configuration options for features that have been disabled at
      compile-time are not parsed any more.
    * When virtual quotas were configured, files were removed after an
      upload if the size quota was exceeded, but not during the upload. This
      has been fixed. (boo#1190205, CVE-2021-40524)
    * A configuration file can now include other files with the `Include`
      directive.
    * Fix an out-of-bound read (boo#1164805, CVE-2020-9365).
    * Fix a potential uninitialized pointer vulnerability (boo#1165134,
      CVE-2020-9274).
  - Build with libsodium-devel to support Argon password scheme.
  - Remove obsolete `---with-rfc2640`: Support for RFC 2640 has been removed in
    version 1.0.48.
  - Rebase patch for bnc#407363:
    * Remove pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch
    * Add pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch
* Wed Oct 20 2021 Johannes Segitz <[email protected]>
  - Added hardening to systemd service(s) (bsc#1181400). Modified:
    * pure-ftpd.service
* Mon May 03 2021 Luigi Baldoni <[email protected]>
  - Small cleanup
* Sat May 01 2021 Luigi Baldoni <[email protected]>
  - Fix build
* Wed May 06 2020 Peter Simons <[email protected]>
  - Update to version 1.0.49.
    * Refresh pure-ftpd-1.0.20_ftpwho_path.patch to
      pure-ftpd-1.0.49_ftpwho_path.patch.
* Tue Mar 17 2020 Max Lin <[email protected]>
  - BuildRequires postgresql-server-devel on Leap version >= 15.2
* Thu Dec 05 2019 Josef Möllers <[email protected]>
  - Add pam_keyinit.so to PAM config file.
    [pure-ftpd.pamd, bsc#1144058]
* Fri Jul 26 2019 [email protected]
  - removal of version checks for outdated distributions
* Thu Jul 25 2019 [email protected]
  - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
    firewalld, see [1].
    [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
* Tue Jun 18 2019 Peter Simons <[email protected]>
  - Add missing run-time dependency on system-user-ftp to ensure that
    user exits. [boo#1136997]
  - Processed the spec file with spec-cleaner version 1.1.3.
* Tue Apr 09 2019 Christophe Giboudeaux <[email protected]>
  - Add the missing build dependency for Tumbleweed.
* Fri Mar 01 2019 [email protected]
  - Apply "pure-ftpd-malloc-limit.patch" to add a configuration
    option that sets the process memory limit used by "ls" for
    globbing. The value can be specified as optional third argument
    to "-L" (or LimitRecursion in config file). Because it's
    optional, the old configuration files will still work without
    change with new binaries and update will be smooth. This change
    allows sites that store an extremely large set of files inside a
    single directory to tune their installation so that the "ls"
    command in that directory will succeed without exceeding the ftpd
    process memory limit. [bsc#1119187]
* Sun Feb 18 2018 [email protected]
  - Version update to 1.0.47:
    * If TLS was only enabled on the control channel (-Y 1), the STAT
      command would send its output as other directory listing
      commands, breaking the TLS stream. This has been fixed.
    * The system user “_ftp” can be used as an alternative to “ftp”
      for anonymous sessions.
    * Compatibility with libsodium > 1.0.12 was added (including
      minimal mode).
    * The prefix for Argon2-hashed passwords in LDAP has been changed
      to “{argon2}” (from “{argon2i}”). Ditto for MySQL and
      PostgreSQL: the authentication method is now called “argon2”
      instead of “argon2i”, and includes both Argon2i and Argon2id.
  - use https for main site and source download
  - switch to bz2 tarball (smaller)
* Thu Jun 15 2017 [email protected]
  - Version update to 1.0.46:
    * Fix build with openssl-1.1
    * The Perl and Python wrappers are gone
    * TLS v1.0 sessions are now refused
    * Unmaintained contributions have been removed
    * File globbing could take up to `GLOB_TIMEOUT` seconds
      (17 seconds by default) when matching some patterns, no matter what the
      configured recursion level was.
  - Refresh patches:
    * pure-ftpd-1.0.20_config.patch
    * pure-ftpd-1.0.20_doc.patch
  - Drop patch pure-ftpd-1.0.32-portrange.patch
    * The upstream no longer provide pure-config.pl/py scripts for launching
    * This also means the initscript and service were tweaked to reflect this
  - Disable xinetd on systemd having versions where we can stick to socket
    based services instead
    * By default it does not make sense to have this service socket activated
      tho so leave it to user to provide this
* Wed Jun 14 2017 [email protected]
  - Fix broken pure-ftpd.init script. We cannot use startproc to run
    /usr/sbin/pure-config.pl, because the utility assumes that the
    name of that executable matches the name of the started process,
    which it does not in our case. Furthermore, the start script will
    write a status message to stdout, so we don't have to do it in
    the init script. [bsc#1042690]
* Sat May 27 2017 [email protected]
  - Fix build on SUSE:SLE-11, which doesn't define the RPM variable
    %{_initddir}, so we have to use %{_sysconfdir}/init.d instead.
