You can subscribe to this list here.
2001 |
Jan
(24) |
Feb
(632) |
Mar
(97) |
Apr
(98) |
May
(47) |
Jun
(27) |
Jul
(44) |
Aug
(49) |
Sep
(34) |
Oct
(49) |
Nov
(10) |
Dec
(60) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
(40) |
Feb
(68) |
Mar
(12) |
Apr
(20) |
May
(91) |
Jun
(110) |
Jul
(62) |
Aug
(43) |
Sep
(46) |
Oct
(79) |
Nov
(39) |
Dec
(64) |
2003 |
Jan
(50) |
Feb
(26) |
Mar
(62) |
Apr
(32) |
May
(54) |
Jun
(34) |
Jul
(29) |
Aug
(39) |
Sep
(58) |
Oct
(104) |
Nov
(19) |
Dec
(18) |
2004 |
Jan
(36) |
Feb
(24) |
Mar
(17) |
Apr
(47) |
May
(50) |
Jun
(45) |
Jul
(38) |
Aug
(54) |
Sep
(40) |
Oct
(18) |
Nov
(24) |
Dec
(24) |
2005 |
Jan
(33) |
Feb
(31) |
Mar
(38) |
Apr
(27) |
May
(17) |
Jun
(16) |
Jul
(23) |
Aug
(19) |
Sep
(14) |
Oct
(43) |
Nov
(2) |
Dec
(6) |
2006 |
Jan
(4) |
Feb
(14) |
Mar
(17) |
Apr
(5) |
May
(10) |
Jun
(9) |
Jul
|
Aug
(7) |
Sep
(10) |
Oct
(2) |
Nov
(18) |
Dec
(7) |
2007 |
Jan
(29) |
Feb
(8) |
Mar
(8) |
Apr
(6) |
May
(8) |
Jun
(4) |
Jul
(13) |
Aug
(10) |
Sep
(11) |
Oct
(19) |
Nov
(6) |
Dec
(1) |
2008 |
Jan
(4) |
Feb
(9) |
Mar
(9) |
Apr
(13) |
May
|
Jun
(2) |
Jul
(12) |
Aug
(5) |
Sep
(6) |
Oct
(15) |
Nov
(1) |
Dec
(1) |
2009 |
Jan
(3) |
Feb
(27) |
Mar
(5) |
Apr
(1) |
May
(55) |
Jun
(23) |
Jul
(4) |
Aug
(2) |
Sep
|
Oct
(2) |
Nov
(9) |
Dec
(2) |
2010 |
Jan
(3) |
Feb
(13) |
Mar
(2) |
Apr
(2) |
May
(25) |
Jun
(4) |
Jul
(5) |
Aug
|
Sep
(5) |
Oct
(2) |
Nov
|
Dec
(20) |
2011 |
Jan
|
Feb
(1) |
Mar
(2) |
Apr
(5) |
May
(7) |
Jun
(4) |
Jul
(3) |
Aug
(2) |
Sep
(1) |
Oct
(3) |
Nov
(10) |
Dec
(12) |
2012 |
Jan
(4) |
Feb
|
Mar
(9) |
Apr
|
May
(2) |
Jun
|
Jul
(1) |
Aug
(3) |
Sep
|
Oct
|
Nov
|
Dec
|
2013 |
Jan
(1) |
Feb
|
Mar
(10) |
Apr
(1) |
May
(1) |
Jun
(2) |
Jul
(8) |
Aug
|
Sep
(4) |
Oct
(1) |
Nov
(2) |
Dec
(3) |
2014 |
Jan
(3) |
Feb
|
Mar
|
Apr
(1) |
May
(7) |
Jun
(1) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
(2) |
2015 |
Jan
|
Feb
(2) |
Mar
|
Apr
(3) |
May
(7) |
Jun
(1) |
Jul
|
Aug
(2) |
Sep
|
Oct
(7) |
Nov
(2) |
Dec
|
2016 |
Jan
|
Feb
(1) |
Mar
(4) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(10) |
Oct
|
Nov
(8) |
Dec
|
2017 |
Jan
(4) |
Feb
(9) |
Mar
(11) |
Apr
(9) |
May
|
Jun
|
Jul
|
Aug
(7) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
2018 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
(3) |
2019 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
(4) |
Nov
|
Dec
|
2020 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
(6) |
Jun
(1) |
Jul
(3) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(6) |
Jun
(2) |
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
2022 |
Jan
|
Feb
|
Mar
(9) |
Apr
(2) |
May
(1) |
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(2) |
2023 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
(6) |
Jul
|
Aug
|
Sep
(4) |
Oct
(2) |
Nov
|
Dec
(2) |
From: Christian <ch...@co...> - 2022-03-23 09:14:40
|
Hi TJ, any news on this ? Thanks Regards Chris Am 02.03.22 um 21:58 schrieb Christian via Proftp-devel: > Am 02.03.22 um 21:35 schrieb TJ Saunders: >> >>> Not sure if you can review, but it is the package for SUSE I am trying >>> to update from 1.3.6 to 1.3.7 >>> It is here: >>> https://build.opensuse.org/package/show/network/proftpd >>> >>> I doubt that any of the patches causes the problem of the built objects >>> to be put into `-o .libs/object.o` >>> >>> and later trying to access them in ./ instead of ./libs/ >>> >>> I guess it has something to do with `libtool`, because there is the only >>> place where `./libs` is defined >>> >>> --- snip libtool --- >>> # The name of the directory that contains temporary libtool files. >>> objdir=.libs >>> >>> --- snip --- >>> >>> is it a 'configure' option ? >>> a libtool thingy ? >> >> Ah, I see. I'll attempt to reproduce this locally using a SUSE Docker >> container, see what I can find out... >> > > Just uploaded my current changes to my home project [1] to be able to > show others the build problem I am running into. > > But will wait for your reply. > > Thank you > Regards > Chris > > [1] > https://build.opensuse.org/package/show/home:computersalat:devel:network/proftpd > -- Christian ------------------------------------------------------------ https://join.worldcommunitygrid.org?recruiterId=177038 ------------------------------------------------------------ http://www.sc24.de - Sportbekleidung ------------------------------------------------------------ |
From: Christian <ch...@co...> - 2022-03-02 20:58:51
|
Am 02.03.22 um 21:35 schrieb TJ Saunders: > >> Not sure if you can review, but it is the package for SUSE I am trying >> to update from 1.3.6 to 1.3.7 >> It is here: >> https://build.opensuse.org/package/show/network/proftpd >> >> I doubt that any of the patches causes the problem of the built objects >> to be put into `-o .libs/object.o` >> >> and later trying to access them in ./ instead of ./libs/ >> >> I guess it has something to do with `libtool`, because there is the only >> place where `./libs` is defined >> >> --- snip libtool --- >> # The name of the directory that contains temporary libtool files. >> objdir=.libs >> >> --- snip --- >> >> is it a 'configure' option ? >> a libtool thingy ? > > Ah, I see. I'll attempt to reproduce this locally using a SUSE Docker container, see what I can find out... > Just uploaded my current changes to my home project [1] to be able to show others the build problem I am running into. But will wait for your reply. Thank you Regards Chris [1] https://build.opensuse.org/package/show/home:computersalat:devel:network/proftpd -- Christian ------------------------------------------------------------ https://join.worldcommunitygrid.org?recruiterId=177038 ------------------------------------------------------------ http://www.sc24.de - Sportbekleidung ------------------------------------------------------------ |
From: TJ S. <tj...@ca...> - 2022-03-02 20:50:58
|
> Not sure if you can review, but it is the package for SUSE I am trying > to update from 1.3.6 to 1.3.7 > It is here: > https://build.opensuse.org/package/show/network/proftpd > > I doubt that any of the patches causes the problem of the built objects > to be put into `-o .libs/object.o` > > and later trying to access them in ./ instead of ./libs/ > > I guess it has something to do with `libtool`, because there is the only > place where `./libs` is defined > > --- snip libtool --- > # The name of the directory that contains temporary libtool files. > objdir=.libs > > --- snip --- > > is it a 'configure' option ? > a libtool thingy ? Ah, I see. I'll attempt to reproduce this locally using a SUSE Docker container, see what I can find out... Cheers, TJ |
From: Christian <ch...@co...> - 2022-03-02 19:44:45
|
Am 02.03.22 um 17:48 schrieb TJ Saunders: > > > On Wed, Mar 2, 2022, at 07:38, Christian via Proftp-devel wrote: >> Am 01.03.22 um 23:23 schrieb TJ Saunders: >>>> running into following compile error: >>>> >>>> [ 50s] make[3]: Leaving directory >>>> '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib/libltdl' >>>> [ 50s] make[2]: Leaving directory >>>> '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib/libltdl' >>>> [ 50s] ar rc libsupp.a pr_fnmatch.o sstrncpy.o strsep.o vsnprintf.o >>>> glibc-glob.o glibc-hstrerror.o glibc-mkstemp.o pr-syslog.o pwgrent.o >>>> hanson-tpl. >>>> o ccan-json.o openbsd-blowfish.o openbsd-bcrypt.o >>>> [ 50s] ar: pr_fnmatch.o: No such file or directory >>>> [ 50s] make[1]: *** [Makefile:31: libsupp.a] Error 1 >>>> [ 50s] make[1]: Leaving directory >>>> '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib' >>>> [ 50s] make: *** [Makefile:48: lib] Error 2 >>> >>> Can you provide the full set of commands/instructions you're using to do your build? > > Well, I see that you're building an RPM file -- where did you get the rpmspec from? I also see that that RPM build is patching a lot of ProFTPD files; we can't really support such custom patches. They make things much harder to debug, since they aren't part of the official distribution. > > You can see the GitHub Actions workflow that's used to build an RPM from the ProFTPD 1.3.7 branch successfully here, for comparison: > https://github.com/proftpd/proftpd/blob/1.3.7/.github/workflows/rpm.yml#L75 > Not sure if you can review, but it is the package for SUSE I am trying to update from 1.3.6 to 1.3.7 It is here: https://build.opensuse.org/package/show/network/proftpd I doubt that any of the patches causes the problem of the built objects to be put into `-o .libs/object.o` and later trying to access them in ./ instead of ./libs/ I guess it has something to do with `libtool`, because there is the only place where `./libs` is defined --- snip libtool --- # The name of the directory that contains temporary libtool files. objdir=.libs --- snip --- is it a 'configure' option ? a libtool thingy ? my knowledge is limited, so that's why I am here to ask for help any idea would be heplful. There is no need to support the patches. Thank you in advance Cheers Chris -- Christian ------------------------------------------------------------ https://join.worldcommunitygrid.org?recruiterId=177038 ------------------------------------------------------------ http://www.sc24.de - Sportbekleidung ------------------------------------------------------------ |
From: TJ S. <tj...@ca...> - 2022-03-02 16:49:02
|
On Wed, Mar 2, 2022, at 07:38, Christian via Proftp-devel wrote: > Am 01.03.22 um 23:23 schrieb TJ Saunders: >>> running into following compile error: >>> >>> [ 50s] make[3]: Leaving directory >>> '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib/libltdl' >>> [ 50s] make[2]: Leaving directory >>> '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib/libltdl' >>> [ 50s] ar rc libsupp.a pr_fnmatch.o sstrncpy.o strsep.o vsnprintf.o >>> glibc-glob.o glibc-hstrerror.o glibc-mkstemp.o pr-syslog.o pwgrent.o >>> hanson-tpl. >>> o ccan-json.o openbsd-blowfish.o openbsd-bcrypt.o >>> [ 50s] ar: pr_fnmatch.o: No such file or directory >>> [ 50s] make[1]: *** [Makefile:31: libsupp.a] Error 1 >>> [ 50s] make[1]: Leaving directory >>> '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib' >>> [ 50s] make: *** [Makefile:48: lib] Error 2 >> >> Can you provide the full set of commands/instructions you're using to do your build? Well, I see that you're building an RPM file -- where did you get the rpmspec from? I also see that that RPM build is patching a lot of ProFTPD files; we can't really support such custom patches. They make things much harder to debug, since they aren't part of the official distribution. You can see the GitHub Actions workflow that's used to build an RPM from the ProFTPD 1.3.7 branch successfully here, for comparison: https://github.com/proftpd/proftpd/blob/1.3.7/.github/workflows/rpm.yml#L75 TJ |
From: Christian <ch...@co...> - 2022-03-02 15:38:59
|
Am 01.03.22 um 23:23 schrieb TJ Saunders: >> running into following compile error: >> >> [ 50s] make[3]: Leaving directory >> '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib/libltdl' >> [ 50s] make[2]: Leaving directory >> '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib/libltdl' >> [ 50s] ar rc libsupp.a pr_fnmatch.o sstrncpy.o strsep.o vsnprintf.o >> glibc-glob.o glibc-hstrerror.o glibc-mkstemp.o pr-syslog.o pwgrent.o >> hanson-tpl. >> o ccan-json.o openbsd-blowfish.o openbsd-bcrypt.o >> [ 50s] ar: pr_fnmatch.o: No such file or directory >> [ 50s] make[1]: *** [Makefile:31: libsupp.a] Error 1 >> [ 50s] make[1]: Leaving directory >> '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib' >> [ 50s] make: *** [Makefile:48: lib] Error 2 > > Can you provide the full set of commands/instructions you're using to do your build? > > Cheers, > TJ > > > _______________________________________________ > ProFTPD Developers List > <pro...@pr...> > https://lists.sourceforge.net/lists/listinfo/proftp-devel Hello TJ please find attached the full build log. Thank you Christian -- Christian ------------------------------------------------------------ https://join.worldcommunitygrid.org?recruiterId=177038 ------------------------------------------------------------ http://www.sc24.de - Sportbekleidung ------------------------------------------------------------ |
From: TJ S. <tj...@ca...> - 2022-03-01 22:24:25
|
> running into following compile error: > > [ 50s] make[3]: Leaving directory > '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib/libltdl' > [ 50s] make[2]: Leaving directory > '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib/libltdl' > [ 50s] ar rc libsupp.a pr_fnmatch.o sstrncpy.o strsep.o vsnprintf.o > glibc-glob.o glibc-hstrerror.o glibc-mkstemp.o pr-syslog.o pwgrent.o > hanson-tpl. > o ccan-json.o openbsd-blowfish.o openbsd-bcrypt.o > [ 50s] ar: pr_fnmatch.o: No such file or directory > [ 50s] make[1]: *** [Makefile:31: libsupp.a] Error 1 > [ 50s] make[1]: Leaving directory > '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib' > [ 50s] make: *** [Makefile:48: lib] Error 2 Can you provide the full set of commands/instructions you're using to do your build? Cheers, TJ |
From: Christian <ch...@co...> - 2022-03-01 21:26:56
|
Hi, running into following compile error: [ 50s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib/libltdl' [ 50s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib/libltdl' [ 50s] ar rc libsupp.a pr_fnmatch.o sstrncpy.o strsep.o vsnprintf.o glibc-glob.o glibc-hstrerror.o glibc-mkstemp.o pr-syslog.o pwgrent.o hanson-tpl. o ccan-json.o openbsd-blowfish.o openbsd-bcrypt.o [ 50s] ar: pr_fnmatch.o: No such file or directory [ 50s] make[1]: *** [Makefile:31: libsupp.a] Error 1 [ 50s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/proftpd-1.3.7c/lib' [ 50s] make: *** [Makefile:48: lib] Error 2 actually all the objects do not reside in ./ but in ./libs e.g. [ 45s] libtool: compile: gcc -DHAVE_CONFIG_H -DLINUX -I.. -I../include -I../include -I/usr/include/pgsql -I/usr/include/mysql -I/usr/include/mysql -I/usr/include/mysql/mysql -g2 -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -D_GNU_SOURCE -DLDAP_DEPRECATED -Wall -fno-omit-frame-pointer -fno-strict-aliasing -Werror=implicit-function-declaration -c pr_fnmatch.c -fPIC -DPIC -o .libs/pr_fnmatch.o what am I missing ? any help would be appreciated Thank you -- Christian ------------------------------------------------------------ https://join.worldcommunitygrid.org?recruiterId=177038 ------------------------------------------------------------ http://www.sc24.de - Sportbekleidung ------------------------------------------------------------ |
From: TJ S. <tj...@ca...> - 2021-08-30 00:46:16
|
Hello, fellow ProFTPD developers. Kubernetes and Docker are quite common and popular these days; I've been curious to see how many sites run ProFTPD in a Kubernetes, and/or Docker Compose environment? If so, how has the setup, experience been? For my day job, I run other applications in k8s clusters. And thus to better learn the intricacies of monitoring in the preferred k8s way, I wrote a Prometheus module, an "exporter", for ProFTPD, that I thought might be of interest: https://github.com/Castaglia/proftpd-mod_prometheus Looking forward to hearing your thoughts, feedback, discussions. Cheers, TJ |
From: TJ S. <tj...@ca...> - 2021-06-14 03:51:45
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, ProFTPD community. The ProFTPD Project team is pleased to announce that the first release candidate for ProFTPD 1.3.8 is now available for public consumption. You can download 1.3.8rc1, including PGP signatures and MD5 sums, from the alternate download site, hosted by GitHub: https://github.com/proftpd/proftpd/archive/v1.3.8rc1.tar.gz Alternatively, you can download proftpd from the main site: ftp://ftp.proftpd.org/distrib/source RPMs, once available, will be placed here: ftp://ftp.proftpd.org/distrib/packages/RPMS The 1.3.8rc1 release includes major new features and numerous bugfixes, including: + Improved support for TLSv1.3 + Improved TLS SNI support, for name-based virtual hosting + Fixed speed regressions when using AuthUserFiles Please read the included NEWS, RELEASE_NOTES, and ChangeLog files for the full details. The MD5 sum for the source tarball is: 4d2b24a2f9bc1353392eba960d7b7d9d proftpd-1.3.8rc1.tar.gz The PGP signature for the source tarball is: proftpd-1.3.8rc1.tar.gz: -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEABECAAYFAmDGzlsACgkQt46JP6URl2oHEwCggQ1IfOaBNPCt33MrFqTDnLv8 IBsAoMQE1npVVPNuYKRYfNxsl07UCCQs =iOqi -----END PGP SIGNATURE----- My PGP key has been used to sign the source tarballs as well as this announcement; it is available via MIT's public keyserver. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEARECAAYFAmDGzyQACgkQt46JP6URl2oGKACg+qP+X5XixoI+UBRptzxBwnA+ 5XkAn3ZgYvDMViNdlCANlBZGQAZvtPrU =ytI1 -----END PGP SIGNATURE----- |
From: TJ S. <tj...@ca...> - 2021-06-14 03:14:50
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, ProFTPD community. The ProFTPD Project team is pleased to announce that the second maintenance release for ProFTPD 1.3.7 is now available for public consumption. You can download 1.3.7b, including PGP signatures and MD5 sums, from the alternate download site, hosted by GitHub: https://github.com/proftpd/proftpd/archive/v1.3.7b.tar.gz Alternatively, you can download proftpd from the main site: ftp://ftp.proftpd.org/distrib/source RPMs, once available, will be placed here: ftp://ftp.proftpd.org/distrib/packages/RPMS The 1.3.7b release is a maintenance release, containing various fixes backported from the 1.3.7 development cycle. Please read the included NEWS and ChangeLog files for the full details. The MD5 sum for the source tarball is: 50f9d8abc44b4ef600d884ba9803bfba proftpd-1.3.7b.tar.gz The PGP signature for the source tarball is: proftpd-1.3.7b.tar.gz: -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEABECAAYFAmDGxI0ACgkQt46JP6URl2pvOgCfQHRqAb8N/yNQmpzTnugY3wNg uqUAnjO+XIabjc5ZCwKIKRpIew5Y/ooD =V4eZ -----END PGP SIGNATURE----- My PGP key has been used to sign the source tarballs as well as this announcement; it is available via MIT's public keyserver. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEARECAAYFAmDGxjIACgkQt46JP6URl2rk1QCeOaCDtbImPPplEy3J2JpyIdf7 2ZgAn2TzZNfI4pZF4oZ2ue/LrCq1uEzk =Guud -----END PGP SIGNATURE----- |
From: TJ S. <tj...@ca...> - 2021-05-17 16:41:56
|
> I tried the below configuration in my proftpd.conf file. > > <IfModule mod_sftp.c> > <VirtualHost 127.0.0.1> > SFTPEngine on > SFTPLog /etc/proftpd/sftp/sftp.log > > # Configure the server to listen on the normal SSH2 port, port 22 > Port 22 > > # Configure the RSA, DSA, and ECDSA host keys, using the same host key > # files that OpenSSH uses. > # SFTPHostKey /etc/ssh_host_rsa_key > # SFTPHostKey /etc/ssh_host_dsa_key > # SFTPHostKey /etc/ssh_host_ecdsa_key > > # Configure the file used for comparing authorized public keys of users. > # SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys > > # Enable compression > # SFTPCompression delayed > > # Allow the same number of authentication attempts as OpenSSH. > # > # It is recommended that you explicitly configure MaxLoginAttempts > # for your SSH2/SFTP instance to be higher than the normal > # MaxLoginAttempts value for FTP, as there are more ways to authenticate > # using SSH2. > MaxLoginAttempts 6 > > </VirtualHost> > </IfModule> > #<IfModule mod_sftp.c> > > *And got the below error while trying to do sftp. Can you please let me > know if I am missing anything?* At this point, you should check the configured SFTPLog, as well as proftpd debug logging: http://www.proftpd.org/docs/howto/Debugging.html for additional information/clues about what else might be missing/wrong. TJ |
From: SIMON B. <sim...@gm...> - 2021-05-17 04:43:00
|
Hello TJ, I tried the below configuration in my proftpd.conf file. <IfModule mod_sftp.c> <VirtualHost 127.0.0.1> SFTPEngine on SFTPLog /etc/proftpd/sftp/sftp.log # Configure the server to listen on the normal SSH2 port, port 22 Port 22 # Configure the RSA, DSA, and ECDSA host keys, using the same host key # files that OpenSSH uses. # SFTPHostKey /etc/ssh_host_rsa_key # SFTPHostKey /etc/ssh_host_dsa_key # SFTPHostKey /etc/ssh_host_ecdsa_key # Configure the file used for comparing authorized public keys of users. # SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys # Enable compression # SFTPCompression delayed # Allow the same number of authentication attempts as OpenSSH. # # It is recommended that you explicitly configure MaxLoginAttempts # for your SSH2/SFTP instance to be higher than the normal # MaxLoginAttempts value for FTP, as there are more ways to authenticate # using SSH2. MaxLoginAttempts 6 </VirtualHost> </IfModule> #<IfModule mod_sftp.c> *And got the below error while trying to do sftp. Can you please let me know if I am missing anything?* *sbaby@ubuntu:~/proftpd/proftpd-1.3.4b$ sftp sbaby@127.0.0.1 <sbaby@127.0.0.1>Connecting to 127.0.0.1...* *ssh_exchange_identification: Connection closed by remote host* *Couldn't read packet: Connection reset by peer* *Regards* *Simon* On Sat, May 15, 2021 at 10:30 PM TJ Saunders <tj...@ca...> wrote: > > > Thank you so much for the quick response and providing the link to > > those documents. From the documents it has the below sample > > configuration. I am planning to use only password based authentication. > > In that case do I need the parameters > > SFTPHostKey , SFTPAuthorizedUserKeys , and SFTPCompression . In > > this case how do I pass the username and password to SFTP via > > configuration. DO I need to set the parameter SFTPAuthMethods also for > > No. By default, like the rest of ProFTPD, the mod_sftp module will try to > authenticate any users/passwords via the normal /etc/passwd files on your > server. You need to go out of your way -- provide explicit configuration > directives -- to tell ProFTPD (and mod_sftp) to use anything else. > > > <IfModule mod_sftp.c> > > <VirtualHost *a.b.c.d*> > > SFTPEngine on > > SFTPLog /etc/proftpd/sftp/sftp.log > > > > # Configure the server to listen on the normal SSH2 port, port 22 > > Port 22 > > > > # Configure the RSA, DSA, and ECDSA host keys, using the same host > key > > # files that OpenSSH uses. > > SFTPHostKey /etc/ssh_host_rsa_key > > SFTPHostKey /etc/ssh_host_dsa_key > > SFTPHostKey /etc/ssh_host_ecdsa_key > > > > # Configure the file used for comparing authorized public keys of > users. > > SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys > > > > # Enable compression > > SFTPCompression delayed > > > > # Allow the same number of authentication attempts as OpenSSH. > > # > > # It is recommended that you explicitly configure MaxLoginAttempts > > # for your SSH2/SFTP instance to be higher than the normal > > # MaxLoginAttempts value for FTP, as there are more ways to > authenticate > > # using SSH2. > > MaxLoginAttempts 6 > > > > </VirtualHost> > > </IfModule> > > The above looks correct. If you have trouble logging in, I would > recommend looking at the ProFTPD debug logging: > http://www.proftpd.org/docs/howto/Debugging.html > > as well as looking at the SFTPLog entries. > > Cheers, > TJ > |
From: TJ S. <tj...@ca...> - 2021-05-16 05:30:27
|
> Thank you so much for the quick response and providing the link to > those documents. From the documents it has the below sample > configuration. I am planning to use only password based authentication. > In that case do I need the parameters > SFTPHostKey , SFTPAuthorizedUserKeys , and SFTPCompression . In > this case how do I pass the username and password to SFTP via > configuration. DO I need to set the parameter SFTPAuthMethods also for No. By default, like the rest of ProFTPD, the mod_sftp module will try to authenticate any users/passwords via the normal /etc/passwd files on your server. You need to go out of your way -- provide explicit configuration directives -- to tell ProFTPD (and mod_sftp) to use anything else. > <IfModule mod_sftp.c> > <VirtualHost *a.b.c.d*> > SFTPEngine on > SFTPLog /etc/proftpd/sftp/sftp.log > > # Configure the server to listen on the normal SSH2 port, port 22 > Port 22 > > # Configure the RSA, DSA, and ECDSA host keys, using the same host key > # files that OpenSSH uses. > SFTPHostKey /etc/ssh_host_rsa_key > SFTPHostKey /etc/ssh_host_dsa_key > SFTPHostKey /etc/ssh_host_ecdsa_key > > # Configure the file used for comparing authorized public keys of users. > SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys > > # Enable compression > SFTPCompression delayed > > # Allow the same number of authentication attempts as OpenSSH. > # > # It is recommended that you explicitly configure MaxLoginAttempts > # for your SSH2/SFTP instance to be higher than the normal > # MaxLoginAttempts value for FTP, as there are more ways to authenticate > # using SSH2. > MaxLoginAttempts 6 > > </VirtualHost> > </IfModule> The above looks correct. If you have trouble logging in, I would recommend looking at the ProFTPD debug logging: http://www.proftpd.org/docs/howto/Debugging.html as well as looking at the SFTPLog entries. Cheers, TJ |
From: SIMON B. <sim...@gm...> - 2021-05-16 03:47:50
|
Hi TJ, Thank you so much for the quick response and providing the link to those documents. From the documents it has the below sample configuration. I am planning to use only password based authentication. In that case do I need the parameters SFTPHostKey , SFTPAuthorizedUserKeys , and SFTPCompression . In this case how do I pass the username and password to SFTP via configuration. DO I need to set the parameter SFTPAuthMethods also for this? <IfModule mod_sftp.c> <VirtualHost *a.b.c.d*> SFTPEngine on SFTPLog /etc/proftpd/sftp/sftp.log # Configure the server to listen on the normal SSH2 port, port 22 Port 22 # Configure the RSA, DSA, and ECDSA host keys, using the same host key # files that OpenSSH uses. SFTPHostKey /etc/ssh_host_rsa_key SFTPHostKey /etc/ssh_host_dsa_key SFTPHostKey /etc/ssh_host_ecdsa_key # Configure the file used for comparing authorized public keys of users. SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys # Enable compression SFTPCompression delayed # Allow the same number of authentication attempts as OpenSSH. # # It is recommended that you explicitly configure MaxLoginAttempts # for your SSH2/SFTP instance to be higher than the normal # MaxLoginAttempts value for FTP, as there are more ways to authenticate # using SSH2. MaxLoginAttempts 6 </VirtualHost> </IfModule> Thank you one again for your help. Regards Simon On Sat, May 15, 2021 at 10:36 AM TJ Saunders <tj...@ca...> wrote: > > > I am new to proftpd . I would like to know how to enable sftp on > > proftpd and do secure file transfer. > > In the proftpd.conf file I can see the SFTPengine parameter. If I make > > it ON will sftp work? > > First, you need to make sure your installed ProFTPD has the mod_sftp > module installed/included; you can see this via `proftpd -l`, or `proftpd > -V`. > > Once you know that mod_sftp is present/enabled, you need to configure an > SFTP <VirtualHost>. Note that using "SFTPEngine on" is not enough; > mod_sftp requires other settings as well. See the "Example Configuration" > section of the mod_sftp docs: > http://www.proftpd.org/docs/contrib/mod_sftp.html > > Hope this helps, > TJ > > > _______________________________________________ > ProFTPD Developers List > <pro...@pr...> > https://lists.sourceforge.net/lists/listinfo/proftp-devel > |
From: TJ S. <tj...@ca...> - 2021-05-15 17:36:19
|
> I am new to proftpd . I would like to know how to enable sftp on > proftpd and do secure file transfer. > In the proftpd.conf file I can see the SFTPengine parameter. If I make > it ON will sftp work? First, you need to make sure your installed ProFTPD has the mod_sftp module installed/included; you can see this via `proftpd -l`, or `proftpd -V`. Once you know that mod_sftp is present/enabled, you need to configure an SFTP <VirtualHost>. Note that using "SFTPEngine on" is not enough; mod_sftp requires other settings as well. See the "Example Configuration" section of the mod_sftp docs: http://www.proftpd.org/docs/contrib/mod_sftp.html Hope this helps, TJ |
From: SIMON B. <sim...@gm...> - 2021-05-14 05:17:25
|
Hi, I am new to proftpd . I would like to know how to enable sftp on proftpd and do secure file transfer. In the proftpd.conf file I can see the SFTPengine parameter. If I make it ON will sftp work? Regards Simon |
From: TJ S. <tj...@ca...> - 2020-07-21 17:50:44
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, ProFTPD community. The ProFTPD Project team is pleased to announce that the first maintenance release for ProFTPD 1.3.7 is now available for public consumption. You can download 1.3.7a, including PGP signatures and MD5 sums, from the alternate download site, hosted by GitHub: https://github.com/proftpd/proftpd/archive/v1.3.7a.tar.gz Alternatively, you can download proftpd from the main site: ftp://ftp.proftpd.org/distrib/source RPMs, once available, will be placed here: ftp://ftp.proftpd.org/distrib/packages/RPMS The 1.3.7a release is a maintenance release, containing various fixes backported from the 1.3.7 development cycle. Please read the included NEWS and ChangeLog files for the full details. The MD5 sum for the source tarball is: 4a9b8877b2e9b08d70e71ad56c19e2c9 proftpd-1.3.7a.tar.gz The PGP signature for the source tarball is: proftpd-1.3.7a.tar.gz: -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEABECAAYFAl8XJmoACgkQt46JP6URl2pgmgCeIrZ9vPdRQyewArkaTonIUsW3 xBUAoLsVLb24A/6Y9XgbS/bi+E8mFC1z =c1aY -----END PGP SIGNATURE----- My PGP key has been used to sign the source tarballs as well as this announcement; it is available via MIT's public keyserver. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEARECAAYFAl8XKdAACgkQt46JP6URl2qjqwCgxj13YWaoOsTUPKGkvIMg5NGi IikAmQFsH+V8xuA8Y6VFIeJ/PD92tf8z =A5Lt -----END PGP SIGNATURE----- |
From: TJ S. <tj...@ca...> - 2020-07-21 04:57:17
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, ProFTPD community. The ProFTPD Project team is pleased to announce that the fifth maintenance release for ProFTPD 1.3.6 is now available for public consumption. You can download 1.3.6e, including PGP signatures and MD5 sums, from the alternate download site, hosted by GitHub: https://github.com/proftpd/proftpd/archive/v1.3.6e.tar.gz Alternatively, you can download proftpd from the main site: ftp://ftp.proftpd.org/distrib/source RPMs, once available, will be placed here: ftp://ftp.proftpd.org/distrib/packages/RPMS The 1.3.6e release is a maintenance release, containing various fixes backported from the 1.3.7 development cycle. Please read the included NEWS and RELEASE_NOTES files for the full details. The MD5 sum for the source tarball is: 17a10501503f9455e137ba34b2f13591 proftpd-1.3.6e.tar.gz The PGP signature for the source tarball is: proftpd-1.3.6e.tar.gz: -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEABECAAYFAl8Wc4kACgkQt46JP6URl2r4iACgxK61LzkVQ5xRHKHMl43D1ixd zYQAoJXt14fj66DMBwU+JBDqQ+nm2tsj =F9Rz -----END PGP SIGNATURE----- My PGP key has been used to sign the source tarballs as well as this announcement; it is available via https://pgp.key-server.io/. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEARECAAYFAl8Wc7sACgkQt46JP6URl2prcACg9hHZC96JqYbZ4hOsbHwTObt6 +tUAoPAIGXqG4FjphMwTVaR6jmu8IU0Q =/Ie5 -----END PGP SIGNATURE----- |
From: TJ S. <tj...@ca...> - 2020-07-21 04:56:35
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, ProFTPD community. The ProFTPD Project team is pleased to announce that the stable release for ProFTPD 1.3.7 is now available for public consumption. You can download 1.3.7, including PGP signatures and MD5 sums, from the alternate download site, hosted by GitHub: https://github.com/proftpd/proftpd/archive/v1.3.7.tar.gz Alternatively, you can download proftpd from the main site: ftp://ftp.proftpd.org/distrib/source RPMs, once available, will be placed here: ftp://ftp.proftpd.org/distrib/packages/RPMS The 1.3.7 release includes new features and bugfixes, including TLSv1.3 support, TLS SNI support, and other module improvements. Please read the included NEWS and RELEASE_NOTES files for the full details. The MD5 sum for the source tarball is: c3c39796c16314b962c7444b2f1040c2 proftpd-1.3.7.tar.gz The PGP signature for the source tarball is: proftpd-1.3.7.tar.gz: -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEABECAAYFAl8WbaQACgkQt46JP6URl2rrUQCfcmk0kWBR/jZX0o83JyYci4Vq ZSEAnA6f3WVp8MDTbs/7bPZex5LPmr5o =kZww -----END PGP SIGNATURE----- My PGP key has been used to sign the source tarballs as well as this announcement; it is available via https://pgp.key-server.io/. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEARECAAYFAl8Wb0IACgkQt46JP6URl2p3AQCeOIDT7f1donHNXxAvtMlyfcTp 4SIAn1w+mq+JUZbg+wLcnTr/sHqKLWsU =cr60 -----END PGP SIGNATURE----- |
From: Carlos V. <car...@ni...> - 2020-06-11 15:36:30
|
Hello, Yesterday I had to restore a disk image of Acronis True Image from FTP and I ran into this issue. Restoration fails if using Proftpd with "UseSendfile off" ( I use this to see the bps in ftpwho -v). With this setting on, it works fine. Proftpd is 1.3.6d, compiled from source. Tested 1.3.7rc4 with same failure. Linux kernel is 4.14.62 Also tested other FTP servers (vsftpd and Filezilla Server) and they work fine (don't fail). I took some debugs and packet captures and I think the problem is related to log message "aborting transfer: Link to file server lost". This generates a 450 reply: "ASMedia AS2115 0_full_b1_s1_v3.tib 450" And I think this doesn't like to Acronis FTP client. This issue could be related with this: https://forums.proftpd.org/smf/index.php?topic=1661.0 Acronis uses a weird retrieve pattern here. It retrieves a file and abort the connection after some time, sending RST in data connection and ABORT in control connection. Then start again the RETR on the file but first issuing a REST to begin in a point of the file. And it makes this continuously. So, when this happens with "UseSendfile on" I see this: === dispatching CMD command 'REST 313658474' to mod_xfer dispatching CMD command 'RETR /xxx/ASMedia AS2115 0_full_b1_s1_v1.tib' to mod_xfer Transfer aborted after 657000 bytes in 0.02 seconds "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v1.tib" 426 657000 dispatching LOG_CMD command 'REST 332254585' to mod_log dispatching CMD command 'RETR /xxx/ASMedia AS2115 0_full_b1_s1_v1.tib' to mod_xfer Transfer aborted after 1040980 bytes in 0.08 seconds "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v1.tib" 426 1040980 ... === and so on. Always 426 is returned. However with "UseSendfile off" I see this: === notice: user redacted: aborting transfer: Link to file server lost "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 450 65536 dispatching CMD command 'REST 1834028028' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 4 dispatching CMD command 'REST 1834028026' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 6 dispatching CMD command 'REST 1834028000' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 32 dispatching CMD command 'REST 1834027964' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 68 dispatching CMD command 'REST 1834027868' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 164 dispatching CMD command 'REST 1834027831' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 201 dispatching CMD command 'REST 1834026491' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 1541 dispatching CMD command 'REST 1834026041' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 1991 notice: user redacted: aborting transfer: Link to file server lost "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 450 81920 dispatching CMD command 'REST 1834028028' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 4 dispatching CMD command 'REST 1834028026' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 6 dispatching CMD command 'REST 1834028000' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 32 dispatching CMD command 'REST 1834027964' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 68 dispatching CMD command 'REST 1834027868' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 164 notice: user redacted: aborting transfer: Link to file server lost "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 450 65536 dispatching CMD command 'REST 1834027831' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 201 dispatching CMD command 'REST 1834028028' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 4 dispatching CMD command 'REST 1834026491' to mod_xfer "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v3.tib" 226 1541 dispatching CMD command 'REST 1834028026' to mod_xfer ... === Lot of 226 mixed with 450 and "Link to file server lost". Other FTP servers behave similar, Vsftpd uses 225 along with 426: === Client "x.x.x.x", "REST 2204125507" Client "x.x.x.x", "350 Restart position accepted (2204125507)." Client "x.x.x.x", "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v1.tib" Client "x.x.x.x", "150 Opening BINARY mode data connection for /xxx/ASMedia AS2115 0_full_b1_s1_v1.tib (422714773504 bytes)." Client "x.x.x.x", "426 Failure writing network stream." Client "x.x.x.x", "/xxx/ASMedia AS2115 0_full_b1_s1_v1.tib", 271560 bytes, 12088.40Kbyte/sec Client "x.x.x.x", "ABOR" Client "x.x.x.x", "225 No transfer to ABOR." Client "x.x.x.x", "NOOP" Client "x.x.x.x", "200 NOOP ok." Client "x.x.x.x", "PASV" Client "x.x.x.x", "227 Entering Passive Mode (redacted) Client "x.x.x.x", "REST 2219561368" Client "x.x.x.x", "350 Restart position accepted (2219561368)." Client "x.x.x.x", "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v1.tib" Client "x.x.x.x", "150 Opening BINARY mode data connection for /xxx/ASMedia AS2115 0_full_b1_s1_v1.tib (422714773504 bytes)." Client "x.x.x.x", "426 Failure writing network stream." Client "x.x.x.x", "/xxx/ASMedia AS2115 0_full_b1_s1_v1.tib", 601520 bytes, 21613.87Kbyte/sec Client "x.x.x.x", "ABOR" Client "x.x.x.x", "225 No transfer to ABOR." Client "x.x.x.x", "NOOP" Client "x.x.x.x", "200 NOOP ok." Client "x.x.x.x", "PASV" Client "x.x.x.x", "227 Entering Passive Mode (redacted) Client "x.x.x.x", "REST 2204125507" Client "x.x.x.x", "350 Restart position accepted (2204125507)." Client "x.x.x.x", "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v1.tib" Client "x.x.x.x", "150 Opening BINARY mode data connection for /xxx/ASMedia AS2115 0_full_b1_s1_v1.tib (422714773504 bytes)." Client "x.x.x.x", "426 Failure writing network stream." Client "x.x.x.x", "/xxx/ASMedia AS2115 0_full_b1_s1_v1.tib", 464280 bytes, 8709.82Kbyte/sec Client "x.x.x.x", "ABOR" Client "x.x.x.x", "225 No transfer to ABOR." Client "x.x.x.x", "NOOP" Client "x.x.x.x", "200 NOOP ok." Client "x.x.x.x", "PASV" Client "x.x.x.x", "227 Entering Passive Mode (redacted) Client "x.x.x.x", "REST 2219561368" Client "x.x.x.x", "350 Restart position accepted (2219561368)." Client "x.x.x.x", "RETR /xxx/ASMedia AS2115 0_full_b1_s1_v1.tib" Client "x.x.x.x", "150 Opening BINARY mode data connection for /xxx/ASMedia AS2115 0_full_b1_s1_v1.tib (422714773504 bytes)." Client "x.x.x.x", "426 Failure writing network stream." Client "x.x.x.x", "/xxx/ASMedia AS2115 0_full_b1_s1_v1.tib", 207320 bytes, 10865.72Kbyte/sec Client "x.x.x.x", "ABOR" Client "x.x.x.x", "225 No transfer to ABOR." ... === However the 450 with the "Link to file server lost" I only see them in Proftpd with "Usersendfile Off", and I think this is the problem. I don't know how to debug this further. I can send full logs and packet captures in private if needed. Regards, Carlos Velasco |
From: Paul H. <pa...@ci...> - 2020-05-31 10:45:56
|
On Sat, 30 May 2020 14:31:48 -0700 "TJ Saunders" <tj...@ca...> wrote: > Hello, ProFTPD developers! I'm contemplating the growing complexity > of ProFTPD's TLS/crypto codebase, and how to reduce it. Much of that > complexity is related to OpenSSL, and its changing APIs over the > years. > > Thus I'd like to start phasing out support for older OpenSSL > versions. How old? Well, I'm hoping you can help me decide that. > > We can use the OPENSSL_API_COMPAT macro (at least since > OpenSSL-1.1.0), like this PR: > > https://github.com/pyca/cryptography/pull/4313 > > I know that there are some platforms, like HP-UX or AIX, where > bleeding-edge OpenSSL versions may not be used/available. But > support for OpenSSL before 1.0.0 can be phased out, yes? > > Part of this will be establishing criteria for this project, going > forward, for knowing when/how to EOL support for older library > versions (not just OpenSSL) -- and how to announce that, with enough > advance notice for packagers/distros to be prepared. > > I look forward to hearing your thoughts on this topic! Well it looks like support for OpenSSL < 1.1.0 has already been phased out in 1.3.7rc4: it uses SSL_SESSION_set1_id_context(), which was introduced in OpenSSL 1.1.0. As for how long I support older systems, that depends on which hat I'm wearing: As a packager for Fedora proper, which only has a lifespan of 13 months from release, support for older versions is a non-issue. Indeed, the problem is often the other way around, with system libraries too new for some upstream projects to be able to handle. As a packager for Fedora EPEL, I'm looking to support a release until it reaches its end of life. The oldest still-supported version is EPEL-6, which is due to reach end of life in November, 10 years after the initial release of Red Hat Enterprise Linux 6.0. However, I try to avoid doing major version bumps in EPEL, so the version of proftpd in EPEL-6 is proftpd 1.3.3g. I try to backport security fixes where possible, and I've managed it so far. If there was a case where I couldn't manage it, I'd be prepared to do a major version bump if necessary. RHEL-6 has openssl 1.0.1e, RHEL-7 has openssl 1.0.2k and RHEL-8 has openssl 1.1.1c. As an independent packager with my own personal repository, I try to build the latest version of proftpd for all Fedora and RHEL releases back to the time of the oldest currently-supported RHEL version, which is currently Fedora 13 and RHEL-6. Fedora 13 has openssl 1.0.0d. When RHEL-6 reaches EOL, I'll move up to Fedora 19 being my oldest supported version and that has OpenSSL 1.0.1e. The packages on ancient EOL Fedora releases are hardly used by anybody and if they fail to build, it's not a big issue. I find value in doing the builds because it helps when debugging issues relating to system package versions - I can see more precisely where something stopped working by looking at old Fedora versions than I can by looking a the small number of RHEL versions. So, overall, I'd like to see support remain for libraries for 10 years, which would mean that support for OpenSSL < 1.0.0 is no longer useful from my perspective. On the other hand, if that's a hard burden, it's quite understandable and I'd have no objections if you shortened the support lifetime. If that meant that the latest and greatest proftpd version wasn't available on an old RHEL version, then so be it. Paul. |
From: Francesco P. L. <fr...@de...> - 2020-05-31 08:53:57
|
On Sat, May 30, 2020 at 02:31:48PM -0700, TJ Saunders wrote: >Hello, ProFTPD developers! I'm contemplating the growing complexity >of ProFTPD's TLS/crypto codebase, and how to reduce it. Much of that >complexity is related to OpenSSL, and its changing APIs over the years. > >Thus I'd like to start phasing out support for older OpenSSL versions. >How old? Well, I'm hoping you can help me decide that. > >We can use the OPENSSL_API_COMPAT macro (at least since OpenSSL-1.1.0), like this PR: > > https://github.com/pyca/cryptography/pull/4313 > >I know that there are some platforms, like HP-UX or AIX, where >bleeding-edge OpenSSL versions may not be used/available. But support >for OpenSSL before 1.0.0 can be phased out, yes? > >Part of this will be establishing criteria for this project, going >forward, for knowing when/how to EOL support for older library versions >(not just OpenSSL) -- and how to announce that, with enough advance >notice for packagers/distros to be prepared. > >I look forward to hearing your thoughts on this topic! > >Cheers, >TJ > Well, for what is concerning Debian, even the 8.x oldoldstable jessie LTS (that shall end its support next month) came with 1.0.1t, so I think dropping pre-1.0.0 support would not be a problem for current supported versions. About the general life cycle of APIs used in proftpd: my advice is supporting at least 5 previous years per API, based on release date of each library which is more or less aligned with a long term support for most of the distributions. In any case, supporting more than 10 years-old APIs is probably a non-sense. All this, with a grain of salt: a decent policy of management of libraries should already include some back-compatibility criteria with an eye to users and distributions. But, we know the world is weird... cheers, -- Francesco P. Lovergine |
From: TJ S. <tj...@ca...> - 2020-05-30 22:07:40
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, ProFTPD community. The ProFTPD Project team is pleased to announce that the fourth maintenance release for ProFTPD 1.3.6 is now available for public consumption. You can download 1.3.6d, including PGP signatures and MD5 sums, from the alternate download site, hosted by GitHub: https://github.com/proftpd/proftpd/archive/v1.3.6d.tar.gz Alternatively, you can download proftpd from the main site: ftp://ftp.proftpd.org/distrib/source RPMs, once available, will be placed here: ftp://ftp.proftpd.org/distrib/packages/RPMS The 1.3.6d release is a maintenance release, containing various fixes backported from the 1.3.7 development cycle. Please read the included NEWS and RELEASE_NOTES files for the full details. The MD5 sum for the source tarball is: ed5580e9e02c5308dc9283fc83434530 proftpd-1.3.6d.tar.gz The PGP signature for the source tarball is: proftpd-1.3.6d.tar.gz: -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEABECAAYFAl7S1woACgkQt46JP6URl2rRGACfXHB/BIWLmzQN+DKMiqIWYjFQ iUAAoMzew8rPEryN15UlKqQUWSgmEOtd =DdlT -----END PGP SIGNATURE----- My PGP key has been used to sign the source tarballs as well as this announcement; it is available via https://pgp.key-server.io/. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEARECAAYFAl7S14oACgkQt46JP6URl2pAlACg/vF/5KDv97fze2YXikAWpar/ dpEAn2MOjsSCqYyPAu8rYn52kgPuE2LZ =OZ/6 -----END PGP SIGNATURE----- |
From: TJ S. <tj...@ca...> - 2020-05-30 21:47:58
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, ProFTPD community. The ProFTPD Project team is pleased to announce that the fourth release candidate for ProFTPD 1.3.7 is now available for public consumption. You can download 1.3.7rc4, including PGP signatures and MD5 sums, from the alternate download site, hosted by GitHub: https://github.com/proftpd/proftpd/archive/v1.3.7rc4.tar.gz Alternatively, you can download proftpd from the main site: ftp://ftp.proftpd.org/distrib/source RPMs, once available, will be placed here: ftp://ftp.proftpd.org/distrib/packages/RPMS The 1.3.7rc4 release fixes handling of data uploads over TLSv1.3, includes support for LDAP SASL mechanisms, keepalives for SQL connections, and other fixes. Please read the included NEWS and RELEASE_NOTES files for the full details. The MD5 sum for the source tarball is: 0036ad20b2dff9391ef728a5f54b0898 proftpd-1.3.7rc4.tar.gz The PGP signature for the source tarball is: proftpd-1.3.7rc4.tar.gz: -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEABECAAYFAl7S0b0ACgkQt46JP6URl2ogoQCfW38rOEeeVsze3O3mocLRz/r8 aiMAoMoMn4hRrP8mMQz9MRQu+qV1RVtB =KzeN -----END PGP SIGNATURE----- My PGP key has been used to sign the source tarballs as well as this announcement; it is available via https://pgp.key-server.io/. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iEYEARECAAYFAl7S0gIACgkQt46JP6URl2oF1wCgryptk/dnIP6Y9T9MNysJ6v1T OegAnRuc+YV8PMH13NyB3wHRU8Ql1YJk =MihT -----END PGP SIGNATURE----- |