./net/proftpd, Highly configurable FTP server software

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.3.8b, Package name: proftpd-1.3.8b, Maintainer: pkgsrc-users

ProFTPD is a highly configurable ftp daemon for unix
and unix-like operating systems. ProFTPD has a Apache-like
configuration format.


Required to run:
[lang/perl5] [security/openssl]

Required to build:
[pkgtools/cwrappers]

Package options: inet6, pam

Master sites:

Filesize: 19289.852 KB

Version history: (Expand)


CVS history: (Expand)


   2023-12-29 00:01:41 by Zafer Aydogan | Files touched by this commit (1)
Log message:
remove dead sites
   2023-12-24 00:30:58 by Niclas Rosenvik | Files touched by this commit (1)
Log message:
proftpd: fix implicit declaration of memset_s to fix solaris build
mod_sftp breaks on solaris like platforms due to the declaration
of memset_s not being seen by the compiler.
Define __STDC_WANT_LIB_EXT1__ to 1 to make sure it is seen.
   2023-12-20 18:05:01 by Thomas Klausner | Files touched by this commit (16) | Package updated
Log message:
proftpd*: update to 1.3.8b

1.3.8b - Released 19-Dec-2023
--------------------------------
- Issue 1735 - Compiling ProFTPD 1.3.8a mod_sftp, mod_tls using libressl 3.7.3
  fails.
- Issue 1756 - Build system fails for specific module names.
- Issue 1760 - mod_sftp is affected by "Terrapin" Prefix Truncation \ 
Attacks in
  SSH Specification (CVE-2023-48795).

1.3.8a - Released 08-Oct-2023
--------------------------------
- Issue 1581 - mod_sftp fails to handle SFTP requests to truncate files to
  zero size.
- Issue 1584 - mod_sftp improperly handles SFTP WRITE requests for files opened
  for appending.
- Issue 1568 - Build-time detection of Linux POSIX ACL support broken since
  1.3.8rc2.
- Issue 1590 - Unable to load mod_rewrite as a dynamic module due to
  incomplete/missing library linker flags.
- Issue 1597 - <Class> section is allowed to be in <Global>, but \ 
From directive
  is not.
- Issue 1617 - ExtendedLog SSH, SFTP classes not working as expected.
- Issue 1646 - mod_sftp does not handle multiple concurrent open file
  handles/transfers well for logging.
- Issue 1679 - "TLSRequired off" plus Protocols directive causes mod_tls to
  terminate the session abruptly.
- Issue 1689 - mod_tls fails to compile against OpenSSL 3.0.8 due to missing
  ENGINE_METHOD_ flags.
- Issue 1659 - Unknown named connection error when using different SQL backends.
- Issue 1697 - mod_sql is not properly closing all named backend connections on
  session exit.
- Issue 1694 - SSH key exchanges fail unexpectedly with "unable to write X
  bytes of raw data" errors due to small ProFTPD buffer.
- Issue 1678 - High session memory usage caused by SFTP outgoing data buffering.
- Issue 1683 - Out-of-bounds buffer read when handling FTP commands.
- Issue 1712 - SFTP algorithm settings in <Global> section not being used.

1.3.8 - Released 04-Dec-2022
--------------------------------
- Issue 1488 - 1.3.8rc4 failing to build mod_sftp with OpenSSL 1.1.0 due to
  X448 check.
- Issue 1494 - 1.3.8rc4 failing to build on Solaris due to missing type
  declarations.
- Issue 1500 - mod_ifsession doesn't change the effect of SFTPMaxChannels.
- Issue 1533 - mod_tls module unexpectedly allows TLS handshake after
  authentication in some configurations.
- Issue 1528 - Disable FSCachePolicy by default.
- Issue 1539 - Avoid logging "session closed" messages unless there is a
  corresponding "session opened" log message, to avoid user confusion.
- Issue 1550 - Implement support for the CSID FTP command.
- Bug 4491 - unable to verify signed data: signature type 'rsa-sha2-512' does
  not match publickey algorithm 'ssh-rsa'.
- Issue 1560 - mod_auth_otp improperly allows keyboard-interactive logins for
  users lacking OTP entries.

