PaulHowarth/Blog/2019-10-13

Sunday 13th October 2019

Fedora Project

• Updated proftpd to 1.3.6a in F-29, F-30, F-31, Rawhide and EPEL-8 Playground:

  • Configure script wrongly detected AIX lastlog functions (ProFTPD Bug #4304)

  • AllowChrootSymlinks off could cause login failures depending on filesystem permissions (ProFTPD Bug #4306)

  • mod_ctrls: error: unable to bind to local socket: Address already in use (GH#501)

  • Failed to handle multiple %{env:...} variables in single word in configuration (GH#507)

  • mod_sftp failed to check shadow password information when publickey authentication used (ProFTPD Bug #4308)

  • Use of "AllowEmptyPasswords off" broke SFTP/SCP logins (ProFTPD Bug #4309)

  • Use of mod_facl as static module caused ProFTPD to die on SIGHUP/restart (ProFTPD Bug #4310)

  • Use of curve25519-sha256@libssh.org SSH2 key exchange sometimes failed (GH#556)

  • Close extra file descriptors at startup (ProFTPD Bug #4312)

  • <Anonymous> with AuthAliasOnly in effect did not work as expected (ProFTPD Bug #4314)

  • CreateHome NoRootPrivs only worked partially (GH#568)

  • SFTP OPEN response included attribute flags that are not actually provided (GH#578)

  • Truncation of file while being downloaded with sendfile enabled caused timeouts due to infinite loop (ProFTPD Bug #4318)

  • FTP uploads frequently broke due to "Interrupted system call" error (ProFTPD Bug #4319)

  • Site-to-site transfers over TLS failed (GH#618)

  • Can't see symlinks using any FTP client when using MLSD (ProFTPD Bug #4322)

  • mod_tls 1.3.6 failed to compile using OpenSSL 0.9.8e (ProFTPD Bug #4325)

  • Using MaxClientsPerHost 1 in <Anonymous> section denied logins (ProFTPD Bug #4326)

  • SQLNamedConnectInfo with different backend database did not work properly (GH#642)

  • Segfault with mod_sftp+mod_sftp_pam after successful authentication using keyboard-interactive method (GH#656)

  • autoconf always failed to detect support for FIPS (GH#660)

  • SFTP connections failed when using "arcfour256" cipher (GH#663)

  • mod_auth_otp failed to build with OpenSSL 1.1.x (ProFTPD Bug #4335)

  • scp broken on FreeBSD 11 (ProFTPD Bug #4341)

  • Update mod_sftp to handle changed APIs in OpenSSL 1.1.x releases (GH#674)

  • Infinite loop possible in mod_sftp's set_sftphostkey() function (ProFTPD Bug #4356)

  • Some ASCII text files corrupted when downloading (ProFTPD Bug #4352)

  • Properly use the --includedir, --libdir configure variables in the generated proftpd.pc pkgconfig file (GH#797)

  • Reading invalid SSH key from database resulted in unexpected/unlogged disconnect failures (ProFTPD Bug #4350)

  • Symlink navigation broken after 1.3.6 update (ProFTPD Bug #4332)

  • Unable to connect to ProFTPD using TLSSessionTickets and TLSv1.3 (GH#795)

  • SITE CPFR/CPTO did not honour <Limit> configurations (CVE-2019-12815, ProFTPD Bug #4372)

  • Using "TLSProtocol SSLv23" did not enable all protocol versions (GH#807)

• Cleaned up and rebuilt perl-Class-Load (0.25) in Rawhide

• Cleaned up and rebuilt perl-Test-MockObject (1.20180705) in Rawhide

• Cleaned up and rebuilt perl-UNIVERSAL-can (1.20140328) in Rawhide

Local Packages

• Updated libxslt (1.1.33):

  • Do not build python bindings even if the python is available

  • Fix CVE-2019-13117 (Bug #1728547)

  • Fix CVE-2019-13118 (Bug #1728542)

• Updated proftpd to 1.3.6a as per the Fedora version