forked from proftpd/proftpd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
3108 lines (3018 loc) · 171 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
-----------------------------------------------------------------------------
More details on the bugs listed below can be found by using the bug number
indicated in the following URL:
http://bugs.proftpd.org/show_bug.cgi?id=N
where `N' is the bug number.
If the issue listed below mentions "Issue" instead of "Bug", the number
there references a GitHub issue, which can be found using a URL like:
https://github.com/proftpd/proftpd/issues/N
where `N' is the issue number.
-----------------------------------------------------------------------------
1.3.6rc4 - Released 15-Jan-2017
--------------------------------
- Bug 4283 - All FTP logins treated as anonymous logins again. This is a
regression of Bug#3307.
1.3.6rc3 - Released 14-Jan-2017
--------------------------------
- Bug 4222 - Add support for [email protected] key exchange.
- Bug 4186 - ProFTPD creates name-based vhost when it should not.
- Bug 4233 - Support enforcing minimum key lengths for SFTP/SCP.
- Bug 4235 - Recursive SCP uploads of directories fail with "No such file or
directory".
- Bug 4154 - Support for scrypt in mod_sql_passwd. This also includes
support for Argon2, assuming use of libsodium-1.0.9 or later.
- Bug 4237 - Corrupted ASCII uploads. The refactoring work for Bug#4151 had
introduced a bug in the handling of ASCII uploads, now fixed.
- Bug 4220 - Support reading geoip filters from SQL databases.
- Bug 4242 - Using mod_memcache results in segfault (signal 11). Caused by
a bug in libmemcached-1.0.18 and earlier.
- Bug 4244 - Long-running sessions consume memory continuously.
- Bug 4248 - ALLO command failed unexpectedly.
- Bug 4247 - ProFTPD runs out of memory when listing very large directories
(e.g. over 400GB).
- Bug 4254 - SSH rekey during authentication can cause issues with clients.
- Bug 4257 - Recursive SCP uploads of multiple directories not handled properly.
- Bug 4252 - Clients sometimes receive extra 450 response on ABOR.
- Bug 4259 - LIST returns different results for file, depending on path syntax.
- Bug 4255 - "AuthAliasOnly on" in server config breaks anonymous logins.
- Bug 4240 - Support OpenSSL 1.1.x API.
- Bug 4262 - SITE CPTO returns 250 even when the copy operation fails due to
the user's quota being exceeded.
- Bug 4263 - SITE CPTO terminated by TimeoutIdle.
- Bug 4265 - Omit version information from ServerIdent banner by default.
- Bug 4264 - Support larger fixed DH groups in SSH key exchange.
- Bug 3849 - Allow wildcarded directory names in Include patterns.
- Bug 3662 - Allow SIZE command while in ASCII mode via build-time option.
- Bug 4272 - CapabilitiesEngine directive not honored for <IfUser>/<IfGroup>
sections.
- Bug 4267 - NLST should allow for sorted output. The ListOptions directive
now supports a SortedNLST flag for such use cases.
- Bug 4260 - Restarting server fails when using password-protected SSL
certificates and no TLSPassPhraseProvider.
- Bug 4126 - SSH rekeying causes invalid packet due to interrupting timer.
- Bug 4278 - Memory leak when mod_facl is used.
1.3.6rc2 - Released 10-Mar-2016
--------------------------------
- Bug 4187 - mod_geoip does not load all of the GeoIPTables properly.
- Bug 4167 - CR/LF characters are not supported in filenames.
- Bug 4188 - Support filtering based on country code and regional code in
mod_geoip.
- Bug 4151 - FTP ASCII mode conversion algorithm is painfully slow.
- Bug 4139 - Support rejecting empty passwords. See new AllowEmptyPasswords
directive.
- Bug 4189 - Support protocol exclusion via TLSProtocol directive.
- Bug 4153 - Support requiring multiple SSH authentication methods.
- Bug 4191 - "Incorrect string value" reported by mod_sql_mysql for some UTF8
characters.
- Bug 4097 - SSH rekey fails when using RSA hostkey smaller than 2048 bits.
- Bug 4198 - MLSD/MLST fact type "cdir" is incorrectly used for the current
working directory.
- Bug 4201 - HiddenStores temporary files not removed when exceeding quota
using SCP.
- Bug 4202 - MLSD lines not properly terminated with CRLF.
- Bug 4209 - Zero-length memory allocation possible, with undefined results.
- Bug 4210 - Avoid unbounded SFTP extended attribute key/values.
- Bug 4104 - Handle MasqueradeAddress resolution errors due to startup
sequencing.
- Bug 4056 - Support using JSON when storing ban information in memcached.
- Bug 4057 - Support using JSON when storing TLS session information in
memcached.
- Bug 4212 - Ensure that FTP data transfer commands fail appropriately when
"RootRevoke on" is in effect.
- Bug 4175 - Support for OCSP stapling.
- Bug 4176 - Support for TLS session tickets.
- Bug 4200 - Support TLS client configuration for SQL servers.
- Bug 4213 - Deprecate the NoCertRequest TLSOption.
- Bug 4214 - Allow UseEncoding to be set on a per-user basis.
- Bug 4217 - Handle FTP re-authentication attempts better.
- Bug 4218 - Support a LogFormat variable for logging command duration in
milliseconds.
- Bug 4223 - Permissions on files uploaded via STOU do not honor configured
Umask.
- Bug 4219 - Better handling of symlinks when chrooted.
- Bug 4224 - Prohibit FTP indexing by web crawlers via auto-generated
robots.txt.
- Added mod_auth_otp, mod_digest, mod_statcache to the contrib/ modules
directory.
- Bug 4227 - Support SFTP clients that send multiple INIT requests.
- Bug 4230 - TLSDHParamFile directive appears ignored because unexpected DH is
chosen.
1.3.6rc1 - Released 27-May-2015
--------------------------------
- Bug 4055 - "error setting listen fd IPV6_TCLASS: Protocol not available" log
message.
- Bug 3944 - Session closed if active data transfer fails due to "Address
already in use" error.
- Bug 3983 - Change default SyslogLevel to be NOTICE rather than DEBUG.
- Bug 3990 - Use 213 response code for STAT on a file. STAT on a directory
now results in a 212 response code as well, per RFC 959.
- Bug 4061 - SNMPAgent should support multiple addresses, including IPv6
addresses.
- Bug 4062 - Support PID variable in HiddenStores filename.
- Bug 4065 - mod_sftp should provide the SSH client banner as environment
variable, for logging.
- Bug 4067 - Create ExtendedLog class for SFTP requests.
- Bug 4068 - MaxClients directive doesn't work for <Anonymous> sessions.
- Bug 4069 - NLST -a shows / directory instead of the current directory.
- Bug 4063 - Unable to create directory on NFS/CIFS partition: Permission
denied.
- Bug 4073 - Polycom VOIP phones unable to use FTPS data transfers.
- Bug 4070 - Support wider range of causes of authentication failure.
- Bug 4077 - ShaperLog not closed/reopened on SIGHUP, causing log rotation
problems.
- Bug 4076 - Ability to disable mod_exec on a per-directory basis.
- Bug 4079 - Invalid response encoding for SFTP space-available request.
- Bug 4080 - mod_sftp does not implement SFTP LINK request properly.
- Bug 4083 - Using SQLDefaultHomedir with null home results in "No such user".
- Bug 4084 - "NLST *" returns files from subdirectories.
- Bug 4081 - Not possible to create relative symlinks with SFTP.
