Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package pure-ftpd for openSUSE:Factory
checked in at 2022-01-24 23:09:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pure-ftpd (Old)
and /work/SRC/openSUSE:Factory/.pure-ftpd.new.1938 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pure-ftpd"
Mon Jan 24 23:09:50 2022 rev:4 rq:948336 version:1.0.50
Changes:
--------
--- /work/SRC/openSUSE:Factory/pure-ftpd/pure-ftpd.changes 2021-10-29
22:35:39.367714367 +0200
+++ /work/SRC/openSUSE:Factory/.pure-ftpd.new.1938/pure-ftpd.changes
2022-01-24 23:10:15.998646167 +0100
@@ -1,0 +2,40 @@
+Wed Jan 19 19:06:34 UTC 2022 - Antoine Belvire <antoine.belv...@opensuse.org>
+
+- Update to version 1.0.50:
+ * Support for MD5, SHA1 and MySQL PASSWORD() function were removed for
+ password hashing. You should now use scrypt, argon2 or the system crypt(3)
+ function.
+ * Soft fail if a USER command is received without TLS and the server is
+ configured to enforce TLS. Previously, the session was immediately closed,
+ but that was too brutal for some clients.
+ * Allow connections from the class E network range -- apparently
+ required in some cases when using Linux containers.
+ * Large file listings used to require way more stack allocations than
+ necessary, possibly reaching hard-coded limits and causing a forced
+ session close. This has been fixed. (boo#1160111, CVE-2019-20176)
+ * The SPSV command has been removed.
+ * Under some circunstances, the server would not start when configured
+ with directory aliases. This has been fixed.
+ * PostgreSQL: hard-coded global configuration strings were not escaped.
+ This has been fixed.
+ * A warning is now printed when a transfer happens in ASCII mode, as
+ this is rarely intentional.
+ * Compilation with --without-ascii is now possible again.
+ * Configuration options for features that have been disabled at
+ compile-time are not parsed any more.
+ * When virtual quotas were configured, files were removed after an
+ upload if the size quota was exceeded, but not during the upload. This
+ has been fixed. (boo#1190205, CVE-2021-40524)
+ * A configuration file can now include other files with the `Include`
+ directive.
+ * Fix an out-of-bound read (boo#1164805, CVE-2020-9365).
+ * Fix a potential uninitialized pointer vulnerability (boo#1165134,
+ CVE-2020-9274).
+- Build with libsodium-devel to support Argon password scheme.
+- Remove obsolete `---with-rfc2640`: Support for RFC 2640 has been removed in
+ version 1.0.48.
+- Rebase patch for bnc#407363:
+ * Remove pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch
+ * Add pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch
+
+-------------------------------------------------------------------
Old:
----
pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch
pure-ftpd-1.0.49.tar.bz2
pure-ftpd-1.0.49.tar.bz2.minisig
New:
----
pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch
pure-ftpd-1.0.50.tar.bz2
pure-ftpd-1.0.50.tar.bz2.minisig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pure-ftpd.spec ++++++
--- /var/tmp/diff_new_pack.TiN3MC/_old 2022-01-24 23:10:16.738641110 +0100
+++ /var/tmp/diff_new_pack.TiN3MC/_new 2022-01-24 23:10:16.742641082 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pure-ftpd
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: pure-ftpd
-Version: 1.0.49
+Version: 1.0.50
Release: 0
Summary: A Lightweight, Fast, and Secure FTP Server
License: BSD-3-Clause
@@ -37,14 +37,15 @@
# PATCH-FEATURE-OPENSUSE %{name}-1.0.20_virtualhosts.patch -- Custom
VHOST_PATH on openSUSE.
Patch2: %{name}-1.0.20_virtualhosts.patch
Patch5: %{name}-1.0.49_ftpwho_path.patch
-# PATCH-FIX-UPSTREAM %{name}-1.0.32-default_tcp_sedrcv_buffer_size.patch
-Patch7: %{name}-1.0.32-default_tcp_sedrcv_buffer_size.patch
+# PATCH-FIX-UPSTREAM %{name}-1.0.50-default_tcp_sedrcv_buffer_size.patch --
bnc#407363
+Patch7: %{name}-1.0.50-default_tcp_sedrcv_buffer_size.patch
# PATCH-FIX-OPENSUSE: bnc#789833
# won't be upstreamed, can be dropped when systemd will be only one init
system and kernel get AUDIT_LOGINUID_IMMUTABLE
Patch8: pure-ftpd-1.0.36-cap-audit-control.patch
Patch9: pure-ftpd-apparmor.patch
Patch10: pure-ftpd-malloc-limit.patch
BuildRequires: libcap-devel
+BuildRequires: libsodium-devel
BuildRequires: mysql-devel
BuildRequires: openldap2-devel
BuildRequires: pam-devel
@@ -84,7 +85,6 @@
CFLAGS="%{optflags} -I%{_includedir}/mysql"
%configure \
