Version: 1.3.6b-bp150.3.6.1
* Sat Dec 28 2019 chris@computersalat.de
- fix changes file
* add missing info about boo#1155834
* add missing info about boo#1154600
- fix for boo#1156210
* GeoIP has been discontinued by Maxmind
* remove module build for geoip
see https://support.maxmind.com/geolite-legacy-discontinuation-notice/
- fix for boo#1157803 (CVE-2019-19269), boo#1157798 (CVE-2019-19270)
* add upstream patch proftpd-tls-crls-issue859.patch
* Sun Nov 03 2019 chris@computersalat.de
- fix for boo#1154600 (CVE-2019-18217, gh#846)
- update to 1.3.6b
* Fixed pre-authentication remote denial-of-service issue (Issue #846).
* Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824).
- update to 1.3.6a
* Fixed symlink navigation (Bug#4332).
* Fixed building of mod_sftp using OpenSSL 1.1.x releases (Issue#674).
* Fixed SITE COPY honoring of <Limit> restrictions (Bug#4372).
* Fixed segfault on login when using mod_sftp + mod_sftp_pam (Issue#656).
* Fixed restarts when using mod_facl as a static module
- remove obsolete proftpd-CVE-2019-12815.patch
* included in 1.3.6a (Bug#4372)
- add proftpd_env-script-interpreter.patch
* RPMLINT fix for env-script-interpreter (Badness: 9)
* Sat Nov 02 2019 Martin Hauke <mardnh@gmx.de>
- fix for boo#1155834
* Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed
* Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed
* Wed Oct 02 2019 Bernhard Wiedemann <bwiedemann@suse.com>
- Update proftpd-dist.patch to use pam_keyinit.so (boo#1144056)
* Mon Jul 01 2019 chris@computersalat.de
- update changes file
* add missing info about bugzilla 1113041
* Tue Mar 26 2019 Jan Engelhardt <jengelh@inai.de>
- Fix the Factory build: select the appropriate OpenSSL version
to build with. (fix for boo#1113041)
* Wed Mar 20 2019 Jan Engelhardt <jengelh@inai.de>
- Reduce hard dependency on systemd to only that which is
necessary for building and installation.
- Modernize RPM macro use (%make_install, %tmpfiles_create).
- Strip emphasis from description and trim other platform mentions.
* Wed Jul 11 2018 chris@computersalat.de
- update to 1.3.6
* Support for using Redis for caching, logging; see the doc/howto/Redis.html
documentation.
* Fixed mod_sql_postgres SSL support (Issue #415).
* Support building against LibreSSL instead of OpenSSL (Issue #361).
* Better support on AIX for login restraictions (Bug #4285).
* TimeoutLogin (and other timeouts) were not working properly for SFTP
connections (Bug#4299).
* Handling of the SIGILL and SIGINT signals, by the daemon process, now causes
the child processes to be terminated as well (Issue #461).
* RPM .spec file naming changed to conform to Fedora guidelines.
* Fix for "AllowChrootSymlinks off" checking each component for symlinks
(CVE-2017-7418).
- New Modules:
* mod_redis, mod_tls_redis, mod_wrap2_redis
With Redis now supported as a caching mechanism, similar to Memcache,
there are now Redis-using modules: mod_redis (for configuring the Redis
connection information), mod_tls_redis (for caching SSL sessions and
OCSP information using Redis), and mod_wrap2_redis (for using ACLs stored
in Redis).
- Changed Modules:
* mod_ban
The mod_ban module's BanCache directive can now use Redis-based caching;
see doc/contrib/mod_ban.html#BanCache.
- New Configuration Directives
* SQLPasswordArgon2, SQLPasswordScrypt
The key lengths for Argon2 and Scrypt-based passwords are now configurable
via these new directives; previously, the key length had been hardcoded
to be 32 bytes, which is not interoperable with all other implementations
(Issue #454).
- Changed Configuration Directives
* AllowChrootSymlinks
When "AllowChrootSymlinks off" was used, only the last portion of the
DefaultRoot path would be checked to see if it was a symlink. Now,
each component of the DefaultRoot path will be checked to see if it is
a symlink when "AllowChrootSymlinks off" is used.
* Include
The Include directive can now be used within a <Limit> section, e.g.:
<Limit LOGIN>
Include /path/to/allowed.txt
DenyAll
</Limit>
- API Changes
* A new JSON API has been added, for use by third-party modules.
- remove obsolete proftpd_include-in-limit-section.patch
- rebase patches
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
* Sun May 08 2016 jengelh@inai.de
- Remove redundant spec sections
- Ensure systemd-tmpfiles is called for the provied config file
Version: 1.3.5d-bp150.2.3
* Fri Jul 21 2017 bwiedemann@suse.com
- Sort SHARED_MODS list to fix build compare (boo#1041090)
* Fri Jun 16 2017 nmoudra@suse.com
- Removed xinetd service
* Fri Apr 07 2017 chris@computersalat.de
- fix for boo#1032443 (CVE-2017-7418)
* AllowChrootSymlinks not enforced by replacing a path component
with a symbolic link
* add upstream commit (ecff21e0d0e84f35c299ef91d7fda088e516d4ed)
as proftpd-AllowChrootSymlinks.patch
- fix proftpd-tls.template
* reduce TLS protocols to TLSv1.1 and TLSv1.2
* disable TLSCACertificateFile
* add TLSCertificateChainFile
* Thu Mar 23 2017 jengelh@inai.de
- Remove --with-pic, there are no static libs.
