diff --git a/vsftpd-2.0.4-conf.diff b/vsftpd-2.0.4-conf.diff
index 8fea490..7b4a969 100644
--- a/vsftpd-2.0.4-conf.diff
+++ b/vsftpd-2.0.4-conf.diff
@@ -1,6 +1,6 @@
 --- vsftpd.conf
 +++ vsftpd.conf
-@@ -4,100 +4,214 @@
+@@ -4,100 +4,218 @@
  # loosens things up a bit, to make the ftp daemon more usable.
  # Please see vsftpd.conf.5 for all compiled in defaults.
  #
@@ -254,6 +254,10 @@
 -# the presence of the "-R" option, so there is a strong case for enabling it.
 -#ls_recurse_enable=YES
 +listen=YES
- 
++
 +# Set to ssl_enable=YES if you want to enable SSL
 +ssl_enable=NO
+ 
++# Limit passive ports to this range to assis firewalling
++pasv_min_port=1024
++pasv_max_port=2024
diff --git a/vsftpd-2.0.4-lib64.diff b/vsftpd-2.0.4-lib64.diff
index bd485e1..c9aff5e 100644
--- a/vsftpd-2.0.4-lib64.diff
+++ b/vsftpd-2.0.4-lib64.diff
@@ -16,11 +16,3 @@
    locate_library /usr/lib/libcrypt.so && echo "-lcrypt";
  fi
  
-@@ -44,6 +46,7 @@
- 
- # Look for libcap (capabilities)
- locate_library /lib/libcap.so.1 && echo "/lib/libcap.so.1";
-+locate_library /lib64/libcap.so.1 && echo "/lib64/libcap.so.1";
- locate_library /usr/lib/libcap.so && echo "-lcap";
- 
- # Solaris needs this for nanosleep()..
diff --git a/vsftpd-2.0.5-utf8-log-names.patch b/vsftpd-2.0.5-utf8-log-names.patch
index d16217d..b88e3f6 100644
--- a/vsftpd-2.0.5-utf8-log-names.patch
+++ b/vsftpd-2.0.5-utf8-log-names.patch
@@ -1,8 +1,8 @@
 Index: vsftpd-1.2.1/str.c
-===================================================================
---- vsftpd-1.2.1.orig/str.c
-+++ vsftpd-1.2.1/str.c
-@@ -27,6 +27,24 @@ static int str_equal_internal(const char
+================================================================================
+--- vsftpd-2.0.7/str.c
++++ vsftpd-2.0.7/str.c
+@@ -27,6 +27,24 @@
                                const char* p_buf2, unsigned int buf2_len);
  
  /* Private functions */
@@ -27,8 +27,8 @@ Index: vsftpd-1.2.1/str.c
  static void
  s_setbuf(struct mystr* p_str, char* p_newbuf)
  {
-@@ -153,6 +171,45 @@ str_reserve(struct mystr* p_str, unsigne
-   }
+@@ -158,6 +176,45 @@
+   p_str->p_buf[res_len - 1] = '\0';
  }
  
 +int str_is_utf8( const struct mystr* p_str )
@@ -73,7 +73,7 @@ Index: vsftpd-1.2.1/str.c
  int
  str_isempty(const struct mystr* p_str)
  {
-@@ -648,11 +705,13 @@ void
+@@ -657,11 +714,13 @@
  str_replace_unprintable(struct mystr* p_str, char new_char)
  {
    unsigned int i;
@@ -91,11 +91,9 @@ Index: vsftpd-1.2.1/str.c
      }
    }
  }
-Index: vsftpd-1.2.1/str.h
-===================================================================
---- vsftpd-1.2.1.orig/str.h
-+++ vsftpd-1.2.1/str.h
-@@ -36,6 +36,7 @@ void str_free(struct mystr* p_str);
+--- vsftpd-2.0.7/str.h
++++ vsftpd-2.0.7/str.h
+@@ -36,6 +36,7 @@
  void str_trunc(struct mystr* p_str, unsigned int trunc_len);
  void str_reserve(struct mystr* p_str, unsigned int res_len);
  
diff --git a/vsftpd-2.0.6-libcap2-fix.diff b/vsftpd-2.0.6-libcap2-fix.diff
index a252e12..16a939f 100644
--- a/vsftpd-2.0.6-libcap2-fix.diff
+++ b/vsftpd-2.0.6-libcap2-fix.diff
@@ -1,15 +1,14 @@
---- vsf_findlibs.sh-dist	2008-05-02 09:44:39.000000000 +0200
-+++ vsf_findlibs.sh	2008-05-02 09:46:35.000000000 +0200
+--- vsf_findlibs.sh
++++ vsf_findlibs.sh
 @@ -45,9 +45,10 @@
  locate_library /usr/lib/libsec.sl && echo "-lsec";
  