- Bug 4087 - mod_sftp does not handle "MaxLoginAttempts none" properly.
- Bug 4089 - mod_sftp does not allow multiple attempts using a given
authentication method.
- Bug 4090 - mod_wrap2_file does not support IPv6 addresses properly.
- Bug 4091 - Log "Operation not permitted" privs errors at NOTICE rather than
ERROR.
- Bug 4093 - Improve mod_sftp handling of missing packet payloads.
- Bug 4050 - Use of PIPE_BUF causes build failure on platforms without it.
- Bug 4020 - Add minimum delay options to mod_delay functionality.
- Bug 4030 - Cache negative/failed Auth API name/ID lookups.
- Bug 4094 - Available space on file system using %f displays wrong value.
- Bug 4012 - Failure to build mod_tls when using static libcrypto due to libdl
linker errors.
- Bug 4098 - mod_sftp unable to use SFTPHostKey due to being group readable in
CentOS 7.
- Bug 4108 - SSL handshakes for data connections sometimes stall for 3-30
seconds.
- Bug 4109 - setsockopt() call for IPV6_TCLASS should use IPPROTO_IPV6.
- Bug 4110 - proftpd on Solaris should use /dev/conslog instead of /dev/log.
- Bug 4114 - mod_tls should not support SSLv3 by default.
- Bug 4112 - Failure to connect using mod_sftp sometimes due to too-small
buffers.
- Bug 4035 - HiddenStores file not renamed every time.
- Bug 4116 - Report exact SSL/TLS protocol version used in client connections.
- Bug 4124 - DeleteAbortedStores defaults to "on" for all transfers, not just
HiddenStores.
- Bug 4129 - mod_sql caches incorrect UID/GID when name cannot be retrieved.
- Bug 4130 - Support the 3-timestamp form of SITE UTIME.
- Bug 4131 - mod_sftp's autoconf script does not detect OpenSSL SHA2 support.
- Bug 4058 - Create a 'timing' trace channel, for timing-related data.
- Bug 4125 - mod_lang should provide way to reject illegally-encoded filenames.
- Bug 4060 - Support unsorted LIST entries (-U) to decrease memory/CPU usage
for large directory listings.
- Bug 4133 - LDAPUsers directive does not honor uid-number-filter-template
parameter.
- Bug 4137 - GeoIPDenyFilter incorrectly takes precedence over GeoIPAllowFilter.
- Bug 4138 - Support for hex-encoded salts in mod_sql_passwd.
- Bug 4140 - SFTP READLINK requests to symlinks to directories fail.
- Bug 4143 - HTTPS/FTPS protocol confusion leads to XSS.
- Bug 4144 - Support APPE when HiddenStores are enabled.
- Bug 4031 - Support JSON output format for ftpwho.
- Bug 4145 - Segfault if AuthUserFile is a relative symlink.
- Bug 4152 - Reduce logging of non-fatal "unable to open incoming connection"
errors.
- Bug 4155 - SSH keys with too-long Comment headers aren't recognized by
mod_sftp_sql.
- Bug 4159 - Support ability to disable ASCII translation transparently to FTP
clients.
- Bug 4156 - Segfault handling LIST/NLST FTP command on Mac OS X.
- Bug 4160 - Malformed response to SSH_FXP_REALPATH with SFTP version 6.
- Bug 4163 - Remove support for EXPORT grade ciphers.
- Bug 4164 - mod_sql fails to read UID/GID values larger than 32 bits from SQL
tables.
- Bug 4157 - LIST/NLST of 1000s of files is slow on some platforms.
- Bug 4059 - Implement additional RADIUS attributes.
- Bug 4166 - mod_sftp sessions consume large amounts of memory due to rekeying.
- Bug 4169 - Unauthenticated copying of files via SITE CPFR/CPTO allowed by
mod_copy.
- Bug 4170 - Incorrect handling of control-byte field of SSH_FXP_REALPATH as
bitmask rather than enumeration for SFTP protocol version 6.
- Bug 4168 - Race condition with HiddenStores and TimeoutIdle timeout, causing
hidden file not to be cleaned up properly.
- Bug 3125 - Support for Mac OS X implementation of POSIX ACLs.
- Bug 4174 - Support for TLS-PSK (pre-shared keys).
- Bug 4178 - TLS session reuse requirement for data connections not properly
enforced.
- Bug 4184 - Remove support for "weak" Diffie-Hellman groups.
- Bug 3289 - Support the HOST command.
1.3.5 - Released 15-May-2014
--------------------------------
- Bug 4018 - Implement checks for sensitive directories when chrooted.
- Bug 4022 - "Directory not empty" error when creating directory is misleading.
- Bug 4025 - <IfClass> sections do not work for multiple SQLLog directives.
- Bug 4029 - TLSOptions EnableDiags logs "unknown version (771)" for
TLS 1.1/1.2 connections.
- Bug 3938 - mod_wrap2 uses reverse DNS regardless "UseReverseDNS off".
- Bug 4032 - Restarting proftpd with mod_sftp fails due to permissions on
SFTPHostKey file.
- Bug 4033 - mod_sftp fails to create SSH2 session using 'none' cipher.
- Bug 4034 - SSH publickey authentication fails with "MaxLoginAttempts 1".
- Bug 4024 - TLS 1.1/1.2 configurable, but not properly implemented.
- Bug 4046 - ALLO command failed because of bad size check.
- Bug 4048 - Race condition in mod_ban can lead to segfault of all new
connections.
- Bug 4049 - mod_exec should include supplemental groups when running commands
as logged-in user.
- Bug 4042 - MIC command between RNFR and RNTO should not be rejected.
- Bug 4044 - mod_facl prevents a normal SIGHUP reload.
- Bug 4052 - Enhance SQLPasswordPBKDF2 to support per-user query for settings.
1.3.5rc4 - Released 28-Jan-2014
--------------------------------
- Bug 3945 - Spurious log messages at session close.
- Bug 3946 - Null pointer dereference causes segfault when logging
%{transfer-status}, %{transfer-failure} LogFormat variables on EXIT.
- Bug 3947 - LogFormat %f variable not resolved properly for SFTP renames.
- Bug 3950 - LogFormat %d/%D variables not resolved properly for directory
listings.
- Bug 3949 - RNFR/RNTO not logged as expected for SFTP EXTENDED
[email protected] requests.
- Bug 3948 - Support FTP response codes in ExtendedLog for SFTP data transfers.
- Bug 3858 - mod_delay allows too-large values, leading to client hang on
authentication.
- Bug 3951 - Null pointer dereference for mod_ldap logins when
LDAPDefaultAuthScheme not configured.
- Bug 3954 - scp downloads result in segfault.
- Bug 3957 - ProFTPD configuration with thousands of <Directory>/<Limit>
sections leads to slow logins.
- Bug 3959 - mod_sftp does not honor <Directory>/<Limit> sections when symlinks
are involved.
- Bug 3958 - Directory creation does not honor single-parameter Umask setting.
- Bug 3960 - Support the CAP_FSETID Linux capability, for preserving directory
SGID bit.
- Bug 3962 - Directory creation fails (chmod(2) EPERM) when root privs are used
in some cases.
- Bug 3955 - Support secure FXP (site-to-site) transfers using SSCN.
- Bug 3966 - LogFormat %f variable not resolved for some commands.
- Bug 3971 - Support SQLOption for ignoring client library config files when
needed.
- Bug 3972 - Authentication error on Cygwin due to bad code.
- Bug 3973 - mod_sftp can be forced to allocate too much memory for
keyboard-interactive authentication.
