"Fossies" - the Fresh Open Source Software Archive 
Member "bftpd/CHANGELOG" (13 Nov 2023, 37839 Bytes) of package /linux/privat/bftpd-6.2.tar.gz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the latest
Fossies "Diffs" side-by-side code changes report for "CHANGELOG":
6.1_vs_6.2.
1 This file contains all major changes made during the development of bftpd.
2 The uppermost change is the newest one.
3
4
5 Jesse Smith <jessefrgsmith@yahoo.ca> -> 6.2
6 - When Bftpd is run with the -n flag (no configuration file)
7 default ratio settings prevented files from downloading.
8 Samuel Hsu has patched Bftpd to assume no ratio ("") is
9 treated the same as "none" or no restrictions.
10 This was fixed prior (in 5.6) and reverted. Re-adding it.
11
12 Jesse Smith <jessefrgsmith@yahoo.ca> -> 6.1
13 - Fixed linking errors on latest complilers GCC/Clang by
14 addressing variable scope.
15 - Make sure we do not rely on argv or argv[0] being valid.
16 Bftpd now exits with an error if arguements are not passed as expected.
17
18 Jesse Smith <jessefrgsmith@yahoo.ca> -> 6.0
19 - Make extended passive mode respect the PASSIVE_PORTS variable
20 in the bftpd configuration file. Previously random ports
21 would be assigned.
22 - Minor code clean-up in mystrings library to avoid calculating
23 string length multiple times.
24
25 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.9
26 - Fixed output of directory listing so that file size is right-justified
27 which makes output look cleaner.
28 Fix suggested by uomo ukko.
29 - Addressed some compiler warnings. Make sure we bail out
30 of situations even if they should never realisticaly return
31 an error.
32
33 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.8
34 - Many spelling errors in source code and documentation found and
35 fixed by Jens of Fossies (fossies.org). Applied spelling corrections.
36 - Removed mark-up and special characters from COPYING, README, and INSTALL
37 files.
38 - Fixed file size reporting on 32-bit ARM architecture when files are
39 large (greater than 2GB).
40 Problem and fix reported by uomo ukko.
41
42 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.7
43 - A malicious client could cause a buffer overflow with
44 a lot of EPSV commands sent in a row. We now close
45 the pasv socket before each new use to avoid accumulating
46 more than 1023.
47 Thanks to Shisong Qin for reporting this issue and suggesting
48 a fix.
49
50 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.6
51 - Fixed file transfer ratios so that an empty
52 ratio, such as one set by running Bftpd without
53 a configuration file, results in there being no
54 ratio.
55 - Fixed potential string overflow issue in
56 mystring.c code. Avoids situations where an
57 unusually large string might be able to overwrite
58 a buffer.
59
60
61 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.5
62 - Fixed a file descriptor leak would could cause the Bftpd
63 server to run out of available files it can open when storing/uploading
64 files.
65 Eric Debief provided a patch to correct the issue.
66
67 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.4
68 - Fixed potential one-by-one heap issue when
69 reading during transferring files.
70 Issue reported by Antonio Morales.
71
72
73 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.3
74 - Made the situation where FILE_AUTH more clear, advised
75 against it. Added warning about making sure password
76 file is not readable by another other than the admin.
77 - Updated Makefile.in to use more fine-grained dependency
78 checks. Should speed up compiling when just one
79 source file has been altered.
80 New Makefile.in provided by Vemake.
81 - Fixed out of bounds memory read when fetching options.
82 Issue reported by and solution provided by Antonio Morales.
83
84
85 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.2
86 - Make sure we do not send extra newline when DENY message
87 is sent to the client.
88 - Fixed some build dependencies in the Makefile so fresh
89 build is triggered by updating config.h.
90 Change provided by Vemake.
91
92 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.1
93 - Fixed duplicate error message when user tries to
94 sign in with invalid username.
95 - Make sure user can change username before
96 successfully authenticating.
97 - Fix error message when "type" command is not
98 given a parameter.
99 - Make sure we do not return multiple error
100 codes when an account is disabled.
101 - Do not drop connection to client when
102 selected account is disabled.
103 - Make sure when accounts are disabled/denied, they print the
104 proper reason (set in the config file) back to the client.
105
106 Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.0
107 - Added more checks to places where we are mapping a file
108 or checking for symbolic links. Should avoid trying to
109 operating on invalid path names or broken symlinks.
110 Issue reported by Xu.
111
112 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.9
113 - Several checks added to chdir() and other
114 return codes to make sure syscalls are all returning
115 properly. Patch provided by Zhouyang Jia.
116 - Fixed some compiler warnings due to unused or
117 oddly indented code.
118
119 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.8
120 - Fixed potential double-free bug during Bftpd shutdown.
121 - Fixed potential unititalized variable.
122 Thanks to Alex for reporting these bugs.
123
124 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.7
125 - Fixed memory leak in rename function.
126 Thanks to Alex for reporting this bug.
127
128 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.6
129 - Avoid memory corruption when reading config file by initializing memory.
130 - Make sure CHROOT is default option, even if it is not specified
131 in the config file.
132 Thanks for Anton Yuzhaninov for providing the above two fixes.
133
134 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.5
135 - Avoid potential buffer underflow in main.c
136 Thanks to Andreas for pointing out this problem.
137
138 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.4
139 - Fixed potential buffer overflow when
140 expanding symbolic link file names.
141
142 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.3
143 - Clarified license (COPYING file)
144 - Fixed compiler warning with regards to
145 pointer-to-integer cast.
146
147 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.2
148 - Improved user checking code to avoid locking out
149 valid users from the system.
150 (Thanks to Lauri Kasanen for reporting this bug
151 and supplying a patch.)
152
153 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.1
154 - Added checks to crypt() calls to prevent
155 operating on NULL pointer.
156 (Thanks to Lauri Kasanen for reporting this bug.)
157
158 Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.0
159 - Added patch from Thomas Cort to make Bftpd
160 compile on NetBSD.
161
162 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.9
163 - Adjusted Makefile to allow for easy access to
164 non-default compiler options. Alternative compiler
165 can be used by running "make CC=compilername".
166 - Zhenbo Xu reported several potential memory
167 bugs which could cause Bftpd if the operating
168 system is out of memory. Also reported a memory
169 leak. Checks are now in place to prevent crashes
170 and the memory leak has been plugged.
171 - Added MINIX-specific configuration file which
172 should allow Bftpd to run smoothly and without
173 additional configuration on MINIX.
174 - Merged MINIX porting code into mainline Bftpd
175 so we can work with one, unified code base.
176
177 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.8
178 - Fixed bug in user tracking which could result
179 in corrupted times on 64-bit systems.
180 - When Bftpd is compiled with a "prefix" (which
181 is the default behaviour) the Bftpd will
182 check both /etc/bftpd.conf AND PREFIX/etc/bftpd.conf
183 when trying to find its configuration file.
184 This should avoid requiring the admin to pass
185 the location of the config file on the command line.
186
187
188 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.7
189 - Removed CVS directory from doc folder.
190 - Options in the config file may now have
191 following #comments.
192 Reading the config file should happen a
193 little faster too.
194 Thanks to Zhang for reporting this issue.
195 - Fixed typo in re-reading config file.
196 Thanks to Zhang for reporting this issue.
197 - When installing Bftpd the make file now
198 respects the configure --prefix=/path/to/install
199 flag.
200 Thanks to Martin for reporting this bug.
201 - Config file parser now handled multiple
202 unexpected spaces.
203 Thanks to Chang for reporting this issue.
204
205
206 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.6
207 - Expanded home directory maximum length to 64 characters.
208 - Directory listing no longer hangs if the directory
209 contains a named pipe.
210
211
212 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.5
213 - Added explicit setting of sin_family to AF_INET to
214 avoid ambiguity and possible bind errors.
215 (Patch provided by Tony.)
216
217 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.4
218 - Added configuration file option TIMEZONE_FIX. By
219 default Bftpd tries to guess the time zone, working
220 around the C library. When running on a system where
221 the C library can correctly guess the time zone in
222 a chroot environment, set TIMEZONE_FIX="no" in the
223 bftpd.conf file.
224 - Added -v command line option which will cause
225 Bftpd to display the current version and exit.
226
227
228 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.3
229 - Time stamps in the log file were not correct
230 after chrooting. Added time zone code to make
231 sure we can calculate the correct time without
232 access to system time zone info.
233 (Thanks to Paul for reporting this bug.)
234
235
236 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.2
237 - Added new value for SHOW_HIDDEN_FILES option in the
238 config file. The option can now be set to "yes",
239 "no" or "always". This allows admins to determine whether
240 clients can see hidden files if it is requested, never
241 or all the time, respectively. Please see the config file
242 comments for details.