  # Look for libcap (capabilities)
 -locate_library /lib/libcap.so.1 && echo "/lib/libcap.so.1";
--locate_library /lib64/libcap.so.1 && echo "/lib64/libcap.so.1";
-+# locate_library /lib/libcap.so.1 && echo "/lib/libcap.so.1";
-+# locate_library /lib64/libcap.so.1 && echo "/lib64/libcap.so.1";
  locate_library /usr/lib/libcap.so && echo "-lcap";
+ locate_library /lib/libcap.so && echo "-lcap";
 +locate_library /usr/lib64/libcap.so && echo "-lcap";
++locate_library /lib64/libcap.so && echo "-lcap";
  
  # Solaris needs this for nanosleep()..
  locate_library /lib/libposix4.so && echo "-lposix4";
diff --git a/vsftpd-2.0.6-listen-retry.patch b/vsftpd-2.0.6-listen-retry.patch
deleted file mode 100644
index ebbe57c..0000000
--- a/vsftpd-2.0.6-listen-retry.patch
+++ /dev/null
@@ -1,73 +0,0 @@
---- vsftpd-2.0.4/standalone.c.listen-retry	2008-05-14 11:56:57.775023643 -0700
-+++ vsftpd-2.0.4/standalone.c	2008-05-14 12:11:16.501225812 -0700
-@@ -130,7 +130,11 @@
-       die("could not bind listening IPv6 socket");
-     }
-   }
--  vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG);
-+  retval = vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG);
-+  if (vsf_sysutil_retval_is_error(retval)) 
-+  {
-+    die("could not listen");
-+  }
-   vsf_sysutil_sockaddr_alloc(&p_accept_addr);
-   while (1)
-   {
---- vsftpd-2.0.4/sysutil.h.listen-retry	2008-05-14 11:55:58.851165197 -0700
-+++ vsftpd-2.0.4/sysutil.h	2008-05-14 12:07:08.357934466 -0700
-@@ -239,7 +239,7 @@
- struct vsf_sysutil_socketpair_retval
-   vsf_sysutil_unix_stream_socketpair(void);
- int vsf_sysutil_bind(int fd, const struct vsf_sysutil_sockaddr* p_sockptr);
--void vsf_sysutil_listen(int fd, const unsigned int backlog);
-+int vsf_sysutil_listen(int fd, const unsigned int backlog);
- void vsf_sysutil_getsockname(int fd, struct vsf_sysutil_sockaddr** p_sockptr);
- void vsf_sysutil_getpeername(int fd, struct vsf_sysutil_sockaddr** p_sockptr);
- int vsf_sysutil_accept_timeout(int fd, struct vsf_sysutil_sockaddr* p_sockaddr,
---- vsftpd-2.0.4/postlogin.c.listen-retry	2008-05-14 11:54:22.182803066 -0700
-+++ vsftpd-2.0.4/postlogin.c	2008-05-14 12:14:08.116688582 -0700
-@@ -555,7 +555,11 @@
-     retval = vsf_sysutil_bind(p_sess->pasv_listen_fd, s_p_sockaddr);
-     if (!vsf_sysutil_retval_is_error(retval))
-     {
--      break;
-+      retval = vsf_sysutil_listen(p_sess->pasv_listen_fd, 1);
-+      if (!vsf_sysutil_retval_is_error(retval))
-+      {
-+        break;
-+      }
-     }
-     if (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE)
-     {
-@@ -567,7 +571,6 @@
-   {
-     die("vsf_sysutil_bind");
-   }
--  vsf_sysutil_listen(p_sess->pasv_listen_fd, 1);
-   if (is_epsv)
-   {
-     str_alloc_text(&s_pasv_res_str, "Entering Extended Passive Mode (|||");
---- vsftpd-2.0.4/sysutil.c.listen-retry	2006-01-09 09:05:18.000000000 -0800