- Bug 3974 - PathDenyFilter directive does not work as expected for SFTP
sessions.
- Bug 3963 - Improve permission setting when creating directories.
- Bug 3975 - Error printed to stderr when loading GeoIP Lite country database
using IndexCache flag.
- Bug 3976 - ProFTPD terminating (signal 11) crash for GeoLiteCity-20130903
database lookup.
- Bug 3964 - Support running ExecOnEvent actions with logged-in user's
permissions.
- Bug 3979 - mod_sql_odbc compiler warnings on 64-bit systems using unixODBC.
- Bug 3952 - Make PersistentPasswd default to 'off'.
- Bug 3981 - Null pointer dereference in mod_exec with ExecOption useStdin.
- Bug 3982 - Normalize log messages and levels.
- Bug 3888 - Add LDAPLog directive to mod_ldap.
- Bug 3986 - Support filesystems which do not support chmod(2)/chown(2),
e.g. FAT/ExFAT.
- Bug 3991 - SSL session caching modules use incorrect OpenSSL cache mode flags,
breaking session caching.
- Bug 3987 - LogFormat variable for just the filename.
- Bug 3965 - Timeout directives have inconsistent maximum values.
- Bug 3998 - Support IgnoreSCPUploadTimes SFTPOption.
- Bug 3995 - ftpasswd utility should prevent concurrent modification of files.
- Bug 3994 - ftpasswd utility should support --lock/--unlock options.
- Bug 3970 - ProFTPD should not use fd 2 (stderr) for files.
- Bug 3772 - Support Elliptic Curve Cryptography (ECC) certs for
FTPS connections.
- Bug 3992 - RSA signature issue when connecting using PuTTY/WinSCP.
- Bug 3996 - Handling ALLO command can result in wrong response when chrooted.
- Bug 3876 - ExecOnEvent should be configurable per <VirtualHost>/<Global>.
- Bug 4001 - mod_sftp fails key exchange for 8192-bit DH group.
- Bug 4002 - Add 7680-bit DH parameter to mod_sftp bundled dhparams.pem file.
A 3072-bit DH group was also added.
- Bug 4004 - IgnoreSCPUploadPerms SFTPOption not honored properly for SCP
directory upload.
- Bug 4006 - RADIUS "service-type" attribute encoded with wrong length on
64-bit system.
- Bug 4011 - NLST ../ shows current directory contents rather than parent
directory.
- Bug 4013 - SCP upload of shorter file does not completely overwrite existing
file of same name.
- Bug 4014 - CommandBufferSize should override PR_DEFAULT_CMD_BUFSZ.
1.3.5rc3 - Released 14-Jun-2013
--------------------------------
- Bug 3910 - Clang's scan-build warns on set[u][g]id unchecked return value.
- Bug 3914 - 1.3.5rc2 fails to build on Solaris 10.
- Bug 3917 - Make DeleteAbortedStores on by default when HiddenStores enabled.
- Bug 3918 - mod_sftp segfault after SIGHUP when evaluating client banner.
- Bug 3864 - Support SQL query to lookup/use primary key for logged-in
user/group.
- Bug 3920 - Support [email protected] digest for mod_sftp.
- Bug 3921 - Single failed keyboard-interactive login attempt causes SSH
connection to close prematurely.
- Bug 3923 - mod_cap does not revoke root privileges properly for SFTP
connections.
- Bug 3926 - Support OpenSSH fsync SFTP extension.
- Bug 3925 - SFTP directory listings are sensitive to locale environment
variables.
- Bug 3924 - HideFiles does not filter symlinks.
- Bug 3929 - pam_session_close() requires root privs on some platforms.
- Bug 3932 - SQLAuthType Backend returns "password mismatch" for MySQL
PASSWORD().
- Bug 3934 - HideUser/HideGroup do not work as expected for virtual users.
- Bug 3935 - scp download of nonexistent file results in client hang.
- Bug 3927 - Default ControlsSocket created despite custom ControlsSocket path.
- Bug 3937 - Segfault when retrieving SSH public key from LDAP directory.
- Added new mod_snmp contrib module.
- Bug 3939 - Disable Controls for "ServerType inetd" servers.
- Bug 3942 - mod_sftp_sql should support multiple keys concatenated together
in a single column.
- Bug 3943 - Support for PBKDF2 passwords in mod_sql_passwd.
- Bug 3941 - RLimitProcesses causes problems with setuid/setreuid.
1.3.5rc2 - Released 06-Mar-2013
--------------------------------
- Bug 3859 - MLSD fails to show symlinks when ShowSymlinks is not configured.
- Bug 3860 - Add a default deny option for mod_geoip.
- Bug 3862 - Support for FTPS-specific MasqueradeAddress functionality. A
new TLSMasqueradeAddress directive has been added to mod_tls.
- Bug 3863 - mod_sftp does not handle MaxLoginAttempts properly.
- Bug 3865 - BanEngine not set in "server config" results in "mod_ban not
enabled" ftpdctl error.
- Bug 3866 - Issuing invalid 'ftpdctl ban' request causes segfault.
- Bug 3867 - ftpasswd fails with "Permission denied" when adding subsequent
passwd/group entries.
- Bug 3868 - Only first DH param in TLSDHParamFile is used, regardless of
requested keylength.
- Bug 3870 - Handling of OPTS command can lead to crash.
- Bug 3779 - Generate new DH parameters for mod_tls and mod_sftp.
- Bug 3871 - REALPATH SFTP request not properly handled by <Limit DIRS>
configuration.
- Bug 3872 - Use HiddenStores directive to customise suffix.
- Bug 3873 - Provide FTP response code in ExtendedLog for failed SFTP REMOVE
request.
- Bug 3869 - Use longer SSL session cache expiration by default.
- Bug 3874 - Use of O_EXCL flag on HiddenStores files might break for NFS
filesystems.
- Bug 3878 - QuotaExcludeFilter not honored for uploads when 'hard' limits are
used.
- Bug 3879 - Allow additional columns in SQLNamedQuery queries used for quota
limits and tallies.
- Bug 3882 - DisplayLogin with an absolute path does not work properly within
an <IfGroup> section.
- Added new mod_log_forensic contrib module.
- Bug 3881 - <Directory> sections within <IfGroup> sections not applied as
expected.
- Bug 3884 - Configure script not detecting MySQL make_scrambled_password
functions.
- Bug 3887 - <Limit ALL> erroneously blocks the PROT command used for FTPS.
- Bug 3819 - Second and subsequent LIST of directory with many files is very
slow.
- Bug 3889 - Support millisecond timestamp LogFormat variable.
- Bug 3891 - Allow TLSProtocol directive in <VirtualHost> and <Global> sections.
- Bug 3753 - Support SFTP request names in <Limit> sections better.
- Bug 3892 - mod_auth_file should have strict permission checks of configured
files.
- Bug 3893 - Add SQLLogOnEvent directive, for performing SQL query on
configurable event.
- Bug 3894 - ftptop doesn't work with --enable-nls.
- Bug 3895 - Missing TransferLog entry under some out-of-space conditions.
- Bug 3897 - mod_sftp does not handle a REALPATH request properly for SFTP
protocol version 6.
- Bug 3896 - Warn when world-writable config files are used.
- Bug 3899 - Support authentication of users based on SSL/TLS client
certificate.
- Bug 3903 - With mod_log_forensic enabled, SSH connections fail randomly.
- Bug 3905 - Handle the Linux-specific PAM_RADIO_TYPE message properly.
