[ol8_developer_EPEL] proftpd-1.3.6e-4.el8.aarch64

Name:	proftpd
Version:	1.3.6e
Release:	4.el8
Architecture:	aarch64
Group:	Unspecified
Size:	12546760
License:	GPLv2+
RPM:	proftpd-1.3.6e-4.el8.aarch64.rpm
Source RPM:	proftpd-1.3.6e-4.el8.src.rpm
Build Date:	Wed Sep 15 2021
Build Host:	host-100-100-224-41.blddevtest1iad.osdevelopmeniad.oraclevcn.com
Vendor:	Oracle America
URL:	http://www.proftpd.org/
Summary:	Flexible, stable and highly-configurable FTP server
Description:	ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included.

Changelog (Show File list) (Show related packages)

Tue Sep 07 2021 Paul Howarth <paul@city-fan.org> - 1.3.6e-4

- Fix memory disclosure to RADIUS servers by mod_radius (#2001690)
  https://github.com/proftpd/proftpd/issues/1284
  https://github.com/proftpd/proftpd/pull/1285

Tue Jun 29 2021 Paul Howarth <paul@city-fan.org> - 1.3.6e-3

- Avoid segfaults with TLSv1.3
  https://github.com/proftpd/proftpd/issues/1063
  https://github.com/proftpd/proftpd/commit/adf43dd4ddaab0332e74abc86bbcef9cf27ee54a
- Use %license unconditionally

Tue Nov 24 2020 Paul Howarth <paul@city-fan.org> - 1.3.6e-2
```
- Package mod_unique_id (#1901100)
```

Tue Jul 21 2020 Paul Howarth <paul@city-fan.org> - 1.3.6e-1

- Update to 1.3.6e
  - Fixed null pointer dereference in mod_sftp when using SCP incorrectly
    (https://github.com/proftpd/proftpd/issues/1043)

Sun May 31 2020 Paul Howarth <paul@city-fan.org> - 1.3.6d-1

- Update to 1.3.6d
  - Fixed issue with FTPS uploads of large files using TLSv1.3
    (https://github.com/proftpd/proftpd/issues/959)
  - Fixed regression in the handling of '%{env:...}' configuration variables
    when the environment variable is not present
    (https://github.com/proftpd/proftpd/issues/857)
  - Second LIST of the same symlink shows different results
    (https://github.com/proftpd/proftpd/issues/940)
  - mod_sftp sends broken response when CREATETIME attribute is requested
    (https://github.com/proftpd/proftpd/issues/980)
  - Handle zero-length SFTP WRITE requests without error
    (http://bugs.proftpd.org/show_bug.cgi?id=4398)
  - PidFile should not be world-writable
    (https://github.com/proftpd/proftpd/issues/1018)
  - TLSv1.3 handshake fails due to missing session ticket key on some systems
    (https://github.com/proftpd/proftpd/issues/1014)
  - Lowercased FTP commands not properly identified
    (https://github.com/proftpd/proftpd/issues/1023)

Sat May 09 2020 Paul Howarth <paul@city-fan.org> - 1.3.6c-3

- Avoid duplicate hostname and timestamps in syslog (#1808989)
  http://bugs.proftpd.org/show_bug.cgi?id=4185
  https://github.com/proftpd/proftpd/issues/1002
  https://github.com/proftpd/proftpd/pull/1009

Mon Apr 20 2020 Paul Howarth <paul@city-fan.org> - 1.3.6c-2

- Retain a memory pool after an aborted transfer so that the %{transfer-status}
  LogFormat functionality still works
- Own directory %{_sysconfdir}/logrotate.d

Wed Feb 19 2020 Paul Howarth <paul@city-fan.org> - 1.3.6c-1

- Update to 1.3.6c
  - Use-after-free vulnerability in memory pools during data transfer
    (CVE-2020-9273, https://github.com/proftpd/proftpd/issues/903)
  - Fix mod_tls compilation with LibreSSL 2.9.x
    (https://github.com/proftpd/proftpd/issues/810)
  - MaxClientsPerUser was not enforced for SFTP logins when mod_digest was
    enabled (https://github.com/proftpd/proftpd/issues/750)
  - mod_sftp now handles an OpenSSH-specific private key format; it detects
    such keys, and logs a hint about reformatting them to a supported format
    (https://github.com/proftpd/proftpd/issues/793)
  - Directory listing was slower compared to previous ProFTPD versions
    (https://github.com/proftpd/proftpd/issues/793)
  - mod_sftp crashed when using pubkey-auth with DSA keys
    (https://github.com/proftpd/proftpd/issues/866)
  - Fix improper handling of TLS CRL lookups (CVE-2019-19269, CVE-2019-19270,
    https://github.com/proftpd/proftpd/issues/859)
  - Leaking PAM handler and data in case of unsuccessful authentication
    (https://github.com/proftpd/proftpd/issues/870)
  - SSH authentication failed for many clients due to receiving of
    SSH_MSG_IGNORE packet (http://bugs.proftpd.org/show_bug.cgi?id=4385)
  - SFTP publickey authentication failed unexpectedly when user had no shadow
    password info. (https://github.com/proftpd/proftpd/issues/890)
  - ftpasswd failed to restore password file permissions in some cases
    (https://github.com/proftpd/proftpd/issues/898)
  - Out-of-bounds read in mod_cap getstateflags() function; this has been
    addressed by updating the bundled version of libcap
    (CVE-2020-9272, https://github.com/proftpd/proftpd/issues/902)
    Note that this build of ProFTPD uses the system version of libcap and not
    the bundled version, and is not vulnerable to this issue

Wed Jan 22 2020 Paul Howarth <paul@city-fan.org> - 1.3.6b-3

- Fix API tests compile failure with GCC 10
  https://github.com/proftpd/proftpd/pull/886
- mod_sftp: When handling the 'keyboard-interactive' authentication mechanism,
  as used for (e.g.) PAM, make sure to properly handle DEBUG, IGNORE,
  DISCONNECT, and UNIMPLEMENTED messages, per RFC 4253
  (http://bugs.proftpd.org/show_bug.cgi?id=4385)

Fri Nov 29 2019 Paul Howarth <paul@city-fan.org> - 1.3.6b-2

- Fix handling of CRL lookups by properly using issuer for lookups, and
  guarding against null pointers (GH#859, GH#861, CVE-2019-19269,
  CVE-2019-19270)