./net/proftpd-ldap, LDAP module for ProFTPD

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.3.8b, Package name: proftpd-ldap-1.3.8b, Maintainer: pkgsrc-users

The ProFTPD mod_conf_ldap module can be used to store configuration
information, as would normally be found in the proftpd.conf file, in LDAP
directories, and to have proftpd consequently retrieve that configuration
information.


Required to run:
[databases/openldap-client] [lang/perl5] [net/proftpd] [security/openssl]

Required to build:
[pkgtools/cwrappers]

Package options: inet6, pam

Master sites: (Expand)

Filesize: 19289.852 KB

Version history: (Expand)


CVS history: (Expand)


   2023-12-20 18:05:01 by Thomas Klausner | Files touched by this commit (16) | Package updated
Log message:
proftpd*: update to 1.3.8b

1.3.8b - Released 19-Dec-2023
--------------------------------
- Issue 1735 - Compiling ProFTPD 1.3.8a mod_sftp, mod_tls using libressl 3.7.3
  fails.
- Issue 1756 - Build system fails for specific module names.
- Issue 1760 - mod_sftp is affected by "Terrapin" Prefix Truncation \ 
Attacks in
  SSH Specification (CVE-2023-48795).

1.3.8a - Released 08-Oct-2023
--------------------------------
- Issue 1581 - mod_sftp fails to handle SFTP requests to truncate files to
  zero size.
- Issue 1584 - mod_sftp improperly handles SFTP WRITE requests for files opened
  for appending.
- Issue 1568 - Build-time detection of Linux POSIX ACL support broken since
  1.3.8rc2.
- Issue 1590 - Unable to load mod_rewrite as a dynamic module due to
  incomplete/missing library linker flags.
- Issue 1597 - <Class> section is allowed to be in <Global>, but \ 
From directive
  is not.
- Issue 1617 - ExtendedLog SSH, SFTP classes not working as expected.
- Issue 1646 - mod_sftp does not handle multiple concurrent open file
  handles/transfers well for logging.
- Issue 1679 - "TLSRequired off" plus Protocols directive causes mod_tls to
  terminate the session abruptly.
- Issue 1689 - mod_tls fails to compile against OpenSSL 3.0.8 due to missing
  ENGINE_METHOD_ flags.
- Issue 1659 - Unknown named connection error when using different SQL backends.
- Issue 1697 - mod_sql is not properly closing all named backend connections on
  session exit.
- Issue 1694 - SSH key exchanges fail unexpectedly with "unable to write X
  bytes of raw data" errors due to small ProFTPD buffer.
- Issue 1678 - High session memory usage caused by SFTP outgoing data buffering.
- Issue 1683 - Out-of-bounds buffer read when handling FTP commands.
- Issue 1712 - SFTP algorithm settings in <Global> section not being used.

1.3.8 - Released 04-Dec-2022
--------------------------------
- Issue 1488 - 1.3.8rc4 failing to build mod_sftp with OpenSSL 1.1.0 due to
  X448 check.
- Issue 1494 - 1.3.8rc4 failing to build on Solaris due to missing type
  declarations.
- Issue 1500 - mod_ifsession doesn't change the effect of SFTPMaxChannels.
- Issue 1533 - mod_tls module unexpectedly allows TLS handshake after
  authentication in some configurations.
- Issue 1528 - Disable FSCachePolicy by default.
- Issue 1539 - Avoid logging "session closed" messages unless there is a
  corresponding "session opened" log message, to avoid user confusion.
- Issue 1550 - Implement support for the CSID FTP command.
- Bug 4491 - unable to verify signed data: signature type 'rsa-sha2-512' does
  not match publickey algorithm 'ssh-rsa'.
- Issue 1560 - mod_auth_otp improperly allows keyboard-interactive logins for
  users lacking OTP entries.

1.3.8rc4 - Released 23-Jul-2022
--------------------------------
- Issue 1434 - mod_sftp should fail on startup when SFTP and TLS are both
  enabled for a vhost.
- Issue 1440 - DelayTable not properly using documented default value.  This
  is a regression caused by the changes for Bug#4020.
- Issue 1444 - Support customizing SSH ciphers, digests, key exchanges via
  SFTPClientMatch.
- Issue 1448 - Ensure that mod_sftp algorithms work properly with OpenSSL 3.x.
- Issue 1445 - BanOnEvent BadProtocol triggers segfault.
- Issue 1439 - SFTP "check-file" implementation computes incorrect results.
- Issue 1457 - Implement SFTPHostKeys directive for configuring the SSH host
  key algorithms.
- Issue 1437 - Implement the "curve448-sha512" SSH key exchange algorithm.
- Issue 1472 - Include directive broken when using wildcards for directory
  components.
- Bug 4485 - mod_sftp fails to build using OpenSSL 1.0.x: undefined reference
  to `EVP_MD_CTX_reset'.
- Issue 1476 - Reload after omitting explicit ModulePath value causes fatal
  module load failures.

1.3.8rc3 - Released 23-Apr-2022
--------------------------------
- Issue 1323 - Support SSH hostkey rotation via OpenSSH extensions.
- Issue 1325 - NLST does not behave consistently for relative paths.
- Bug 3759 - Support AES Galois Counter Mode (AES-GCM) in SSH.  Support for
  the "aes128-gcm@openssh.com" and "aes256-gcm@openssh.com" \ 
ciphers has been
  added to mod_sftp.
- Issue 1333 - Implement an LDAPConnectTimeout directive, to configure the
  timeout used when connecting to LDAP servers.
- Issue 1330 - Implement OpenSSH "Encrypt-Then-MAC" (ETM) algorithm \ 
extensions.
- Issue 1346 - Implement AllowForeignAddress class matching for passive data
  transfers.
- Issue 1353 - Implement support for PCRE2.
- Bug 4466 - ProFTPD won't start with several locales.
- Issue 1367 - Auth sources providing space-bearing user/group names cause
  compliance issues with MLSD/MLST responses.
- Bug 4467 - DeleteAbortedStores removes successfully transferred files
  unexpectedly.
- Issue 1383 - Omit EPRT/EPSV from FEAT response when denied by <Limit>
  configuration.
- Issue 1379 - Support uploading to symlinked files.
- Issue 1401 - Keepalive socket options should be set using IPPROTO_TCP, not
  SOL_SOCKET.
- Issue 1402 - TCP keepalive SocketOptions should apply to control as well as
  data connection.
- Issue 1396 - ProFTPD always uses the same PassivePorts port for first
  transfer.
- Issue 1410 - mod_sftp needs to handle unknown SSH messages in an
  RFC-compliant manner, ignoring rather than disconnecting.
- Issue 1418 - Improve handling of some globally applied configuration
  directives.
- Issue 1369 - Name-based virtual hosts not working as expected after upgrade
  from 1.3.7a to 1.3.7b.

1.3.8rc2 - Released 29-Aug-2021
--------------------------------
- Bug 4401 - mod_sftp crashes when handling aes256-ctr OpenSSH-specific key
  with some old OpenSSL versions.
- Issue 1273 - Improve mod_tls log messages for unsupported older TLS protocol
  requests.
- Issue 1284 - Fix memory disclosure to RADIUS servers by mod_radius.
- Issue 1282 - Properly handle <VirtualHost> sections that use interface/device
  names.
- Bug 4315 - mod_ifsession fails to reset directory config lookup after
  <Directory> section merges.
- Issue 1296 - Support <Limit> configurations for HELP command.
- Issue 1300 - PCRE expressions with capture groups are not being handled
  properly.
- Issue 1307 - AuthUserFile permissions check fails during SIGHUP, causing
  ProFTPD to stop.
- Issue 1286 - Add support for the libidn2 library, over libidn, for e.g.
  mod_rewrite mappings.
- Bug 4443 - Changed the default behavior of mod_tls, such that TLS
  renegotiations on control/data connections are not requested by default.
  TLS renegotiations have a long and sordid history; many SSL/TLS libraries no
  longer implement them, or disable them by default.
- Issue 1319 - mod_auth_otp should honor RequireTableEntry semantics for SFTP
  logins.

