-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
817 lines (698 loc) · 32.6 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
This file contains all major changes made during the development of bftpd.
The uppermost change is the newest one.
Jesse Smith <[email protected]> -> 4.9
- Several checks added to chdir() and other
return codes to make sure syscalls are all returning
properly. Patch provided by Zhouyang Jia.
- Fixed some compiler warnings due to unused or
oddly indented code.
Jesse Smith <[email protected]> -> 4.8
- Fixed potential double-free bug during Bftpd shutdown.
- Fixed potential unititalized variable.
Thanks to Alex for reporting these bugs.
Jesse Smith <[email protected]> -> 4.7
- Fixed memory leak in rename function.
Thanks to Alex for reporting this bug.
Jesse Smith <[email protected]> -> 4.6
- Avoid memory corruption when reading config file by initalizing memory.
- Make sure CHROOT is default option, even if it is not specified
in the config file.
Thanks for Anton Yuzhaninov for providing the above two fixes.
Jesse Smith <[email protected]> -> 4.5
- Avoid potential buffer underflow in main.c
Thanks to Andreas for pointing out this problem.
Jesse Smith <[email protected]> -> 4.4
- Fixed potential buffer overflow when
expanding symbolic link file names.
Jesse Smith <[email protected]> -> 4.3
- Clarified license (COPYING file)
- Fixed compiler warning with regards to
pointer-to-integer cast.
Jesse Smith <[email protected]> -> 4.2
- Improved user checking code to avoid locking out
valid users from the system.
(Thanks to Lauri Kasanen for reporting this bug
and supplying a patch.)
Jesse Smith <[email protected]> -> 4.1
- Added checks to crypt() calls to prevent
operating on NULL pointer.
(Thanks to Lauri Kasanen for reporting this bug.)
Jesse Smith <[email protected]> -> 4.0
- Added patch from Thomas Cort to make Bftpd
compile on NetBSD.
Jesse Smith <[email protected]> -> 3.9
- Adjusted Makefile to allow for easy access to
non-default compiler options. Alternative compiler
can be used by running "make CC=compilername".
- Zhenbo Xu reported several potential memory
bugs which could cause Bftpd if the operating
system is out of memory. Also reported a memory
leak. Checks are now in place to prevent crashes
and the memory leak has been plugged.
- Added MINIX-specific configuration file which
should allow Bftpd to run smoothly and without
additional configuration on MINIX.
- Merged MINIX porting code into mainline Bftpd
so we can work with one, unified code base.
Jesse Smith <[email protected]> -> 3.8
- Fixed bug in user tracking which could result
in corrupted times on 64-bit systems.
- When Bftpd is compiled with a "prefix" (which
is the default behaviour) the Bftpd will
check both /etc/bftpd.conf AND PREFIX/etc/bftpd.conf
when trying to find its configuration file.
This should avoid requiring the admin to pass
the location of the config file on the command line.
Jesse Smith <[email protected]> -> 3.7
- Removed CVS directory from doc folder.
- Options in the config file may now have
following #comments.
Reading the config file should happen a
little faster too.
Thanks to Zhang for reporting this issue.
- Fixed typo in re-reading config file.
Thanks to Zhang for reporting this issue.
- When installing Bftpd the make file now
respects the configure --prefix=/path/to/install
flag.
Thanks to Martin for reporting this bug.
- Config file parser now handled multiple
unexpected spaces.
Thanks to Chang for reporting this issue.
Jesse Smith <[email protected]> -> 3.6
- Expanded home directory maximum length to 64 characters.
- Directory listing no longer hangs if the directory
contains a named pipe.
Jesse Smith <[email protected]> -> 3.5
- Added explicit setting of sin_family to AF_INET to
avoid ambiguity and possible bind errors.
(Patch provided by Tony.)
Jesse Smith <[email protected]> -> 3.4
- Added configuration file option TIMEZONE_FIX. By
default Bftpd tries to guess the time zone, working
around the C library. When running on a system where
the C library can correctly guess the time zone in
a chroot environment, set TIMEZONE_FIX="no" in the
bftpd.conf file.
- Added -v command line option which will cause
Bftpd to display the current version and exit.
Jesse Smith <[email protected]> -> 3.3
- Time stamps in the log file were not correct
after chrooting. Added time zone code to make
sure we can calculate the correct time without
access to system time zone info.
(Thanks to Paul for reporting this bug.)