243 - Made sure HIDE_GROUP variable will cause files belonging
244 to a given group to not be shown to the client.
245
246
247 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.1
248 - Make sure default config disables anonymous login
249 by default.
250
251
252 Jesse Smith <jessefrgsmith@yahoo.ca> -> 3.0
253 - Updated documentation to fix links. Thanks to Xiang for
254 pointing out the error.
255 - Added Slovak documentation, provided by Dusan.
256
257
258 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.9
259 - Bftpd will attempt to create it's utmp directory
260 if that directory does not exist. Fixes issue on
261 Ubuntu where the directory is wiped out at each
262 reboot.
263 - The ROOTDIR option now works properly for
264 anonymous users.
265 Thanks to Paul for reporting this bug.
266
267
268 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.8
269 - Added patch which will allow client to see hidden
270 files if the "-a" parameter is used in list commands.
271 Hidden files are only shown if SHOW_HIDDEN_FILES
272 is enabled in the config file.
273 Patch provided by Raster.
274 - Swapped out glob function for custom directory
275 search matching. Allows clients to see broken
276 symbolic links if "SHOW_NONREADABLE_FILES" is set
277 to "yes".
278 Patch supplied by Raster.
279 - Added patch to clean up zombies if several children
280 processes all die at the same time. We were cleaning up
281 just one child per signal before.
282 Patch supplied by Raster.
283 - Fixed typo in log error message.
284 - Made sure we can read user config file options
285 even with unusual compile flags.
286 - Fixed anonymous login.
287 - Anonymous login disabled by default in the config file.
288
289
290
291 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.7
292 - Added patch from Raster which returns more speicifc error
293 messages to the client when a file or directory cannot be
294 removed. This should avoid confusing some clients when the
295 user attempts to remove a directory.
296 - Added checks for increased security/stability and to remove
297 compiler warnings.
298
299
300 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.6
301 - Removed some debugging information from the log file.
302 - Made certain that bandwidth log will not over-write itself
303 when multiple users are logged in.
304 - Bandwidth log file is flushed to avoid loss of data.
305 - Bftpd will write to bandwidth log even if client does
306 not disconnect cleanly.
307
308
309 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.5
310 - Added better UTF support. Clients that check for this
311 will now enable UTF-8. For example, Filezilla.
312 - Made sure remote admin login was disabled. This shouldn't
313 have worked anyway, but disabled the feature to make sure.
314 - Added additional log file which tracks user bandwidth.
315 See the option in the config file called BANDWIDTH.
316 - Updated README file to contain notes on logging.
317
318
319 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.4
320 - Fixed a possible security hole which would allow
321 attackers to perform a DoS attack against bftpd.
322 (Thanks to Dazhi for pointing out this problem.)
323
324
325 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.2.1 (aka 2.3)
326 - Bftpd should not attempt to close stdin, stdout and stderr
327 if they do not exist. Fixed this in main.c.
328 (Patch provided by Ivan A-R.)
329
330
331 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.2
332 - Bftpd does not exit when an incorrect password is given.
333 The server does drop connections in cases where logins are
334 specifically denied, full server or if an error appears in
335 the config file.
336
337 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.1.2
338 - Added option to not show files in a dir list
339 if the file is not readable. Thanks to Eric
340 Woltermann for sending in this patch.
341 By default non-readable files are not listed.
342 See the SHOW_NONREADABLE_FILES config option.
343 - Make the replace() function safer with
344 range checking to avoid buffer over-flow.
345 - Fixed calls to replace() function.
346 - Most string buffers now have a set size of
347 MAX_STRING_LENGTH, rather than some arbitrary size.
348 - Applied patch to allow user specific data to
349 be substituted into the user MOTD file path.
350 The symbols %u and %h and be used in place of the
351 user's username and home directory in the MOTD_USER
352 config option.
353 Thanks to Eric Woltermann for submitting this patch.
354 - Bftpd now prompts for a password, even on anonymous
355 accounts to help increase compatibility with some
356 web browsers.
357
358
359 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.1.1
360 - Fixed directory creation so that the proper
361 umask is used. thanks to Thiemo for pointing
362 out this problem.
363 - Fixed buffer under-size error in options.c
364 Thanks to Athan for reporting this bug.
365
366
367 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.1
368 - By default, the SITE command is now disabled
369 in the bftpd.conf file. This is to prevent
370 security holes and DoS attacks via "site md5 <filename>"
371
372 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.0.3
373 - Added md5 support for amd64 machines.
