2010年12月20日

[installer 2610] Re: ProFTPD 1.3.3d, 1.3.4rc1

神村です。

ProFTPD の修正が出ました。

念のため、tarball が本物かどうか確認したほうがいいですね!


On Sat, 18 Dec 2010 12:18:51 +0900 (JST)

Koga Youichirou <y-koga@xxxxx> wrote:
> ProFTPD 1.3.3d, 1.3.4rc1 出ています。
>
> バッファオーバフローや CPU 食いつぶし (DoS かな?) の修正が含まれて
> います。
>
> ☆ ProFTPD 1.3.3d
> http://www.proftpd.org/
> ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3d.tar.gz
>
> 1.3.3d
> ---------
>
> + Fixed sql_prepare_where() buffer overflow (Bug#3536)
> + Fixed CPU spike when handling .ftpaccess files.
> + Fixed handling of SFTP uploads when compression is used.
>
>
> ☆ ProFTPD 1.3.4rc1
> http://www.proftpd.org/
> ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4rc1.tar.gz
>
> 1.3.4rc1
> ---------
>
> + Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
> + Fixed directory traversal bug in mod_site_misc (CVE-2010-3867)
> + Fixed sql_prepare_where() buffer overflow (Bug#3536)
> + Added Japanese translation
> + Many mod_sftp bugfixes
> + Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later
> + Fixed handling of utmp/utmpx format changes on FreeBSD
> + Automatic detection of MySQL, Postgres library and header file locations
> + Added support for SMTP authentication in ftpmail script
> + Updated fnmatch implementation, using glibc-2.9 version.
>
> + New modules:
>
> mod_copy
>
> This module provides the SITE CPFR and SITE CPTO commands, for
> allowing a client to copy files from one location to another on the
> server, without requiring downloads/uploads. See
> doc/contrib/mod_copy.html for details.
>
> mod_deflate
>
> This module provides support for MODE Z, which uses compression to
> reduce the number of bytes required for data transfers and directory
> lists. See doc/contrib/mod_deflate.html for more information.
>
> Depending on the data being transferred, clients can see quite
> a difference in the speed; see:
>
> http://www.smartftp.com/support/kb/file.php?f=192
>
> for some performance numbers.
>
> mod_ifversion
>
> This module allows for version-specific configuration sections of
> the proftpd config file. It is useful for using the same proftpd
> config across multiple servers where different proftpd versions may
> be in use. See doc/contrib/mod_ifversion.html for examples.
>
> mod_qos
>
> This module allows administrators to set networking-specific
> "Quality of Service" (QoS) bits on the packets used by the server.
> More information can be found in doc/contrib/mod_qos.html
>
> + New configuration directives:
>
> Protocols
>
> This directive can be used to specify which protocols can be used
> by a connecting client. It is designed to work with mod_ifsession,
> so that it can be set on a per-user/group/class basis. See
> doc/modules/mod_core.html#Protocols for details.
>
> ScoreboardMutex
>
> This directive is used to explicitly configure the patch to a
> "mutex" file used for scoreboard locking; this file is used to
> increase proftpd's performance under load. See:
>
> http://bugs.proftpd.org/show_bug.cgi?id=3208
>
> for more information.
>
> SFTPClientAlive
>
> This directive is used to enable a protocol-level "keep alive"
> check for mod_sftp SSH connections. More details can be found
> in doc/contrib/mod_sftp.html#SFTPClientAlive.
>
> WrapOptions
>
> The mod_wrap2 module has additional behaviors such as checking the
> allow/deny rules at client connect time (versus after login),
> and checking the allow/deny rules using all of a client's DNS names.
> The WrapOptions directive is used to configure these behaviors;
> see doc/contrib/mod_wrap2.html#WrapOptions for more information.
>
> + Changed configuration directives:
>
> BanOnEvent
>
> The BanOnEvent directive of the mod_ban module now supports
> LoginRate events; see doc/contrib/mod_ban.html#BanOnEvent. This
> lets mod_ban reject clients which are logging in too quickly.
>
> ListOptions
>
> The mod_ls module now supports the -c and -u options for the LIST
> command. The ListOptions directive handles these options as well.
> See the ls(1) man page for more details on these options.
>
> In addition, the NoErrorIfAbsent ListOption can be used to configure
> whether mod_ls returns a 226 response code, rather than the default
> 450 response code, for a LIST/NLST command for a path which does not
> exist. Some clients are sensitive to this use case.
>
> LogFormat
>
> The LogFormat directive now supports two additional variables:
> %I for logging the total number of bytes read from the network,
> and %O for logging the total number of bytes written to the network.
> Note that these values do NOT include any bytes for the TCP packet
> overhead. The mod_sql module's SQLLog directive also supports these
> variables.
>
> These variables can be used to get a better idea of network traffic
> per session/client, as well as for comparing the relative network
> traffic of e.g. FTPS versus SFTP.
>
> SFTPOptions
>
> The mod_sftp module did not interoperate well with old ssh.com or
> with Tectia SSH clients. Support for these clients was added to
> mod_sftp via the OldProtocolCompat SFTPOption (Bug#3480). See
> doc/contrib/mod_sftp.html#SFTPOptions for more information.
>
> TLSOptions
>
> When verifying a client's certificate, the mod_tls module could
> be configured to check the iPAddress and/or dNSName portions of the
> SubjectAltName section of the client certificate, via the TLSOptions
> directive. A new CommonNamedRequired TLSOptions is now supported,
> which tells mod_tls to check the CommonName (CN) section of the
> client certificate. See doc/contrib/mod_tls.html#TLSOptions for
> details.
>
> UseSendfile
>
> The UseSendfile directive can now be used in <Directory> sections and
> .ftpaccess files. This means that sendfile(2) support can be disabled
> on filesystems which do not support it, while still be used on other
> parts of the filesystem which can support it.
>
> The UseSendfile directive can now also configure how many bytes of
> a file to send via sendfile(2) at a time; this can be either in number
> of bytes, or in percentage of the file size. The advantage of this
> is that now the ScoreboardFile (and ftptop/ftpwho) can show download
> progress rates when UseSendfile is enabled.
>
> See doc/howto/Sendfile.html for the full details.
>
> + Deprecated configuration directives:
>
> DisplayGoAway
>
> Support for this directive has been removed.
>
> ----
> こがよういちろう
>
>

--
(株)富士通ソフトウェアテクノロジーズ
Webソリューションサービスグループ
インターネット基盤サービス事業部
サービスプロダクト部
神村 伸(KAMIMURA Shin) skami@xxxxx

投稿者 xml-rpc : 2010年12月20日 08:46
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/100797
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。