Jesse Smith <[email protected]> -> 3.2
- Added new value for SHOW_HIDDEN_FILES option in the
config file. The option can now be set to "yes",
"no" or "always". This allows admins to determine whether
clients can see hidden files if it is requested, never
or all the time, repectively. Please see the config file
comments for details.
- Made sure HIDE_GROUP variable will cause files belonging
to a given group to not be shown to the client.
Jesse Smith <[email protected]> -> 3.1
- Make sure default config disables anonymous login
by default.
Jesse Smith <[email protected]> -> 3.0
- Updated documentation to fix links. Thanks to Xiang for
pointing out the error.
- Added Slovak documentation, provided by Dusan.
Jesse Smith <[email protected]> -> 2.9
- Bftpd will attempt to create it's utmp directory
if that directory does not exist. Fixes issue on
Ubuntu where the direcotry is wiped out at each
reboot.
- The ROOTDIR option now works properly for
anonymous users.
Thanks to Paul for reporting this bug.
Jesse Smith <[email protected]> -> 2.8
- Added patch which will allow client to see hidden
files if the "-a" parameter is used in list commands.
Hidden files are only shown if SHOW_HIDDEN_FILES
is enabled in the config file.
Patch provded by Raster.
- Swapped out glob function for custom directory
search matching. Allows clients to see broken
symbolic links if "SHOW_NONREADABLE_FILES" is set
to "yes".
Patch supplied by Raster.
- Added patch to clean up zombies if several children
processes all die at the same time. We were cleaning up
just one child per signal before.
Patch supplied by Raster.
- Fixed typo in log error message.
- Made sure we can read user config file options
even with unusual compile flags.
- Fixed anonymous login.
- Anonymous login disabled by default in the config file.
Jesse Smith <[email protected]> -> 2.7
- Added patch from Raster which returns more speicifc error
messages to the client when a file or directory cannot be
removed. This should avoid confusing some clients when the
user attempts to remove a directory.
- Added checks for increased security/stability and to remove
compiler warnings.
Jesse Smith <[email protected]> -> 2.6
- Removed some debugging information from the log file.
- Made certain that bandwidth log will not over-write itself
when multiple users are logged in.
- Bandwidth log file is flushed to avoid loss of data.
- Bftpd will write to bandwidth log even if client does
not disconnect cleanly.
Jesse Smith <[email protected]> -> 2.5
- Added better UTF support. Clients that check for this
will now enable UTF-8. For example, Filezilla.
- Made sure remote admin login was disabled. This shouldn't
have worked anyway, but disabled the feature to make sure.
- Added additional log file which tracks user bandwidth.
See the option in the config file called BANDWIDTH.
- Updated README file to contain notes on logging.
Jesse Smith <[email protected]> -> 2.4
- Fixed a possible security hole which would allow
attackers to perform a DoS attack against bftpd.
(Thanks to Dazhi for pointing out this problem.)
Jesse Smith <[email protected]> -> 2.2.1 (aka 2.3)
- Bftpd should not attempt to close stdin, stdout and stderr
if they do not exist. Fixed this in main.c.
(Patch provided by Ivan A-R.)
Jesse Smith <[email protected]> -> 2.2
- Bftpd does not exit when an incorrect password is given.
The server does drop connections in cases where logins are
specifically denied, full server or if an error appears in
the config file.
Jesse Smith <[email protected]> -> 2.1.2
- Added option to not show files in a dir list
if the file is not readable. Thanks to Eric
Woltermann for sending in this patch.
By default non-readable files are not listed.
See the SHOW_NONREADABLE_FILES config option.
- Make the replace() function safer with
range checking to avoid buffer over-flow.
- Fixed calls to replace() function.
- Most string buffers now have a set size of
MAX_STRING_LENGTH, rather than some arbitraty size.
- Applied patch to allow user specific data to
be subsituted into the user MOTD file path.
The symbols %u and %h and be used in place of the
user's username and home directory in the MOTD_USER
config option.
Thanks to Eric Woltermann for submitting this patch.
- Bftpd now prompts for a password, even on anonymous
accounts to help increase compatiblity with some
web browsers.
Jesse Smith <[email protected]> -> 2.1.1
- Fixed directory creation so that the proper
umask is used. thanks to Thiemo for pointing
out this problem.
- Fixed buffer under-size error in options.c
Thanks to Athan for reporting this bug.
