"Fossies" - the Fresh Open Source Software Archive

Member "bftpd/CHANGELOG" (10 Jan 2021, 36165 Bytes) of package /linux/privat/bftpd-5.7.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "CHANGELOG": 5.6_vs_5.7.

    1 This file contains all major changes made during the development of bftpd.
    2 The uppermost change is the newest one.
    3 
    4 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.7
    5 	- A malicious client could cause a buffer overflow with
    6 	  a lot of EPSV commands sent in a row. We now close
    7 	  the pasv socket before each new use to avoid accumulating
    8 	  more than 1023.
    9 	  Thanks to Shisong Qin for reporting this issue and suggesting
   10 	  a fix.
   11 
   12 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.6
   13 	- Fixed file transfer ratios so that an empty
   14 	  ratio, such as one set by running Bftpd without
   15 	  a configuration file, results in there being no
   16 	  ratio.
   17         - Fixed potential string overflow issue in
   18           mystring.c code. Avoids situations where an
   19           unusually large string might be able to overwrite
   20           a buffer.
   21 
   22 
   23 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.5
   24 	- Fixed a file descriptor leak would could cause the Bftpd
   25 	  server to run out of available files it can open when storing/uploading
   26           files.
   27           Eric Debief provided a patch to correct the issue.
   28 
   29 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.4
   30 	- Fixed potential one-by-one heap issue when
   31           reading during transferring files. 
   32 	  Issue reported by Antonio Morales.
   33 
   34 
   35 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.3
   36 	- Made the situation where FILE_AUTH more clear, advised
   37           against it. Added warning about making sure password
   38           file is not readable by another other than the admin.
   39 	- Updated Makefile.in to use more fine-grained dependency
   40 	  checks. Should speed up compiling when just one
   41 	  source file has been altered.
   42 	  New Makefile.in provided by Vemake.
   43 	- Fixed out of bounds memory read when fetching options.
   44           Issue reported by and solution provided by Antonio Morales.
   45 
   46 
   47 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.2
   48 	- Make sure we do not send extra newline when DENY message
   49 	is sent to the client.
   50 	- Fixed some build dependencies in the Makefile so fresh
   51           build is triggered by updating config.h.
   52           Change provided by Vemake.
   53 
   54 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.1
   55 	- Fixed duplicate error message when user tries to
   56           sign in with invalid username.
   57 	- Make sure user can change username before
   58 	  successfully authenticating.
   59 	- Fix error message when "type" command is not
   60           given a parameter.
   61 	- Make sure we do not return multiple error
   62 	  codes when an account is disabled.
   63 	- Do not drop connection to client when
   64 	  selected account is disabled.
   65 	- Make sure when accounts are disabled/denied, they print the
   66           proper reason (set in the config file) back to the client.
   67 
   68 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.0
   69 	- Added more checks to places where we are mapping a file
   70           or checking for symbolic links. Should avoid trying to
   71           operating on invalid path names or broken symlinks.
   72           Issue reported by Xu.
   73 
   74 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.9
   75 	- Several checks added to chdir() and other
   76           return codes to make sure syscalls are all returning
   77           properly. Patch provided by Zhouyang Jia.
   78 	- Fixed some compiler warnings due to unused or
   79           oddly indented code.
   80 
   81 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.8
   82 	- Fixed potential double-free bug during Bftpd shutdown.
   83 	- Fixed potential unititalized variable.
   84 	  Thanks to Alex for reporting these bugs.
   85 
   86 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.7
   87 	- Fixed memory leak in rename function.
   88           Thanks to Alex for reporting this bug.
   89 
   90 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.6
   91 	- Avoid memory corruption when reading config file by initalizing memory.
   92 	- Make sure CHROOT is default option, even if it is not specified
   93 	  in the config file.
   94 	  Thanks for Anton Yuzhaninov for providing the above two fixes.
   95 
   96 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.5
   97 	- Avoid potential buffer underflow in main.c
   98 	  Thanks to Andreas for pointing out this problem.
   99 
  100 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.4
  101 	- Fixed potential buffer overflow when
  102 	  expanding symbolic link file names.
  103 
  104 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.3
  105 	- Clarified license (COPYING file)
  106         - Fixed compiler warning with regards to
  107           pointer-to-integer cast.
  108 
  109 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.2
  110 	- Improved user checking code to avoid locking out
  111 	  valid users from the system.
  112 	  (Thanks to Lauri Kasanen for reporting this bug
  113            and supplying a patch.)
  114 	
  115 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.1
  116 	- Added checks to crypt() calls to prevent
  117 	  operating on NULL pointer.
  118 	  (Thanks to Lauri Kasanen for reporting this bug.)
