linux-ftpd-ssl (0.17.36+0.3-2) unstable; urgency=low

  This release implements a substantial improvement in the server's
  ability to read a certificate chain as its own identity and also the
  use of a CA certificate collection for verifying the peer.  Complete
  verification of certificates is now possible during conversation,
  since 'certrequired' is now implemented.  Debugging of SSL matters
  into a file is a very useful new ability.

  The legacy patch set included a non-standard override of the outcome
  during (shallow) certificate verification.  It is not desirable now,
  but can be activated by '-z legacy', and should only serve as a means
  of easier transition.

 -- Mats Erik Andersson <mats.andersson@gisladisker.se>  Tue, 24 Jan 2017 14:56:34 +0100

linux-ftpd-ssl (0.17.31+0.3-1) unstable; urgency=low

  The recent IPv6 capability is handled in distinct ways
  by the three usual super-servers: openbsd-inetd, xinetd,
  and inetutils-inetd. The differences are discussed in the
  file README.Debian.

  Depending on your old setup, 'update-inetd' might complain
  about multiple instances of 'ftp' in '/etc/inetd.conf'. 
  The present version tries to counter-act this at future
  upgrades by inserting '--multi' in the maintainer scripts.

 -- Mats Erik Andersson <mats.andersson@gisladisker.se>  Tue, 25 May 2010 20:12:28 +0200

linux-ftpd-ssl (0.17.30+0.3-1) unstable; urgency=low

  This packaging of linux-ftpd incorporates working support
  for the IPv6 address family, in stand alone mode, as well
  as under the control of a super server like xinetd.

  The records made in wtmp now include the caller's address
  structure, thus improving the prospects of tracing clients.

 -- Mats Erik Andersson <mats.andersson@gisladisker.se>  Sat, 08 May 2010 19:54:28 +0200

linux-ftpd-ssl (0.17.27+0.3-2) unstable; urgency=low

  * SSL keys/certificates generated since 2006-09-17 with Debian's openssl
    package are vulnerable due to a predictable random number generator.
    For more details see:

      http://www.debian.org/security/2008/dsa-1571
      http://www.debian.org/security/key-rollover/
      http://wiki.debian.org/SSLkeys

  * To generate new keys using the default ftpd-ssl setup (as root):

      rm -f /etc/ftpd-ssl/ftpd.pem /etc/ssl/certs/ftpd.pem
      dpkg-reconfigure ftpd-ssl

  * If you have set up any SSL infrastructure beyond this, it will
    also need to be regenerated.

 -- Ian Beckwith <ianb@erislabs.net>  Wed, 21 May 2008 18:48:51 +0100