2011年4月 4日

[installer 2740] ProFTPD 1.3.3e, 1.3.4rc2

ProFTPD 1.3.3e, 1.3.4rc2 出ています。

複数のセキュリティホールの修正が含まれています。

☆ ProFTPD 1.3.3e
http://www.proftpd.org/
ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3e.tar.gz

1.3.3e
---------

+ Display messages work properly again.

+ Fixes plaintext command injection vulnerability in FTPS implementation
(i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for
details.

+ Fixes CVE-2011-1137 (badly formed SSH messages cause DoS). See
http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.

+ Performance improvements, especially during server startup/restarts.


☆ ProFTPD 1.3.4rc2
http://www.proftpd.org/
ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4rc2.tar.gz

1.3.4rc2
---------

+ Display messages work properly again.

+ Fixes plaintext command injection vulnerability in FTPS implementation
(i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for
details.

+ Fixes CVE-2011-1137 (badly formed SSH messages cause DoS). See
http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.

+ Performance improvements, especially during server startup/restarts.

+ New --enable-memcache configure option

ProFTPD now provides an API for modules for using memcached servers for
caching information among different proftpd server and/or across
sessions. For more information, see the mod_memcache documentation
in doc/modules/mod_memcache.html.

+ New --enable-pcre configure option

The C library support for POSIX regular expressions is vulnerable to
some pathological regex patterns; the glibc library in particular
can be made to burn CPU with such patterns. Sites which wish to avoid
such buggy C library implementations can instead use PCRE for regular
expression support in ProFTPD, by using the --enable-pcre configure
option.

+ New modules

mod_tls_memcache

The mod_tls_memcache module uses the new mod_memcache/memcached support
in ProFTPD to use memcached servers for caching SSL session information.
This can be useful, especially when clusters of proftpd servers are
in used, or for preserving SSL session caches across proftpd restarts.
See doc/contrib/mod_tls_memcache.html for more details on this module.

+ New configuration directives:

MaxCommandRate

Some clients send FTP commands too quickly. The new MaxCommandRate
directive is used to detect and to throttle such malicious clients;
it also generates an event that can be used by the mod_ban module
for banning these clients. See doc/modules/mod_core.html#MaxCommandRate.

SQLNamedConnectInfo

Some sites wish to have mod_sql connections to multiple different
databases simultaneously, e.g. one connection for retrieving user
data and a separate connection for logging. To support such sites,
the new SQLNamedConnectInfo directive can be used to create "named
connection". These "named connections" can then be used in a
SQLNamedQuery, i.e. you can specify the named connection that a
SQLNamedQuery is to use when it is expected. More information can
found at doc/contrib/mod_sql.html#SQLNamedConnectInfo.

TraceOptions

The TraceLog can provide very detailed information, especially when
diagnosing an issue. To aid in such diagnoses, the new TraceOptions
directive can be used to add more information to the TraceLog,
such as client/server IP addresses (if available), and timestamps
with millisecond granularity. The documentation at
doc/modules/mod_core.html#TraceOptions has the details.

+ The following utilities are now installed under $prefix/bin/ by the
'make install' target: ftpasswd, ftpmail, ftpquota

+ Changed configuration directives:

BanOnEvent

The mod_ban module's BanOnEvent directive now supports a few more
events, namely 'MaxCommandRate' and 'UnhandledCommand'. These events
can be used to ban clients which send commands too quickly, or which
send too many unhandled/unknown commands.

ExtendedLog

For some LogFormat variables (e.g. %E, %I, %O) it is useful to log
them when then session exits. The mod_sql module has had the ability
to log at session exit for quite some time. The ExtendedLog directive
can how log at session exit as well, using the new "EXIT" command class.

LogFormat

The LogFormat directive now supports a couple of new variables:

%E variable, for end-of-session reason
%H variable, for IP address of server handling session

These are listed in the LogFormat docs; see
doc/modules/mod_log.html#LogFormat.

PathAllowFilter, PathDenyFilter

The PathAllowFilter and PathDenyFilter directives now support an
optional flags parameter, which can be used to specify e.g.
case-insensitive evaluation of the configured regular expression.
For example:

PathDenyFilter .jpg$ [NC]

See doc/modules/mod_core.html#PathAllowFilter for more details.

SFTPOptions

The mod_sftp module's SFTPOptions directive supports a new
'IgnoreSFTPSetPerms' option. This option is similar to the existing
'IgnoreSFTPUploadPerms'; it causes mod_sftp to silently ignore the SFTP
client's attempts to change file permissions. See
doc/contrib/mod_sftp.html#SFTPOptions.

SFTPPAMOptions

The SFTPPAMOptions directive for the mod_sftp_pam module now supports
a 'NoInfoMsgs' option, which disables the sending of informational
messages from the PAM library to the connecting SSH client. This
option can be used to make mod_sftp_pam behavior like OpenSSH with
regard to PAM support.

SQLNamedQuery

The SQLNamedQuery directive now supports an optional "named connection"
name, for supporting multiple database connections. See the
doc/contrib/mod_sql.html#SQLNamedConnectInfo docs for more information.

TLSSessionCache

The TLSSessionCache directive from the mod_tls module can now be
used to explicitly configure the session cache timeout when OpenSSL's
internal session caching mechanism (used by default) is being used.
See doc/contrib/mod_tls.html#TLSSessionCache for details.

Trace

The Trace directive can now to be used to specify a range of trace
channel log levels, rather than simply specifying the maximum log
level for a channel. For example, to see only messages from log
levels 5 to 8, you would do:

Trace DEFAULT:5-8

This is documented in the Trace directive documentation, at
doc/modules/mod_core.html#Trace.

+ New documentation:

doc/howto/ConnectionACLs.html

doc/utils/ftpasswd.html
doc/utils/ftpcount.html
doc/utils/ftpdctl.html
doc/utils/ftpquota.html
doc/utils/ftpscrub.html
doc/utils/ftptop.html
doc/utils/ftpwho.html

+ Developer/API Changes

The following functions have been removed, as they are not used anywhere
and should not be being used:

pr_response_send_ml()
pr_response_send_ml_start()
pr_response_send_ml_end()

The following function has been renamed/moved:

end_login() is now pr_session_end()

A related new function, pr_session_disconnect() is added. This new
function allows the caller to specify a reason code indicating why
the session is ending, as well as support for an optional string
for more details about the reason for ending the session.

----
こがよういちろう


投稿者 xml-rpc : 2011年4月 4日 15:19
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/102953
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。