File pure-ftpd.changes of Package pure-ftpd.import4353

Mon Apr 11 13:01:08 UTC 2011 -

- fix bnc#686590 - VUL-0: new pure-ftpd version fix STARTTLS issues similar to
  * flush command buffer after switch to TLS

Thu Oct  7 13:29:41 UTC 2010 -

- add pure-ftpd-1.0.22-oes-bugfix-534424.patch for tracking OES patches
- use macro with_oes to determine if OES patches might be applied or not

Tue Sep 14 18:24:00 UTC 2010 -

- Use with-rfc2640 [bnc#638626]

Tue Jul 20 15:32:37 UTC 2010 -

- add missing buildRequires on libcap-devel 

Tue May 25 13:10:33 UTC 2010 -

- $remote_fs --> network-remotefs  

Fri May 14 18:34:37 UTC 2010 -

- Added "--with-virtualchroot" option;
- Spec file cleaned with spec-cleaner;
- updated to version 1.0.29:
  - max_dlmap_size was size_t instead off_t, causing misalignment while
    downloading > 4 Gb files on a 32-bits arch.
  - pread() vs lseek()+read() was a useless optimization, since pread()
    doesn't change the file position and further reads weren't going through
    plain read() calls.
  - iconv_fd_* should be initialized by (iconv_t) -1 as we test them upon
    exit. Fixes segfaults on glibc.
  - pure-uploadscript tries to reach the pipe during 30 seconds instead of 10.
- changes in version 1.0.28:
  - FTPD_PAM_SERVICE_NAME can be defined in order to change the PAM service
  - When an upload gets renamed (--autorename), send the new name to the
    uploadscript instead of the original one.
  - The ALLO command now checks for the actual disk space in addition to the
    virtal quota.
  - Work around OSX broken poll()
  - After an atomic resumed upload, don't append the previous file size to the 
  - Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset is 
  - Reset the CWD failures counter after a successful directory has been
    created. It avoids spurious disconnections with ncftp.
  - Support for iPhone has been moved to another branch.
  - Fix crash with PostgreSQL.

