"Fossies" - the Fresh Open Source Software Archive

Member "pure-ftpd-1.0.49/ChangeLog" (3 Apr 2019, 94109 Bytes) of package /linux/misc/pure-ftpd-1.0.49.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ChangeLog": 1.0.48_vs_1.0.49.

    1 
    2 * Version 1.0.49:
    3  - This version fixes a regression introduced in version 1.0.48 that broke
    4 the external authentication feature. Reported by Peter Hudec, thanks!
    5  - Sockets from `pure-authd` and `pure-extauth` are now always owned by
    6 `root` in order to cope with the absence of `CAP_DAC_OVERRIDE` on Linux.
    7 Suggested by Arkadiusz Miśkiewicz, thanks!
    8 
    9 * Version 1.0.48:
   10  - SNI support has been added. A new service, `pure-certd`, can run
   11 external code written in any language in order to map SNI names to TLS certificates.
   12  - External authentication handlers get a new
   13 `AUTHD_CLIENT_SNI_NAME` environment variable set when the client uses SNI.
   14  - TLS certificates and keys can now be in different files.
   15  - `make install` does not overwrite existing configuration files any
   16 more. The example files layout has changed.
   17  - TLS 1.3 is enabled when using OpenSSL 1.1.x.
   18  - TLS < 1.2 is disabled by default.
   19  - Quirks for obsolete OpenSSL versions have been removed.
   20  - Username _ftp can be used as an alternative to ftp everywhere.
   21  - Password hashing parameters are now chosen according to locally
   22 available resources. The `pure-pw` command gets to new switches: `-C` (as
   23 a hint regarding the number of simultaneous login attempts) and `-M`
   24 (total memory, in MB, to reserve for password hashing).
   25  - New translation: Albanian, thanks to Moisi Xhaferaj.
   26  - The `PRET` command has been added. It can avoid opening useless data
   27 connections for nonexistent content.
   28  - Dot-files are always displayed. We don't lie any more in some
   29 commands while not lying in other commands to respect the protocol.
   30  - Support for RFC 2640 has been removed from the free version, as it
   31 was early, experimental, slow, mostly broken and unmaintained code.
   32  - The `NLST` command doesn't perform globbing any more.
   33  - The `MLSD` command now prepends the path to file names.
   34 
   35 * Version 1.0.47:
   36  - Unlike other directory listing commands, the STAT command should
   37 use TLS on the control channel even if TLS has been disabled on the data
   38 channel. It wasn't the case; this has been fixed. Thanks to Carlo
   39 Cannas.
   40  - Return a 451 error code instead of 226 on aborted uploads.
   41  - The system user "_ftp" can be used as an alternative to "ftp" for
   42 anonymous sessions.
   43  - Compatibility with libsodium > 1.0.12 was added (including minimal
   44 mode).
   45 
   46 * Version 1.0.46:
   47  - The server can now be linked against OpenSSL 1.1.x with the strict API.
   48  - Unmaintained contributions have been removed.
   49  - Globbing: the number of * in an expression has been limited to 3.
   50 
   51 * Version 1.0.45:
   52  - TLS v1.0 sessions are now refused.
   53  - Version 1.0.44 didn't properly parse the TLSCipherSuite directive.
   54 This has been fixed.
   55 
   56 * Version 1.0.44:
   57  - The Perl and Python wrappers are gone. The daemon can now use a
   58 configuration file without requiring external dependencies.
   59  - Pure-FTPd can now be linked against OpenSSL 1.1.x
   60  - The QUIT command didn't work properly when the server was compiled
   61 without support for RFC2640. This has been fixed.
   62  - 3DES was removed from the default cipher suite.
   63 
   64 * Version 1.0.43:
   65  - Passwords can now be hashed using Argon2.
   66  - The -J switch didn't work any more in 1.0.42. This has been fixed.
   67  - The default cipher suite was simplified.
   68  - Authentication against system accounts is compatible with OpenBSD 6.0.
   69  - Fixed: protocol conformance when TLS sessions are refused.
