Name: | proftpd |
Version: | 1.3.5e |
Release: | 10.el7 |
Architecture: | x86_64 |
Group: | Unspecified |
Size: | 10144955 |
License: | GPLv2+ |
RPM: |
proftpd-1.3.5e-10.el7.x86_64.rpm
|
Source RPM: |
proftpd-1.3.5e-10.el7.src.rpm
|
Build Date: | Thu Oct 08 2020 |
Build Host: | jenkins-172-17-0-2-a0835f5e-7336-4d72-becb-6d096d059878.appad3iad.osdevelopmeniad.oraclevcn.com |
Vendor: | Oracle America |
URL: | http://www.proftpd.org/ |
Summary: | Flexible, stable and highly-configurable FTP server |
Description: | ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.
This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included. |
-
Mon Sep 14 2020 Paul Howarth <paul@city-fan.org> - 1.3.5e-10
- Fix null pointer dereference for invalid SCP command by passing the
correct argument count to getopt(3)
https://github.com/proftpd/proftpd/issues/1043
https://github.com/proftpd/proftpd/pull/1044
https://bugzilla.redhat.com/show_bug.cgi?id=1878869
-
Wed Feb 19 2020 Paul Howarth <paul@city-fan.org> - 1.3.5e-9
- Fix use-after-free vulnerability in memory pools during data transfer
(CVE-2020-9273, https://github.com/proftpd/proftpd/issues/903)
- mod_sftp: When handling the 'keyboard-interactive' authentication mechanism,
as used for (e.g.) PAM, make sure to properly handle DEBUG, IGNORE,
DISCONNECT, and UNIMPLEMENTED messages, per RFC 4253
http://bugs.proftpd.org/show_bug.cgi?id=4385
-
Fri Nov 29 2019 Paul Howarth <paul@city-fan.org> - 1.3.5e-8
- Fix handling of CRL lookups by properly using issuer for lookups, and
guarding against null pointers (GH#858, GH#859, GH#860, GH#861,
CVE-2019-19269, CVE-2019-19270, CVE-2019-19271, CVE-2019-19272)
-
Wed Oct 23 2019 Paul Howarth <paul@city-fan.org> - 1.3.5e-7
- Fix build compatibility with MySQL 8 (#1764401)
https://github.com/proftpd/proftpd/issues/824
https://github.com/proftpd/proftpd/pull/825
-
Sun Oct 20 2019 Paul Howarth <paul@city-fan.org> - 1.3.5e-6
- Fixed pre-authentication remote denial-of-service issue
(CVE-2019-18217, https://github.com/proftpd/proftpd/issues/846)
-
Tue Jul 23 2019 Paul Howarth <paul@city-fan.org> - 1.3.5e-5
- An arbitrary file copy vulnerability in mod_copy in ProFTPD allowed for
remote code execution and information disclosure without authentication
(CVE-2019-12815)
http://bugs.proftpd.org/show_bug.cgi?id=4372
https://github.com/proftpd/proftpd/pull/816
-
Thu Dec 07 2017 Paul Howarth <paul@city-fan.org> - 1.3.5e-4
- Add InsecureHostKeyPerms SFTP option (#1522998, upstream bug 4098)
-
Wed Sep 20 2017 Paul Howarth <paul@city-fan.org> - 1.3.5e-3
- Add sqlite sub-package with mod_sql_sqlite for SQLite support (#1328321)
-
Wed May 03 2017 Paul Howarth <paul@city-fan.org> - 1.3.5e-2
- AllowChrootSymlinks off could cause login failures depending on filesystem
permissions: use the IDs of the logging-in user to perform the directory
walk, looking for symlinks, to be more consistent with similar checks done
during login (#1443507, upstream bug 4306)
- Crypt::CrackLib always available now
-
Mon Apr 10 2017 Paul Howarth <paul@city-fan.org> - 1.3.5e-1
- Update to 1.3.5e
- SFTP clients using umac-64@openssh.com digest failed to connect
(upstream bug 4287)
- SFTP rekeying failure with ProFTPD 1.3.5d, caused by null pointer
dereference (upstream bug 4288)
- AllowChrootSymlinks off did not check entire DefaultRoot path for symlinks
(CVE-2017-7418, upstream bug 4295)
- Change shellbangs in shipped perl scripts to use system perl
- Drop EL-5 support
- Drop BuildRoot: and Group: tags
- Drop explicit buildroot cleaning in %install section
- Drop explicit %clean section
- /etc/pam.d/password-auth always available now
- pcre 7.0 or later always available now