- Bug 3709 - Support download-triggered emails in the ftpmail script.
- Bug 3904 - scp downloads using glob pattern sometimes fails.
- Bug 3900 - ProFTPD terminating (signal 11) on some sftp connections.
- Bug 3906 - Support ban rule for clients which perform SSL/TLS handshakes too
frequently.
1.3.5rc1 - Released 04-Jan-2013
--------------------------------
- Bug 3712 - mod_wrap2/mod_load build errors: missing config.h.
- Bug 3713 - mod_tls cannot be compiled using Openssl 0.9.6.
- Bug 3646 - Debug logging to stderr should include timestamps and PID.
- Bug 3714 - ftpwho/ftptop are not showing command arguments (e.g. downloaded
file name).
- Bug 3715 - MLSD/MLST fail when "DirFakeUser off" or "DirFakeGroup off" used.
- Bug 3717 - proftpd fails to run with "Abort trap" error message.
- Bug 3719 - LIST -R can loop endlessly if bad directory symlink exists.
- Bug 3720 - Various module logfile permissions are 0600 instead of 0640.
- Bug 3723 - mod_memcache segfault on server restart.
- Bug 3721 - mod_rewrite does not replace characters if there are more than
8 occurrences. To handle this situation, a new RewriteMaxReplace directive
has been added for configuring this limit.
- Bug 3724 - Unloading mod_quotatab causes segfault.
- Bug 3686 - Support SHA2 digests in mod_sftp. See the SFTPDigests directive
documentation for more information.
- Bug 3629 - Support <IfAuthenticated> conditional config section.
- Bug 3682 - Configure does not detect libiconv under Gentoo FreeBSD.
- Bug 3726 - mod_exec does not always capture stdout/stderr output from
executed command.
- Bug 3727 - mod_wrap2 causes unexpected LogFormat %u expansion for SFTP
connections.
- Bug 3729 - mod_ldap can segfault when LDAPUsers is used with no optional
filters.
- Bug 3728 - Build failure in wtmp.c on Gentoo/FreeBSD on sparc.
- Bug 3734 - DirFakeUser/DirFakeGroup off with name causes SIGSEGV for
MLSD/MLST commands.
- Bug 3739 - Allow for configurable SSH version identifiers in mod_sftp. The
SSH version identifier can now be configured for mod_sftp via the
ServerIdent directive.
- Bug 3718 - ftptop fails to build on OpenSUSE.
- Bug 3699 - ProFTPD crash on start up on Mac OSX Lion with NLS enabled.
- Bug 3744 - Support ls(1) -1 option for LIST command.
- Bug 3746 - Support applying ListOptions only to NLST or to LIST commands.
- Bug 3747 - Support option for displaying symlinks via MLSD using syntax
preferred by FileZilla. The new FactsOptions directive can be used for
this purpose.
- Bug 3745 - Reject PASV command if no IPv4 address available.
- Bug 3701 - Modify ScoreboardFile directive to support disabling scoreboarding.
- Bug 3742 - Improper handling of self-signed certificate in client-sent cert
list when "TLSVerifyClient on" is used.
- Bug 3749 - Compile of src/netacl.c fails on Tru64 UNIX (OSF/1) due to
conflict with system header.
- Bug 3743 - Random stalls/segfaults seen when transferring large files
via SFTP.
- Bug 3752 - proftpd process exit status is zero for "Failed binding to
address, port N: Address already in use" startup failure.
- Bug 3751 - mod_ban does not close/reopen the BanLog/BanTable file descriptors
on restart, causing a file descriptor leak.
- Bug 3707 - Add request/transfer ID to the logging of the initial and closing
commands for SFTP file transfers. This can now be accomplished using a
LogFormat variable of '%{note:sftp.file-handle}'.
- Bug 3757 - Support SFTPOption for ignoring requests to modify file ownership.
- Bug 3756 - mod_ctrls no longer listens on ControlsSocket after restart.
- Bug 3731 - Support active data transfers while RootRevoke is in effect.
- Bug 3737 - Allow UTF8 when UseEncoding is used.
- Bug 3573 - Support Elliptic Curve Cryptography (ECC) in SSH.
- Bug 3758 - ProFTPD crashes when handling mod_gss authentication due to null
pointer.
- Ability to load SSH host keys from an SSH agent, in addition to files on
disk. See doc/contrib/mod_sftp.html#SFTPHostKey for more information.
- Bug 3761 - SSH2 key exchange fails if client sends certain SSH message before
NEWKEYS.
- Bug 3763 - Ensure that mod_sftp operates properly when OpenSSL FIPS mode is
enabled.
- Bug 3764 - mod_sftp does not correctly handle a 'guess' KEX message when the
client guesses correctly.
- Bug 3765 - mod_sftp should honor the GroupOwner directive for MKDIR requests.
- Bug 3626 - Display variable %f off by a factor of 1024 on 64-bit platforms.
- Bug 3673 - Support date/timestamp variables in mod_rewrite.
- Bug 3754 - ProFTPD refuses to delete/rename a symlink pointing outside a
writable directory.
- Bug 3766 - Support a QuotaDefault directive, for configuring default limits.
- Bug 3767 - mod_rewrite segfault when handling SITE CHGRP without a parameter.
- Bug 3768 - ExecTimeout 0 (zero) not treated as infinite.
- Added new mod_geoip contrib module.
- Bug 3769 - Ensure that encoded strings are NUL-terminated.
- Bug 3732 - AIX build error: undefined symbol: .alloca.
- Bug 3782 - SQLShowInfo does not work properly for error responses.
- Bug 3780 - AIX gives "error setting listen fd IP_TOS: Invalid argument".
- Bug 3736 - Trying to re-authenticate an existing FTP connection causes invalid
503 response.
- Bug 3785 - Support resolution of tilde (~) within a chrooted session.
- Bug 3787 - Read-only SFTP OPEN request permissions not properly ignored.
- Bug 3740 - Overwrite permission denied when reloading multiple times and
multiple <VirtualHost> sections in proftpd.conf.
- Bug 3791 - Invalid handling of SCP control messages fragmented over multiple
SSH packets.
- Bug 3794 - Cygwin build failure in lib/tpl.c due to wrong include of mman.h.
- Bug 3795 - ProFTPD needs to use -pthread linker option if linking against
OpenSSL with thread support.
- Bug 3790 - Logfile timestamps change to GMT after MFMT command.
- Bug 3798 - Downloading nonexistent file via SCP results in timeout rather
than error.
- Bug 3800 - Multiple *Options directives should be handled properly.
- Bug 3801 - mod_tls should have directive like Apache mod_ssl's
SSLHonorCipherOrder. The mod_tls module now supports a
TLSServerCipherPreference directive.
- Bug 3804 - ioctl(RPROTDIS) code no longer needed on Solaris 11.
- Bug 3808 - Segfault in mod_tls when mod_tls_shmcache used.
- Bug 3809 - Segfaults in mod_radius when configured with RadiusGroupInfo.
- Bug 3811 - ExtendedLog entries not written if MaxClients limit reached.
- Bug 3814 - Support "configtest" command for contrib init.d script.
- Bug 3816 - Installation of ftpasswd does not honor DESTDIR environment
variable.
- Bug 3813 - Ability to use CreateHome to create parent directories as
non-root user, for better interoperability with NFS.
- Bug 3806 - Support reverse DNS resolution for IPv6 addresses when
gethostbyname2(3) is not available.
- Bug 3820 - Support device/interface names in <VirtualHost>, MasqueradeAddress,
and DefaultAddress.