374 - If no arch is defined for md5, assume little endian.
375
376 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.0.2
377 - Transfer buffer size now defaults to staying the
378 same (max) size for all transfers. To get a variable
379 buffer size, change the config option CHANGE_BUFSIZE
380 to "yes".
381 - Added config file option SHOW_HIDDEN_FILES. When this
382 option is set to "yes", bftpd shows hidden files in directory
383 listings. By default this is set to "no".
384
385
386 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.0.1
387 - Avoid possible segfault in replace() function
388 in mystring.c
389 - Avoid memory error in main.c using strdup()
390 - Avoid segfault in options.c the create_options()
391 - Added ability to use the SITE command to provide md5
392 checksums of files. (usage: site md5 filename)
393
394 Very many thanks to Ulrich Drepper and Gray Watson for
395 the md5 library!
396
397 - Changed ratio calculations to use double type to
398 allow for larger files and data transfers.
399 - Added HELP option to the SITE command.
400 (usage: site help)
401 - Added config file variable CHANGE_BUFSIZE. This
402 determines whether the transfer buffer changes size.
403 It defaults to "yes".
404 - Removed extra fileno() calls in file receives.
405
406
407
408 Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.0
409 - Avoid memory error in options.c
410
411 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.9.3
412 - Avoid segfaults in options.c and cwd.c
413 - Added memory checks in options.c
414
415 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.9.2
416 - Avoid segfaults in options.c and dirlist.c
417
418 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.9.1
419 - Avoid segfaults in options.c and main.c
420
421 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.9
422 - Added limits.h entry to main.c and options.c
423 for compatibility with FreeBSD.
424 (All problems with bftpd on FreeBSD were found and
425 corrected by Beech of the FreeBSD team.)
426
427 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.8.4
428 - When printing file sizes for files larger than 4GB
429 the file size is now displayed correctly.
430 - When a FTP client drops a connection without sending
431 an ABORT (ABOR) signal, Bftpd will detect the dropped
432 connection and log it. This prevents stale connections
433 preventing new users from connecting.
434 (Bug found and fixed by: Thorsten)
435 - Added limits.h and signal.h to list of headers used
436 in commands.c, for compatibility with BSD.
437 - Changed sighandler_t in "run_script()" to sig_t
438 for compatibility between Linux and BSD.
439 - Added OpenPAM patch from FreeBSD (login.c)
440 - Added limits.h include to login.c file for
441 compatibility with BSD.
442
443
444 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.8.3
445 - If Bftpd is unable to create bftpdutmp file, an error
446 should now be written to the log file.
447 - Directory output corrected for when large files (> 2GB)
448 are listed.
449 - Documentation for xinetd config updated.
450
451 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.8.2
452 - Changed bftpd's directory name to plain "bftpd"
453 rather than "bftpd-version". This will, hopefully, make
454 it easier to run scripts which build/run bftpd.
455
456 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.8.1
457 - Avoid segfault in getoption() (options.c)
458 Credit to Mats Erik Andersson for finding this bug.
459 - Fixed potential memory leaks in commands.c
460
461 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.7.2
462 - Fixed serious bug which would cause bftpd to crash
463 while sending a file. Double-free error.
464 (Credit to Davide Pozza for reporting these bugs below.)
465 - Prevent buffer over-flow in parsecmd() when
466 forming confstr variable.
467 - Check return values of strtoul() to make sure they
468 do not over-flow an int.
469
470 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.7.1
471 (Credit to Davide Pozza for reporting these bugs.)
472 - Avoid memory over-flow in bftpd_login (login.c)
473 with the str[] variable. Made size 512 + 1.
474 - Avoid buffer over-flow in str[] variable in
475 main().
476 - Prevent buffer over-flow in check_file_password()
477 when performing fscanf().
478 - In check_file_password() made calloc() allocate
479 larger buffer to prevent over-flow.
480 - Performed range checking on the number of users on
481 the system to make sure they don't over-flow a 32-bit int.
482 - Make sure malloc calls in commands.c do not allocate
483 too much or too little memory.
484
485 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.6
486 - Perform memory allocation check in bftpd_cwd_mappath()
487 - Changed a strcmp() to strcasecmp() in command_retr function.
488 - Performed free(mapped) at end of command_retr.
489 - Performed memory checks and clean-up in various functions.
490
491 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.5
492 - The when using the FILE_AUTH option, the text
493 password file can contain anonymous users. That is,
494 users who do not require passwords. THIS IS DANGEROUS
495 ON MOST SYSTEMS. A entry with the password field set to
496 a * (star) does not require a password. See the
497 config file option FILE_AUTH for more information.
498
499 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.4
500 - Allow ANONYMOUS_USER config file option to be used with
501 the FILE_AUTH option. This basically allows anyone
502 to login to the system without a password if both
503 options are used!
504 - When a chroot fails during login the server will
505 no longer tell the client which directory it was trying
506 to chroot to.
507 - When the config.h file contains a definition for
508 NO_GETPWNAM then the getpwnam() function is not used.
509 Also, this forces the use of the FILE_AUTH option. If
510 NO_GETPWNAM is defined and FILE_AUTH is not used, all
511 connections are dropped.
512
513
514 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.3
515 - Introduced option to over-ride the local/LAN
516 IP address assigned to the host computer. This
517 option takes a 4-number IP address in the format
518 of "127.0.3.101". See OVERRIDE_IP in bftpd.conf for
519 more information.
520 - Removed description-pak file from source tree.
521 - The options PRE_WRITE_SCRIPT and POST_WRITE_SCRIPT
522 have been added to the bftpd.conf file. These options
523 let you run scripts before and after any command writes
524 to the file system. Handy if you want to re-mount.
525 Please see the bftpd.conf file for details.
526
527
528 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.2
529 - When using FILE_AUTH to login, check
530 DO_CHROOT option before performing
531 a chroot().
532
533 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.1
534 - Removed code which uses sendfile().
535 The sendfile code appears to cause a
536 conflict on some systems when used
537 with 64-bit file size variables.
538
539 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6
540 - Released bftpd without code changes, but
541 with updated Polish documentation.
542
543 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.5
544 - Added Polish documentation to website.
545
546 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.4.1
547 - Added ability to use a plain text file
548 for authentication. See config file option
549 FILE_AUTH for details.
550
551 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.4
552 - Fixed default configuration.
553 - Fixed compile warnings for vanilla config.
554
555 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.3.2
556 - Fixed Makefile to erase config.cache file during
557 "make clean"
558 - Added ability to uncompress files on the fly
559 during downloads. Any file with the extension
560 ".gz" can be decompressed during transfer to
561 the client with the use of the GZ_DOWNLOAD
562 in the config file. This option requires bftpd
563 be configured (pre-compile time) with the flag
564 --enable-libz.
565
566
567 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.3.1
568 - Changed ratio values to unsigned long
569 variables to support large files.
570 - Edited Makefile to allow bftpd to handle large
571 files (2GB+).
572
573 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.2.2
574 - Added ability to upload files and
575 compress them into .gz files on the fly.
576 See bftpd.conf file for the option.
577 This option requires --enable-libz be
578 used when running the configure script.
579
580 - Cleaned up code to avoid compiler warnings
581 from gcc 4.0.2.
582 Files changed: main.c commands.c
583
584 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.2.1
585 - When the config file is re-read, global
586 are changed only.
587 Files changes: options.c options.h
588
589
590 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.2
591 - Made re-reable options be able to hold larger
592 values. Up to 256 bytes/characters long.
593 - Replaced old rpm spec file with one from
594 Joe, which will be used from now on for
595 rpm builds.
596
597 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.1.3
598 - When a child/client dies, the
599 parent process will now attempt to
600 remove the client's log entry
601 from the bftpdutmp file. This
602 should prevent stale entries.
603 - Changed some default values to
604 constants in options.h
605 - Fixed typo(s) in bftpd.conf
606 - Set delete/over-write for global
607 users to be disabled by default
608 in bftpd.conf.
609 - Added the XFER_DELAY option to
610 the bftpd.conf file. This allows
611 the admin to set a time delay
612 between data transfer bursts.
613 This aid in bandwidth throttling.
614 Please see bftpd.conf for more
615 details on this feature.
616 - Added more re-read options
617 when catching signal SIGHUP.
618 The re-readable options are now:
619 HELLO_STRING, QUIT_MSG, XFERBUFSIZE,
620 DATA_TIMEOUT, CONTROL_TIMEOUT,
621 USERLIMIT_GLOBAL, USERLIMIT_SINGLEUSER,
622 USERLIMIT_HOST, DENY_LOGIN and XFER_DELAY.
623
624 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.1.2
625 - Program now catches signal SIGHUP.
