Recommended update for pure-ftpd
| Announcement ID: | SUSE-RU-2017:1630-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Affected Products: |
|
An update that has three fixes can now be installed.
Description:
This update provides pure-ftpd 1.0.43, which brings several fixes and new features.
- The connection is now dropped if HTTP commands are received.
- LDAP force_default_gid and force_default_uid now work as documented.
- The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch is now on by default, except in broken clients compatibility mode.
- New command-line switch: -2/--certfile= to set the path to the certificate file when using TLS.
- Support for TCP_FASTOPEN added on Linux.
- The LDAP configuration file now allows a default gid without also defining a default uid.
- Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)
- TLS forward secrecy support was added. DH parameters are loaded from TLS_DHPARAMS_FILE, if present. ECDH is also supported and the default curve is prime256v1 (TLS_DEFAULT_ECDH_CURVE).
- scrypt hashed passwords can be used in the MySQL, PostgreSQL and LDAP backends.
- The -C: prefix can be added to the cipher suite in order to make valid client certificates mandatory.
- The Clear Command Channel (CCC) command is now supported.
- SSL (v2, v3) is refused by default.
- DES-hashed passwords are not supported any more.
- LDAP uid and gid values can over overridden in the LDAP configuration file.
- RC4 was dropped.
- Repair checkproc() on Linux when support for capabilities is compiled in.
- Add support for MFMT, with the same code as SITE UTIME.
- Support 2-arguments SITE UTIME.
- Add LDAPDefaultHomeDirectory.
- Fix quota computation after rename() overwrites an existing file.
- If 10 digits are not enough to print the size of a file in an ls-like output, bump the max number of digits to 18. This adds support for files up to 1 exabyte.
- Support SHA1 password hashing in MySQL and PostgreSQL backends.
- Support for braces expansion in directory listings has been disabled.
- Introduce --tlsciphersuite (-J) to set the list of allowed ciphers.
- The -F switch has been documented in the built-in help.
- Shell-like escaping is now partially handled when emulating the "ls" command.
- pure-quotacheck can now work with a large number of files.
- When an upload gets renamed (--autorename), send the new name to the uploadscript instead of the original one.
- The ALLO command now checks for the actual disk space in addition to the virtual quota.
- After an atomic resumed upload, don't append the previous file size to the quota.
- Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset is UTF8.
- Reset the CWD failures counter after a successful directory has been created.
- Allow users with no quota to delete .pureftpd-upload-* files.
- Properly change the process name on Linux when the -S option is used.
- Restore the traditional behavior of a download restarting at the end of a file.
- Refuse empty passwords in LDAP bind mode.
- LDAP authentication through binding is now possible in addition to passwords.
- Almost a complete rewrite of the upload, download and TLS code for more reliability.
- Don't use atomic uploads unless --notruncate or --autorename have been enabled.
- List up to 10000 files per directory per default instead of 2000.
- Quota handling reworked.
- RNTO support even when quota are enabled.
- Don't change the TCP window size.
- Privsep is now enabled by default.
For a comprehensive list of changes please refer to the package's change log.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch slessp4-pure-ftpd-13161=1 -
SLES for SAP Applications 11-SP4
zypper in -t patch slessp4-pure-ftpd-13161=1
Package List:
-
SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
- pure-ftpd-1.0.43-29.1
-
SLES for SAP Applications 11-SP4 (ppc64 x86_64)
- pure-ftpd-1.0.43-29.1