Softpedia >Mac >Internet Utilities >Pure-FTPd >  Changelog

Pure-FTPd Changelog

What's new in Pure-FTPd 1.0.36

Mar 23, 2012
  • The safe_write()/safe_read() factorization broke extauth. Using safe_read_partial() to read from the extauth pipe wasn't enough. Bug reported by Rasmus Fauske.
  • Improved autoconf detection of -fstack-protector and -fPIE
  • If 10 digits are not enough to print the size of a file in an ls-like output, bump the max number of digits to 18. This adds support for files up to 1 exabyte.
  • Pure-FTPd can be compiled with Cygwin, ASLR/DEP is enabled by default on Windows, and ASCII downloads on Windows have been fixed.
  • A new undocumented macro, ALLOW_EVERYTHING_IN_FILE_NAMES, allows any characters in a file name. Disabled by default.
  • Don't display dot files (except . and ..) if dot_read_ok is 0 in donlist()
  • but not in sglob() yet. This change is purely cosmetic. There are many ways to figure out if a file exists.

New in Pure-FTPd 1.0.35 (Dec 8, 2011)

  • Improve compatibility with the Intel and Ekopath compilers.
  • Use more paranoid compiler options whenever possible, and preliminary
  • uncluttering of the autoconf script.
  • Try to cache locale-related data at startup after tzset(), rather
  • than during a session.
  • Fix quota computation after rename() overwrites an existing file.
  • Reported by Hiramoto Koujo, thanks!

New in Pure-FTPd 1.0.30 (Mar 10, 2011)

  • pure-quotacheck can now work with a large number of files.
  • OPTS UTF-8 is now an alias to OPTS UTF8.
  • Fix a STARTTLS flaw similar to Postfix’s CVE-2011-0411. If you’re using TLS, upgrading is recommended.

New in Pure-FTPd 1.0.29 (Mar 18, 2010)

  • max_dlmap_size was size_t instead off_t, causing misalignment while downloading > 4 Gb files on a 32-bits arch.
  • pread() vs lseek()+read() was a useless optimization, since pread() doesn't change the file position and further reads weren't going through plain read() calls.
  • iconv_fd_* should be initialized by (iconv_t) -1 as we test them upon exit. Fixes segfaults on glibc.
  • pure-uploadscript tries to reach the pipe during 30 seconds instead of 10.

New in Pure-FTPd 1.0.27 (Dec 3, 2009)

  • Have pureftpd_shutdown() shut the server down even if a client is connected on iPhone.
  • Allow users with no quota to delete .pureftpd-upload-* files.
  • Unbreak ipv6 support, reported by Brad Smith.
  • Disable SSLv3 renegotiation if an old SSL library is used. If you really want to re-enable SSLv3 renegotiation, even with a recent library, you can always define ACCEPT_SSL_RENEGOTIATION.

New in Pure-FTPd 1.0.26 (Nov 17, 2009)

  • Fix incompatibilities with Cyberduck when TLS is enabled.
  • Don't TLS_accept() immediately after accept(). Reply on the connection socket first, so that clients don't have to wait before knowing that they can actually use TLS. It avoids lags with LFTP and hangs with Cyberduck.
  • Properly change the process name on Linux when the -S option is used, by Margus Kaidja.
  • Unbreak authentication of non-chrooted users. Thanks to Juergen Daubert for the bug report.

New in Pure-FTPd 1.0.24 (Oct 25, 2009)

  • Refuse empty passwords in LDAP bind mode. Reported by Henning Brauer.
  • The package can now be compiled with gcc 2.

New in Pure-FTPd 1.0.23 (Oct 23, 2009)

  • LDAP: accept "enabled" as a correct value for FTPStatus as it used to be.
  • More useful error logging for OpenSSL errors.
  • Don't read certificates twice.
  • Fix compilation on Solaris with privsep, thanks to Ritesh Patel.
  • Don't replace : (as in IPv6 addresses) in host names. Thanks to Tero Pelander.
  • Add SUP top AUXILIARY to LDAP schema, suggested by Zhang Huangbin.
  • Don't ignore dot files even if -D is not supplied with the MLSD command.
  • Deinline code
  • Throttling more reliable
  • STAT is now working over TLS
  • DH keys for ephemeral key exchange are now handled
  • Fix libiconv checking
  • The column was missing in the PassivePortRange comment (thanks to Igor Alexadrov)
  • LDAP authentication through binding is now possible in addition to passwords. This allows for the FTP server to run with an unprivileged LDAP account. It also adds a warning if auth method password is used and doesn't find a userPassword attribute. This usually indicates that the LDAP bind DN cannot read the attributes, because it doesn't have sufficient privileges. Contributed by Wilco Baan Hofman.
  • Perform charset conversions on directory names. Issue spotted by Xianghu
  • Zhao.
  • Almost a complete rewrite of the upload, download and TLS code for more reliability
  • Seemlessly handle ABOR without any SIGURG
  • Try to immediately handle any kind of disconnection
  • Use poll() rather than select() as much as possible
  • Distinguish aborted (even the hard way) and completed download and upload operations in log files
  • Minor corrections to he French messages
  • Don't use atomic uploads unless --notruncate or --autorename have been enabled
  • Take care of removing .pureftpd-upload-* files in every possible case
  • List up to 10000 files per directory per default instead of 2000
  • Don't mess with TCP_NOPUSH, as it interferes with OpenSSL
  • New compile-time option: --with-implicittls in order to build a FTPS-only server
  • ./configure --localstatedir can now be used in order to avoid storing the scoreboard and other dynamic files in /var/run/
  • Quota handling reworked (easier, and way more reliable)
  • RNTO support even when quota are enabled.
  • A bunch of return codes were fixed to be more RFC-conformant.
  • ALLO command is now actually checking if an upload can occur without blowing the quota.
  • Don't change the TCP window size. Admins should do this as part of their system configuration.
  • Privsep is now enabled by default. Use --without-privsep to disable.
  • --without-banner is gone. If you have a cookie file (-F), the default banner won't be displayed.
  • Compile with PAM by default on OSX.
  • Switch the privsep process to _pure-ftpd or pure-ftpd when no privileged call is actually necessary. Since only the effective uid chances, it's not brutally useful yet, but it paves the way for forthcoming changes.
  • Install man pages with local paths instead of hard-coded ones.