ELBA-2024-20128
- ULN >
- Oracle Linux Errata repository >
- ELBA-2024-20128
ELBA-2024-20128 - proftpd Bug Fix update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2024-04-09 |
Description
[1.3.8b-3]
- Add 'proxy' sub-package with unbundled mod_proxy (rhbz#2272051)
- Update fsio.c: if mkdir fails with EEXIST, also clear the cache (GH#1677)
[1.3.8b-2]
- Use libsodium to provide ed25519 key support for mod_sftp (#2256340)
- Update logrotate snippet to use try-reload-or-restart rather than reload
for distributions with systemd 229 or later (PR#3)
[1.3.8b-1]
- Update to 1.3.8b
- Compiling ProFTPD 1.3.8a mod_sftp, mod_tls using libressl 3.7.3 failed
(GH#1735)
- Build system failed for specific module names (GH#1756)
- 'Terrapin' Prefix Truncation Attacks in SSH Specification affected mod_sftp
(CVE-2023-48795, GH#1760)
[1.3.8a-1]
- Update to 1.3.8a
- Fix mod_sftp failure to handle SFTP requests to truncate files to zero size
(GH#1581)
- Fix mod_sftp improperly handling SFTP WRITE requests for files opened for
appending (GH#1584)
- Build-time detection of Linux POSIX ACL support was broken since 1.3.8rc2
(GH#1568)
- Fix failure to load mod_rewrite as a dynamic module due to
incomplete/missing library linker flags (GH#1590)
-
(GH#1597)
- ExtendedLog SSH, SFTP classes not working as expected (GH#1617)
- Fix mod_sftp not handling multiple concurrent open file handles/transfers
well for logging (GH#1646)
- 'TLSRequired off' plus Protocols directive caused mod_tls to terminate the
session abruptly (GH#1679)
- Fix mod_tls failure to compile against OpenSSL 3.0.8 due to missing
ENGINE_METHOD_ flags (GH#1689)
- Unknown named connection error when using different SQL backends (GH#1659)
- Fix mod_sql not properly closing all named backend connections on session
exit (GH#1697)
- SSH key exchanges failed unexpectedly with 'unable to write X bytes of raw
data' errors due to small ProFTPD buffer (GH#1694)
- Fix high session memory usage caused by SFTP outgoing data buffering
(GH#1678)
- Out-of-bounds buffer read when handling FTP commands (GH#1683,
CVE-2023-51713)
- SFTP algorithm settings in
[1.3.8-4]
- Ensure mod_rewrite is linked against libidn2 so that it loads properly
(rhbz#2166454, https://github.com/proftpd/proftpd/issues/1590)
- No longer need to explicitly remove libtool archives from Fedora 36 onwards
[1.3.8-3]
- Add PCRE2 support (rhbz#2158885)
[1.3.8-1]
- Update to 1.3.8
- 1.3.8rc4 failed to build mod_sftp with OpenSSL 1.1.0 due to X448 check
(GH#1488)
- 1.3.8rc4 failed to build on Solaris due to missing type declarations
(GH#1494)
- mod_ifsession doesn't change the effect of SFTPMaxChannels (GH#1500)
- mod_tls module unexpectedly allows TLS handshake after authentication in
some configurations (GH#1533)
- Disable FSCachePolicy by default (GH#1528)
- Avoid logging 'session closed' messages unless there is a corresponding
'session opened' log message, to avoid user confusion (GH#1539)
- Implement support for the CSID FTP command (GH#1550)
- Unable to verify signed data: signature type 'rsa-sha2-512' does not match
publickey algorithm 'ssh-rsa' (Bug #4491)
- mod_auth_otp improperly allows keyboard-interactive logins for users
lacking OTP entries (GH#1560)
- Update mod_vroot to 0.9.11
- Addresses a bad interaction with mod_auth_file, and failed login attempts,
which can lead to inexplicably 'stuck' processes that cannot be terminated
(https://github.com/proftpd/proftpd/issues/1384)
- Use SPDX-format license tag
[1.3.8-0.4.rc4]
- Update mod_vroot to 0.9.10
- Fix unexpected filtering behaviour with mod_vroot (#2104972, GH#1491)
[1.3.8-0.3.rc4]
- Update to 1.3.8rc4
- mod_sftp should fail on startup when SFTP and TLS are both enabled for a
vhost (GH#1434)
- DelayTable not properly using documented default value; this is a
regression caused by the changes for Bug#4020 (GH#1440)
- Support customizing SSH ciphers, digests, key exchanges via SFTPClientMatch
(GH#1444)
- Ensure that mod_sftp algorithms work properly with OpenSSL 3.x (GH#1448)
- BanOnEvent BadProtocol triggers segfault (GH#1445)
- SFTP 'check-file' implementation computes incorrect results (GH#1439)
- Implement SFTPHostKeys directive for configuring the SSH host key
algorithms (GH#1457)
