File proftpd.changes of Package proftpd
-------------------------------------------------------------------
Wed Feb 11 12:27:37 UTC 2026 - Peter Simons <psimons@suse.com>
- Removed "ProtectSystem=full" from proftpd.service. That directive
prevents proftpd from writing to the /usr directory hierarchy,
which means that logged-in and properly authorized FTP users
cannot upload files or create directories there either. This is
not what system administrators who set up FTP access for local
users expect and it's inconsistent with how others FTP servers
like vsftpd are configured by default. [bsc#1256827]
-------------------------------------------------------------------
Tue Jul 22 08:28:53 UTC 2025 - Peter Simons <psimons@suse.com>
- Explicitly list all installed proftpd modules in the %files
section (rather than using a catch-all glob) to make sure we
notice when changes to the package break the installation of any
of those modules -- as has happened in bsc#1246853.
-------------------------------------------------------------------
Fri Jun 13 13:11:39 UTC 2025 - chris@computersalat.de
- switch to _service file
* Add _service
* Remove proftpd-1.3.9.tar.gz
* Remove proftpd-1.3.9.tar.gz.asc
- rename patches
* proftpd-basic.conf.patch -> proftpd_basic.conf.patch
* proftpd-dist.patch -> proftpd_dist.patch
* proftpd-ftpasswd.patch -> proftpd_ftpasswd.patch
* proftpd-no_BuildDate.patch -> proftpd_no-BuildDate.patch
* proftpd-strip.patch -> proftpd_strip.patch
- Update proftpd.service file
- cleanup spec
* Remove SysVinit stuff
- Remove proftpd.init file
-------------------------------------------------------------------
Fri Jun 13 09:46:29 UTC 2025 - chris@computersalat.de
- 1.3.9 - Released 14-Mar-2025
* http://proftpd.org/docs/NEWS-1.3.9
- rebase patches
* harden_proftpd.service.patch
* proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Thu Jun 12 12:51:04 UTC 2025 - chris@computersalat.de
- 1.3.8d - Released 14-Mar-2025
* http://proftpd.org/docs/NEWS-1.3.8d
- rebase patch
* proftpd-no_BuildDate.patch
- remove obsolete patch
* proftpd-null_pointer.patch
-------------------------------------------------------------------
Fri Mar 14 15:16:10 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
- build with pcre2
-------------------------------------------------------------------
Thu Feb 20 09:05:57 UTC 2025 - chris@computersalat.de
- fix for boo#1236889 (CVE-2024-57392)
https://github.com/proftpd/proftpd/issues/1866
Some of the fuzzing tests submitted in the advisory ran into existing null
pointer dereferences (not buffer overflows); let's correct them.
- Add proftpd-null_pointer.patch
-------------------------------------------------------------------
Thu Jan 9 17:25:19 UTC 2025 - chris@computersalat.de
- 1.3.8c - Released 11-Dec-2024
fix for boo#1233997 (CVE-2024-48651)
* http://proftpd.org/docs/NEWS-1.3.8c
gh#1830 - Supplemental group inheritance grants unintended access to GID 0
due to lack of supplemental groups from mod_sql
https://github.com/proftpd/proftpd/issues/1830
- rebase patch
* proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Thu Feb 29 14:45:47 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
-------------------------------------------------------------------
Wed Jan 3 14:44:02 UTC 2024 - chris@computersalat.de
- Update changes file
* add missing boo#1218144 (CVE-2023-48795) info
* add missing CVE-2023-51713 info
-------------------------------------------------------------------
Wed Dec 27 21:52:11 UTC 2023 - chris@computersalat.de
- 1.3.8b - Released 19-Dec-2023
fix for boo#1218144 (CVE-2023-48795)
* http://proftpd.org/docs/NEWS-1.3.8b
* Implemented mitigations for "Terrapin" SSH attack (CVE-2023-48795).
- rebase patch
* proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Thu Nov 2 16:24:34 UTC 2023 - chris@computersalat.de
- 1.3.8a - Released 08-Oct-2023
fix for boo#1218344 (CVE-2023-51713):
gh#1683 - Out-of-bounds buffer read when handling FTP commands.
https://github.com/proftpd/proftpd/issues/1683
* http://proftpd.org/docs/NEWS-1.3.8a
* Fixed builds when using OpenSSL 3.x
-------------------------------------------------------------------
Wed Jan 25 21:05:11 UTC 2023 - chris@computersalat.de
- 1.3.7f - Released 04-Dec-2022
* Issue 1533 - mod_tls module unexpectedly allows TLS handshake after
authentication in some configurations.
