ALT Linux repos
S: | 1.3.8-alt0.2.ga3489a6c8 |
5.0: | 1.3.2rel-alt0.M50.1 |
4.1: | 1.3.2rel-alt0.M41.1 |
4.0: | 1.3.0rel-alt2 |
3.0: | 1.3.0rc1-alt2 |
Group :: System/Servers
RPM: proftpd
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
21 september 2023 L.A. Kostis <lakostis at altlinux.ru> 1.3.8-alt0.2.ga3489a6c8
- enable mod_ident and make trigger with warning if unsupported
configuration detected (closes #47656). - adjust default configuration for IdentLookups changes.
- v1.3.8-31-ga3489a6c8.
- BR: postgresql-devel->libpq-devel.
- fix FTBFS: don't pass runstatedir to configure.
- 1.3.7f release.
- 1.3.7e release.
- refresh tests knob.
- 1.3.7d release.
- 1.3.7c release.
- .spec:
+ Remove obsoleted patches.
+ Use subst for sql_mysql and regexp.
+ Fix License tag.
+ Add libsodium-devel to support Argon2 hash. - Remove Packager tag.
- Applied security fixes from upstream (Fixes: CVE-2020-9272, CVE-2020-9273).
- Built with system libcap.
- Applied security fixes from upstream (Fixes: CVE-2019-18217, CVE-2019-19269, CVE-2019-19270).
- Updated changelog records for vulnerability policy compatibility.
- replace /var/run -> /run, /var/lock -> /run/lock
- create tmpfiles config (Closes: 37187)
- change localstatedir=/var/lib/proftpd instead /var/run/proftpd
- Updated to 1.3.6-ga73dbfe3b.
- Fix mod_copy bug #4372 (Ensure that mod_copy checks for <Limits> for its SITE
CPFR) (Fixes: CVE-2019-12815) (closes #37056). - Updated mod_sql_postgres patch.
- Updated -pcre patch.
- Fix FTBFS against libmysqlclient21
- Rebuild without libwrap.
- 1.3.5e release:
+ Backported fix for "AllowChrootSymlinks off" checking each component
for symlinks (Fixes: CVE-2017-7418). - minor .spec cleanup.
- Rebuild with new libmemcached 1.0.18
- 1.3.5a release.
- Increased rlimit to 64M for xinetd.
- .spec fixes.
- Updated to 1.3.5-a31d0ab GIT fixing CVEs.
- Fixes:
+ CVE-2013-4359 - Include the fix for Bug 4169 (Unauthenticated copying of files
via SITE CPFR/CPTO allowed by mod_copy). - Configuration changes:
+ enabled pcre support;
+ enabled memcache support (mod_tls_memcache is using it).
- NMU: rebuilt with libmysqlclient.so.18.
- 1.3.4rc2
- 1.3.3c stable release (closes: #24471)
- 1.3.3 stable release
- add mod_sql_passwd
- raise rlimit_as (closes: #23208)
- 1.3.3rc3
- 1.3.3rc2
- fix initscript with new pidfile location (Closes: #21910)
- rebuild mod_ldap with libldap v2.4
- 1.3.3rc1
- build shared modules: mod_sftp, mod_sql_sqlite, mod_load, mod_ban,
mod_dynmasq and others - enable LangEngine in default config
- add patch alt-pkgconfig-prefix that prevents unnesessary prefix adding to
pkgconfigdir. - remove patches:
+ proftpd-typo-prxs (applied in upstream)
- stable release
+ fixed encoding-dependent SQL injection vulnerability
- 1.3.2rc4
- remove O_CREATE patch (applied in upstream)
- build new version.
- fix build (open with O_CREAT)
- change packager
- package locale files for mod_lang.c
- comment AuthPAMConfig in default config
- change AuthPAMConfig value to 'proftpd'
- change session string to pam_tcb.so in pam config
- 1.3.2rc2
- merged lakostis@ changes
- rollback -ltdl patch (again).
- build new version
- removed patches (merged upstream):
- ctrls-restart
- deb-SA23141
- deb-CORE-2006-1127
- deb-auth_fix
- deb-auth_loop
- deb-auth_cache (http://secunia.com/advisories/24867)
- removed HAVE_OPENSSL flag (pass --enable-openssl to configure script)
- built with --enable-nls (mod_lang)
- introduced devel subpackage (pkgconfig file included)
- use system libltdl from now on
- disabled iconv patch due to mod_lang features (doc/modules/mod_lang.html)
- added control facility (not depend from main package and requires
independent install)
- 1.3.0a stable release.
- rollback alt-ltdl patch (use alternate variant).
- don't delete *.la files (due lt_dlopenext breakage in this case).
- remove previous CVE-2006-5815 fixes, use variant from Debian.
- change packager.
- cleanup obsoleted Conflicts.
- change pam service name to more appropriate.
- Add a bunch of Debian patches:
- proftpd-deb-core_create-home.patch: to support script exec on home creation.
- proftpd-1.3.0-deb-cve_2006_5815.patch: See
http://bugs.proftpd.org/show_bug.cgi?id=2858 for details. - proftpd-1.3.0-deb-SA22803.patch: security bug Secunia SA22803 advisory
(sreplace() abuse). - proftpd-1.3.0-deb-SA23141.patch: Secunia SA23141 advisory (mod_tls abuse).