- Replace %__-type macro indirections.
- Replace old $RPM shell vars by macros.
* Mon Mar 06 2017 chris@computersalat.de
- fix and update proftpd-basic.conf.patch
- add some sample config and templates for tls
* proftpd-tls.template
* proftpd-limit.conf
* proftpd-ssl.README
* Sun Feb 05 2017 chris@computersalat.de
- backport upstream feature
* include-in-limit-section (gh#410)
* add proftpd_include-in-limit-section.patch
* Tue Jan 17 2017 chris@computersalat.de
- update to 1.3.5d
* gh#4283 - All FTP logins treated as anonymous logins again. This is a
regression of gh#3307.
* Sun Jan 15 2017 chris@computersalat.de
- update to 1.3.5c
* SSH rekey during authentication can cause issues with clients.
* Recursive SCP uploads of multiple directories not handled properly.
* LIST returns different results for file, depending on path syntax.
* "AuthAliasOnly on" in server config breaks anonymous logins.
* CapabilitiesEngine directive not honored for <IfUser>/<IfGroup>
sections.
* Support OpenSSL 1.1.x API.
* Memory leak when mod_facl is used.
-rebase proftpd-no_BuildDate.patch
* Sat Aug 27 2016 chris@computersalat.de
- fix systemd vs SysVinit
* Sun May 08 2016 jengelh@inai.de
- Remove redundant spec sections
- Ensure systemd-tmpfiles is called for the provied config file
* Sun May 08 2016 chris@computersalat.de
- fix for boo#970890 (CVE-2016-3125)
- update to 1.3.5b:
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b
* SSH RSA hostkeys smaller than 2048 bits now work properly.
* MLSD response lines are now properly CRLF terminated.
* Fixed selection of DH groups from TLSDHParamFile.
- rebase proftpd-no_BuildDate.patch
* Sun May 31 2015 chris@computersalat.de
- fix for boo#927290 (CVE-2015-3306)
- update to 1.3.5a:
See http://www.proftpd.org/docs/NEWS-1.3.5a
- rebase patches
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
- remove gpg-offline dependency
- fix permissions on passwd file
* unable to use world-readable AuthUserFile '.../passwd' (perms 0644):
* 0644 -> 0440
* Mon Sep 01 2014 andreas.stieger@gmx.de
- ProFTPD 1.3.5
* Added support for SHA-256, SHA-512 password hashes to the ftpasswd tool
* New Modules
mod_geoip, mod_log_forensic, mod_rlimit, mod_snmp, mod_dnsbl
* mod_sftp now supports ECC, ECDSA, ECDH
* Improved FIPS support in mod_sftp.
* mod_sftp module now honors the MaxStoreFileSize directive.
* Many new and changed configuration directives
- update proftpd-no_BuildDate.patch
* Mon Sep 01 2014 andreas.stieger@gmx.de
- proftpd 1.3.4e:
Multiple other backported fix from the 1.3.5 branch.
See http://www.proftpd.org/docs/NEWS-1.3.4e
- The fix for the mod_sftp/mod_sftp_pam memory allocation
(CVE-2013-4359) contained in this release was previously patched
into the package.
- adjust proftpd-no_BuildDate.patch for context changes
- remove proftpd-sftp-kbdint-max-responses-bug3973.patch, upstream
* Tue Mar 25 2014 crrodriguez@opensuse.org
- Remove tcpd-devel from buildRequires and mod_wrap.
support for tcp_wrappers style /etc/hosts.* is provided
by mod_wrap2_file instead, the latter does not require tcpd.
* Mon Mar 17 2014 chris@computersalat.de
- fix for bnc#844183
* proftpd fails to start due to missing /run/proftpd
- add own tmpfiles.d file
* proftpd.tmpfile
* Thu Oct 03 2013 chris@computersalat.de
- update to 1.3.4d
* Fixed broken build when using --disable-ipv6 configure option
* Fixed mod_sql "SQLAuthType Backend" MySQL issues
- fix for bnc#843444 (CVE-2013-4359)
* http://bugs.proftpd.org/show_bug.cgi?id=3973
* add proftpd-sftp-kbdint-max-responses-bug3973.patch
* Mon Jul 29 2013 crrodriguez@opensuse.org
- Improve systemd service file
- use upstream tmpfiles.d file. related to [bnc#811793]
- Use /run instead of /var/run
* Wed May 01 2013 chris@computersalat.de
- update to 1.3.4c
* Added Spanish translation.
* Fixed several mod_sftp issues, including SFTPPassPhraseProvider,
handling of symlinks for REALPATH requests, and response code logging.
* Fixed symlink race for creating directories when UserOwner is in effect.
* Increased performance of FTP directory listings.
- rebase and rename patches (remove version string)
* proftpd-1.3.4a-dist.patch -> proftpd-dist.patch
* proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch
* proftpd-1.3.4a-strip.patch -> proftpd-strip.patch
* Fri Feb 08 2013 chris@computersalat.de
- fix proftpd.conf (rebase basic.conf patch)
* IdentLookups is now a seperate module
<IfModule mod_ident.c> IdentLookups on/off </IfModule>
is needed and module is not built cause crrodriguez disabled it.