Sunday 13th October 2019
Fedora Project
Updated proftpd to 1.3.6a in F-29, F-30, F-31, Rawhide and EPEL-8 Playground:
Configure script wrongly detected AIX lastlog functions (ProFTPD Bug #4304)
AllowChrootSymlinks off could cause login failures depending on filesystem permissions (ProFTPD Bug #4306)
mod_ctrls: error: unable to bind to local socket: Address already in use (GH#501)
Failed to handle multiple %{env:...} variables in single word in configuration (GH#507)
mod_sftp failed to check shadow password information when publickey authentication used (ProFTPD Bug #4308)
Use of "AllowEmptyPasswords off" broke SFTP/SCP logins (ProFTPD Bug #4309)
Use of mod_facl as static module caused ProFTPD to die on SIGHUP/restart (ProFTPD Bug #4310)
Use of curve25519-sha256@libssh.org SSH2 key exchange sometimes failed (GH#556)
Close extra file descriptors at startup (ProFTPD Bug #4312)
<Anonymous> with AuthAliasOnly in effect did not work as expected (ProFTPD Bug #4314)
CreateHome NoRootPrivs only worked partially (GH#568)
SFTP OPEN response included attribute flags that are not actually provided (GH#578)
Truncation of file while being downloaded with sendfile enabled caused timeouts due to infinite loop (ProFTPD Bug #4318)
FTP uploads frequently broke due to "Interrupted system call" error (ProFTPD Bug #4319)
Site-to-site transfers over TLS failed (GH#618)
Can't see symlinks using any FTP client when using MLSD (ProFTPD Bug #4322)
mod_tls 1.3.6 failed to compile using OpenSSL 0.9.8e (ProFTPD Bug #4325)
Using MaxClientsPerHost 1 in <Anonymous> section denied logins (ProFTPD Bug #4326)
SQLNamedConnectInfo with different backend database did not work properly (GH#642)
Segfault with mod_sftp+mod_sftp_pam after successful authentication using keyboard-interactive method (GH#656)
autoconf always failed to detect support for FIPS (GH#660)
SFTP connections failed when using "arcfour256" cipher (GH#663)
mod_auth_otp failed to build with OpenSSL 1.1.x (ProFTPD Bug #4335)
scp broken on FreeBSD 11 (ProFTPD Bug #4341)
Update mod_sftp to handle changed APIs in OpenSSL 1.1.x releases (GH#674)
Infinite loop possible in mod_sftp's set_sftphostkey() function (ProFTPD Bug #4356)
Some ASCII text files corrupted when downloading (ProFTPD Bug #4352)
Properly use the --includedir, --libdir configure variables in the generated proftpd.pc pkgconfig file (GH#797)
Reading invalid SSH key from database resulted in unexpected/unlogged disconnect failures (ProFTPD Bug #4350)
Symlink navigation broken after 1.3.6 update (ProFTPD Bug #4332)
Unable to connect to ProFTPD using TLSSessionTickets and TLSv1.3 (GH#795)
SITE CPFR/CPTO did not honour <Limit> configurations (CVE-2019-12815, ProFTPD Bug #4372)
Using "TLSProtocol SSLv23" did not enable all protocol versions (GH#807)
Cleaned up and rebuilt perl-Class-Load (0.25) in Rawhide
Cleaned up and rebuilt perl-Test-MockObject (1.20180705) in Rawhide
Cleaned up and rebuilt perl-UNIVERSAL-can (1.20140328) in Rawhide
Local Packages
Updated libxslt (1.1.33):
- Do not build python bindings even if the python is available
Fix CVE-2019-13117 (Bug #1728547)
Fix CVE-2019-13118 (Bug #1728542)
Updated proftpd to 1.3.6a as per the Fedora version