- proftpd-1.3.0-deb-CORE-2006-1127.patch: ProFTPD Controls Buffer Overflow,
locally exploitable. This is fixed in 1.3.1. - proftpd-1.3.0-deb-auth-fix.patch: auth_fix (fixes taken from 1.3.1rc1).
(cfr http://bugs.proftpd.org/show_bug.cgi?id=2721) - proftpd-1.3.0-deb-auth-loop.patch: avoid endless loop in auth modules.
- proftpd-1.3.0-deb-auth-cache.patch: See
http://bugs.proftpd.org/show_bug.cgi?id=2922 (ALT #11558).
- Fixed postgresql build dependencies.
- Rebuilt due to libpq.so.4 -> libpq.so.5 soname change.
- Rebuilt due to libcrypto.so.4 -> libcrypto.so.6 soname change.
- fix null reference in CVE-2006-5815 patch made by upstream.
- Fixes:
+ CVE-2006-5815 "CommandBufferSize" Directive Remote Code Execution Vulnerability
- fix %setup.
- NMU;
- Change versioning due rpmvercmp complaints.
- NMU;
- 1.3.0;
- use system libltdl;
- update -conf patch for DSO changes (fixes #9825);
- add ctrls-restart.patch;
- use autoconf due changed configure.in.
- Rebuilt with libldap-2.3.so.0.
- Rebuilt for new style PAM dependencies generated by rpm-build-4.0.4-alt55.
- 1.3.0rc3
- 1.3.0rc2
- rebuild with libpq4-devel
- 1.3.10rc1
- add local <-> remote charset conversion patch
- Multi package creation.
- rebuild with glibc-2.3
- 1.2.10rc1
- 1.2.9 release
- 1.2.9rc3
- security fix
- fix wrong prereq.
- 1.2.9rc2
- 1.2.9rc1
- Rewritten start/stop script to new rc scheme.
- 1.2.8 release
- fix logrotate config.
- 1.2.8rc1
- rebuild with libwrap
- 1.2.7rc2
- 1.2.7rc1
- 1.2.6 release
- 1.2.6rc2
- 1.2.5rc3
- 1.2.5rc2
- Re-enable sendfile.
- apply patch from CVS to fix bug with users being unable to overwrite files
they have permission to (patch #7) - remove --enable-sendfile from configure
- 1.2.5rc1.
- mod_wrap 1.2.3.
- fix pam configuration.
- Fixed glob problem.
- Updated pam configuration (needs checking).
- 1.2.4
- 1.2.3
- Enable AllowStoreRestart so FTP resume works.
- Added "rlimit_as = 16M" to xinetd config.
- Fixed %post/%preun scripts.
- 1.2.2.
- added LDAP support v2.7.6
- added LDAP configuration directives to proftpd.conf
- patched makefile to compile mod_ldap
- 1.2.2rc2
- 1.2.2rc1
- fix configs to use nobody.nobody not nobody.nogroup to run as nogroup
seems to no longer exist
- fix workaround for ls bug
- Don't enable Anonymous login by default.
- URL change from .net -> .org
- remove chkconfig entry
- 1.2.1
- fix xinetd config
- 1.2.0 final version
- 1.2.0rc3: security update
- fix PASV mode bug
- fix proftpd.init
- rebuild for RE
- fix the anonymous login in proftpd configuration files.
- really fix inetd problem. We remnove it from /etc/inetd.conf, and let it
run instandalone mode which seems to work quite fine ...
- really add the xinetd entry.
- include the chkconfig entry, but don't run chkconfig by default.
- add an xinetd entry.
- re-add the inetd.conf entry ...
- rebuild for the Big Move (tm) and hope that I don't break anything.
- remove inetd.conf entry (again, hoping that I don't break anything.)
- use of _initrddir.
- quick and ugly hack to fix wu-ftpd breakage when proftpd is uninstalled.
- change the description as the AUTH patch is no longer here.
- new version
- remove the packager tag (vincentscks)
- rebuild for directory changes
- add directory /var/log/proftpd
- add home directory /home/ftp
- add conflicts with anonftp
- fix so can install as nonroot
- add --enable-autoshadow to configure
- 1.2.0rc1
- macroization
- remove directory /home/ftp since we don't need it
- merge with .spec file from Geoffrey Lee <snailtalk@linux-mandrake.com>:
- add logrotate entry
- add symlinks to in.proftpd and in.ftpd
- on uninstall, run /etc/rc.d/init.d/proftpd stop prior to uninstall
- compile with mod_pam support
- add Conflicts: wu-ftpd, ncftpd, beroftpd
- build for Mandrake
- bzip sources
- bzip manpages
- remove multi-package creation. one package does all... updates
/etc/inetd.conf but defaults to standalone server type
- Multi package creation.
Created core, standalone, inetd (&doc) package creations.
Added startup script for init.d
Need to make the "standalone & inetd" packages being created as "noarch" - Added URL.
- Added prefix to make the package relocatable.
- Corrected inetd.conf line addition/change logic.
- Initial import of spec.