--docdir=%{_docdir}/%{name} \
- --with-rfc2640 \
--sysconfdir=%{_sysconfdir}/%{name} \
--with-ldap \
--with-paranoidmsg \
++++++ pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch ->
pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch ++++++
---
/work/SRC/openSUSE:Factory/pure-ftpd/pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch
2021-05-02 18:39:10.856164205 +0200
+++
/work/SRC/openSUSE:Factory/.pure-ftpd.new.1938/pure-ftpd-1.0.50-default_tcp_sedrcv_buffer_size.patch
2022-01-24 23:10:15.958646441 +0100
@@ -1,16 +1,16 @@
-Index: configure
-===================================================================
---- configure.orig 2012-04-10 13:11:53.944741960 +0200
-+++ configure 2012-04-10 13:12:09.310277199 +0200
-@@ -12650,107 +12650,12 @@
- $as_echo "no" >&6; }
+diff -up configure.orig configure
+--- configure.orig 2022-01-19 20:48:45.387511953 +0100
++++ configure 2022-01-19 20:59:28.559523809 +0100
+@@ -15016,108 +15016,13 @@ else
+ printf "%s\n" "no" >&6; }
fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking default TCP send buffer
size" >&5
--$as_echo_n "checking default TCP send buffer size... " >&6; }
--if test "$cross_compiling" = yes; then :
+-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking default TCP send
buffer size" >&5
+-printf %s "checking default TCP send buffer size... " >&6; }
+-if test "$cross_compiling" = yes
+-then :
- CONF_TCP_SO_SNDBUF=65536
--else
+-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
@@ -40,30 +40,30 @@
-}
-
-_ACEOF
--if ac_fn_c_try_run "$LINENO"; then :
+-if ac_fn_c_try_run "$LINENO"
+-then :
- CONF_TCP_SO_SNDBUF=`cat conftestval`
--else
+-else $as_nop
- CONF_TCP_SO_SNDBUF=65536
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CONF_TCP_SO_SNDBUF" >&5
--$as_echo "$CONF_TCP_SO_SNDBUF" >&6; }
+-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CONF_TCP_SO_SNDBUF" >&5
+-printf "%s\n" "$CONF_TCP_SO_SNDBUF" >&6; }
-
--
- cat >>confdefs.h <<_ACEOF
--#define CONF_TCP_SO_SNDBUF $CONF_TCP_SO_SNDBUF
-+#define CONF_TCP_SO_SNDBUF 65536
- _ACEOF
--
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking default TCP receive buffer
size" >&5
--$as_echo_n "checking default TCP receive buffer size... " >&6; }
--if test "$cross_compiling" = yes; then :
+-printf "%s\n" "#define CONF_TCP_SO_SNDBUF $CONF_TCP_SO_SNDBUF" >>confdefs.h
++printf "%s\n" "#define CONF_TCP_SO_SNDBUF 65536" >>confdefs.h
+
+
+-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking default TCP receive
buffer size" >&5
+-printf %s "checking default TCP receive buffer size... " >&6; }
+-if test "$cross_compiling" = yes
+-then :
- CONF_TCP_SO_RCVBUF=65536
--else
+-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
@@ -93,22 +93,22 @@
-}
-
-_ACEOF
--if ac_fn_c_try_run "$LINENO"; then :
+-if ac_fn_c_try_run "$LINENO"
+-then :
- CONF_TCP_SO_RCVBUF=`cat conftestval`
--else
+-else $as_nop
- CONF_TCP_SO_RCVBUF=65536
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CONF_TCP_SO_RCVBUF" >&5
--$as_echo "$CONF_TCP_SO_RCVBUF" >&6; }
--
--
- cat >>confdefs.h <<_ACEOF
--#define CONF_TCP_SO_RCVBUF $CONF_TCP_SO_RCVBUF
-+#define CONF_TCP_SO_RCVBUF 65536
- _ACEOF
+-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CONF_TCP_SO_RCVBUF" >&5
+-printf "%s\n" "$CONF_TCP_SO_RCVBUF" >&6; }
+
+
+-printf "%s\n" "#define CONF_TCP_SO_RCVBUF $CONF_TCP_SO_RCVBUF" >>confdefs.h
++printf "%s\n" "#define CONF_TCP_SO_RCVBUF 65536" >>confdefs.h
+
++++++ pure-ftpd-1.0.49.tar.bz2 -> pure-ftpd-1.0.50.tar.bz2 ++++++
++++ 27305 lines of diff (skipped)
++++++ pure-ftpd-1.0.49.tar.bz2.minisig -> pure-ftpd-1.0.50.tar.bz2.minisig
++++++
--- /work/SRC/openSUSE:Factory/pure-ftpd/pure-ftpd-1.0.49.tar.bz2.minisig
2021-05-02 18:39:10.884164085 +0200
+++
/work/SRC/openSUSE:Factory/.pure-ftpd.new.1938/pure-ftpd-1.0.50.tar.bz2.minisig
2022-01-24 23:10:15.986646249 +0100
@@ -1,4 +1,4 @@
untrusted comment: signature from minisign secret key
-RWQf6LRCGA9i53jbtkymhF4h2cC4NwgcDPxMLwbbhQpd+MxuhP9fq63KtlLE99n1OoP2l4pdNwopuh/B6dXVy5+kPRwsx5AyxA8=
-trusted comment: timestamp:1554289403 file:pure-ftpd-1.0.49.tar.bz2
-3H/r3tHgNMKLhBn9DRGOJ/vUDhe1ZF33iAfMnNI/D28ApGcmalgyac/TtBiYP+R1h+8prBTo1QIpp4acRr0VDA==
+RUQf6LRCGA9i57aBgT/tiGx1u6egpneerHNFnVcTxn+xTzczo+eqq4KwdZAzUobaHqAyMnIfL/qXmrDamBDNMBCRT6yOGR2XKwc=
+trusted comment: timestamp:1637704947 file:pure-ftpd-1.0.50.tar.bz2 hashed
+u6gmbzYNFi0OfccBzyL1Qs+/7N+1xSPrle1LEKJ4mfacBqqVPmdL7QGUTFYBlRhp1w4R36gBvvAt34/aMQePBw==