* Fri May 19 2017 [email protected]
  - pure-ftpd-apparmor.patch: Add an AppArmor profile (based on the
    one from SLE11).
  - The Factory version of pure-ftp will replace the older package in
    SLE-11 as per fate#321125. That update brings the following
    changes:
    * These patches have been updated and renamed in the process:
    * pure-ftpd-1.0.22-default_tcp_sedrcv_buffer_size.patch is now
      in pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch.
    * pure-ftpd-1.0.21-portrange.patch is now in
      pure-ftpd-1.0.32-portrange.patch.
    * pure-ftpd-1.0.32-cap-audit-write.patch is now in
      pure-ftpd-1.0.36-cap-audit-control.patch.
    * These patches are obsolete now and have been removed:
    * 0001-Act-like-a-server-even-in-TLS-mode-when-in-active-mo.patch
    * 0002-Init-a-TLS-data-session-after-having-sent-the-go-ahe.patch
    * 0003-add-opt_a-to-donlist.patch
    * 0004-support-stat-over-tls.patch
    * 0005-speedup-TLS-listing.patch
    * pure-ftpd-1.0.20_config_minuid.patch
    * pure-ftpd-1.0.22-fix-listing-if-directory-has-white-space-in-it.patch
    * pure-ftpd-1.0.22-flush-cmd-after-tls.patch
    * pure-ftpd-1.0.22-oes-bugfix-1.patch
    * pure-ftpd-1.0.22-oes-bugfix-2.patch
    * pure-ftpd-1.0.22-oes-bugfix.patch
    * pure-ftpd-1.0.22-oes-disable-ascii.patch
    * pure-ftpd-1.0.22-oes_remote_server.patch
    * pure-ftpd-1.0.22-wait-on-tls-handshake.patch
    * pure-ftpd-allow-crypto-settings.patch
    * pure-ftpd-remove-gpl-code.patch
* Fri Aug 05 2016 [email protected]
  - Kill omc xml file useless nowdays
  - Version update to 1.0.43:
    * -J switch has been fixed
    * openBSD compat changes
    * Passwords are now hashed using Argon2i, default for puredb accounts now
* Tue May 10 2016 [email protected]
  - fix systemd unit file so the service actually starts (boo#872430)
* Thu Apr 14 2016 [email protected]
  - Add -fvisibility=hidden for bnc#971980
* Sat Jan 16 2016 [email protected]
  - Add gpg signature
* Fri Jan 08 2016 [email protected]
  - Version update to 1.0.42:
    - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
      compiled with libsodium.
    - The connection is now dropped if HTTP commands are received.
    - LDAP force_default_gid and force_default_uid now work as documented.
    - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
      1.0.22 circa 2009, but disabled back then due to client compatibility
      concerns) is now on by default, except in broken clients compatibility mode.
    - libmariadb is looked for in addition to libmysqlclient
    - MySQL: my_make_scrambled_password() is not always an exported
      symbol any more, so pure-ftpd now ships a reimplementation.
    - openssl/ec.h is not available on some Linux distributions that
      disable EC in OpenSSL. This is being tested by autoconf.
    - New command-line switch: -2/--certfile= to set the path to the
      certificate file when using TLS.
    - Support for TCP_FASTOPEN added on Linux
    - The LDAP configuration file didn't allow a default gid without also
      defining a default uid. This is no longer the case.
    - OpenBSD's glob() left the glob_t structure uninitialized if the
      pattern was larger than PATH_MAX, causing globfree() to free() an
      unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.
  - Refresh patch:
    * pure-ftpd-1.0.20_config.patch
* Fri Jun 05 2015 [email protected]
  - Reenable sle11 builds I need for testing.
* Fri Jun 05 2015 [email protected]
  - Remove gpg/keyring, not provided now by upstream
  - Cleanup with spec-cleaner
  - Update to latest upstream 1.0.39:
    * Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5)
    * Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)
    * The default cipher suite is now
      ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH
    * TLS forward secrecy support was added. DH parameters are loaded from
      TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve
      is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically
      selected when using LibreSSL.