* Bug 4491 - unable to verify signed data: signature type 'rsa-sha2-512' does
not match publickey algorithm 'ssh-rsa'.
-------------------------------------------------------------------
Mon Jan 16 10:43:46 UTC 2023 - Stefan Schubert <schubi@suse.com>
- Migration of PAM settings to /usr/lib/pam.d.
-------------------------------------------------------------------
Thu Sep 1 19:28:50 UTC 2022 - chris@computersalat.de
- Update proftpd-basic.conf.patch
* remove obsolete config option, LoginPasswordPrompt
- rework proftpd-dist.patch
-------------------------------------------------------------------
Tue Aug 9 16:37:52 UTC 2022 - chris@computersalat.de
- 1.3.7e - Released 23-Jul-2022
* Issue 1448 - Ensure that mod_sftp algorithms work properly with OpenSSL 3.x.
- 1.3.7d - Released 23-Apr-2022
* Issue 1321 - Crash with long lines in AuthGroupFile due to large realloc(3).
* Issue 1325 - NLST does not behave consistently for relative paths.
* Issue 1346 - Implement AllowForeignAddress class matching for passive data
transfers.
* Bug 4467 - DeleteAbortedStores removes successfully transferred files
unexpectedly.
* Issue 1401 - Keepalive socket options should be set using IPPROTO_TCP, not
SOL_SOCKET.
* Issue 1402 - TCP keepalive SocketOptions should apply to control as well as
data connection.
* Issue 1396 - ProFTPD always uses the same PassivePorts port for first
transfer.
* Issue 1369 - Name-based virtual hosts not working as expected after upgrade
from 1.3.7a to 1.3.7b.
- rebase proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Sun Mar 27 13:17:21 UTC 2022 - chris@computersalat.de
- fix deps for SLES
-------------------------------------------------------------------
Sat Mar 26 16:41:02 UTC 2022 - chris@computersalat.de
- remove configure --disable-static
-------------------------------------------------------------------
Tue Mar 1 18:37:02 UTC 2022 - chris@computersalat.de
- Update to version 1.3.7c:
* http://proftpd.org/docs/NEWS-1.3.7c
* http://proftpd.org/docs/RELEASE_NOTES-1.3.7c
- Update patches
* harden_proftpd.service.patch
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
* proftpd.spec
* proftpd_env-script-interpreter.patch
-------------------------------------------------------------------
Wed Oct 20 13:16:36 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_proftpd.service.patch
Modified:
* proftpd.service
-------------------------------------------------------------------
Thu Nov 19 14:16:47 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.3.6e:
+ Invalid SCP command leads to null pointer dereference.
- Do not limit to openSSL < 1.1: proftpd has had support for
openSSL 1.1 sice version 1.3.6a.
- Rebase proftpd-no_BuildDate.patch.
-------------------------------------------------------------------
Fri Jun 5 11:02:29 UTC 2020 - chris@computersalat.de
- update to 1.3.6d
* Issue 857 - Fixed regression in the handling of `%{env:...}` configuration
variables when the environment variable is not present.
* Issue 940 - Second LIST of the same symlink shows different results.
* Issue 959 - FTPS uploads using TLSv1.3 are likely to fail unexpectedly.
* Issue 980 - mod_sftp sends broken response when CREATETIME attribute is
requested.
* Bug 4398 - Handle zero-length SFTP WRITE requests without error.
* Issue 1018 - PidFile should not be world-writable.
* Issue 1014 - TLSv1.3 handshake fails due to missing session ticket key on
some systems.
* Issue 1023 - Lowercased FTP commands not properly identified.
- rebase proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Mon Feb 24 17:06:07 UTC 2020 - chris@computersalat.de
- fix for boo#1164572 (CVE-2020-9272, gh#902)
- fix for boo#1164574 (CVE-2020-9273, gh#903)
- update to 1.3.6c
* Fixed regression in directory listing latency (Issue #863).
* Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for
converting them to supported format.
* Fixed use-after-free vulnerability during data transfers (Issue #903).
* Fixed out-of-bounds read in mod_cap by updating the bundled libcap
(Issue #902).
- remove obsolete proftpd-tls-crls-issue859.patch
- rebase patches
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
* proftpd_env-script-interpreter.patch
-------------------------------------------------------------------
Sat Feb 1 17:25:05 UTC 2020 - chris@computersalat.de
- cleanup tls.template
* remove deprecated NoCertRequest from TLSOptions
-------------------------------------------------------------------
Sat Dec 28 20:45:30 UTC 2019 - chris@computersalat.de
- fix changes file
* add missing info about boo#1155834
* add missing info about boo#1154600
- fix for boo#1156210
* GeoIP has been discontinued by Maxmind
* remove module build for geoip
see https://support.maxmind.com/geolite-legacy-discontinuation-notice/
- fix for boo#1157803 (CVE-2019-19269), boo#1157798 (CVE-2019-19270)
* add upstream patch proftpd-tls-crls-issue859.patch
-------------------------------------------------------------------
Sun Nov 3 22:25:28 UTC 2019 - chris@computersalat.de
- fix for boo#1154600 (CVE-2019-18217, gh#846)
- update to 1.3.6b
* Fixed pre-authentication remote denial-of-service issue (Issue #846).
* Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824).
- update to 1.3.6a
* Fixed symlink navigation (Bug#4332).
* Fixed building of mod_sftp using OpenSSL 1.1.x releases (Issue#674).
* Fixed SITE COPY honoring of <Limit> restrictions (Bug#4372).
* Fixed segfault on login when using mod_sftp + mod_sftp_pam (Issue#656).
* Fixed restarts when using mod_facl as a static module
- remove obsolete proftpd-CVE-2019-12815.patch
* included in 1.3.6a (Bug#4372)
- add proftpd_env-script-interpreter.patch
* RPMLINT fix for env-script-interpreter (Badness: 9)
-------------------------------------------------------------------
Sat Nov 2 18:12:51 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- fix for boo#1155834
* Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed
* Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed
-------------------------------------------------------------------
Wed Oct 2 15:01:11 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
- Update proftpd-dist.patch to use pam_keyinit.so (boo#1144056)
-------------------------------------------------------------------
Fri Aug 2 14:52:48 UTC 2019 - chris@computersalat.de
- fix for boo#1142281 (CVE-2019-12815, bpo#4372)
arbitrary file copy in mod_copy allows for remote code execution
and information disclosure without authentication
- add patch
* proftpd-CVE-2019-12815.patch
taken from:
- http://bugs.proftpd.org/show_bug.cgi?id=4372
- https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3
-------------------------------------------------------------------
Mon Jul 1 13:50:01 UTC 2019 - chris@computersalat.de
- update changes file
* add missing info about bugzilla 1113041
-------------------------------------------------------------------
Tue Mar 26 11:35:53 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Fix the Factory build: select the appropriate OpenSSL version
to build with. (fix for boo#1113041)
-------------------------------------------------------------------
Wed Mar 20 18:46:47 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Reduce hard dependency on systemd to only that which is
necessary for building and installation.
- Modernize RPM macro use (%make_install, %tmpfiles_create).
- Strip emphasis from description and trim other platform mentions.
-------------------------------------------------------------------
Wed Jul 11 08:05:29 UTC 2018 - chris@computersalat.de
- update to 1.3.6
* Support for using Redis for caching, logging; see the doc/howto/Redis.html
documentation.
* Fixed mod_sql_postgres SSL support (Issue #415).
* Support building against LibreSSL instead of OpenSSL (Issue #361).
* Better support on AIX for login restraictions (Bug #4285).
* TimeoutLogin (and other timeouts) were not working properly for SFTP
connections (Bug#4299).
* Handling of the SIGILL and SIGINT signals, by the daemon process, now causes
the child processes to be terminated as well (Issue #461).
* RPM .spec file naming changed to conform to Fedora guidelines.
* Fix for "AllowChrootSymlinks off" checking each component for symlinks
(CVE-2017-7418).