- Implement the 'curve448-sha512' SSH key exchange algorithm (GH#1437)
- Include directive broken when using wildcards for directory components
(GH#1472)
- mod_sftp fails to build using OpenSSL 1.0.x: undefined reference to
'EVP_MD_CTX_reset' (Bug #4485)
- Reload after omitting explicit ModulePath value causes fatal module load
failures (GH#1476)
- Drop pcre build dependency since we have been explicitly disabling it for the
last 5 years anyway
- Fix X448 support check to fail properly with OpenSSL 1.1.0 (GH#1488)
[1.3.8-0.2.rc3]
- Update to 1.3.8rc3
- Support SSH hostkey rotation via OpenSSH extensions (GH#1323)
- NLST did not behave consistently for relative paths (GH#1325)
- Support AES Galois Counter Mode (AES-GCM) in SSH; support for the
'aes128-gcm@openssh.com' and 'aes256-gcm@openssh.com' ciphers has been
added to mod_sftp (Bug #3759)
- Implement an LDAPConnectTimeout directive, to configure the timeout used
when connecting to LDAP servers (GH#1333)
- Implement OpenSSH 'Encrypt-Then-MAC' (ETM) algorithm extensions (GH#1330)
- Implement AllowForeignAddress class matching for passive data transfers
(GH#1346)
- Implement support for PCRE2 (GH#1353)
- ProFTPD wouldn't start with several locales (Bug #4466)
- Auth sources providing space-bearing user/group names caused compliance
issues with MLSD/MLST responses (GH#1367)
- DeleteAbortedStores removed successfully transferred files unexpectedly
(Bug #4467)
- Omit EPRT/EPSV from FEAT response when denied by
(GH#1383)
- Support uploading to symlinked files (GH#1379)
- Keepalive socket options should be set using IPPROTO_TCP, not SOL_SOCKET
(GH#1401)
- TCP keepalive SocketOptions should apply to control as well as data
connection (GH#1402)
- ProFTPD always used the same PassivePorts port for first transfer (GH#1396)
- mod_sftp needs to handle unknown SSH messages in an RFC-compliant manner,
ignoring rather than disconnecting (GH#1410)
- Improve handling of some globally applied configuration directives (GH#1418)
- Name-based virtual hosts not working as expected after upgrade from 1.3.7a
to 1.3.7b (GH#1369)
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | proftpd-1.3.8b-3.el9.src.rpm | 7f7f6539793016370366d5000a169d47 | - | ol9_aarch64_developer_EPEL |
| proftpd-1.3.8b-3.el9.aarch64.rpm | 04328f2033b2e3540a96d31ca0491f03 | - | ol9_aarch64_developer_EPEL | |
| proftpd-devel-1.3.8b-3.el9.aarch64.rpm | 3e4cea8bb6a25e1b556513c7d66d1ad2 | - | ol9_aarch64_developer_EPEL | |
| proftpd-ldap-1.3.8b-3.el9.aarch64.rpm | bdd1c57b7cab0fadd43aae2cba1ddb48 | - | ol9_aarch64_developer_EPEL | |
| proftpd-mysql-1.3.8b-3.el9.aarch64.rpm | 609b926d2f059c8e5e4bd012b8b77cd0 | - | ol9_aarch64_developer_EPEL | |
| proftpd-postgresql-1.3.8b-3.el9.aarch64.rpm | 5c124aa9003d40478a9b9d135b6595c3 | - | ol9_aarch64_developer_EPEL | |
| proftpd-proxy-1.3.8b-3.el9.aarch64.rpm | c52bd7f835d244dcb8f5ce72bb7a1a33 | - | ol9_aarch64_developer_EPEL | |
| proftpd-sqlite-1.3.8b-3.el9.aarch64.rpm | f2bf0e976e2c2aec4a0849c08f116c76 | - | ol9_aarch64_developer_EPEL | |
| proftpd-utils-1.3.8b-3.el9.aarch64.rpm | 1a805fcadd4ca0d9d953d5423feddf54 | - | ol9_aarch64_developer_EPEL | |
| Oracle Linux 9 (x86_64) | proftpd-1.3.8b-3.el9.src.rpm | 7f7f6539793016370366d5000a169d47 | - | ol9_x86_64_developer_EPEL |
| proftpd-1.3.8b-3.el9.x86_64.rpm | 500eeca5699b545df93548601473c190 | - | ol9_x86_64_developer_EPEL | |
| proftpd-devel-1.3.8b-3.el9.x86_64.rpm | 55967154e614df0454fbf8d163879092 | - | ol9_x86_64_developer_EPEL | |
| proftpd-ldap-1.3.8b-3.el9.x86_64.rpm | 8d852d874aff48bcb05d984eb9f30ff1 | - | ol9_x86_64_developer_EPEL | |
| proftpd-mysql-1.3.8b-3.el9.x86_64.rpm | d29b53fc6046883297ed270c45d79b8a | - | ol9_x86_64_developer_EPEL | |
| proftpd-postgresql-1.3.8b-3.el9.x86_64.rpm | d854578dd8c8862826984f8c9938bf1d | - | ol9_x86_64_developer_EPEL | |
| proftpd-proxy-1.3.8b-3.el9.x86_64.rpm | c5e484f88e8e035e94f6a96f1ecacc0c | - | ol9_x86_64_developer_EPEL | |
| proftpd-sqlite-1.3.8b-3.el9.x86_64.rpm | 4d98e208d7fbe8e25360ccad9e703318 | - | ol9_x86_64_developer_EPEL | |
| proftpd-utils-1.3.8b-3.el9.x86_64.rpm | 64902ab52a1b98c68d2f48b719a725e9 | - | ol9_x86_64_developer_EPEL | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