Fri Feb 12 15:27:50 UTC 2010 -

- updated to version 1.0.27:
 - Have pureftpd_shutdown() shut the server down even if a client is
   connected on iPhone.
 - Allow users with no quota to delete .pureftpd-upload-* files.
 - Unbreak ipv6 support, reported by Brad Smith.
 - Disable SSLv3 renegotiation if an old SSL library is used. If you really
   want to re-enable SSLv3 renegotiation, even with a recent library, you can
- changes in version 1.0.26:
 - Fix incompatibilities with Cyberduck when TLS is enabled.
 - Don't TLS_accept() immediately after accept(). Reply on the connection
   socket first, so that clients don't have to wait before knowing that they
   can actually use TLS. It avoids lags with LFTP and hangs with Cyberduck.
 - Properly change the process name on Linux when the -S option is used, by
   Margus Kaidja.
 - Unbreak authentication of non-chrooted users. Thanks to Juergen Daubert
   for the bug report.
- changes in version 1.0.25:
 - Show symlinks as symlinks in MLSD, except when the broken client
   compatibility mode is turned on and links are not dangling (just like the
   old LIST and NLIST commands). Reported by Mime Cuvalo.
 - More gcc 2 compatibility, thanks to Todd Rinaldo.
 - Properly handle custom paths in man pages. Thanks to Scott Haneda and
   Mathieu Parisot.
 - Have $localstatedir default to /var as it used to be unless
   --localstatedir=... is explicitely passed to ./configure
 - Use @VERSION@ in man pages.
 - --without-pam disables PAM on OSX and iPhone.
 - Allow cross-compilation.
 - Experimental iPhone target.
 - Change the way it links, building a library first.
 - Don't use mmap() any more for downloads. It's too slow.
 - Don't use hard-coded paths in order to find MySQL and PostgreSQL
   libraries and header files. Use mysql_config and pg_config instead.
   Suggested by John Alberts.
 - Log the DELE command similar to the RETR and STOR commands. Suggested by
   Martin Fuxa.
 - The primary group gets cached so that it's always displayed in directory
 - Avoid a client process to burn CPU in an infinite loop if the command
   channel gets disconnected before the data channel. Reported by Thomas Min
   and Margus Kaidja.
 - Restore the traditional behavior of a download restarting at the end of a
   file. For some weird reasons, some clients still insist on doing that. Don't
   send a 55x return code, just let them download... nothing.
 - Documentation updates.
- changes in version 1.0.24:
 - Refuse empty passwords in LDAP bind mode. Reported by Henning Brauer.
 - The package can now be compiled with gcc 2.
- changes in version 1.0.23:
 - LDAP: accept "enabled" as a correct value for FTPStatus as it used to be.
 - More useful error logging for OpenSSL errors.
 - Don't read certificates twice.
 - Fix compilation on Solaris with privsep, thanks to Ritesh Patel.
 - Don't replace : (as in IPv6 addresses) in host names. Thanks to Tero Pelander.
 - Add SUP top AUXILIARY to LDAP schema, suggested by Zhang Huangbin.
 - Don't ignore dot files even if -D is not supplied with the MLSD command.
 - Deinline code
 - Throttling more reliable
 - STAT is now working over TLS
 - DH keys for ephemeral key exchange are now handled
 - Fix libiconv checking
 - The column was missing in the PassivePortRange comment (thanks to Igor Alexadrov)
 - LDAP authentication through binding is now possible in addition to
   passwords. This allows for the FTP server to run with an unprivileged LDAP
   account. It also adds a warning if auth method password is used and doesn't find
   a userPassword attribute. This usually indicates that the LDAP bind DN
   cannot read the attributes, because it doesn't have sufficient privileges.
   Contributed by Wilco Baan Hofman.
 - Perform charset conversions on directory names. Issue spotted by Xianghu Zhao.
 - Almost a complete rewrite of the upload, download and TLS code for more
 - Seemlessly handle ABOR without any SIGURG
 - Try to immediately handle any kind of disconnection
 - Use poll() rather than select() as much as possible
 - Distinguish aborted (even the hard way) and completed download and upload
   operations in log files
 - Minor corrections to he French messages
 - Don't use atomic uploads unless --notruncate or --autorename have been
 - Take care of removing .pureftpd-upload-* files in every possible case
 - List up to 10000 files per directory per default instead of 2000
 - Don't mess with TCP_NOPUSH, as it interferes with OpenSSL
 - New compile-time option: --with-implicittls in order to build a FTPS-only
 - ./configure --localstatedir can now be used in order to avoid storing the
   scoreboard and other dynamic files in /var/run/
 - Quota handling reworked (easier, and way more reliable)
 - RNTO support even when quota are enabled.
 - A bunch of return codes were fixed to be more RFC-conformant.
 - ALLO command is now actually checking if an upload can occur without
   blowing the quota.
 - Don't change the TCP window size. Admins should do this as part of their
   system configuration.
 - Privsep is now enabled by default. Use --without-privsep to disable.
 - --without-banner is gone. If you have a cookie file (-F), the default
   banner won't be displayed.
 - Compile with PAM by default on OSX.
 - Switch the privsep process to _pure-ftpd or pure-ftpd when no privileged
   call is actually necessary. Since only the effective uid chances, it's not
   brutally useful yet, but it paves the way for forthcoming changes.
 - Install man pages with local paths instead of hard-coded ones.

Tue Jan 12 10:23:12 UTC 2010 -

- modified portrange.patch - for PassivePortRange option in pure-ftpd.conf
  we could use now also syntax without colon (bnc#547578) 
- merged config.patch with config_minuid.patch

Fri Jun  5 13:38:32 CEST 2009 -

- fix build

Mon May 25 13:52:55 CEST 2009 -

- Update to version 1.0.22
 - New catalan translation
 - TLS support for LDAP
 - Fix usage of MySQL 5 stored procedures
 - Compatibility with newer OpenLDAP versions
 - Don't hang up during uploads if we get any other command than QUIT and
 - SITE UTIME reads UTC time
 - A space is needed for inline content in response to the MLST command.
 - Time zone issues should be fixed for good. We have to redefine TZ,
   tzset() is not enough on Linux when we are in a chroot environment.
 - Correctly respond to FEAT without removing extra features when passive
   mode is disabled. Thanks to upb.
 - Better process name change setup for Linux.
 - Auto-created home directories are now created with mode 0777 (and
   directory umask is applied), per common request. It's very important to
   double check your umask.
 - Extend gid / uid to 10 digits in ls output. Extend file size as well.
 - Brazilian portuguese translation was updated.
 - Fix SecureFX compatibility.
 - Use PQescapeStringConn() for PostgreSQL instead of hand-made escaping.
 - Don't respond to server that an upload succeeded before the temporary
   file has been renamed.
 - TLS support on data channels
 - Use sendfile() on recent Solaris versions in place of sendfilev().
 - Don't use a deprecated interface for Bonjour registration.
 - Tell authentication handlers if the connection is encrypted or not,
   through a new AUTHD_ENCRYPTED environment variable.
 - Create all directories, not only the basement when on-demand directory
   creation is enabled and the user's home directory looks like /basement/./user.
 - Fixed error reporting when TLS support was compiled in, but TLS wasn't
   enabled on the current session
 - Log full path on file deletion
 - Handle "ftp" and "anonymous" like normal accounts (with passwords) if -E
   (no anonymous logins) is specified. Thanks to Arkadiusz Miskiewicz.
 - Sleep before answering a password failure, not the other way round
 - In broken mode, show symlinks as their real target. It can have side
   effects, don't forget that broken mode is... broken mode.
 - Respect aliasing rules for sockaddr_storage usage.
 - Privsep is enabled by default in the installation GUI.
 - --with-everything now includes privsep.
 - update: fix compilation with gcc 2.x

