proftpd-dfsg (1.3.8+dfsg-4+deb12u1) bookworm; urgency=medium If you upgrade from 1.3.8+dfsg-4 (i.e. the 12.0 edition of bookworm) note that you will need to systemctl disable --now proftpd.socket systemctl enable --now proftpd.service after upgrade, if you run the proftpd in (default) standalone mode and you did not do that before. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038416 for more information. For other information about inetd/standalone switching see also the relevant section in /usr/share/doc/proftpd-core/README.Debian.gz. -- Francesco Paolo Lovergine Wed, 21 Jun 2023 15:21:32 +0200 proftpd-dfsg (1.3.7a+dfsg-6) unstable; urgency=medium The default method of installation is the traditional standalone (i.e. daemon) mode, but inet/xinetd/socket configurations are now supported again, at the admin's will. More information about that are provided in README.Debian. Note that the standalone installation is now via systemd, even if the traditional sysv init script is still provided (but not used), for people that eventually would prefer to use it. Starting from this release, a few modules related to libwrap and TLS/SSL moved to new proftpd-mod-crypto and proftpd-mod-wrap, in order to reduce the number of libraries to depend on. A transitional package ensure to avoid breakage of existing configurations in upgrade. New installations need to take the new layout in consideration and usually install proftpd-core instead of proftpd-basic, with strictly required add-on packages, as well. -- Francesco Paolo Lovergine Mon, 14 Dec 2020 11:05:01 +0100 proftpd-dfsg (1.3.6-1) unstable; urgency=medium mod_readme is now build as module instead of compiled in. Make sure it is loaded if you need it (this is the default). -- Francesco Paolo Lovergine Mon, 15 Jan 2018 21:14:17 +0100 proftpd-dfsg (1.3.5d-1) unstable; urgency=medium Starting from this version, proftpd works by default in standalone mode at its first install. It is still possible to use inetd/xinetd mode, but the admin has to manage that manually by update-inetd or configuring xinetd. Some information about that are provided in the accompanying doc /usr/share/doc/proftpd-basic/README.Debian. -- Francesco Paolo Lovergine Fri, 27 Jan 2017 14:44:31 +0100 proftpd-dfsg (1.3.4~rc2-4) unstable; urgency=low The mod_ldap 2.9 version introduced in 1.3.4 series changed completely configuration settings. See the Changes section in README.LDAP for new configuration directives to be used and DO NOT assume you can simply use your current configuration. -- Francesco Paolo Lovergine Thu, 01 Sep 2011 14:10:09 +0200 proftpd-dfsg (1.3.4~rc2-2) unstable; urgency=low Starting from this version the core package does not provide the still experimental non-core mod_vroot package. You need to install the separate proftpd-mod-vroot package explicitly instead, or to comment the mod_vroot.c loading in /etc/proftpd/modules.conf. -- Francesco Paolo Lovergine Wed, 20 Apr 2011 17:46:30 +0200 proftpd-dfsg (1.3.3d-4) unstable; urgency=low Starting from this version /etc/proftpd/proftpd.conf also includes all files present at /etc/proftpd/conf.d/ to allow a better customization without need of changing the main system files. This version adds the useful contributed module mod_vroot, which is still not part of the standard modules. It can be used for providing shared directories under chrooted environments, among other useful features. A new template 'virtuals.conf' is provided also to keep things ordered about vhosts/vroots and show some examples. -- Francesco Paolo Lovergine Tue, 15 Feb 2011 13:45:18 +0100 proftpd-dfsg (1.3.2e-3) unstable; urgency=low This version adds the useful contributed module mod_vroot, which is still not part of the standard modules. It can be used for providing shared directories under chrooted environments, among other useful features. A new template 'virtuals.conf' is provided also to keep things ordered about vhosts/vroots and show some examples. -- Francesco Paolo Lovergine Tue, 16 Mar 2010 12:13:00 +0100 proftpd-dfsg (1.3.2e-1) unstable; urgency=low A new contributed module mod_vroot has been added to the provided modules pool. Note that it is *still* experimental, so use it at your own risk. -- Francesco Paolo Lovergine Mon, 19 Apr 2010 13:13:45 +0200 proftpd-dfsg (1.3.2b-2) unstable; urgency=low This version stops client-initiated TLS renegotiations by default. This is a side effect of fixing CVE-2009-3555 in OpenSSL protocol. Unfortunately that could break some clients until a better approach is adopted to fix this protocol issue globally. In order to avoid connection losses in those cases a new directive has been adopted: TLSOption AllowClientRenegotiations which can be added to tls.conf. It is currently commented out in Debian provided configuration as in default ProFTPD setting. See also http://bugs.proftpd.org/show_bug.cgi?id=3324 for more information. -- Francesco Paolo Lovergine Fri, 11 Dec 2009 10:00:02 +0100 proftpd-dfsg (1.3.2a-1) unstable; urgency=low The traditional monthly cron job to collect statistics has been removed and ftpstats is now run at logrotate execution as a post rotation job. You can safely remove the /etc/cron.monthly/proftpd{-basic}.disabled script(s) after upgrading and customize the /etc/logrotate.d/proftpd-basic instead as you prefer. Note that until release 1.3.2-1 the log rotation was also performed without using logrotate, and it has been introduced to be more homogeneous with other services. -- Francesco Paolo Lovergine Fri, 17 Jul 2009 13:21:01 +0200 proftpd-dfsg (1.3.2-1) unstable; urgency=low Starting from 1.3.2 ProFTPD supports external DSO modules development. External modules can be built using proftpd-dev package and its utilities and files, prxs and pkg-config specifically. If you'd like some contributed modules were distributed, but they are not distributed with the main package, feel free to ask with a RFP and I will evaluate if the module is in shape and potentially useful for that. -- Francesco Paolo Lovergine Sun, 17 Feb 2009 11:19:44 +0100 proftpd-dfsg (1.3.1-12) unstable; urgency=low Starting from this version, exotic authentication modules have been splitted into different binary packages to reduce the number of dependencies. For compatibility they are all installed in upgrading, but you can remove both all unused proftpd-mod-* modules and the pseudo-package proftpd, now used only for migration. -- Francesco Paolo Lovergine Thu, 19 Jun 2008 15:24:22 +0200 proftpd-dfsg (1.3.1-10) unstable; urgency=low A new tiny `proftpd-gencert` script is now provided to create SSL/TLS self-signed certificate. The resulting key and certificate can be used along with the tls.conf template to provide ftps connections. -- Francesco Paolo Lovergine Mon, 19 May 2008 18:03:49 +0200 proftpd-dfsg (1.3.1-4) unstable; urgency=low Starting from this version a few example set of directives used for exotic authentications are splitted out in a few separate .conf files (currently LDAP, SQL and TLS related) which need to be included by the main proftpd.conf file. Their use is optional but strongly suggested. All directives are commented out by default. -- Francesco Paolo Lovergine Thu, 03 Jan 2008 17:35:56 +0100 proftpd-dfsg (1.3.0-1) unstable; urgency=low Starting from 1.3.0 proftpd support DSO and debian packaging moved to a single package style, in respect with the multi-binaries package previously used. The list of modules (all modules are enabled per default) is visibile in /etc/proftpd/modules.conf. You could also need to comment out the unused SQL backend module loading (mod_sql_mysql or mod_sql_postgres) in that file in order to have the right SQL engine working. Another possibility is specifying a suitable AuthOrder in your configuration file. mod_sql_mysql should handle old MySQL password format more gracefully. Starting with MySQL 4.1.1, the format for passwords stored using the MySQL PASSWORD() function changed. This format change causes issues for sites that have passwords stored in the older format. Users of mod_sql+mod_sql_mysql would see this as users being unable to login. Now, if compiled against MySQL 4.1.1 or later, mod_sql_mysql will first check the password using the current MySQL format; if that fails it will fall back to checking the old format. Note that this only affects sites which have "SQLAuthTypes Backend" in their proftpd.conf. -- Francesco Paolo Lovergine Mon, 6 Jun 2005 14:39:04 +0200