-New Modules:
* mod_redis, mod_tls_redis, mod_wrap2_redis
With Redis now supported as a caching mechanism, similar to Memcache,
there are now Redis-using modules: mod_redis (for configuring the Redis
connection information), mod_tls_redis (for caching SSL sessions and
OCSP information using Redis), and mod_wrap2_redis (for using ACLs stored
in Redis).
-Changed Modules:
* mod_ban
The mod_ban module's BanCache directive can now use Redis-based caching;
see doc/contrib/mod_ban.html#BanCache.
-New Configuration Directives
* SQLPasswordArgon2, SQLPasswordScrypt
The key lengths for Argon2 and Scrypt-based passwords are now configurable
via these new directives; previously, the key length had been hardcoded
to be 32 bytes, which is not interoperable with all other implementations
(Issue #454).
-Changed Configuration Directives
* AllowChrootSymlinks
When "AllowChrootSymlinks off" was used, only the last portion of the
DefaultRoot path would be checked to see if it was a symlink. Now,
each component of the DefaultRoot path will be checked to see if it is
a symlink when "AllowChrootSymlinks off" is used.
* Include
The Include directive can now be used within a <Limit> section, e.g.:
<Limit LOGIN>
Include /path/to/allowed.txt
DenyAll
</Limit>
-API Changes
* A new JSON API has been added, for use by third-party modules.
- remove obsolete proftpd_include-in-limit-section.patch
- rebase patches
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Tue Jul 10 11:57:58 UTC 2018 - chris@computersalat.de
- update to 1.3.5e
* Fixed SFTP issue with umac-64@openssh.com digest/MAC.
* Fixed regression with mod_sftp rekeying.
* Backported fix for "AllowChrootSymlinks off" checking each component
for symlinks (CVE-2017-7418).
- remove obsolete patch
* proftpd-AllowChrootSymlinks.patch (now included)
- rebase patches
* proftpd-dist.patch
* proftpd-no_BuildDate.patch
* proftpd_include-in-limit-section.patch
-------------------------------------------------------------------
Fri Jul 21 04:43:44 UTC 2017 - bwiedemann@suse.com
- Sort SHARED_MODS list to fix build compare (boo#1041090)
-------------------------------------------------------------------
Fri Jun 16 08:28:42 UTC 2017 - nmoudra@suse.com
- Removed xinetd service
-------------------------------------------------------------------
Fri Apr 7 20:49:37 UTC 2017 - chris@computersalat.de
- fix for boo#1032443 (CVE-2017-7418)
* AllowChrootSymlinks not enforced by replacing a path component
with a symbolic link
* add upstream commit (ecff21e0d0e84f35c299ef91d7fda088e516d4ed)
as proftpd-AllowChrootSymlinks.patch
- fix proftpd-tls.template
* reduce TLS protocols to TLSv1.1 and TLSv1.2
* disable TLSCACertificateFile
* add TLSCertificateChainFile
-------------------------------------------------------------------
Thu Mar 23 15:05:22 UTC 2017 - jengelh@inai.de
- Remove --with-pic, there are no static libs.
- Replace %__-type macro indirections.
- Replace old $RPM shell vars by macros.
-------------------------------------------------------------------
Mon Mar 6 22:32:07 UTC 2017 - chris@computersalat.de
- fix and update proftpd-basic.conf.patch
- add some sample config and templates for tls
* proftpd-tls.template
* proftpd-limit.conf
* proftpd-ssl.README
-------------------------------------------------------------------
Sun Feb 5 20:03:18 UTC 2017 - chris@computersalat.de
- backport upstream feature
* include-in-limit-section (gh#410)
* add proftpd_include-in-limit-section.patch
-------------------------------------------------------------------
Tue Jan 17 19:53:55 UTC 2017 - chris@computersalat.de
- update to 1.3.5d
* gh#4283 - All FTP logins treated as anonymous logins again. This is a
regression of gh#3307.
-------------------------------------------------------------------
Sun Jan 15 21:01:43 UTC 2017 - chris@computersalat.de
- update to 1.3.5c
* SSH rekey during authentication can cause issues with clients.
* Recursive SCP uploads of multiple directories not handled properly.
* LIST returns different results for file, depending on path syntax.
* "AuthAliasOnly on" in server config breaks anonymous logins.
* CapabilitiesEngine directive not honored for <IfUser>/<IfGroup>
sections.
* Support OpenSSL 1.1.x API.
