CVE-2024-48208

OBS-URL: https://build.opensuse.org/package/show/network/pure-ftpd?expand=0&rev=94

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

CVE-2024-48208.patch

@@ -0,0 +1,25 @@
+From 2bbe0f25c6b905044803649a29df5f765f940b91 Mon Sep 17 00:00:00 2001
+From: Frank Denis <github@pureftpd.org>
+Date: Fri, 25 Oct 2024 10:20:24 +0200
+Subject: [PATCH] Fix code similar to the one fixed in 350d66fbbd6
+
+Noticed by @StayPirate, thanks!
+---
+ src/ls.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/ls.c b/src/ls.c
+index 9063646..94150ad 100644
+--- a/src/ls.c
++++ b/src/ls.c
+@@ -972,8 +972,8 @@ void donlst(const char *base)
+ 
+     if (*base != 0 && chdir(base) != 0) {
+         if (*base++ == '-') {
+-            while (!isspace((unsigned char) *base++));
+-            while (isspace((unsigned char) *base++));
++            while (*base != 0 && !isspace((unsigned char) *base++));
++            while (*base != 0 && isspace((unsigned char) *base++));
+             if (*base != 0 && chdir(base) != 0) {
+                 addreply_noformat(550, MSG_STAT_FAILURE2);
+                 return;

pure-ftpd-1.0.20_config.patch

@@ -0,0 +1,116 @@
+Index: pure-ftpd.conf.in
+===================================================================
+--- pure-ftpd.conf.in.orig
++++ pure-ftpd.conf.in
+@@ -37,19 +37,20 @@ BrokenClientsCompatibility   no
+ 
+ # Maximum number of simultaneous users
+ 
+-MaxClientsNumber             50
++MaxClientsNumber             10
+ 
+ 
+ 
+-# Run as a background process
++# Run as a background process, do not change as systemd needs this to be
++# foreground
+ 
+-Daemonize                    yes
++Daemonize                    no
+ 
+ 
+ 
+ # Maximum number of simultaneous clients with the same IP address
+ 
+-MaxClientsPerIP              8
++MaxClientsPerIP              3
+ 
+ 
+ 
+@@ -59,6 +60,9 @@ MaxClientsPerIP              8
+ VerboseLog                   no
+ 
+ 
++# Allow dot-files
++AllowDotFiles               yes
++
+ 
+ # List dot-files even when the client doesn't send "-a".
+ 
+@@ -68,7 +72,7 @@ DisplayDotFiles              yes
+ 
+ # Disallow authenticated users - Act only as a public FTP server.
+ 
+-AnonymousOnly                no
++AnonymousOnly                yes
+ 
+ 
+ 
+@@ -106,23 +110,23 @@ MaxIdleTime                  15
+ 
+ # LDAP configuration file (see README.LDAP)
+ 
+-# LDAPConfigFile               /etc/pureftpd-ldap.conf
++# LDAPConfigFile               /etc/pure-ftpd/pureftpd-ldap.conf
+ 
+ 
+ 
+ # MySQL configuration file (see README.MySQL)
+ 
+-# MySQLConfigFile              /etc/pureftpd-mysql.conf
++# MySQLConfigFile              /etc/pure-ftpd/pureftpd-mysql.conf
+ 
+ 
+ # PostgreSQL configuration file (see README.PGSQL)
+ 
+-# PGSQLConfigFile              /etc/pureftpd-pgsql.conf
++# PGSQLConfigFile              /etc/pure-ftpd/pureftpd-pgsql.conf
+ 
+ 
+ # PureDB user database (see README.Virtual-Users)
+ 
+-# PureDB                       /etc/pureftpd.pdb
++# PureDB                       /etc/pure-ftpd/pureftpd.pdb
+ 
+ 
+ # Path to pure-authd socket (see README.Authentication-Modules)
+@@ -133,7 +137,7 @@ MaxIdleTime                  15
+ 
+ # If you want to enable PAM authentication, uncomment the following line
+ 
+-# PAMAuthentication            yes
++PAMAuthentication            yes
+ 
+ 
+ 
+@@ -176,7 +180,7 @@ MaxLoad                      4
+ 
+ # Port range for passive connections - keep it as broad as possible.
+ 
+-# PassivePortRange             30000 50000
++PassivePortRange             30000 30100
+ 
+ 
+ 
+Index: pureftpd-mysql.conf
+===================================================================
+--- pureftpd-mysql.conf.orig
++++ pureftpd-mysql.conf
+@@ -23,13 +23,13 @@ MYSQLSocket     /var/run/mysqld/mysqld.s
+ 
+ 
+ # Mandatory : user to bind the server as.
+-
+-MYSQLUser       root
++# using the Database root user is always a bad idea.
++MYSQLUser       ftpd
+ 
+ 
+ # Mandatory : user password. You must have a password.
+-
+-MYSQLPassword   rootpw
++# using the Database root user is always a bad idea. 
++MYSQLPassword   ftpdpassword
+ 
+ 
+ # Mandatory : database to open.

pure-ftpd-1.0.20_doc.patch

@@ -0,0 +1,31 @@
+only in patch2:
+unchanged:
+================================================================================
+Index: README.Configuration-File
+===================================================================
+--- README.Configuration-File.orig
++++ README.Configuration-File
+@@ -8,12 +8,12 @@ For example, the '-H' switch is recommen
+ 
+ To enable this feature, just add it right after the executable name:
+ 
+-    /usr/local/sbin/pure-ftpd -H
++    /usr/sbin/pure-ftpd -H
+ 
+ Long options are also supported. This is equivalent to the previous
+ command:
+ 
+-    /usr/local/sbin/pure-ftpd --dontresolve
++    /usr/sbin/pure-ftpd --dontresolve
+ 
+ As an alternative to command-line switches, Pure-FTPd can use a
+ configuration file. The set of supported features is the same no
+@@ -25,7 +25,7 @@ the package installation prefix.
+ 
+ Tweak it according to your needs, and start the server using that file:
+ 
+-    /usr/local/sbin/pure-ftpd /etc/pure-ftpd.conf
++    /usr/sbin/pure-ftpd /etc/pure-ftpd.conf
+ 
+ Note the absence of switches. In order to avoid confusion, either a
+ configuration file or a set of command-line switches can be used.

pure-ftpd-1.0.20_virtualhosts.patch

@@ -0,0 +1,13 @@
+Index: src/ftpd.h
+===================================================================
+--- src/ftpd.h.orig	2012-04-10 13:13:50.081787071 +0200
++++ src/ftpd.h	2012-04-10 13:15:02.434306712 +0200
+@@ -411,7 +411,7 @@
+ #endif
+ 
+ #ifndef VHOST_PATH
+-# define VHOST_PATH CONFDIR "/pure-ftpd"
++# define VHOST_PATH CONFDIR "/vhosts"
+ #endif
+ 
+ #ifdef WITH_TLS

pure-ftpd-1.0.36-cap-audit-control.patch

@@ -0,0 +1,14 @@
+Index: pure-ftpd-1.0.36/src/caps_p.h
+===================================================================
+--- pure-ftpd-1.0.36.orig/src/caps_p.h
++++ pure-ftpd-1.0.36/src/caps_p.h
+@@ -7,7 +7,8 @@
+ # endif
+ 
+ cap_value_t cap_keep_startup[] = {
+-# if defined(USE_PAM) && defined(CAP_AUDIT_WRITE)
++# if defined(USE_PAM) && defined(CAP_AUDIT_CONTROL) && defined(CAP_AUDIT_WRITE)
++    CAP_AUDIT_CONTROL,
+     CAP_AUDIT_WRITE,
+ # endif
+     CAP_SETGID,

pure-ftpd-1.0.49_ftpwho_path.patch

@@ -0,0 +1,20 @@
+--- src/ftpwho-update.h	2019-03-25 16:48:42.000000000 +0100
++++ src/ftpwho-update.h	2020-04-27 16:07:03.449049599 +0200
+@@ -26,6 +26,9 @@
+     volatile off_t download_total_size;
+     volatile off_t download_current_size;
+     char account[MAX_USER_LENGTH + 1U];
++#ifdef PATH_MAX
++    char filename[PATH_MAX];
++#else
+ #if defined(__OpenBSD__)
+     char filename[1024];
+ #else
+@@ -39,6 +42,7 @@
+     char filename[1024];
+ # endif
+ #endif
++#endif
+ } FTPWhoEntry;
+ 
+ int ftpwho_initwho(void);

pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch

@@ -0,0 +1,114 @@
+diff -up configure.orig configure
+--- configure.orig	2022-01-19 20:48:45.387511953 +0100
++++ configure	2022-01-19 20:59:28.559523809 +0100
+@@ -15016,108 +15016,13 @@ else
+ printf "%s\n" "no" >&6; }
+ fi
+ 
+-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking default TCP send buffer size" >&5
+-printf %s "checking default TCP send buffer size... " >&6; }
+-if test "$cross_compiling" = yes
+-then :
+-  CONF_TCP_SO_SNDBUF=65536
+-else $as_nop
+-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h.  */
+-
+-#include <stdio.h>
+-#ifdef STDC_HEADERS
+-# include <stdlib.h>
+-# include <stddef.h>
+-#else
+-# if HAVE_STDLIB_H
+-#  include <stdlib.h>
+-# endif
+-#endif
+-#ifdef HAVE_UNISTD_H
+-# include <unistd.h>
+-#endif
+-#include <sys/types.h>
+-#include <sys/socket.h>
+-#include <netinet/in.h>
+-int main(void)
+-{
+-    int fd,val=0,len=sizeof(int);
+-    if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) return 1;
+-        if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &val, &len) < 0) return 1;
+-    if (val <= 0) return 1;
+-        fprintf (fopen("conftestval", "w"), "%d\n", val);
+-    return 0;
+-}
+-
+-_ACEOF
+-if ac_fn_c_try_run "$LINENO"
+-then :
+-  CONF_TCP_SO_SNDBUF=`cat conftestval`
+-else $as_nop
+-  CONF_TCP_SO_SNDBUF=65536
+-fi
+-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+-fi
+-
+-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CONF_TCP_SO_SNDBUF" >&5
+-printf "%s\n" "$CONF_TCP_SO_SNDBUF" >&6; }
+-
+ 
+-printf "%s\n" "#define CONF_TCP_SO_SNDBUF $CONF_TCP_SO_SNDBUF" >>confdefs.h
++printf "%s\n" "#define CONF_TCP_SO_SNDBUF 65536" >>confdefs.h
+ 
+ 
+-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking default TCP receive buffer size" >&5
+-printf %s "checking default TCP receive buffer size... " >&6; }
+-if test "$cross_compiling" = yes
+-then :
+-  CONF_TCP_SO_RCVBUF=65536
+-else $as_nop
+-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h.  */
+-
+-#include <stdio.h>
+-#ifdef STDC_HEADERS
+-# include <stdlib.h>
+-# include <stddef.h>
+-#else
+-# if HAVE_STDLIB_H
+-#  include <stdlib.h>
+-# endif
+-#endif
+-#ifdef HAVE_UNISTD_H
+-# include <unistd.h>
+-#endif
+-#include <sys/types.h>
+-#include <sys/socket.h>
+-#include <netinet/in.h>
+-int main(void)
+-{
+-    int fd,val=0,len=sizeof(int);
+-    if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) return 1;
+-        if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) return 1;
+-    if (val <= 0) return 1;
+-        fprintf (fopen("conftestval", "w"), "%d\n", val);
+-    return 0;
+-}
+-
+-_ACEOF
+-if ac_fn_c_try_run "$LINENO"
+-then :
+-  CONF_TCP_SO_RCVBUF=`cat conftestval`
+-else $as_nop
+-  CONF_TCP_SO_RCVBUF=65536
+-fi
+-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+-fi
+-
+-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CONF_TCP_SO_RCVBUF" >&5
+-printf "%s\n" "$CONF_TCP_SO_RCVBUF" >&6; }
+ 
+ 
+-printf "%s\n" "#define CONF_TCP_SO_RCVBUF $CONF_TCP_SO_RCVBUF" >>confdefs.h
++printf "%s\n" "#define CONF_TCP_SO_RCVBUF 65536" >>confdefs.h
+ 
+ 
+ 

pure-ftpd-1.0.51.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:622360b86c60b563abe0e994f0a86cfe5ccfde597b29a14b0a79b6e5aa05a304
+size 520648

pure-ftpd-1.0.51.tar.bz2.minisig

@@ -0,0 +1,4 @@
+untrusted comment: signature from minisign secret key
+RUQf6LRCGA9i55Ntm0qP+FPe+r7MhsAauQBJY5vorUuG+gvqo+JMOBljJz1s3w250v8DyuZtAzrp8HseW/yI+lCdFXQ0qK3tJwA=
+trusted comment: timestamp:1655205932	file:pure-ftpd-1.0.51.tar.bz2	hashed
+MPIQoEEMaLa1M6iZ2NBLh30NkCwzjkVDs0C1Y5dBvXAkcznwfHZRQhfz1J/Ki79iaTZFyQtNFv3qhvg9dYTTCg==

pure-ftpd-apparmor.patch

@@ -0,0 +1,61 @@
+Index: pure-ftpd-1.0.20-sles/AppArmor/README.AppArmor
+===================================================================
+--- /dev/null
++++ pure-ftpd-1.0.20-sles/AppArmor/README.AppArmor
+@@ -0,0 +1,13 @@
++
++---------------------- Using the AppArmor profile ----------------------
++
++Make sure that AppArmor is installed and enabled.
++
++To utilize the security provided by AppArmor, ensure that the supplied 
++AppArmor profile (the file 'usr.sbin.pure-ftpd') for Pure-FTPd is present in 
++the '/etc/apparmor.d/' directory. If it is not present, copy it from
++the '/usr/share/doc/packages/pure-ftpd/' directory.
++
++This profile takes care of most of the typical use cases. You can use 
++YaST->Novell AppArmor to fine-tune the profile for your specific needs.
++
+Index: pure-ftpd-1.0.20-sles/AppArmor/usr.sbin.pure-ftpd
+===================================================================
+--- /dev/null
++++ pure-ftpd-1.0.20-sles/AppArmor/usr.sbin.pure-ftpd
+@@ -0,0 +1,38 @@
++# vim:syntax=apparmor
++# ------------------------------------------------------------------
++#
++#    Copyright (C) 2006 Novell, Inc.
++#
++# ------------------------------------------------------------------
++
++#include <tunables/global>
++
++/usr/sbin/pure-ftpd {
++  #include <abstractions/base>
++  #include <abstractions/nameservice>
++  #include <abstractions/authentication>
++  #include <abstractions/user-tmp>
++
++  capability net_bind_service,
++  capability setgid,
++  capability setuid,
++  capability sys_chroot,
++
++  / 					r,
++  /etc/ftpusers 			r,
++  /etc/pure-ftpd/* 			r,
++  /etc/shells 				r,
++  /etc/ssl/private/pure-ftpd.pem	r,
++  /proc/*/loginuid 			w,
++  /proc/loadavg 			r,
++  /proc/net/tcp*			r,
++  /usr/sbin/pure-ftpd 			mr,
++
++  /var/run/pure-ftpd 			rw,
++  /var/run/pure-ftpd.pid 		w,
++  /var/run/pure-ftpd/client-* 		rw,
++
++  @{HOMEDIRS}*                		r,
++  @{HOME}/**                 		rwl,
++  @{HOME}/.k5login 			r,
++}

