-
Wed Dec 27 2023 Paul Howarth <paul@city-fan.org> - 1.3.6e-6
- Fix one-byte out-of-bounds read, and daemon crash, because of mishandling of
quote/backslash semantics (#2255609, GH#1683, CVE-2023-51713)
- Use SPDX-format license tag
-
Mon Aug 01 2022 Paul Howarth <paul@city-fan.org> - 1.3.6e-5
- Fix unexpected filtering behaviour with mod_vroot (#2104972, GH#1491)
-
Tue Sep 07 2021 Paul Howarth <paul@city-fan.org> - 1.3.6e-4
- Fix memory disclosure to RADIUS servers by mod_radius (#2001690)
https://github.com/proftpd/proftpd/issues/1284
https://github.com/proftpd/proftpd/pull/1285
-
Tue Jun 29 2021 Paul Howarth <paul@city-fan.org> - 1.3.6e-3
- Avoid segfaults with TLSv1.3
https://github.com/proftpd/proftpd/issues/1063
https://github.com/proftpd/proftpd/commit/adf43dd4ddaab0332e74abc86bbcef9cf27ee54a
- Use %license unconditionally
-
Tue Nov 24 2020 Paul Howarth <paul@city-fan.org> - 1.3.6e-2
- Package mod_unique_id (#1901100)
-
Tue Jul 21 2020 Paul Howarth <paul@city-fan.org> - 1.3.6e-1
- Update to 1.3.6e
- Fixed null pointer dereference in mod_sftp when using SCP incorrectly
(https://github.com/proftpd/proftpd/issues/1043)
-
Sun May 31 2020 Paul Howarth <paul@city-fan.org> - 1.3.6d-1
- Update to 1.3.6d
- Fixed issue with FTPS uploads of large files using TLSv1.3
(https://github.com/proftpd/proftpd/issues/959)
- Fixed regression in the handling of '%{env:...}' configuration variables
when the environment variable is not present
(https://github.com/proftpd/proftpd/issues/857)
- Second LIST of the same symlink shows different results
(https://github.com/proftpd/proftpd/issues/940)
- mod_sftp sends broken response when CREATETIME attribute is requested
(https://github.com/proftpd/proftpd/issues/980)
- Handle zero-length SFTP WRITE requests without error
(http://bugs.proftpd.org/show_bug.cgi?id=4398)
- PidFile should not be world-writable
(https://github.com/proftpd/proftpd/issues/1018)
- TLSv1.3 handshake fails due to missing session ticket key on some systems
(https://github.com/proftpd/proftpd/issues/1014)
- Lowercased FTP commands not properly identified
(https://github.com/proftpd/proftpd/issues/1023)
-
Sat May 09 2020 Paul Howarth <paul@city-fan.org> - 1.3.6c-3
- Avoid duplicate hostname and timestamps in syslog (#1808989)
http://bugs.proftpd.org/show_bug.cgi?id=4185
https://github.com/proftpd/proftpd/issues/1002
https://github.com/proftpd/proftpd/pull/1009
-
Mon Apr 20 2020 Paul Howarth <paul@city-fan.org> - 1.3.6c-2
- Retain a memory pool after an aborted transfer so that the %{transfer-status}
LogFormat functionality still works
- Own directory %{_sysconfdir}/logrotate.d
-
Wed Feb 19 2020 Paul Howarth <paul@city-fan.org> - 1.3.6c-1
- Update to 1.3.6c
- Use-after-free vulnerability in memory pools during data transfer
(CVE-2020-9273, https://github.com/proftpd/proftpd/issues/903)
- Fix mod_tls compilation with LibreSSL 2.9.x
(https://github.com/proftpd/proftpd/issues/810)
- MaxClientsPerUser was not enforced for SFTP logins when mod_digest was
enabled (https://github.com/proftpd/proftpd/issues/750)
- mod_sftp now handles an OpenSSH-specific private key format; it detects
such keys, and logs a hint about reformatting them to a supported format
(https://github.com/proftpd/proftpd/issues/793)
- Directory listing was slower compared to previous ProFTPD versions
(https://github.com/proftpd/proftpd/issues/793)
- mod_sftp crashed when using pubkey-auth with DSA keys
(https://github.com/proftpd/proftpd/issues/866)
- Fix improper handling of TLS CRL lookups (CVE-2019-19269, CVE-2019-19270,
https://github.com/proftpd/proftpd/issues/859)
- Leaking PAM handler and data in case of unsuccessful authentication
(https://github.com/proftpd/proftpd/issues/870)
- SSH authentication failed for many clients due to receiving of
SSH_MSG_IGNORE packet (http://bugs.proftpd.org/show_bug.cgi?id=4385)
- SFTP publickey authentication failed unexpectedly when user had no shadow
password info. (https://github.com/proftpd/proftpd/issues/890)
- ftpasswd failed to restore password file permissions in some cases
(https://github.com/proftpd/proftpd/issues/898)
- Out-of-bounds read in mod_cap getstateflags() function; this has been
addressed by updating the bundled version of libcap
(CVE-2020-9272, https://github.com/proftpd/proftpd/issues/902)
Note that this build of ProFTPD uses the system version of libcap and not
the bundled version, and is not vulnerable to this issue