1.3.8rc1 - Released 13-Jun-2021
--------------------------------
- Issue 1063 - FTPS data transfers using TLSv1.3 might segfault when session
  tickets cannot be decrypted.
- Issue 1070 - Implement support for Redis 6.x AUTH semantics.
- Issue 1068 - Define an OpenSSL API version compatibility macro, currently
  set to OpenSSL 1.0.0 and later.
- Bug 4405 - Memory use-after-free in mod_sftp causes unexpected
  login/authentication issues.
- Bug 4402 - Inappropriate handling of aborted FTP data transfers causes issues
  for some FTP clients.
- Issue 1084 - Implement support for configuring TLSv1.3 ciphersuites.
- Issue 1086 - Update TLSRenegotiate to work properly for TLSv1.3 sessions.
- Issue 1079 - prxs fails to detect module-specific configure/Makefile,
  leading to unexpected module load errors.
- Issue 1074 - TLS SNI connections to name-based VirtualHosts with
  TLSCertificateChainFile fail unexpectedly.
- Issue 1089 - Deprecate the MultilineRFC2228 directive.
- Issue 1067 - Generate new DH parameters for mod_tls, mod_sftp for 1.3.8.
- Issue 1101 - Update TLS minimum supported DH parameter size to 2048.
- Issue 811 - Support adding custom key/values to RedisLogOnCommand.
- Issue 1106 - TLS SNI can cause mod_quotatab to crash due to null pointer
  dereferences.
- Issue 1076 - TLS client-initiated renegotiations are supported unexpectedly.
- Issue 1105 - Improper handling of multiple IP addresses, ServerAliases in
  <VirtualHost> sections.
- Issue 1048 - Support using weak TLS certificates via the new AllowWeakSecurity
  TLSOption.
- Issue 1149 - mod_quotatab_sql failing due to SQL syntax errors.  This is a
  regression caused by Issue #392.
- Issue 1061 - Freeing uninitialized memory causes SFTP issues with ed25519
  keys.
- Issue 1111 - "Corrupted MAC on input" errors using SFTP \ 
umac-64@openssh.com
  digest.
- Issue 1171 - PassivePort randomization is broken due to SO_REUSEPORT option.
- Issue 1072 - Support configurable certificate settings in Redis SSL/TLS
  connections.
- Issue 369 - Provide function for obtaining memory pool information as e.g.
  JSON.
- Issue 1134 - AuthUserFile-based logins, directory listings are very slow due
  to unbuffered reads.
- Issue 1193 - Improper checking for reused TLS session for data transfers
  using OpenSSL 1.1.1.
- Issue 1168 - Improve error handling of OpenSSH host keys converted to PEM
  format.
- Issue 1179 - TLSRSACertificateKeyFile sanity checks fail unexpectedly for
  passphrase-protected keys.
- Issue 1174 - ftptop segfaults when using libncursesw on Gentoo.
- Issue 1204 - Once TLSTimeoutHandshake is reached, internal "timed \ 
out" flag
  never reset.
- Issue 1133 - Support include files in mod_wrap2 allow/deny tables.
- Issue 1200 - Disconnect SFTP clients that request unsupportable protocol
  versions.
- Issue 1207 - On Gentoo, "./configure --disable-ncurses" fails to \ 
link ftptop,
  due to "undefined reference to symbol 'stdscr'" error.
- Issue 1212 - mod_sql_mysql needs to quote table names due to reserved MySQL
  keywords.
- Issue 1175 - Unable to set per-user TLSOptions using mod_ifsession.
- Issue 754 - Some mod_snmp counters were not being incremented properly.
- Issue 548 - `make install` target should install only, not recompile any code.
- Bug 4428 - <VirtualHost> name resolution does not include all associated
  IPv6 records.
- Issue 1230 - Stack overflow due to unlimited recursion possible when parsing
  JSON text.
- Issue 1232 - Unable to use %{env:FTPS} in a SQLNamedQuery.  The fix is to now
  use %{note:FTPS} instead.
- Issue 1170 - Implement support for user/host combination bans in mod_ban.
- Issue 1246 - mod_sftp_sql crashes (sigsegv) on NULL key.
- Issue 1237 - ftpasswd should default to SHA256, not MD5.
- Issue 490 - Support syntax checks on AuthUserFiles, AuthGroupFiles on startup.
   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2023-07-07 13:46:49 by Jonathan Perkin | Files touched by this commit (3)
Log message:
proftpd-*: Reset PKGREVISION.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2016-03-14 23:47:10 by Sebastian Wiedenroth | Files touched by this commit (5)
Log message:
Update net/proftpd (and modules) to 1.3.5b

1.3.5b - Released 10-Mar-2016
--------------------------------
- Bug 4187 - mod_geoip does not load all of the GeoIPTables properly.
- Bug 4191 - "Incorrect string value" reported by mod_sql_mysql for \ 
some UTF8
  characters.
- Bug 4097 - SSH rekey fails when using RSA hostkey smaller than 2048 bits.
- Bug 4198 - MLSD/MLST fact type "cdir" is incorrectly used for the current
  working directory.
- Bug 4201 - HiddenStores temporary files not removed when exceeding quota
  using SCP.
- Bug 4202 - MLSD lines not properly terminated with CRLF.
- Bug 4209 - Zero-length memory allocation possible, with undefined results.
- Bug 4210 - Avoid unbounded SFTP extended attribute key/values.
- Bug 4212 - Ensure that FTP data transfer commands fail appropriately when
  "RootRevoke on" is in effect.
- Bug 4217 - Handle FTP re-authentication attempts better.
- Bug 4223 - Permissions on files uploaded via STOU do not honor configured
  Umask.
- Bug 4227 - Support SFTP clients that send multiple INIT requests.
- Bug 4230 - TLSDHParamFile directive appears ignored because unexpected DH is
  chosen.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813)
Log message:
Bump PKGREVISION for security/openssl ABI bump.