- Bug 3822 - Resolving %U/%u LogFormat variables inconsistent between
mod_log/mod_sql in certain cases.
- Bug 3824 - Use RFC compliant address/port for data transfer if FTP client has
not sent PORT/PASV/EPRT/EPSV commands.
- Bug 3825 - Handle RFC 1918 IP addresses in PORT/EPRT commands.
- Bug 3827 - Use non-filesystem based SFTP handle generator instead of
mktemp(3).
- Bug 3828 - Certain sequences of FTP data transfer commands lead to NULL
pointer dereferences in mod_deflate.
- Bug 3830 - MFF/MFMT command segfaults due to insufficient parameter checks.
- Bug 3829 - RNFR without following RNTO can lead to NULL pointer dereference.
- Bug 3832 - Support disabling of system logging on per-connection basis.
- Bug 3792 - Recursive SCP uploads using preserve-time (-p) option may not work.
- Bug 3831 - Sporadic "451 Insufficient memory or file locked" failure when
downloading.
- Bug 3833 - Enable TCP keepalive by default, with configurable SocketOption.
- Bug 3837 - mod_tls unable to read certificate files after SIGHUP.
- Bug 3842 - Incorrect handling of REALPATH requests for symlink paths in
mod_sftp.
- Bug 3843 - ProFTPD should not fail when starting up due to loading same
module multiple times.
- Bug 3845 - mod_sftp does not provide response codes for %s LogFormat variable
for AUTH ExtendedLog.
- Bug 3846 - Avoid scanning ScoreboardFile needlessly on login if limits are
not configured.
- Bug 3850 - ftpasswd should support generating SHA-256, SHA-512 hashes where
possible.
- Bug 3851 - SFTPPassPhraseProvider fails due to incorrect pointer.
- Bug 3852 - Support directive for ignoring symlink DefaultRoot directories.
See the new AllowChrootSymlinks directive.
- Bug 3839 - Enhance mod_cap to support dropping root privs entirely.
- Bug 3841 - Possible symlink race when applying UserOwner to newly created
directory.
- Bug 3855 - Restarting proftpd may cause Include files not to be parsed.
1.3.4 - Released 09-Nov-2011
--------------------------------
- Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD.
- Bug 3669 - mod_sql_mysql.so: undefined symbol: make_scrambled_password with
MySQL 5.5 on Fedora.
- Bug 3192 - PQescapeStringConn() needs a better check.
- Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks.
To disable this countermeasure, which may cause interoperability issues
with some clients, use the NoEmptyFragments TLSOption.
- Bug 3706 - Support SFTPOption for ignoring requests to modify timestamps.
- Bug 3640 - rpmbuild on CentOS5.5 (64bit): "File not found by glob".
- Bug 3711 - Response pool use-after-free memory corruption error.
1.3.4rc3 - Released 26-Sep-2011
--------------------------------
- Bug 3637 - Enforce pcre and libmemcached version requirements.
- Bug 3639 - Avoid spinning proftpd process if read(2) returns EAGAIN.
- Bug 3641 - SITE CPFR/CPTO does not update quota tally.
- Bug 3642 - Segfault seen in mod_sql_mysql if "SQLAuthenticate groupsetfast"
used.
- Bug 3645 - Ensure that SQLNamedConnectInfos with PERSESSION connection
policies are opened before chroot.
- Bug 3644 - Disable signal handling for exiting session processes.
- Bug 3649 - MaxStoreFileSize can be bypassed using REST/APPE.
- Bug 3652 - TCPAccessSyslogLevel directive broken by Bug#3317.
- Bug 3653 - Segfault with "DefaultServer off" and no matching server for
incoming IP address.
- Bug 3656 - Prefer "File too big" error message for MaxStoreFilesize.
- Bug 3658 - TLSVerifyOrder directive is broken.
- Bug 3555 - Support optional maximum number of clients to be disconnected
via 'ftpdctl kick'.
- Bug 3660 - SITE MKDIR/RMDIR should update quota tallies properly.
- Bug 3663 - TimeoutLogin cannot interrupt mod_delay as it should.
- Bug 3664 - mod_sftp does not update process title.
- Bug 3667 - Scoreboard scrubbing can block daemon process for long periods
of time.
- mod_ldap configuration directives have been overhauled, hopefully
yielding a more straightforward, easier way to configure mod_ldap.
See the Changes section of README.LDAP for details.
- Bug 3665 - GID of new files are inherited from parent directory on FreeBSD.
To provide the more expected behavior, where the GID of new files is that
of the logged-in user, on FreeBSD machines, the GroupOwner directive can
now handles a parameter value of "~" as "use GID of logged-in user".
- Bug 3668 - File descriptor leak during scoreboard scrubbing. This leak
was inadvertently introduced by the fix for Bug#3667.
- Bug 3670 - WrapDenyMsg not displayed when using mod_wrap2 + mod_sftp.
- Bug 3671 - TLSOption AllowClientRenegotiations to be unconditionally required
for client-initiated renegotiations. This undoes the functionality added
for Bug#3585, in light of CVE-2011-1473.
- Bug 3674 - After running "proftpd -t" command, ftpdctl commands no longer
work.
- Bug 3675 - Automatically disable sendfile support for AIX systems.
- Bug 3676 - RADIUS-based logins don't work using mod_sftp.
- Bug 3679 - Support NAS-IPv6-Address RADIUS attribute.
- Bug 3680 - SFTP MKDIR does not respect the IgnoreSFTPUploadPerms option.
- Bug 3681 - Non POSIX test constructions in autoconf script.
- Bug 3685 - NULL pointer dereference after an idle timeout.
- Bug 3692 - SQLLog IGNORE_ERRORS parameter does not work.
- Bug 3693 - Clients are disconnected if proftpd cannot listen on port for
passive data transfer.
- Bug 3696 - ExtendedLog not getting written on timeouts.
- Bug 3697 - Filenames with embedded IAC do not get processed correctly.
- Bug 3698 - <Limit WRITE> does not prevent deletion of a file/directory via
renaming.
1.3.4rc2 - Released 01-Apr-2011
--------------------------------
- Bug 3566 - Ability to turn verbose process titles off.
- Bug 3567 - IdentLookups do not work for IPv6 servers.
- Bug 3571 - RLimitMemory "max" soft/hard limits don't work.
- Bug 3572 - Support use of "notes" variables in SQLNamedQuery.
- Bug 3500 - Support for other combinations of hashed values in mod_sql_passwd.
- Bug 3524 - mod_quotatab_sql does not properly update the file upload count
for a DELE.
- Bug 3575 - Process privileges may not handled properly when the
--enable-autoshadow configure option is used.
- Bug 3577 - MFMT can fail due to utimes(2) peculiarities.
- Bug 3544 - mod_sftp closes channel too early after scp download. This
manifests as "lost connection" using OpenSSH's scp(1).
- Bug 3579 - mod_sftp_pam may tell client to disable echoing erroneously.
- Bug 3578 - Ability to suppress sending messages from PAM to clients.
- Bug 3580 - TLSSessionCache needs to allow configuring OpenSSL's internal
session caching expiration, for long-lived sessions.
- Bug 3585 - Allow client-requested SSL session renegotiation when securely
supported.
- Bug 3586 - mod_sftp behaves badly when receiving badly formed SSH messages.
- Bug 3591 - %F LogFormat variable should work for MKD/RMD commands.
- Bug 3592 - Support case-insensitivity option for
PathAllowFilter/PathDenyFilter directives.