626 - When bftpd catches the SIGHUP (hang up)
627 it re-reads the config file. It looks
628 for some config values, but not all.
629 At this time, the values which are
630 re-read are:
631 HELLO_STRING, QUIT_MSG and XFERBUFSIZE
632
633 Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.1.1
634 - Added rpm spec file to redhat directory.
635 - Changed numeric string length (512) to a defined
636 string length (MAXCMD). Makes code more
637 compatible with main.c and uses less stack
638 memory. File changed: commands.c
639 - When receiving files, the transfer buffer
640 (XFER_BUFSIZE) is divided by the number of
641 connected clients. This should prevent bandwidth
642 being sucked back by multiple connections.
643 - Minor fixes, checking for malloc errors,
644 freeing memory and closing sockets.
645 File changed: commands.c
646 - When sending files, the transfer buffer
647 (XFER_BUFSIZE) is divided by the number
648 of connected clients. This should prevent
649 bandwidth being taken over by multiple connections.
650 - Changed Makefile so bftpd.8 gets installed as
651 a manual page in the proper location.
652 Also updated rpm spec file to include man page.
653
654
655 Jesse Smith <slicer69@hotmail.com> -> 1.1.0
656 - Changed some bftpdutmp_log(0) lines to
657 calls to bftpdutmp_end(). This should be safer.
658 - Made sure that clients cannot write or append
659 to files if the "delete" command is disabled. I
660 think if they cannot delete the file they shouldn't
661 be allowed to truncate it to zero bytes either.
662 - Added reason for login failure to log file.
663 - Removed logging of getting user count from
664 temp file. Just seems to be taking up space.
665
666 Jesse Smith <slicer69@hotmail.com> -> 1.0.24-2
667 - Added ability to block multiple connections from the
668 same IP address. This will keep download managers and
669 Internet Explorer from taking up multiple connections.
670 See the new option USERLIMIT_HOST in bftpd.conf.
671 - Made sure that bftpd logs out stale control connections
672 via added calls to bftpdutmp_log(0).
673 - Added alarm() calls before trying to read from
674 the control socket. We shouldn't assume we are going to
675 get anything.
676
677 Jesse Smith <slicer69@hotmail.com> -> 1.0.24-1
678 - Fixed bug with NLIST command. The bftpd server should not be
679 sending leading path in front of filename when using NLIST.
680 File(s) affected: dirlist.c
681 - Added the MGET command. Allows client to receive multiple files
682 with one command.
683 File(s) affected: commands.c
684 - Added the MPUT command. Allows client to send multiple files
685 to the server with one command.
686 File(s) affected: commands.c
687
688 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.24
689 - The PATH_BFTPDUTMP configuration option was added (idea by Szabo Peter
690 <pts@math.bme.hu>).
691 - Whenever a data connection is established, the reply message now
692 contains the transfer mode (idea by Szabo Peter).
693 - The -D, -h and -n command line options have been added (idea by Szabo
694 Peter). Some code was changed to support operation without a configuration
695 file.
696 - ATTENTION! The option LOGFILE has changed. See sample config file.
697 - In daemon mode, bftpd closes its sockets correctly now (important if you
698 have a lot of connections), problem discovered by Olivier Kaloudoff.
699 - Fixed a bug that prevented Mozilla from getting directory lists (found
700 by Marc Pauls).
701 - Daniel Mack fixed a memory leak in his code.
702 - The configuration parser handles comments better now.
703 - The USERLIMIT_GLOBAL configuration option has been added.
704 - The USERLIMIT_SINGLEUSER configuration option has been added.
705 - Some memory leaks discovered by David Heine <dlheine@suif.stanford.edu>
706 were fixed.
707
708 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.23
709 - A serious file corruption bug using sendfile was fixed.
710 - A makefile bug was fixed.
711 - The AUTO_CHDIR and HIDE_GROUP configuration options were added.
712 - A bug in the RNFR and RNTO functions has been fixed.
713 - A bug occurring when compiling on StrongARM has been fixed.
714 - The config file has been made more tolerant to missing spaces (error
715 reported by Saus101 <Saus101@prime.gushi.org>).
716 - A bug in the HELP function was fixed.
717 - Two BSD incompatibilities have been fixed.
718 - A STAT bug was fixed.
