Fedora 16 Update: proftpd-1.3.4a-3.fc16

updates at fedoraproject.org updates at fedoraproject.org
Tue Jan 24 20:00:10 UTC 2012

Fedora Update Notification
2012-01-16 21:05:52

Name        : proftpd
Product     : Fedora 16
Version     : 1.3.4a
Release     : 3.fc16
URL         : http://www.proftpd.org/
Summary     : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory

This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included.

Update Information:

This update makes the mod_vroot module, used to address a PAM issue, a loadable object rather than being compiled into the server. The module is still loaded by default though.

There are also two new sub-packages for the server:

* proftpd-devel, which contains files needed to build third-party modules for ProFTPD

* proftpd-utils, which contains many of the utility scripts that used to be included in the main proftpd package; moving them to a sub-package means that the main package no longer requires perl

* Mon Jan 16 2012 Paul Howarth <paul at city-fan.org> 1.3.4a-3
- Add -utils subpackage for support tools, which means the main package
  no longer requires perl
* Tue Jan 10 2012 Paul Howarth <paul at city-fan.org> 1.3.4a-2
- Make mod_vroot a DSO, loaded by default (#772354)
- VRootAlias for /etc/security/pam_env.conf is redundant, so remove it
- Add BanMessage (#772354)
- Add -devel subpackage for building third-party modules
* Fri Nov 11 2011 Paul Howarth <paul at city-fan.org> 1.3.4a-1
- Update to 1.3.4a:
  - Fixed mod_load/mod_wrap2 build issues
- Drop now-redundant workaround for building mod_load and mod_wrap2
- Drop upstreamed patch for xinetd config typo
* Thu Nov 10 2011 Paul Howarth <paul at city-fan.org> 1.3.4-1
- Update to 1.3.4, addressing the following bugs since 1.3.4rc3:
  - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD (bug 3702)
  - mod_sql_mysql.so: undefined symbol: make_scrambled_password with MySQL 5.5
    on Fedora (bug 3669)
  - PQescapeStringConn() needs a better check (bug 3192)
  - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (bug 3704);
    to disable this countermeasure, which may cause interoperability issues
    with some clients, use the NoEmptyFragments TLSOption
  - Support SFTPOption for ignoring requests to modify timestamps (bug 3706)
  - RPM build on CentOS 5.5 (64bit): "File not found by glob" (bug 3640)
  - Response pool use-after-free memory corruption error
    (bug 3711, #752812, ZDI-CAN-1420, CVE-2011-4130)
- Drop upstream patch for make_scrambled_password_323
- Use upstream SysV initscript rather than our own
- Use upstream systemd service file rather than our own
- Use upstream PAM configuration rather than our own
- Use upstream logrotate configuration rather than our own
- Use upstream tempfiles configuration rather than our own
- Use upstream xinetd configuration rather than our own

  [ 1 ] Bug #772354 - Proftpd packaging and configuration has some vroot-related issues

This update can be installed with the "yum" update program.  Use 
su -c 'yum update proftpd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list