SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for proftpd-mysql-1.3.6e-1.fc32.x86_64.rpm :

* Tue Jul 21 2020 Paul Howarth - 1.3.6e-1- Update to 1.3.6e - Fixed null pointer dereference in mod_sftp when using SCP incorrectly (https://github.com/proftpd/proftpd/issues/1043)
* Sun May 31 2020 Paul Howarth - 1.3.6d-1- Update to 1.3.6d - Fixed issue with FTPS uploads of large files using TLSv1.3 (https://github.com/proftpd/proftpd/issues/959) - Fixed regression in the handling of \'%{env:...}\' configuration variables when the environment variable is not present (https://github.com/proftpd/proftpd/issues/857) - Second LIST of the same symlink shows different results (https://github.com/proftpd/proftpd/issues/940) - mod_sftp sends broken response when CREATETIME attribute is requested (https://github.com/proftpd/proftpd/issues/980) - Handle zero-length SFTP WRITE requests without error (http://bugs.proftpd.org/show_bug.cgi?id=4398) - PidFile should not be world-writable (https://github.com/proftpd/proftpd/issues/1018) - TLSv1.3 handshake fails due to missing session ticket key on some systems (https://github.com/proftpd/proftpd/issues/1014) - Lowercased FTP commands not properly identified (https://github.com/proftpd/proftpd/issues/1023)- Own directory %{_sysconfdir}/logrotate.d
* Wed Feb 19 2020 Paul Howarth - 1.3.6c-1- Update to 1.3.6c - Use-after-free vulnerability in memory pools during data transfer (CVE-2020-9273, https://github.com/proftpd/proftpd/issues/903) - Fix mod_tls compilation with LibreSSL 2.9.x (https://github.com/proftpd/proftpd/issues/810) - MaxClientsPerUser was not enforced for SFTP logins when mod_digest was enabled (https://github.com/proftpd/proftpd/issues/750) - mod_sftp now handles an OpenSSH-specific private key format; it detects such keys, and logs a hint about reformatting them to a supported format (https://github.com/proftpd/proftpd/issues/793) - Directory listing was slower compared to previous ProFTPD versions (https://github.com/proftpd/proftpd/issues/793) - mod_sftp crashed when using pubkey-auth with DSA keys (https://github.com/proftpd/proftpd/issues/866) - Fix improper handling of TLS CRL lookups (CVE-2019-19269, CVE-2019-19270, https://github.com/proftpd/proftpd/issues/859) - Leaking PAM handler and data in case of unsuccessful authentication (https://github.com/proftpd/proftpd/issues/870) - SSH authentication failed for many clients due to receiving of SSH_MSG_IGNORE packet (http://bugs.proftpd.org/show_bug.cgi?id=4385) - SFTP publickey authentication failed unexpectedly when user had no shadow password info. (https://github.com/proftpd/proftpd/issues/890) - ftpasswd failed to restore password file permissions in some cases (https://github.com/proftpd/proftpd/issues/898) - Out-of-bounds read in mod_cap getstateflags() function; this has been addressed by updating the bundled version of libcap (CVE-2020-9272, https://github.com/proftpd/proftpd/issues/902) Note that this build of ProFTPD uses the system version of libcap and not the bundled version, and is not vulnerable to this issue
* Thu Jan 30 2020 Fedora Release Engineering - 1.3.6b-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jan 22 2020 Paul Howarth - 1.3.6b-3- Fix API tests compile failure with GCC 10 https://github.com/proftpd/proftpd/pull/886- mod_sftp: When handling the \'keyboard-interactive\' authentication mechanism, as used for (e.g.) PAM, make sure to properly handle DEBUG, IGNORE, DISCONNECT, and UNIMPLEMENTED messages, per RFC 4253 (http://bugs.proftpd.org/show_bug.cgi?id=4385)
* Fri Nov 29 2019 Paul Howarth - 1.3.6b-2- Fix handling of CRL lookups by properly using issuer for lookups, and guarding against null pointers (GH#859, GH#861, CVE-2019-19269, CVE-2019-19270)
* Sun Oct 20 2019 Paul Howarth - 1.3.6b-1- Update to 1.3.6b - Fixed pre-authentication remote denial-of-service issue (CVE-2019-18217, https://github.com/proftpd/proftpd/issues/846)
