diff --git a/pure-ftpd-1.0.49.tar.bz2 b/pure-ftpd-1.0.49.tar.bz2 deleted file mode 100644 index d0d5fa5..0000000 --- a/pure-ftpd-1.0.49.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8a727dfef810f275fba3eb6099760d4f8a0bdeae2c1197d0d5bfeb8c1b2f61b6 -size 487958 diff --git a/pure-ftpd-1.0.49.tar.bz2.minisig b/pure-ftpd-1.0.49.tar.bz2.minisig deleted file mode 100644 index 33b725e..0000000 --- a/pure-ftpd-1.0.49.tar.bz2.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RWQf6LRCGA9i53jbtkymhF4h2cC4NwgcDPxMLwbbhQpd+MxuhP9fq63KtlLE99n1OoP2l4pdNwopuh/B6dXVy5+kPRwsx5AyxA8= -trusted comment: timestamp:1554289403 file:pure-ftpd-1.0.49.tar.bz2 -3H/r3tHgNMKLhBn9DRGOJ/vUDhe1ZF33iAfMnNI/D28ApGcmalgyac/TtBiYP+R1h+8prBTo1QIpp4acRr0VDA== diff --git a/pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch b/pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch similarity index 58% rename from pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch rename to pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch index f5414dc..6951a5e 100644 --- a/pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch +++ b/pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch @@ -1,16 +1,16 @@ -Index: configure -=================================================================== ---- configure.orig 2012-04-10 13:11:53.944741960 +0200 -+++ configure 2012-04-10 13:12:09.310277199 +0200 -@@ -12650,107 +12650,12 @@ - $as_echo "no" >&6; } +diff -up configure.orig configure +--- configure.orig 2022-01-19 20:48:45.387511953 +0100 ++++ configure 2022-01-19 20:59:28.559523809 +0100 +@@ -15016,108 +15016,13 @@ else + printf "%s\n" "no" >&6; } fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking default TCP send buffer size" >&5 --$as_echo_n "checking default TCP send buffer size... " >&6; } --if test "$cross_compiling" = yes; then : +-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking default TCP send buffer size" >&5 +-printf %s "checking default TCP send buffer size... " >&6; } +-if test "$cross_compiling" = yes +-then : - CONF_TCP_SO_SNDBUF=65536 --else +-else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - @@ -40,30 +40,30 @@ Index: configure -} - -_ACEOF --if ac_fn_c_try_run "$LINENO"; then : +-if ac_fn_c_try_run "$LINENO" +-then : - CONF_TCP_SO_SNDBUF=`cat conftestval` --else +-else $as_nop - CONF_TCP_SO_SNDBUF=65536 -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CONF_TCP_SO_SNDBUF" >&5 --$as_echo "$CONF_TCP_SO_SNDBUF" >&6; } +-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CONF_TCP_SO_SNDBUF" >&5 +-printf "%s\n" "$CONF_TCP_SO_SNDBUF" >&6; } - -- - cat >>confdefs.h <<_ACEOF --#define CONF_TCP_SO_SNDBUF $CONF_TCP_SO_SNDBUF -+#define CONF_TCP_SO_SNDBUF 65536 - _ACEOF -- --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking default TCP receive buffer size" >&5 --$as_echo_n "checking default TCP receive buffer size... " >&6; } --if test "$cross_compiling" = yes; then : +-printf "%s\n" "#define CONF_TCP_SO_SNDBUF $CONF_TCP_SO_SNDBUF" >>confdefs.h ++printf "%s\n" "#define CONF_TCP_SO_SNDBUF 65536" >>confdefs.h + + +-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking default TCP receive buffer size" >&5 +-printf %s "checking default TCP receive buffer size... " >&6; } +-if test "$cross_compiling" = yes +-then : - CONF_TCP_SO_RCVBUF=65536 --else +-else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - @@ -93,22 +93,22 @@ Index: configure -} - -_ACEOF --if ac_fn_c_try_run "$LINENO"; then : +-if ac_fn_c_try_run "$LINENO" +-then : - CONF_TCP_SO_RCVBUF=`cat conftestval` --else +-else $as_nop - CONF_TCP_SO_RCVBUF=65536 -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CONF_TCP_SO_RCVBUF" >&5 --$as_echo "$CONF_TCP_SO_RCVBUF" >&6; } -- -- - cat >>confdefs.h <<_ACEOF --#define CONF_TCP_SO_RCVBUF $CONF_TCP_SO_RCVBUF -+#define CONF_TCP_SO_RCVBUF 65536 - _ACEOF +-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CONF_TCP_SO_RCVBUF" >&5 +-printf "%s\n" "$CONF_TCP_SO_RCVBUF" >&6; } + + +-printf "%s\n" "#define CONF_TCP_SO_RCVBUF $CONF_TCP_SO_RCVBUF" >>confdefs.h ++printf "%s\n" "#define CONF_TCP_SO_RCVBUF 65536" >>confdefs.h + diff --git a/pure-ftpd-1.0.50.tar.bz2 b/pure-ftpd-1.0.50.tar.bz2 new file mode 100644 index 0000000..3c6255c --- /dev/null +++ b/pure-ftpd-1.0.50.