2008年12月24日

[installer 1770] ProFTPD 1.3.2rc1

ProFTPD 1.3.2rc3 出ていました。

CSRF の修正が入っています。
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4242
http://bugs.proftpd.org/show_bug.cgi?id=3115
参照のこと。

☆ ProFTPD 1.3.2rc3

http://www.proftpd.org/
ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.2rc3.tar.gz

1.3.2rc3 - Released 20-Nov-2008
--------------------------------
- Bug 3114 - Bad handling of uid/gid parameters for CreateHome.
- Bug 3115 - Cross-site request forgery.
- Bug 3116 - SQLNegativeCache with no group info can cause segfault.
- Bug 3117 - Authentication improperly allowed (Bug#2922 regression).
- Bug 3119 - Search for libcap2 in addition to libcap for mod_cap support.
- Bug 3120 - WrapTables not allowed in <Anonymous> context.
- Bug 3122 - iconv() not detected properly on FreeBSD when --enable-nls is used.
- Bug 3124 - mod_sql improperly substitutes variables in user/group names.
- Bug 3089 - Memory pool double-free on session exit after aborted data
transfer.
- Bug 3092 - FSIO API needs mechanism for allowing registered FS handlers to
permit atomic renames.
- Bug 2767 - gcc 4.0/amd64 warnings.
- Bug 3126 - Segfault in mod_sql_sqlite when user belongs to multiple groups.
- Bug 3130 - HideFiles can cause segfault.
- Bug 3131 - Session process uses 100% CPU after aborted transfer.
- Bug 3132 - Handling of SIGABRT signal leads to endless loop.
- Bug 3073 - Command arguments not decoded properly in some places.
- Bug 3135 - Aborting a download can lead to segfault in some cases.

1.3.2rc2 - Released 17-Sep-2008
--------------------------------
- Added Chinese translation
- Bug 3076 - RPM build failing on 64 bit OS due to incomplete .spec.
- Bug 3082 - Use "DEFAULT" keyword instead of "ALL" for Trace directive.
Hopefully the "DEFAULT" keyword will be more accurate, more descriptive
of the actual functionality triggered by the keyword.
- Bug 3083 - Multiple issues with handling of <Class> definitions.
- Bug 3077 - Transparently handle the X-variant commands when checking
<Limit> permissions.
- Bug 3036 - Quota information not persisted if session ends abruptly.
- Bug 3094 - Perform unidirectional SSL/TLS shutdown on data connections.
- Bug 3096 - libcap version errors on newer Linux kernel.
- Bug 3074 - Support configure option for pkgconfig .pc file install
location.
- Bug 3095 - TLSPassphraseProvider port number truncated.
- Bug 3099 - Add trace logging of filesystem permission errors. To see
this additional logging, use Trace logging, and configure it to log
the "fileperms" log channel.
- Bug 3100 - Support ftpmail options for sending emails only for specific
users. See doc/contrib/ftpmail.html for more details.
- Bug 3030 - GroupOwner should work for all groups. Previously, GroupOwner
(without using UserOwner) could fail, if the user did not belong to
the specified group. Now proftpd will automatically detect, when
handling GroupOwner, when root privileges need to be used for the
configured group.
- Bug 3101 - mod_wrap2 does not compile on FreeBSD with custom includes.
- Bug 3098 - Socket descriptor leak when using syslog logging, especially at
SyslogLevel 'notice' or higher.
- Bug 3055 - Support Display variable for specifying the timestamp format.
See doc/howto/DisplayFiles.html for more information.
- Bug 2537 - mod_sql does not support %{...}t variable. SQLNamedQuery
statements can now use "%{time:...}" variables for formatting time strings
using strftime(3).
- Bug 2564 - Improper logging of "max connections per host". The issue was
one of the timing of the logging of the "Login successful" message. Now
it happens as part of a LOG_CMD handler for the PASS command.
- Bug 3104 - Syslog logging does not work on Mac OS X.
- Bug 2991 - Need a `prxs' (ProFTPD Extensions) command-line tool for building
shared modules without proftpd source.
- Bug 3106 - Add support for Mac OSX 10.5 sendfile.
- Bug 3107 - TLSProtocol supports misleading "SSLv23" parameter.
- Bug 3108 - Support removing MLST from FEAT list. The mod_facts module
now supports a FactsAdvertise directive; see doc/modules/mod_facts.html
for details.
- Bug 3109 - Errors with file uploads logged but not reported to clients.
- Bug 3112 - Uploaded files are not removed if close() fails.


1.3.2rc3
---------

+ Fixed character set/encoding support on FreeBSD.

+ Fixed mod_sql authentication regression (Bug#2922)

+ Start of a regression testsuite. Currently have basic unit tests for
most FTP commands, and a few of the configuration directives. See
the Testing howto for more information.

+ Fixed variable substitution in user/group names in SQL queries.

+ Lowered the default TimeoutLinger value from 180 secs to 30 secs,
for better interoperability. Many FTP clients have a timeout of
60 secs, waiting for a response from the server, before the client
closes the control connection. ProFTPD's lingering closes should
thus not be longer than 60 secs, to avoid hitting those clients'
timeout limit.

+ Fixed several issues related to aborting of downloads.

+ New documentation:

doc/howto/Testing.html
doc/howto/Translations.html


1.3.2rc2
---------

+ Added Chinese translation.

+ Fixed handling of SSL/TLS session shutdowns on data connections. This
issue was causing problems for users of recent FileZilla versions which
insisted on proper SSL/TLS session shutdowns.

+ Fixed file descriptor leak when using syslog logging.

+ Fixed syslog logging on Mac OSX platforms.

+ Attempted to address the following message in system log files:

warning: `proftpd' uses 32-bit capabilities (legacy support in use)

by having mod_cap use the libcap version numbers provided by newer
Linux kernels. See doc/modules/mod_cap.html for more details.

+ Added new `prxs' tool, for compiling and installing third-party
modules without needing the proftpd source code. See
doc/howto/DSO.html for more information.

+ Added sendfile support for Mac OSX 10.5.

----
こがよういちろう


投稿者 xml-rpc : 2008年12月24日 13:26
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/80443
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。