* Version 1.0.49:
- This version fixes a regression introduced in version 1.0.48 that broke
the external authentication feature. Reported by Peter Hudec, thanks!
- Sockets from `pure-authd` and `pure-extauth` are now always owned by
`root` in order to cope with the absence of `CAP_DAC_OVERRIDE` on Linux.
Suggested by Arkadiusz MiÅkiewicz, thanks!
* Version 1.0.48:
- SNI support has been added. A new service, `pure-certd`, can run
external code written in any language in order to map SNI names to TLS certificates.
- External authentication handlers get a new
`AUTHD_CLIENT_SNI_NAME` environment variable set when the client uses SNI.
- TLS certificates and keys can now be in different files.
- `make install` does not overwrite existing configuration files any
more. The example files layout has changed.
- TLS 1.3 is enabled when using OpenSSL 1.1.x.
- TLS < 1.2 is disabled by default.
- Quirks for obsolete OpenSSL versions have been removed.
- Username _ftp can be used as an alternative to ftp everywhere.
- Password hashing parameters are now chosen according to locally
available resources. The `pure-pw` command gets to new switches: `-C` (as
a hint regarding the number of simultaneous login attempts) and `-M`
(total memory, in MB, to reserve for password hashing).
- New translation: Albanian, thanks to Moisi Xhaferaj.
- The `PRET` command has been added. It can avoid opening useless data
connections for nonexistent content.
- Dot-files are always displayed. We don't lie any more in some
commands while not lying in other commands to respect the protocol.
- Support for RFC 2640 has been removed from the free version, as it
was early, experimental, slow, mostly broken and unmaintained code.
- The `NLST` command doesn't perform globbing any more.
- The `MLSD` command now prepends the path to file names.
* Version 1.0.47:
- Unlike other directory listing commands, the STAT command should
use TLS on the control channel even if TLS has been disabled on the data
channel. It wasn't the case; this has been fixed. Thanks to Carlo
Cannas.
- Return a 451 error code instead of 226 on aborted uploads.
- The system user "_ftp" can be used as an alternative to "ftp" for
anonymous sessions.
- Compatibility with libsodium > 1.0.12 was added (including minimal
mode).
* Version 1.0.46:
- The server can now be linked against OpenSSL 1.1.x with the strict API.
- Unmaintained contributions have been removed.
- Globbing: the number of * in an expression has been limited to 3.
* Version 1.0.45:
- TLS v1.0 sessions are now refused.
- Version 1.0.44 didn't properly parse the TLSCipherSuite directive.
This has been fixed.
* Version 1.0.44:
- The Perl and Python wrappers are gone. The daemon can now use a
configuration file without requiring external dependencies.
- Pure-FTPd can now be linked against OpenSSL 1.1.x
- The QUIT command didn't work properly when the server was compiled
without support for RFC2640. This has been fixed.
- 3DES was removed from the default cipher suite.
* Version 1.0.43:
- Passwords can now be hashed using Argon2.
- The -J switch didn't work any more in 1.0.42. This has been fixed.
- The default cipher suite was simplified.
- Authentication against system accounts is compatible with OpenBSD 6.0.
- Fixed: protocol conformance when TLS sessions are refused.
- Altlog records can now be sent to `stdout`/`stderr`.
* Version 1.0.42:
- Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
compiled with libsodium.
- The connection is now dropped if HTTP commands are received.
- LDAP force_default_gid and force_default_uid now work as documented.
- The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
1.0.22 circa 2009, but disabled back then due to client compatibility
concerns) is now on by default, except in broken clients compatibility mode.
* Version 1.0.41:
- libmariadb is looked for in addition to libmysqlclient
- MySQL: my_make_scrambled_password() is not always an exported
symbol any more, so pure-ftpd now ships a reimplementation.
- openssl/ec.h is not available on some Linux distributions that
disable EC in OpenSSL. This is being tested by autoconf.
- New command-line switch: -2/--certfile= to set the path to the
certificate file when using TLS.
* Version 1.0.40:
- Support for TCP_FASTOPEN added on Linux
- The LDAP configuration file didn't allow a default gid without also
defining a default uid. This is no longer the case.
- OpenBSD's glob() left the glob_t structure uninitialized if the
pattern was larger than PATH_MAX, causing globfree() to free() an
unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.
* Version 1.0.39:
- Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5)
- Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)
* Version 1.0.38:
- The default cipher suite is now ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH
- TLS forward secrecy support was added. DH parameters are loaded from
TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve
is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically
selected when using LibreSSL.
- scrypt hashed passwords can be used in the MySQL, PostgreSQL and
LDAP backends.
* Version 1.0.37:
- The -C: prefix can be added to the cipher suite in order to make valid
client certificates mandatory. This is no longer a compile-time option.
- The Clear Command Channel (CCC) command is now supported.
- pure-config.py is compatible with Python 3.
- SSL (v2, v3) is refused by default.
- The PureDB backend supports the scrypt function in order to hash
passwords. This is the preferred algorithm, but requires the presence
of libsodium.
- DES-hashed passwords are not supported any more.
- LDAP uid and gid values can over overridden in the LDAP configuration file.
