Changelog |
* Wed Jul 29 2020 Paul Howarth <paul@city-fan.org> - 1.3.7a-3
- Handle changed API in check 0.15
(see https://bugzilla.redhat.com/show_bug.cgi?id=1850198)
- Work around getaddrinfo() returning EAGAIN in netaddr api test
(https://github.com/proftpd/proftpd/pull/1075)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.7a-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 22 2020 Paul Howarth <paul@city-fan.org> - 1.3.7a-1
- Update to 1.3.7a
- Fix build-time regression when using the --localstatedir configure option
(https://github.com/proftpd/proftpd/issues/1055)
- Modernize spec using %{make_build} and %{make_install}
* Tue Jul 21 2020 Paul Howarth <paul@city-fan.org> - 1.3.7-1
- Update to 1.3.7 (see RELEASE_NOTES for details)
- Fix regression in configure script
https://github.com/proftpd/proftpd/issues/1055
https://github.com/proftpd/proftpd/pull/1056
* Tue Jul 21 2020 Paul Howarth <paul@city-fan.org> - 1.3.6e-1
- Update to 1.3.6e
- Fixed null pointer dereference in mod_sftp when using SCP incorrectly
(https://github.com/proftpd/proftpd/issues/1043)
* Sun May 31 2020 Paul Howarth <paul@city-fan.org> - 1.3.6d-1
- Update to 1.3.6d
- Fixed issue with FTPS uploads of large files using TLSv1.3
(https://github.com/proftpd/proftpd/issues/959)
- Fixed regression in the handling of '%{env:...}' configuration variables
when the environment variable is not present
(https://github.com/proftpd/proftpd/issues/857)
- Second LIST of the same symlink shows different results
(https://github.com/proftpd/proftpd/issues/940)
- mod_sftp sends broken response when CREATETIME attribute is requested
(https://github.com/proftpd/proftpd/issues/980)
- Handle zero-length SFTP WRITE requests without error
(http://bugs.proftpd.org/show_bug.cgi?id=4398)
- PidFile should not be world-writable
(https://github.com/proftpd/proftpd/issues/1018)
- TLSv1.3 handshake fails due to missing session ticket key on some systems
(https://github.com/proftpd/proftpd/issues/1014)
- Lowercased FTP commands not properly identified
(https://github.com/proftpd/proftpd/issues/1023)
* Sat May 09 2020 Paul Howarth <paul@city-fan.org> - 1.3.6c-3
- Avoid duplicate hostname and timestamps in syslog (#1808989)
http://bugs.proftpd.org/show_bug.cgi?id=4185
https://github.com/proftpd/proftpd/issues/1002
https://github.com/proftpd/proftpd/pull/1009
* Mon Apr 20 2020 Paul Howarth <paul@city-fan.org> - 1.3.6c-2
- Retain a memory pool after an aborted transfer so that the %{transfer-status}
LogFormat functionality still works
- Own directory %{_sysconfdir}/logrotate.d
* Wed Feb 19 2020 Paul Howarth <paul@city-fan.org> - 1.3.6c-1
- Update to 1.3.6c
- Use-after-free vulnerability in memory pools during data transfer
(CVE-2020-9273, https://github.com/proftpd/proftpd/issues/903)
- Fix mod_tls compilation with LibreSSL 2.9.x
(https://github.com/proftpd/proftpd/issues/810)
- MaxClientsPerUser was not enforced for SFTP logins when mod_digest was
enabled (https://github.com/proftpd/proftpd/issues/750)
- mod_sftp now handles an OpenSSH-specific private key format; it detects
such keys, and logs a hint about reformatting them to a supported format
(https://github.com/proftpd/proftpd/issues/793)
- Directory listing was slower compared to previous ProFTPD versions
(https://github.com/proftpd/proftpd/issues/793)
- mod_sftp crashed when using pubkey-auth with DSA keys
(https://github.com/proftpd/proftpd/issues/866)
- Fix improper handling of TLS CRL lookups (CVE-2019-19269, CVE-2019-19270,
https://github.com/proftpd/proftpd/issues/859)
- Leaking PAM handler and data in case of unsuccessful authentication
(https://github.com/proftpd/proftpd/issues/870)
- SSH authentication failed for many clients due to receiving of
SSH_MSG_IGNORE packet (http://bugs.proftpd.org/show_bug.cgi?id=4385)
- SFTP publickey authentication failed unexpectedly when user had no shadow
password info. (https://github.com/proftpd/proftpd/issues/890)
- ftpasswd failed to restore password file permissions in some cases
(https://github.com/proftpd/proftpd/issues/898)
- Out-of-bounds read in mod_cap getstateflags() function; this has been
addressed by updating the bundled version of libcap
(CVE-2020-9272, https://github.com/proftpd/proftpd/issues/902)
Note that this build of ProFTPD uses the system version of libcap and not
the bundled version, and is not vulnerable to this issue
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.6b-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jan 22 2020 Paul Howarth <paul@city-fan.org> - 1.3.6b-3
- Fix API tests compile failure with GCC 10
https://github.com/proftpd/proftpd/pull/886
- mod_sftp: When handling the 'keyboard-interactive' authentication mechanism,
as used for (e.g.) PAM, make sure to properly handle DEBUG, IGNORE,
DISCONNECT, and UNIMPLEMENTED messages, per RFC 4253
(http://bugs.proftpd.org/show_bug.cgi?id=4385)
* Fri Nov 29 2019 Paul Howarth <paul@city-fan.org> - 1.3.6b-2
- Fix handling of CRL lookups by properly using issuer for lookups, and
guarding against null pointers (GH#859, GH#861, CVE-2019-19269,
CVE-2019-19270)
* Sun Oct 20 2019 Paul Howarth <paul@city-fan.org> - 1.3.6b-1
- Update to 1.3.6b
- Fixed pre-authentication remote denial-of-service issue
(CVE-2019-18217, https://github.com/proftpd/proftpd/issues/846)
* Sun Oct 13 2019 Paul Howarth <paul@city-fan.org> - 1.3.6a-1
- Update to 1.3.6a
- Configure script wrongly detected AIX lastlog functions
(http://bugs.proftpd.org/show_bug.cgi?id=4304)
- AllowChrootSymlinks off could cause login failures depending on filesystem
permissions (http://bugs.proftpd.org/show_bug.cgi?id=4306)
- mod_ctrls: error: unable to bind to local socket: Address already in use
(https://github.com/proftpd/proftpd/issues/501)
- Failed to handle multiple %{env:...} variables in single word in
configuration (https://github.com/proftpd/proftpd/issues/507)
- mod_sftp failed to check shadow password information when publickey
authentication used (http://bugs.proftpd.org/show_bug.cgi?id=4308)
- Use of "AllowEmptyPasswords off" broke SFTP/SCP logins
(http://bugs.proftpd.org/show_bug.cgi?id=4309)
- Use of mod_facl as static module caused ProFTPD to die on SIGHUP/restart
(http://bugs.proftpd.org/show_bug.cgi?id=4310)
- Use of curve25519-sha256@libssh.org SSH2 key exchange sometimes failed
(https://github.com/proftpd/proftpd/issues/556)
- Close extra file descriptors at startup
(http://bugs.proftpd.org/show_bug.cgi?id=4312)
- <Anonymous> with AuthAliasOnly in effect did not work as expected
(http://bugs.proftpd.org/show_bug.cgi?id=4314)
- CreateHome NoRootPrivs only worked partially
(https://github.com/proftpd/proftpd/issues/568)
- SFTP OPEN response included attribute flags that are not actually provided
(https://github.com/proftpd/proftpd/issues/578)
- Truncation of file while being downloaded with sendfile enabled caused
timeouts due to infinite loop (http://bugs.proftpd.org/show_bug.cgi?id=4318)
- FTP uploads frequently broke due to "Interrupted system call" error
