-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-11666 2009-11-18 13:32:33 --------------------------------------------------------------------------------
Name : proftpd Product : Fedora 10 Version : 1.3.2b Release : 1.fc10 URL : http://www.proftpd.org/ Summary : Flexible, stable and highly-configurable FTP server Description : ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This package defaults to the standalone behaviour of ProFTPD, but all the needed scripts to have it run by xinetd instead are included. -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2009-3639, in which proftpd's mod_tls, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate. This allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority. This update to upstream release 1.3.2b also fixes the following issues recorded in the proftpd bug tracker at bugs.proftpd.org: - Regression causing command-line define options not to work (bug 3221) - Use correct cached user values with "SQLNegativeCache on" (bug 3282) - Slower transfers of multiple small files (bug 3284) - Support MaxTransfersPerHost, MaxTransfersPerUser properly (bug 3287) - Handle symlinks to directories with trailing slashes properly (bug 3297) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 21 2009 Paul Howarth <p...@city-fan.org> 1.3.2b-1 - Update to 1.3.2b - Fixed regression causing command-line define options not to work (bug 3221) - Fixed SSL/TLS cert subjectAltName verification (bug 3275, CVE-2009-3639) - Use correct cached user values with "SQLNegativeCache on" (bug 3282) - Fix slower transfers of multiple small files (bug 3284) - Support MaxTransfersPerHost, MaxTransfersPerUser properly (bug 3287) - Handle symlinks to directories with trailing slashes properly (bug 3297) - Drop upstreamed defines patch (bug 3221) * Thu Sep 17 2009 Paul Howarth <p...@city-fan.org> 1.3.2a-7 - Restore backward SRPM compatibility broken by previous change * Wed Sep 16 2009 Tomas Mraz <tm...@redhat.com> 1.3.2a-6 - Use password-auth common PAM configuration instead of system-auth * Mon Sep 7 2009 Paul Howarth <p...@city-fan.org> 1.3.2a-5 - Add upstream patch for MLSD with dirnames containing glob chars (#521634) * Wed Sep 2 2009 Paul Howarth <p...@city-fan.org> 1.3.2a-4 - New DSO module: mod_exec (#520214) * Fri Aug 21 2009 Tomas Mraz <tm...@redhat.com> 1.3.2a-3.1 - Rebuilt with new openssl * Wed Aug 19 2009 Paul Howarth <p...@city-fan.org> 1.3.2a-3 - Use mod_vroot to work around PAM/chroot issues (#477120, #506735) * Fri Jul 31 2009 Paul Howarth <p...@city-fan.org> 1.3.2a-2 - Add upstream patch to fix parallel build (http://bugs.proftpd.org/3189) * Mon Jul 27 2009 Paul Howarth <p...@city-fan.org> 1.3.2a-1 - Update to 1.3.2a - Add patch to reinstate support for -DPARAMETER (http://bugs.proftpd.org/3221) - Retain CAP_AUDIT_WRITE, needed for pam_loginuid (#506735, fixed upstream) - Remove ScoreboardFile directive from configuration file - default value works better with SELinux (#498375) - Ship mod_quotatab_sql.so in the main package rather than the SQL backend subpackages - New DSO modules: - mod_ctrls_admin - mod_facl - mod_load - mod_quotatab_radius - mod_radius - mod_ratio - mod_rewrite - mod_site_misc - mod_wrap2 - mod_wrap2_file - mod_wrap2_sql - Enable mod_lang/nls support for RFC 2640 (and buildreq gettext) - Add /etc/sysconfig/proftpd to set PROFTPD_OPTIONS and update initscript to use this value so we can use a define to enable (e.g.) anonymous FTP support rather than having a huge commented-out section in the config file - Rewrite config file to remove most settings that don't change upstream defaults, and add brief descriptions for all available loadable modules - Move Umask and IdentLookups settings from server config to <Global> context so that they apply to all servers, including virtual hosts (#509251) - Ensure mod_ifsession is always the last one specified, which makes sure that mod_ifsession's changes are seen properly by other modules - Drop pam version requirement - all targets have sufficiently recent version - Drop redundant explicit dependency on pam - Subpackages don't need to own %{_libexecdir}/proftpd directory - Drop redundant krb5-devel buildreq - Make SRPM back-compatible with EPEL-4 (TLS cert dirs, PAM config) - Don't include README files for non-Linux platforms - Recode ChangeLog as UTF-8 - Don't ship the prxs tool for building custom DSO's since we don't ship the headers either - Prevent stripping of binaries in a slightly more robust way - Fix release tag to be ready for future beta/rc versions - Define RPM macros in global scope - BuildRequire libcap-devel so that we use the system library rather than the bundled one, and eliminate log messages like: kernel: warning: `proftpd' uses 32-bit capabilities (legacy support in use) * Sun Jul 26 2009 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 1.3.2-3.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Thu Apr 9 2009 Matthias Saou <http://freshrpms.net/> 1.3.2-2.1 - Update the tcp_wrappers BR to be just /usr/include/tcpd.h instead. * Thu Apr 9 2009 Matthias Saou <http://freshrpms.net/> 1.3.2-2 - Fix tcp_wrappers-devel BR conditional. * Mon Apr 6 2009 Matthias Saou <http://freshrpms.net/> 1.3.2-1 - Update to 1.3.2. - Include mod_wrap (#479813). - Tried to include mod_wrap2* modules but build failed. * Thu Feb 26 2009 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Sat Jan 24 2009 Caolán McNamara 1.3.2-0.3.rc3 - Rebuild for dependencies * Fri Jan 2 2009 Matthias Saou <http://freshrpms.net/> 1.3.2-0.2.rc3 - Update default configuration to have a lit of available modules and more example configuration for them. * Mon Dec 22 2008 Matthias Saou <http://freshrpms.net/> 1.3.2-0.1.rc3 - Update to 1.3.2rc3 (fixes security issue #464127) - Exclude new pkgconfig file, as we already exclude header files (if someone ever needs to rebuild something against this proftpd, just ask and I'll split out a devel package... but it seems pretty useless currently). - Remove no longer needed find-umode_t patch. -------------------------------------------------------------------------------- References: [ 1 ] Bug #530719 - CVE-2009-3639 ProFTPD: Doesn't properly handle NULL character in subjectAltName https://bugzilla.redhat.com/show_bug.cgi?id=530719 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update proftpd' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce