| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: proftpd-proxy-debuginfo | Distribution: Fedora Project |
| Version: 1.3.9b | Vendor: Fedora Project |
| Release: 1.fc43 | Build date: Mon Jun 8 17:38:47 2026 |
| Group: Development/Debug | Build host: buildvm-ppc64le-06.rdu3.fedoraproject.org |
| Size: 1572805 | Source RPM: proftpd-1.3.9b-1.fc43.src.rpm |
| Packager: Fedora Project | |
| Url: http://www.proftpd.org/ | |
| Summary: Debug information for package proftpd-proxy | |
This package provides debug information for package proftpd-proxy. Debug information is useful when developing applications that use this package or when debugging this package.
GPL-2.0-or-later
* Mon Jun 08 2026 Paul Howarth <paul@city-fan.org> - 1.3.9b-1
- Update to 1.3.9b
- Fix SQL Injection in mod_wrap2_sql via reverse DNS hostname (GH#2057,
CVE-2026-44331)
- Additional fix for session management with OpenSSL 3.2.x or later, when
using TLSv1.2 or earlier; this complements the fix for GH#1963 (GH#2096)
- Hard quota limits on uploads do not cause SFTP WRITE requests to fail as
expected (GH#2098)
- Fix SSH payload length underflow calculation for ETM/ChaChaPoly algorithms
in mod_sftp (GH#2102)
- SSH packet with empty payload triggered null pointer dereference in
mod_sftp (GH#2104)
- Bad DSA signatures could lead to out-of-bounds read of heap memory in
mod_sftp (GH#2106)
- Mismatched RSA/DSA algorithm signatures could lead to null dereference in
mod_sftp (GH#2108)
- SFTP request payload length underflow calculation in mod_sftp (GH#2115)
- Several modules failed to build using OpenSSL 4.0 (GH#2120)
- Update mod_proxy to 0.9.7
- Add a check on the maximum allowed SSH payload (vs. packet) length (GH#291)
- Set the payload_len field before checking its value (GH#292)
- Keep the SSH packet reading code in mod_proxy more in line with what is
done in mod_sftp, for legibility (GH#294)
- Implement support for the OpenSSH-specific ChaChaPoly SSH algorithm
(GH#295, GH#296)
- Correct misspellings noted by codespell (GH#297)
- Use clang-tidy to start polishing the codebase (GH#298)
- Disable the Nagle algorithm by default on our TCP connections to back-end
servers (GH#299)
- Require OpenSSL for building (GH#249, GH#300)
- Documentation fixes
- Implement a limit on the number of EXT_INFO extensions we'll be willing to
accept (GH#303)
- Comparison of expected/provided MAC data should be done in a constant-time
manner
- Support PKCS11-stored private keys
- Implement the "mlkem768x25519-sha256" and "sntrup761x25519-sha512"
post-quantum SSH key exchange mechanisms (GH#306)
- Add sanity check for SRV record lengths
- Ensure that the SSH payload length computation, for ETM/ChaChaPoly packets,
does not underflow
- If we detect a bad DSA signature length, properly error out
- Ensure that RSA/DSA signatures match their expected algorithm types, and
avoid null pointer dereferences
- Update to build against OpenSSL 4.x (GH#313)
* Tue May 19 2026 Paul Howarth <paul@city-fan.org> - 1.3.9a-3
- Address another avenue for SQL injection, via custom SQLUserInfo queries
* Mon May 11 2026 Paul Howarth <paul@city-fan.org> - 1.3.9a-2
- Additional escaping for avoidance of SQL injection issues with %{note:...}
and %{env:...}; these are on top of the existing fix for CVE-2026-42167 in
1.3.9a
- Fix for SQL Injection in mod_wrap2_sql via reverse DNS hostname
(CVE-2026-44331, rhbz#2466899, https://github.com/proftpd/proftpd/issues/2057)
* Thu Apr 30 2026 Paul Howarth <paul@city-fan.org> - 1.3.9a-1
- Update to 1.3.9a
- SCP transfers failed for files with spaces in their names (GH#1886)
- LDAPDefaultGID ignored since 1.3.9 (GH#1898)
- Compilation of mod_wrap2 failed when the --enable-wrapper-options configure
option was used (Bug #4512)
- mod_sftp failed to parse authorized user/host public keys with CRLF line
endings (GH#1904)
- Uploads using MODE Z sometimes resulted in corrupted files or broken
transfers (GH#1896)
- Remove usage of the deprecated MySQL_OPT_RECONNECT option for newer MySQL
versions (GH#1911)
- Update usage of MySQL API for SSL/TLS connections to server (GH#340)
- mod_sftp leaked file descriptor when reading SFTPHostKey file (GH#1959)
- Large/slow SCP downloads could be unnecessarily truncated by TimeoutStalled