1.3.8rc4 - Released 23-Jul-2022
--------------------------------
- Issue 1434 - mod_sftp should fail on startup when SFTP and TLS are both
  enabled for a vhost.
- Issue 1440 - DelayTable not properly using documented default value.  This
  is a regression caused by the changes for Bug#4020.
- Issue 1444 - Support customizing SSH ciphers, digests, key exchanges via
  SFTPClientMatch.
- Issue 1448 - Ensure that mod_sftp algorithms work properly with OpenSSL 3.x.
- Issue 1445 - BanOnEvent BadProtocol triggers segfault.
- Issue 1439 - SFTP "check-file" implementation computes incorrect results.
- Issue 1457 - Implement SFTPHostKeys directive for configuring the SSH host
  key algorithms.
- Issue 1437 - Implement the "curve448-sha512" SSH key exchange algorithm.
- Issue 1472 - Include directive broken when using wildcards for directory
  components.
- Bug 4485 - mod_sftp fails to build using OpenSSL 1.0.x: undefined reference
  to `EVP_MD_CTX_reset'.
- Issue 1476 - Reload after omitting explicit ModulePath value causes fatal
  module load failures.

1.3.8rc3 - Released 23-Apr-2022
--------------------------------
- Issue 1323 - Support SSH hostkey rotation via OpenSSH extensions.
- Issue 1325 - NLST does not behave consistently for relative paths.
- Bug 3759 - Support AES Galois Counter Mode (AES-GCM) in SSH.  Support for
  the "aes128-gcm@openssh.com" and "aes256-gcm@openssh.com" \ 
ciphers has been
  added to mod_sftp.
- Issue 1333 - Implement an LDAPConnectTimeout directive, to configure the
  timeout used when connecting to LDAP servers.
- Issue 1330 - Implement OpenSSH "Encrypt-Then-MAC" (ETM) algorithm \ 
extensions.
- Issue 1346 - Implement AllowForeignAddress class matching for passive data
  transfers.
- Issue 1353 - Implement support for PCRE2.
- Bug 4466 - ProFTPD won't start with several locales.
- Issue 1367 - Auth sources providing space-bearing user/group names cause
  compliance issues with MLSD/MLST responses.
- Bug 4467 - DeleteAbortedStores removes successfully transferred files
  unexpectedly.
- Issue 1383 - Omit EPRT/EPSV from FEAT response when denied by <Limit>
  configuration.
- Issue 1379 - Support uploading to symlinked files.
- Issue 1401 - Keepalive socket options should be set using IPPROTO_TCP, not
  SOL_SOCKET.
- Issue 1402 - TCP keepalive SocketOptions should apply to control as well as
  data connection.
- Issue 1396 - ProFTPD always uses the same PassivePorts port for first
  transfer.
- Issue 1410 - mod_sftp needs to handle unknown SSH messages in an
  RFC-compliant manner, ignoring rather than disconnecting.
- Issue 1418 - Improve handling of some globally applied configuration
  directives.
- Issue 1369 - Name-based virtual hosts not working as expected after upgrade
  from 1.3.7a to 1.3.7b.

1.3.8rc2 - Released 29-Aug-2021
--------------------------------
- Bug 4401 - mod_sftp crashes when handling aes256-ctr OpenSSH-specific key
  with some old OpenSSL versions.
- Issue 1273 - Improve mod_tls log messages for unsupported older TLS protocol
  requests.
- Issue 1284 - Fix memory disclosure to RADIUS servers by mod_radius.
- Issue 1282 - Properly handle <VirtualHost> sections that use interface/device
  names.
- Bug 4315 - mod_ifsession fails to reset directory config lookup after
  <Directory> section merges.
- Issue 1296 - Support <Limit> configurations for HELP command.
- Issue 1300 - PCRE expressions with capture groups are not being handled
  properly.
- Issue 1307 - AuthUserFile permissions check fails during SIGHUP, causing
  ProFTPD to stop.
- Issue 1286 - Add support for the libidn2 library, over libidn, for e.g.
  mod_rewrite mappings.
- Bug 4443 - Changed the default behavior of mod_tls, such that TLS
  renegotiations on control/data connections are not requested by default.
  TLS renegotiations have a long and sordid history; many SSL/TLS libraries no
  longer implement them, or disable them by default.
- Issue 1319 - mod_auth_otp should honor RequireTableEntry semantics for SFTP
  logins.

