Fedora 21 Update: proftpd-1.3.5a-1.fc21
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jun 9 15:05:54 UTC 2015
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-9094
2015-05-30 09:27:40
--------------------------------------------------------------------------------
Name : proftpd
Product : Fedora 21
Version : 1.3.5a
Release : 1.fc21
URL : http://www.proftpd.org/
Summary : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.
This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included.
--------------------------------------------------------------------------------
Update Information:
This update is for the current upstream maintenance release, with lots of bug fixes as described in the NEWS file.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 28 2015 Paul Howarth <paul at city-fan.org> - 1.3.5a-1
- Update to 1.3.5a
- Fixed "stalled" SSL/TLS handshakes for data transfers
- Fixed handling of SSH keys with overlong Comment headers in mod_sftp_sql
- By default, mod_tls will no longer support SSLv3 connections; in order to
support SSLv3 connections (for sites that need to), you must explicitly
configure this via the TLSProtocol directive, e.g.:
TLSProtocol SSLv3 TLSv1 ...
- The mod_copy module is enabled by default; there may be cases where the
module should be disabled, without requiring a rebuild of the server, thus
mod_copy now supports a CopyEngine directive to enable/disable the module
- The DeleteAbortedStores directive (for Bug#3917) is only enabled when
HiddenStores is in effect, as intended when originally implemented, rather
than all the time
- Many other bug-fixes, see NEWS for details
- Drop upstreamed patches
* Tue Apr 28 2015 Paul Howarth <paul at city-fan.org> - 1.3.5-5
- Unauthenticated copying of files via SITE CPFR/CPTO was allowed by mod_copy
(CVE-2015-3306, http://bugs.proftpd.org/show_bug.cgi?id=4169)
* Tue Feb 10 2015 Paul Howarth <paul at city-fan.org> - 1.3.5-4
- Anonymous upload directory specification needs to be slightly different if
mod_vroot is in use (#1045922)
http://sourceforge.net/p/proftp/mailman/message/31728570/
- Use %license where possible
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update proftpd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list