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6722c7fd09fe3c9ebbd572f3d097087ec7b32aacb3df8fa3400d4c07e4f377d7 +size 520167 diff --git a/pure-ftpd-1.0.50.tar.bz2.minisig b/pure-ftpd-1.0.50.tar.bz2.minisig new file mode 100644 index 0000000..35c560c --- /dev/null +++ b/pure-ftpd-1.0.50.tar.bz2.minisig @@ -0,0 +1,4 @@ +untrusted comment: signature from minisign secret key +RUQf6LRCGA9i57aBgT/tiGx1u6egpneerHNFnVcTxn+xTzczo+eqq4KwdZAzUobaHqAyMnIfL/qXmrDamBDNMBCRT6yOGR2XKwc= +trusted comment: timestamp:1637704947 file:pure-ftpd-1.0.50.tar.bz2 hashed +u6gmbzYNFi0OfccBzyL1Qs+/7N+1xSPrle1LEKJ4mfacBqqVPmdL7QGUTFYBlRhp1w4R36gBvvAt34/aMQePBw== diff --git a/pure-ftpd.changes b/pure-ftpd.changes index 1cd77a5..db9a0db 100644 --- a/pure-ftpd.changes +++ b/pure-ftpd.changes @@ -1,3 +1,43 @@ +------------------------------------------------------------------- +Wed Jan 19 19:06:34 UTC 2022 - Antoine Belvire + +- Update to version 1.0.50: + * Support for MD5, SHA1 and MySQL PASSWORD() function were removed for + password hashing. You should now use scrypt, argon2 or the system crypt(3) + function. + * Soft fail if a USER command is received without TLS and the server is + configured to enforce TLS. Previously, the session was immediately closed, + but that was too brutal for some clients. + * Allow connections from the class E network range -- apparently + required in some cases when using Linux containers. + * Large file listings used to require way more stack allocations than + necessary, possibly reaching hard-coded limits and causing a forced + session close. This has been fixed. (boo#1160111, CVE-2019-20176) + * The SPSV command has been removed. + * Under some circunstances, the server would not start when configured + with directory aliases. This has been fixed. + * PostgreSQL: hard-coded global configuration strings were not escaped. + This has been fixed. + * A warning is now printed when a transfer happens in ASCII mode, as + this is rarely intentional. + * Compilation with --without-ascii is now possible again. + * Configuration options for features that have been disabled at + compile-time are not parsed any more. + * When virtual quotas were configured, files were removed after an + upload if the size quota was exceeded, but not during the upload. This + has been fixed. (boo#1190205, CVE-2021-40524) + * A configuration file can now include other files with the `Include` + directive. + * Fix an out-of-bound read (boo#1164805, CVE-2020-9365). + * Fix a potential uninitialized pointer vulnerability (boo#1165134, + CVE-2020-9274). +- Build with libsodium-devel to support Argon password scheme. +- Remove obsolete `---with-rfc2640`: Support for RFC 2640 has been removed in + version 1.0.48. +- Rebase patch for bnc#407363: + * Remove pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch + * Add pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch + ------------------------------------------------------------------- Wed Oct 20 14:40:45 UTC 2021 - Johannes Segitz diff --git a/pure-ftpd.spec b/pure-ftpd.spec index 82307eb..637a3c2 100644 --- a/pure-ftpd.spec +++ b/pure-ftpd.spec @@ -1,7 +1,7 @@ # # spec file for package pure-ftpd # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: pure-ftpd -Version: 1.0.49 +Version: 1.0.50 Release: 0 Summary: A Lightweight, Fast, and Secure FTP Server License: BSD-3-Clause @@ -37,14 +37,15 @@ Patch1: %{name}-1.0.20_doc.patch # PATCH-FEATURE-OPENSUSE %{name}-1.0.20_virtualhosts.patch -- Custom VHOST_PATH on openSUSE. Patch2: %{name}-1.0.20_virtualhosts.patch Patch5: %{name}-1.0.49_ftpwho_path.patch -# PATCH-FIX-UPSTREAM %{name}-1.0.32-default_tcp_sedrcv_buffer_size.patch -Patch7: %{name}-1.0.32-default_tcp_sedrcv_buffer_size.patch +# PATCH-FIX-UPSTREAM %{name}-1.0.50-default_tcp_sedrcv_buffer_size.patch -- bnc#407363 +Patch7: %{name}-1.0.50-default_tcp_sedrcv_buffer_size.patch # PATCH-FIX-OPENSUSE: bnc#789833 # won't be upstreamed, can be dropped when systemd will be only one init system and kernel get AUDIT_LOGINUID_IMMUTABLE Patch8: pure-ftpd-1.0.36-cap-audit-control.patch Patch9: pure-ftpd-apparmor.patch Patch10: pure-ftpd-malloc-limit.patch BuildRequires: libcap-devel +BuildRequires: libsodium-devel BuildRequires: mysql-devel BuildRequires: openldap2-devel BuildRequires: pam-devel @@ -84,7 +85,6 @@ Apache log files, and more. CFLAGS="%{optflags} -I%{_includedir}/mysql" %configure \ --docdir=%{_docdir}/%{name} \ - --with-rfc2640 \ --sysconfdir=%{_sysconfdir}/%{name} \ --with-ldap \ --with-paranoidmsg \