Jesse Smith <[email protected]> -> 2.1
- By default, the SITE command is now disabled
in the bftpd.conf file. This is to prevent
security holes and DoS attacks via "site md5 <filename>"
Jesse Smith <[email protected]> -> 2.0.3
- Added md5 support for amd64 machines.
- If no arch is defined for md5, assume little endian.
Jesse Smith <[email protected]> -> 2.0.2
- Transfer buffer size now defaults to staying the
same (max) size for all transfers. To get a variable
buffer size, change the config option CHANGE_BUFSIZE
to "yes".
- Added config file option SHOW_HIDDEN_FILES. When this
option is set to "yes", bftpd shows hidden files in directory
listings. By default this is set to "no".
Jesse Smith <[email protected]> -> 2.0.1
- Avoid possible segfault in replace() function
in mystring.c
- Avoid memory error in main.c using strdup()
- Avoid segfault in options.c the create_options()
- Added ability to use the SITE command to provide md5
checksums of files. (usage: site md5 filename)
Very many thanks to Ulrich Drepper and Gray Watson for
the md5 library!
- Changed ratio calculations to use double type to
allow for larger files and data transfers.
- Added HELP option to the SITE command.
(usage: site help)
- Added config file variable CHANGE_BUFSIZE. This
determines whether the transfer buffer changes size.
It defaults to "yes".
- Removed extra fileno() calles in file receives.
Jesse Smith <[email protected]> -> 2.0
- Avoid memory error in options.c
Jesse Smith <[email protected]> -> 1.9.3
- Avoid segfaults in options.c and cwd.c
- Added memory checks in options.c
Jesse Smith <[email protected]> -> 1.9.2
- Avoid segfaults in options.c and dirlist.c
Jesse Smith <[email protected]> -> 1.9.1
- Avoid segfaults in options.c and main.c
Jesse Smith <[email protected]> -> 1.9
- Added limits.h entry to main.c and options.c
for compatibility with FreeBSD.
(All problems with bftpd on FreeBSD were found and
corrected by Beech of the FreeBSD team.)
Jesse Smith <[email protected]> -> 1.8.4
- When printing file sizes for files larger than 4GB
the file size is now displayed correctly.
- When a FTP client drops a connection without sending
an ABORT (ABOR) signal, Bftpd will detect the dropped
connection and log it. This prevents stale connections
preventing new users from connecting.
(Bug found and fixed by: Thorsten)
- Added limits.h and signal.h to list of headers used
in commands.c, for compatibility with BSD.
- Changed sighandler_t in "run_script()" to sig_t
for compatibility between Linux and BSD.
- Added OpenPAM patch from FreeBSD (login.c)
- Added limits.h include to login.c file for
compatibility with BSD.
Jesse Smith <[email protected]> -> 1.8.3
- If Bftpd is unable to create bftpdutmp file, an error
should now be written to the log file.
- Directory output corrected for when large files (> 2GB)
are listed.
- Documentation for xinetd config updated.
Jesse Smith <[email protected]> -> 1.8.2
- Changed bftpd's direcotry name to plain "bftpd"
rather than "bftpd-version". This will, hopefully, make
it easier to run scripts which build/run bftpd.
Jesse Smith <[email protected]> -> 1.8.1
- Avoid segfault in getoption() (options.c)
Credit to Mats Erik Andersson for finding this bug.
- Fixed potential memory leaks in commands.c
Jesse Smith <[email protected]> -> 1.7.2
- Fixed serious bug which would cause bftpd to crash
while sending a file. Double-free error.
(Credit to Davide Pozza for reporting these bugs below.)
- Prevent buffer over-flow in parsecmd() when
forming confstr variable.
- Check return values of strtoul() to make sure they
do not over-flow an int.
Jesse Smith <[email protected]> -> 1.7.1
(Credit to Davide Pozza for reporting these bugs.)
- Avoid memory over-flow in bftpd_login (login.c)
with the str[] variable. Made size 512 + 1.
- Avoid buffer over-flow in str[] variable in
main().
- Prevent buffer over-flow in check_file_password()
when performing fscanf().
- In check_file_password() made calloc() allocate
larger buffer to prevent over-flow.
- Performed range checking on the number of users on
the system to make sure they don't over-flow a 32-bit int.
- Make sure malloc calls in commands.c do not allocate
too much or too little memory.
