proftpd-dfsg (1.3.8+dfsg-4+deb12u4) bookworm-security; urgency=high
* Add my Debian E-Mail address to Field Uploaders.
* Patch for issue Issue #1830 (Closes: #1082326).
Supplemental Group Inheritance Grants Unintended Access to GID 0
(CVE-2024-48651).
-- Hilmar Preuße <hille42@debian.org> Sat, 30 Nov 2024 23:32:48 +0100
proftpd-dfsg (1.3.8+dfsg-4+deb12u3) bookworm; urgency=medium
* Add patch for Terrapin attack (CVE-2023-48795).
* make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte
out-of-bounds read, and daemon crash, because of mishandling of
quote/backslash semantics (CVE-2023-51713).
-- Hilmar Preusse <hille42@web.de> Tue, 09 Jan 2024 21:52:35 +0000
proftpd-dfsg (1.3.8+dfsg-4+deb12u2) bookworm; urgency=medium
* Add patch from upstream to address issue 1694 (Closes: #1051236).
-- Hilmar Preusse <hille42@web.de> Thu, 16 Nov 2023 23:06:15 +0100
proftpd-dfsg (1.3.8+dfsg-4+deb12u1) bookworm; urgency=medium
* Now do not enable proftpd.socket to avoid conflicts at boot time.
(Closes: #1038416)
* Introduced a new prerm script to manage stop of service/socket before
remove.
* Added an entry to NEWS file to explain the change in unit files
and how to deal with changes.
* Revised README.Debian to reflect changes in unit file management.
-- Francesco Paolo Lovergine <frankie@debian.org> Wed, 28 Jun 2023 15:17:54 +0200
proftpd-dfsg (1.3.8+dfsg-4) unstable; urgency=medium
* Correct Umask entry in commented section (Closes: #1006011).
* Enable upstreams test suite (partially) as autopkg test.
-- Hilmar Preusse <hille42@web.de> Tue, 14 Mar 2023 10:16:31 +0100
proftpd-dfsg (1.3.8+dfsg-3) unstable; urgency=medium
[ Jörn-Thorben Hinz ]
* Drop dependency on the obsolete and empty lsb-base
* Correctly use Rules-Requires-Root
* Remove obsolete patches.
* Copy new patches from upstream:
- fix loading of rewrite module: upstream_1592.diff (Closes: #1032424).
- upstream_bug_1568.diff: Build-time detection of Linux POSIX ACL support
broken
- upstream_bug_1581.diff: mod_sftp fails to handle SFTP requests to
truncate files to zero size
- upstream_bug_1584.diff: mod_sftp improperly handles SFTP WRITE requests
for files opened for appending
- upstream_bug_1597.diff: <Class> section is allowed to be in <Global>,
but From directive is not
-- Hilmar Preusse <hille42@web.de> Mon, 06 Mar 2023 21:13:28 +0100
proftpd-dfsg (1.3.8+dfsg-2) unstable; urgency=low
* Upload to unstable.
* Disable patch for Bug-Debian: #965077. Has been replaced by
"SQLAuthTypes SHA1".
* Disable patch wrong-path-for-interpreter_perl.diff: #!/usr/bin/perl
is not a must condition any more.
* Remove surplus lintian override.
-- Hilmar Preusse <hille42@web.de> Thu, 15 Dec 2022 22:47:50 +0100
proftpd-dfsg (1.3.8+dfsg-1) experimental; urgency=medium
New upstream release; disable (upstreamed) / refresh patches.
* Replace (deprecated) pcre3 by pcre2 (Closes: #999980).
* Add libidn2-dev to Build Depends.
-- Hilmar Preusse <hille42@web.de> Mon, 05 Dec 2022 21:41:18 +0100
proftpd-dfsg (1.3.7d+dfsg-3) unstable; urgency=medium
* Replace B-D:
* libldap2-dev => libldap-dev
* libncurses5-dev => libncurses-dev
* Add Lintian Override: proftpd-dfsg source: source-is-missing
* Replace the hand written code to enable/start standalone proftpd by
dh_installsystemd provided snippets. This hopefully (Closes: #991266).
-- Hilmar Preusse <hille42@web.de> Wed, 09 Nov 2022 07:59:11 +0100
proftpd-dfsg (1.3.7d+dfsg-2) unstable; urgency=medium
* debian/copyright: use spaces rather than tabs to start continuation lines.
* Patch for Issue 1448 - Ensure that mod_sftp algorithms work properly with
OpenSSL 3.x.
* Backport of fix for Issue #1445 to the 1.3.7 branch.
-- Hilmar Preusse <hille42@web.de> Tue, 24 May 2022 20:57:34 +0200
proftpd-dfsg (1.3.7d+dfsg-1) unstable; urgency=medium
[ Hilmar Preusse ]
* New upstream release.
* Lintian:
- Remove override, "systemd-service-file-outside-lib".
- I: systemd-service-file-missing-documentation-key
- Rules-Requires-Root: binary
- More small stuff
* Fix syntax values in proftpd.conf example (Closes: #1002467)
* Add $OPTIONS to ExecStartPre statements in
proftpd-core.proftpd.service (Closes: #1010302).
[ Debian Janitor ]
* Remove constraints unnecessary since buster:
+ Build-Depends: Drop versioned constraint on libmemcached-dev.
+ proftpd-core: Drop versioned constraint on libpam-runtime and lsb-base in
Depends.
-- Hilmar Preusse <hille42@web.de> Wed, 04 May 2022 21:35:10 +0200
proftpd-dfsg (1.3.7c+dfsg-1) unstable; urgency=medium
* New upstream release, contains fix for issue #1284
(Closes: #993173).
* Lintian override. proftpd-core: systemd-service-file-outside-lib
* Remove d/proftpd-substvars from git, it is a generated file.
* d/control is upgraded from d/control.in in post hook of
gbp import-orig.
* debian/watch does not search for rc versions.
-- Hilmar Preusse <hille42@web.de> Sun, 19 Sep 2021 00:00:13 +0200
proftpd-dfsg (1.3.7b+dfsg-2) unstable; urgency=medium
[ Hilmar Preusse ]
* Forgot to bump abi version (needs to be done manually).
* Updated to Standards-Version 4.6.0, no changes needed.
[ Debian Janitor ]
* Trim trailing whitespace.
* Update renamed lintian tag names in lintian overrides.
* Remove constraints unnecessary since buster:
+ proftpd-core: Drop versioned constraint on debianutils, netbase, sed and
ucf in Depends.
-- Hilmar Preusse <hille42@web.de> Tue, 24 Aug 2021 09:09:55 +0200
proftpd-dfsg (1.3.7b+dfsg-1) unstable; urgency=medium
* New upstream release, refresh patches, remove applied patches.
* d/watch: disregard RC versions, hopefully.
* d/watch: Add signature check.
* Add debian/gitlab-ci.yml for CI.
-- Hilmar Preusse <hille42@web.de> Thu, 15 Jul 2021 23:33:15 +0200
proftpd-dfsg (1.3.7a+dfsg-12) unstable; urgency=medium
* In d/postrm skip ucf purging if ucf is not available and make piuparts
happy.
-- Francesco Paolo Lovergine <frankie@debian.org> Fri, 15 Jan 2021 15:09:32 +0100
proftpd-dfsg (1.3.7a+dfsg-11) unstable; urgency=medium
* Missing removing of ucf hashes on purge added to postrm.
* Removed obsolete target in d/rules.
* Removed old debconf stuff still around.
-- Francesco Paolo Lovergine <frankie@debian.org> Mon, 11 Jan 2021 13:23:46 +0100
proftpd-dfsg (1.3.7a+dfsg-10) unstable; urgency=medium
* Fixed missing s/mod_snmp/snmp/ in postinst.
(closes: #979214)
-- Francesco Paolo Lovergine <frankie@debian.org> Mon, 04 Jan 2021 11:35:09 +0100
proftpd-dfsg (1.3.7a+dfsg-9) unstable; urgency=medium
[ Hilmar Preusse ]
* Add file exclude for uscan.
[ Francesco Paolo Lovergine ]
* Moved to dh-compat 13.
* Added a not-installed file for stuff not installed in any package.
* Some contrib/ files are now installed by upstream, so changed a bit
the d/install file.
* Now in preinst move past existing logrotate file to the new name.
* Removed spurious exit in preinst that prevented run of dh section.
* Renamed mod_snmp.conf => snmp.conf for uniformity in naming.
* Using deb-systemd-invoke instead of systemctl in postinst and
added a pre-depends on that basis to pre-dep on a recent version
of init-system-helpers. Thanks lintian!
* Introduced ${misc:Depends} among p-basic deps to make lintian happy.
-- Francesco Paolo Lovergine <frankie@debian.org> Mon, 04 Jan 2021 11:23:32 +0100
proftpd-dfsg (1.3.7a+dfsg-8) unstable; urgency=medium
* More spaces eated in main template by silly automagic replacement fixed.
This is the last one, promised.
-- Francesco Paolo Lovergine <frankie@debian.org> Sat, 02 Jan 2021 16:06:30 +0100
proftpd-dfsg (1.3.7a+dfsg-7) unstable; urgency=medium
* Sigh, too many spaces eated in main template file among commented lines.
-- Francesco Paolo Lovergine <frankie@debian.org> Sat, 02 Jan 2021 11:13:55 +0100
proftpd-dfsg (1.3.7a+dfsg-6) unstable; urgency=medium
* In order to avoid breakage at install time in non standalone mode,
enable-n-start via systemd has been moved to postinst.
* NEWS file rearranged and updated.
* Minor fixes to README.Debian doc.
* Revised NEWS file and templates for styling.
-- Francesco Paolo Lovergine <frankie@debian.org> Fri, 01 Jan 2021 10:42:05 +0100
proftpd-dfsg (1.3.7a+dfsg-5) unstable; urgency=medium
* Sigh, removed a spurious line introduced in postinst in the last upload.
(closes: #977853)
* Now truly installing socket-related systemd files. Migrated to debhelper
level 11 to finalize a working combination of dh_installsystemd/dh_installinit.
That triggered also a few changes to debian/rules, including the dropping
dh_auto_configure use.
* Fixed postinst to add new conf files, if missing. That also caused
breakage at postinst time :-/
-- Francesco Paolo Lovergine <frankie@debian.org> Tue, 22 Dec 2020 12:51:44 +0100
proftpd-dfsg (1.3.7a+dfsg-4) unstable; urgency=medium
* Added a proftpd-core.docs to include a few secondary, but sometimes useful
contributed docs from upstream.
* Now using standard makefile for archs as provided by dpkg-dev.
* Added a sftp.conf template for optional SFTP support.
* Missing ucf management of some templates added.
* Now using debhelper-compat virtual in debian/control.
* Added support files for running proftpd via systemd socket. The preferred
way of running proftpd is the standalone mode, but now README.Debian explains
how inet/xinetd/socket can be used instead.
(closes: #740177, #657484)
* Removed trailing spaces at the end of lines in debian/changelog to make
lintian happy.
* Fixed oversight old dependency of -mod-mysql on proftpd-basic (thanks lintian).
* Fixed typo in lintian-overrides (thanks lintian).
* Moved proftpd-basic to oldlibs, because transitional.
* Fixed debian/watch file for demangling (thanks lintian).
-- Francesco Paolo Lovergine <frankie@debian.org> Mon, 21 Dec 2020 12:15:46 +0100
proftpd-dfsg (1.3.7a+dfsg-3) unstable; urgency=medium
* Introduced a new (old) -core package and made -basic a transitional
package in order to ensure a smooth upgrade from current stable and
testing. This is due because of the new -mod-tls and mod-crypto
packages. (closes: #977349)
* Added an appropriate NEWS entry.
* Changed modules.conf template to reflect changes in layouts of modules vs
packages.
* Housekeeping proftpd-core.NEWS file and removed old global NEWS to avoid
spreading the same NEWS file among multiple packages.
* Fixed short descriptions.
* Moved -mod-wrap and -mod-crypto among Suggests, thanks to changes to default
template for modules.conf.
* Moved all modules dependent on mod_tls and mod_sftp to -mod-crypto.
* Added some missing LoadModules entry template modules.conf.
-- Francesco Paolo Lovergine <frankie@debian.org> Mon, 14 Dec 2020 16:12:56 +0100
proftpd-dfsg (1.3.7a+dfsg-2) unstable; urgency=medium
* Fixed a bit debian/watch for current versioning by upstream.
* Added debian/gbp.conf to force pristine-tar use.