pure-ftpd-malloc-limit.patch

@@ -0,0 +1,181 @@
+diff -Nur pure-ftpd-1.0.49.orig/man/pure-ftpd.8.in pure-ftpd-1.0.49/man/pure-ftpd.8.in
+--- pure-ftpd-1.0.49.orig/man/pure-ftpd.8.in	2019-03-25 16:48:42.000000000 +0100
++++ pure-ftpd-1.0.49/man/pure-ftpd.8.in	2020-04-27 16:36:01.574470331 +0200
+@@ -9,7 +9,7 @@
+ pure\-ftpd \- simple File Transfer Protocol server
+ 
+ .SH "SYNOPSIS"
+-.B pure\-ftpd [\-0] [\-1] [\-2 cert_file[,key_file]] [\-3 certd_socket] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-J ciphers] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v bonjour name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
++.B pure\-ftpd [\-0] [\-1] [\-2 cert_file[,key_file]] [\-3 certd_socket] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-J ciphers] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth:[:maxmemory]] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v bonjour name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
+ 
+ .br
+ Alternative style:
+@@ -337,11 +337,12 @@
+ .I README.MySQL
+ files for info about the built\-in LDAP and SQL directory support.
+ .TP
+-.B \-L max files:max depth
++.B \-L max files:max depth[:max memory limit]
+ Avoid denial\-of\-service attacks by limiting the number of displayed files
+-in a 'ls' and the maximum depth of a recursive 'ls'. Defaults are 2000:5
+-(2000 files displayed for a single 'ls' and walk through 5 subdirectories
+-max).
++in a 'ls', the maximum depth of a recursive 'ls' and optional memory limit
++for globbing in kilobytes. Defaults are 2000:5:512 (2000 files displayed
++for a single 'ls', walk through 5 subdirectories max and limit allocated
++memory for evaluation wildcard characters by 'ls' to 524288 bytes).
+ .TP
+ .B \-m load
+ Do not allow anonymous users to download files if the load is above
+diff -Nur pure-ftpd-1.0.49.orig/src/bsd-glob.c pure-ftpd-1.0.49/src/bsd-glob.c
+--- pure-ftpd-1.0.49.orig/src/bsd-glob.c	2019-04-02 16:00:39.000000000 +0200
++++ pure-ftpd-1.0.49/src/bsd-glob.c	2020-04-27 16:33:21.997238426 +0200
+@@ -107,9 +107,6 @@
+ #define M_SET           META('[')
+ #define ismeta(c)       (((c)&M_QUOTE) != 0)
+ 
+-#ifndef GLOB_LIMIT_MALLOC
+-# define GLOB_LIMIT_MALLOC       65536
+-#endif
+ #ifndef GLOB_MAX_STARS
+ # define GLOB_MAX_STARS          3
+ #endif
+@@ -160,7 +157,7 @@
+ 
+ static int
+ glob_(const char *pattern, int flags, int (*errfunc)(const char *, int),
+-      glob_t *pglob, unsigned long maxfiles, int maxdepth)
++      glob_t *pglob, unsigned long maxfiles, int maxdepth, unsigned long maxmemory)
+ {
+     const unsigned char *patnext;
+     int c;
+@@ -172,6 +169,7 @@
+     }
+     pglob->gl_maxdepth = maxdepth;
+     pglob->gl_maxfiles = maxfiles;
++    pglob->gl_maxmemory = maxmemory;
+     patnext = (unsigned char *) pattern;
+     if (!(flags & GLOB_APPEND)) {
+         pglob->gl_pathc = 0;
+@@ -226,15 +224,15 @@
+ glob(const char *pattern, int flags, int (*errfunc) (const char *, int),
+      glob_t * pglob)
+ {
+-    return glob_(pattern, flags, errfunc, pglob, (unsigned long) -1, 0);
++    return glob_(pattern, flags, errfunc, pglob, (unsigned long) -1, 0, GLOB_LIMIT_MALLOC);
+ }
+ 
+ int
+ sglob(char *pattern, int flags, int (*errfunc) (const char *, int),
+-      glob_t * pglob, unsigned long maxfiles, int maxdepth)
++      glob_t * pglob, unsigned long maxfiles, int maxdepth, unsigned long maxmemory)
+ {
+     simplify(pattern);
+-    return glob_(pattern, flags, errfunc, pglob, maxfiles, maxdepth);
++    return glob_(pattern, flags, errfunc, pglob, maxfiles, maxdepth, maxmemory);
+ }
+ 
+ /*
+@@ -766,7 +764,7 @@
+             statv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+         } else {
+             limitp->glim_malloc += sizeof(**statv);
+-            if (limitp->glim_malloc >= GLOB_LIMIT_MALLOC) {
++            if (limitp->glim_malloc >= pglob->gl_maxmemory) {
+                 errno = 0;
+                 return GLOB_NOSPACE;
+             }
+@@ -793,7 +791,7 @@
+     }
+     pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+ 
+-    if ((newn * sizeof(*pathv)) + limitp->glim_malloc > GLOB_LIMIT_MALLOC) {
++    if ((newn * sizeof(*pathv)) + limitp->glim_malloc > pglob->gl_maxmemory) {
+         errno = 0;
+         return GLOB_NOSPACE;
+     }
+diff -Nur pure-ftpd-1.0.49.orig/src/bsd-glob.h pure-ftpd-1.0.49/src/bsd-glob.h
+--- pure-ftpd-1.0.49.orig/src/bsd-glob.h	2018-09-19 23:53:05.000000000 +0200
++++ pure-ftpd-1.0.49/src/bsd-glob.h	2020-04-27 16:33:22.001238457 +0200
+@@ -38,6 +38,7 @@
+ typedef struct {
+     unsigned long gl_maxfiles;  /* Maximum number of results */
+     int gl_maxdepth;            /* Maximum depth */
++    unsigned long gl_maxmemory; /* Maximum memory allocated */
+         int gl_pathc;           /* Count of total paths so far. */
+         int gl_matchc;          /* Count of paths matching pattern. */
+         int gl_offs;            /* Reserved at beginning of gl_pathv. */
+@@ -84,14 +85,14 @@
+ 
+ #ifdef DISABLE_GLOBBING
+ # define glob(A, B, C, D) (GLOB_NOSYS)
+-# define sglob(A, B, C, D, E, F) (GLOB_NOSYS)
++# define sglob(A, B, C, D, E, F, G) (GLOB_NOSYS)
+ # define globfree(A) (void) 0
+ #else
+ # ifndef USELESS_FOR_PUREFTPD
+ int glob(const char *, int, int (*)(const char *, int), glob_t *);
+ # endif
+ int sglob(char *, int, int (*)(const char *, int),
+-          glob_t *, unsigned long, int);
++          glob_t *, unsigned long, int, unsigned long);
+ void globfree(glob_t *);
+ #endif
+ 
+diff -Nur pure-ftpd-1.0.49.orig/src/ftpd.c pure-ftpd-1.0.49/src/ftpd.c
+--- pure-ftpd-1.0.49.orig/src/ftpd.c	2019-04-02 16:00:40.000000000 +0200
++++ pure-ftpd-1.0.49/src/ftpd.c	2020-04-27 16:33:22.001238457 +0200
+@@ -5923,11 +5923,14 @@
+         }
+         case 'L': {
+             int ret;
++            unsigned int tmp_glob_memory;
+ 
+-            ret = sscanf(optarg, "%u:%u", &max_ls_files, &max_ls_depth);
+-            if (ret != 2 ||
+-                max_ls_files < 1U || max_ls_depth < 1U) {
++            ret = sscanf(optarg, "%u:%u:%u", &max_ls_files, &max_ls_depth, &tmp_glob_memory);
++            if (ret < 2 || ret > 3 ||
++                max_ls_files < 1U || max_ls_depth < 1U || tmp_glob_memory < 1U) {
+                 die(421, LOG_ERR, MSG_CONF_ERR ": " MSG_ILLEGAL_LS_LIMITS ": %s" , optarg);
++            } else if (ret == 3) {
++                max_glob_memory = tmp_glob_memory * 1024;
+             }
+             break;
+         }
+diff -Nur pure-ftpd-1.0.49.orig/src/ftpd.h pure-ftpd-1.0.49/src/ftpd.h
+--- pure-ftpd-1.0.49.orig/src/ftpd.h	2019-03-25 16:48:42.000000000 +0100
++++ pure-ftpd-1.0.49/src/ftpd.h	2020-04-27 16:33:22.001238457 +0200
+@@ -541,6 +541,9 @@
+ #ifndef DEFAULT_MAX_LS_DEPTH
+ # define DEFAULT_MAX_LS_DEPTH 5U
+ #endif
++#ifndef GLOB_LIMIT_MALLOC
++# define GLOB_LIMIT_MALLOC 524288U    /* Memory limit for globbing */
++#endif
+ #ifndef GLOB_TIMEOUT
+ # define GLOB_TIMEOUT 17                   /* Max user time for a 'ls' to complete */
+ #endif
+diff -Nur pure-ftpd-1.0.49.orig/src/globals.h pure-ftpd-1.0.49/src/globals.h
+--- pure-ftpd-1.0.49.orig/src/globals.h	2019-03-25 17:58:02.000000000 +0100
++++ pure-ftpd-1.0.49/src/globals.h	2020-04-27 16:33:22.001238457 +0200
+@@ -77,6 +77,7 @@
+ GLOBAL0(int allow_anon_mkdir);
+ GLOBAL(unsigned int max_ls_files, DEFAULT_MAX_LS_FILES);
+ GLOBAL(unsigned int max_ls_depth, DEFAULT_MAX_LS_DEPTH);
++GLOBAL(unsigned int max_glob_memory, GLOB_LIMIT_MALLOC);
+ GLOBAL0(char *fortunes_file);
+ GLOBAL0(char host[NI_MAXHOST]);
+ GLOBAL0(int replycode);
+diff -Nur pure-ftpd-1.0.49.orig/src/ls.c pure-ftpd-1.0.49/src/ls.c
+--- pure-ftpd-1.0.49.orig/src/ls.c	2019-04-02 16:00:40.000000000 +0200
++++ pure-ftpd-1.0.49/src/ls.c	2020-04-27 16:33:22.001238457 +0200
+@@ -857,7 +857,7 @@
+             memset(&g, 0, sizeof g);
+             a = sglob(arg,
+                       opt_a ? (GLOB_PERIOD | GLOB_LIMIT) : GLOB_LIMIT,
+-                      NULL, &g, max_ls_files + 2, max_ls_depth * 2);
++                      NULL, &g, max_ls_files + 2, max_ls_depth * 2, max_glob_memory);
+             alarm(0);
+             if (a == 0) {
+                 char **path;

