Fedora Packages

proftpd-mysql-1.3.9b-1.fc43 in Fedora 43

↵ Return to the main page of proftpd-mysql
View build
Search for updates

Package Info (Data from x86_64 build)
🠗 Changelog
🠗 Dependencies
🠗 Provides
🠗 Files

Changelog

Date Author Change
2026-06-08 Paul Howarth <paul at city dash fan dot org> - 1.3.9b-1 - Update to 1.3.9b - Fix SQL Injection in mod_wrap2_sql via reverse DNS hostname (GH#2057, CVE-2026-44331) - Additional fix for session management with OpenSSL 3.2.x or later, when using TLSv1.2 or earlier; this complements the fix for GH#1963 (GH#2096) - Hard quota limits on uploads do not cause SFTP WRITE requests to fail as expected (GH#2098) - Fix SSH payload length underflow calculation for ETM/ChaChaPoly algorithms in mod_sftp (GH#2102) - SSH packet with empty payload triggered null pointer dereference in mod_sftp (GH#2104) - Bad DSA signatures could lead to out-of-bounds read of heap memory in mod_sftp (GH#2106) - Mismatched RSA/DSA algorithm signatures could lead to null dereference in mod_sftp (GH#2108) - SFTP request payload length underflow calculation in mod_sftp (GH#2115) - Several modules failed to build using OpenSSL 4.0 (GH#2120) - Update mod_proxy to 0.9.7 - Add a check on the maximum allowed SSH payload (vs. packet) length (GH#291) - Set the payload_len field before checking its value (GH#292) - Keep the SSH packet reading code in mod_proxy more in line with what is done in mod_sftp, for legibility (GH#294) - Implement support for the OpenSSH-specific ChaChaPoly SSH algorithm (GH#295, GH#296) - Correct misspellings noted by codespell (GH#297) - Use clang-tidy to start polishing the codebase (GH#298) - Disable the Nagle algorithm by default on our TCP connections to back-end servers (GH#299) - Require OpenSSL for building (GH#249, GH#300) - Documentation fixes - Implement a limit on the number of EXT_INFO extensions we'll be willing to accept (GH#303) - Comparison of expected/provided MAC data should be done in a constant-time manner - Support PKCS11-stored private keys - Implement the "mlkem768x25519-sha256" and "sntrup761x25519-sha512" post-quantum SSH key exchange mechanisms (GH#306) - Add sanity check for SRV record lengths - Ensure that the SSH payload length computation, for ETM/ChaChaPoly packets, does not underflow - If we detect a bad DSA signature length, properly error out - Ensure that RSA/DSA signatures match their expected algorithm types, and avoid null pointer dereferences - Update to build against OpenSSL 4.x (GH#313)
2026-05-19 Paul Howarth <paul at city dash fan dot org> - 1.3.9a-3 - Address another avenue for SQL injection, via custom SQLUserInfo queries
2026-05-11 Paul Howarth <paul at city dash fan dot org> - 1.3.9a-2 - Additional escaping for avoidance of SQL injection issues with %{note:...} and %{env:...}; these are on top of the existing fix for CVE-2026-42167 in 1.3.9a - Fix for SQL Injection in mod_wrap2_sql via reverse DNS hostname (CVE-2026-44331, rhbz#2466899, https://github.com/proftpd/proftpd/issues/2057)
2026-04-30 Paul Howarth <paul at city dash fan dot org> - 1.3.9a-1 - Update to 1.3.9a - SCP transfers failed for files with spaces in their names (GH#1886) - LDAPDefaultGID ignored since 1.3.9 (GH#1898) - Compilation of mod_wrap2 failed when the --enable-wrapper-options configure option was used (Bug #4512) - mod_sftp failed to parse authorized user/host public keys with CRLF line endings (GH#1904) - Uploads using MODE Z sometimes resulted in corrupted files or broken transfers (GH#1896) - Remove usage of the deprecated MySQL_OPT_RECONNECT option for newer MySQL versions (GH#1911) - Update usage of MySQL API for SSL/TLS connections to server (GH#340) - mod_sftp leaked file descriptor when reading SFTPHostKey file (GH#1959) - Large/slow SCP downloads could be unnecessarily truncated by TimeoutStalled (GH#1964) - Handling of CRLs in mod_tls was incorrect, leading to confusing errors (GH#1960) - Resumed SSL_SESSION management in mod_tls lead to memory growth, infinite loop using newer OpenSSL versions (GH#1963) - mod_quotatab_ldap interactions could lead to segfault due to stale pointer (GH#1984) - RNTO before authentication lead to out-of-order response codes (GH#2003) - MaxLoginAttemptsFromUser event never triggered in mod_ban for SFTP sessions (GH#2009) - Using toupper(3) on non-ASCII FTP command bytes might cause remote DoS (GH#2019) - Out-of-bounds single byte read when FTP command input buffer starts with LF (GH#2020) - FTP command LIST/NLST -B could cause buffer overflow when listing certain crafted filenames (GH#2030) - Memory exhaustion with mod_log_forensic when downloading very large files via SFTP (GH#2043) - Setting process groups during authentication crashed when using mod_radius and <IfGroup> (GH#2046) - SQL injection possible via mod_sql because of is_escaped_text() logic error (GH#2052, CVE-2026-42167)
2026-01-17 Fedora Release Engineering <releng at fedoraproject dot org> - 1.3.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
2025-07-25 Fedora Release Engineering <releng at fedoraproject dot org> - 1.3.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
2025-03-20 Paul Howarth <paul at city dash fan dot org> - 1.3.9-1 - Update to 1.3.9 (see RELEASE_NOTES for details) - Update mod_proxy to 0.9.5 - Implemented new IgnoreForeignAddress ProxyOption - Fixed passive data transfers to backend IPv4 address when IPv6 support is enabled
2025-03-18 Paul Howarth <paul at city dash fan dot org> - 1.3.8d-1 - Update to 1.3.8d - Use of HideNoAccess for SFTP sessions can lead to segfault and/or unexpected behaviour (GH#1855) - SFTP channel allocations can lead to high memory utilization over time (GH#1876) - Avoid NULL pointer dereferences in mod_ls (GH#1866, CVE-2024-57392)
2025-02-13 Paul Howarth <paul at city dash fan dot org> - 1.3.8c-3 - Avoid NULL pointer dereferences in mod_ls (CVE-2024-57392) - https://github.com/proftpd/proftpd/issues/1866 - Add explicit BR: libxcrypt-devel
2025-01-17 Paul Howarth <paul at city dash fan dot org> - 1.3.8c-2 - Fixes for C23 compatibility - Update mod_vroot to 0.9.12 - Implement a realpath(3) callback for the FSIO API, for better interoperability of other modules when mod_vroot is in effect

Dependencies

Provides

  • proftpd-mysql
  • proftpd-mysql(x86-64)

Files


Sources on Pagure