Fedora 21 Update: proftpd-1.3.5a-1.fc21

updates at fedoraproject.org updates at fedoraproject.org
Tue Jun 9 15:05:54 UTC 2015

Fedora Update Notification
2015-05-30 09:27:40

Name        : proftpd
Product     : Fedora 21
Version     : 1.3.5a
Release     : 1.fc21
URL         : http://www.proftpd.org/
Summary     : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory

This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included.

Update Information:

This update is for the current upstream maintenance release, with lots of bug fixes as described in the NEWS file.

* Thu May 28 2015 Paul Howarth <paul at city-fan.org> - 1.3.5a-1
- Update to 1.3.5a
  - Fixed "stalled" SSL/TLS handshakes for data transfers
  - Fixed handling of SSH keys with overlong Comment headers in mod_sftp_sql
  - By default, mod_tls will no longer support SSLv3 connections; in order to
    support SSLv3 connections (for sites that need to), you must explicitly
    configure this via the TLSProtocol directive, e.g.:
    TLSProtocol SSLv3 TLSv1 ...
  - The mod_copy module is enabled by default; there may be cases where the
    module should be disabled, without requiring a rebuild of the server, thus
    mod_copy now supports a CopyEngine directive to enable/disable the module
  - The DeleteAbortedStores directive (for Bug#3917) is only enabled when
    HiddenStores is in effect, as intended when originally implemented, rather
    than all the time
  - Many other bug-fixes, see NEWS for details
- Drop upstreamed patches
* Tue Apr 28 2015 Paul Howarth <paul at city-fan.org> - 1.3.5-5
- Unauthenticated copying of files via SITE CPFR/CPTO was allowed by mod_copy
  (CVE-2015-3306, http://bugs.proftpd.org/show_bug.cgi?id=4169)
* Tue Feb 10 2015 Paul Howarth <paul at city-fan.org> - 1.3.5-4
- Anonymous upload directory specification needs to be slightly different if
  mod_vroot is in use (#1045922)
- Use %license where possible

This update can be installed with the "yum" update program.  Use
su -c 'yum update proftpd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list