  119 
  120 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.0
  121 	- Added patch from Thomas Cort to make Bftpd
  122 	  compile on NetBSD.
  123 
  124 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.9
  125 	- Adjusted Makefile to allow for easy access to
  126 	  non-default compiler options. Alternative compiler
  127 	  can be used by running "make CC=compilername".
  128 	- Zhenbo Xu reported several potential memory
  129 	  bugs which could cause Bftpd if the operating
  130 	  system is out of memory. Also reported a memory
  131           leak. Checks are now in place to prevent crashes
  132 	  and the memory leak has been plugged.
  133 	- Added MINIX-specific configuration file which
  134           should allow Bftpd to run smoothly and without
  135 	  additional configuration on MINIX.
  136 	- Merged MINIX porting code into mainline Bftpd
  137 	  so we can work with one, unified code base.
  138 
  139 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.8
  140 	- Fixed bug in user tracking which could result
  141           in corrupted times on 64-bit systems.
  142 	- When Bftpd is compiled with a "prefix" (which
  143           is the default behaviour) the Bftpd will
  144 	  check both /etc/bftpd.conf AND PREFIX/etc/bftpd.conf
  145           when trying to find its configuration file.
  146           This should avoid requiring the admin to pass
  147 	  the location of the config file on the command line.
  148 
  149 
  150 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.7
  151 	- Removed CVS directory from doc folder.
  152 	- Options in the config file may now have
  153           following #comments.
  154           Reading the config file should happen a
  155           little faster too.
  156           Thanks to Zhang for reporting this issue.
  157 	- Fixed typo in re-reading config file.
  158 	  Thanks to Zhang for reporting this issue.
  159 	- When installing Bftpd the make file now
  160 	  respects the configure --prefix=/path/to/install
  161 	  flag.
  162           Thanks to Martin for reporting this bug.
  163         - Config file parser now handled multiple
  164           unexpected spaces.
  165           Thanks to Chang for reporting this issue.
  166 
  167 
  168 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.6
  169 	- Expanded home directory maximum length to 64 characters.
  170 	- Directory listing no longer hangs if the directory
  171 	  contains a named pipe.
  172 
  173 
  174 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.5
  175 	- Added explicit setting of sin_family to AF_INET to
  176 	  avoid ambiguity and possible bind errors.
  177 	  (Patch provided by Tony.)
  178 
  179 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.4
  180 	- Added configuration file option TIMEZONE_FIX. By
  181 	  default Bftpd tries to guess the time zone, working
  182 	  around the C library. When running on a system where
  183 	  the C library can correctly guess the time zone in
  184 	  a chroot environment, set TIMEZONE_FIX="no" in the
  185 	  bftpd.conf file.
  186 	- Added -v command line option which will cause
  187 	  Bftpd to display the current version and exit.
  188 
  189 
  190 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.3
  191 	- Time stamps in the log file were not correct
  192 	  after chrooting. Added time zone code to make
  193 	  sure we can calculate the correct time without
  194 	  access to system time zone info.
  195 	  (Thanks to Paul for reporting this bug.)
  196 	  
  197 
  198 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.2
  199 	- Added new value for SHOW_HIDDEN_FILES option in the
  200   	  config file. The option can now be set to "yes",
  201  	  "no" or "always". This allows admins to determine whether
  202 	  clients can see hidden files if it is requested, never
  203 	  or all the time, repectively. Please see the config file
  204 	  comments for details.
  205 	- Made sure HIDE_GROUP variable will cause files belonging
  206 	  to a given group to not be shown to the client.
  207 
  208 
  209 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.1
  210 	- Make sure default config disables anonymous login
  211 	  by default.
  212 
  213 
  214 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.0
  215 	- Updated documentation to fix links. Thanks to Xiang for
  216 	  pointing out the error.
  217 	- Added Slovak documentation, provided by Dusan.
  218 
  219 
  220 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.9
  221 	- Bftpd will attempt to create it's utmp directory
  222           if that directory does not exist. Fixes issue on
  223 	  Ubuntu where the direcotry is wiped out at each
  224 	  reboot.
  225 	- The ROOTDIR option now works properly for
  226 	  anonymous users.
  227 	  Thanks to Paul for reporting this bug.
  228 
  229 
  230 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.8
  231 	- Added patch which will allow client to see hidden
  232 	  files if the "-a" parameter is used in list commands. 
  233 	  Hidden files are only shown if SHOW_HIDDEN_FILES 
  234 	  is enabled in the config file.
  235 	  Patch provded by Raster.
  236 	- Swapped out glob function for custom directory
  237   	  search matching. Allows clients to see broken
  238 	  symbolic links if "SHOW_NONREADABLE_FILES" is set
  239 	  to "yes".