- Bug 3593 - Using "$shell $libtool" in prxs does not work for all shells.
- Added new mod_tls_memcache contrib module.
- Bug 3599 - Support SFTPOptions parameter for ignoring SFTP SETSTAT/FSETSTAT
permission changes.
- Bug 3598 - HiddenStores makes the APPE command overwrite files instead of
appending them. APPE is now denied if HiddenStores is in effect.
- Bug 3565 - Support a MaxCommandRate, for detecting and throttling clients
which are sending commands too quickly.
- Bug 3559 - ExtendedLog should support EXIT command, for logging when a
session ends.
- Bug 3538 - WrapAllowMsg directive broken due to Bug#3423.
- Bug 3604 - Support DirFakeUser, DirFakeGroup and DirFakeMode for MLSD/MLST
commands.
- Bug 3605 - DisplayReadme output should appear after DisplayLogin for the
PASS command.
- Bug 3595 - Avoid buggy glibc regcomp(3) for regular expressions. To do
this, use the new --enable-pcre configure option to enable the use of the
PCRE library for regular expression support.
- Bug 3607 - SocketOptions receive/send buffer size parameters no longer work.
- Bug 3606 - mod_wrap2 needs to support netmask rules for IPv6 addresses.
- Bug 3608 - Make mod_quotatab poll for the QuotaLock file.
- Bug 3576 - Support setting CapabilitiesSet on per-user basis via
mod_ifsession's <IfUser> and <IfGroup>.
- Bug 3612 - APPE/STOU upload flags erroneously preserved across upload
commands.
- Bug 3609 - Support full PCRE regular expressions if PCRE support is enabled.
- Bug 3614 - Malicious module can use sreplace() function to overflow buffer.
- Bug 3616 - Install contrib utilities as part of 'make install' target.
- Bug 3619 - Exiting sessions don't seem to die properly.
- Bug 3618 - ScoreboardFile locking should be more resilient.
- Bug 3617 - Enhance the Trace directive to support range of channel log levels.
- Bug 3620 - Need LogFormat variable for IP address of server handling session.
- Bug 3262 - Allow SQL logging to separate database/server.
- Bug 3574 - Better handling of ALLO command.
- Bug 3621 - mod_quotatab increments tallies for aborted uploads if
DeleteAbortedStores is on.
- Bug 3622 - mod_delay sometimes logs "unable to load DelayTable into memory".
- Bug 3624 - Plaintext command injection in FTPS support.
- Bug 3625 - mod_ifsession rules using regular expressions do not work.
- Bug 3623 - Truncated client name saved in ScoreboardFile.
- Bug 3627 - %w variable populated with non-absolute path in SQLLog statement.
- Bug 3628 - Unnecessarily verbose "warning: unable to throttle bandwidth:
Interrupted system call".
- Bug 3630 - SSH DISCONNECT messages sent by mod_sftp even for FTP connections
in some cases.
- Bug 3632 - mod_sql should log "unrecoverable database error" at a higher
priority.
- Bug 3631 - Support TraceOptions directive, for altering TraceLog format
slightly.
- Bug 3633 - Using SQLOption noDisconnectOnError can cause ExtendedLog logging
to silently fail.
- Bug 3610 - Proftpd is eating CPU when reparsing configuration file on SIGHUP.
- Bug 3634 - Incorrect generation of DSA signature for SSH sessions.
1.3.4rc1 - Released 17-Dec-2010
--------------------------------
- Bug 3399 - <Limit> statement does not restore access to MFMT commands.
- Bug 3365 - First certificate in TLSCertificateChainFile is skipped.
- Bug 3302 - MLST response should include full path name.
- Bug 3400 - Add Japanese translation.
- Bug 3401 - mod_sftp does not compile with pre-0.9.7 OpenSSL.
- Bug 3402 - mod_tls does not compile with pre-0.9.7 OpenSSL due to Bug#3349.
- Bug 3403 - File upload followed by MLSD leads to wrong file size entries in
TransferLog.
- Bug 3339 - Support ban rule for clients which login too frequently.
- Bug 3405 - Multiple SFTPAuthorizedUserKeys stores causes segfault on 64-bit
platforms.
- Bug 3404 - SyslogLevel not applied to SystemLog.
- Bug 3354 - Renaming a file across mount points to a full disk does not fail
as expected.
- Bug 3353 - Support setting IPTOS/DSCP markings on data and control streams.
There is a mod_qos module for handling this; see the RELEASE_NOTES for more
details.
- Bug 3392 - Display <VirtualHost> information in 'ban info' ftpdctl action
response.
- Bug 3393 - Specify the <VirtualHost> when using 'ban' or 'permit' ftpdctl
actions.
- Bug 2196 - Handle IPv4-mapped IPv6 addresses as IPv4 addresses.
- Bug 3407 - Use glob characters as literal characters if no glob match found
for LIST/NLST.
- Bug 2768 - Provide --with-mysql-config/--with-postgres-config build options.
- Bug 3408 - Use <termios.h> instead of <sys/termios.h> where possible.
- Bug 3374 - TLSVerifyClient and TLSOptions NoCertRequest are incompatible.
- Added mod_copy, mod_deflate, mod_ifversion to the contrib/ modules directory.
- Bug 3373 - RadiusGroupInfo should not require that both names and IDs be VSAs.
- Bug 3371 - Group limits in <LIMIT LOGIN> blocks won't work with
RADIUS-supplied groups.
- Bug 3412 - Include files not included after restart due to permissions.
- Bug 3409 - Build failure on newer FreeBSD due to utmp/utmpx system changes.
- Bug 3318 - MLSD should indicate symlinks if ShowSymlinks is enabled.
- Bug 3411 - Support ftpdctl action to manually request a mod_dynmasq refresh.
- Bug 3417 - Unsafe use of pointer when scanning config for ScoreboardFile.
- Bug 3418 - %U sometimes showing up as "(none)" in ExtendedLog.
- Bug 3421 - RewriteHome does not work properly for SFTP connections.
- Bug 3413 - Support DirFakeUser, DirFakeGroup for SFTP connections.
- Bug 3419 - SSL_shutdown() errors with openssl-0.9.8m.
- Bug 3423 - Last line of multiline DisplayLogin file improperly handled.
- Bug 3426 - mod_sftp does not log to TransferLog by default.
- Bug 3425 - Improperly constructed destination paths for SCP uploads.
- Bug 3428 - Honor the Trace directive in mod_ifsession sections.
- Bug 3429 - mod_sftp should honor the UserOwner and GroupOwner directives.
- Bug 3427 - mod_sftp does not handle recursive SCP uploads properly.
- Bug 3432 - ExecBeforeCommand does not interpolate the %F/%f variables
properly.
- Bug 3434 - TraceLog contains messages even with "Trace DEFAULT:0" configured.
- Bug 3433 - SFTPDisplayBanner does not handle variables in configured file.
- Bug 3435 - Encoding/decoding conversion can cause CPU spike.
- Bug 3436 - Support build-time option to disable use of nonblocking open of
log files. Use --disable-nonblocking-log-open to get the pre-1.3.3 behavior
of opening log files.
- Bug 3437 - UseImplicitSSL TLSOption causes PBSZ/PROT commands to fail.
- Bug 3439 - Encoding fails if an NLS-enabled proftpd starts in a UTF8 locale.
- Bug 3438 - <Limit> configuration cannot be applied to OPTS command.
- Bug 3440 - ScanOnLogin QuotaOption not honored properly if tally record has
to be created.