Jesse Smith <[email protected]> -> 1.6.6
- Perform memory allocation check in bftpd_cwd_mappath()
- Changed a strcmp() to strcasecmp() in command_retr function.
- Performed free(mapped) at end of command_retr.
- Performed memory checks and clean-up in various functions.
Jesse Smith <[email protected]> -> 1.6.5
- The when using the FILE_AUTH option, the text
password file can contain anonymous users. That is,
users who do not require passwords. THIS IS DANGEROUS
ON MOST SYSTEMS. A entry with the password field set to
a * (star) does not require a password. See the
config file option FILE_AUTH for more information.
Jesse Smith <[email protected]> -> 1.6.4
- Allow ANONYMOUS_USER config file option to be used with
the FILE_AUTH option. This basically allows anyone
to login to the system without a password if both
options are used!
- When a chroot fails during login the server will
no longer tell the client which directory it was trying
to chroot to.
- When the config.h file contains a definition for
NO_GETPWNAM then the getpwnam() function is not used.
Also, this forces the use of the FILE_AUTH option. If
NO_GETPWNAM is defined and FILE_AUTH is not used, all
connections are dropped.
Jesse Smith <[email protected]> -> 1.6.3
- Introduced option to over-ride the local/LAN
IP address assigned to the host computer. This
option takes a 4-number IP address in the format
of "127.0.3.101". See OVERRIDE_IP in bftpd.conf for
more information.
- Removed description-pak file from source tree.
- The options PRE_WRITE_SCRIPT and POST_WRITE_SCRIPT
have been added to the bftpd.conf file. These options
let you run scripts before and after any command writes
to the file system. Handy if you want to re-mount.
Please see the bftpd.conf file for details.
Jesse Smith <[email protected]> -> 1.6.2
- When using FILE_AUTH to login, check
DO_CHROOT option before performing
a chroot().
Jesse Smith <[email protected]> -> 1.6.1
- Removed code which uses sendfile().
The sendfile code appears to cause a
conflict on some systems when used
with 64-bit file size variables.
Jesse Smith <[email protected]> -> 1.6
- Released bftpd without code changes, but
with updated Polish documentation.
Jesse Smith <[email protected]> -> 1.5
- Added Polish documentation to website.
Jesse Smith <[email protected]> -> 1.4.1
- Added ability to use a plain text file
for authentication. See config file option
FILE_AUTH for details.
Jesse Smith <[email protected]> -> 1.4
- Fixed default configuration.
- Fixed compile warnings for vanilla config.
Jesse Smith <[email protected]> -> 1.3.2
- Fixed Makefile to erase config.cache file during
"make clean"
- Added ability to uncompress files on the fly
during downloads. Any file with the extension
".gz" can be decompressed during transfer to
the client with the use of the GZ_DOWNLOAD
in the config file. This option requires bftpd
be configured (pre-compile time) with the flag
--enable-libz.
Jesse Smith <[email protected]> -> 1.3.1
- Changed ratio values to unsigned long
variables to support large files.
- Editted Makefile to allow bftpd to handle large
files (2GB+).
Jesse Smith <[email protected]> -> 1.2.2
- Added ability to upload files and
compress them into .gz files on the fly.
See bftpd.conf file for the option.
This option requires --enable-libz be
used when running the configure script.
- Cleaned up code to avoid compiler warnings
from gcc 4.0.2.
Files changed: main.c commands.c
Jesse Smith <[email protected]> -> 1.2.1
- When the config file is re-read, global
are changed only.
Files changes: options.c options.h
Jesse Smith <[email protected]> -> 1.2
- Made re-reable options be able to hold larger
values. Up to 256 bytes/characters long.
- Replaced old rpm spec file with one from
Joe, which will be used from now on for
rpm builds.
Jesse Smith <[email protected]> -> 1.1.3
- When a child/client dies, the
parent process will now attempt to
remove the client's log entry
from the bftpdutmp file. This
should prevent stale entries.
- Changed some default values to
constants in options.h
- Fixed typo(s) in bftpd.conf
- Set delete/over-write for global
users to be disabled by default
in bftpd.conf.
- Added the XFER_DELAY option to
the bftpd.conf file. This allows
the admin to set a time delay
between data transfer bursts.
This aid in bandwidth throttling.
Please see bftpd.conf for more
details on this feature.
- Added more re-read options
when catching signal SIGHUP.