   70  - Altlog records can now be sent to `stdout`/`stderr`.
   71 
   72 * Version 1.0.42:
   73  - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
   74 compiled with libsodium.
   75  - The connection is now dropped if HTTP commands are received.
   76  - LDAP force_default_gid and force_default_uid now work as documented.
   77  - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
   78 1.0.22 circa 2009, but disabled back then due to client compatibility
   79 concerns) is now on by default, except in broken clients compatibility mode.
   80 
   81 * Version 1.0.41:
   82  - libmariadb is looked for in addition to libmysqlclient
   83  - MySQL: my_make_scrambled_password() is not always an exported
   84 symbol any more, so pure-ftpd now ships a reimplementation.
   85  - openssl/ec.h is not available on some Linux distributions that
   86 disable EC in OpenSSL. This is being tested by autoconf.
   87  - New command-line switch: -2/--certfile= to set the path to the
   88 certificate file when using TLS.
   89 
   90 * Version 1.0.40:
   91  - Support for TCP_FASTOPEN added on Linux
   92  - The LDAP configuration file didn't allow a default gid without also
   93 defining a default uid. This is no longer the case.
   94  - OpenBSD's glob() left the glob_t structure uninitialized if the
   95 pattern was larger than PATH_MAX, causing globfree() to free() an
   96 unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.
   97 
   98 * Version 1.0.39:
   99  - Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5)
  100  - Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)
  101 
  102 * Version 1.0.38:
  103  - The default cipher suite is now ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH
  104  - TLS forward secrecy support was added. DH parameters are loaded from
  105 TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve
  106 is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically
  107 selected when using LibreSSL.
  108  - scrypt hashed passwords can be used in the MySQL, PostgreSQL and
  109 LDAP backends.
  110 
  111 * Version 1.0.37:
  112  - The -C: prefix can be added to the cipher suite in order to make valid
  113 client certificates mandatory. This is no longer a compile-time option.
  114  - The Clear Command Channel (CCC) command is now supported.
  115  - pure-config.py is compatible with Python 3.
  116  - SSL (v2, v3) is refused by default.
  117  - The PureDB backend supports the scrypt function in order to hash
  118 passwords. This is the preferred algorithm, but requires the presence
  119 of libsodium.
  120  - DES-hashed passwords are not supported any more.
  121  - LDAP uid and gid values can over overridden in the LDAP configuration file.
  122  - New LDAPUseTLS directive for LDAP.
  123  - RC4 was killed.
  124 
  125 * Version 1.0.36:
  126  - The safe_write()/safe_read() factorization broke extauth. Using
  127 safe_read_partial() to read from the extauth pipe wasn't enough.
  128 Bug reported by Rasmus Fauske.
  129  - Improved autoconf detection of -fstack-protector and -fPIE
  130  - If 10 digits are not enough to print the size of a file in an
  131 ls-like output, bump the max number of digits to 18. This adds support for
  132 files up to 1 exabyte.
  133  - Pure-FTPd can be compiled with Cygwin, ASLR/DEP is enabled by
  134 default on Windows, and ASCII downloads on Windows have been fixed.
  135  - A new undocumented macro, ALLOW_EVERYTHING_IN_FILE_NAMES, allows
  136 any characters in a file name. Disabled by default.
  137  - Don't display dot files (except . and ..) if dot_read_ok is 0 in
  138 donlist() - but not in sglob() yet. This change is purely cosmetic. There are
  139 many ways to figure out if a file exists.
  140 
  141 * Version 1.0.35:
  142  - Improve compatibility with the Intel and Ekopath compilers.
  143  - Use more paranoid compiler options whenever possible, and preliminary
  144 uncluttering of the autoconf script.
  145  - Try to cache locale-related data at startup after tzset(), rather
  146 than during a session.
  147  - Fix quota computation after rename() overwrites an existing file.
  148 Reported by Hiramoto Koujo, thanks!
  149 
  150 * Version 1.0.34:
  151  - Fix safe_write() inverted checks that broke uploads.
