Package Details: pure-ftpd 1.0.46-1

Git Clone URL: https://aur.archlinux.org/pure-ftpd.git (read-only)
Package Base: pure-ftpd
Description: A secure, production-quality and standard-conformant FTP server, focused on efficiency and ease of use.
Upstream URL: http://www.pureftpd.org/
Licenses: custom
Conflicts: pure-ftpd-db
Submitter: ilpianista
Maintainer: mrxx
Last Packager: mrxx
Votes: 43
Popularity: 0.000693
First Submitted: 2010-11-13 15:23
Last Updated: 2017-04-29 00:13

Latest Comments

mrxx commented on 2017-04-29 00:14

Updated to 1.0.46.

mrxx commented on 2017-01-30 22:11

Updated to 1.0.45.

mrxx commented on 2017-01-11 20:42

Updated to 1.0.44.

mrxx commented on 2016-08-01 09:22

Updated to 1.0.43.

mrxx commented on 2015-11-23 16:38

spapanik21, thanks for your suggestion. I've changed the location for the pidfile.
The libsodium problem should disappear when you update/reinstall the pure-ftpd package.

kleph's info about broken clients is now mentioned at install time.

spapanik21 commented on 2015-11-20 16:46

I noticed that the default value for the PIDFile is /run/pure-ftpd/pure-ftpd.pid, both in pure-ftpd.service and pure-ftpd.conf. The problem with that is that /run/pure-ftpd does not survive the restart and the service cannot restart.

The solution I am using is to change the location in both this places, but this does not survive the updates.

Furthermore, the last update broke it for me as I was getting the error:
"error while loading shared libraries: libsodium.so.13: cannot open shared object file: No such file or directory" when I was using the pure-pw.

mrxx commented on 2015-10-08 02:55

Of course the FQDN of the host may not always be the desired one, especially if the server is in a DMZ, but exactly for cases like this a note how to re-create the certificate is displayed, as was suggested by you.

Unfortunately, there is not much documentation about the BrokenClientsCompatibility parameter, but the decision to set it to "no" by default in the latest release seems to be security related. Therefore, I think it's better to follow upstream and leave it untouched, as very few clients are affected.

In the next release I'll add a note about broken clients and how to enable the parameter in the config file.

kleph commented on 2015-10-08 01:14

Just for the reference, I had trouble with a few FTP clients since 1.0.42.
Andftp and Total Commander, to name them, but filezilla and lftp are OK.
The first connection was good, logs were OK, but clients did not see anything in the directory.
Total commander did not say anything, and andftp complained about "connection closed unexpectedly". It was for the data connection, that's why ls did not show a thing.
I found that enabling "BrokenClientsCompatibility" fixed the problem.
As you're already modifying some parts of the defaults, maybe also adding this could be useful.

Extract of the upstream's changelog for the version 1.0.42 :
- The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
1.0.22 circa 2009, but disabled back then due to client compatibility
concerns) is now on by default, except in broken clients compatibility mode.

kleph commented on 2015-10-08 01:07

Thanks for the fast answer and fast integration :)

I do not face the FQDN problem, but that's may be due to the my config.
Pure's host is resolved as a FQDN for the local zone and I set the CN of my certificate (delivered by a local CA) to the FQDN of my external zone.
But as the forward and the reverse are resolved by a local DNS, I may miss the issue.

mrxx commented on 2015-10-07 02:20

Thanks kleph, I totally agree.
I've added an install script similar to your suggestions, but instead of only telling the user how to generate a self-signed certificate, it also generates one with matching CN=FQDN at install time if missing. (Otherwise the TLS-enabled ftp service would refuse to start.)

Updated to 1.0.42-2.

All comments