- New LDAPUseTLS directive for LDAP.
- RC4 was killed.
* Version 1.0.36:
- The safe_write()/safe_read() factorization broke extauth. Using
safe_read_partial() to read from the extauth pipe wasn't enough.
Bug reported by Rasmus Fauske.
- Improved autoconf detection of -fstack-protector and -fPIE
- If 10 digits are not enough to print the size of a file in an
ls-like output, bump the max number of digits to 18. This adds support for
files up to 1 exabyte.
- Pure-FTPd can be compiled with Cygwin, ASLR/DEP is enabled by
default on Windows, and ASCII downloads on Windows have been fixed.
- A new undocumented macro, ALLOW_EVERYTHING_IN_FILE_NAMES, allows
any characters in a file name. Disabled by default.
- Don't display dot files (except . and ..) if dot_read_ok is 0 in
donlist() - but not in sglob() yet. This change is purely cosmetic. There are
many ways to figure out if a file exists.
Email address seems no longer deliverable (if you are the maintainer and
reading that and/or if the problem was just temporary please let me
know and I will update it!).
MASTER_SITES= site1 \
site2
style continuation lines to be simple repeated
MASTER_SITES+= site1
MASTER_SITES+= site2
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
Changes since 1.0.30:
- An old-standing bug has been fixed: when a file was renamed and overwrote an existing file, the quota wasn't properly updated.
- SITE UTIME now supports the 2-arguments syntax in addition to the 5-arguments syntax.
- Support for the MFMT command has been implemented.
- A default directory can now be specified when using the LDAP backend.
- Support SHA1 password hashing in MySQL and PostgreSQL backends
- Support for braces expansion in directory listings has been disabled - Cf. CVE-2011-0418
- The list of allowed ciphers for SSL/TLS connections can now be specified (--tlsciphersuite / -J).
- Shell-like escaping is now partially handled when emulating the "ls" command in order to improve compatibility with legacy clients.
- Linking issues with MySQL support on Fedora have been solved.
* Version 1.0.30:
- pure-quotacheck can now work with a large number of files.
- OPTS UTF-8 is now an alias to OPTS UTF8.
- Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411.
Changelog:
Version 1.0.29:
* Fixed corruption when downloading files larger than 4 Gb on a 32-bits arch.
* Fixed error on exit on Linux.
* Downloading should be slightly faster.
Version 1.0.28:
* When —autorename is enabled, an upload script will now get the final file name instead of the original one.
* The ALLO command now checks for the actual disk space in addition to the virtual quota.
* ABOR on OSX has been fixed.
* Fixed the virtual quota computation after an atomic upload has been resumed.
* Fixed AUTH_ENCRYPTED.
* A workaround against spurious disconnections with ncftp has been implemented.
Based on PR#42711 by Fredrik Pettai.
Pkgsrc changes:
Honor VARBASE.
* Version 1.0.27:
- IPv6 connections are accepted again (regression from version 1.0.26)
- SSLv3 renegociation has been disabled
- .pureftpd-upload-* files can be deleted by users with no quota.
- The server can be forced to shut down on iPhone.
* Version 1.0.26:
- Fix incompatibilities with Cyberduck and dramatically speed up directory
listings and transfers when TLS is enabled with some other clients like LFTP.
- Allow authentication of non-chrooted users again. It was a regression
from version 1.0.25. Spotted by Juergen Daubert.
* Version 1.0.25:
- The FTP server can now be built as a library for iPhone and iPod Touch.
- Display symbolic links in the MSLD command as symbolic links, unless the
broken clients mode is enabled, just like STAT/LIST/NLST.
- Enhanced compatibility with gcc 2.x and with custom installation paths.
- Fix packaging issues, especially when the server isn't installed in the
default paths
- Downloads now require less CPU and less memory.
- Fix an infinite loop that could lead to a client process burning a CPU
core if the client didn't disconnect properly. Reported by Thomas Min and
Margus Kaidja.
- Handle fake download resumes the traditional way for the sake of being
compatible with weird clients that insist on doing that.
- The group name is now always displayed instead of the gid when it matches the
primary user group.
* Version 1.0.24:
- When using LDAP in BIND mode, empty passwords are refused. Reported by
Henning Brauer.
* Version 1.0.23:
- The LDAP schema has been fixed.
- LDAP authentication through binding is now possible in addition to
passwords. This allows for the FTP server to run with an unprivileged LDAP
account.
- In LDAP objects, the "enabled" value is accepted again as a FTPStatus
property.
- Privilege separation is now enabled by default.
- The server should now properly compile on Solaris with privsep.
- Charset conversions are properly made on directory names.
- Transfers now handle every kind of disconnection.
- More informative log messages for errors and activity reporting.
- Virtual quotas are way more reliable and uploads are interrupted as soon as
quotas are exceeded.
- Atomic uploads are only used when necessary and only if --notruncate is
enabled.
- Dangling .pureftpd-upload files should be a thing of past.
- Enhanced conformance with RFCs and better compatibility with FTP clients.
- Improved SSL performance, compatibility and commands support.
- By default, up to 10000 files per directory can be listed instead of 2000.