    * scrypt hashed passwords can be used in the MySQL, PostgreSQL and
      LDAP backends.
    * The -C: prefix can be added to the cipher suite in order to make valid
      client certificates mandatory. This is no longer a compile-time option.
    * The Clear Command Channel (CCC) command is now supported.
    * pure-config.py is compatible with Python 3.
    * SSL (v2, v3) is refused by default.
    * The PureDB backend supports the scrypt function in order to hash
      passwords. This is the preferred algorithm, but requires the presence
      of libsodium.
    * DES-hashed passwords are not supported any more.
    * LDAP uid and gid values can over overridden in the LDAP configuration file.
    * RC4 was killed.
  - Refreshed patches:
    * pure-ftpd-1.0.20_config.patch
    * pure-ftpd-1.0.20_doc.patch
    * pure-ftpd-1.0.20_ftpwho_path.patch
* Wed Apr 09 2014 [email protected]
  - Remove all init scripts but keep the rc link working.
* Wed Jan 23 2013 [email protected]
  - fix bnc#789833: pure-ftpd login failes
    * pure-ftpd-1.0.36-cap-audit-control.patch
  - remove oes related patches have never used at openSUSE
    * pure-ftpd-1.0.20-oes_remote_server.patch
    * pure-ftpd-1.0.22-oes-bugfix-534424.patch
  - change old PreReq to Requires(pre)
  - add version to pureftpd symbol
* Thu Nov 29 2012 [email protected]
  - Verify GPG signature.
* Wed Aug 29 2012 [email protected]
  - add gpg signature file for easier verification
* Wed Aug 29 2012 [email protected]
  - systemd: Do not fork in the background
* Fri Apr 20 2012 [email protected]
  - spec file: fixed pure-ftpd.service file installation
* Tue Apr 10 2012 [email protected]
  - update to 1.0.36 :
    - Sync built-in glob(3) code with OpenBSD-current, and remove code we
    don't use instead of ifdef'ing it.
    - Repair checkproc() on Linux when support for capabitilies is
    compiled in. Reported by Eric Gouyer.
    - Don't read /dev/*random every time we need a value. Just use
    arc4random() everywhere and seed it before we possibly chroot().
    - Add support for MFMT, with the same code as SITE UTIME.
    - Support 2-arguments SITE UTIME.
    - LDAP: Add LDAPDefaultHomeDirectory, suggested by Landry Breuil.
    - Add SSL_OP_NO_SSLv3 to SSL options if the list of ciphers is
    prefixed by -S: , needed by Brad.
    - Use more paranoid compiler options whenever possible, and preliminary
    uncluttering of the autoconf script.
    - Try to cache locale-related data at startup after tzset(), rather
    than during a session.
    - Fix quota computation after rename() overwrites an existing file.
    Reported by Hiramoto Koujo, thanks!
    - Improved autoconf detection of -fstack-protector and -fPIE
    - If 10 digits are not enough to print the size of a file in an
    ls-like output, bump the max number of digits to 18. This adds support for
    files up to 1 exabyte.
    - Don't display dot files (except . and ..) if dot_read_ok is 0 in
    donlist() - but not in sglob() yet. This change is purely cosmetic. There are
    many ways to figure out if a file exists.
  - document bnc#756306: pure-ftpd umask setting not working properly
    * /etc/pure-ftpd/pure-ftpd.conf contains a note about a side-effect of pam_umask
  - add native pure-ftpd.service for systemd-powered systems
  - use the same way how to start the daemon in sysvinit script and put
    $remote_fs dependency
    usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf --daemonize
* Wed Jun 22 2011 [email protected]
  - fix bnc#700611 - pure-ftpd fails with pam
    * pure-ftpd-1.0.32-cap-audit-write.patch
* Fri May 27 2011 [email protected]
  - Update to 1.0.32:
    - Support SHA1 password hashing in MySQL and PostgreSQL backends
    - Support for braces expansion in directory listings has been
      disabled - Cf. CVE-2011-0418
  - Aditional changes FROM 1.0.31:
    - Introduce --tlsciphersuite (-J) to set the list of allowed ciphers,
      thanks to Todd Rinaldo.
    - The -F switch has been documented in the built-in help.
    - Shell-like escaping is now partially handled when emulating the "ls"
      command.
    - Use my_make_scrambled_password() instead of make_scrambled_password().
      Suggested by Arkadiusz Miskiewicz.