  240 	  Patch supplied by Raster.
  241 	- Added patch to clean up zombies if several children
  242 	  processes all die at the same time. We were cleaning up
  243 	  just one child per signal before.
  244 	  Patch supplied by Raster.
  245 	- Fixed typo in log error message.
  246 	- Made sure we can read user config file options
  247 	  even with unusual compile flags.
  248 	- Fixed anonymous login.
  249 	- Anonymous login disabled by default in the config file.
  250 
  251 
  252 
  253 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.7
  254 	- Added patch from Raster which returns more speicifc error
  255 	  messages to the client when a file or directory cannot be
  256 	  removed. This should avoid confusing some clients when the
  257 	  user attempts to remove a directory.
  258 	- Added checks for increased security/stability and to remove
  259 	  compiler warnings.
  260 
  261 
  262 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.6
  263 	- Removed some debugging information from the log file.
  264 	- Made certain that bandwidth log will not over-write itself
  265        	  when multiple users are logged in.
  266 	- Bandwidth log file is flushed to avoid loss of data.
  267  	- Bftpd will write to bandwidth log even if client does
  268 	  not disconnect cleanly.
  269 
  270 
  271 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.5
  272 	- Added better UTF support. Clients that check for this
  273   	  will now enable UTF-8. For example, Filezilla.
  274 	- Made sure remote admin login was disabled. This shouldn't
  275   	  have worked anyway, but disabled the feature to make sure.
  276 	- Added additional log file which tracks user bandwidth.
  277 	  See the option in the config file called BANDWIDTH.
  278 	- Updated README file to contain notes on logging.
  279 
  280 
  281 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.4
  282 	- Fixed a possible security hole which would allow
  283 	attackers to perform a DoS attack against bftpd.
  284         (Thanks to Dazhi for pointing out this problem.)
  285 
  286 
  287 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.2.1 (aka 2.3)
  288 	- Bftpd should not attempt to close stdin, stdout and stderr
  289 	if they do not exist. Fixed this in main.c.
  290 	(Patch provided by Ivan A-R.)
  291 
  292 
  293 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.2
  294 	- Bftpd does not exit when an incorrect password is given.
  295 	The server does drop connections in cases where logins are
  296 	specifically denied, full server or if an error appears in
  297 	the config file.
  298 
  299 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.1.2
  300 	- Added option to not show files in a dir list
  301 	if the file is not readable. Thanks to Eric
  302         Woltermann for sending in this patch.
  303 	By default non-readable files are not listed.
  304 	See the SHOW_NONREADABLE_FILES config option.
  305 	- Make the replace() function safer with
  306 	range checking to avoid buffer over-flow.
  307 	- Fixed calls to replace() function.
  308 	- Most string buffers now have a set size of
  309 	MAX_STRING_LENGTH, rather than some arbitraty size.
  310 	- Applied patch to allow user specific data to
  311 	be subsituted into the user MOTD file path.
  312 	The symbols %u and %h and be used in place of the
  313 	user's username and home directory in the MOTD_USER
  314 	config option.
  315 	Thanks to Eric Woltermann for submitting this patch.
  316 	- Bftpd now prompts for a password, even on anonymous
  317 	accounts to help increase compatiblity with some
  318 	web browsers.
  319 
  320 
  321 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.1.1
  322 	- Fixed directory creation so that the proper
  323 	umask is used. thanks to Thiemo for pointing
  324 	out this problem.
  325 	- Fixed buffer under-size error in options.c
  326 	Thanks to Athan for reporting this bug.
  327 
  328 
  329 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.1
  330 	- By default, the SITE command is now disabled
  331 	in the bftpd.conf file. This is to prevent
  332 	security holes and DoS attacks via "site md5 <filename>"
  333 
  334 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.0.3
  335 	- Added md5 support for amd64 machines.
  336 	- If no arch is defined for md5, assume little endian.
  337 
  338 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.0.2
  339 	- Transfer buffer size now defaults to staying the
  340 	same (max) size for all transfers. To get a variable
  341 	buffer size, change the config option CHANGE_BUFSIZE
  342 	to "yes".
  343 	- Added config file option SHOW_HIDDEN_FILES. When this
  344 	option is set to "yes", bftpd shows hidden files in directory
  345 	listings. By default this is set to "no".
  346 
  347 
  348 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.0.1
  349 	- Avoid possible segfault in replace() function
  350 	in mystring.c
  351 	- Avoid memory error in main.c using strdup()
  352 	- Avoid segfault in options.c the create_options()
  353 	- Added ability to use the SITE command to provide md5
  354 	checksums of files. (usage: site md5 filename)
  355 
  356 	Very many thanks to Ulrich Drepper and Gray Watson for
  357 	the md5 library!
