Next | Query returned 126 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:

   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2023-07-07 13:44:36 by Jonathan Perkin | Files touched by this commit (4)
Log message:
proftpd: Update to 1.3.7f, and fix msgfmt.



  + Ensure that mod_sftp algorithms work properly when OpenSSL 3.x is used.


  + Improved consistency/support for name-based virtual hosts.
  + Fixed crashes due to very long lines in AuthGroupFiles (Issue #1321).
   2022-09-19 19:36:26 by Nia Alarie | Files touched by this commit (2)
Log message:
proftpd: Apply CHECK_RELRO_SKIP when building modules to fix their build.
   2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952)
Log message:
*: recursive bump for perl 5.36
   2022-03-07 17:27:48 by Nia Alarie | Files touched by this commit (1)
Log message:
proftpd: Disable some overzealous RELRO checks
   2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958)
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):


The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
   2021-10-21 09:52:42 by Thomas Merkel | Files touched by this commit (1)
Log message:
net/proftpd: Fix digests (patches) for distfiles
   2021-10-16 21:46:42 by Thomas Merkel | Files touched by this commit (16)
Log message:
Update proftpd to 1.3.7c

  + Fix memory disclosure to RADIUS servers by mod_radius (Issue #1284).
  + PCRE expressions with capture groups were not being handled properly
    (Issue #1300).

  + Fixed occasional segfaults with FTPS data transfers using TLSv1.3, when
    session tickets cannot be decrypted (Issue #1063).
  + Passive transfers fail unexpectedly due to use of SO_REUSEPORT socket
    option (Issue #1171).
  + Implemented support for Redis 6.x AUTH semantics (Issue #1070).
  + Fixed memory use-after-free issue in mod_sftp which can cause unexpected
    login/authentication issues.
  + Fixed SQL syntax regression for some generated SQL statements
    (Issue #1149).
  + Fixed "Corrupted MAC on inptut" errors when SFTP uses the digest (Issue #1111).

  + Fix build-time regression when using the --localstatedir configure option.

  + Support the SOURCE_DATE_EPOCH environment variable, for reproducible
    builds (Issue #1038).

  + Implemented support for configuring certificate options for LDAP
    connections using SSL/TLS.
  + Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
  + Fixed handling of IPv6 addresses in From directives (Issue #682).
  + Added -b and -n command-line options to ftptop.
  + Ignore supplemental groups when run as non-root user (Issue #808).
  + Use re-entrant versions of time functions where available (Issue #983).
  + New Configuration Directives
      The BanOptions directive is used to tune mod_ban behavior, such as
      creating ban entries that match/apply to all <VirtualHost> sections.
      See doc/contrib/mod_ban.html#BanOptions for more details.
      The LDAPUseSASL directive configures a list of SASL authentication
      mechanisms to use, when using the LDAPBindDN to bind to the LDAP
      server.  See doc/contrib/mod_ldap.html#LDAPUseSASL for details.
      The LogOptions directive is used to modify the default logging format
      for ProFTPD syslog, debug, and module logging.  See
      doc/modules/mod_log.html#LogOptions for more information.
      The SQLKeepAlive directive configures a periodic "keepalive" query
      for ensuring the connection between mod_sql and the backend database
      server.  See doc/contrib/mod_sql.html#SQLKeepAlive for more information.
  + Changed Configuration Directives
      The LDAPServer directive now supports configuring the trusted CA
      file, client certificate and key files, SSL ciphers, and verification
      policies for LDAP connections.  See doc/contrib/mod_ldap.html#LDAPServer
      for more details.
      The TraceOptions directive now supports a "Timestamp" option, for
      disabling inclusion of timestamps in Trace logs.
  + Developer notes
    When MaxLoginAttempts is reach, the POST_CMD_ERR/LOG_CMD_ERR command
    handler phases will now run.  This allows interested modules, such
    as mod_exec and others, to react to these events (Issue #718).

  + Fixed regression in directory listing latency (Issue #863).
  + Fixed use-after-free vulnerability during data transfers (Issue #903).
  + Addressed out-of-bounds read in mod_cap by removing bundled libcap, and
    relying solely on the system-provided libcap (Issue #902).  Note that
    building ProFTPD from source will *not* automatically include the
    mod_cap module, unless the libcap library is available.
  + mod_sftp now supports OpenSSH-specific private host keys (Issue #793).
    Newer versions of OpenSSH ssh-keygen(1) automatically generate private
    keys formatted with this OpenSSH-specific format.
  + mod_sftp now supports Ed25519 keys (Bug #4221).
  + mod_sftp now supports RSA SHA-2 publickey signatures, per RFC 8332
    (Issue #907).
  + mod_tls now honors client-provided SNI as part of the TLS handshake,
    for implementing name-based virtual hosts via TLS SNI.
  + Changed Configuration Directives
    LogFormat %{transfer-port}
      The LogFormat directive supports a %{transfer-port} variable for
      logging the selected data transfer port.
    SFTPOptions NoExtensionNegotiation
      The mod_sftp module now supports SSH extension negotations (RFC 8332).
      If there any issues with this support, it can be disabled using:
        SFTPOptions NoExtensionNegotiation
    SQLAuthTypes bcrypt
      The mod_sql_passwd module now supports bcrypt-encrypted passwords.
      This can be enabled using:
        SQLAuthTypes bcrypt
      in your mod_sql configuration.  See doc/contrib/mod_sql_password.html
      for more information.
    TLSOption IgnoreSNI
      The TLSOption directive now supports an "IgnoreSNI" setting, to
      tell mod_tls to ignore/not use any SNI, provided by the client in the
      TLS handshake, for determining any name-based virtual hosts.  See
      doc/contrib/mod_tls.html#TLSOption for more details.
  + Added API
    FSIO pread(2), pwrite(2) (Issue#317)