* Memory leak when mod_facl is used.
-rebase proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Sat Aug 27 22:42:48 UTC 2016 - chris@computersalat.de
- fix systemd vs SysVinit
-------------------------------------------------------------------
Sun May 8 22:05:07 UTC 2016 - jengelh@inai.de
- Remove redundant spec sections
- Ensure systemd-tmpfiles is called for the provied config file
-------------------------------------------------------------------
Sun May 8 19:25:45 UTC 2016 - chris@computersalat.de
- fix for boo#970890 (CVE-2016-3125)
- update to 1.3.5b:
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b
* SSH RSA hostkeys smaller than 2048 bits now work properly.
* MLSD response lines are now properly CRLF terminated.
* Fixed selection of DH groups from TLSDHParamFile.
- rebase proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Sun May 31 18:54:45 UTC 2015 - chris@computersalat.de
- fix for boo#927290 (CVE-2015-3306)
- update to 1.3.5a:
See http://www.proftpd.org/docs/NEWS-1.3.5a
- rebase patches
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
- remove gpg-offline dependency
- fix permissions on passwd file
* unable to use world-readable AuthUserFile '.../passwd' (perms 0644):
* 0644 -> 0440
-------------------------------------------------------------------
Mon Sep 1 22:04:02 UTC 2014 - andreas.stieger@gmx.de
- ProFTPD 1.3.5
* Added support for SHA-256, SHA-512 password hashes to the ftpasswd tool
* New Modules
mod_geoip, mod_log_forensic, mod_rlimit, mod_snmp, mod_dnsbl
* mod_sftp now supports ECC, ECDSA, ECDH
* Improved FIPS support in mod_sftp.
* mod_sftp module now honors the MaxStoreFileSize directive.
* Many new and changed configuration directives
- update proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Mon Sep 1 19:00:57 UTC 2014 - andreas.stieger@gmx.de
- proftpd 1.3.4e:
Multiple other backported fix from the 1.3.5 branch.
See http://www.proftpd.org/docs/NEWS-1.3.4e
- The fix for the mod_sftp/mod_sftp_pam memory allocation
(CVE-2013-4359) contained in this release was previously patched
into the package.
- adjust proftpd-no_BuildDate.patch for context changes
- remove proftpd-sftp-kbdint-max-responses-bug3973.patch, upstream
-------------------------------------------------------------------
Tue Mar 25 19:56:04 UTC 2014 - crrodriguez@opensuse.org
- Remove tcpd-devel from buildRequires and mod_wrap.
support for tcp_wrappers style /etc/hosts.* is provided
by mod_wrap2_file instead, the latter does not require tcpd.
-------------------------------------------------------------------
Mon Mar 17 18:38:53 UTC 2014 - chris@computersalat.de
- fix for bnc#844183
* proftpd fails to start due to missing /run/proftpd
- add own tmpfiles.d file
* proftpd.tmpfile
-------------------------------------------------------------------
Thu Oct 3 20:48:44 UTC 2013 - chris@computersalat.de
- update to 1.3.4d
* Fixed broken build when using --disable-ipv6 configure option
* Fixed mod_sql "SQLAuthType Backend" MySQL issues
- fix for bnc#843444 (CVE-2013-4359)
* http://bugs.proftpd.org/show_bug.cgi?id=3973
* add proftpd-sftp-kbdint-max-responses-bug3973.patch
-------------------------------------------------------------------
Mon Jul 29 01:12:53 UTC 2013 - crrodriguez@opensuse.org
- Improve systemd service file
- use upstream tmpfiles.d file. related to [bnc#811793]
- Use /run instead of /var/run
-------------------------------------------------------------------
Wed May 1 20:35:19 UTC 2013 - chris@computersalat.de
- update to 1.3.4c
* Added Spanish translation.
* Fixed several mod_sftp issues, including SFTPPassPhraseProvider,
handling of symlinks for REALPATH requests, and response code logging.
* Fixed symlink race for creating directories when UserOwner is in effect.
* Increased performance of FTP directory listings.
