Softpedia >Linux >Internet >FTP >ProFTPD >  Changelog

ProFTPD Changelog

What's new in ProFTPD 1.3.6

Apr 24, 2018
  • Support for using Redis for caching, logging; see the doc/howto/Redis.html documentation.
  • Fixed mod_sql_postgres SSL support (Issue #415).
  • Support building against LibreSSL instead of OpenSSL (Issue #361).
  • Better support on AIX for login restraictions (Bug #4285).
  • TimeoutLogin (and other timeouts) were not working properly for SFTP connections (Bug#4299).
  • Handling of the SIGILL and SIGINT signals, by the daemon process, now causes the child processes to be terminated as well (Issue #461).
  • RPM .spec file naming changed to conform to Fedora guidelines.
  • Fix for "AllowChrootSymlinks off" checking each component for symlinks (CVE-2017-7418).

New in ProFTPD 1.3.5e (Apr 10, 2017)

  • Fixed SFTP issue with [email protected] digest/MAC.
  • Fixed regression with mod_sftp rekeying.
  • Backported fix for "AllowChrootSymlinks off" checking each component for symlinks (CVE-2017-7418).

New in ProFTPD 1.3.5d (Jan 18, 2017)

  • Fixed regression where all normal FTP users were handled as anonymous users.

New in ProFTPD 1.3.5c (Jan 15, 2017)

  • Support for OpenSSL 1.1.x API changes.
  • mod_sftp uses SHA256 for publickey fingerprints by default, rather than SHA1 or MD5.
  • mod_sql_passwd supports Scrypt and Argon2 password hashing algorithms when libsodium is detected in the header/library directories.
  • mod_sftp now supports extended attributes (xattrs) via SFTP.
  • Fixed bug in filesystem free space calculation causing ALLO to fail unexpectedly.
  • Default FTP/SSH2 banner changed to no longer include version information.
  • New -X command-line option for disabling forking, to aid debugging.
  • Logging of stacktraces now enabled by default; this also means that the installed executables do not have symbols stripped at install time.
  • Fixed memory leak when the mod_facl module is used.
  • Support for UNIX.ownername and UNIX.groupname MLSD/MLST facts.
  • Use initgroups(3) for group membership discovery by default, as it is faster/more performant on most systems. For the previous behavior, use the NoInitgroups AuthUnixOption.

New in ProFTPD 1.3.5a (May 28, 2015)

  • Support the HOST command (see RFC 7151).
  • Changed the default SyslogLevel to be NOTICE, rather than DEBUG.
  • Fixed "stalled" SSL/TLS handshakes for data transfers.
  • ftpwho now supports JSON output format.
  • Fixed handling of SSH keys with overlong Comment headers in mod_sftp_sql.
  • Changed handling of logging of SFTP sessions to ExtendedLogs; see the notes below on the ExtendedLog directive.

New in ProFTPD 1.3.5 (Oct 7, 2014)

  • New Configuration Directives:
  • RLimitChroot When proftpd chroots a session (e.g. via DefaultRoot or ), certain attacks become possible, such as the "Roaring Beast" attack:
  • http://auscert.org.au/15286 https://auscert.org.au/15526
  • To help mitigate these attacks, proftpd now rejects any attempt to do a write of any kind to paths under /etc and /lib, when the session is chrooted to a path other than "/".
  • If these restrictions cause problems for any sites, this guard can be disabled via the new RLimitChroot directive, e.g.:
  • RLimitChroot off
  • See doc/modules/mod_rlimit.html#RLimitChroot for more information.
  • Changed Configuration Directives:
  • SFTPOptions AllowInsecureLogin Some SFTP clients may wish to use the 'none' cipher, and/or 'none' digest, for testing purposes. For example, disabling the cipher and digest can be used for testing the raw transfer speed over SFTP.
  • mod_sftp, by default, will not allow connections which attempt to use the 'none' cipher or 'none' digest, even if these are explicitly enabled via the SFTPCiphers and SFTPDigests directive, as use of these algorithms disables the security protections on the transferred data (such as username/password).
  • Thus to explicitly allow usage for these insecure algorithms, use:
  • SFTPOptions AllowInsecureLogin
  • See doc/contrib/mod_sftp.html#SFTPOptions for details.
  • SQLPasswordPBKDF2 sql:// The mod_sql_passwd module now supports retrieval of PBKDF2 parameters, such as algorithm, iteration count, and output length, on a per-user basis, via a SQLNamedQuery, in addition to staticly configured parameters.
  • See doc/contrib/mod_sql_passwd.html#SQLPasswordPBKDF2 for details.