Thu Jan 15 13:00:31 CET 2009 -

- Move PassivePortRange to numparic_switch_for [bnc#465954]

Mon Sep 15 14:50:54 CEST 2008 -

- limit port range for passv to 30000:30100 to assist firewalling

Mon Jul 21 16:34:26 CEST 2008 -

- do not use tcp send/receive buffer optimization. Might lead to 
  strange side effects when allocating too much stack. [bnc#407363]

Tue Apr  1 16:19:13 CEST 2008 -

- remove dir /usr/share/omc/svcinfo.d as it is provided now
  by filesystem 

Thu Mar 20 15:42:03 CET 2008 -

- Fix ldap schema [bnc:368864]
- add Short-Description to init script

Tue Mar 27 14:53:53 CEST 2007 -

- change path to firewall script (#247352) 

Fri Mar  2 08:38:24 CET 2007 -

- change path to firewall script (#247352) 

Wed Feb 28 08:54:05 CET 2007 -

- pure-ftpd - Support for FATE #300687: Ports for SuSEfirewall
  added via packages (#246931)

Thu Jan 11 09:55:19 CET 2007 -

- change path to xml service document (fate #301713) 

Wed Dec  6 12:48:34 CET 2006 -

- add service xml document (fate #301713 ) 

Wed Sep  6 14:36:48 CEST 2006 -

- fix bug Bug 203798 - Restarting the ftp server using the
  "rcpure-ftpd stop/start" doesn't stop/kill the existing
  client-server instances 

Mon Sep  4 11:15:57 CEST 2006 -

- Add to session management

Thu Aug 31 07:59:18 CEST 2006 -

- update to version 1.0.21 which
  o includes patch pure-ftpd-1.0.20-abort-transfer.patch 
  o Rendezvous has been renamed Bonjour
  o The old PAM sample has been removed
  o -F option added to pure-pw
  o MAX_USER_LENGTH has been bumped to 127 due to popular demand
  o pam/* can now be used if security/* doesn't exist
  o simplify() simplifies paths ending by /. and /..
  o Experimental support for RFC2640 (UTF-8 filename encoding)
  o The LDAP schema has been changed: FTPStatus should be a boolean
  o OPTS MLST has been implemented
  o SITE UTIME has been implemented
  o TCP_CORK is on by default again. A new configure switch,
    --without-cork, can disable it
  o Correctly format %c and %% in fakesprintf()
  o The connection socket is now created with the Nagle algorithm
    disabled. It was the trick to dramatically improve performance
    when transfering a lot of small files
  o Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server

Mon Aug 21 21:31:34 CEST 2006 -

- Reorder auth section of PAM config file to make sure all modules
  will always be evaluated.

Mon Apr 10 17:04:23 CEST 2006 -

- added pure-ftpd-1.0.20_config_minuid.patch:
  * configuration-file/ our ftp user has uid 40.
    if you want to map virtual users to this uid they would be
    blocked from login.

- added pure-ftpd-1.0.20_ftpwho_path.patch:
  * src/ftpwho-update.h: PAGE_SIZE is a function on
    glibc-2.4/kernel-2.6.16 on ppc64. use PATH_MAX for the filename
    member of the FTPWhoEntry_ struct

Wed Jan 25 21:40:41 CET 2006 -

- converted neededforbuild to BuildRequires

Mon Jan 16 16:40:55 CET 2006 -

- Patch from Patrick Gosling to handle transfer aborts during file
  upload correctly. [#133452] 

Fri Jan 13 15:05:03 CET 2006 -

- Make use of Stack Protector

Mon Oct 24 22:06:55 CEST 2005 -

- cleaned up spec file
- add /etc/pure-ftpd/vhosts as base dir for virtual servers.
  (documentation and code changed accordingly.)
- fixed paths in the documenation

Thu Oct 13 12:48:35 CEST 2005 -

- Build with DLDAP_DEPRECATED untill upstream applied one of the 
  various ldap patches floating around on the project page

Wed Aug 24 12:06:08 CEST 2005 -

- disable "funny" ftp messages to be a bit more professional

Mon Nov  8 17:19:11 CET 2004 -

- Use common-* PAM config files for pure-ftpd PAM configuration

Thu Aug 12 12:40:48 CEST 2004 -

- Use --with-diraliases

Thu Aug 12 10:48:44 CEST 2004 -

- Update to 1.0.20 which fixes compatibility issues.