- rebase and rename patches (remove version string)
* proftpd-1.3.4a-dist.patch -> proftpd-dist.patch
* proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch
* proftpd-1.3.4a-strip.patch -> proftpd-strip.patch
-------------------------------------------------------------------
Fri Feb 8 00:19:19 UTC 2013 - chris@computersalat.de
- fix proftpd.conf (rebase basic.conf patch)
* IdentLookups is now a seperate module
<IfModule mod_ident.c> IdentLookups on/off </IfModule>
is needed and module is not built cause crrodriguez disabled it.
-------------------------------------------------------------------
Thu Nov 29 19:03:00 CET 2012 - sbrabec@suse.cz
- Verify GPG signature.
-------------------------------------------------------------------
Fri Nov 2 15:15:25 UTC 2012 - chris@computersalat.de
- fix for bnc#787884
(https://bugzilla.novell.com/show_bug.cgi?id=787884)
* added extra Source proftpd.conf.tmpfile
-------------------------------------------------------------------
Thu Aug 30 17:33:30 UTC 2012 - crrodriguez@opensuse.org
- Disable ident lookups, this protocol is totally obsolete
and dangerous. (add --disable-ident)
- Fix debug info generation ( add --disable-strip)
-------------------------------------------------------------------
Wed Aug 29 21:51:49 UTC 2012 - crrodriguez@opensuse.org
- Add systemd unit
-------------------------------------------------------------------
Tue Aug 14 11:11:28 UTC 2012 - chris@computersalat.de
- update to 1.3.4b
+ Fixed mod_ldap segfault on login when LDAPUsers with no filters used.
+ Fixed sporadic SFTP upload issues for large files.
+ Fixed SSH2 handling for some clients (e.g. OpenVMS).
+ New FactsOptions directive; see doc/modules/mod_facts.html#FactsOptions
+ Fixed build errors on Tru64, AIX, Cygwin.
- add Source Signatuire (.asc) file
- add noBuildDate patch
- add lang pkg
* --enable-nls
- add configure option
* --enable-openssl, --with-lastlog
-------------------------------------------------------------------
Mon Dec 12 15:00:18 UTC 2011 - chris@computersalat.de
- update to 1.3.4a
+ Fixed mod_load/mod_wrap2 build issues.
- 1.3.4
+ New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation
for details.
+ Improved configure script for cross-compiling.
+ Reworked the proftpd.spec RPM file
+ Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD.
+ New "IgnoreSFTPSetTimes" SFTPOption added; see the SFTPOptions
documentation for details.
+ Fixed response pool use-after-free issue.
- for more info please see the RELEASE_NOTES file
- reworked patches
* now p0 patches
-------------------------------------------------------------------
Fri Nov 18 14:56:41 UTC 2011 - chris@computersalat.de
- fix for bnc#731347
* no (hostname -s) in post section
* reworked basic conf patch
-------------------------------------------------------------------
Fri Nov 11 13:13:57 UTC 2011 - chris@computersalat.de
- fix changelog
* RELEASE_NOTES-1.3.3g is lacking of important info
- fix for CVE-2011-4130 (bnc#729830)
* https://bugzilla.novell.com/show_bug.cgi?id=729830
(upstream) http://bugs.proftpd.org/show_bug.cgi?id=3711
=> fixed with version 1.3.3g
-------------------------------------------------------------------
Thu Nov 10 09:39:36 UTC 2011 - chris@computersalat.de
- update to 1.3.3g
(http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3g)
+ New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation
for details.
+ Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD.
(http://www.proftpd.org/docs/NEWS-1.3.3g)
- Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD.
- Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks.
To disable this countermeasure, which may cause interoperability issues
with some clients, use the NoEmptyFragments TLSOption.
- Bug 3711 - Response pool use-after-free memory corruption error.
-------------------------------------------------------------------
Tue Oct 4 22:03:10 UTC 2011 - chris@computersalat.de
- update to 1.3.3f
+ Fixes segfault if mod_sql_mysql and "SQLAuthenticate groupsetfast"
configuration used.
+ Fixes mod_wrap syslog level (regression from Bug#3317).
+ Fixes mod_ifsession segfault if regular expression patterns used in
a <VirtualHost> section.
-------------------------------------------------------------------
Fri Apr 29 11:18:55 UTC 2011 - chris@computersalat.de
- push to Factory
o fix changelog (not in sequence)
o fix license (GPL -> GPLv2+)
o remove Author from description
o remove obsolete extra source proftpd.conf
-------------------------------------------------------------------
Fri Apr 8 22:08:55 UTC 2011 - chris@computersalat.de
- update to 1.3.3e
+ Display messages work properly again.