pure-ftpd.ftpusers

@@ -0,0 +1,16 @@
+#
+# ftpusers      This file describes the names of the users that may
+#               _*NOT*_ log into the system via the FTP server.
+#               This usually includes "root", "uucp", "news" and the
+#               like, because those users have too much power to be
+#               allowed to do "just" FTP...
+#
+adm
+bin
+daemon
+games
+mail
+news
+nobody
+root
+uucp

pure-ftpd.init

@@ -0,0 +1,116 @@
+#! /bin/sh
+# Copyright (c) 2001, 2002 SuSE GmbH Nuernberg, Germany.
+#
+# Author: Thorsten Kukuk <feedback@suse.de>
+#
+# /etc/init.d/pure-ftpd
+#
+#   and symbolic its link
+#
+# /usr/sbin/rcpure-ftpd
+#
+# System startup script for the pure ftp daemon
+#
+### BEGIN INIT INFO
+# Provides: pure-ftpd
+# Required-Start: network-remotefs $syslog $remote_fs
+# Required-Stop:  network-remotefs $syslog $remote_fs
+# Default-Start:  3 5
+# Default-Stop:   0 1 2 6
+# Short-Description: Start pure-ftpd ftp server. 
+# Description:    Start pure-ftpd ftp server.
+### END INIT INFO
+
+FTPD_BIN=/usr/sbin/pure-ftpd
+test -x $FTPD_BIN || exit 5
+
+# Shell functions sourced from /etc/rc.status:
+#      rc_check         check and set local and overall rc status
+#      rc_status        check and set local and overall rc status
+#      rc_status -v     ditto but be verbose in local rc status
+#      rc_status -v -r  ditto and clear the local rc status
+#      rc_failed        set local and overall rc status to failed
+#      rc_failed <num>  set local and overall rc status to <num><num>
+#      rc_reset         clear local rc status (overall remains)
+#      rc_exit          exit appropriate to overall rc status
+. /etc/rc.status
+
+# First reset status of this service
+rc_reset
+
+# Return values acc. to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+# 
+# Note that starting an already running service, stopping
+# or restarting a not-running service as well as the restart
+# with force-reload (in case signalling is not supported) are
+# considered a success.
+
+case "$1" in
+    start)
+	$FTPD_BIN /etc/pure-ftpd/pure-ftpd.conf --daemonize
+	rc_status -v
+	;;
+    stop)
+	echo -n "Shutting down pure-ftpd"
+	killproc -G -TERM $FTPD_BIN
+	rc_status -v
+	;;
+    try-restart)
+	$0 status >/dev/null &&  $0 restart
+	rc_status
+	;;
+    restart)
+	## Stop the service and regardless of whether it was
+	## running or not, start it again.
+	$0 stop
+	$0 start
+	rc_status
+	;;
+    force-reload)
+	## Signal the daemon to reload its config. Most daemons
+	## do this on signal 1 (SIGHUP).
+	## If it does not support it, restart.
+	echo -n "Reload service pure-ftpd"
+	$0 stop  &&  $0 start
+	rc_status
+	;;
+    reload)
+	## Like force-reload, but if daemon does not support
+	## signalling, do nothing (!)
+	echo -n "Reload service pure-ftpd"
+	rc_failed 3
+	rc_status -v
+	;;
+    status)
+	echo -n "Checking for pure-ftpd: "
+	## Check status with checkproc(8), if process is running
+	## checkproc will return with exit status 0.
+
+	# Status has a slightly different for the status command:
+	# 0 - service running
+	# 1 - service dead, but /var/run/  pid  file exists
+	# 2 - service dead, but /var/lock/ lock file exists
+	# 3 - service not running
+
+	# NOTE: checkproc returns LSB compliant status values.
+	checkproc $FTPD_BIN
+	rc_status -v
+	;;
+    probe)
+	test /etc/pure-ftpd/pure-ftpd.conf -nt /var/run/pure-ftpd.pid && \
+	     echo restart
+	;;
+    *)
+	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
+	exit 1
+	;;
+esac
+rc_exit