The re-readable options are now:
HELLO_STRING, QUIT_MSG, XFERBUFSIZE,
DATA_TIMEOUT, CONTROL_TIMEOUT,
USERLIMIT_GLOBAL, USERLIMIT_SINGLEUSER,
USERLIMIT_HOST, DENY_LOGIN and XFER_DELAY.
Jesse Smith <[email protected]> -> 1.1.2
- Program now catches signal SIGHUP.
- When bftpd catches the SIGHUP (hang up)
it re-reads the config file. It looks
for some config values, but not all.
At this time, the values which are
re-read are:
HELLO_STRING, QUIT_MSG and XFERBUFSIZE
Jesse Smith <[email protected]> -> 1.1.1
- Added rpm spec file to redhat directory.
- Changed numberic string length (512) to a defined
string length (MAXCMD). Makes code more
compatible with main.c and uses less stack
memory. File changed: commands.c
- When receiving files, the transfer buffer
(XFER_BUFSIZE) is divided by the number of
connected clients. This should prevent bandwidth
being sucked back by multiple connections.
- Minor fixes, checking for malloc errors,
freeing memory and closing sockets.
File changed: commands.c
- When sending files, the transfer buffer
(XFER_BUFSIZE) is divided by the number
of connected clients. This should prevent
bandwidth being taken over by multiple connections.
- Changed Makefile so bftpd.8 gets installed as
a manual page in the proper location.
Also updated rpm spec file to include man page.
Jesse Smith <[email protected]> -> 1.1.0
- Changed some bftpdutmp_log(0) lines to
calls to bftpdutmp_end(). This should be safer.
- Made sure that clients cannot write or append
to files if the "delete" command is disabled. I
think if they cannot delete the file they shouldn't
be allowed to truncate it to zero bytes either.
- Added reason for login failure to log file.
- Removed logging of getting user count from
temp file. Just seems to be taking up space.
Jesse Smith <[email protected]> -> 1.0.24-2
- Added ability to block multiple connections from the
same IP address. This will keep download managers and
Internet Explorer from taking up multiple connections.
See the new option USERLIMIT_HOST in bftpd.conf.
- Made sure that bftpd logs out stale control connections
via added calls to bftpdutmp_log(0).
- Added alarm() calls before trying to read from
the control socket. We shouldn't assume we are going to
get anything.
Jesse Smith <[email protected]> -> 1.0.24-1
- Fixed bug with NLIST command. The bftpd server should not be
sending leading path in front of filename when using NLIST.
File(s) affected: dirlist.c
- Added the MGET command. Allows client to receive multiple files
with one command.
File(s) affected: commands.c
- Added the MPUT command. Allows client to send multiple files
to the server with one command.
File(s) affected: commands.c
Max-Wilhelm Bruker <[email protected]> -> 1.0.24
- The PATH_BFTPDUTMP configuration option was added (idea by Szabo Peter
- Whenever a data connection is established, the reply message now
contains the transfer mode (idea by Szabo Peter).
- The -D, -h and -n command line options have been added (idea by Szabo
Peter). Some code was changed to support operation without a configuration
file.
- ATTENTION! The option LOGFILE has changed. See sample config file.
- In daemon mode, bftpd closes its sockets correctly now (important if you
have a lot of connections), problem discovered by Olivier Kaloudoff.
- Fixed a bug that prevented Mozilla from getting directory lists (found
by Marc Pauls).
- Daniel Mack fixed a memory leak in his code.
- The configuration parser handles comments better now.
- The USERLIMIT_GLOBAL configuration option has been added.
- The USERLIMIT_SINGLEUSER configuration option has been added.
- Some memory leaks discovered by David Heine <[email protected]>
were fixed.
Max-Wilhelm Bruker <[email protected]> -> 1.0.23
- A serious file corruption bug using sendfile was fixed.
- A makefile bug was fixed.
- The AUTO_CHDIR and HIDE_GROUP configuration options were added.
- A bug in the RNFR and RNTO functions has been fixed.
- A bug occuring when compiling on StrongARM has been fixed.
- The config file has been made more tolerant to missing spaces (error
reported by Saus101 <[email protected]>).
- A bug in the HELP function was fixed.
- Two BSD incompatibilities have been fixed.
- A STAT bug was fixed.
- bftpd now follows symlinks.
- A bug in the daemonmode code was fixed.