-+++ vsftpd-2.0.4/sysutil.c	2008-05-14 12:06:41.211606698 -0700
-@@ -1614,14 +1614,18 @@
-   return bind(fd, p_sockaddr, len);
- }
- 
--void
-+int
- vsf_sysutil_listen(int fd, const unsigned int backlog)
- {
-   int retval = listen(fd, backlog);
--  if (retval != 0)
-+  if (vsf_sysutil_retval_is_error(retval))
-   {
--    die("listen");
-+    if (vsf_sysutil_get_error() != kVSFSysUtilErrADDRINUSE) 
-+    {
-+      die("listen");
-+    }
-   }
-+  return(retval);
- }
- 
- /* Warning: callers of this function assume it does NOT make use of any
diff --git a/vsftpd-2.0.6-write_race.patch b/vsftpd-2.0.6-write_race.patch
index 7fc84bc..d255d4f 100644
--- a/vsftpd-2.0.6-write_race.patch
+++ b/vsftpd-2.0.6-write_race.patch
@@ -1,27 +1,14 @@
-diff -up vsftpd-2.0.5/sysutil.h.write_race vsftpd-2.0.5/sysutil.h
---- vsftpd-2.0.5/sysutil.h.write_race	2007-11-21 08:48:28.000000000 +0100
-+++ vsftpd-2.0.5/sysutil.h	2007-11-21 08:48:28.000000000 +0100
-@@ -91,6 +91,8 @@ void vsf_sysutil_close(int fd);
- int vsf_sysutil_close_failok(int fd);
- int vsf_sysutil_unlink(const char* p_dead);
- int vsf_sysutil_write_access(const char* p_filename);
-+/* Trucate after open */
-+int vsf_sysutil_truncate(int fd, filesize_t length);
- 
- /* Reading and writing */
- void vsf_sysutil_lseek_to(const int fd, filesize_t seek_pos);
-diff -up vsftpd-2.0.5/postlogin.c.write_race vsftpd-2.0.5/postlogin.c
---- vsftpd-2.0.5/postlogin.c.write_race	2007-11-21 08:48:28.000000000 +0100
-+++ vsftpd-2.0.5/postlogin.c	2007-11-21 08:51:59.000000000 +0100
-@@ -953,6 +953,7 @@ handle_upload_common(struct vsf_session*
-   struct vsf_transfer_ret trans_ret;
-   int new_file_fd;
+--- postlogin.c
++++ postlogin.c
+@@ -983,6 +983,7 @@
    int remote_fd;
+   int success = 0;
+   int created = 0;
 +  int truncit = 0;
    filesize_t offset = p_sess->restart_pos;
    p_sess->restart_pos = 0;
    if (!data_transfer_checks_ok(p_sess))
-@@ -987,7 +988,15 @@ handle_upload_common(struct vsf_session*
+@@ -1017,7 +1018,15 @@
      /* For non-anonymous, allow open() to overwrite or append existing files */
      if (!is_append && offset == 0)
      {
@@ -38,7 +25,7 @@ diff -up vsftpd-2.0.5/postlogin.c.write_race vsftpd-2.0.5/postlogin.c
      }
      else
      {
-@@ -1023,6 +1032,11 @@ handle_upload_common(struct vsf_session*
+@@ -1060,6 +1069,11 @@
    if (tunable_lock_upload_files)
    {
      vsf_sysutil_lock_file_write(new_file_fd);
@@ -50,10 +37,9 @@ diff -up vsftpd-2.0.5/postlogin.c.write_race vsftpd-2.0.5/postlogin.c
    }
    if (!is_append && offset != 0)
    {
-diff -up vsftpd-2.0.5/sysutil.c.write_race vsftpd-2.0.5/sysutil.c
---- vsftpd-2.0.5/sysutil.c.write_race	2007-11-21 08:48:28.000000000 +0100
-+++ vsftpd-2.0.5/sysutil.c	2007-11-21 08:48:28.000000000 +0100
-@@ -1196,6 +1196,12 @@ vsf_sysutil_close_failok(int fd)
+--- sysutil.c
++++ sysutil.c
+@@ -1200,6 +1200,12 @@
  }
  