pure-ftpd.keyring

@@ -0,0 +1,177 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFTZ0A8BEAD2/BeYhJpEJDADNuOz5EO8E0SIj5VeQdb9WLh6tBe37KrJJy7+
+FBFnsd/ahfsqoLmr/IUE3+ZejNJ6QVozUKUAbds1LnKh8ejX/QegMrtgb+F2Zs83
+8ju4k6GtWquW5OmiG7+b5t8R/oHlPs/1nHbk7jkQqLkYAYswRmKld1rqrrLFV8fH
+SAsnTkgeNxpX8W4MJR22yEwxb/k9grQTxnKHHkjJInoP6VnGRR+wmXL/7xeyUg6r
+EVmTaqEoZA2LiSaxaJ1c8+5c7oJ3zSBUveJA587KsCp56xUKcwm2IFJnC34WiBDn
+KOLB7lNxIT3BnnzabF2m+5602qWRbyMME2YZmcISQzjiVKt8O62qmKfFr5u9B8Tx
+iYpSOal9HvZqih8C7u/SKeGzbONfbmmJgFuA15LVwt7I5Xx7565+kWeoDgKPlfrL
+7zPrCQqS1a75MB+W/fOHhCRJ3IqFc+dT1F4hb8AAKWrERVq27LEJzmxXH36kMbB+
+eQg336JlS6TmqelVFb15PgtcFh972jJK8u/vpHY0EBPij5chjYQ2nCBmFLT5O4UZ
+Y4Gm8Z3QLFG1EeOiz+uRdNfchxwfLkjng1UhKXSq5yuOAAeMaNoYFtCf1hAHG6tx
+vWyIijRxUd5c8cDZsKMuLQ34O6DuvPZyeCy6q8BTfW18miMMhIH0QTS9MwARAQAB
+tCFGcmFuayBEZW5pcyA8Z2l0aHViQHB1cmVmdHBkLm9yZz6IRgQQEQgABgUCVNnR
+HAAKCRCSa8UXHN6kOfywAJ0XnUHJzBG8ymQU95rViLf8HUQ6zQCglP1p97fNCc6V
+wi4EUHOl05Ox5xSJAjYEEwEIACACGwMCHgECF4AFAlTZ0WkECwkIBwUVCgkICwUW
+AgMBAAAKCRAhBiequnCf4bJSEACNpfrkZcJqH4kh6Px9nFAzTtjZ+7kX3FSMPRCL
+U5nVOiisfZ5IBT92N5VMJC0BT+mkIUCchwVOUBqp/Z/JPPoxD3Iky+4XG07mNGEb
+s9JqfWyfK67qhsU62bqILyFZ7cJ59R74AG7tdxyrvtyji2A5lqqLFTX9GvBox49d
+GQ7jQz0FW1+jVg3rPoy3XlLMVSlGR5TgtwokQkhyc2dxtYDvUFO/C0ABQiCAzuxj
+u8T46m7xF57MrOX9dji1weDagZSGphHcs7VfgsCGQTPTYusrT5xIVs0x8x8IveaD
+WvgLaVJYBkWI2LTEfacQqlZK6ZcK8IQOHW0juxy4l0CKwOexdf+S8CkUeHuyBoZ0
+6WaFvIa/MqoOAAFQmaq+WgfNiziQDD+mZQu5EG/f2MRmMOFcH+qgmPCMO+DLyC+c
+FtM0r/6KwXjbR3j9Gfzs8d1FygNnITRJRFm2fXtCGQV4HI/yQ3yvHtFU6r9SLRy5
+tmZLwm8oVXxEfCPABz5388JF71hXgynjDvK2pKg3jUN4eAXoggQlR6RLFHSFkht6
+AjtYLsvf4cTCUdsgFoivt+bAnGW64E0zdKEHqUTLmd+J4iAStI1Ie7dTObATDYMR
+ACHioyX+uAxLnTc/sVIHpOTfgV8e4a8rlQt7Ncuh+Ns7Toz7aRz1VMPfIFqb+Ve0
+ESwbNIkCNgQTAQgAIAUCVNnQqwIbAwQLCQgHBRUKCQgLBRYCAwEAAh4BAheAAAoJ
+ECEGJ6q6cJ/hgqQQAJRxOYPse56eok0qMn7VCXfgHkm8n0wZlD7NxzVsC/iHQRik
+cto0+/UAWaDXE3LiY/RAHS7hkIgVqgumnaYgDcXmA0lXj1sDheMSlM+YUUR09+/U
+8vIyCDyhqBmQ5rOd76d3Ys2ow3t7V0xEzAyqMrr6l47PM3ScccwmPU4WqpFl24wm
+jXYlbwlocIEuUzEEeJ83ojeD4PBVbSLICYcN64xhwLZ1/ji6GMh1aNkB/lQwocjz
+LLbWIz7cgimbqLMBV41PEDvtXYldBOOujsnQ6ejjSD1HStDaaNCqrMy6IuI1AZ4b
+CkOv2AF/RcPNX0CQpouZH/hDNl/tr766w/tgUVI9BiC9ol4jcuLW1TXoJbeU5Ps+
+QEp5bhyt+t03Eej1gR0btRxOjgqkTF3TdR7sjWzhgALG+MXRsOQ33HK0IhmYs2LQ
+sIelwpmiDLV5Kd+mxzSD3Nv82GyElwCvvFrUaGibu1SXbPaj0oJPcuL8Mgan1NrP
+T0c7uR8J2it3hsAXf3azexUb0k8q+ysGxakbvlTrv4IM6LI1RBN22BUYco29pUTP
+K2BRGoVZKyty+kfkUlETyjm5z/D17a9XGi5MAyJIAKrPnc+vKn2CLX1S6xfg9zbM
++k9wflJIdEXHNrQfEMyl9OxNQDAKbpayYpCKaShCQpwlATSWifZdlm/2KnE7tCZG
+cmFuayBEZW5pcyA8ZnJhbmsuZGVuaXNAY29ycC5vdmguY29tPohGBBARCAAGBQJU
+2dEcAAoJEJJrxRcc3qQ565kAn3WoiXELAGWknxHztVcWWmNJBFX9AJ9cVVC2L6OT
+OLLWtLSCxbt1LYcwRokCNgQTAQgAIAIbAwIeAQIXgAUCVNnRegQLCQgHBRUKCQgL
+BRYCAwEAAAoJECEGJ6q6cJ/h0LgP+wfCw2SCFvD7sFlnmd6oJNP+ddtt+qbxDGXo
+UbhrS1N88k6YiFRZQ+Z84ge9RgQXA74xuWlx8g1YBEsqO1rYCGQ4C+Ph+oUO+a3X
+k+wmEzINnjCF8CQzZQ3vdXvWmshKzqC2yyeR235WC/BSHsqsr+TRFEmGa68ju8s7
+UF8ZQaBzbM0ttUtrc0UqhnS16xV5lH9gBkVbMWIN1pAeJcFRL6MB92Vv5tWjayua
+w76vxmwPhu6quUlwxNYNvYBgG5kpBjqMOLHaX1x+SA5F6aI6E3kqxeyurwV6Ty+/
+FIns+Awl+IFPey5ctwSOXkizhtqxpMNHAu9resNRjneIjNVTLON1uaxvmPJttMd/
+CdTXh+guxDBfH6Vr9nmExy2qbihDJ06Sm874UYtnBZdB7Fi0cNF1DlEZKaZyYaLw
+RA/TelI2IaIdkRFLsaFdo144nfceZ2fra2QO83Ow6uShNZzAHU0ZVEKLVt/VJqCL
+6hts7vhKuCBcNlpoNOZptRPJf8RMLh4qwtniZadDcM16TpvkyTQUAWH+GvTML0UR
+5sLHOtZ7MUaHO/c5UWQWJOmuaWOKgdKLi3iXztGbNNDc9F7wRoObUH7Om/0s5IRy
+noO58ofDCmurPDP+10eOQaWtgVz2nFXcFF0qTw4H6L/sXlzbm27HuqEHuYrzpTl/
+Njn0chjBiQI2BBMBCAAgBQJU2dB5AhsDBAsJCAcFFQoJCAsFFgIDAQACHgECF4AA
+CgkQIQYnqrpwn+GYRBAA0+7ImcxLB3yYSMK0yO59TWaUkiVLNOwBW1GihtIUtx3N
+2/P/Fi3eRLU0/2GtzYqCRwKqlluMrN0s8HuOEna1gTmVMqYTYm00CXP15S22xeUh
+jH4zJ4wAeUTPTGMnd/fMVwuQzjKuzgh4JUsqomhEubYw5WXVsTa9FtQxLeoTbOUw
+o0nRJMvxx4ERMpRsaHP2bfv87wgTquMTLrY1+oOJ3Vsb3L0oYUz4DLIqzSYjqFcn
