Recommended update for pure-ftpd

Announcement ID: SUSE-RU-2017:1630-1
Rating: moderate
Affected Products:
  • SLES for SAP Applications 11-SP4
  • SUSE Linux Enterprise Server 11 SP4

An update that has three fixes can now be installed.


This update provides pure-ftpd 1.0.43, which brings several fixes and new features.

  • The connection is now dropped if HTTP commands are received.
  • LDAP force_default_gid and force_default_uid now work as documented.
  • The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch is now on by default, except in broken clients compatibility mode.
  • New command-line switch: -2/--certfile= to set the path to the certificate file when using TLS.
  • Support for TCP_FASTOPEN added on Linux.
  • The LDAP configuration file now allows a default gid without also defining a default uid.
  • Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)
  • TLS forward secrecy support was added. DH parameters are loaded from TLS_DHPARAMS_FILE, if present. ECDH is also supported and the default curve is prime256v1 (TLS_DEFAULT_ECDH_CURVE).
  • scrypt hashed passwords can be used in the MySQL, PostgreSQL and LDAP backends.
  • The -C: prefix can be added to the cipher suite in order to make valid client certificates mandatory.
  • The Clear Command Channel (CCC) command is now supported.
  • SSL (v2, v3) is refused by default.
  • DES-hashed passwords are not supported any more.
  • LDAP uid and gid values can over overridden in the LDAP configuration file.
  • RC4 was dropped.
  • Repair checkproc() on Linux when support for capabilities is compiled in.
  • Add support for MFMT, with the same code as SITE UTIME.
  • Support 2-arguments SITE UTIME.
  • Add LDAPDefaultHomeDirectory.
  • Fix quota computation after rename() overwrites an existing file.
  • If 10 digits are not enough to print the size of a file in an ls-like output, bump the max number of digits to 18. This adds support for files up to 1 exabyte.
  • Support SHA1 password hashing in MySQL and PostgreSQL backends.
  • Support for braces expansion in directory listings has been disabled.
  • Introduce --tlsciphersuite (-J) to set the list of allowed ciphers.
  • The -F switch has been documented in the built-in help.
  • Shell-like escaping is now partially handled when emulating the "ls" command.
  • pure-quotacheck can now work with a large number of files.
  • When an upload gets renamed (--autorename), send the new name to the uploadscript instead of the original one.
  • The ALLO command now checks for the actual disk space in addition to the virtual quota.
  • After an atomic resumed upload, don't append the previous file size to the quota.
  • Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset is UTF8.
  • Reset the CWD failures counter after a successful directory has been created.
  • Allow users with no quota to delete .pureftpd-upload-* files.
  • Properly change the process name on Linux when the -S option is used.
  • Restore the traditional behavior of a download restarting at the end of a file.
  • Refuse empty passwords in LDAP bind mode.
  • LDAP authentication through binding is now possible in addition to passwords.
  • Almost a complete rewrite of the upload, download and TLS code for more reliability.
  • Don't use atomic uploads unless --notruncate or --autorename have been enabled.
  • List up to 10000 files per directory per default instead of 2000.
  • Quota handling reworked.
  • RNTO support even when quota are enabled.
  • Don't change the TCP window size.
  • Privsep is now enabled by default.

For a comprehensive list of changes please refer to the package's change log.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 11 SP4
    zypper in -t patch slessp4-pure-ftpd-13161=1
  • SLES for SAP Applications 11-SP4
    zypper in -t patch slessp4-pure-ftpd-13161=1

Package List:

  • SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
    • pure-ftpd-1.0.43-29.1
  • SLES for SAP Applications 11-SP4 (ppc64 x86_64)
    • pure-ftpd-1.0.43-29.1