  152 
  153 * Version 1.0.33:
  154  - Sync built-in glob(3) code with OpenBSD-current, and remove code we
  155 don't use instead of ifdef'ing it.
  156  - Repair checkproc() on Linux when support for capabitilies is
  157 compiled in. Reported by Eric Gouyer.
  158  - Don't read /dev/*random every time we need a value. Just use
  159 arc4random() everywhere and seed it before we possibly chroot().
  160  - Add support for MFMT, with the same code as SITE UTIME.
  161  - Support 2-arguments SITE UTIME.
  162  - LDAP: Add LDAPDefaultHomeDirectory, suggested by Landry Breuil.
  163  - Add SSL_OP_NO_SSLv3 to SSL options if the list of ciphers is
  164 prefixed by -S: , needed by Brad.
  165  - Remove the various safe_read() / safe_write() instances and
  166 factorize them in safe_rw.c
  167  - Call OpenSSL_add_all_algorithms(), suggested by Brad.
  168  - Mention that WinSCP works fine with Pure-FTPd.
  169  - On Linux, opening a named pipe that nobody reads with O_WRONLY yields ENXIO.
  170 The workaround is to opens it O_RDWR. So, just do that.
  171 
  172 * Version 1.0.32:
  173  - Support SHA1 password hashing in MySQL and PostgreSQL backends
  174  - Support for braces expansion in directory listings has been
  175 disabled - Cf. CVE-2011-0418
  176 
  177 * Version 1.0.31:
  178  - Introduce --tlsciphersuite (-J) to set the list of allowed ciphers,
  179 thanks to Todd Rinaldo.
  180  - The -F switch has been documented in the built-in help.
  181  - Shell-like escaping is now partially handled when emulating the "ls"
  182 command.
  183  - Use my_make_scrambled_password() instead of make_scrambled_password().
  184 Suggested by Arkadiusz Miskiewicz.
  185 
  186 * Version 1.0.30:
  187  - Use malloc() instead of an ever-growing stack in pure-quotacheck.
  188 Fixes quota computation on a large number of files. Problem initially
  189 reported by jeff at cpanel dot net.
  190  - Treat OPTS UTF-8 like OPTS UTF8. Suggested by yjfan at longtop dot
  191 com.
  192  - Empty the command-line buffer after switching to TLS. Fixes a flaw
  193 similar to Postfix's CVE-2011-0411.
  194  - Provide ANSI-compliant MySQL configuration example.
  195  - Fix some issues with man pages.
  196 
  197 * Version 1.0.29:
  198  - max_dlmap_size was size_t instead off_t, causing misalignment while
  199 downloading > 4 Gb files on a 32-bits arch. Reported by Viktor Butskih.
  200  - pread() vs lseek()+read() was a useless optimization, since pread()
  201 doesn't change the file position and further reads weren't going through
  202 plain read() calls.
  203  - iconv_fd_* should be initialized by (iconv_t) -1 as we test them upon
  204 exit. Fixes segfaults on glibc.
  205  - pure-uploadscript tries to reach the pipe during 30 seconds instead of 10.
  206 
  207 * Version 1.0.28:
  208  - FTPD_PAM_SERVICE_NAME can be defined in order to change the PAM service
  209 name.
  210  - When an upload gets renamed (--autorename), send the new name to the
  211 uploadscript instead of the original one.
  212  - The ALLO command now checks for the actual disk space in addition to the
  213 virtal quota.
  214  - Work around OSX broken poll()
  215  - After an atomic resumed upload, don't append the previous file size to the 
  216 quota.
  217  - Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset is 
  218  UTF8.
  219  - Fix AUTHD_ENCRYPTED 
  220  - Reset the CWD failures counter after a successful directory has been
  221 created. It avoids spurious disconnections with ncftp.
  222  - Support for iPhone has been moved to another branch.
  223  - Fix crash with PostgreSQL.
  224 
  225 * Version 1.0.27:
  226  - Have pureftpd_shutdown() shut the server down even if a client is
  227 connected on iPhone.
  228  - Allow users with no quota to delete .pureftpd-upload-* files.
  229  - Unbreak ipv6 support, reported by Brad Smith.
  230  - Disable SSLv3 renegotiation if an old SSL library is used. If you really
  231 want to re-enable SSLv3 renegotiation, even with a recent library, you can
  232 always define ACCEPT_SSL_RENEGOTIATION.
  233 
  234 * Version 1.0.26:
  235  - Fix incompatibilities with Cyberduck when TLS is enabled.
  236  - Don't TLS_accept() immediately after accept(). Reply on the connection
  237 socket first, so that clients don't have to wait before knowing that they
  238 can actually use TLS. It avoids lags with LFTP and hangs with Cyberduck.
  239  - Properly change the process name on Linux when the -S option is used, by
  240 Margus Kaidja.
  241  - Unbreak authentication of non-chrooted users. Thanks to Juergen Daubert
  242 for the bug report.
  243 
  244 * Version 1.0.25:
  245  - Show symlinks as symlinks in MLSD, except when the broken client
  246 compatibility mode is turned on and links are not dangling (just like the
  247 old LIST and NLIST commands). Reported by Mime Cuvalo.
  248  - More gcc 2 compatibility, thanks to Todd Rinaldo.
  249  - Properly handle custom paths in man pages. Thanks to Scott Haneda and
  250 Mathieu Parisot.
  251  - Have $localstatedir default to /var as it used to be unless
  252 --localstatedir=... is explicitly passed to ./configure
  253  - Use @VERSION@ in man pages.
  254  - --without-pam disables PAM on OSX and iPhone.
  255  - Allow cross-compilation.
  256  - Experimental iPhone target.
  257  - Change the way it links, building a library first.
  258  - Don't use mmap() any more for downloads. It's too slow.
  259  - Don't use hard-coded paths in order to find MySQL and PostgreSQL
  260 libraries and header files. Use mysql_config and pg_config instead.
  261 Suggested by John Alberts.
  262  - Log the DELE command similar to the RETR and STOR commands. Suggested by
  263 Martin Fuxa.
  264  - The primary group gets cached so that it's always displayed in directory
  265 listings.
  266  - Avoid a client process to burn CPU in an infinite loop if the command
  267 channel gets disconnected before the data channel. Reported by Thomas Min
  268 and Margus Kaidja.
  269  - Restore the traditional behavior of a download restarting at the end of a
  270 file. For some weird reasons, some clients still insist on doing that. Don't
  271 send a 55x return code, just let them download... nothing.
  272  - Documentation updates.
  273 
  274 * Version 1.0.24:
  275  - Refuse empty passwords in LDAP bind mode. Reported by Henning Brauer.
  276  - The package can now be compiled with gcc 2.
  277 
  278 * Version 1.0.23:
  279  - LDAP: accept "enabled" as a correct value for FTPStatus as it used
  280 to be.
  281  - More useful error logging for OpenSSL errors.
  282  - Don't read certificates twice.
  283  - Fix compilation on Solaris with privsep, thanks to Ritesh Patel.
  284  - Don't replace : (as in IPv6 addresses) in host names. Thanks to Tero
  285 Pelander.
  286  - Add SUP top AUXILIARY to LDAP schema, suggested by Zhang Huangbin.
  287  - Don't ignore dot files even if -D is not supplied with the MLSD command.
  288  - Deinline code
  289  - Throttling more reliable
  290  - STAT is now working over TLS
  291  - DH keys for ephemeral key exchange are now handled
  292  - Fix libiconv checking
  293  - The column was missing in the PassivePortRange comment (thanks to Igor
  294 Alexadrov)
  295  - LDAP authentication through binding is now possible in addition to
  296 passwords. This allows for the FTP server to run with an unprivileged LDAP
  297 account. It also adds a warning if auth method password is used and doesn't find
  298 a userPassword attribute. This usually indicates that the LDAP bind DN
  299 cannot read the attributes, because it doesn't have sufficient privileges.