  - Refresh and fix patch for [bnc#407363]:
    - old: patch pure-ftpd-1.0.22-default_tcp_sedrcv_buffer_size.patch
    - new: patch pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch
  - Refresh PassivePortRange patch:
    - old: pure-ftpd-1.0.21-portrange.patch
    - new: pure-ftpd-1.0.32-portrange.patch
* Mon Apr 11 2011 [email protected]
  - update to 1.0.30
    * pure-quotacheck can now work with a large number of files.
    * OPTS UTF-8 is now an alias to OPTS UTF8.
    * Fix a STARTTLS flaw similar to Postfix’s CVE-2011-0411. If you’re using
      TLS, upgrading is recommended.
    * Provide ANSI-compliant MySQL configuration example.
    * Fix some issues with man pages.
* Thu Oct 07 2010 [email protected]
  - add pure-ftpd-1.0.22-oes-bugfix-534424.patch for tracking OES patches
  - use macro with_oes to determine if OES patches might be applied or not
* Tue Sep 14 2010 [email protected]
  - Use with-rfc2640 [bnc#638626]
* Tue Jul 20 2010 [email protected]
  - add missing buildRequires on libcap-devel
* Tue May 25 2010 [email protected]
  - $remote_fs --> network-remotefs
* Fri May 14 2010 [email protected]
  - Added "--with-virtualchroot" option;
  - Spec file cleaned with spec-cleaner;
  - updated to version 1.0.29:
    - max_dlmap_size was size_t instead off_t, causing misalignment while
      downloading > 4 Gb files on a 32-bits arch.
    - pread() vs lseek()+read() was a useless optimization, since pread()
      doesn't change the file position and further reads weren't going through
      plain read() calls.
    - iconv_fd_* should be initialized by (iconv_t) -1 as we test them upon
      exit. Fixes segfaults on glibc.
    - pure-uploadscript tries to reach the pipe during 30 seconds instead of 10.
  - changes in version 1.0.28:
    - FTPD_PAM_SERVICE_NAME can be defined in order to change the PAM service
      name.
    - When an upload gets renamed (--autorename), send the new name to the
      uploadscript instead of the original one.
    - The ALLO command now checks for the actual disk space in addition to the
      virtal quota.
    - Work around OSX broken poll()
    - After an atomic resumed upload, don't append the previous file size to the
      quota.
    - Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset is
      UTF8.
    - Fix AUTHD_ENCRYPTED
    - Reset the CWD failures counter after a successful directory has been
      created. It avoids spurious disconnections with ncftp.
    - Support for iPhone has been moved to another branch.
    - Fix crash with PostgreSQL.
* Fri Feb 12 2010 [email protected]
  - updated to version 1.0.27:
    - Have pureftpd_shutdown() shut the server down even if a client is
    connected on iPhone.
    - Allow users with no quota to delete .pureftpd-upload-* files.
    - Unbreak ipv6 support, reported by Brad Smith.
    - Disable SSLv3 renegotiation if an old SSL library is used. If you really
    want to re-enable SSLv3 renegotiation, even with a recent library, you can
    always define ACCEPT_SSL_RENEGOTIATION.
  - changes in version 1.0.26:
    - Fix incompatibilities with Cyberduck when TLS is enabled.
    - Don't TLS_accept() immediately after accept(). Reply on the connection
    socket first, so that clients don't have to wait before knowing that they
    can actually use TLS. It avoids lags with LFTP and hangs with Cyberduck.
    - Properly change the process name on Linux when the -S option is used, by
    Margus Kaidja.
    - Unbreak authentication of non-chrooted users. Thanks to Juergen Daubert
    for the bug report.
  - changes in version 1.0.25:
    - Show symlinks as symlinks in MLSD, except when the broken client
    compatibility mode is turned on and links are not dangling (just like the
    old LIST and NLIST commands). Reported by Mime Cuvalo.
    - More gcc 2 compatibility, thanks to Todd Rinaldo.
    - Properly handle custom paths in man pages. Thanks to Scott Haneda and
    Mathieu Parisot.
    - Have $localstatedir default to /var as it used to be unless
    - -localstatedir=... is explicitely passed to ./configure
    - Use @VERSION@ in man pages.
    - --without-pam disables PAM on OSX and iPhone.
    - Allow cross-compilation.
    - Experimental iPhone target.
    - Change the way it links, building a library first.
    - Don't use mmap() any more for downloads. It's too slow.
    - Don't use hard-coded paths in order to find MySQL and PostgreSQL
    libraries and header files. Use mysql_config and pg_config instead.