* proftpd-basic.postint modified to try to manage better IdentLookups
directive and to move of mod_ident into DSO mode.
-- Francesco Paolo Lovergine <frankie@debian.org> Sun, 13 Dec 2020 16:26:07 +0000
proftpd-dfsg (1.3.7a+dfsg-1) unstable; urgency=medium
* Re-uploaded without the upstream distributed IETF RFC docs.
(closes: #977090)
-- Francesco Paolo Lovergine <frankie@debian.org> Thu, 10 Dec 2020 22:02:18 +0100
proftpd-dfsg (1.3.7a-2) unstable; urgency=medium
[ Hilmar Preusse ]
* Applied some patches pulled from upstream.
- upstream_1063: Avoid segfaults for TLSv1.3 data transfers in
our session tickey callback by checking the status before using
SSL_SESSION pointer.
- upstream_1070: Implement support for Redis 6.x AUTH semantics.
- upstream_1061: While investigating some reported issues with
Ed25519 keys and mod_sftp, I reproduced one segfault when verifying
such keys during publickey authentication.
- 3c73f39f0db6724db597646eb6e476278f76edf5.diff
Bug 4405 - Memory use-after-free in mod_sftp causes unexpected
login/authentication issues.
- debian/patches/pr_1094.diff: Improve prxs detection of `configure`
scripts for modules.
- 2eadd82f392573235432a9cb60266f6472d08884.diff
Issue #1074: Properly handle the `TLSCertificateChainFile` directive
when SNI is used.
* Add patch from Andreas Trottmann <andreas.trottmann@werft22.com> to
reintroduce "SQLAUthTypes Backend" with MySQL database
(Closes: #965077).
* Clean {post,pre}{inst,rm}, leave job to debhelper.
* Disable MultilineRFC2228 per
https://github.com/proftpd/proftpd/issues/1085 in config template.
* Enclose "IdentLookups off" in <IfModule mod_ident.c><IfModule> in sample
configuration.
* Development of mod_dnsbl has moved to proftp main package years ago.
Build the module from this package, add fields for file move.
* Move modules depending on libsodium & libwrap0 into own packages.
New packages are recommended.
* Lintian:
- E: symlink-contains-spurious-segments usr/sbin/in.proftpd ./proftpd
[ Francesco Paolo Lovergine ]
* Now using dh methods to modernize debian/rules style.
Cleaned up old makefile variables and now using --enable-openssl to
enable SSL in mod_sql and mod_tls instead of using the
HAVING_OPENSSL variable.
(closes: #842293, #848045)
* Policy bumped to 4.5.1.
* Updated debian/control.in to reflect use of a debhelper >= 10.
* Fixed a bit the long description to make lintian happy.
* Added a service file for systemd.
* Added a commented mod_ident loading in default modules.conf
* Reinstated hardening in debian/rules.
-- Francesco Paolo Lovergine <frankie@debian.org> Thu, 10 Dec 2020 15:45:13 +0100
proftpd-dfsg (1.3.7a-1) unstable; urgency=medium
New upstream release 1.3.7a:
* Patches obsoleted
- applied upstream: reproducible_build, spelling_errors
- bundled libcap removed: mod_cap
* Disable/Remove intermediate patches for security issues.
Debian adaptions:
* d/clean reduced, clean handed over to upstream.
* Enable all modules available (and compilable) in 1.3.7a
(Closes: #965051).
* Compile and link with libsodium for better crypto support.
* Install xferstats.holger-preiss the Debian way; using dh-exec.
* Raise debhelper compat Level to 10.
-- Hilmar Preusse <hille42@web.de> Thu, 23 Jul 2020 07:53:17 +0200
proftpd-dfsg (1.3.6c-3) unstable; urgency=medium
* Remove last(?) debconf cruft:
- don't call dh_installdebconf in d/rules
- don't source /usr/share/debconf/confmodule in postinst
* Remove surplus BD on libattr1-dev (Closes: #953917).
[ Debian Janitor <janitor@jelmer.uk> ]
* Trim trailing whitespace.
* Use secure copyright file specification URI.
* debian/copyright: use spaces rather than tabs to start continuation
lines.