New in ProFTPD 1.3.5 RC3 (Jun 15, 2013)

  • Fixed mod_sql "SQLAuthType Backend" MySQL issues
  • HideUser/HideGroup now work as expected for virtual users
  • New Modules:
  • mod_snmp The mod_snmp module is intended to collect various state information and expose them via SNMP counters and gauges. Currently only SNMPv1/SNMPv2 are supported. See doc/contrib/mod_snmp.html for more information.
  • New Configuration Directives:
  • SQLUserPrimaryKey, SQLGroupPrimaryKey The mod_sql module now has directives for specifying primary key columns for user/group data; these can be used for storing user/group values in tables which require foreign key constraints. See doc/howto/SQL.html#SQLPrimaryKeys for a more detailed description and use cases for these directives.
  • SQLPasswordPBKDF2 The mod_sql_passwd module now supports handling passwords encrypted using the PBKDF2 algorithm. See doc/contrib/mod_sql_passwd.html#SQLPasswordPBKDF2 for more information.
  • Changed Configuration Directives:
  • DeleteAbortedStores To preserve the principle of least surprise, the behavior of the DeleteAbortedStores directive has been changed slightly. Specifically, DeleteAbortedStores is automatically enabled now whenever "HiddenStores on" is configured.
  • LogFormat, SQLLog The LogFormat and SQLLog directives now supports a %g variable, for logging the name of the primary group of the logged-in user. See doc/modules/mod_log.html#LogFormat.
  • SFTPDigests The mod_sftp module now supports UMAC as an SSH digest algorithm, using the digest name as used by OpenSSH, i.e. "umac-64@openssh". Support for this digest is automatically enabled where supported. See doc/contrib/mod_sftp.html#SFTPDigests for details.
  • SFTPExtensions fsync The mod_sftp module now supports the custom "fsync@openssh" SFTP extension, for handling fsync requests from SFTP clients that need to ensure that any buffered uploaded data has been flushed out to the backing store on the server. See doc/contrib/mod_sftp.html#SFTPExtensions for details.

New in ProFTPD 1.3.4d (Jun 15, 2013)

  • Fixed broken build when using --disable-ipv6 configure option
  • Fixed mod_sql "SQLAuthType Backend" MySQL issues

New in ProFTPD 1.3.4c (Mar 7, 2013)

  • Bug 3795 ProFTPD needs to use -pthread linker option if linking against OpenSSL with thread support.
  • Bug 3816 Installation of ftpasswd does not honor DESTDIR environment variable.
  • Bug 3806 Support reverse DNS resolution for IPv6 addresses when gethostbyname2(3) is not available.
  • Bug 3828 Certain sequences of FTP data transfer commands lead to NULL pointer dereferences in mod_deflate.
  • Bug 3830 MFF/MFMT command segfaults due to insufficient parameter checks.
  • Bug 3829 RNFR without following RNTO can lead to NULL pointer dereference.
  • Bug 3719 LIST -R can loop endlessly if bad directory symlink exists.
  • Bug 3831 Sporadic "451 Insufficient memory or file locked" failure when downloading.
  • Bug 3837 mod_tls unable to read certificate files after SIGHUP.
  • Bug 3822 Resolving %U/%u LogFormat variables inconsistent between mod_log/mod_sql in certain cases.
  • Bug 3842 Incorrect handling of REALPATH requests for symlink paths in mod_sftp.
  • Bug 3845 mod_sftp does not provide response codes for %s LogFormat variable for AUTH ExtendedLog.
  • Bug 3851 SFTPPassPhraseProvider fails due to incorrect pointer.
  • Bug 3841 Possible symlink race when applying UserOwner to newly created directory.
  • Bug 3855 Restarting proftpd may cause Include files not to be parsed.
  • Bug 3859 MLSD fails to show symlinks when ShowSymlinks is not configured.
  • Bug 3863 mod_sftp does not handle MaxLoginAttempts properly.
  • Bug 3865 BanEngine not set in "server config" results in "mod_ban not enabled" ftpdctl error.
  • Bug 3866 Issuing invalid 'ftpdctl ban' request causes segfault.
  • Bug 3867 ftpasswd fails with "Permission denied" when adding subsequent passwd/group entries.
  • Bug 3868 Only first DH param in TLSDHParamFile is used, regardless of requested keylength.
  • Bug 3870 Handling of OPTS command can lead to crash.
  • Bug 3871 REALPATH SFTP request not properly handled by configuration.
  • Bug 3878 QuotaExcludeFilter not honored for uploads when 'hard' limits are used.
  • Bug 3884 Configure script not detecting MySQL make_scrambled_password functions.
  • Bug 3887 erroneously blocks the PROT command used for FTPS.
  • Bug 3819 Second and subsequent LIST of directory with many files is very slow.
  • Bug 3894 ftptop doesn't work with --enable-nls.
  • Bug 3895 Missing TransferLog entry under some out-of-space conditions.
  • Bug 3905 Handle the Linux-specific PAM_RADIO_TYPE message properly.
  • Bug 3904 scp downloads using glob pattern sometimes fails.

New in ProFTPD 1.3.3d (Dec 20, 2010)

  • This is a maintenance release, containing backported fixes for bugs found in the 1.3.3 release.