    Suggested by John Alberts.
    - Log the DELE command similar to the RETR and STOR commands. Suggested by
    Martin Fuxa.
    - The primary group gets cached so that it's always displayed in directory
    listings.
    - Avoid a client process to burn CPU in an infinite loop if the command
    channel gets disconnected before the data channel. Reported by Thomas Min
    and Margus Kaidja.
    - Restore the traditional behavior of a download restarting at the end of a
    file. For some weird reasons, some clients still insist on doing that. Don't
    send a 55x return code, just let them download... nothing.
    - Documentation updates.
  - changes in version 1.0.24:
    - Refuse empty passwords in LDAP bind mode. Reported by Henning Brauer.
    - The package can now be compiled with gcc 2.
  - changes in version 1.0.23:
    - LDAP: accept "enabled" as a correct value for FTPStatus as it used to be.
    - More useful error logging for OpenSSL errors.
    - Don't read certificates twice.
    - Fix compilation on Solaris with privsep, thanks to Ritesh Patel.
    - Don't replace : (as in IPv6 addresses) in host names. Thanks to Tero Pelander.
    - Add SUP top AUXILIARY to LDAP schema, suggested by Zhang Huangbin.
    - Don't ignore dot files even if -D is not supplied with the MLSD command.
    - Deinline code
    - Throttling more reliable
    - STAT is now working over TLS
    - DH keys for ephemeral key exchange are now handled
    - Fix libiconv checking
    - The column was missing in the PassivePortRange comment (thanks to Igor Alexadrov)
    - LDAP authentication through binding is now possible in addition to
    passwords. This allows for the FTP server to run with an unprivileged LDAP
    account. It also adds a warning if auth method password is used and doesn't find
    a userPassword attribute. This usually indicates that the LDAP bind DN
    cannot read the attributes, because it doesn't have sufficient privileges.
    Contributed by Wilco Baan Hofman.
    - Perform charset conversions on directory names. Issue spotted by Xianghu Zhao.
    - Almost a complete rewrite of the upload, download and TLS code for more
    reliability
    - Seemlessly handle ABOR without any SIGURG
    - Try to immediately handle any kind of disconnection
    - Use poll() rather than select() as much as possible
    - Distinguish aborted (even the hard way) and completed download and upload
    operations in log files
    - Minor corrections to he French messages
    - Don't use atomic uploads unless --notruncate or --autorename have been
    enabled
    - Take care of removing .pureftpd-upload-* files in every possible case
    - List up to 10000 files per directory per default instead of 2000
    - Don't mess with TCP_NOPUSH, as it interferes with OpenSSL
    - New compile-time option: --with-implicittls in order to build a FTPS-only
    server
    - ./configure --localstatedir can now be used in order to avoid storing the
    scoreboard and other dynamic files in /var/run/
    - Quota handling reworked (easier, and way more reliable)
    - RNTO support even when quota are enabled.
    - A bunch of return codes were fixed to be more RFC-conformant.
    - ALLO command is now actually checking if an upload can occur without
    blowing the quota.
    - Don't change the TCP window size. Admins should do this as part of their
    system configuration.
    - Privsep is now enabled by default. Use --without-privsep to disable.
    - --without-banner is gone. If you have a cookie file (-F), the default
    banner won't be displayed.
    - Compile with PAM by default on OSX.
    - Switch the privsep process to _pure-ftpd or pure-ftpd when no privileged
    call is actually necessary. Since only the effective uid chances, it's not
    brutally useful yet, but it paves the way for forthcoming changes.
    - Install man pages with local paths instead of hard-coded ones.
* Tue Jan 12 2010 [email protected]
  - modified portrange.patch - for PassivePortRange option in pure-ftpd.conf
    we could use now also syntax without colon (bnc#547578)
  - merged config.patch with config_minuid.patch
* Fri Jun 05 2009 [email protected]
  - fix build
* Mon May 25 2009 [email protected]
  - Update to version 1.0.22
    - New catalan translation
    - TLS support for LDAP
    - Fix usage of MySQL 5 stored procedures
    - Compatibility with newer OpenLDAP versions
    - Don't hang up during uploads if we get any other command than QUIT and
    ABORT.
    - SITE UTIME reads UTC time
    - A space is needed for inline content in response to the MLST command.
    - Time zone issues should be fixed for good. We have to redefine TZ,
    tzset() is not enough on Linux when we are in a chroot environment.