  300 Contributed by Wilco Baan Hofman.
  301  - Perform charset conversions on directory names. Issue spotted by Xianghu
  302 Zhao.
  303  - Almost a complete rewrite of the upload, download and TLS code for more
  304 reliability
  305  - Seemlessly handle ABOR without any SIGURG
  306  - Try to immediately handle any kind of disconnection
  307  - Use poll() rather than select() as much as possible
  308  - Distinguish aborted (even the hard way) and completed download and upload
  309 operations in log files
  310  - Minor corrections to he French messages
  311  - Don't use atomic uploads unless --notruncate or --autorename have been
  312 enabled
  313  - Take care of removing .pureftpd-upload-* files in every possible case
  314  - List up to 10000 files per directory per default instead of 2000
  315  - Don't mess with TCP_NOPUSH, as it interferes with OpenSSL
  316  - New compile-time option: --with-implicittls in order to build a FTPS-only
  317 server
  318  - ./configure --localstatedir can now be used in order to avoid storing the
  319 scoreboard and other dynamic files in /var/run/
  320  - Quota handling reworked (easier, and way more reliable)
  321  - RNTO support even when quota are enabled.
  322  - A bunch of return codes were fixed to be more RFC-conformant.
  323  - ALLO command is now actually checking if an upload can occur without
  324 blowing the quota.
  325  - Don't change the TCP window size. Admins should do this as part of their
  326 system configuration.
  327  - Privsep is now enabled by default. Use --without-privsep to disable.
  328  - --without-banner is gone. If you have a cookie file (-F), the default
  329 banner won't be displayed.
  330  - Compile with PAM by default on OSX.
  331  - Switch the privsep process to _pure-ftpd or pure-ftpd when no privileged
  332 call is actually necessary. Since only the effective uid chances, it's not
  333 brutally useful yet, but it paves the way for forthcoming changes.
  334  - Install man pages with local paths instead of hard-coded ones.
  335 
  336 * Version 1.0.22:
  337  - New catalan translation, by Taik0.
  338  - TLS support for LDAP, contributed by Marc Balmer.
  339  - pureftpd.schema contained two errors. Reported by Ulrich Zehl.
  340  - Fix usage of MySQL 5 stored procedures, by Bernhard Fischer.
  341  - Don't issue a warning in ./configure when the certfile does exist.
  342 Reported by Michael Bowe.
  343  - Have LDAP FTPStatus work since the schema changed. Thanks to David Majorel.
  344  - Compatibility with newer OpenLDAP versions. Thanks to Johan Ström.
  345  - Don't hang up during uploads if we get any other command than QUIT and
  346 ABORT.
  347  - SITE UTIME reads UTC time
  348  - A space is needed for inline content in response to the MLST command.
  349  - Time zone issues should be fixed for good. We have to redefine TZ,
  350 tzset() is not enough on Linux when we are in a chroot environment.
  351  - Correctly respond to FEAT without removing extra features when passive
  352 mode is disabled. Thanks to upb.
  353  - Better process name change setup for Linux.
  354  - Auto-created home directories are now created with mode 0777 (and
  355 directory umask is applied), per common request. It's very important to
  356 double check your umask.
  357  - Extend gid / uid to 10 digits in ls output. Extend file size as well.
  358  - Brazilian portuguese translation was updated.
  359  - Support new MySQL password scrambling, thanks to Jan Hudoba.
  360  - Larger mmap() chunks: downloads needs less CPU usage on platforms with
  361 slow mmap() like OpenBSD.
  362  - Fix SecureFX compatibility.
  363  - Use PQescapeStringConn() for PostgreSQL instead of hand-made escaping.
  364  - messages_check.pl had to leave the package as it was GPL-licenced.
  365  - Don't respond to server that an upload succeeded before the temporary
  366 file has been renamed.
  367  - TLS support on data channels, contributed by Rajat Upadhyaya from Novell
  368 and Christian Cier-Zniewski.
  369  - Use sendfile() on recent Solaris versions in place of sendfilev().
  370  - Don't use a deprecated interface for Bonjour registration.