* Wrap long lines in changelog entries: 1.3.5~rc1-2, 1.3.3a-6, 1.3.3a-
4, 1.3.3a-2, 1.3.2a-1, 1.3.2-3, 1.3.1-17, 1.3.1-10, 1.3.0-26, 1.2.10-
23, 1.2.10-9, 1.2.10-3, 1.2.10-2, 1.2.9-12, 1.2.9-8, 1.2.0pre9-1.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
* Refer to specific version of license.
-- Hilmar Preusse <hille42@web.de> Mon, 18 May 2020 22:03:58 +0200
proftpd-dfsg (1.3.6c-2) unstable; urgency=medium
* Add patch from upstream as follow up for CVE-2020-9273
cd9036f4ef7a05c107f0ffcb19a018b20267c531.patch
(Closes: #952557).
-- Hilmar Preusse <hille42@web.de> Thu, 27 Feb 2020 20:34:56 +0100
proftpd-dfsg (1.3.6c-1) unstable; urgency=medium
* New upstream version.
Contains support for OpenSSH-specific private key format
(Closes: #932373).
* A few patches are obsolete (included upstream):
- quotatab_modules (was not installed anyway)
- upstream_pull_859_861_CVE-2019-19270_CVE-2019-19269
- upstream_4385
* Patches refreshed.
-- Hilmar Preusse <hille42@web.de> Thu, 20 Feb 2020 13:52:22 +0100
proftpd-dfsg (1.3.6b-3) unstable; urgency=medium
* Cherry pick "upstream_4385" from upstream:
- for upstream #4385 (Closes: #949622)
-- Hilmar Preusse <hille42@web.de> Wed, 22 Jan 2020 23:12:44 +0100
proftpd-dfsg (1.3.6b-2) unstable; urgency=medium
* Cherry pick patch from upstream:
- for upstream 861 (CVE-2019-19269) (Closes: #946345)
- for upstream 859 (CVE-2019-19270) (Closes: #946346)
upstream_pull_859_861_CVE-2019-19270_CVE-2019-19269
-- Hilmar Preusse <hille42@web.de> Sun, 08 Dec 2019 14:03:43 +0100
proftpd-dfsg (1.3.6b-1) unstable; urgency=medium
* New upstream release:
- Obsoletes patch issue_846_CVE-2019-18217.diff.
- Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824).
-- Hilmar Preusse <hille42@web.de> Mon, 04 Nov 2019 22:08:07 +0100
proftpd-dfsg (1.3.6a-2) unstable; urgency=high
* Add patch for upstream bug #846 (CVE-2019-18217).
(Closes: #942831)
-- Hilmar Preusse <hille42@web.de> Tue, 22 Oct 2019 13:30:36 +0200
proftpd-dfsg (1.3.6a-1) unstable; urgency=medium
* New upstream patch release. Obsoletes patches included in upstream:
- upstream_4372_CVE-2019-12815.diff
- upstream_4312, upstream_4312_fix_version
- upstream_4356
- upstream_4335
- upstream_4336 (although not mentioned in upstream changelog)
- github_pr_710 (although not mentioned in upstream changelog)
- github_pr_594 (although not mentioned in upstream changelog)
- upstream_pull_567 = Bug#4314
* Lintian Override: proftpd-dev: pkg-config-multi-arch-wrong-dir
(file is generated during build).
-- Hilmar Preusse <hille42@web.de> Mon, 14 Oct 2019 10:36:04 +0200
proftpd-dfsg (1.3.6-6) unstable; urgency=medium
* Document that proftpd read all files from /etc/proftpd/conf.d/
(Closes: #814772).
* Add patch upstream_4372_CVE-2019-12815.diff to solve CVE-2019-12815.
(Closes: #932453)
-- Hilmar Preusse <hille42@web.de> Tue, 23 Jul 2019 21:04:28 +0200
proftpd-dfsg (1.3.6-5) unstable; urgency=medium
[ Francesco Paolo Lovergine ]
* Set the SE Linux context after creating a directory.
(Closes: #923033)
* Get upstream pull_567 (Bug#4314) (Closes: #927270)
* Bump Standards-Version to 4.4.0.
- make sure we don't call "strip" w/o using dh_strip.
-- Hilmar Preusse <hille42@web.de> Tue, 16 Jul 2019 23:34:25 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog proftpd-mod-crypto`.
Generated by dwww version 1.15 on Thu Aug 28 22:47:53 CEST 2025.