  358 
  359 	- Changed ratio calculations to use double type to
  360 	allow for larger files and data transfers.
  361 	- Added HELP option to the SITE command.
  362 	(usage: site help)
  363 	- Added config file variable CHANGE_BUFSIZE. This
  364           determines whether the transfer buffer changes size.
  365           It defaults to "yes".
  366 	- Removed extra fileno() calles in file receives.
  367 
  368 
  369 
  370 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.0
  371 	- Avoid memory error in options.c
  372 
  373 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.9.3
  374 	- Avoid segfaults in options.c and cwd.c
  375 	- Added memory checks in options.c
  376 
  377 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.9.2
  378 	- Avoid segfaults in options.c and dirlist.c
  379 
  380 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.9.1
  381 	- Avoid segfaults in options.c and main.c
  382 	
  383 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.9
  384 	- Added limits.h entry to main.c and options.c
  385 	for compatibility with FreeBSD.
  386 	(All problems with bftpd on FreeBSD were found and 
  387 	corrected by Beech of the FreeBSD team.)
  388 
  389 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.8.4
  390 	- When printing file sizes for files larger than 4GB
  391 	the file size is now displayed correctly.
  392 	- When a FTP client drops a connection without sending
  393 	an ABORT (ABOR) signal, Bftpd will detect the dropped
  394 	connection and log it. This prevents stale connections
  395 	preventing new users from connecting.
  396 	(Bug found and fixed by: Thorsten)
  397 	- Added limits.h and signal.h to list of headers used
  398 	in commands.c, for compatibility with BSD.
  399 	- Changed sighandler_t in "run_script()" to sig_t
  400 	for compatibility between Linux and BSD.
  401 	- Added OpenPAM patch from FreeBSD (login.c)
  402 	- Added limits.h include to login.c file for
  403 	compatibility with BSD.
  404 
  405 
  406 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.8.3
  407 	- If Bftpd is unable to create bftpdutmp file, an error
  408 	should now be written to the log file.
  409 	- Directory output corrected for when large files (> 2GB)
  410 	are listed.
  411 	- Documentation for xinetd config updated.
  412 
  413 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.8.2
  414 	- Changed bftpd's direcotry name to plain "bftpd"
  415 	rather than "bftpd-version". This will, hopefully, make
  416 	it easier to run scripts which build/run bftpd.
  417 
  418 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.8.1
  419 	- Avoid segfault in getoption() (options.c)
  420 	  Credit to Mats Erik Andersson for finding this bug.
  421 	- Fixed potential memory leaks in commands.c
  422 
  423 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.7.2
  424 	- Fixed serious bug which would cause bftpd to crash
  425 	while sending a file. Double-free error.
  426 	(Credit to Davide Pozza for reporting these bugs below.)
  427 	- Prevent buffer over-flow in parsecmd() when
  428 	forming confstr variable.
  429 	- Check return values of strtoul() to make sure they
  430 	do not over-flow an int.
  431 
  432 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.7.1
  433 	(Credit to Davide Pozza for reporting these bugs.)
  434 	- Avoid memory over-flow in bftpd_login (login.c)
  435 	with the str[] variable. Made size 512 + 1.
  436 	- Avoid buffer over-flow in str[] variable in
  437 	main().
  438 	- Prevent buffer over-flow in check_file_password()
  439 	when performing fscanf().
  440 	- In check_file_password() made calloc() allocate
  441 	larger buffer to prevent over-flow.
  442 	- Performed range checking on the number of users on
  443 	the system to make sure they don't over-flow a 32-bit int.
  444 	- Make sure malloc calls in commands.c do not allocate
  445 	too much or too little memory.
  446 
  447 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.6
  448 	- Perform memory allocation check in bftpd_cwd_mappath()
  449 	- Changed a strcmp() to strcasecmp() in command_retr function.
  450 	- Performed free(mapped) at end of command_retr.
  451 	- Performed memory checks and clean-up in various functions.
  452 
  453 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.5
  454 	- The when using the FILE_AUTH option, the text
  455 	password file can contain anonymous users. That is,
  456 	users who do not require passwords. THIS IS DANGEROUS
  457 	ON MOST SYSTEMS. A entry with the password field set to
  458 	a * (star) does not require a password. See the
  459 	config file option FILE_AUTH for more information.
  460 
  461 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.4
  462 	- Allow ANONYMOUS_USER config file option to be used with
  463 	the FILE_AUTH option. This basically allows anyone
  464 	to login to the system without a password if both
  465 	options are used!
  466 	- When a chroot fails during login the server will
  467 	no longer tell the client which directory it was trying
  468 	to chroot to.