+ Fixes plaintext command injection vulnerability in FTPS implementation
(i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for
details.
+ Fixes CVE-2011-1137 (badly formed SSH messages cause DoS). See
http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.
+ Performance improvements, especially during server startup/restarts.
-------------------------------------------------------------------
Sun Jan 30 20:40:10 UTC 2011 - chris@computersalat.de
- update to 1.3.3d
+ Fixed sql_prepare_where() buffer overflow (Bug#3536)
+ Fixed CPU spike when handling .ftpaccess files.
+ Fixed handling of SFTP uploads when compression is used.
-------------------------------------------------------------------
Fri Oct 22 23:26:10 UTC 2010 - mseben@gmail.com
- update to 1.3.3c
+ Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
+ Fixed directory traversal bug in mod_site_misc
+ Fixed SQLite authentications using "SQLAuthType Backend"
-------------------------------------------------------------------
Fri Oct 22 17:49:06 UTC 2010 - chris@computersalat.de
- clenaup spec
- fix doc pkg
o should not provide pkgconfig
-------------------------------------------------------------------
Fri Oct 15 14:13:43 UTC 2010 - chris@computersalat.de
- update to 1.3.3b
+ Fixed SFTP directory listing bug
+ Avoid corrupting utmpx databases on FreeBSD
+ Avoid null pointer dereferences during data transfers
+ Fixed "AuthAliasOnly on" anonymous logins
- rpmlint: no-pkg-config-provides
o add BuildReq pkg-config
- removed changes from spec
-------------------------------------------------------------------
Wed Jul 7 14:17:45 UTC 2010 - chris@computersalat.de
- update to 1.3.3a
+ Added Japanese translation
+ Many mod_sftp bugfixes
+ Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later
+ Fixed handling of utmp/utmpx format changes on FreeBSD
- rpmlint: self-obsoletion
-------------------------------------------------------------------
Wed May 5 14:01:02 UTC 2010 - mseben@novell.com
- fix build : dir-or-file-in-var-run badness : /var/run/proftpd dir
is marked as ghost and it is created in init script now
-------------------------------------------------------------------
Fri Apr 9 15:44:32 UTC 2010 - mseben@novell.com
- added ncurses-devel to buildrequires to fix ftptop message : "no
curses or ncurses library on this system"
-------------------------------------------------------------------
Fri Feb 26 16:01:47 UTC 2010 - chris@computersalat.de
- added info for "STABLE" versions only
-------------------------------------------------------------------
Thu Feb 25 00:14:20 UTC 2010 - chris@computersalat.de
- update to 1.3.3
o Fixed mod_ban whitelisting using mod_ifsession.
o Fixed per-user/group/class "HideFiles none" configurations.
- 1.3.3rc4
o Fixed mod_tls compilation using OpenSSL installations older
than 0.9.7.
o Fixed mod_sftp compilation on AIX.
o Fixed RADIUS authentication on 64-bit platforms
o Fixed memory leak in SCP downloads.
o New configuration directives
SQLPasswordUserSalt
The SQLPasswordUserSalt directive can be used to configure
per-user salt data to be added to the encrypted password
for a user. The salt can be the user name, or it can be
the result of a SQL query. More information can be found in
doc/contrib/mod_sql_passwd.html#SQLPasswordUserSalt.
-------------------------------------------------------------------
Wed Feb 10 16:10:32 CET 2010 - diego.ercolani@gmail.com
- update to 1.3.3rc3
- try to be compatible with osc :-)
-------------------------------------------------------------------
Sun Dec 20 19:39:10 UTC 2009 - chris@computersalat.de
- update to 1.3.2c
o Bug and regression fixes.
- removed obsolete CVE patch
-------------------------------------------------------------------
Mon Oct 26 12:35:29 UTC 2009 - mseben@novell.com
- fixed CVE-2009-3639 : mod_tls security issue (bnc#549740)
-------------------------------------------------------------------
Wed Sep 16 18:17:04 UTC 2009 - alexandre@exatati.com.br
- Update tarball to its upstream version without
bzipped patch;
- Removed blank spaces at enf of lines on spec file;
- Replaced tab characters on spec file.