    - Correctly respond to FEAT without removing extra features when passive
    mode is disabled. Thanks to upb.
    - Better process name change setup for Linux.
    - Auto-created home directories are now created with mode 0777 (and
    directory umask is applied), per common request. It's very important to
    double check your umask.
    - Extend gid / uid to 10 digits in ls output. Extend file size as well.
    - Brazilian portuguese translation was updated.
    - Fix SecureFX compatibility.
    - Use PQescapeStringConn() for PostgreSQL instead of hand-made escaping.
    - Don't respond to server that an upload succeeded before the temporary
    file has been renamed.
    - TLS support on data channels
    - Use sendfile() on recent Solaris versions in place of sendfilev().
    - Don't use a deprecated interface for Bonjour registration.
    - Tell authentication handlers if the connection is encrypted or not,
    through a new AUTHD_ENCRYPTED environment variable.
    - Create all directories, not only the basement when on-demand directory
    creation is enabled and the user's home directory looks like /basement/./user.
    - Fixed error reporting when TLS support was compiled in, but TLS wasn't
    enabled on the current session
    - Log full path on file deletion
    - Handle "ftp" and "anonymous" like normal accounts (with passwords) if -E
    (no anonymous logins) is specified. Thanks to Arkadiusz Miskiewicz.
    - Sleep before answering a password failure, not the other way round
    - In broken mode, show symlinks as their real target. It can have side
    effects, don't forget that broken mode is... broken mode.
    - Respect aliasing rules for sockaddr_storage usage.
    - Privsep is enabled by default in the installation GUI.
    - --with-everything now includes privsep.
    - update: fix compilation with gcc 2.x
* Thu Jan 15 2009 [email protected]
  - Move PassivePortRange to numparic_switch_for [bnc#465954]
* Mon Sep 15 2008 [email protected]
  - limit port range for passv to 30000:30100 to assist firewalling
    [bnc#420671]
* Mon Jul 21 2008 [email protected]
  - do not use tcp send/receive buffer optimization. Might lead to
    strange side effects when allocating too much stack. [bnc#407363]
* Tue Apr 01 2008 [email protected]
  - remove dir /usr/share/omc/svcinfo.d as it is provided now
    by filesystem
* Thu Mar 20 2008 [email protected]
  - Fix ldap schema [bnc:368864]
  - add Short-Description to init script
* Tue Mar 27 2007 [email protected]
  - change path to firewall script (#247352)
* Fri Mar 02 2007 [email protected]
  - change path to firewall script (#247352)
* Wed Feb 28 2007 [email protected]
  - pure-ftpd - Support for FATE #300687: Ports for SuSEfirewall
    added via packages (#246931)
* Thu Jan 11 2007 [email protected]
  - change path to xml service document (fate #301713)
* Wed Dec 06 2006 [email protected]
  - add service xml document (fate #301713 )
* Wed Sep 06 2006 [email protected]
  - fix bug Bug 203798 - Restarting the ftp server using the
    "rcpure-ftpd stop/start" doesn't stop/kill the existing
    client-server instances
* Mon Sep 04 2006 [email protected]
  - Add pam_loginuid.so to session management
* Thu Aug 31 2006 [email protected]
  - update to version 1.0.21 which
    o includes patch pure-ftpd-1.0.20-abort-transfer.patch
    o Rendezvous has been renamed Bonjour
    o The old PAM sample has been removed
    o -F option added to pure-pw
    o MAX_USER_LENGTH has been bumped to 127 due to popular demand
    o pam/* can now be used if security/* doesn't exist
    o simplify() simplifies paths ending by /. and /..
    o Experimental support for RFC2640 (UTF-8 filename encoding)
    o The LDAP schema has been changed: FTPStatus should be a boolean
    o OPTS MLST has been implemented
    o SITE UTIME has been implemented
    o TCP_CORK is on by default again. A new configure switch,
    - -without-cork, can disable it
    o Correctly format %c and %% in fakesprintf()
    o The connection socket is now created with the Nagle algorithm
      disabled. It was the trick to dramatically improve performance
      when transfering a lot of small files
    o Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server
* Mon Aug 21 2006 [email protected]
  - Reorder auth section of PAM config file to make sure all modules
    will always be evaluated.
* Mon Apr 10 2006 [email protected]
  - added pure-ftpd-1.0.20_config_minuid.patch:
    * configuration-file/pure-ftpd.conf.in: our ftp user has uid 40.
      if you want to map virtual users to this uid they would be
      blocked from login.
