↵ Return to the main page of proftpd-utils
View build
Search for updates
Package Info (Data from x86_64 build)
🠗 Changelog
🠗 Dependencies
🠗 Provides
🠗 Files
Date | Author | Change |
---|---|---|
2021-09-07 | Paul Howarth <paul at city dash fan dot org> - 1.3.6e-4 | - Fix memory disclosure to RADIUS servers by mod_radius (#2001690) https://github.com/proftpd/proftpd/issues/1284 https://github.com/proftpd/proftpd/pull/1285 |
2021-06-29 | Paul Howarth <paul at city dash fan dot org> - 1.3.6e-3 | - Avoid segfaults with TLSv1.3 https://github.com/proftpd/proftpd/issues/1063 https://github.com/proftpd/proftpd/commit/adf43dd4ddaab0332e74abc86bbcef9cf27ee54a - Use %license unconditionally |
2020-11-24 | Paul Howarth <paul at city dash fan dot org> - 1.3.6e-2 | - Package mod_unique_id (#1901100) |
2020-07-21 | Paul Howarth <paul at city dash fan dot org> - 1.3.6e-1 | - Update to 1.3.6e - Fixed null pointer dereference in mod_sftp when using SCP incorrectly (https://github.com/proftpd/proftpd/issues/1043) |
2020-05-31 | Paul Howarth <paul at city dash fan dot org> - 1.3.6d-1 | - Update to 1.3.6d - Fixed issue with FTPS uploads of large files using TLSv1.3 (https://github.com/proftpd/proftpd/issues/959) - Fixed regression in the handling of '%{env:...}' configuration variables when the environment variable is not present (https://github.com/proftpd/proftpd/issues/857) - Second LIST of the same symlink shows different results (https://github.com/proftpd/proftpd/issues/940) - mod_sftp sends broken response when CREATETIME attribute is requested (https://github.com/proftpd/proftpd/issues/980) - Handle zero-length SFTP WRITE requests without error (http://bugs.proftpd.org/show_bug.cgi?id=4398) - PidFile should not be world-writable (https://github.com/proftpd/proftpd/issues/1018) - TLSv1.3 handshake fails due to missing session ticket key on some systems (https://github.com/proftpd/proftpd/issues/1014) - Lowercased FTP commands not properly identified (https://github.com/proftpd/proftpd/issues/1023) |
2020-05-09 | Paul Howarth <paul at city dash fan dot org> - 1.3.6c-3 | - Avoid duplicate hostname and timestamps in syslog (#1808989) http://bugs.proftpd.org/show_bug.cgi?id=4185 https://github.com/proftpd/proftpd/issues/1002 https://github.com/proftpd/proftpd/pull/1009 |
2020-04-20 | Paul Howarth <paul at city dash fan dot org> - 1.3.6c-2 | - Retain a memory pool after an aborted transfer so that the %{transfer-status} LogFormat functionality still works - Own directory %{_sysconfdir}/logrotate.d |
2020-02-19 | Paul Howarth <paul at city dash fan dot org> - 1.3.6c-1 | - Update to 1.3.6c - Use-after-free vulnerability in memory pools during data transfer (CVE-2020-9273, https://github.com/proftpd/proftpd/issues/903) - Fix mod_tls compilation with LibreSSL 2.9.x (https://github.com/proftpd/proftpd/issues/810) - MaxClientsPerUser was not enforced for SFTP logins when mod_digest was enabled (https://github.com/proftpd/proftpd/issues/750) - mod_sftp now handles an OpenSSH-specific private key format; it detects such keys, and logs a hint about reformatting them to a supported format (https://github.com/proftpd/proftpd/issues/793) - Directory listing was slower compared to previous ProFTPD versions (https://github.com/proftpd/proftpd/issues/793) - mod_sftp crashed when using pubkey-auth with DSA keys (https://github.com/proftpd/proftpd/issues/866) - Fix improper handling of TLS CRL lookups (CVE-2019-19269, CVE-2019-19270, https://github.com/proftpd/proftpd/issues/859) - Leaking PAM handler and data in case of unsuccessful authentication (https://github.com/proftpd/proftpd/issues/870) - SSH authentication failed for many clients due to receiving of SSH_MSG_IGNORE packet (http://bugs.proftpd.org/show_bug.cgi?id=4385) - SFTP publickey authentication failed unexpectedly when user had no shadow password info. (https://github.com/proftpd/proftpd/issues/890) - ftpasswd failed to restore password file permissions in some cases (https://github.com/proftpd/proftpd/issues/898) - Out-of-bounds read in mod_cap getstateflags() function; this has been addressed by updating the bundled version of libcap (CVE-2020-9272, https://github.com/proftpd/proftpd/issues/902) Note that this build of ProFTPD uses the system version of libcap and not the bundled version, and is not vulnerable to this issue |
2020-01-22 | Paul Howarth <paul at city dash fan dot org> - 1.3.6b-3 | - Fix API tests compile failure with GCC 10 https://github.com/proftpd/proftpd/pull/886 - mod_sftp: When handling the 'keyboard-interactive' authentication mechanism, as used for (e.g.) PAM, make sure to properly handle DEBUG, IGNORE, DISCONNECT, and UNIMPLEMENTED messages, per RFC 4253 (http://bugs.proftpd.org/show_bug.cgi?id=4385) |
2019-11-29 | Paul Howarth <paul at city dash fan dot org> - 1.3.6b-2 | - Fix handling of CRL lookups by properly using issuer for lookups, and guarding against null pointers (GH#859, GH#861, CVE-2019-19269, CVE-2019-19270) |