+TmwyjLa5ZptJlf+PsXMFlhwGIHFjoOVUtTkmuorRoWi2In6e2bpVNZ2ECNRh3FZz
+1XxvhtQ5fmiZpRMpQFvCqA50ltCzJihqNG0/4Oj1KVnYenRYBbi9wN3Jt5BorUz9
+G15QVplnVIIN99uUSdaQkg8MXdQ6lnKRPwt0eE6KuRIDIAsJ08zoZvW3+UsZ6eTn
+YW08t9EWYqZcv4AcZFt2HJ6IMijm0C0ffr8cUNS5UAlX2k16jwUzvKO+iaSJNLtY
+Wz9OsTW8SWSKsdSPrr8fKNjZLFmJrSSbyxmPkboIsaNo9otqnHmLePMoomrHmyyC
+i6FFax3QLbz/22tMWWu39cKm9sEISQQTH6ogN/osKYg+AW9BhdErma1fou+wPtcl
+kA5k87WCJ1SsNV6171GoVPsL+cYUSh42UWxTPTu8IwFwH9H+3wJ58Krv2OJI5JW0
+LkZyYW5rIERlbmlzIChKZWRpL1NlY3RvciBPbmUpIDxqQHB1cmVmdHBkLm9yZz6I
+RgQQEQgABgUCVNnRHAAKCRCSa8UXHN6kOWXzAKCGlk6DvVCqExkBd6OEsaEoOBgH
+5ACfcVQaz/FEgCdRsJeLi7xNwZXZ22OJAjYEEwEIACACGwMCHgECF4AFAlTZ0XoE
+CwkIBwUVCgkICwUWAgMBAAAKCRAhBiequnCf4ak4EACQm7nJmEs8EjOcNkyvSgn+
+kmJJ5rsZQJjh9W4VQoukuVKMhpLELgTahYbxwmgx0yHBbXHXrqtFk91cWlbx4Lmv
+6HybbkcEnrj0WMxQ8OLav25CA90HLzQj6AWWuyKdLLvFt2VRKmOtxhgLH2NiONPA
+fovVBlr5gIwXJrx2hv81x3NDSjtw1G7k0b3zxxJyyxxdhfMjpIyi5LA8YIytAcCw
+zfVhvxgVsku4PEVEJljn6qJHwNcPNbgunrx8mrRf9QZb1D6Lb0sxO9llYMYFD1vB
+A228Os9nxJinbj1ww6xHhbsUrhjQ55phFMEVxdp5cQoA/VmpitjbYEOIck7kgZjv
+YPePe88BMBiKDCOv+o0U638NoREWlDgvtEP4TpYscBMVbFkcf8A9yTqrxtjgQevw
+YlYDvuwio38K29qnvn1AoHyet6tPqUDRyiOFLkh7wuujpiwwBcOrCPOy/5WCdOCq
+XygAWa5T6j7pyYdTAY0eASz7F7ZQNCKTG7rzmA4Id8eYHC57f3WCUe59B294KHLl
+6KSJ/qro12DtUf2ZHffmjxUn0j5Wn+TdbxdkED04S7CvGPLUTNa9xvZYZetQdVnf
+bD4T0IgK8UVXsmJOe0be3UKHj9tsXCvB2RzkRlOHRzoHth8iQRac6cGi9YE8QGRI
+a97fvUyyoG4q4GvVbiN5zIkCNgQTAQgAIAUCVNnQDwIbAwQLCQgHBRUKCQgLBRYC
+AwEAAh4BAheAAAoJECEGJ6q6cJ/ht+gP/jcG27dq63a8s8NrnxByYCQBW/Q6MdNk
+WgfdD4ajMwyPELwk4D1mtcCqnihXoj4NBGhCgtiZZ0gKKTv6fOGKRjf8ZLJBiKy4
+vZs6IzM1f6j4QPOPx1Ew6WLPxGuPuUT9ZsMvwpoMU+OrLaSJZMxxB6oHrsRZ5Wc6
++Zxn8Pqtp9Bx1SK1pX04hUjsYI6wpqzInAMlGh4ZlYsadqSUFEtnzMP0T2usoc61
+jDzfNgW+vHmD1diIl/Gp7coInp/3k0ovNYMiqwjmMl3WcA8O4Vh1JhE5dM8Eppz7
+nkoGbFIHaLjuz40U4T2tHSXDOpy6QXcuTE4man9Wo+WmA2ibzPsAzyZr7W5qo0PM
+Rkv6K6Oy0rxB2GFm5+welxD41tt5CwRHu9cdg8QP1lxlf+CgnVs8u0EBAuu5c9/8
+UZGSWtTc3wRKRVnO41/uHzhvgeEW3Zypnrc26h4bWGmil1WgaENTHGSM5j1MDy24
+Kn7Xoyh+utQALJAuB7V+UCqpDNN4icRos92rpWiQKQm0sXKtyhtmz55cRc3aRXvN
+vJAdrpfV2fUh6Xz8tgER19MEUkVRLQMA7ePwEQIjOKl7Pr/b5NozhzpOwr+RRwHl
+iXYLnTEV480DG6+Eb55vTEZ2a5Rr1VVgbRW6LgQBNb1yo8M594QLXadGYgc3UvAJ
+dnEMmQ5TAk0/tDBGcmFuayBEZW5pcyAoSmVkaS9TZWN0b3IgT25lKSA8cGdwQHB1
+cmVmdHBkLm9yZz6JAjkEEwEIACMCGwMECwkIBwUVCgkICwUWAgMBAAIeAQIXgAUC
+VNnfeQIZAQAKCRAhBiequnCf4TtuD/9izD9TC84d/1gZJ8hNDZ/TFV5ycN5NtqAx
+Y/6i97Pb7unLj0aEAEGOXtJN3mHGL6s32s+dmWhNn+IXygU8c/s5IHTpdyf4EKiu
+y/8vGVyV3nGI7N2hpl297I5dwo97M2qfrfCTPX9mnqln1txHUBQkEyX7XZj13VwR
+tv1dOGy2ga3iUD9UtqUC23Vkwo3FOv6te7R8xXoXjEvOKWxYyHwAdeh5snKz8ex5
+ZDluSUTTkkJHQdJgnPSM5txh4RMhNSXc0kRQDBgcZQvVc/UTAxwPF2z5chtqOZsg
+f3jLvwkIVpAbhBfgt3sUJMJcmX2BVWLaiYHebT5uW35xNOgGB79+RynH2/iQFAF/
+SmS5Zzz+L0lZHhux+nXqcREBkwItk3n+6uBNgKfLP9U/lj3o8BE6AijUl/xIJmWx
+hzrCgPCJGcuRlX24rFiCujkx2696tWokTKQNRXKd59ZI+bd+KCtb4fFecDWaVj8Y
+zNDJmVL0PUQp0Ix/Bu63Oa3spN8vOVrkRD5X40JI5uxTNA6tRlczBlcp0NNUeB13
+q0h5ya5UWHWbStsoQp1f60Gl0og+aoaKwnV0WNU8o2W+ayUGvltVon6zTEbmgkai
+n6hYi1AGuiNTQQ5bhGJxEUGzpei0TwtK/RJmwC6iPiCTge5PPASDJcK2EkgmP+cQ
+W5bjf8zvZrQ3RnJhbmsgRGVuaXMgKEplZGkvU2VjdG9yIE9uZSkgPDBkYXlkaWdl
+c3RAcHVyZWZ0cGQub3JnPokCNgQTAQgAIAUCVNnSkQIbAwQLCQgHBRUKCQgLBRYC
+AwEAAh4BAheAAAoJECEGJ6q6cJ/hakcQAMFpvn+pqPZwqBkQ+K+I60i7ieQKciMU
+UNy+Qy/zHiE0TDzQ6bNDqbyiCBphr9fZ+QJ4u7nznJ0C5E1Y9de/VOQU52oZNnw0
+tAsZRcrJaUfQO7V+qkDLSMgROHHT4Y1bnmTsCPj3yUpXhRZj0NxEpWys3jRiagUI
+jUm6aPajIYcmEWcvxZOJDkMwHV6Wut5D19SlaE7L89fTtn6y4pu0GPKEyPFW4o9A
+gfh34R7i5qJXNN/f0uO4RfucoBESuRcI6JksfkNnysfT9+U2akPWcO93t4EvWFBK
+0+C1O2cHZrpX7XwmlS5iLl+BlAz2rJjWwFi6ShxMC5Z9GCTtJCMw/tqts3Jc1Jho
+HYBnBFMC2+r6ViyeNTLJh5J2YNM5v8huv7GrANI1NcCsXkZR3ksZ4dz2G/r9+pB1
+7EVYqj5cMXvTxpiyvafcA9Mkv3ZNi7CWxNYZ1GX8O5deFXYr6y+euzMv9LBt0myF
+G/w8R7lZIB1PSxx5XGuM+VZhXO79vrHNPuiHMxVvOhSiPJvqvMy4R3KrioGabpsb
+8IxKAG45fddt26mSptXvKRy9200Gum0r/YrDbFt0/Xh3hAe362wZWDmY7zELmC3/