  469 	- When the config.h file contains a definition for
  470 	NO_GETPWNAM then the getpwnam() function is not used.
  471 	Also, this forces the use of the FILE_AUTH option. If
  472 	NO_GETPWNAM is defined and FILE_AUTH is not used, all
  473 	connections are dropped.
  474 
  475 
  476 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.3
  477 	- Introduced option to over-ride the local/LAN
  478 	IP address assigned to the host computer. This
  479 	option takes a 4-number IP address in the format
  480 	of "127.0.3.101". See OVERRIDE_IP in bftpd.conf for
  481 	more information.
  482 	- Removed description-pak file from source tree.
  483 	- The options PRE_WRITE_SCRIPT and POST_WRITE_SCRIPT
  484 	have been added to the bftpd.conf file. These options
  485 	let you run scripts before and after any command writes
  486 	to the file system. Handy if you want to re-mount.
  487 	Please see the bftpd.conf file for details.
  488 
  489 
  490 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.2
  491 	- When using FILE_AUTH to login, check
  492 	DO_CHROOT option before performing
  493 	a chroot().
  494 
  495 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.1
  496 	- Removed code which uses sendfile().
  497 	The sendfile code appears to cause a
  498 	conflict on some systems when used
  499 	with 64-bit file size variables.
  500 
  501 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6
  502 	- Released bftpd without code changes, but
  503 	with updated Polish documentation.
  504 
  505 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.5
  506 	- Added Polish documentation to website.
  507 
  508 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.4.1
  509 	- Added ability to use a plain text file
  510 	  for authentication. See config file option
  511 	  FILE_AUTH for details.
  512 
  513 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.4
  514 	- Fixed default configuration.
  515 	- Fixed compile warnings for vanilla config.
  516 
  517 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.3.2
  518 	- Fixed Makefile to erase config.cache file during
  519 	  "make clean"
  520 	- Added ability to uncompress files on the fly
  521 	  during downloads. Any file with the extension
  522 	  ".gz" can be decompressed during transfer to
  523 	  the client with the use of the GZ_DOWNLOAD
  524 	  in the config file. This option requires bftpd
  525 	  be configured (pre-compile time) with the flag
  526 	  --enable-libz.
  527 
  528 
  529 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.3.1
  530 	- Changed ratio values to unsigned long
  531 	  variables to support large files.
  532 	- Editted Makefile to allow bftpd to handle large
  533 	  files (2GB+).
  534 
  535 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.2.2
  536 	- Added ability to upload files and
  537 	  compress them into .gz files on the fly.
  538 	  See bftpd.conf file for the option.
  539 	  This option requires --enable-libz be
  540 	  used when running the configure script.
  541 
  542 	- Cleaned up code to avoid compiler warnings
  543 	  from gcc 4.0.2.
  544 	  Files changed: main.c commands.c
  545 
  546 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.2.1
  547 	- When the config file is re-read, global
  548           are changed only.   
  549           Files changes: options.c options.h
  550 
  551 
  552 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.2
  553 	- Made re-reable options be able to hold larger
  554 	  values. Up to 256 bytes/characters long.
  555 	- Replaced old rpm spec file with one from
  556 	  Joe, which will be used from now on for
  557 	  rpm builds.
  558 
  559 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.1.3
  560 	- When a child/client dies, the
  561 	  parent process will now attempt to
  562 	  remove the client's log entry
  563 	  from the bftpdutmp file. This
  564 	  should prevent stale entries.
  565 	- Changed some default values to
  566           constants in options.h
  567 	- Fixed typo(s) in bftpd.conf
  568 	- Set delete/over-write for global
  569 	  users to be disabled by default
  570           in bftpd.conf.
  571         - Added the XFER_DELAY option to
  572           the bftpd.conf file. This allows
  573           the admin to set a time delay
  574           between data transfer bursts.
  575           This aid in bandwidth throttling.
  576           Please see bftpd.conf for more
  577           details on this feature.
  578 	- Added more re-read options
  579           when catching signal SIGHUP.
  580           The re-readable options are now:
  581           HELLO_STRING, QUIT_MSG, XFERBUFSIZE,
  582           DATA_TIMEOUT, CONTROL_TIMEOUT,
  583           USERLIMIT_GLOBAL, USERLIMIT_SINGLEUSER,
  584           USERLIMIT_HOST, DENY_LOGIN and XFER_DELAY.
  585 
  586 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.1.2
  587 	- Program now catches signal SIGHUP.
  588 	- When bftpd catches the SIGHUP (hang up)
  589           it re-reads the config file. It looks
  590           for some config values, but not all.
  591           At this time, the values which are
  592           re-read are:
  593           HELLO_STRING, QUIT_MSG and XFERBUFSIZE
  594 
  595 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.1.1
  596 	- Added rpm spec file to redhat directory.