- Bug 3444 - Support SFTPOptions parameter to disable optimistic KEXINIT
behavior.
- Bug 3445 - mod_sftp should send its NEWKEYS message first, before reading
the client's NEWKEYS message.
- Bug 3443 - Deprecate the DisplayGoAway directive.
- Bug 3446 - .ftpaccess ignored in some cases.
- Bug 3447 - mod_sftp can become confused during large recursive SCP uploads.
- Bug 3448 - Ensure that STAT/LSTAT/FSTAT SFTP requests do not use cached/stale
data.
- Bug 3449 - mod_sftp does not properly handle the O_TRUNC flag in a SFTP OPEN
request.
- Bug 3450 - mod_sftp does not properly handle the O_APPEND flag in a SFTP OPEN
request.
- Bug 3451 - WinSCP can't upload files using protocol version 5 with mod_sftp.
- Bug 3452 - mod_sftp does not advertise its supported SFTP extensions for
protocol version 5.
- Bug 3454 - msgfmt(1) options used for generating NLS files are not compatible
with Solaris' msgfmt.
- Bug 3457 - Support LogFormat variable for indicating whether a file is being
modified. A new "%{file-modified}" LogFormat variable is supported.
- Bug 3456 - Problem attempting to recursively download a directory via SCP.
- Bug 3458 - mod_sftp incorrectly performs OpenSSL cleanup.
- Bug 3459 - mod_radius segfaults during incorrect login due to stale data.
- Bug 3431 - Ensure that timezone info files are opened prior to chroot.
- Bug 3460 - REALPATH SFTP request can cause improperly cached directory
configuration.
- Bug 3462 - ftpasswd script's --delete-user option does not work.
- Bug 3463 - ftpasswd script's --delete-group option does not work.
- Bug 3466 - mod_ifsession does not check for properly closed <IfUser> contexts.
- Bug 3465 - SIGSEGV at LIST after CCC.
- Bug 3470 - Deferred resolution <Directory> paths not handled properly by
mod_sftp.
- Bug 3469 - ExtendedLog's %f variable not properly expanded for DELE if path
begins with tilde ('~').
- Bug 3467 - mod_ifsession does not merge <Directory> blocks properly.
- Bug 3471 - Null values in allow/deny rules causes mod_wrap2 to segfault.
- Bug 3472 - mod_sftp publickey authentication fails for large keys.
- Bug 3424 - Bad LDAP lookup can cause mod_ldap segfault under some conditions.
- Bug 3396 - Support -c and -u LIST options.
- Bug 3395 - Provide LogFormat variable %d for non-directory commands.
- Bug 3476 - LIST/NLST of path starting with "-" fails.
- Bug 3475 - Add new 'noGetgrouplist' AuthUnixOption to work around buggy
libc code.
- Bug 3474 - Using SQLite database and SQLLog directive can lead to problems
under load.
- Bug 3479 - Support anonymous username variable in mod_exec.
- Bug 3480 - mod_sftp does not interoperate with old ssh.com/Tectia clients.
A new "OldProtocolCompat" SFTPOption has been added.
- Bug 3481 - Problem with SFTP directory listings.
- Bug 3483 - NULL pointer dereference handling SITE command in mod_quotatab.
- Bug 3485 - Disabling IPv6 via -4 or --ipv4 command-line options does not work.
- Bug 3487 - Null pointer dereference with EPRT/EPSV/PASV/PORT command during
data transfer.
- Bug 3482 - ProFTPD corrupts utmpx log files on FreeBSD 9.0/HEAD.
- Bug 3491 - Directory pattern not matching as expected.
- Bug 3492 - Null pointer dereference during data transfer due to RNFR/RNTO.
- Bug 3493 - mod_sftp should only expect Subject key header to match if
explicitly configured.
- Bug 3494 - Null pointer dereference for IPv6-enabled proftpd when no
DefaultServer configured.
- Bug 3496 - Sessions don't end when the control connection is closed during
a data transfer.
- Bug 3495 - Support SMTP authentication in the ftpmail Perl script. See
the doc/contrib/ftpmail.html doc for more information.
- Bug 3501 - <Anonymous> logins with "AuthAliasOnly on" still handled as
anonymous logins.
- Bug 3502 - Support environment variables better in the config file.
- Bug 3503 - Support CreateHome parameter for specifying the group ownership
of the home directory.
- Bug 3390 - Add extra %-variable to LogFormat directive to log UID/GID of
logged user. Both LogFormat and SQLLog now support new %{uid} and %{gid}
variables.
- Bug 3505 - Support for SSH2 client "alive" checks, a la OpenSSH's
ClientAliveCount/Interval.
- Bug 3506 - Support ListOption for returning 226 response code when listing
nonexistent file, instead of 450.
- Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite.
- Bug 3512 - Add ability to check client certificate CommonName (CN) when
verifying SSL/TLS clients.
- Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux.
- Bug 3514 - Test suite tmpdir improvements.
- Bug 3484 - Support range expressions for IP addresses in Allow/Deny/From
rules.
- Bug 3516 - Support the "space-available" SFTP extension.
- Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE
commands.
- Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc
functionality via proftpd.conf.
- Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc.
- Bug 3520 - MultilineRFC2228 directive should be supported in <VirtualHost>
and <Global> sections.
- Bug 3521 - Telnet IAC processing stack overflow.
- Bug 3522 - Error when handling SSH DISCONNECT messages with no language tag.
- Bug 3525 - Default syslog logging causes logging to the wrong syslog
facilities.
- Bug 3528 - ExtendedLog %s variable not expanded properly for successful PASS
commands.
- Bug 3526 - CPU usage at 100% when checking HideFiles pattern. Credit goes
to Thomas Shinnick for providing the fix for this; it addresses a more
general problem of high memory and CPU consumption when proftpd searches
for .ftpaccess files.
- Bug 3529 - "LIST /*" now lists more than the expected directory.
- Bug 3310 - UseSendfile should be supported in <Directory> and .ftpaccess
sections.
- Bug 3531 - mod_quotatab contains duplicate EDQUOT errno code.
- Bug 3530 - Conflicting interactions among HideUser, HideGroup, and
HideNoAccess directives.
- Bug 3208 - Improve ScoreboardFile performance under load. This adds a
new ScoreboardMutex directive, which can be used to explicitly configure
the file mutex used for starting/ending sessions. By default, the
ScoreboardMutex path will be automatically set to the same ScoreboardFile
path, with a ".lck" suffix appended.
- Bug 3536 - mod_sql has insufficient bounds checking in sql_prepare_where()
function.
- Bug 3547 - Multiple AllowClass directives not handled properly.
- Bug 3515 - Support DisplayLogin functionality for SFTP connections.
- Bug 3548 - Null pointer segfault in mod_sftp when handling aborted connection.
- Bug 3551 - SQLAuthType Crypt implementation needs to handle NULL return value
from crypt(3).
- Bug 3550 - SFTP compressed uploads can cause corrupted uploaded files.
- Bug 3554 - Support Apache-style %I, %O LogFormat variables.
- Bug 3556 - Disable protocol support on per-user/group/class basis.
- Bug 3508 - mod_wrap2 should support checking of WrapTables allow/deny rules
at connect time.
- Bug 3558 - Check all DNS names for a client against DNS names/patterns in
access rules.
- Bug 3560 - ExtendedLog shows incorrect byte size for first file downloaded
via SFTP in some cases.
1.3.3 - Released 24-Feb-2010
--------------------------------
- Bug 3389 - Cannot create mod_ban whitelists using <Class> and <IfClass>
sections.