+NrdrbvhOMW1GGWa5pUWBsARhVAUaa7SdHl3lL8RYAJ2s8jTV8V4TtzzIgsaQqdHu
+/seuHylTzHxbuQINBFTZ0A8BEADJ7/1Bve7wLSMnhvpT2pZoZ9dDUNOyOEc/r4oG
+RwMTvLe0GITmDmC2RY9ZjtdX/JXOV9aMVe3SsIfrBzCUN35DpkGxulRkS5kUwD5O
+ORrGkXAJ3MzcwmVsNLOH/dsm3PU4eHTUfHVJPdLfrRSLTxpxRxh5o8FGDHO7vATZ
+fZf0jYiYqcbh41EdYV0BPkV65YJKFvUvCG4rB8rXeSHDlxs99+3KGJHSS88dQHaT
+jBjeJ+asppa4YwSL1dmv0fpsHlAA+yJfCGJ4+fJWpa6dpC5p6CWnC9EfUdmW0oww
+XryqYrZst5Kh0ufbwocPNGrAUVq9dPvhGldC51gyim3NVPNPUT9QHNJeuioyo95p
+okECg6W9qBxw9LibMfOJKgjpKFnahddsEbLcoGLAHPAiV57ACk4XQ77EE5DF+lio
+OMLUicNBC0bTQkGcx/IhOnqvTF2Yo7xuh4/Vsmdi9nnjtGyp9LhAxr6TzC1nBXzo
+wsS99sfya/ebKgLdqdA3ARR+XeIyu7ah0GMzcLfIm22xpcM0RU4Kv+YoFfp/avT/
+4fG1kIVCcqm48ibsLeJf6E0kymeW2dCAKykv/mP2PW/wQV0c0T/w9S4Wjp3R+NxO
+h5hFhktj4VFD591ek0MzquZ6Wk1yoav3/FzGBKr20N6o30RGviy4JhSwMA+63PId
+lmFaewARAQABiQIfBBgBCAAJBQJU2dAPAhsMAAoJECEGJ6q6cJ/hglYQALHDtKWA
+kc3IA8A1jq094OcovHbdzZgxi/XOv6ISlcGlkiA5cBbW2TYmf36/dVQnQ34VEqIb
+Z+hO17ymHVTTuDUSyG0oEXO2PwuD/vZRIZPuppV2JRIpfxjemFwbELw0s9ccPgrM
+92OpKtptcYkhxbmaz9D0u+cfryACmyLKWrruSMhIf8AFtb2P6Z87O0ybWNq/ELL/
++cbfs1HZRgdGSauyGf9Rr3pbUTCa34XAkyj0EVnTL9GhIqHgcGADPLHPVK63jzPY
+0qU97gmMLiZZXeDPePrare7ar5EenZblxfuFlnrj16OuY0gZdPeARH0+XVW7dE6p
+hunk4Jz4IYdY+z6SIIcqlFNL/GD5eQ1J2VLh84uAhHEFjVBKvsSvTdv535WqvEeC
+zwyY7qUliMObWb/DVo/hAP88sYIF/qtqa96pQ/iFJzvHEf0U9S72fS+bdX706o6Y
+A6lySK3pooTmyzhhFdPtMVhGjdPOTlc8lEE7dhAYc0sR5AtAhHegoEfJePGBrCia
+xwo7jr0PpYFbQJIGAXlRXn4aymtuNk5lQTZWQpEtucFIRoVmy799+KfikxuHe/Sf
+oimG4fJ9Av4AStGMw194C2y/usHrNMWImlkkQX8fYXzwnxSwxhubGO8lYh/GHDho
+oOiFffg1gQksjmdHdCF1jb0yxft3dQRQ+HZRuQINBFTZ0DcBEADWTaBSOHDPU2BQ
+jDmCIh9VGl6ImzRO5GdagzPzusuR01Dkp5tpKAmDE6rVWooAKv7V4lCSwc6B8Ide
+wsw8eS9/yEoTB3asABQnFGSCNjVv1xBB+5J8J6p+bZItgmQs3xPhl7VJuzO3wVtq
+YD71bfzq3fg4ZhCj9APn3Sh0t8fxFJ/FbLyaGBJMYPX09eHqmJPqACxcZur1vVAB
+TtFWfyTl83g07sdPuqejUI3MpCnhuRolwHR6UaKX3pLC0Md7GanxQRIboiF+z5ZQ
+EMR6T6inDxvNmlak+cfbb2dkVXZP+eYXCoDYXXGwxlqpDRDWzr05qJtmv4AzYG+6
+X9doyWvbdkUVQvKMmIfs1X7S4X9hpcDFb78LlztVNgNP5VEOyt97epUNphJm7ncn
+hSQrKN5CCeffHn08NmT5HhJGfmnbCAUG3QkhJtAf0vg0vAg0y030uZzeU96xpzu5
+cz3/fN7j/Qi2zg8rdOXahdR5fuF4nDE9z0Lc9U/j+1+5z0C/RVMDllAR6n4WITbJ
+1de5ujPzg6CrMo3Zfdp4zsb8g+s1Wn33Mds1/kmBGiCIgxYcVRaa4cE7q7ijn2sd
+5zUy3dSXoq2lHo0jQpz+tFcU7KdtN2NB/Kri7b7FheleZa+e1kMRkMUJkuSUFfcK
+3mM7gN9/QKVKrpH1poYjwx20FVgHtwARAQABiQQ+BBgBCAAJBQJU2dA3AhsCAikJ
+ECEGJ6q6cJ/hwV0gBBkBCAAGBQJU2dA3AAoJEGLyW1krb3batY4P/A5ugYnIxG3D
+aYVqbI49LqDwePSNHyhcUjNrlIejyPsLXC7YpCbDchr1w5u6BhP7lyJIuUvvvdaW
+eaE1fd9R1c6fHuL4qeSEQnFhZOjYrEZomZzf8THoy5yt7OdaZiuVCYaGMpqxExol
+Co9bruQansEV2eMFh9pMyLrAcyHOd+7IURqpPi4MGO/8eGimPuWeOlaQBkpTuGul
+nVrZUS2czs9MfrTyKwGKNH+9oXR4Nnp2RK6pIYvdHcv+YQrGiUZfq2hGVQ0oIDrT
+tIZoU5y0lgF92DyDadakqr5+REJPBYWboUWqJ6V4NMGS3PNqCGBGdCp4SexwYFf4
+xe/JSOWT3ZPZtthmwElpCI8DZn8wIRhD7vzV94sHgz31OFC2zr3o7N4r0ExDqxeO
+7t6bP+kjqwV0u39t2QcO58GK8nswnkFFfEQipJPsVD7+WFNA6RrVYg638XrnF1vF
+tOVTgbAn6Wtj0174+FYz+lBkVHF90lU3AFZ7ygJn7A2v+PuADhL34EBUc7nsfLbY
+RWz1tqSyRED6VRbsQCtH6FB8O/BxS+zUVUxcd41FoBgDOzwPRSPYda61OXV8ovLl
+8AY2l3BGiLbO1hNDRoxcxG7m+pCZXa8oZeWQjJJjnAVO0pEpiPeWzicL2HRhohHD
+uHoe3IuKThR9GTain6Y8n6U4LRYEuS3Z3qQQAPLm50evm+4BmjkJP60Tk2B6EqvR
+l1QKoYZmOvZX7F0PRF6IgMzWZ4SS7Y9Se/OmdwYHfV/jF66z6CS1RpgU0/Mk99+y
+mP/q25NehOaC9XiLZ7CdMYKaw9YJFlDWmqUVyynQPOqIKFPLBP/Vq9gjenQnTwpo
+5nNJlrxh2OVepTH9zTyAEG0uIs7lP8PiBID5waOOQT5MT9h8r4aDnpPqcabKi/Li
+0M7iI7cIFrzDqHFUK6QTa+pEPfYb6/H3mOpDiOTKBrGoFt0euZuwwH8/8daDt0Jl
+k/5INnXFqohG8y96YV9UKULXSZDufiU2EBdFj+bD80Ow2iD+zKNjY4ar5zuTUff5
+BM19chEHJNwSOLyjR0ogENfyfeLorvQM3lunXTzuAMey8nCtFjnjVTQE+mt7RSW0
+K73t2aAw0jVwGu9FSpqXa7K8J1/v+Pq5cme5Y+65zFgnvY5ZX2djIvpyGFwq74VY
+dLezh1RsKUqtvAf3tgBbEGcV3E+GPuqaO2iQA1XW/i5TgLhesQd7MpRNSJtIgAwl
+vVAFrm9aIjq/Y79PphxGHN5GhdJD1OcyjiPXIPPdY3DgVf6kb/Pbm0h4n8PYU2Qd
+HQ418wYzcDYwR6pGA2i7H9Ys3mBxBuIBDrI6DA0DKoMOismfvuhYAFBl+SNXQTmC
+yaKJ4Th/5TZsY0L3
+=r0bJ
+-----END PGP PUBLIC KEY BLOCK-----