(GH#1964)
- Handling of CRLs in mod_tls was incorrect, leading to confusing errors
(GH#1960)
- Resumed SSL_SESSION management in mod_tls lead to memory growth, infinite
loop using newer OpenSSL versions (GH#1963)
- mod_quotatab_ldap interactions could lead to segfault due to stale pointer
(GH#1984)
- RNTO before authentication lead to out-of-order response codes (GH#2003)
- MaxLoginAttemptsFromUser event never triggered in mod_ban for SFTP sessions
(GH#2009)
- Using toupper(3) on non-ASCII FTP command bytes might cause remote DoS
(GH#2019)
- Out-of-bounds single byte read when FTP command input buffer starts with LF
(GH#2020)
- FTP command LIST/NLST -B could cause buffer overflow when listing certain
crafted filenames (GH#2030)
- Memory exhaustion with mod_log_forensic when downloading very large files
via SFTP (GH#2043)
- Setting process groups during authentication crashed when using mod_radius
and <IfGroup> (GH#2046)
- SQL injection possible via mod_sql because of is_escaped_text() logic error
(GH#2052, CVE-2026-42167)
* Sat Jan 17 2026 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Mar 20 2025 Paul Howarth <paul@city-fan.org> - 1.3.9-1
- Update to 1.3.9 (see RELEASE_NOTES for details)
- Update mod_proxy to 0.9.5
- Implemented new IgnoreForeignAddress ProxyOption
- Fixed passive data transfers to backend IPv4 address when IPv6 support is
enabled
* Tue Mar 18 2025 Paul Howarth <paul@city-fan.org> - 1.3.8d-1
- Update to 1.3.8d
- Use of HideNoAccess for SFTP sessions can lead to segfault and/or
unexpected behaviour (GH#1855)
- SFTP channel allocations can lead to high memory utilization over time
(GH#1876)
- Avoid NULL pointer dereferences in mod_ls (GH#1866, CVE-2024-57392)
* Thu Feb 13 2025 Paul Howarth <paul@city-fan.org> - 1.3.8c-3
- Avoid NULL pointer dereferences in mod_ls (CVE-2024-57392)
- https://github.com/proftpd/proftpd/issues/1866
- Add explicit BR: libxcrypt-devel
* Fri Jan 17 2025 Paul Howarth <paul@city-fan.org> - 1.3.8c-2
- Fixes for C23 compatibility
- Update mod_vroot to 0.9.12
- Implement a realpath(3) callback for the FSIO API, for better
interoperability of other modules when mod_vroot is in effect
* Thu Dec 12 2024 Paul Howarth <paul@city-fan.org> - 1.3.8c-1
- Update to 1.3.8c
- Using FTPS after upgrading from 1.3.8a to 1.3.8b lead to crash (GH#1770)
- Bad handling of lack of extended attributes lead to SFTP out of memory
error (GH#1785)
- mod_sftp_sql logged "header value too long" due to unexpected key header
text (GH#1529)
- SSH ECDSA host key algorithms were not used as expected despite configuring
appropriate key (GH#1839)
- RADIUS Message-Authenticator verification failed with ProFTPD mod_radius
(GH#1840)
- Supplemental group inheritance granted unintended access to GID 0 due to
lack of supplemental groups from mod_sql (GH#1830)
* Tue Nov 19 2024 Paul Howarth <paul@city-fan.org> - 1.3.8b-9
- Fix RADIUS Message-Authenticator verification in mod_radius
- https://github.com/proftpd/proftpd/issues/1840
- https://bugzilla.redhat.com/show_bug.cgi?id=2325448
* Fri Oct 11 2024 Paul Howarth <paul@city-fan.org> - 1.3.8b-8
- Drop EL-7 support
- Drop mod_geoip support
- Drop mod_wrap support
- Always build mod_proxy
- Always use libpcre2
- Always use maridb client library in preference to mysql
- Always use libpq client library in preference to postgresql
- Always use OpenSSL Cipher Profiles
- Explicitly switch from libmemcached to libmemcached-awesome from Fedora 35
onwards
* Fri Jul 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.8b-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jul 10 2024 Paul Howarth <paul@city-fan.org> - 1.3.8b-6
- Fix support for building with no ENGINE support in OpenSSL (GH#1816)
- Avoid potential null pointer dereference in mod_tls and mod_proxy (GH#1817)
/usr/lib/debug /usr/lib/debug/.build-id /usr/lib/debug/.build-id/74 /usr/lib/debug/.build-id/74/227782a37d428ddb612f19cc5e43a0c9bcbff1 /usr/lib/debug/.build-id/74/227782a37d428ddb612f19cc5e43a0c9bcbff1.debug /usr/lib/debug/usr /usr/lib/debug/usr/libexec /usr/lib/debug/usr/libexec/proftpd /usr/lib/debug/usr/libexec/proftpd/mod_proxy.so-1.3.9b-1.fc43.ppc64le.debug
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Jun 10 00:32:41 2026