-
Sun Jul 24 2022 Paul Howarth <paul@city-fan.org> - 1.3.8-0.3.rc4
- Update to 1.3.8rc4
- mod_sftp should fail on startup when SFTP and TLS are both enabled for a
vhost (GH#1434)
- DelayTable not properly using documented default value; this is a
regression caused by the changes for Bug#4020 (GH#1440)
- Support customizing SSH ciphers, digests, key exchanges via SFTPClientMatch
(GH#1444)
- Ensure that mod_sftp algorithms work properly with OpenSSL 3.x (GH#1448)
- BanOnEvent BadProtocol triggers segfault (GH#1445)
- SFTP "check-file" implementation computes incorrect results (GH#1439)
- Implement SFTPHostKeys directive for configuring the SSH host key
algorithms (GH#1457)
- Implement the "curve448-sha512" SSH key exchange algorithm (GH#1437)
- Include directive broken when using wildcards for directory components
(GH#1472)
- mod_sftp fails to build using OpenSSL 1.0.x: undefined reference to
'EVP_MD_CTX_reset' (Bug #4485)
- Reload after omitting explicit ModulePath value causes fatal module load
failures (GH#1476)
- Drop pcre build dependency since we have been explicitly disabling it for the
last 5 years anyway
- Fix X448 support check to fail properly with OpenSSL 1.1.0 (GH#1488)
-
Mon Apr 25 2022 Paul Howarth <paul@city-fan.org> - 1.3.8-0.2.rc3
- Update to 1.3.8rc3
- Support SSH hostkey rotation via OpenSSH extensions (GH#1323)
- NLST did not behave consistently for relative paths (GH#1325)
- Support AES Galois Counter Mode (AES-GCM) in SSH; support for the
"aes128-gcm@openssh.com" and "aes256-gcm@openssh.com" ciphers has been
added to mod_sftp (Bug #3759)
- Implement an LDAPConnectTimeout directive, to configure the timeout used
when connecting to LDAP servers (GH#1333)
- Implement OpenSSH "Encrypt-Then-MAC" (ETM) algorithm extensions (GH#1330)
- Implement AllowForeignAddress class matching for passive data transfers
(GH#1346)
- Implement support for PCRE2 (GH#1353)
- ProFTPD wouldn't start with several locales (Bug #4466)
- Auth sources providing space-bearing user/group names caused compliance
issues with MLSD/MLST responses (GH#1367)
- DeleteAbortedStores removed successfully transferred files unexpectedly
(Bug #4467)
- Omit EPRT/EPSV from FEAT response when denied by <Limit> configuration
(GH#1383)
- Support uploading to symlinked files (GH#1379)
- Keepalive socket options should be set using IPPROTO_TCP, not SOL_SOCKET
(GH#1401)
- TCP keepalive SocketOptions should apply to control as well as data
connection (GH#1402)
- ProFTPD always used the same PassivePorts port for first transfer (GH#1396)
- mod_sftp needs to handle unknown SSH messages in an RFC-compliant manner,
ignoring rather than disconnecting (GH#1410)
- Improve handling of some globally applied configuration directives (GH#1418)
- Name-based virtual hosts not working as expected after upgrade from 1.3.7a
to 1.3.7b (GH#1369)
-
Mon Dec 20 2021 Paul Howarth <paul@city-fan.org> - 1.3.8-0.1.rc2
- Update to 1.3.8rc2
- mod_sftp crashes when handling aes256-ctr OpenSSH-specific key with some
old OpenSSL versions (Bug #4401)
- mod_ifsession failed to reset directory config lookup after <Directory>
section merges (Bug #4315)
- Support <Limit> configurations for HELP command (GH#1296)
- Add support for the libidn2 library, over libidn, for e.g. mod_rewrite
mappings (GH#1286)
- Changed the default behaviour of mod_tls, such that TLS renegotiations on
control/data connections are not requested by default - TLS renegotiations
have a long and sordid history; many SSL/TLS libraries no longer implement
them, or disable them by default (Bug #4443)
- mod_auth_otp should honor RequireTableEntry semantics for SFTP logins
(GH#1319)
- Build with libidn2 support
- Drop support for EOL distributions prior to EL-7
- Always use systemd and assume preset support
- %{rundir} is always /run
- Use systemd scriptlet macros from systemd-rpm-macros
- Always use libmemcached
- Use %license unconditionally
- Fix use of deprecated check APIs (GH#1262)
-
Sun Sep 05 2021 Paul Howarth <paul@city-fan.org> - 1.3.7c-2
- Update to mod_vroot 0.9.9
-
Tue Aug 31 2021 Paul Howarth <paul@city-fan.org> - 1.3.7c-1
- Update to 1.3.7c
- Improve mod_tls log messages for unsupported older TLS protocol requests
(GH#1273)
- Fix memory disclosure to RADIUS servers by mod_radius (GH#1284)
- Properly handle <VirtualHost> sections that use interface/device names
(GH#1282)
- PCRE expressions with capture groups are not being handled properly
(GH#1300)
- AuthUserFile permissions check fails during SIGHUP, causing ProFTPD to
stop (GH#1307)
-
Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.7b-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
Tue Jun 22 2021 Paul Howarth <paul@city-fan.org> - 1.3.7b-2
- BR: glibc-gconv-extra for API tests from Fedora 35 onwards
-
Mon Jun 14 2021 Paul Howarth <paul@city-fan.org> - 1.3.7b-1
- Update to 1.3.7b
- Fixed occasional segfaults with FTPS data transfers using TLSv1.3, when
session tickets could not be decrypted (GH#1063)
- Passive transfers failed unexpectedly due to use of SO_REUSEPORT socket
option (GH#1171)
- Implemented support for Redis 6.x AUTH semantics (GH#1070)
- Fixed memory use-after-free issue in mod_sftp, which could cause unexpected
login/authentication issues
- Fixed SQL syntax regression for some generated SQL statements (GH#1149)
- Fixed "Corrupted MAC on input" errors when SFTP uses the
umac-64@openssh.com digest (GH#1111)
-
Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1.3.7a-6
- Rebuild for libpq ABI fix rhbz#1908268
-
Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.7a-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild