0.0.1 initial versioned tarball released ---------------------------------------- - Added "-ldl" to LIBS to get linking to work on RedHat6.1 - Add RedHat6.1 on list of tested platforms :) 0.0.2 packaged -------------- - Emit version in greeting string - In PORT command, reject numbers <0 or >255. Problem noted by Solar Designer, <solar@openwall.com> - Allow an option AND a path for LIST/NLST, e.g. "LIST -al /pub". Reported by Bill Nottingham <notting@redhat.com>, using ncftp. Further noted by Colin Hogben <chah@jet.uk> using emacs and James Antill <james@and.org>. - Don't prepend directory path for LIST (but still so for NLST). Noted by Colin Hogben <chah@jet.uk> and Ingo Luetkebohle <ingo@blank.pages.de> - Fix problem listing non-existant or unreadable directories - just return a blank listing rather than an error. Problem noted by Martin Sillence <martin.sillence@prnewswire.co.uk>, using squid. - Fix KDE's downloads (via KFM), it was using the "SIZE" command which I had not implemented. Reported by Simon Dales <simonD@nuffield.co.uk> and Jo Dillon <jo@trolltech.com>. Apparently implementing SIZE also fixed lftp's download time estimator, reported by Ingo Luetkebohle <ingo@blank.pages.de> - Remove abornal_exit() from utility.c - Fix so we don't write "500 OOPS: child died" upon QUIT. Reported by Solar Designer, <solar@openwall.com> and Tim Bagot <tsb@earth.li> 0.0.3 packaged -------------- - Oops: fix so we don't emit a status 150 mark unless we actually got a connection from the client (stops some clients hanging trying to list an inaccessible directory) 0.0.4 packaged -------------- - In verbose directory listing, report symlink targets. Use the traditional syntax of: "link_name -> target_path" - Damn netscape! The comma in the response text to PASV confused it, so it had to be removed. Discovered with tcpdump! - Don't require clients to redo PORT or PASV if a RETR or STOR fails due to inability to open/create file. Fixes Netscape symlink navigation problem. - Fix for listing absolute paths with only one /, e.g. "ls /.message" was failing 0.0.5 packaged -------------- - Remove README.ftpproto - Add SECURITY/OVERVIEW - Add SECURITY/DESIGN - Note that as a security tweak, we should lose more privs if we're configured for anonymous only logins (TODO) - Add SECURITY/IMPLEMENTATION, SECURITY/TRUST, but nothing in them yet. - Convert str.c to vsf_sysutil_*. This leaves the following to do: checkauth.c, main.c, postprivparent.c, privparent.c, privsock.c, utility.c - Convert privparent.c to vsf_sysutil_*. - Create BUGS and move existing listed bugs from TODO into this new file - Add parseconf.h, parseconf.c to handle parsing of a config file (work in progress) - Fix change_full_credentials() in utility.c, to always chdir() even if we are not going to do a chroot() - Rename get_random_byte() to vsf_sysutil_get_random_byte(), and move from utility.c to sysutil.c - Create new file secutil.c, move change_full_credentials() to it and rename - Convert utility.c to vsf_sysutil_*. - handle_local_login(): don't look up username; common_do_login() does it - implement different tunable umask() values for local/anonymous users - implement SITE UMASK - implement SITE CHMOD - whoops! allow non-anonymous users to overwrite files with STOR 0.0.6 packaged -------------- - SECURITY: when in anonymous-only mode, reject usernames that aren't the anonymous usernames. This is hoping some FTP clients will be stopped from sending a cleartext password. Idea from Gerald Teschl <gt@esi.ac.at>. - Decided to put "telnet strings" on the back burner :) - Sprinkling of static in main.c - Complete parseconf.c config file parsing and plug it into main.c - Convert main.c to vsf_sysutil_*. This leaves checkauth.c, postprivparent.c and privsock.c - Now we have runtime config, make compiled in defaults extra paranoid - Implement "tunable_anon_world_readable_only" to only serve publicly readable files anonymously - Add sample "vsftpd.conf" - Eww - missing "return" in parseconf.c - Move ASCII mode transfers out of critical section in TODO - parseconf.c: if an integer starts with "0", treat it as octal - Ban "SITE CHMOD" if !tunable_write_enable - Wrote SECURITY/TRUST - Wrote SECURITY/IMPLEMENTATION, probably more to come - Update INSTALL - Add "tunable_nopriv_user" - Update parseconf.c with the two latest new config variables - Add sysdeputil.h, sysdeputil.c for system specific facilities, i.e. capabilites, authentication. - Lose checkauth.c,h - they moved into sysdeputil.c,h - Lose config.h - it moved into sysdeputil.c - Convert postprivparent.c to vsf_sysutil_* (leaves privsock.c) - Convert privsock.c to vsf_sysutil_*. All done, yay!! :) - D'oh! Missing "!" in postlogin.c refused to server publicly readable files:) - Fix chown() of uploaded files (broken initialization order in main()) - Add SPEED, and fill it with wild speculation - Rename distribution directory "vsftpd-x.x.x" (note the added "d") 0.0.7 packaged -------------- - Build with -O2 - Fix "uninitialized" warnings -O2 exposed - the one in capabilities setup could be nasty! - Nail warning in vsf_sysutil_sendfile(). We're now "-Wall warning free" - Build with -Werror to signal intent to _stay_ warning free - A few int -> long in the area of file sizes and offsets - Remove comma's at end of enum lists (-pedantic caught it) - Impact from fixing warnings caused by -pedantic - Date format %e -> %d in date display, %e isn't everywhere - Paranoia in vsf_sysutil_malloc() - Clean up interface to substring searching in str.c - Cleanups in str.c - Squash most "unsigned<->signed" conversions exposed by -Wconversion - Lose "-g" to CFLAGS; after all we're bug-free now ;-) - Add "AUDIT" - Fix up a bunch of potential 64-bit issues (maybe >2Gb files will work on 64-bit platforms now, no way to test) - Implement PR_SET_KEEPCAPS support for 2.2.18+ and 2.4.0+ kernels - In sysdeputil.c, change NULL -> 0 to help Solaris build problem - Repair vsf_sysutil_sendfile() and the caller - Logging: log the username - Logging: don't log "//" as start of filenames under certain conditions - Logging: log the date. Logging is almost useful now! - Logging: log MKD commands too; they are used in anon ftp a fair bit - Take the trouble to look into partial reads/writes. Looks like we are safe. - vsf_sysutil_read and vsf_sysutil_write now hide EINTR and retry - Replace some vsf_sysutil_{read,write} usage with vsf_sysutil_{read,write)_loop which handles partial reads and writes - Implement a sendfile() replacement for systems which lack it - Implement runtime checking for system specific Linux stuff, i.e. prctl(PR_SET_KEEPCAPS). This is inspired by RedHat7.0 headers claiming to be a 2.4.0 kernel, but actually you are running on 2.2.x! :-( - Strip the build executable at link time 0.0.8 packaged -------------- - A few incorrect sizeof()'s in postlogin.c, thanks to Antonomasia <ant@notatla.demon.co.uk> for noting these. - Decide that ASCII support isn't too important for now (waiting for users to demand it). Also decide that ABOR is a must :( Thanks to Zach Brown <zab@zabbo.net> for the discussion. - More TODO items thanks to Stephen White <swhite@ox.compsoc.net> - 2.0.x issues. - Provide a definition for SHUT_RDWR in sysutil.c, not all systems have that definition yet. Thanks Stephen White <swhite@ox.compsoc.net>. - Tidy privparent.c - Decide ASCII _is_ quite important, thanks Solar ;-) - Bit of extra paranoia in sysutil.c: don't call mem*() if size == 0 - Tidy str.c - Command line: if vsftpd has an argument, it is a path to a config file. - Set TCP_NODELAY on command stream - Don't lseek() for RETR in common case with REST set to 0 - Correct error code for transfer after succesful connection (425 -> 426) - ABOR support. Bah. - APPE support (why not, it was trivial). Putting off ASCII support ;-) - Add ASCII transfer support. Bah. - Tidy up sysutil.c, fix breakage in read_loop and write_loop. 0.0.9 packaged -------------- - Remove ".message" from distribution. Thanks Mitchell Blank Jr <mitch@sfgoth.com> - Note where I can get some load testing software, thanks to Dan Kegel <dank@alumni.caltech.edu>. I'll do that soon because I hope to waste wu-ftpd. - Fix an Alpha build warning and check return value from final pam_end(). Reported by Solar Designer <solar@openwall.com>. - Add xinetd.d/vsftpd, from Kurt Seifried <listuser@seifried.org>. - Integrate comments/fixes into SECURITY documentation, thanks to Antonomasia <ant@notatla.demon.co.uk> - SECURITY: default tunable_chroot_local_user to 0, because it is dangerous to give users write access to the filesystem root (think of opening trusted files relative to the root). Thanks again Solar Designer <solar@openwall.com>. - Add "make install" target. Currently it is minimal! - Clearer error message if vsftpd is started manually. Suggestion from Tom <tom@lemuria.org>. - Report futuristic or old (>6 months) dates in a different format, showing the year like /bin/ls does. - Add KERNEL-2.4.0-WARNING. Whoo-hoo. Why do all my non-trivial programs seem to trigger kernel bugs? - SECURITY: refuse to allow anonymous logins if some bonehead has configured the anonymous ftp user with write access to the ftp root. - Fix ASCII downloads so that \n UNCONDITIONALLY maps to \r\n. This behaviour is now consistent with wu-ftpd and results in simpler code. - Fix ASCII uploads to not to fail to strip some \r characters. Noted by Mitchell Blank Jr <mitch@sfgoth.com>. - Add TODO items: log transfer rate and anonymous password. Andrew Anderson <andrew@redhat.com>. 0.0.10 packaged --------------- - Remove errant #include <sys/sendfile.h> from sysutil.c. Noted by Jan-Frode Myklebust <janfrode@parallab.uib.no> - Use gettimeofday(2) not time(2), for better resolution. - Add transfer rate to the log - Add <limits.h> to sysutil.c, spotted by Kevin Vajk <kvajk@cup.hp.com>. - Spell "LICENSE" correctly: Kevin Vajk <kvajk@cup.hp.com>. - Use fcntl() for locking instead of flock() because it is much more standard. flock() usage noted by Kevin Vajk <kvajk@cup.hp.com>. - Use more portable IPPROTO_* instead of SOL_* (IPPROTO_IP, IPPROTO_TCP). Thanks to Neil Blakey-Milner <nbm@mithrandr.moria.org> porting to FreeBSD. - Start of Solaris port, thanks to Kurt Seifried <seifried@securityportal.com> for access to a Solaris 8 box. - Portability fix: include <netinet/in_systm.h> before <netinet/ip.h>. - Port to Solaris 8: new directory port. New file porting_junk.h. New file solaris_bogons.h - Add vsf_findlibs.sh to cater for different platform link requirements. Now builds on Solaris and Linux with "make". - struct sockaddr casts to kill Solaris warnings. - sysdeputil.c: remove unused variable warnings. - sysutil.c: use _exit() instead of exit() to avoid libc doing stuff on exit. Fixes segfault reported by Joshua Hill <josh@untruth.org>. - Add BENCHMARKS. Many thanks to Andrew Anderson <andrew@redhat.com>. - Fix disconnect/crash if SIGURG received whilst blocking on command stream. - Update INSTALL with more platforms. 0.0.11 packaged --------------- - Brag about performance in README. And why not. - Better bail-out message if the "ftp" anonymous user isn't found - Better bail-out message if the secure chroot directory isn't found - Introduce tunable_one_process_model and start work on it - Fix rare segfault on exit - race leading to infinite stack recursion - Don't bail out if we didn't get an argv[0]. Who cares? Noted by Kurt Seifried <seifried@securityportal.com>. - Change logged date format to include the year. - Add option to log in standard (wu-ftpd like) "xferlog" format. - Cater for sendfile() returning EINTR in sysdeputil.c - Use SO_LINGER on data sockets, to get accurate transfer rates! - Cater for an interrupted blocking close() - Tuning: eliminate 3 mprotect(), 1 munmap() and 1 mmap() system call per command read. - Prevent infinite loops calling sendfile(). Two bugs - we needed to check the sendfile() return for 0 (doh!!) and also, we sometimes did lseek() on a file, to beyond its end. Thanks to Daniel Veillard <Daniel.Veillard@imag.fr> for reporting. - Tuning: cache fd's for /etc/passwd and /etc/group to avoid syscalls. - Tuning: "assist" the get*uid(), get*nam() calls to not make lots of useless syscalls, if /etc/group and /etc/passwd are missing. Thanks to Daniel Veillard <Daniel.Veillard@imag.fr> for reporting. - Use SO_LINGER timeout of 5 mins; INT_MAX seemed to do nothing! - Finally(!) fix transfer rate timing. 0.0.12 packaged --------------- - Update INSTALL. Mention the config file can be given on the command line. - Lower VSFTP_MAX_COMMAND_LINE to 4096 (wu-ftpd uses 512 I think). - Add RedHat/vsftpd-rh7.spec, kindly provided by Emmanuel Galanos <egalanos@anchor.net.au>. - Add more RedHat/* spec files etc, kindly provided by Andrew Anderson <andrew@redhat.com>. - Cleanup: move two process model code to "twoprocess.c". - Damn! Make the file lock _block_ if it's busy, in sysutil.c. - Finish implementing one process model - benchmarks to follow - Don't log success if the download is ABOR'ed during the blocking close(). - Build on systems without PAM (obviously local logins won't work..) - Beware of FreeBSD accept() bug: ai32@drexel.edu - Implemented a customizable ftp banner with "ftpd_banner" config file setting - Builds on OpenBSD 2.8 - woohoo - FreeBSD: look for libpam.so* in /usr/lib - FreeBSD: add #include <sys/param.h> otherwise CMSG_* break. - Kill privparent.[ch] - merged them into twoprocess.c - Enable SIGCHLD handler _before_ forking - should nail a race which could lead to zombies. Inspired by zombie report from Joe Klemmer <klemmerj@webtrek.com>. - Data connection timeout code. - ftpcmdio.c: Don't cancel the alarm when we get a command. For safety, we insist that that the only way to "cancel" the alarm is to reset it. This prevents hangs blocking on write() to the command stream. Of course, data transfers are long running operations and have their own timeouts. - Data transfer timeout now kills session. - Take care that no writes block once we've decided to abandon ship. - FreeBSD sendfile() support. I wonder if it works! 0.0.13 packaged --------------- - Split out directory listing code into ls.c - Change blocking accept() and connect() code to use select() not SIGALRM! - Remove alarm() timeout junk from file locking in logging.c - Cater for signals interrupting the blocking file lock - Whoops: fix data timeout incorrectly going off. Noted and fixed by Joshua Hill <josh@untruth.org>. - Implement tunable_pasv_promiscuous to relax PASV IP checks. Useful if you are playing with secure tunneling of command connection. Idea, patch from Seth Vidal <skvidal@phy.duke.edu>. - Much better line-by-line file reading string buffer functions. - Use the above better functions for directory messages and config file reading. This eliminates a probable quadratic algorithm, i.e. it's a speedup. - Explictly free certain buffers rather than using the static trick. For example, the config file buffer which is only used once. - Massive cleanup and refactoring of login code. - Add ability to specify file containing list of banned e-mail addresses for anonymous users. Apparently a required feature for big sites trying to avoid DDoS attacks. - Add ability to specify file containing list of users to chroot(), request from helo <helo@neounix.com>, who also persuaded me not to use the homedir hack in /etc/passwd. - Add TODO: PASV port range config setting, for firewalled setups. From Rafal Wojtczuk <nergal@idea.avet.com.pl>. - Rudimentary support for non-PAM local user authentication, with encouragement and helpful discussion from D Richard Felker III <dalias@aerifal.cx>. - Use MAP_ANON instead of mmap() /dev/zero for anonymous pages. It saves using a file descriptor. Neither are standard(?) but MAP_ANON seems to work on a superset of systems compared with mmap() /dev/zero. - Ability to specify a PASV local port range with pasv_min_port and pasv_max_port. Request from Rafal Wojtczuk <nergal@idea.avet.com.pl>. - Non-PAM authentication: check /etc/shells, and support shadow password and account expiry. - First cut at a vsftpd.conf man page! (vsftpd.conf.5) 0.0.14 packaged --------------- - Default to ASCII mode transfers, as per RFC. Bug noted with Macintosh client by William Day <day@chem.duke.edu>. - Implement "ls -a". - Implement "ls -r". - Implement "ls -l", i.e. "NLST -L" now works - Implement "ls -t". Superb - now the oft-used "ls -ltr" works! - setproctitle() support - FreeBSD only in the first cut. - setproctitle() on Linux support - what a hack! This crap really needs kernel support. I'm ashamed I bothered. - Repair the contributed spec files a bit, based on reports from Oleg Drokin <green@iXcelerator.com> and Jakob Lichtenberg <jl@it-c.dk>. - Show remote IP and local username in setproctitle() support. - Add vsftpd.8 man page, thanks to Daniel Jacobowitz <dan@debian.org>. - In sysdeputil.c, check macros LINUX_VERSION_CODE and KERNEL_VERSION are defined. From James Antill <james@and.org>. - Workaround a broken firewall that expects a very precise PASV response. We now match wu-ftpd. Many many thanks to Jakob Lichtenberg <jl@it-c.dk> for his help. - If tunable_anon_world_readable_only (default), don't list directories unless they are world readable. - Use qsort() for directory sorting - eliminates gross quadratic sorting. Turbo charges directory listings with 1000's of entries. - Fix big memory leak in str_list_free(). - Simplify + reduce heap usage in strlist.c - Optimize away lots of excessive heap usage and redundant copying in str.c - By default, show numeric user/group id's in directory listings. Makes generating directory listings perhaps 4 times(!) faster, and is noticeable with e.g. 5000 entries in a directory. n.b. this performance figure is as measured on a glibc-2.2 system, so glibc would seem to be inefficient. - Don't use MSG_DONTWAIT - prefer the more portable fcntl()/O_NONBLOCK. Fixes glibc-2.0 build issues. - Work around broken Linux-2.0 unix fd passing. Now builds/runs on RH5.2. - Build fixes for FreeBSD 3.5, with help from Jerry Walsh <jerry@aardvark.ie>. - Only restrict directory listings to world-readable for _anonymous_ users! Thanks again Jerry Walsh <jerry@aardvark.ie> for the report. - Add TUNING - Special case for security/performance: if we need _no_ privilege, then force one process model. Security: root dropped totally straight away. Performance: no messing around forking etc. - Minor performance tweaks, don't leave big mappings lying around from config file parsing. 0.0.15 packaged --------------- - Argh. Fix SuSE 6.0 build issue (time_t used but not defined). Reported by Peter Stern <peter@frontierflying.com>. - Another SuSE 6.0 issue - another damn system lacking CMSG_SPACE etc. - Cope with any return value from blocking close(2). Previously, we missed EAGAIN, which some systems might return (not Linux). - New wizzy synchronous signal framework, to prevent re-entrancy issues. It presents an interface very similar to the traditional UNIX async interface. Technically this is a security fix; imagine a SIGURG (user controllable!) coming in whilst we are deep inside glibc. The SIGURG handler is non-trivial and may well re-enter and upset glibc. Specific example: the malloc subsystem. - When handing SIGURG, account the time taken under the data tranfer timeout. - Install the command timeout handler before we write anything to the remote. - Cleanup capabilities handling to be taken care of in secutil.c. - Fix bug: one_process_model mode could lose supplementary groups. - Add "SIZE" file. - Make one_process_model work with the anon deny e-mail list. - Massive cleanups. Start moving static state into a session structure. - Oops - fix Solaris 8 build by fixing include order in porting_junk.h, and include a dirfd() replacement. Noted by William Yodlowsky <wyodlows@andromeda.rutgers.edu> and Mike Batchelor <mikebat@tmcs.net>. - Fix return of a void function call in a void function. It upsets Sun's compiler. (gcc is fine with it, I'm not sure if it's against the rules). Noted by Mike Batchelor <mikebat@tmcs.net>. - Make it possible to use port ranges starting lower than 5001, from Matthew Kirkwood <weejock@ferret.lmh.ox.ac.uk>. - Use a /dev/zero mmap() fallback if we do not find MAP_ANON. This should fix the build on Solaris 2.6, 2.7 machines. Reported by Mike Batchelor <mikebat@tmcs.net>. Also noted as one of the problems facing an IRIX build. - Add MDTM support, so clients like ncftp can set the date on downloaded files. - Add irix_bogons.h, trying to port to IRIX 6.5, with help from Jan-Frode Myklebust <janfrode@parallab.uib.no>. - Don't reference "struct msghdr.msg_flags", not all systems have it. Clear it with vsf_sysutil_memclr() instead. Found on IRIX 6.5.11 - Cater for systems lacking getusershell(), e.g. IRIX 6.5.11, by not using it. - Fix compiler error with header files claiming 2.4 headers but only having 2.2 headers. Reported by Ben Ricker <bricker@wellinx.com>. - Kill warning on system without capabilities. - Add -R option to ls (disabled by default), to cater for broken clients which assume it is present (e.g. mirror). - Add "Makefile.sun", from Mike Batchelor <mikebat@tmcs.net>. - Fix PORT transfer crashes with "one_process_model". Reported by Andrew Anderson <andrew@redhat.com>. - Cater for HP-UX shared libraries which end in ".sl", from Kevin Vajk <kvajk@cup.hp.com>. - Add hpux_bogons.h, and make MAP_ANON a synonym for MAP_ANONYMOUS. - Move send_fd and recv_fd to sysdeputil.c and provide old-style fd passing code for IRIX and HP-UX. - Get it going on HP-UX 11.11 and HP-UX 10.20, thanks to Kevin Vajk <kvajk@cup.hp.com>. Minor changes to hpux_bogons.h - Update vsftpd.conf with "ls_recurse_enable". - Get it going on IRIX 6.5.11, thanks to Jan-Frode Myklebust <janfrode@parallab.uib.no>. - Fix reporting of filenames in MKD operations (regression since 0.0.15). - Wow - lots of contributed .spec files. Adopt those from Seth Vidal <skvidal@phy.duke.edu>. - Fix FreeBSD build. 0.9.0 packaged -------------- - Fix .spec files to include URL, from Seth Vidal <skvidal@phy.duke.edu>. - Don't let unprintable characters escape into setproctitle(). Thanks to Solar Designer for the suggestion. - Make the PAM service name a tunable, suggestion from Solar Designer. - Add option to log all FTP protocol (log_ftp_protocol). - Log logins, successful or failed. - Refuse to download a file in ASCII mode if REST position != 0. Solar reminded me by looking in the BUGS file. - Clearly mark an ASCII download in the FTP response string. - Argh. Fix broken upload timeout again (goes off erroneously). - Fix logging of FTP protocol, add logging of pid. Reported by Frank Fiamingo <FiamingF@strsoh.org>. - Fix bug where logging code bug()'s on the second logged operation, iff logging is in fact disabled! Reported by Alexander Schreiber <alexander.schreiber@informatik.tu-chemnitz.de>. - From Solar: be paranoid about libc implementations of isprint() in sysutil.c - Careful not to write any unprintable characters into the log. - fchmod() files that we fchown(), to prevent suid games, etc. - Cleanups, added comments to some headers. - Minor speedups to some str.c string handling functions. - Joe Klemmer <klemmerj@webtrek.com> reports zombies again! Nail a couple of races: make the SIGCHLD handler async, and cater for an interrupted wait(2) syscall. - If chroot_local_user=YES then chroot_list_enable becomes a list of users to NOT chroot(). With input from Lars Hecking <lhecking@nmrc.ie>. 0.9.1 packaged -------------- - DAMN! Fix silly "missing newline" logging bug. 0.9.1 repackaged ---------------- - Refuse to start if local_enable and anonymous_enable are NO, hit by Lars Hecking <lhecking@nmrc.ie>. - Report anonymous e-mail in the LOGIN log event, idea from Joachim Blaabjerg <styx@mailbox.as>. - Fix man page install in vsftpd-rh7.spec, from Matthew Galgoci <mgalgoci@redhat.com>. - Fix chown_upload bug noted by brett <beldridg@best.com>. - Add concept of guest user, idea from Andrew Anderson <andrew@redhat.com>. - Simple bandwidth limitation, inspired by Mads Martin Jørgensen <mmj@suse.de>. - Fix chown_upload bug in a different way. - Correct *_umask details in vsftpd.conf.5, from brett <beldridg@best.com>. - Don't show .files unless "ls -a" was specified, n.b. this differs in behaviour from wu-ftpd, but not proftpd. - Implement directory write(2) buffering, for a 33% reduction in CPU used to send big dirs. Activate the bandwidth limit on directory listings. - HPUX enhancements: setproctitle and sendfile. Thanks to Kevin Vajk <kvajk@cup.hp.com>. - We DON'T need to follow symlinks on "ls -R" - phew. - Add README.solaris. Thanks to Mike Batchelor <mikebat@tmcs.net>. - Implement passing remote host to PAM (for pam_access etc.), thanks to Emmanuel Galanos <egalanos@cerberus.anchor.net.au>. - Fix guest_enable so that this means all non-anonymous users are guest users. - Add ability to deny selected users before they get the chance to send their cleartext password!! - Fix FreeBSD build - use a cast instead of floor() which needs libm. 0.9.2 packaged -------------- - Fix potential leak in PAM handling code. - Fix build in the non-PAM case (dammit!!). Reported by Alexey E. Korchagin <Webmaster@buzuluk.ru> and Michael Fengler <michael.fengler@adpag.de>. - Include filename and size in bytes in the "here comes the data" 150 message. - Change link flags from "-s" to "-Wl,-s" - Add libcap support - should fix ia64, Alpha build problems with syscalls. - Tidy up vsf_findlibs.sh - Work with NFS mounted home dirs and root_squash, thanks to Hunter Matthews <thm@duke.edu> for the report. - Add FAQ. - Improve "make install". - Fix Solaris build (nanosleep is in a separate library, typical). - Fix REST + STOR combination, investigation inspired by Mike Batchelor <mikebat@tmcs.net>. 0.9.3 packaged -------------- - Update xinetd file to reflect /usr/local location. Thanks to Fridtjof Busse <fridtjof@fbunet.de>. - Make our 150 response code match wu-ftpd - allows broken "ange-ftp" of emacs to do a percentage complete indicator. Reported by Jonathan Kamens <jik@kamens.brookline.ma.us> via Andrew Anderson <andrew@redhat.com>. - Fix build on S390, ia64 platforms (poor kernel includes). Patch from <mmj@suse.de>. - Fix up vsf_findlibs.sh to cater for RedHat7.2 which has libcap. Reported by Chris Burton <chris@post.cpac.uk.com>. - Boast some more in BENCHMARKS. - Add anon_root and local_root, inspired by Ole Tange <tange@tange.dk>. - Fix up vsf_findlibs.sh to cater for broken Mandrake, and also consider the case of missing PAM headers (no pam-devel installed). Thanks to Jeff Baldwin <jeff_baldwin@unc.edu> for access to Mandrake. At this point: 1.0.0 packaged and released ------------------------------------------ Ah, the wonderful psychology of release numbers ----------------------------------------------- - Fix IRIX build (capabilities issue), Jan-Frode Myklebust <janfrode@parallab.uib.no>. - Fix FreeBSD build, reported by Jim Breton <jamesb-security-audit@alongtheway.com>. - Fix Debian build, reported by Brian Clark <brianj@fusionwerks.com>. 1.0.1 packaged -------------- - Fix .spec files to use /usr/local/sbin not /usr/sbin, noted by Bill Unruh <unruh@physics.ubc.ca>. - Small doc tweaks and improvements(?) - Add COPYING, the GNU GPL version 2. - Add use_localtime config option to override the use of GMT times. - Add tunable_check_shell (default YES) so people can disable this if they are not using PAM. - AIX 5.1 build support, thanks to Jan-Frode Myklebust <janfrode@parallab.uib.no>. - Add "hide_ids" option to show user/group in directory listings as "ftp". Request from Solar. - Use the seemingly more portable setreuid() and setregid(), poxy HP. - Use status 550 instead of 500 for known but disabled commands. - Rename "dirchange.