-------------------------------------------------------------------
Wed Sep 16 11:20:20 UTC 2009 - chris@computersalat.de
- update to 1.3.2 (1.3.2a)
o many bugfixes, read ChangeLog or NEWS
o include 1.3.2a upstream patch
o removed old patches
* proftpd-1.3.1-umode_t.patch
* proftpd-1.3.1-O_CREAT.patch
* proftpd-1.3.1-libcap.patch
* proftpd-1.3.1-CVE-2009-0542.patch
* proftpd-1.3.1-CVE-2009-0543.patch
o reworked basic.conf.patch
- spec mods
o removed ^#-----
o removed {rel}
o clean
* rm -rf RPM_BUILD_ROOT
o added sub sqlite
- fixed deps
o BuildRequires: sqlite3-devel unixODBC-devel
- rpmlint
o description-shorter-than-summary
o source-or-patch-not-bzipped proftpd-1.3.2a.patch
-------------------------------------------------------------------
Tue Jul 7 22:21:50 CEST 2009 - chris@computersalat.de
- added proftpd.passwd
o it is an initial passwd for virtuser and
anonymous login works well with it :)
-------------------------------------------------------------------
Mon Jul 6 22:16:46 CEST 2009 - chris@computersalat.de
- added ftpasswd.patch
- rework of basic.conf patch
- removed README.AIX
-------------------------------------------------------------------
Thu Apr 16 01:54:23 CEST 2009 - chris@computersalat.de
- added basic.conf patch
- added dist.patch
o fix for xinetd, logrotate, pam
- some more subpackages
o ldap, mysql, pgsql, radius
- added ftpasswd for simple virtuser support
- added auth DIR /etc/proftpd/auth
o passwd for virtuser
- added conf.d DIR /etc/proftpd/conf.d
o configs for inclusion
- added log DIR /var/log/proftpd
- beautify init file
- beautify spec file
-------------------------------------------------------------------
Wed Feb 18 10:40:55 CET 2009 - mseben@suse.cz
- added proftpd.conf with uploads section
-------------------------------------------------------------------
Fri Feb 13 16:55:01 CET 2009 - mseben@suse.cz
- fixed sql injection vulnerability which allows remote attackers
to execute arbitrary SQL commands via a "%" character
CVE-2009-0542.patch (bnc#475316)
- fixed vulnerability which allows remote attackers to bypass SQL
injection protection mechanisms via invalid, encoded multibyte
characters CVE-2009-0543.patch (bnc#475316)
-------------------------------------------------------------------
Mon Jan 26 14:19:45 CET 2009 - mseben@suse.cz
- splitted HTML doc to proftpd-doc
- added %post and %postun macro to spec
-------------------------------------------------------------------
Thu Jan 22 13:58:33 CET 2009 - mseben@suse.cz
- fixed missing third argument in open function (*-O_CREAT.patch)
- disabled striping libraries (*-no_strip.patch)
- fixed configure script (*-umode_t.patch)
- added -DLDAP_DEPRECATED to CFLAGS because of deprecated ldap_init
function
- disabled contrib scripts for now
- fixed handling _LINUX_CAPABILITY_VERSION on newer linux kernel.
(proftpd-*-libcap.patch)
-------------------------------------------------------------------
Wed Aug 20 12:43:56 CEST 2008 - mrueckert@suse.de
- disabled debugging stuff for now
-------------------------------------------------------------------
Fri Oct 19 11:58:42 CEST 2007 - mrueckert@suse.de
- enabled missing modules (mod_ban,mod_wrap2*,mod_quota_radius)
and replaced the hardcoded value for --with-shared with a
dynamically generated list
-------------------------------------------------------------------
Sat Oct 6 03:42:39 CEST 2007 - mrueckert@suse.de
- update to 1.3.1:
Many bugfixes and new features like dynamic blacklisting of
clients, improved SQL handling, and quotas.
- added --enable-devel=coredump,nodaemon,nofork
- added devel subpackage for the headers
-------------------------------------------------------------------
Wed Nov 29 04:11:44 CET 2006 - mrueckert@suse.de
- update to 1.3.0a:
fixes a remote code execution. CVE-2006-5815
(http://bugs.proftpd.org/show_bug.cgi?id=2858)
