1.3.3g - Released 09-Nov-2011
--------------------------------
- Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD.
- Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks.
To disable this countermeasure, which may cause interoperability issues
with some clients, use the NoEmptyFragments TLSOption.
- Bug 3711 - Response pool use-after-free memory corruption error.
* Fixes segfault if mod_sql_mysql and "SQLAuthenticate groupsetfast"
configuration used.
* Fixes mod_wrap syslog level (regression from Bug 3317).
* Fixes mod_ifsession segfault if regular expression patterns used in
a <VirtualHost> section.
* Display messages work properly again.
* Fixes plaintext command injection vulnerability in FTPS implementation
(i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for
details.
* Fixes CVE-2011-1137 (badly formed SSH messages cause DoS). See
http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.
* Performance improvements, especially during server startup/restarts.
* Fixed sql_prepare_where() buffer overflow.
* Fixed CPU spike when handling .ftpaccess files.
* Fixed handling of SFTP uploads when compression is used.
pksrc changes:
* Instead of patch&subst to change layout of statedir, pass it to configure
instead (and subst for manpages are fixed).
* Convert custom mod_wrap library modification to SUBST.
* Need to buildlink with security/tcp_wappers for mod_wrap.
NEWS:
1.3.3c - Released 29-Oct-2010
--------------------------------
- Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite.
- Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux.
- Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE
commands.
- Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc
functionality via proftpd.conf.
- Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc.
- Bug 3521 - Telnet IAC processing stack overflow.
1.3.3b - Released 09-Sep-2010
--------------------------------
- Bug 3481 - Problem with SFTP directory listings.
- Bug 3483 - NULL pointer dereference handling SITE command in mod_quotatab.
- Bug 3485 - Disabling IPv6 via -4 or --ipv4 command-line options does not work.
- Bug 3487 - Null pointer dereference with EPRT/EPSV/PASV/PORT command during
data transfer.
- Bug 3482 - ProFTPD corrupts utmpx log files on FreeBSD 9.0/HEAD.
- Bug 3491 - Directory pattern not matching as expected.
- Bug 3492 - Null pointer dereference during data transfer due to RNFR/RNTO.
- Bug 3494 - Null pointer dereference for IPv6-enabled proftpd when no
DefaultServer configured.
- Bug 3501 - <Anonymous> logins with "AuthAliasOnly on" still handled as
anonymous logins.
1.3.3a - Released 01-Jul-2010
--------------------------------
- Bug 3400 - Add Japanese translation.
- Bug 3401 - mod_sftp does not compile with pre-0.9.7 OpenSSL.
- Bug 3402 - mod_tls does not compile with pre-0.9.7 OpenSSL due to Bug#3349.
- Bug 3403 - File upload followed by MLSD leads to wrong file size entries in
TransferLog.
- Bug 3405 - Multiple SFTPAuthorizedUserKeys stores causes segfault on 64-bit
platforms.
- Bug 3354 - Renaming a file across mount points to a full disk does not fail
as expected.
- Bug 3408 - Use <termios.h> instead of <sys/termios.h> where possible.
- Bug 3412 - Include files not included after restart due to permissions.
- Bug 3409 - Build failure on newer FreeBSD due to utmp/utmpx system changes.
- Bug 3417 - Unsafe use of pointer when scanning config for ScoreboardFile.
- Bug 3418 - %U sometimes showing up as "(none)" in ExtendedLog.
- Bug 3421 - RewriteHome does not work properly for SFTP connections.
- Bug 3419 - SSL_shutdown() errors with openssl-0.9.8m.
- Bug 3423 - Last line of multiline DisplayLogin file improperly handled.
- Bug 3426 - mod_sftp does not log to TransferLog by default.
- Bug 3425 - Improperly constructed destination paths for SCP uploads.
- Bug 3427 - mod_sftp does not handle recursive SCP uploads properly.
- Bug 3432 - ExecBeforeCommand does not interpolate the %F/%f variables
properly.
- Bug 3434 - TraceLog contains messages even with "Trace DEFAULT:0" configured.
- Bug 3435 - Encoding/decoding conversion can cause CPU spike.
- Bug 3436 - Support build-time option to disable use of nonblocking open of
log files. Use --disable-nonblocking-log-open to get the pre-1.3.3 behavior
of opening log files.
- Bug 3437 - UseImplicitSSL TLSOption causes PBSZ/PROT commands to fail.
- Bug 3439 - Encoding fails if an NLS-enabled proftpd starts in a UTF8 locale.
- Bug 3446 - .ftpaccess ignored in some cases.
- Bug 3447 - mod_sftp can become confused during large recursive SCP uploads.
- Bug 3448 - Ensure that STAT/LSTAT/FSTAT SFTP requests do not use cached/stale
data.
- Bug 3449 - mod_sftp does not properly handle the O_TRUNC flag in a SFTP OPEN
request.
- Bug 3450 - mod_sftp does not properly handle the O_APPEND flag in a SFTP OPEN
request.
- Bug 3451 - WinSCP can't upload files using protocol version 5 with mod_sftp.
- Bug 3452 - mod_sftp does not advertise its supported SFTP extensions for
protocol version 5.
- Bug 3454 - msgfmt(1) options used for generating NLS files are not compatible
with Solaris' msgfmt.
- Bug 3456 - Problem attempting to recursively download a directory via SCP.
- Bug 3458 - mod_sftp incorrectly performs OpenSSL cleanup.
- Bug 3459 - mod_radius segfaults during incorrect login due to stale data.
- Bug 3460 - REALPATH SFTP request can cause improperly cached directory
configuration.
- Bug 3462 - ftpasswd script's --delete-user option does not work.
- Bug 3463 - ftpasswd script's --delete-group option does not work.
- Bug 3465 - SIGSEGV at LIST after CCC.
- Bug 3470 - Deferred resolution <Directory> paths not handled properly by
mod_sftp.
- Bug 3469 - ExtendedLog's %f variable not properly expanded for DELE if path
begins with tilde ('~').
- Bug 3467 - mod_ifsession does not merge <Directory> blocks properly.
- Bug 3471 - Null values in allow/deny rules causes mod_wrap2 to segfault.
- Bug 3472 - mod_sftp publickey authentication fails for large keys.
- Bug 3424 - Bad LDAP lookup can cause mod_ldap segfault under some conditions.
- Bug 3476 - LIST/NLST of path starting with "-" fails.
- Bug 3475 - Add new 'noGetgrouplist' AuthUnixOption to work around buggy
libc code.
- Bug 3474 - Using SQLite database and SQLLog directive can lead to problems
under load.
Changes since version 1.3.2:
* Added Taiwan translation.
* Added a workaround in mod_tls to deal with the vulnerability found in
SSL/TLS protocol during renegotiation (CVE-2009-3555). Good
descriptions of this vulnerability can be found here:
http://extendedsubset.com/?p=8http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
The workaround implemented in mod_tls (Bug#3324) is one of the suggested
mitigation approaches: the server now refuses all client-initiated
SSL/TLS session renegotiations.
* Bug and regression fixes.
* Added French, Bulgarian, Korean translations.
* Various bug and regression fixes.
Add an "inet6" option for enabling IPv6 support.
Add a "ban" option for enabling mod_ban.
Make the "wrap" option compile all binaries successfully.
Fix generating language catalog with older versions of msgfmt.
Changes since 1.3.1rc3
----------------------
- Bug 2944 - mod_sql_mysql fails to compile due to missing quotation.
- Bug 2946 - Anonymous logins fail if the mod_facl module is enabled.
- Bug 2947 - SIGBUS on Mac OS X when dynamically loading shared libs.
- Bug 2950 - Hostname with multiple IP addresses might cause "ai_family not
supported" error if IPv6 support enabled.
- Bug 2955 - Undeclared identifier MAP_FAILED for mod_delay on AIX.
- Bug 2958 - mod_wrap2 does not handle multiple rules in access files.
- Bug 2963 - Use of -A option for LIST/NLST commands not cleared for
subsequent commands.
- Bug 2964 - Building RPM fails because of *snprintf trying to be redefined.
This is actually caused by a particular combination of compiler flags
(-O2 and -Wp,-D_FORTIFY_SOURCE=2), which are used by the `rpmbuild'
command in some Linux releases.
- Bug 2974 - Install error if multiple modules, using their own build script,
are built as shared modules.
- Bug 2981 - Command-line long options --ipv4 and --ipv6 do not work.
- Bug 2795 - Improvements to RPM .spec file to build more of the modules, plus
better optional packaging organization.
Hello, ProFTPD community. The ProFTPD Project team is pleased to announce
that the third release candidate for ProFTPD 1.3.1 is now available
for public consumption.
The 1.3.1rc3 release includes a number of minor bugfixes, including
segfaults when handling the NLST command, dealing assigning IPv6 addresses
for the EPSV command, and better handling of Display files in chrooted
sessions.
Please read the included NEWS and ChangeLog files for the full details.
+ Fixed mod_sql's handling of WHERE clauses
+ Fixed segfaults ocurring after SIGHUP when shared modules are used
+ Fixed copying of symlinks in skeleton directory for CreateHome
The 1.3.1rc1 release includes major new features and numerous bugfixes,
including:
+ Support for UTF8 and translated response messages (NLS support)
+ New configuration directives:
DisplayChdir
DisplayFileTransfer
UseIPv6
UseUTF8
+ Deprecated configuration directives:
DisplayFirstChdir
The DisplayFirstChdir directive is deprecated; sites should use
the new DisplayChdir directive (which allows for files to
be displayed on every directory change, rather than just the
first time for a directory change).
HiddenStor
The HiddenStor directive is deprecated; simply use HiddenStores
instead.
SQLHomedirOnDemand
The SQLHomedirOnDemand directive will be removed in future
releases; use the CreateHome directive instead.
+ New modules:
mod_ban, a module handling dynamic client "black lists"
See doc/contrib/mod_ban.html
+ Enhanced modules:
The mod_tls module can now make use of cryptographic accelerator
cards with the new TLSCryptoDevice directive. It can also use
a program for obtaining certificate passphrases via the new
TLSPassPhraseProvider directive.
+ Documentation
The 1.3.0rc5 release includes a number of minor bugfixes, including a
workaround for getting proper timestamps in chrooted process logs
if glibc-2.3 is present, and a fix for daemon processes hanging when
shutting down on Mac OS X.
The 1.3.0rc4 release includes a number of minor bugfixes, including fixed
run-time detection of Unix domain sockets, portability tweaks for
Mac OSX 10.4, and logging fixes for NetBSD and Solaris.
It includes the correct buildlink3.mk file from either Linux-PAM
(security/PAM) or OpenPAM (security/openpam) and eventually will
support solaris-pam. pam.buildlink3.mk will:
* set PAMBASE to the base directory of the PAM files;
* set PAM_TYPE to the PAM implementation used.
There are two variables that can be used to tweak the selection of
the PAM implementation:
PAM_DEFAULT is a user-settable variable whose value is the default
PAM implementation to use.
PAM_ACCEPTED is a package-settable list of PAM implementations
that may be used by the package.
Modify most packages that include PAM/buildlink3.mk to include
pam.buildlink3.mk instead.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