Max-Wilhelm Bruker <[email protected]> -> 1.0.22
- The ALLOW_FXP configuration option has been added.
- The DATA_TIMEOUT configuration option has been added.
- The PASSIVE_PORTS configuration option has been added.
- A control timeout bug has been fixed.
- Configuration options are now written like name="value", allowing
comments after the option. Directories are written like
directory "/foo/bar" {. Please update your config files!
- bftpdutmp logging has been implemented as well as some administration
functions using it. Read the updated documentation for details on how
to use them.
- You needn't link gzip statically to bftpd any more if you want on-the-fly
compression, but you can dynamically link against zlib instead now.
The pax sources are still needed for tar on-the-fly.
- A directory listing bug reported by Hendrik Harms
<[email protected]> has been fixed.
Max-Wilhelm Bruker <[email protected]> -> 1.0.21
- The XFER_BUFSIZE configuration option has been added, allowing tweaking
of data throughput. If you and your clients are on a very fast network
(fast meaning 100 Mbit/s or more), you should set this to 64000 or
something like that.
- The APPE command has been implemented.
- The ALLO command has been implemented as an alias to NOOP.
- The INITAL_CHROOT configuration option has been added. See the new
example config file for details.
- The ability to disable logging has been added :)
- A bug making file transmissions impossible with old config files has
been fixed.
- A bug concerning file truncating when STORing has been fixed.
Max-Wilhelm Bruker <[email protected]> -> 1.0.20
- The FEAT function has been implemented.
- A permission bug in the STOR function has been fixed.
- The UMASK configuration option can now be used directory-specifically.
- The EPSV and EPRT functions have been implemented, making IPv6 support
possible somewhere in the future.
Max-Wilhelm Bruker <[email protected]> -> 1.0.19
- The NLST function has been made usable again. There has been an
unnoticed bug in it since the globbing function has been implemented.
- The XCWD, XCUP, XMKD, XRMD and XPWD functions have been implemented
as aliases to CWD, CDUP, MKD, RMD and PWD.
- The documentation is now in the SGML format, making it more extensible,
hopefully.
- The DATAPORT20 configuration option has been added. If set to yes,
the server will open data connections from port 20, which should make
firewall users happier.
Max-Wilhelm Bruker <[email protected]> -> 1.0.18
- The configuration file has been restructured. See README for details.
- The PORT configuration option has been added, allowing you to change
the port number the daemon should listen on (only for daemon mode).
- A workaround for the /*/../* vulnerability mentioned on Bugtraq has
been added, although it's not the right thing to do, really.
- Compatibility to Solaris 8 has been improved. Josh Woodcock
<[email protected]> and Michael Smirnov <[email protected]> gave
some hints.
- The CONTROL_TIMEOUT configuration option has been added. You can now
say after how many seconds of idle time users should be kicked.
- Hashes (#) in /etc/passwd and /etc/group are now supported as comments.
This improves FreeBSD compatibility, I'm not sure about other systems.
Max-Wilhelm Bruker <[email protected]> -> 1.0.17
- A globbing bug was fixed, making Midnight Commander able to connect
to bftpd.
- A bug which appeared when doing LIST if a group line in /etc/group
had more than 256 characters was fixed.
- /etc/shells and /etc/ftpusers authentication were implemented by
Christophe Bailleux.
- You can now indent your configuration options with tabulators.
- A small problem with the ip_conntrack_ftp kernel module has been fixed,
which was the fault of ip_conntrack_ftp. It was found by Erik Hensema
- ASCII transfer mode has been implemented.
- You can now prevent a user from executing specific commands by using
the ALLOWCOMMAND_XXXX=no option.
Max-Wilhelm Bruker <[email protected]> -> 1.0.16
- .tar and .gz on-the-fly support has been implemented. Look in the
README file if you want to do that.
- Supplementary group IDs are now initialized correctly.
- PORT commands now check if the supplied IP address really belongs
to the client, so that an attacker can't make the server connect
to a machine in its LAN.
- A bug making the wtmp logging system unusable under BSD systems was
fixed.
- A bug making the server crash when logging in a non-existent user
with ANONYMOUS_USER enabled was fixed.
- A patch supplied by Christophe Bailleux was applied, changing the
following:
- Spaces after a command in each command string are removed.
- The HELP command was implemented.
- CWD to ~ now works.
Max-Wilhelm Bruker <[email protected]> -> 1.0.15
- You can override the default path to the config file with the command
line parameter '-c'.