Wed Jun 23 20:38:56 CEST 2004 -

- Update to 1.0.19 including:
  o Real disk space is no more shown.
  o A possible denial of service when too many users were connected
    should be fixed.

Tue Mar  2 23:22:41 CET 2004 -

- Reflect in the configuration file that /etc/pure-ftpd/ now is a
  place to keep all the pure-ftpd configuration files.

Tue Mar  2 22:42:02 CET 2004 -

- Move configuration file when updating
- Fix initscript to use /etc/pure-ftpd/pure-ftpd.conf [#35196]
- Update to 1.0.18 including:
  o UTF-8 characters are now supported in file names [#34829]
  o Buglets were fixed in the documentation.
  o Two new translations were added : hungarian and catalan
  o The server now uses distinct IPv4 and IPv6 to listen to both
    protocols on all operating systems. A new switch, -6, forces the
    server to only listen to IPv6.
  o W3C and CLF alternative log formats are now more standard
  o Pure-FTPd can now produce WU-FTPd (xferlog) compatible log files.
  o Support for Rendezvous was added on MacOS X.
  o Support for Apple / GNUStep plist data output was added to

Fri Feb 27 18:27:16 CET 2004 -

- Enable mysql and postgresql support, since they provide very
  good functionality with only tiny extra dependencies
- Compile with --with-nonalnum to support non alphanumeric chars

Fri Jan 16 13:26:06 CET 2004 -

- Add pam-devel to neededforbuild

Thu Dec  4 14:10:58 CET 2003 -

- Update to pure-ftpd v. 1.0.17a

Wed Oct 15 12:59:03 CEST 2003 -

- Don't build as root

Tue Aug 12 10:55:04 CEST 2003 -

- Update to 1.0.16, with SSL/TLS support and many bugfixes
- Use new macros for stop/restart of services on rpm update/removal

Sun Jul 27 11:19:20 CEST 2003 -

- Support system quotas

Tue Jun 17 13:09:47 CEST 2003 -

- Update to version 1.0.15:
 - A turkish translation has been added.
 - Various functional and portability fixes have been made to the
   handling of upload scripts, to the pure-pw command and to the
   automatic creation of home directories.
 - Accounts in a puredb database can now be quickly listed.
 - The anonymous FTP directory can now be overriden on the Windows
   port (using a WIN32_ANON_DIR environment variable).
 - The default banner has been stripped down to look more
 - Transfer speed on BSD systems has been improved.
 - The license of the whole package has changed from GPL to a
   simplified BSD license.

Thu May 15 12:41:00 CEST 2003 -

- Allow dot-files in general, but prohibit writing of them [#26897]

Wed Apr 30 12:42:52 CEST 2003 -

- Apply the detach patch elsewhere to not break xinetd
- Add note to the xinetd conffile about the xinetd behaviour
- Rearrange the specfile a bit

Thu Mar  6 16:33:14 CET 2003 -

- Fix the xinetd configuration file

Fri Feb 28 15:32:38 CET 2003 -

- Add note to README.LDAP about use_ldap in the pam config

Fri Jan 31 14:33:01 CET 2003 -

- Update to 1.0.14 and add a xinetd configuration file just in case
  the user wants to use it with xinetd. Default behaviour is still

Mon Jan 20 20:42:56 CET 2003 -

- Added patch to detach from fd 0, 1 and 2 [#22836]

Wed Nov 27 14:02:07 CET 2002 -

- Update to 1.0.13a which is a minor feature/bugfix-release

Sat Oct  5 02:34:37 CEST 2002 -

- Changed default config file to only allow ro anonymous logins,
  and tightened security in case writing is enabled.

Sat Aug  3 15:16:27 CEST 2002 -

- Remove symlinks in postinstall script
- Add PreRequires for insserv

Thu Jul  4 16:59:51 CEST 2002 -

- Update to version 1.0.12 (per-user limits)

Fri Apr 26 16:27:00 CEST 2002 -

- Update to version 1.0.11 (minor bug fixes, better LDAP support)

Mon Mar 11 09:48:02 CET 2002 -

- Fix permissions

Sat Feb 16 21:15:14 CET 2002 -

- Fix print arguments [Bug #13389]

Mon Feb 11 18:12:54 CET 2002 -

- flgs in perl-config parser is an array 

Thu Jan 24 20:51:42 CET 2002 -

- Update to version 1.0.8
- Compile with LDAP support

Thu Nov 29 18:22:20 CET 2001 -

- Add pam config file
- Cleanup example config file

Thu Nov 22 17:09:45 CET 2001 -

- Update to 1.0.3 (rename and quota fixes)

Thu Nov  1 10:51:40 CET 2001 -

- Initial release of a secure ftp server with LFS