  597 	- Changed numberic string length (512) to a defined
  598           string length (MAXCMD). Makes code more
  599           compatible with main.c and uses less stack
  600           memory. File changed: commands.c
  601 	- When receiving files, the transfer buffer
  602           (XFER_BUFSIZE) is divided by the number of 
  603           connected clients. This should prevent bandwidth
  604           being sucked back by multiple connections.
  605 	- Minor fixes, checking for malloc errors,
  606           freeing memory and closing sockets.
  607           File changed: commands.c
  608         - When sending files, the transfer buffer
  609           (XFER_BUFSIZE) is divided by the number
  610           of connected clients. This should prevent
  611           bandwidth being taken over by multiple connections.
  612 	- Changed Makefile so bftpd.8 gets installed as
  613 	  a manual page in the proper location.
  614           Also updated rpm spec file to include man page.
  615 
  616 
  617 Jesse Smith <slicer69@hotmail.com> -> 1.1.0
  618 	- Changed some bftpdutmp_log(0) lines to
  619 	calls to bftpdutmp_end(). This should be safer.	
  620 	- Made sure that clients cannot write or append
  621 	to files if the "delete" command is disabled. I
  622 	think if they cannot delete the file they shouldn't
  623 	be allowed to truncate it to zero bytes either.
  624 	- Added reason for login failure to log file.
  625 	- Removed logging of getting user count from
  626 	temp file. Just seems to be taking up space.
  627 
  628 Jesse Smith <slicer69@hotmail.com> -> 1.0.24-2
  629 	- Added ability to block multiple connections from the
  630 	  same IP address. This will keep download managers and
  631 	  Internet Explorer from taking up multiple connections.
  632           See the new option USERLIMIT_HOST in bftpd.conf.
  633 	- Made sure that bftpd logs out stale control connections
  634 	  via added calls to bftpdutmp_log(0).
  635 	- Added alarm() calls before trying to read from
  636 	  the control socket. We shouldn't assume we are going to
  637 	  get anything.
  638 
  639 Jesse Smith <slicer69@hotmail.com> -> 1.0.24-1
  640 	- Fixed bug with NLIST command. The bftpd server should not be
  641 	  sending leading path in front of filename when using NLIST.
  642 	  File(s) affected: dirlist.c
  643 	- Added the MGET command. Allows client to receive multiple files
  644 	  with one command.
  645 	  File(s) affected: commands.c
  646 	- Added the MPUT command. Allows client to send multiple files
  647 	  to the server with one command.
  648 	  File(s) affected: commands.c
  649 
  650 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.24
  651 	- The PATH_BFTPDUTMP configuration option was added (idea by Szabo Peter
  652 	  <pts@math.bme.hu>).
  653 	- Whenever a data connection is established, the reply message now
  654 	  contains the transfer mode (idea by Szabo Peter).
  655 	- The -D, -h and -n command line options have been added (idea by Szabo
  656 	  Peter). Some code was changed to support operation without a configuration
  657 	  file.
  658 	- ATTENTION! The option LOGFILE has changed. See sample config file.
  659 	- In daemon mode, bftpd closes its sockets correctly now (important if you
  660 	  have a lot of connections), problem discovered by Olivier Kaloudoff.
  661 	- Fixed a bug that prevented Mozilla from getting directory lists (found
  662 	  by Marc Pauls).
  663 	- Daniel Mack fixed a memory leak in his code.
  664 	- The configuration parser handles comments better now.
  665 	- The USERLIMIT_GLOBAL configuration option has been added.
  666 	- The USERLIMIT_SINGLEUSER configuration option has been added.
  667 	- Some memory leaks discovered by David Heine <dlheine@suif.stanford.edu>
  668 	  were fixed.
  669 
  670 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.23
  671     - A serious file corruption bug using sendfile was fixed.
  672     - A makefile bug was fixed.
  673     - The AUTO_CHDIR and HIDE_GROUP configuration options were added.
  674     - A bug in the RNFR and RNTO functions has been fixed.
  675     - A bug occuring when compiling on StrongARM has been fixed.
  676     - The config file has been made more tolerant to missing spaces (error
  677       reported by Saus101 <Saus101@prime.gushi.org>).
  678     - A bug in the HELP function was fixed.
  679     - Two BSD incompatibilities have been fixed.
  680     - A STAT bug was fixed.
  681 	- bftpd now follows symlinks.
  682 	- A bug in the daemonmode code was fixed.
  683 
  684 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.22
  685     - The ALLOW_FXP configuration option has been added.
  686     - The DATA_TIMEOUT configuration option has been added.
  687     - The PASSIVE_PORTS configuration option has been added.
  688     - A control timeout bug has been fixed.
  689     - Configuration options are now written like name="value", allowing
  690       comments after the option. Directories are written like
  691       directory "/foo/bar" {. Please update your config files!
  692     - bftpdutmp logging has been implemented as well as some administration
  693       functions using it. Read the updated documentation for details on how
  694       to use them.
  695     - You needn't link gzip statically to bftpd any more if you want on-the-fly
  696       compression, but you can dynamically link against zlib instead now.
  697       The pax sources are still needed for tar on-the-fly.
  698     - A directory listing bug reported by Hendrik Harms
  699       <hendrik.harms@bigfoot.de> has been fixed.
  700 
  701 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.21
  702     - The XFER_BUFSIZE configuration option has been added, allowing tweaking
  703       of data throughput. If you and your clients are on a very fast network
  704       (fast meaning 100 Mbit/s or more), you should set this to 64000 or
  705       something like that.
  706     - The APPE command has been implemented.
  707     - The ALLO command has been implemented as an alias to NOOP.
  708     - The INITAL_CHROOT configuration option has been added. See the new
  709       example config file for details.
  710     - The ability to disable logging has been added :)
  711     - A bug making file transmissions impossible with old config files has
  712       been fixed.
  713     - A bug concerning file truncating when STORing has been fixed.
  714 
  715 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.20
  716     - The FEAT function has been implemented.
  717     - A permission bug in the STOR function has been fixed.
  718     - The UMASK configuration option can now be used directory-specifically.
  719     - The EPSV and EPRT functions have been implemented, making IPv6 support
  720       possible somewhere in the future.
  721 
  722 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.19
  723     - The NLST function has been made usable again. There has been an
  724       unnoticed bug in it since the globbing function has been implemented.
  725     - The XCWD, XCUP, XMKD, XRMD and XPWD functions have been implemented
  726       as aliases to CWD, CDUP, MKD, RMD and PWD.
  727     - The documentation is now in the SGML format, making it more extensible,
  728       hopefully.
  729     - The DATAPORT20 configuration option has been added. If set to yes,
  730       the server will open data connections from port 20, which should make
  731       firewall users happier.
  732 
  733 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.18
  734     - The configuration file has been restructured. See README for details.
  735     - The PORT configuration option has been added, allowing you to change
  736       the port number the daemon should listen on (only for daemon mode).
  737     - A workaround for the /*/../* vulnerability mentioned on Bugtraq has
  738       been added, although it's not the right thing to do, really.
  739     - Compatibility to Solaris 8 has been improved. Josh Woodcock
  740       <josh@hamparts.com> and Michael Smirnov <smb@mh.vstu.edu.ru> gave
  741       some hints.
  742     - The CONTROL_TIMEOUT configuration option has been added. You can now
  743       say after how many seconds of idle time users should be kicked.
  744     - Hashes (#) in /etc/passwd and /etc/group are now supported as comments.
  745       This improves FreeBSD compatibility, I'm not sure about other systems.
  746 
  747 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.17
  748 	- A globbing bug was fixed, making Midnight Commander able to connect
  749 	  to bftpd.
  750     - A bug which appeared when doing LIST if a group line in /etc/group
  751       had more than 256 characters was fixed.
  752     - /etc/shells and /etc/ftpusers authentication were implemented by
  753       Christophe Bailleux.
  754     - You can now indent your configuration options with tabulators.
  755     - A small problem with the ip_conntrack_ftp kernel module has been fixed,
  756       which was the fault of ip_conntrack_ftp. It was found by Erik Hensema
  757       <erik@hensema.xs4all.nl>.
  758     - ASCII transfer mode has been implemented.
  759     - You can now prevent a user from executing specific commands by using
  760       the ALLOWCOMMAND_XXXX=no option.
  761 
  762 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.16
  763 	- .tar and .gz on-the-fly support has been implemented. Look in the
  764 	  README file if you want to do that.
  765 	- Supplementary group IDs are now initialized correctly.
  766 	- PORT commands now check if the supplied IP address really belongs
  767 	  to the client, so that an attacker can't make the server connect
  768 	  to a machine in its LAN.
  769 	- A bug making the wtmp logging system unusable under BSD systems was
  770 	  fixed.
  771 	- A bug making the server crash when logging in a non-existent user
  772 	  with ANONYMOUS_USER enabled was fixed.
  773 	- A patch supplied by Christophe Bailleux was applied, changing the
  774 	  following:
  775 	    - Spaces after a command in each command string are removed.
  776 	    - The HELP command was implemented.
  777 	    - CWD to ~ now works.
  778 	  
  779 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.15
  780 	- You can override the default path to the config file with the command
  781 	  line parameter '-c'.
  782 	- wtmp logging was implemented, so that bftpd logins show up in
  783 	  commands like 'last'.
  784 	- You can have bftpd bind to only one interface, for example, if you
  785 	  want to run an FTP proxy server on the same port on another network
  786 	  interface.
  787 	- The LIST and NLST commands now support globbing.
  788 	- A security problem in the syslog code was fixed.
  789 
  790 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.14
  791 	- A lot of bugs found by Christophe Bailleux <cb@grolier.fr> have been
  792 	  fixed, as always.
  793 	- bftpd can now cope with special characters, such as umlauts.
  794 	- SITE commands are now disabled by default.
  795 	- A bug preventing resolution of GIDs on some systems has been fixed.
  796 	- Debian packages are now built for every new version.
  797 	- You can now specify if any password should fit for a particular user,
  798 	  so that you don't have to set a user's password to nothing
  799 	  (security).
  800 	- You can now turn off chroot() for particular users.
  801 
  802 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.13
  803 	- David L. Nicol <david@kasey.umkc.edu> tested bftpd on Tru64.
  804 	  He also improved the character filtering routine.
  805 	- Some RFC incompliance was fixed, improving compatibility with
  806 	  FTPExplorer and LeechFTP.
  807 	- The SIZE command was implemented.
  808 	- A bug making the server segfault when being killed was fixed.
  809 	- A buffer overflow bug found by asynchro <asynchro@pkcrew.org>,
  810       Jonathan Heusser <jonathanheusser@gyml.unibas.ch> and Christophe
  811 	  Bailleux <cb@grolier.fr> was fixed.
  812 	- The SITE CHMOD and SITE CHOWN commands were implemented. You can turn
  813 	  them off in the config file.
  814 	- A lot of useful changes proposed by Heiko Rother <rother@cmsnet.de>
  815           were made:
  816 		- Standalone mode, independent from inetd
  817     	- Better support for symbolic links
  818 		- Display of user/group name instead of UID/GID
  819 		- Ability to set the umask
  820 		- Ability to log into syslog
  821 
  822 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.12
  823 	- SmartFTP support was improved (parameters to LIST beginning with -
  824 	  are discarded).
  825 	- A buffer overflow bug found by Christophe Bailleux <cb@grolier.fr>
  826 	  was fixed.
  827 
  828 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.11
  829 	- PAM support was implemented. Specify --enable-pam while starting
  830           configure to use it.
  831 	- You can now specify users who should be unable to log in.
  832 
  833 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.10
  834 	- Applied a big patch from Daniel Mack that makes some things better,
  835       for example virtual host support, a FreeBSD correction for the
  836       directory listings, etc.
  837     - The MDTM command was implemented.
  838 
  839 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.9
  840 	- Fixed another bug preventing successful running on Solaris.
  841 	- Implemented "message of the day".
  842 	- Fixed an evil bug in string substitution.
  843 	- Fixed a bug causing the server to crash when listing an empty
  844 	  directory.
  845 	- The NLST command was implemented.
  846 
  847 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.8
  848 	- Fixed a bug that caused StarOffice not to work.
  849 	- Removed the use of a non-Posix function that prevented compiling
  850 	  on Solaris.
  851 	- Implemented an option to let root have / as his home directory
  852       independent of his real one.
  853 
  854 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.7
  855 	- The PASV command was implemented.
  856 
  857 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.6
  858 	- bftpd also compiles on FreeBSD and Solaris.
  859 	- Aliases for users can be set.
  860 	- Error messages are now printed correctly.
  861 	- "In bftpd.conf you can define if you want bftpd to use /etc/shadow"
  862 	  was removed again because it was stupid.
  863 	- Ratio was added.
  864 
  865 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.5
  866 	- ls-independant directory listing was implemented. You don't need
  867 	  special directories or files in your home directory any longer.
  868 	- Compiling works with configure for portability reasons now.
  869 	- bftpd also compiles on BSD/OS and DG-UX.
  870 	- The name of the log file can now be set in bftpd.conf.
  871 	- The RMD command was implemented.
  872 	- Internet Explorer and Netscape compatability was improved.
  873 	- The REST command was implemented.
  874 	- The ABOR command was implemented (but with very stupid code!).
  875 	- In bftpd.conf you can define if you want bftpd to use /etc/shadow.
  876 
  877 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.4
  878 	- Logging was implemented.
  879 	- A wrong error number for 'Permission denied' was fixed.
  880 
  881 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.3
  882 	- A config file and two options have been implemented: You can
  883 	  disable the server and you can disable .ftp.
  884 
  885 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.2
  886 	- It is now checked if .ftp is a symbolic link so that users don't
  887 	  link .ftp to /.