- wtmp logging was implemented, so that bftpd logins show up in
commands like 'last'.
- You can have bftpd bind to only one interface, for example, if you
want to run an FTP proxy server on the same port on another network
interface.
- The LIST and NLST commands now support globbing.
- A security problem in the syslog code was fixed.
Max-Wilhelm Bruker <[email protected]> -> 1.0.14
- A lot of bugs found by Christophe Bailleux <[email protected]> have been
fixed, as always.
- bftpd can now cope with special characters, such as umlauts.
- SITE commands are now disabled by default.
- A bug preventing resolution of GIDs on some systems has been fixed.
- Debian packages are now built for every new version.
- You can now specify if any password should fit for a particular user,
so that you don't have to set a user's password to nothing
(security).
- You can now turn off chroot() for particular users.
Max-Wilhelm Bruker <[email protected]> -> 1.0.13
- David L. Nicol <[email protected]> tested bftpd on Tru64.
He also improved the character filtering routine.
- Some RFC incompliance was fixed, improving compatibility with
FTPExplorer and LeechFTP.
- The SIZE command was implemented.
- A bug making the server segfault when being killed was fixed.
- A buffer overflow bug found by asynchro <[email protected]>,
Jonathan Heusser <[email protected]> and Christophe
Bailleux <[email protected]> was fixed.
- The SITE CHMOD and SITE CHOWN commands were implemented. You can turn
them off in the config file.
- A lot of useful changes proposed by Heiko Rother <[email protected]>
were made:
- Standalone mode, independent from inetd
- Better support for symbolic links
- Display of user/group name instead of UID/GID
- Ability to set the umask
- Ability to log into syslog
Max-Wilhelm Bruker <[email protected]> -> 1.0.12
- SmartFTP support was improved (parameters to LIST beginning with -
are discarded).
- A buffer overflow bug found by Christophe Bailleux <[email protected]>
was fixed.
Max-Wilhelm Bruker <[email protected]> -> 1.0.11
- PAM support was implemented. Specify --enable-pam while starting
configure to use it.
- You can now specify users who should be unable to log in.
Max-Wilhelm Bruker <[email protected]> -> 1.0.10
- Applied a big patch from Daniel Mack that makes some things better,
for example virtual host support, a FreeBSD correction for the
directory listings, etc.
- The MDTM command was implemented.
Max-Wilhelm Bruker <[email protected]> -> 1.0.9
- Fixed another bug preventing successful running on Solaris.
- Implemented "message of the day".
- Fixed an evil bug in string substitution.
- Fixed a bug causing the server to crash when listing an empty
directory.
- The NLST command was implemented.
Max-Wilhelm Bruker <[email protected]> -> 1.0.8
- Fixed a bug that caused StarOffice not to work.
- Removed the use of a non-Posix function that prevented compiling
on Solaris.
- Implemented an option to let root have / as his home directory
independent of his real one.
Max-Wilhelm Bruker <[email protected]> -> 1.0.7
- The PASV command was implemented.
Max-Wilhelm Bruker <[email protected]> -> 1.0.6
- bftpd also compiles on FreeBSD and Solaris.
- Aliases for users can be set.
- Error messages are now printed correctly.
- "In bftpd.conf you can define if you want bftpd to use /etc/shadow"
was removed again because it was stupid.
- Ratio was added.
Max-Wilhelm Bruker <[email protected]> -> 1.0.5
- ls-independant directory listing was implemented. You don't need
special directories or files in your home directory any longer.
- Compiling works with configure for portability reasons now.
- bftpd also compiles on BSD/OS and DG-UX.
- The name of the log file can now be set in bftpd.conf.
- The RMD command was implemented.
- Internet Explorer and Netscape compatability was improved.
- The REST command was implemented.
- The ABOR command was implemented (but with very stupid code!).
- In bftpd.conf you can define if you want bftpd to use /etc/shadow.
Max-Wilhelm Bruker <[email protected]> -> 1.0.4
- Logging was implemented.
- A wrong error number for 'Permission denied' was fixed.
Max-Wilhelm Bruker <[email protected]> -> 1.0.3
- A config file and two options have been implemented: You can
disable the server and you can disable .ftp.
Max-Wilhelm Bruker <[email protected]> -> 1.0.2
- It is now checked if .ftp is a symbolic link so that users don't
link .ftp to /.