  - added pure-ftpd-1.0.20_ftpwho_path.patch:
    * src/ftpwho-update.h: PAGE_SIZE is a function on
      glibc-2.4/kernel-2.6.16 on ppc64. use PATH_MAX for the filename
      member of the FTPWhoEntry_ struct
* Wed Jan 25 2006 [email protected]
  - converted neededforbuild to BuildRequires
* Mon Jan 16 2006 [email protected]
  - Patch from Patrick Gosling to handle transfer aborts during file
    upload correctly. [#133452]
* Fri Jan 13 2006 [email protected]
  - Make use of Stack Protector
* Mon Oct 24 2005 [email protected]
  - cleaned up spec file
  - add /etc/pure-ftpd/vhosts as base dir for virtual servers.
    (documentation and code changed accordingly.)
  - fixed paths in the documenation
* Thu Oct 13 2005 [email protected]
  - Build with DLDAP_DEPRECATED untill upstream applied one of the
    various ldap patches floating around on the sf.net project page
* Wed Aug 24 2005 [email protected]
  - disable "funny" ftp messages to be a bit more professional
* Mon Nov 08 2004 [email protected]
  - Use common-* PAM config files for pure-ftpd PAM configuration
* Thu Aug 12 2004 [email protected]
  - Use --with-diraliases
* Thu Aug 12 2004 [email protected]
  - Update to 1.0.20 which fixes compatibility issues.
* Wed Jun 23 2004 [email protected]
  - Update to 1.0.19 including:
    o Real disk space is no more shown.
    o A possible denial of service when too many users were connected
      should be fixed.
* Tue Mar 02 2004 [email protected]
  - Reflect in the configuration file that /etc/pure-ftpd/ now is a
    place to keep all the pure-ftpd configuration files.
* Tue Mar 02 2004 [email protected]
  - Move configuration file when updating
  - Fix initscript to use /etc/pure-ftpd/pure-ftpd.conf [#35196]
  - Update to 1.0.18 including:
    o UTF-8 characters are now supported in file names [#34829]
    o Buglets were fixed in the documentation.
    o Two new translations were added : hungarian and catalan
    o The server now uses distinct IPv4 and IPv6 to listen to both
      protocols on all operating systems. A new switch, -6, forces the
      server to only listen to IPv6.
    o W3C and CLF alternative log formats are now more standard
      conformant.
    o Pure-FTPd can now produce WU-FTPd (xferlog) compatible log files.
    o Support for Rendezvous was added on MacOS X.
    o Support for Apple / GNUStep plist data output was added to
      pure-ftpwho.
* Fri Feb 27 2004 [email protected]
  - Enable mysql and postgresql support, since they provide very
    good functionality with only tiny extra dependencies
  - Compile with --with-nonalnum to support non alphanumeric chars
* Fri Jan 16 2004 [email protected]
  - Add pam-devel to neededforbuild
* Thu Dec 04 2003 [email protected]
  - Update to pure-ftpd v. 1.0.17a
* Wed Oct 15 2003 [email protected]
  - Don't build as root
* Tue Aug 12 2003 [email protected]
  - Update to 1.0.16, with SSL/TLS support and many bugfixes
  - Use new macros for stop/restart of services on rpm update/removal
* Sun Jul 27 2003 [email protected]
  - Support system quotas
* Tue Jun 17 2003 [email protected]
  - Update to version 1.0.15:
    - A turkish translation has been added.
    - Various functional and portability fixes have been made to the
    handling of upload scripts, to the pure-pw command and to the
    automatic creation of home directories.
    - Accounts in a puredb database can now be quickly listed.
    - The anonymous FTP directory can now be overriden on the Windows
    port (using a WIN32_ANON_DIR environment variable).
    - The default banner has been stripped down to look more
    professionnal.
    - Transfer speed on BSD systems has been improved.
    - The license of the whole package has changed from GPL to a
    simplified BSD license.
* Thu May 15 2003 [email protected]
  - Allow dot-files in general, but prohibit writing of them [#26897]
* Wed Apr 30 2003 [email protected]
  - Apply the detach patch elsewhere to not break xinetd
  - Add note to the xinetd conffile about the xinetd behaviour
  - Rearrange the specfile a bit
* Thu Mar 06 2003 [email protected]
  - Fix the xinetd configuration file
* Fri Feb 28 2003 [email protected]
  - Add note to README.LDAP about use_ldap in the pam config
* Fri Jan 31 2003 [email protected]
  - Update to 1.0.14 and add a xinetd configuration file just in case
    the user wants to use it with xinetd. Default behaviour is still
    standalone.