- Bug 3397 - HideFiles none does not work properly on a per-user basis.
1.3.3rc4 - Released 12-Feb-2010
--------------------------------
- Bug 3355 - mod_ban should support BanEngine in <VirtualHost> config sections.
- Bug 3358 - mod_tls doesn't compile with pre-0.9.7 openssl.
- Bug 3357 - mod_sftp fails to compile on AIX.
- Bug 3356 - Build timestamp using date(1) can fail depending on environment.
- Bug 3359 - mod_tls_shmcache segfaults during syntax check.
- Bug 3362 - Regression in handling of MaxLoginAttempts in 1.3.3rc1.
- Bug 3370 - Lack of PID protection in ScoreboardFile.
- Bug 3372 - ProFTPD crashes when retrying a failed login with mod_radius
being used.
- Bug 3375 - Minor SIGHUP-based memory leak in mod_tls.
- Bug 3376 - Handle the full RFC4716 formatted keys in SQL values.
- Bug 3377 - mod_wrap2 attempts to resolve 'ALL' keyword as an IP address.
- Bug 3383 - ExtendedLog variables for protocol and version not handled
properly.
- Bug 3381 - RADIUS authentication broken on 64-bit platforms.
- Bug 3380 - Support user-specific salts in encoded passwords.
- Bug 3385 - Memory leak during SCP download.
- Bug 3386 - Downloading via SCP can stall due to rekeying.
- Bug 3387 - SIGHUP will eventually cause certain modules (as DSO modules) to
segfault.
1.3.3rc3 - Released 10-Dec-2009
--------------------------------
- Bug 3303 - FileZilla reports "Server did not properly shut down TLS
connection" after TimeoutIdle triggered.
- Bug 3305 - Emulate Solaris 10 syslog "header" on Solaris 10 servers.
- Bug 3307 - All FTP logins treated as anonymous logins.
- Bug 3312 - Uploading via SFTP/SCP to FIFO whose reader is closed causes
session to hang.
- Bug 3313 - Uploading via SFTP to FIFOs fails due to illegal lseek(2),
truncate(2) calls.
- Bug 3314 - Downloading from FIFOs via SFTP/SCP fails.
- Bug 3315 - Support the %u variable in SFTPAuthorizedUserKeys paths.
- Bug 3316 - Messages from PAM modules are ignored when authenticating SSH
clients via 'keyboard-interactive'.
- Bug 3317 - mod_wrap/libwrap should honor SyslogFacility setting.
- Bug 3311 - configure script should automatically detect when -ldl is needed
by OpenSSL.
- Bug 3324 - Vulnerability in SSL/TLS protocol during renegotiation
(CVE-2009-3555).
- Bug 3327 - Clear external SSL session caches on server restart/shutdown.
- Bug 3326 - Shared memory segment used for session cache should be protected
via mlock(2).
- Bug 3322 - Support the "version-select" SFTP extension.
- Bug 3321 - Support the "check-file-name" and "check-file-handle" SFTP
extensions.
- Bug 3320 - Support the "copy-file" SFTP extension.
- Bug 3328 - Failed database transaction can cause mod_quotatab to loop
endlessly.
- Bug 3307 - Transparently handle the X-variant commands when checking <Limit>
permissions. The fix for this issue has been reimplemented to be more
transparent; some existing configurations were broken by the previous
implementation.
- Bug 3329 - Support the "vendor-id" SFTP extension.
- Bug 3332 - Segfault in mod_wrap when TCPAccessFiles do not exist and client
sends USER for account which does not exist.
- Bug 3333 - mod_sql_mysql should support calling stored procedures better.
- Bug 3337 - <Directory> sections with a trailing directory name of one
character have <Limit> problems. This is regression caused by Bug#3146.
- Bug 3331 - Update bundled libtool to 2.2.4.
- Bug 3341 - mod_wrap2 segfaults when a valid user retries the USER command.
- Bug 3342 - FEAT response contains LF without preceding CR.
- Bug 3306 - ECONNREFUSED while handling SIGHUP.
- Bug 3345 - mod_sftp returns EACCES rather than ENOENT for an OPEN request
for a nonexistent file.
- Bug 3344 - Support SHA256, SHA512 passwords in databases.
- Bug 3348 - Rewriting of home directories via RewriteHome does not work for
chrooted sessions.
- Bug 3349 - SSL_SESSION_cmp not available in OpenSSL 1.0.0 betas.
- Bug 3350 - Segfault caused by scrubbing zero-length portion of memory.
- Bug 3347 - mod_auth_file handles 'getgroups' request incorrectly.
- Bug 3351 - Nonchrooted logins on HPUX do not get proper UID/GID.
- Bug 3352 - mod_sftp does not reject/close connections that have been rejected
by mod_wrap.
1.3.3rc2 - Released 20-Oct-2009
--------------------------------
- Bug 3263 - Supplying option SFTPRekey timeout parameter causes segmentation
fault.
- Bug 3265 - SFTP requests are logged to ExtendedLog without regard to classes.
- Bug 2758 - ProFTPD doesn't always pay attention to AccessDenyMsg.
- Bug 3266 - Support "implicit" FTPS.
- Bug 2070 - AuthAliasOnly off in <Global> section kills anonymous logins.
- Bug 3268 - Files whose names start with whitespace are not listed properly.
- Bug 1908 - ExtendedLog to work properly in <Anonymous> context.
- Bug 3269 - RewriteCondition OR/ornext flag does not work.
- Bug 3254 - NLST/LIST and symbolic link problem.
- Bug 3272 - Avoid encoding if to/from charsets are the same.
- Bug 3274 - Timestamp formatting in TransferLog needs padded day-of-month.
- Bug 3270 - Lost connections to databases not correctly handled. This
also adds support for a new "noReconnect" SQLOption.
- Bug 3275 - Improper SSL/TLS certificate subjectAltName verification.
- Bug 3252 - %F/%f Display variables can report wrong size on 64-bit systems.
- Bug 3278 - Aborted data transfers not reflected in RADIUS accounting.
- Bug 3282 - With "SQLNegativeCache on", mod_sql will look up wrong cached
user value for subsequent USER commands.
- Bug 3284 - Slower transfers of multiple small file transfers after upgrade
from 1.3.0a to 1.3.2a.
- Bug 3279 - .ftpaccess configurations not merged properly with existing
configuration.
- Bug 3287 - MaxTransfersPerHost, MaxTransfersPerUser directives not supported
properly.
- Bug 2013 - Track RFC2228 sessions in scoreboard. The scoreboard entry
format now has a 'protocol' field, for tracking 'ftp' and 'ftps'.
- Bug 3286 - Client command field in scoreboard entry too short for SSH2/SFTP
commands.
- Bug 3229 - LangDefault does not accept any setting on FreeBSD.
- Bug 2368 - Allow contrib modules to extend mod_sql's SQLAuthTypes. This
also includes a new mod_sql_passwd contrib module which can handle
hex- and base64-encoded MD5 and SHA1 passwords, without the leading
"{digest}" prefix required by the mod_sql OpenSSL SQLAuthType.
- Bug 3292 - "Incorrect MAC received on packet" error using AES CTR ciphers.
- Bug 3293 - SFTPCipher arcfour256 does not work properly.
- Bug 3294 - Support configurable HiddenStores prefixes.
- Bug 3295 - proftpd segfaults when STAT is used with ListOptions "-1".
- Bug 3296 - mod_quotatab should reject an upload via APPE if the quota is
already exceeded.