719 - bftpd now follows symlinks.
720 - A bug in the daemonmode code was fixed.
721
722 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.22
723 - The ALLOW_FXP configuration option has been added.
724 - The DATA_TIMEOUT configuration option has been added.
725 - The PASSIVE_PORTS configuration option has been added.
726 - A control timeout bug has been fixed.
727 - Configuration options are now written like name="value", allowing
728 comments after the option. Directories are written like
729 directory "/foo/bar" {. Please update your config files!
730 - bftpdutmp logging has been implemented as well as some administration
731 functions using it. Read the updated documentation for details on how
732 to use them.
733 - You needn't link gzip statically to bftpd any more if you want on-the-fly
734 compression, but you can dynamically link against zlib instead now.
735 The pax sources are still needed for tar on-the-fly.
736 - A directory listing bug reported by Hendrik Harms
737 <hendrik.harms@bigfoot.de> has been fixed.
738
739 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.21
740 - The XFER_BUFSIZE configuration option has been added, allowing tweaking
741 of data throughput. If you and your clients are on a very fast network
742 (fast meaning 100 Mbit/s or more), you should set this to 64000 or
743 something like that.
744 - The APPE command has been implemented.
745 - The ALLO command has been implemented as an alias to NOOP.
746 - The INITAL_CHROOT configuration option has been added. See the new
747 example config file for details.
748 - The ability to disable logging has been added :)
749 - A bug making file transmissions impossible with old config files has
750 been fixed.
751 - A bug concerning file truncating when STORing has been fixed.
752
753 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.20
754 - The FEAT function has been implemented.
755 - A permission bug in the STOR function has been fixed.
756 - The UMASK configuration option can now be used directory-specifically.
757 - The EPSV and EPRT functions have been implemented, making IPv6 support
758 possible somewhere in the future.
759
760 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.19
761 - The NLST function has been made usable again. There has been an
762 unnoticed bug in it since the globbing function has been implemented.
763 - The XCWD, XCUP, XMKD, XRMD and XPWD functions have been implemented
764 as aliases to CWD, CDUP, MKD, RMD and PWD.
765 - The documentation is now in the SGML format, making it more extensible,
766 hopefully.
767 - The DATAPORT20 configuration option has been added. If set to yes,
768 the server will open data connections from port 20, which should make
769 firewall users happier.
770
771 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.18
772 - The configuration file has been restructured. See README for details.
773 - The PORT configuration option has been added, allowing you to change
774 the port number the daemon should listen on (only for daemon mode).
775 - A workaround for the /*/../* vulnerability mentioned on Bugtraq has
776 been added, although it's not the right thing to do, really.
777 - Compatibility to Solaris 8 has been improved. Josh Woodcock
778 <josh@hamparts.com> and Michael Smirnov <smb@mh.vstu.edu.ru> gave
779 some hints.
780 - The CONTROL_TIMEOUT configuration option has been added. You can now
781 say after how many seconds of idle time users should be kicked.
782 - Hashes (#) in /etc/passwd and /etc/group are now supported as comments.
783 This improves FreeBSD compatibility, I'm not sure about other systems.
784
785 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.17
786 - A globbing bug was fixed, making Midnight Commander able to connect
787 to bftpd.
788 - A bug which appeared when doing LIST if a group line in /etc/group
789 had more than 256 characters was fixed.
790 - /etc/shells and /etc/ftpusers authentication were implemented by
791 Christophe Bailleux.
792 - You can now indent your configuration options with tabulators.
793 - A small problem with the ip_conntrack_ftp kernel module has been fixed,
794 which was the fault of ip_conntrack_ftp. It was found by Erik Hensema
795 <erik@hensema.xs4all.nl>.
796 - ASCII transfer mode has been implemented.
797 - You can now prevent a user from executing specific commands by using
798 the ALLOWCOMMAND_XXXX=no option.
799
800 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.16
801 - .tar and .gz on-the-fly support has been implemented. Look in the
802 README file if you want to do that.
803 - Supplementary group IDs are now initialized correctly.
804 - PORT commands now check if the supplied IP address really belongs
805 to the client, so that an attacker can't make the server connect
806 to a machine in its LAN.
807 - A bug making the wtmp logging system unusable under BSD systems was
808 fixed.
809 - A bug making the server crash when logging in a non-existent user
810 with ANONYMOUS_USER enabled was fixed.
