[ol7_developer_EPEL] proftpd-1.3.5e-8.el7.x86_64

ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.

This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included.

Changelog (Show File list) (Show related packages)

• Fri Nov 29 2019 Paul Howarth <paul@city-fan.org> - 1.3.5e-8

  - Fix handling of CRL lookups by properly using issuer for lookups, and
    guarding against null pointers (GH#858, GH#859, GH#860, GH#861,
    CVE-2019-19269)

• Wed Oct 23 2019 Paul Howarth <paul@city-fan.org> - 1.3.5e-7

  - Fix build compatibility with MySQL 8 (#1764401)
    https://github.com/proftpd/proftpd/issues/824
    https://github.com/proftpd/proftpd/pull/825

• Sun Oct 20 2019 Paul Howarth <paul@city-fan.org> - 1.3.5e-6

  - Fixed pre-authentication remote denial-of-service issue
    (CVE-2019-18217, https://github.com/proftpd/proftpd/issues/846)

• Tue Jul 23 2019 Paul Howarth <paul@city-fan.org> - 1.3.5e-5

  - An arbitrary file copy vulnerability in mod_copy in ProFTPD allowed for
    remote code execution and information disclosure without authentication
    (CVE-2019-12815)
    http://bugs.proftpd.org/show_bug.cgi?id=4372
    https://github.com/proftpd/proftpd/pull/816

• Thu Dec 07 2017 Paul Howarth <paul@city-fan.org> - 1.3.5e-4

  - Add InsecureHostKeyPerms SFTP option (#1522998, upstream bug 4098)

• Wed Sep 20 2017 Paul Howarth <paul@city-fan.org> - 1.3.5e-3

  - Add sqlite sub-package with mod_sql_sqlite for SQLite support (#1328321)

• Wed May 03 2017 Paul Howarth <paul@city-fan.org> - 1.3.5e-2

  - AllowChrootSymlinks off could cause login failures depending on filesystem
    permissions: use the IDs of the logging-in user to perform the directory
    walk, looking for symlinks, to be more consistent with similar checks done
    during login (#1443507, upstream bug 4306)
  - Crypt::CrackLib always available now

• Mon Apr 10 2017 Paul Howarth <paul@city-fan.org> - 1.3.5e-1

  - Update to 1.3.5e
    - SFTP clients using umac-64@openssh.com digest failed to connect
      (upstream bug 4287)
    - SFTP rekeying failure with ProFTPD 1.3.5d, caused by null pointer
      dereference (upstream bug 4288)
    - AllowChrootSymlinks off did not check entire DefaultRoot path for symlinks
      (CVE-2017-7418, upstream bug 4295)
  - Change shellbangs in shipped perl scripts to use system perl
  - Drop EL-5 support
    - Drop BuildRoot: and Group: tags
    - Drop explicit buildroot cleaning in %install section
    - Drop explicit %clean section
    - /etc/pam.d/password-auth always available now
    - pcre 7.0 or later always available now

• Wed Feb 08 2017 Paul Howarth <paul@city-fan.org> - 1.3.5d-2

  - Properly allocate (and clear) the UMAC contexts, to fix segfault in mod_sftp
    (#1420365, upstream bug 4287)

• Mon Jan 16 2017 Paul Howarth <paul@city-fan.org> - 1.3.5d-1

  - Update to 1.3.5d
    - Support OpenSSL 1.1.x API (upstream bug 4275)
    Bug fixes:
    - SSH rekey during authentication can cause issues with clients
      (upstream bug 4254)
    - Recursive SCP uploads of multiple directories not handled properly
      (upstream bug 4257)
    - LIST returns different results for file, depending on path syntax
      (upstream bug 4259)
    - "AuthAliasOnly on" in server config breaks anonymous logins
      (upstream bug 4255)
    - CapabilitiesEngine directive not honored for <IfUser>/<IfGroup> sections
      (upstream bug 4272)
    - Memory leak when mod_facl is used (upstream bug 4278)
    - All FTP logins treated as anonymous logins again (upstream bug 4283,
      regression in 1.3.5c of upstream bug 3307)