Recommended update for pure-ftpd
Announcement ID: | SUSE-RU-2017:1630-1 |
Rating: | moderate |
References: | #1042690 #971980 #986520 |
Affected Products: |
An update that has three recommended fixes can now be installed.
Description:
This update provides pure-ftpd 1.0.43, which brings several fixes and new
features.
- The connection is now dropped if HTTP commands are received.
- LDAP force_default_gid and force_default_uid now work as documented.
- The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch is now on by default, except
in broken clients compatibility mode.
- New command-line switch: -2/--certfile= to set the path to the
certificate file when using TLS.
- Support for TCP_FASTOPEN added on Linux.
- The LDAP configuration file now allows a default gid without also
defining a default uid.
- Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)
- TLS forward secrecy support was added. DH parameters are loaded from
TLS_DHPARAMS_FILE, if present. ECDH is also supported and the default
curve is prime256v1 (TLS_DEFAULT_ECDH_CURVE).
- scrypt hashed passwords can be used in the MySQL, PostgreSQL and LDAP
backends.
- The -C: prefix can be added to the cipher suite in order to make valid
client certificates mandatory.
- The Clear Command Channel (CCC) command is now supported.
- SSL (v2, v3) is refused by default.
- DES-hashed passwords are not supported any more.
- LDAP uid and gid values can over overridden in the LDAP configuration
file.
- RC4 was dropped.
- Repair checkproc() on Linux when support for capabilities is compiled in.
- Add support for MFMT, with the same code as SITE UTIME.
- Support 2-arguments SITE UTIME.
- Add LDAPDefaultHomeDirectory.
- Fix quota computation after rename() overwrites an existing file.
- If 10 digits are not enough to print the size of a file in an ls-like
output, bump the max number
of digits to 18. This adds support for files up to 1 exabyte.
- Support SHA1 password hashing in MySQL and PostgreSQL backends.
- Support for braces expansion in directory listings has been disabled.
- Introduce --tlsciphersuite (-J) to set the list of allowed ciphers.
- The -F switch has been documented in the built-in help.
- Shell-like escaping is now partially handled when emulating the "ls"
command.
- pure-quotacheck can now work with a large number of files.
- When an upload gets renamed (--autorename), send the new name to the
uploadscript instead of the
original one.
- The ALLO command now checks for the actual disk space in addition to the
virtual quota.
- After an atomic resumed upload, don't append the previous file size to
the quota.
- Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset
is UTF8.
- Reset the CWD failures counter after a successful directory has been
created.
- Allow users with no quota to delete .pureftpd-upload-* files.
- Properly change the process name on Linux when the -S option is used.
- Restore the traditional behavior of a download restarting at the end of
a file.
- Refuse empty passwords in LDAP bind mode.
- LDAP authentication through binding is now possible in addition to
passwords.
- Almost a complete rewrite of the upload, download and TLS code for more
reliability.
- Don't use atomic uploads unless --notruncate or --autorename have been
enabled.
- List up to 10000 files per directory per default instead of 2000.
- Quota handling reworked.
- RNTO support even when quota are enabled.
- Don't change the TCP window size.
- Privsep is now enabled by default.
For a comprehensive list of changes please refer to the package's change
log.
Patch Instructions:
To install this SUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-pure-ftpd-13161=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-pure-ftpd-13161=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
- pure-ftpd-1.0.43-29.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
- pure-ftpd-debuginfo-1.0.43-29.1
- pure-ftpd-debugsource-1.0.43-29.1