1.3.8rc1 - Released 13-Jun-2021
--------------------------------
- Issue 1063 - FTPS data transfers using TLSv1.3 might segfault when session
  tickets cannot be decrypted.
- Issue 1070 - Implement support for Redis 6.x AUTH semantics.
- Issue 1068 - Define an OpenSSL API version compatibility macro, currently
  set to OpenSSL 1.0.0 and later.
- Bug 4405 - Memory use-after-free in mod_sftp causes unexpected
  login/authentication issues.
- Bug 4402 - Inappropriate handling of aborted FTP data transfers causes issues
  for some FTP clients.
- Issue 1084 - Implement support for configuring TLSv1.3 ciphersuites.
- Issue 1086 - Update TLSRenegotiate to work properly for TLSv1.3 sessions.
- Issue 1079 - prxs fails to detect module-specific configure/Makefile,
  leading to unexpected module load errors.
- Issue 1074 - TLS SNI connections to name-based VirtualHosts with
  TLSCertificateChainFile fail unexpectedly.
- Issue 1089 - Deprecate the MultilineRFC2228 directive.
- Issue 1067 - Generate new DH parameters for mod_tls, mod_sftp for 1.3.8.
- Issue 1101 - Update TLS minimum supported DH parameter size to 2048.
- Issue 811 - Support adding custom key/values to RedisLogOnCommand.
- Issue 1106 - TLS SNI can cause mod_quotatab to crash due to null pointer
  dereferences.
- Issue 1076 - TLS client-initiated renegotiations are supported unexpectedly.
- Issue 1105 - Improper handling of multiple IP addresses, ServerAliases in
  <VirtualHost> sections.
- Issue 1048 - Support using weak TLS certificates via the new AllowWeakSecurity
  TLSOption.
- Issue 1149 - mod_quotatab_sql failing due to SQL syntax errors.  This is a
  regression caused by Issue #392.
- Issue 1061 - Freeing uninitialized memory causes SFTP issues with ed25519
  keys.
- Issue 1111 - "Corrupted MAC on input" errors using SFTP \ 
umac-64@openssh.com
  digest.
- Issue 1171 - PassivePort randomization is broken due to SO_REUSEPORT option.
- Issue 1072 - Support configurable certificate settings in Redis SSL/TLS
  connections.
- Issue 369 - Provide function for obtaining memory pool information as e.g.
  JSON.
- Issue 1134 - AuthUserFile-based logins, directory listings are very slow due
  to unbuffered reads.
- Issue 1193 - Improper checking for reused TLS session for data transfers
  using OpenSSL 1.1.1.
- Issue 1168 - Improve error handling of OpenSSH host keys converted to PEM
  format.
- Issue 1179 - TLSRSACertificateKeyFile sanity checks fail unexpectedly for
  passphrase-protected keys.
- Issue 1174 - ftptop segfaults when using libncursesw on Gentoo.
- Issue 1204 - Once TLSTimeoutHandshake is reached, internal "timed \ 
out" flag
  never reset.
- Issue 1133 - Support include files in mod_wrap2 allow/deny tables.
- Issue 1200 - Disconnect SFTP clients that request unsupportable protocol
  versions.
- Issue 1207 - On Gentoo, "./configure --disable-ncurses" fails to \ 
link ftptop,
  due to "undefined reference to symbol 'stdscr'" error.
- Issue 1212 - mod_sql_mysql needs to quote table names due to reserved MySQL
  keywords.
- Issue 1175 - Unable to set per-user TLSOptions using mod_ifsession.
- Issue 754 - Some mod_snmp counters were not being incremented properly.
- Issue 548 - `make install` target should install only, not recompile any code.
- Bug 4428 - <VirtualHost> name resolution does not include all associated
  IPv6 records.
- Issue 1230 - Stack overflow due to unlimited recursion possible when parsing
  JSON text.
- Issue 1232 - Unable to use %{env:FTPS} in a SQLNamedQuery.  The fix is to now
  use %{note:FTPS} instead.
- Issue 1170 - Implement support for user/host combination bans in mod_ban.
- Issue 1246 - mod_sftp_sql crashes (sigsegv) on NULL key.
- Issue 1237 - ftpasswd should default to SHA256, not MD5.
- Issue 490 - Support syntax checks on AuthUserFiles, AuthGroupFiles on startup.
   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2023-07-07 13:44:36 by Jonathan Perkin | Files touched by this commit (4)
Log message:
proftpd: Update to 1.3.7f, and fix msgfmt.

1.3.7f
-------

1.3.7e
-------

  + Ensure that mod_sftp algorithms work properly when OpenSSL 3.x is used.

1.3.7d
-------

  + Improved consistency/support for name-based virtual hosts.
  + Fixed crashes due to very long lines in AuthGroupFiles (Issue #1321).
   2022-09-19 19:36:26 by Nia Alarie | Files touched by this commit (2)
Log message:
proftpd: Apply CHECK_RELRO_SKIP when building modules to fix their build.
   2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952)
Log message:
*: recursive bump for perl 5.36
   2022-03-07 17:27:48 by Nia Alarie | Files touched by this commit (1)
Log message:
proftpd: Disable some overzealous RELRO checks