(http://bugs.proftpd.org/show_bug.cgi?id=4319)
- Site-to-site transfers over TLS failed
(https://github.com/proftpd/proftpd/issues/618)
- Can't see symlinks using any FTP client when using MLSD
(http://bugs.proftpd.org/show_bug.cgi?id=4322)
- mod_tls 1.3.6 failed to compile using OpenSSL 0.9.8e
(http://bugs.proftpd.org/show_bug.cgi?id=4325)
- Using MaxClientsPerHost 1 in <Anonymous> section denied logins
(http://bugs.proftpd.org/show_bug.cgi?id=4326)
- SQLNamedConnectInfo with different backend database did not work properly
(https://github.com/proftpd/proftpd/issues/642)
- Segfault with mod_sftp+mod_sftp_pam after successful authentication using
keyboard-interactive method (https://github.com/proftpd/proftpd/issues/656)
- autoconf always failed to detect support for FIPS
(https://github.com/proftpd/proftpd/issues/660)
- SFTP connections failed when using "arcfour256" cipher
(https://github.com/proftpd/proftpd/issues/663)
- mod_auth_otp failed to build with OpenSSL 1.1.x
(http://bugs.proftpd.org/show_bug.cgi?id=4335)
- scp broken on FreeBSD 11 (http://bugs.proftpd.org/show_bug.cgi?id=4341)
- Update mod_sftp to handle changed APIs in OpenSSL 1.1.x releases
(https://github.com/proftpd/proftpd/issues/674)
- Infinite loop possible in mod_sftp's set_sftphostkey() function
(http://bugs.proftpd.org/show_bug.cgi?id=4356)
- Some ASCII text files corrupted when downloading
(http://bugs.proftpd.org/show_bug.cgi?id=4352)
- Properly use the --includedir, --libdir configure variables in the
generated proftpd.pc pkgconfig file
(https://github.com/proftpd/proftpd/issues/797)
- Reading invalid SSH key from database resulted in unexpected/unlogged
disconnect failures (http://bugs.proftpd.org/show_bug.cgi?id=4350)
- Symlink navigation broken after 1.3.6 update
(http://bugs.proftpd.org/show_bug.cgi?id=4332)
- Unable to connect to ProFTPD using TLSSessionTickets and TLSv1.3
(https://github.com/proftpd/proftpd/issues/795)
- SITE CPFR/CPTO did not honor <Limit> configurations
(http://bugs.proftpd.org/show_bug.cgi?id=4372)
- Using "TLSProtocol SSLv23" did not enable all protocol versions
(https://github.com/proftpd/proftpd/issues/807)
* Sun Sep 15 2019 Paul Howarth <paul@city-fan.org> - 1.3.6-23
- Refactor configuration to support /etc/proftpd/conf.d configuration and use
config snippets (#1589441)
- Drop legacy GeoIP support from F-32, EL-8 onwards
http://bugs.proftpd.org/show_bug.cgi?id=4053
https://github.com/proftpd/proftpd/issues/605
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.6-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 23 2019 Paul Howarth <paul@city-fan.org> - 1.3.6-21
- An arbitrary file copy vulnerability in mod_copy in ProFTPD allowed for
remote code execution and information disclosure without authentication
(CVE-2019-12815)
http://bugs.proftpd.org/show_bug.cgi?id=4372
https://github.com/proftpd/proftpd/pull/816
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.6-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1.3.6-19
- Rebuilt for libcrypt.so.2 (#1666033)
* Thu Sep 06 2018 Paul Howarth <paul@city-fan.org> - 1.3.6-18
- Switch from postgresql-devel to libpq-devel from Fedora 30 onwards
* Fri Aug 24 2018 Paul Howarth <paul@city-fan.org> - 1.3.6-17
- Fix infinite loop possible in mod_sftp's set_sftphostkey() function, by
actually iterating properly for the next configuration record
http://bugs.proftpd.org/show_bug.cgi?id=4356
https://github.com/proftpd/proftpd/pull/736
|