* Mon Jan 20 2003 [email protected]
  - Added patch to detach from fd 0, 1 and 2 [#22836]
* Wed Nov 27 2002 [email protected]
  - Update to 1.0.13a which is a minor feature/bugfix-release
* Sat Oct 05 2002 [email protected]
  - Changed default config file to only allow ro anonymous logins,
    and tightened security in case writing is enabled.
* Sat Aug 03 2002 [email protected]
  - Remove symlinks in postinstall script
  - Add PreRequires for insserv
* Thu Jul 04 2002 [email protected]
  - Update to version 1.0.12 (per-user limits)
* Fri Apr 26 2002 [email protected]
  - Update to version 1.0.11 (minor bug fixes, better LDAP support)
* Mon Mar 11 2002 [email protected]
  - Fix permissions
* Sat Feb 16 2002 [email protected]
  - Fix print arguments [Bug #13389]
* Mon Feb 11 2002 [email protected]
  - flgs in perl-config parser is an array
* Thu Jan 24 2002 [email protected]
  - Update to version 1.0.8
  - Compile with LDAP support
* Thu Nov 29 2001 [email protected]
  - Add pam config file
  - Cleanup example config file
* Thu Nov 22 2001 [email protected]
  - Update to 1.0.3 (rename and quota fixes)
* Thu Nov 01 2001 [email protected]
  - Initial release of a secure ftp server with LFS

Files

/etc/apparmor
/etc/apparmor/profiles
/etc/apparmor/profiles/extras
/etc/apparmor/profiles/extras/usr.sbin.pure-ftpd
/etc/openldap
/etc/openldap/schema
/etc/openldap/schema/pureftpd.schema
/etc/pure-ftpd
/etc/pure-ftpd/ftpusers
/etc/pure-ftpd/pure-ftpd.conf
/etc/pure-ftpd/vhosts
/usr/bin/pure-pw
/usr/bin/pure-pwconvert
/usr/bin/pure-statsdecode
/usr/lib/pam.d/pure-ftpd
/usr/lib/systemd/system/pure-ftpd.service
/usr/sbin/pure-authd
/usr/sbin/pure-certd
/usr/sbin/pure-ftpd
/usr/sbin/pure-ftpwho
/usr/sbin/pure-mrtginfo
/usr/sbin/pure-quotacheck
/usr/sbin/pure-uploadscript
/usr/sbin/rcpure-ftpd
/usr/share/doc/packages/pure-ftpd
/usr/share/doc/packages/pure-ftpd/AUTHORS
/usr/share/doc/packages/pure-ftpd/FAQ
/usr/share/doc/packages/pure-ftpd/HISTORY
/usr/share/doc/packages/pure-ftpd/NEWS
/usr/share/doc/packages/pure-ftpd/README
/usr/share/doc/packages/pure-ftpd/README.AppArmor
/usr/share/doc/packages/pure-ftpd/README.Authentication-Modules
/usr/share/doc/packages/pure-ftpd/README.Configuration-File
/usr/share/doc/packages/pure-ftpd/README.Donations
/usr/share/doc/packages/pure-ftpd/README.LDAP
/usr/share/doc/packages/pure-ftpd/README.MySQL
/usr/share/doc/packages/pure-ftpd/README.PGSQL
/usr/share/doc/packages/pure-ftpd/README.TLS
/usr/share/doc/packages/pure-ftpd/README.Virtual-Users
/usr/share/doc/packages/pure-ftpd/THANKS
/usr/share/doc/packages/pure-ftpd/pureftpd-ldap.conf
/usr/share/doc/packages/pure-ftpd/pureftpd-mysql.conf
/usr/share/doc/packages/pure-ftpd/pureftpd-pgsql.conf
/usr/share/licenses/pure-ftpd
/usr/share/licenses/pure-ftpd/COPYING
/usr/share/man/man8/pure-authd.8.gz
/usr/share/man/man8/pure-certd.8.gz
/usr/share/man/man8/pure-ftpd.8.gz
/usr/share/man/man8/pure-ftpwho.8.gz
/usr/share/man/man8/pure-mrtginfo.8.gz
/usr/share/man/man8/pure-pw.8.gz
/usr/share/man/man8/pure-pwconvert.8.gz
/usr/share/man/man8/pure-quotacheck.8.gz
/usr/share/man/man8/pure-statsdecode.8.gz
/usr/share/man/man8/pure-uploadscript.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jan 12 00:19:47 2025