* Sun Oct 13 2019 Paul Howarth - 1.3.6a-1- Update to 1.3.6a - Configure script wrongly detected AIX lastlog functions (http://bugs.proftpd.org/show_bug.cgi?id=4304) - AllowChrootSymlinks off could cause login failures depending on filesystem permissions (http://bugs.proftpd.org/show_bug.cgi?id=4306) - mod_ctrls: error: unable to bind to local socket: Address already in use (https://github.com/proftpd/proftpd/issues/501) - Failed to handle multiple %{env:...} variables in single word in configuration (https://github.com/proftpd/proftpd/issues/507) - mod_sftp failed to check shadow password information when publickey authentication used (http://bugs.proftpd.org/show_bug.cgi?id=4308) - Use of \"AllowEmptyPasswords off\" broke SFTP/SCP logins (http://bugs.proftpd.org/show_bug.cgi?id=4309) - Use of mod_facl as static module caused ProFTPD to die on SIGHUP/restart (http://bugs.proftpd.org/show_bug.cgi?id=4310) - Use of curve25519-sha256AATTlibssh.org SSH2 key exchange sometimes failed (https://github.com/proftpd/proftpd/issues/556) - Close extra file descriptors at startup (http://bugs.proftpd.org/show_bug.cgi?id=4312) - with AuthAliasOnly in effect did not work as expected (http://bugs.proftpd.org/show_bug.cgi?id=4314) - CreateHome NoRootPrivs only worked partially (https://github.com/proftpd/proftpd/issues/568) - SFTP OPEN response included attribute flags that are not actually provided (https://github.com/proftpd/proftpd/issues/578) - Truncation of file while being downloaded with sendfile enabled caused timeouts due to infinite loop (http://bugs.proftpd.org/show_bug.cgi?id=4318) - FTP uploads frequently broke due to \"Interrupted system call\" error (http://bugs.proftpd.org/show_bug.cgi?id=4319) - Site-to-site transfers over TLS failed (https://github.com/proftpd/proftpd/issues/618) - Can\'t see symlinks using any FTP client when using MLSD (http://bugs.proftpd.org/show_bug.cgi?id=4322) - mod_tls 1.3.6 failed to compile using OpenSSL 0.9.8e (http://bugs.proftpd.org/show_bug.cgi?id=4325) - Using MaxClientsPerHost 1 in section denied logins (http://bugs.proftpd.org/show_bug.cgi?id=4326) - SQLNamedConnectInfo with different backend database did not work properly (https://github.com/proftpd/proftpd/issues/642) - Segfault with mod_sftp+mod_sftp_pam after successful authentication using keyboard-interactive method (https://github.com/proftpd/proftpd/issues/656) - autoconf always failed to detect support for FIPS (https://github.com/proftpd/proftpd/issues/660) - SFTP connections failed when using \"arcfour256\" cipher (https://github.com/proftpd/proftpd/issues/663) - mod_auth_otp failed to build with OpenSSL 1.1.x (http://bugs.proftpd.org/show_bug.cgi?id=4335) - scp broken on FreeBSD 11 (http://bugs.proftpd.org/show_bug.cgi?id=4341) - Update mod_sftp to handle changed APIs in OpenSSL 1.1.x releases (https://github.com/proftpd/proftpd/issues/674) - Infinite loop possible in mod_sftp\'s set_sftphostkey() function (http://bugs.proftpd.org/show_bug.cgi?id=4356) - Some ASCII text files corrupted when downloading (http://bugs.proftpd.org/show_bug.cgi?id=4352) - Properly use the --includedir, --libdir configure variables in the generated proftpd.pc pkgconfig file (https://github.com/proftpd/proftpd/issues/797) - Reading invalid SSH key from database resulted in unexpected/unlogged disconnect failures (http://bugs.proftpd.org/show_bug.cgi?id=4350) - Symlink navigation broken after 1.3.6 update (http://bugs.proftpd.org/show_bug.cgi?id=4332) - Unable to connect to ProFTPD using TLSSessionTickets and TLSv1.3 (https://github.com/proftpd/proftpd/issues/795) - SITE CPFR/CPTO did not honor configurations (http://bugs.proftpd.org/show_bug.cgi?id=4372) - Using \"TLSProtocol SSLv23\" did not enable all protocol versions (https://github.com/proftpd/proftpd/issues/807)
* Sun Sep 15 2019 Paul Howarth - 1.3.6-23- Refactor configuration to support /etc/proftpd/conf.d configuration and use config snippets (#1589441)- Drop legacy GeoIP support from F-32, EL-8 onwards http://bugs.proftpd.org/show_bug.cgi?id=4053 https://github.com/proftpd/proftpd/issues/605
* Fri Jul 26 2019 Fedora Release Engineering - 1.3.6-22- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 23 2019 Paul Howarth - 1.3.6-21- An arbitrary file copy vulnerability in mod_copy in ProFTPD allowed for remote code execution and information disclosure without authentication (CVE-2019-12815) http://bugs.proftpd.org/show_bug.cgi?id=4372 https://github.com/proftpd/proftpd/pull/816
* Sat Feb 02 2019 Fedora Release Engineering - 1.3.6-20- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser - 1.3.6-19- Rebuilt for libcrypt.so.2 (#1666033)
* Thu Sep 06 2018 Paul Howarth - 1.3.6-18- Switch from postgresql-devel to libpq-devel from Fedora 30 onwards
* Fri Aug 24 2018 Paul Howarth - 1.3.6-17- Fix infinite loop possible in mod_sftp\'s set_sftphostkey() function, by actually iterating properly for the next configuration record http://bugs.proftpd.org/show_bug.cgi?id=4356 https://github.com/proftpd/proftpd/pull/736
  
ICM