811 - A patch supplied by Christophe Bailleux was applied, changing the
812 following:
813 - Spaces after a command in each command string are removed.
814 - The HELP command was implemented.
815 - CWD to ~ now works.
816
817 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.15
818 - You can override the default path to the config file with the command
819 line parameter '-c'.
820 - wtmp logging was implemented, so that bftpd logins show up in
821 commands like 'last'.
822 - You can have bftpd bind to only one interface, for example, if you
823 want to run an FTP proxy server on the same port on another network
824 interface.
825 - The LIST and NLST commands now support globbing.
826 - A security problem in the syslog code was fixed.
827
828 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.14
829 - A lot of bugs found by Christophe Bailleux <cb@grolier.fr> have been
830 fixed, as always.
831 - bftpd can now cope with special characters, such as umlauts.
832 - SITE commands are now disabled by default.
833 - A bug preventing resolution of GIDs on some systems has been fixed.
834 - Debian packages are now built for every new version.
835 - You can now specify if any password should fit for a particular user,
836 so that you don't have to set a user's password to nothing
837 (security).
838 - You can now turn off chroot() for particular users.
839
840 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.13
841 - David L. Nicol <david@kasey.umkc.edu> tested bftpd on Tru64.
842 He also improved the character filtering routine.
843 - Some RFC incompliance was fixed, improving compatibility with
844 FTPExplorer and LeechFTP.
845 - The SIZE command was implemented.
846 - A bug making the server segfault when being killed was fixed.
847 - A buffer overflow bug found by asynchro <asynchro@pkcrew.org>,
848 Jonathan Heusser <jonathanheusser@gyml.unibas.ch> and Christophe
849 Bailleux <cb@grolier.fr> was fixed.
850 - The SITE CHMOD and SITE CHOWN commands were implemented. You can turn
851 them off in the config file.
852 - A lot of useful changes proposed by Heiko Rother <rother@cmsnet.de>
853 were made:
854 - Standalone mode, independent from inetd
855 - Better support for symbolic links
856 - Display of user/group name instead of UID/GID
857 - Ability to set the umask
858 - Ability to log into syslog
859
860 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.12
861 - SmartFTP support was improved (parameters to LIST beginning with -
862 are discarded).
863 - A buffer overflow bug found by Christophe Bailleux <cb@grolier.fr>
864 was fixed.
865
866 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.11
867 - PAM support was implemented. Specify --enable-pam while starting
868 configure to use it.
869 - You can now specify users who should be unable to log in.
870
871 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.10
872 - Applied a big patch from Daniel Mack that makes some things better,
873 for example virtual host support, a FreeBSD correction for the
874 directory listings, etc.
875 - The MDTM command was implemented.
876
877 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.9
878 - Fixed another bug preventing successful running on Solaris.
879 - Implemented "message of the day".
880 - Fixed an evil bug in string substitution.
881 - Fixed a bug causing the server to crash when listing an empty
882 directory.
883 - The NLST command was implemented.
884
885 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.8
886 - Fixed a bug that caused StarOffice not to work.
887 - Removed the use of a non-Posix function that prevented compiling
888 on Solaris.
889 - Implemented an option to let root have / as his home directory
890 independent of his real one.
891
892 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.7
893 - The PASV command was implemented.
894
895 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.6
896 - bftpd also compiles on FreeBSD and Solaris.
897 - Aliases for users can be set.
898 - Error messages are now printed correctly.
899 - "In bftpd.conf you can define if you want bftpd to use /etc/shadow"
900 was removed again because it was stupid.
901 - Ratio was added.
902
903 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.5
904 - ls-independant directory listing was implemented. You don't need
905 special directories or files in your home directory any longer.
906 - Compiling works with configure for portability reasons now.
907 - bftpd also compiles on BSD/OS and DG-UX.
908 - The name of the log file can now be set in bftpd.conf.
909 - The RMD command was implemented.
910 - Internet Explorer and Netscape compatibility was improved.
911 - The REST command was implemented.
912 - The ABOR command was implemented (but with very stupid code!).
913 - In bftpd.conf you can define if you want bftpd to use /etc/shadow.
914
915 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.4
916 - Logging was implemented.
917 - A wrong error number for 'Permission denied' was fixed.
918
919 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.3
920 - A config file and two options have been implemented: You can
921 disable the server and you can disable .ftp.
922
923 Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.2
924 - It is now checked if .ftp is a symbolic link so that users don't
925 link .ftp to /.