  + Fixed pre-authentication remote denial-of-service issue (Issue #846,

  + RootRevoke is now on by default, meaning that once authentication succeeds,
    all root privileges are dropped by default, unless the UserOwner directive
    (which requires root privileges) is used (Bug#4241).
  + The mod_ident module is no longer automatically built by default.
    To include the mod_ident module in the build, it must be explicitly
    requested via --enable-ident or --with-shared=mod_ident.
    This means that configuration files using the IdentLookups directive
    will now want to using an enclosing <IfModule> section, like so:
      <IfModule mod_ident.c>
        IdentLookups off
  + The mod_tls module now performs basic sanity checks of configured TLS
    files on startup (Issue#491).
  + The mod_deflate module now supports MODE Z data transfers when TLS
    is used (Issue#505).
  + The mod_xfer module now supports the RANG FTP command; see (Issue#351).
  + The ftpasswd script now supports a --change-home option, for changing
    the home directory of a user in an AuthUserFile (Issue#566).
  + The ftpasswd script supports deleting a user from a group (Issue#620).
  + Refactored the LogFormat handling code so that it is not longer
    duplicated by mod_log, mod_sql, etc.  The new Jot API is the common API
    to be used by modules for LogFormat variables and logging.
  + Generated new DH parameters for mod_sftp, mod_tls.
  + New Configuration Directives
      The mod_auth_file module supports a configuration directive for disabling
      its requirement for secure permissions on configured
      AuthUserFile/AuthGroupFile.  See
      doc/modules/mod_auth_file.html#AuthFileOptions for information.
      The mod_redis module can be configured to log JSON messages based on
      specified events (Issue#392).  See the
      doc/modules/mod_redis.html#RedisLogOnEvent documentation for details.
      The mod_redis module now implements a RedisOptions directive, for tuning
      some of the module behavior (Issue#477).  The
      doc/modules/mod_redis.html#RedisOptions documentation has more details.
      The mod_redis module now supports use of Redis Sentinels (Issue#396);
      see doc/modules/mod_redis.html#RedisSentinel.
  + Changed Configuration Directives
    AllowForeignAddress class-name
      The AllowForeignAddress directive supports a Class name, for finer-grained
      control over which clients are allowed to use foreign/mismatching IP
      addresses for transfers.  See
      doc/modules/mod_core.html#AllowForeignAddress for more information.
    ExecEnviron %b
      The ExecEnviron directive has been fixed to properly resolve the %b
      LogFormat variable (Issue#515).
    RedisServer db-index (Issue#550)
      The mod_redis module can now be configured to select a database index
      via the RedisServer directive (Issue#550).  See the
      doc/modules/mod_redis.html#RedisServer documentation for details.
    RewriteMap idnatrans
      The mod_rewrite module can now support rewriting `idn` to `idna`
      formats (Issue#231).  See the doc/modules/mod_rewrite#RewriteMap for
      details on how to do so.
    RootRevoke on
      The RootRevoke directive is now enabled by default (Bug#4241).  This
      makes for more secure configurations/sessions out-of-the-box.  See
      doc/modules/mod_auth.html#RootRevoke for more information.
    SFTPCiphers, SFTPDigests
      Some weak algorithms are now disabled by default in mod_sftp (Bug#4279).
      These algorithms, if need be, can be explicitly enabled by configuration;
      they are just not enabled automatically.  For list of the algorithms
      affected, see doc/contrib/mod_sftp.html#SFTPCiphers,
    SFTPOptions IncludeSFTPTimes
      The SFTOptions directive of mod_sftp now supports an option for explicitly
      including the timestamps of files when SFTP protocol 4 and higher are
      used, even if the SFTP client did not request these timestamps.  This
      works around a bug in the popular Rebex SFTP library; see
      doc/contrib/mod_sftp.html#SFTPOptions for details.
    TLSProtocol TLSv1.3
      The mod_tls module, and its TLSProtocol directive, now support TLSv1.3
      (Issue#536).  See doc/contrib/mod_tls.html#TLSProtocol for more
      The TLSServerCipherPreference directive is now enabled by default.
      See doc/contrib/mod_tls.html#TLSServerCipherPrefrence.
    TLSStaplingOptions NoFakeTryLater
      Some TLS clients have trouble with the "fake" OCSP response that \ 
      might stable, when the client requested stapled OCSP responses and
      mod_tls is unable to contact the OCSP responder.  Use this option to
      disable such fake responses (Issue#518):
        TLSStaplingOptions NoFakeTryLater
      See doc/contrib/mod_tls.html#TLSStaplingOptions for details.
  + Removed Configuration Directives
    The following directives have been removed:
   2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962)
Log message:
net: Remove SHA1 hashes for distfiles
   2021-05-24 21:56:06 by Thomas Klausner | Files touched by this commit (3575)
Log message:
*: recursive bump for perl 5.34

Next | Query returned 126 messages, browsing 1 to 10 | Previous