pure-ftpd.pamd

@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth       required     pam_listfile.so item=user sense=deny file=/etc/pure-ftpd/ftpusers onerr=succeed
+auth       required     pam_shells.so
+auth       include      common-auth
+account    include      common-account
+password   include      common-password
+session    required     pam_keyinit.so force revoke
+session    required     pam_loginuid.so
+session    include      common-session

pure-ftpd.service

@@ -0,0 +1,22 @@
+[Unit]
+Description=Pure-FTPd FTP server
+After=syslog.target network.target
+
+[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
+ExecStart=/usr/sbin/pure-ftpd /etc/pure-ftpd/pure-ftpd.conf
+
+[Install]
+WantedBy=multi-user.target
+

pure-ftpd.spec

@@ -0,0 +1,198 @@
+#
+# spec file for package pure-ftpd
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           pure-ftpd
+Version:        1.0.51
+Release:        0
+Summary:        A Lightweight, Fast, and Secure FTP Server
+License:        BSD-3-Clause
+Group:          Productivity/Networking/Ftp/Servers
+URL:            https://www.pureftpd.org
+Source0:        https://download.pureftpd.org/pub/%{name}/releases/%{name}-%{version}.tar.bz2
+Source1:        https://download.pureftpd.org/pub/%{name}/releases/%{name}-%{version}.tar.bz2.minisig
+Source2:        %{name}.keyring
+Source3:        %{name}.init
+Source4:        %{name}.pamd
+Source5:        %{name}.xinetd
+Source6:        %{name}.ftpusers
+Source8:        %{name}.service
+# PATCH-FEATURE-OPENSUSE %{name}-1.0.20_config.patch -- Custom service configs.
+Patch0:         %{name}-1.0.20_config.patch
+# PATCH-FEATURE-OPENSUSE %{name}-1.0.20_doc.patch -- Adjust command paths on documentation.
+Patch1:         %{name}-1.0.20_doc.patch
+# PATCH-FEATURE-OPENSUSE %{name}-1.0.20_virtualhosts.patch -- Custom VHOST_PATH on openSUSE.
+Patch2:         %{name}-1.0.20_virtualhosts.patch
+Patch5:         %{name}-1.0.49_ftpwho_path.patch
+# PATCH-FIX-UPSTREAM %{name}-1.0.50-default_tcp_sedrcv_buffer_size.patch -- bnc#407363
+Patch7:         %{name}-1.0.50-default_tcp_sedrcv_buffer_size.patch
+# PATCH-FIX-OPENSUSE: bnc#789833
+# won't be upstreamed, can be dropped when systemd will be only one init system and kernel get AUDIT_LOGINUID_IMMUTABLE
+Patch8:         pure-ftpd-1.0.36-cap-audit-control.patch
+Patch9:         pure-ftpd-apparmor.patch
+Patch10:        pure-ftpd-malloc-limit.patch
+Patch11:        https://github.com/jedisct1/pure-ftpd/commit/2bbe0f25c6b905044803649a29df5f765f940b91.patch#:/CVE-2024-48208.patch
+BuildRequires:  libcap-devel
+BuildRequires:  libsodium-devel
+BuildRequires:  mysql-devel
+BuildRequires:  openldap2-devel
+BuildRequires:  pam-devel
+BuildRequires:  postgresql-devel
+Requires(pre):  coreutils
+Provides:       ftp-server
+Provides:       pureftpd = %{version}-%{release}
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150200
+BuildRequires:  postgresql-server-devel
+%endif
+BuildRequires:  pkgconfig(systemd)
+Requires(pre):  user(ftp)
+
+%description
+Pure-FTPd is a fast, production-quality, and standard-conforming FTP
+server, based-on Troll-FTPd. Unlike other popular FTP servers, it has
+no known security flaws, is trivial to set up, and is especially
+designed for modern Linux kernels (setfsuid and sendfile capabilities)
+. Features include: PAM support, IPv6, chroot()ed home directories,
+virtual domains, built-in LS, anti-warez system, bandwidth throttling,
+FXP, bounded ports for passive downloads, upload and download ratios,
+Apache log files, and more.
+
+%prep
+%setup -q
+%patch -P 0
+%patch -P 1
+%patch -P 2
+%patch -P 5
+%patch -P 7
+%patch -P 8 -p1
+%patch -P 9 -p2
+%patch -P 10 -p1
+%patch -P 11 -p1
+
+%build
+CFLAGS="%{optflags} -I%{_includedir}/mysql"
+%configure \
+        --docdir=%{_docdir}/%{name} \
+	--sysconfdir=%{_sysconfdir}/%{name} \
+	--with-ldap \
+	--with-paranoidmsg \
+	--with-altlog \
+	--with-virtualhosts \
+	--with-ftpwho \
+	--with-mysql \
+	--with-nonalnum \
+	--with-pgsql \
+	--with-cookie \
+	--with-throttling \
+	--with-ratios \
+	--with-uploadscript \
+	--with-diraliases \
+	--with-pam \
+	--with-puredb \
+	--with-sysquotas \
+	--with-quotas \
+	--with-inetd \
+	--with-tls \
+	--with-boring \
+	--with-peruserlimits \
+	--with-virtualchroot \
+	--with-extauth
+%make_build
+
+%install
+%make_install
+
+install -dD -m 0755 \
+    %{buildroot}%{_sysconfdir}/{%{name},%{name}/vhosts,openldap/schema}
+install -m 0644 pure-ftpd.conf  %{buildroot}%{_sysconfdir}/%{name}
+install -m 0600 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/ftpusers
+%if 0%{?suse_version} > 1500
+install -dD -m 0755 %{buildroot}%{_pam_vendordir}
+install -m 0644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/pure-ftpd
+%else
+install -dD -m 0755 %{buildroot}%{_sysconfdir}/pam.d
+install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/pure-ftpd
+%endif
+
+install -m 0644 pureftpd.schema %{buildroot}%{_sysconfdir}/openldap/schema/
+
+install -D -m 0644 usr.sbin.pure-ftpd %{buildroot}%{_sysconfdir}/apparmor/profiles/extras/usr.sbin.pure-ftpd
+
+install -D -m0644 %{SOURCE8} %{buildroot}%{_unitdir}/%{name}.service
+ln -sf service %{buildroot}%{_sbindir}/rc%{name}
+
+rm %{buildroot}/%{_docdir}/%{name}/README.MacOS-X
+rm %{buildroot}/%{_docdir}/%{name}/pureftpd.schema
+rm %{buildroot}/%{_docdir}/%{name}/pure-ftpd.conf
+
+%pre
+%service_add_pre %{name}.service
+%if 0%{?suse_version} > 1500
+# Prepare for migration to /usr/lib; save any old .rpmsave
+for i in pam.d/pure-ftpd ; do
+     test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
+done
+
+%posttrans
+# Migration to /usr/lib, restore just created .rpmsave
+for i in pam.d/pure-ftpd ; do
+     test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
+done
+%endif
+
+%preun
+%service_del_preun %{name}.service
+
+%post
+if [ -f etc/pure-ftpd.conf ]; then
+        mv etc/pure-ftpd.conf etc/pure-ftpd/pure-ftpd.conf
+fi
+%service_add_post %{name}.service
+
+%postun
+%service_del_postun %{name}.service
+
+%files
+%license COPYING
+%doc FAQ AUTHORS NEWS THANKS README
+%doc README.Configuration-File HISTORY README.Virtual-Users README.AppArmor
+%doc README.LDAP pureftpd-ldap.conf README.MySQL pureftpd-mysql.conf
+%doc README.PGSQL pureftpd-pgsql.conf README.TLS
+%doc README.Donations README.Authentication-Modules
+%{_mandir}/man8/*
+%{_bindir}/*
+%{_sbindir}/*
+%dir %{_sysconfdir}/openldap
+%dir %{_sysconfdir}/openldap/schema
+%dir %{_sysconfdir}/%{name}
+%dir %{_sysconfdir}/%{name}/vhosts
+%dir %{_sysconfdir}/apparmor
+%dir %{_sysconfdir}/apparmor/profiles
+%dir %{_sysconfdir}/apparmor/profiles/extras
+%config %{_sysconfdir}/openldap/schema/pureftpd.schema
+%if 0%{?suse_version} > 1500
+%{_pam_vendordir}/pure-ftpd
+%else
+%config %{_sysconfdir}/pam.d/pure-ftpd
+%endif
+%config(noreplace) %{_sysconfdir}/%{name}/pure-ftpd.conf
+%config(noreplace) %{_sysconfdir}/%{name}/ftpusers
+%config(noreplace) %{_sysconfdir}/apparmor/profiles/extras/usr.sbin.pure-ftpd
+
+%{_unitdir}/%{name}.service
+
+%changelog

pure-ftpd.xinetd

@@ -0,0 +1,21 @@
+# default: off
+# description: The ftpd server serves FTP connections. It uses normal, \
+#       unencrypted usernames and passwords for authentication. This ftpd is \
+#       the pure-ftpd.
+#    ** NOTE ** when using pure-ftpd from xinetd the arguments to control
+#               it's behaviour should be added here in this file in the
+#               "server_args" line since the configuration file
+#               /etc/pure-ftpd.conf is only for standalone pure-ftpd.
+#               The command "/usr/sbin/pure-config-args /etc/pure-ftpd.conf"
+#               will print the arguments needed for behaviour like standalone
+#               pure-ftpd.
+service ftp
+{
+    socket_type = stream
+    server = /usr/sbin/pure-ftpd
+#    server_args =
+    protocol = tcp
+    user = root
+    wait = no
+    disable = yes
+}