[ch]" to "banner.[ch]". - Multiline connect banner support via "banner_file" config option. - Minor error message changes. - Add more FAQ entries. - Add patch to specify PASV address - thanks to Mike McLean <mikem@redhat.com>. - Drop the 2.4.0 kernel warning file - Rudimentary standalone listener support - to be expanded in a later release. - If sendfile() returns EINVAL just fall back to normal routines - handles non-pagecache backed files. - Add "port_promiscuous" setting - should help enabling FXP. - Modify anon_root and local_root to change directory _before_ applying the chroot(). - Open all files O_NONBLOCK to avoid pipes blocking on open. - Support wu-ftpd style per-user chroot() via /./ in /etc/passwd HOMEDIR. - Add SIGHUP support to new built in listener. - Per-user config overrides, via "user_config_dir" - woohoo! - Warning fixes, i.e. change "index" to "indexx" thanks to Olaf Kirch <okir@suse.de>. - Make sure the standalone daemon doesn't leak zombies! - Supposedly fix kernel messages about MSG_PEEK race - thanks to advice from Alexey <kuznet@ms2.inr.ac.ru>. - Add global client limit for standalone mode. - Add username that failed when we die with str_getpwnam. - Add a bunch of documentation under EXAMPLES. At this point: 1.1.0 package released ------------------------------------- (Note - 1.1.0 also included large file (>2Gb) support). - Fix port_promiscuous, oops! Thanks to Bjørn-Ove Heimsund <bjornoh@mi.uib.no>. - Fix to support umasks which create executable files. Reported by "Martin, Andreas" <AMartin@hegau-klinikum.de>. - Make the messages more.. professional :( Thanks to Steven G. Taylor <staylor@redhat.com>. - Allow anon users to append to files if they can delete files! Suggestion from Michael Leuchtenburg <michael@slashhome.org>. - Hopefully fix Solaris build (-lresolv) - Replace atoll() with a homebrew - modern FreeBSD, OpenBSD lack it. - Different solution for a umask which creates executable files: file_open_mode. - First attempt at Tru64 build, working with <Sulla17@aol.com>. - A few minor FAQ additions. - Change date format in the log from Sep 09 -> Sep 9. Avoids breaking some broken log parsers. - Make "INSTALL" better and clearer. - Fix passwd_chroot_enable, reported by James Jones <james@richland.edu>. - Finish Tru64 building :-) - Add tunable_no_anon_password as asked for by Stephen Quinney <stephen.quinney@computing-services.oxford.ac.uk>. At this point: 1.1.1 package released ------------------------------------- - Add per-IP connection limits in standalone mode. - Add logging of refused connect due to global or IP connection limits. - (Many thanks for testing and suggestions from Rob van Nieuwkerk <robn@verdi.et.tudelft.nl> and Adrian Reber <adrian@lisas.de>. - Make connection limit exceeded messages nonblocking. - Don't exit the listener if fork fails. At this point: 1.1.2 package released ------------------------------------- - Support for tcp_wrappers. - First stab at Solaris sendfilev() support. - Don't bomb out the listener on SIGHUP if the config became invalid. - End vsf_findlibs.sh with "exit 0;" - thanks Lars Hecking <lhecking@nmrc.ie>! - Integrate with tcp_wrappers - load config based on VSFTPD_LOAD_CONF environment variables. Allows per-IP configurability in standalone mode. - Fix build without tcp_wrappers. - Fix Solaris sendfilev() support - interruption via a signal returns EINTR rather than a partial byte count! - Add to EXAMPLE/ - PER_IP_CONFIG and INTERNET_SITE_NOINETD At this point: 1.1.3 package released ------------------------------------- - Eliminate crypt() not defined warning. - "grep -q" is not standard to redirect to /dev/null instead. - Make banned_email_file work second time around. - Add force_dot_files to work around broken clients. The behaviour when enabled is very wu-ftpd like. - Implement SITE HELP - should work around IE bug?