  int
@@ -66,3 +52,14 @@ diff -up vsftpd-2.0.5/sysutil.c.write_race vsftpd-2.0.5/sysutil.c
  vsf_sysutil_unlink(const char* p_dead)
  {
    return unlink(p_dead);
+--- sysutil.h
++++ sysutil.h
+@@ -90,6 +90,8 @@
+ int vsf_sysutil_close_failok(int fd);
+ int vsf_sysutil_unlink(const char* p_dead);
+ int vsf_sysutil_write_access(const char* p_filename);
++/* Trucate after open */
++int vsf_sysutil_truncate(int fd, filesize_t length);
+ 
+ /* Reading and writing */
+ void vsf_sysutil_lseek_to(const int fd, filesize_t seek_pos);
diff --git a/vsftpd-2.0.6.tar.bz2 b/vsftpd-2.0.6.tar.bz2
deleted file mode 100644
index 6b2dab1..0000000
--- a/vsftpd-2.0.6.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:08a00c726f74f68c5682d826dcb3f038c307ffef59ab88753e3ac0c462b08cd8
-size 118231
diff --git a/vsftpd-2.0.7.tar.bz2 b/vsftpd-2.0.7.tar.bz2
new file mode 100644
index 0000000..31de9b7
--- /dev/null
+++ b/vsftpd-2.0.7.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:56567db3afd6939599a5361aa69aad9358b2820e94f500bcb7e9ede1401f39c6
+size 119410
diff --git a/vsftpd.changes b/vsftpd.changes
index e2ba60a..e2bd49f 100644
--- a/vsftpd.changes
+++ b/vsftpd.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Mon Sep  8 15:30:43 CEST 2008 - hvogel@suse.de
+
+- version 2.0.7 
+  * Fix man page typo
+  * Enhance logging for debug_ssl
+  * Shutdown the SSL data connections properly
+  * Add option to enforce proper SSL shutdown on uploads
+  * Add option to delete failed uploads
+- limit port range for passv to 1024:2024 to assist firewalling
+  [bnc#420671]
+
 -------------------------------------------------------------------
 Wed Jun 11 12:44:25 CEST 2008 - hvogel@suse.de
 
diff --git a/vsftpd.firewall b/vsftpd.firewall
index 0a85d5c..c550039 100644
--- a/vsftpd.firewall
+++ b/vsftpd.firewall
@@ -2,10 +2,10 @@
 ## Description: Opens ports for vsftpd Server.
 
 # space separated list of allowed TCP ports
-TCP="ftp ftp-data"
+TCP="ftp 1024:2024"
 
 # space separated list of allowed UDP ports
-UDP="ftp-data"
+UDP=""
 
 # space separated list of allowed RPC services
 RPC=""
diff --git a/vsftpd.spec b/vsftpd.spec
index 3d90abb..6269ee8 100644
--- a/vsftpd.spec
+++ b/vsftpd.spec
@@ -1,10 +1,17 @@
 #
-# spec file for package vsftpd (Version 2.0.6)
+# spec file for package vsftpd (Version 2.0.7)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
 #
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
@@ -18,8 +25,8 @@ BuildRequires:  libcap
 %else
 BuildRequires:  libcap-devel
 %endif
-Version:        2.0.6
-Release:        27
+Version:        2.0.7
+Release:        1
 Summary:        Very Secure FTP Daemon - Written from Scratch
 License:        GPL v2 or later
 Group:          Productivity/Networking/Ftp/Servers
@@ -42,7 +49,6 @@ Patch7:         %name-2.0.5-enable-debuginfo.patch
 Patch8:         %name-2.0.5-utf8-log-names.patch
 Patch9:         %name-2.0.6-libcap2-fix.diff
 Patch10:        %name-2.0.6-write_race.patch
-Patch11:        %name-2.0.6-listen-retry.patch 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Provides:       ftp-server
 PreReq:         %insserv_prereq /usr/sbin/useradd
@@ -66,7 +72,6 @@ Authors:
 
 %prep
 %setup -q
-%patch
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
@@ -76,8 +81,8 @@ Authors:
 %patch7
 %patch8 -p1
 %patch9
-%patch10 -p1
-%patch11 -p1
+%patch10
+%patch
 
 %build
 rm -f dummyinc/sys/capability.h
@@ -133,6 +138,15 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
 
 %changelog
+* Mon Sep 08 2008 hvogel@suse.de
+- version 2.0.7
+  * Fix man page typo
+  * Enhance logging for debug_ssl
+  * Shutdown the SSL data connections properly
+  * Add option to enforce proper SSL shutdown on uploads
+  * Add option to delete failed uploads
+- limit port range for passv to 1024:2024 to assist firewalling
+  [bnc#420671]
 * Wed Jun 11 2008 hvogel@suse.de
 - Fix simultaneous ftp put of the same file [bnc#361559, bnc#273454]
 - dont die on EADDRINUSE but try again [bnc#395899]