- ALLO can now tell clients whether an upload would blow quotas before the
upload actually starts.
- PAM is now enabled by default on OSX.
- Switch euid to the _pure-ftpd account (unless it's nonexistent) in the
privsep process.
- --without-banner is not necessary any more. Having a cookie file
(--fortunefile=...) automatically disables the default banner, thus allowing
full customization of the welcome banner.
- ./configure --localstatedir is now honored in order to change the
run-time directory.
- Support for building a FTPS (implicit SSL/TLS) server, using
--with-implicittls
* Version 1.0.22:
- the LDAP authentication backend now supports TLS encryption.
- TLS encryption is supported on data channels.
- downloads require way less CPU time on platforms with slow mmap() calls.
- MySQL 5+ stored procedures can now be used in the authentication process.
- time zones issues should be fixed for good.
- on-demand directories can now be created with any set of permissions.
- password scrambling of MySQL 5+ is now supported.
- a catalan translation has been contributed.
- spurious disconnections due to some clients keepalive tricks have
been fixed.
- custom authentication handlers are now informed about the encryption
status of the session.
- standard-conformance and compatibility with several clients have improved.
- large files are now supported by default.
- enhanced support for Solaris.
- a bunch of bug fixes, optimizations and compatibility with newer
libraries and operating system versions.
- "ftp" and "anonymous" user names can have passwords if the -E switch (no
anonymous logins) is specified.
- in compatibility mode, non-dangling symbolic links are now displayed as
if they were regular files/directories.
- --with-everything now includes privsep.
support, from unex@linija.org via PR pkg/32901.
Changes:
* When SHA1HANDSOFF is defined, we shouldn't cast a pointer to a large union to
a char buffer, because of alignment required by some architectures.
* WITH_THROTTLING should actually be THROTTLING in src/log_extauth.c . It fixes
throttling with extauth. Reported and fixed by Marcus Merighi <mcmer@tor.at>
through Brad our beloved OpenBSD maintainer.
* Rendezvous has been renamed Bonjour.
* A double-close in the CHMOD command has been fixed.
* The old PAM sample has been removed.
* -F option added to pure-pw.
* MAX_USER_LENGTH has been bumped to 127 due to popular demand.
* pam/* can now be used if security/* doesn't exist. Fixes PAM detection on
MacOS X.
* Call tzset() in chrooted apps in order to get correct time zones in syslog
messages.
* simplify() simplifies paths ending by /. and /..
* MySQL's hash_password() needs 3 arguments since mySQL 4.1.
* Experimental support for RFC2640 (UTF-8 filename encoding) has been added,
derived from code by Jui-Nan Lin ===> added as "utf8" pkgsrc option.
* The LDAP schema has been changed: FTPStatus should be a boolean.
* New switch: -p (--pidfile=) for pure-authd and pure-uploadscript, by Old
Sparky.
* By popular request, even non-chrooted users are now denied access if their
home directory is not mounted.
* If die() is called during a TLS-enabled session, encrypt the death message.
Contributed by Cynix.
* Don't wrongly abort transfer during file upload. Fix by Patrick Gosling.
* WITH_LARGE_FILES is now defined by default.
* sendfile64() support on Linux.
* privsep and main processes were swapped out so that pure-ftpwho displays the
right pid.
* OPTS MLST has been implemented.
* SITE UTIME has been implemented.
* TCP_CORK is on by default again. A new configure switch, --without-cork, can
disable it.
* Correctly format %c and %% in fakesprintf().
* The connection socket is now created with the Nagle algorithm disabled. It
was the trick to dramatically improve performance when transfering a lot of
small files.
* Updated getopt_long() and realpath() substitutes.
* Allow logging to named pipes (thanks to Steve Marple).
* Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server.
* Documentation updates.
* MySQL errors are now logged.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
so that we'd not force dependance on specific MySQL version, and instead pick
the currently installed mysql*-client (or install the default if there
is no mysql-client package installed yet)
this makes package buildable with arbitrary MySQL version, such as 3.23.x,
4.0.x or 4.1.x
pkgsrc changes:
o move to bsd.options.mk framework
o add ldap options
package changes:
o On MacOS X Panther and Tiger, clients were sometimes rejected when they
has no reverse DNS entry and DNS resolution was enabled. This has been
fixed. Thanks to Yann Thomas Gerard <inside@parasiterecords.com> .
o The command-line parser was broken on FreeBSD and Solaris in version
1.0.19. This has also been fixed.
under ${PREFIX} instead of being an absolute path.
So fix the references using RCD_SCRIPTS_EXAMPLEDIR to be
${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}.
This should have no changes to use before.
Please note that the MESSAGE files in most cases are wrong in the
first place. We have automated mechanisms and could have an automated
message for explaining rc.d script usage. (This is something to do!)
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
patch provided by Sergio Jimenez in PR pkg/26381
* Version 1.0.19:
- A workaround for pure-ftpwho not working on OpenBSD has been added.
- Real disk space is no more shown.
- A possible denial of service when too many users were connected should be
fixed. Reported by Agri <agri@desnol.ru>, thanks!
