| Name: | proftpd |
|---|---|
| Version: | 1.3.8d |
| Release: | 1.el9 |
| Architecture: | aarch64 |
| Group: | Unspecified |
| Size: | 10881636 |
| License: | GPL-2.0-or-later |
| RPM: | proftpd-1.3.8d-1.el9.aarch64.rpm |
| Source RPM: | proftpd-1.3.8d-1.el9.src.rpm |
| Build Date: | Fri Mar 28 2025 |
| Build Host: | build-ol9-aarch64.oracle.com |
| Vendor: | Oracle America |
| URL: | http://www.proftpd.org/ |
| Summary: | Flexible, stable and highly-configurable FTP server |
| Description: | ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. |
- Update to 1.3.8d
- Use of HideNoAccess for SFTP sessions can lead to segfault and/or
unexpected behaviour (GH#1855)
- SFTP channel allocations can lead to high memory utilization over time
(GH#1876)
- Avoid NULL pointer dereferences in mod_ls (GH#1866, CVE-2024-57392)
- Avoid NULL pointer dereferences in mod_ls (CVE-2024-57392) - https://github.com/proftpd/proftpd/issues/1866
- Update to 1.3.8c
- Using FTPS after upgrading from 1.3.8a to 1.3.8b lead to crash (GH#1770)
- Bad handling of lack of extended attributes lead to SFTP out of memory
error (GH#1785)
- mod_sftp_sql logged "header value too long" due to unexpected key header
text (GH#1529)
- SSH ECDSA host key algorithms were not used as expected despite configuring
appropriate key (GH#1839)
- RADIUS Message-Authenticator verification failed with ProFTPD mod_radius
(GH#1840)
- Supplemental group inheritance granted unintended access to GID 0 due to
lack of supplemental groups from mod_sql (GH#1830)
- Fix RADIUS Message-Authenticator verification in mod_radius - https://github.com/proftpd/proftpd/issues/1840 - https://bugzilla.redhat.com/show_bug.cgi?id=2325448
- Add 'proxy' sub-package with unbundled mod_proxy (rhbz#2272051) - Update fsio.c: if mkdir fails with EEXIST, also clear the cache (GH#1677)
- Use libsodium to provide ed25519 key support for mod_sftp (#2256340) - Update logrotate snippet to use try-reload-or-restart rather than reload for distributions with systemd 229 or later (PR#3)
- Update to 1.3.8b
- Compiling ProFTPD 1.3.8a mod_sftp, mod_tls using libressl 3.7.3 failed
(GH#1735)
- Build system failed for specific module names (GH#1756)
- "Terrapin" Prefix Truncation Attacks in SSH Specification affected mod_sftp
(CVE-2023-48795, GH#1760)
- Update to 1.3.8a
- Fix mod_sftp failure to handle SFTP requests to truncate files to zero size
(GH#1581)
- Fix mod_sftp improperly handling SFTP WRITE requests for files opened for
appending (GH#1584)
- Build-time detection of Linux POSIX ACL support was broken since 1.3.8rc2
(GH#1568)
- Fix failure to load mod_rewrite as a dynamic module due to
incomplete/missing library linker flags (GH#1590)
- <Class> section is allowed to be in <Global>, but From directive is not
(GH#1597)
- ExtendedLog SSH, SFTP classes not working as expected (GH#1617)
- Fix mod_sftp not handling multiple concurrent open file handles/transfers
well for logging (GH#1646)
- "TLSRequired off" plus Protocols directive caused mod_tls to terminate the
session abruptly (GH#1679)
- Fix mod_tls failure to compile against OpenSSL 3.0.8 due to missing
ENGINE_METHOD_ flags (GH#1689)
- Unknown named connection error when using different SQL backends (GH#1659)
- Fix mod_sql not properly closing all named backend connections on session
exit (GH#1697)
- SSH key exchanges failed unexpectedly with "unable to write X bytes of raw
data" errors due to small ProFTPD buffer (GH#1694)
- Fix high session memory usage caused by SFTP outgoing data buffering
(GH#1678)
- Out-of-bounds buffer read when handling FTP commands (GH#1683,
CVE-2023-51713)
- SFTP algorithm settings in <Global> section were not being used (GH#1712)