  371  - Tell authentication handlers if the connection is encrypted or not,
  372 through a new AUTHD_ENCRYPTED environment variable. Suggested by Koczka
  373 Ferenc.
  374  - README.Netfilter has been removed.
  375  - Create all directories, not only the basement when on-demand directory
  376 creation is enabled and the user's home directory looks like /basement/./user.
  377 Suggested by Frederico Gendorf.
  378  - Fixed error reporting when TLS support was compiled in, but TLS wasn't
  379 enabled on the current session. Thanks to Arkadiusz Miskiewicz.
  380  - Log full path on file deletion. Thanks to Arkadiusz Miskiewicz.
  381  - Handle "ftp" and "anonymous" like normal accounts (with passwords) if -E
  382 (no anonymous logins) is specified. Thanks to Arkadiusz Miskiewicz.
  383  - Sleep before answering a password failure, not the other way round. From
  384 PLD Linux.
  385  - Fix gcc warning in puredb.
  386  - In broken mode, show symlinks as their real target. It can have side
  387 effects, don't forget that broken mode is... broken mode.
  388  - Respect aliasing rules for sockaddr_storage usage.
  389  - Privsep is enabled by default in the installation GUI.
  390  - --with-everything now includes privsep.
  391  - update: fix compilation with gcc 2.x, reported by John Lightsey.
  392 
  393 * Version 1.0.21:
  394     When SHA1HANDSOFF is defined, we shouldn't cast a pointer to a large union
  395 to a char buffer, because of alignment required by some architectures.
  396     WITH_THROTTLING should actually be THROTTLING in src/log_extauth.c . It
  397 fixes throttling with extauth. Reported and fixed by Marcus Merighi
  398 <mcmer at tor.at> through Brad our beloved OpenBSD maintainer.
  399     Rendezvous has been renamed Bonjour.
  400     A double-close in the CHMOD command has been fixed, reported by Christer
  401 Mjellem Strand.
  402     The old PAM sample has been removed.
  403     -F option added to pure-pw.
  404     MAX_USER_LENGTH has been bumped to 127 due to popular demand.
  405     pam/* can now be used if security/* doesn't exist. Fixes PAM
  406 detection on MacOS X.
  407     Call tzset() in chrooted apps in order to get correct time zones in
  408 syslog messages.
  409     simplify() simplifies paths ending by /. and /..
  410     MySQL's hash_password() needs 3 arguments since mySQL 4.1.
  411     Experimental support for RFC2640 (UTF-8 filename encoding) has been
  412 added, derived from code by Jui-Nan Lin.
  413     The LDAP schema has been changed: FTPStatus should be a boolean.
  414     New switch: -p (--pidfile=) for pure-authd and pure-uploadscript, by Old
  415 Sparky.
  416     By popular request, even non-chrooted users are now denied access if their
  417 home directory is not mounted.
  418     If die() is called during a TLS-enabled session, encrypt the death
  419 message. Contributed by Cynix.
  420     Don't wrongly abort transfer during file upload. Fix by Patrick Gosling.
  421     WITH_LARGE_FILES is now defined by default.
  422     sendfile64() support on Linux.
  423     privsep and main processes were swapped out so that pure-ftpwho displays
  424 the right pid.
  425     OPTS MLST has been implemented.
  426     SITE UTIME has been implemented.
  427     TCP_CORK is on by default again. A new configure switch, --without-cork,
  428 can disable it.
  429     Correctly format %c and %% in fakesprintf().
  430     The connection socket is now created with the Nagle algorithm disabled.
  431 It was the trick to dramatically improve performance when transferring a lot
  432 of small files.
  433     Updated getopt_long() and realpath() substitutes.
  434     Allow logging to named pipes (thanks to Steve Marple).
  435     Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server.
  436     Documentation updates.
  437     MySQL errors are now logged.
  438 
  439 * Version 1.0.20:
  440     MacOS X Panther and Tiger sometimes returns EAI_SYSTEM (errno=ENOENT)
  441 when a host is not found.
  442     The BSD getopt() update has been partly reverted.
  443 
  444 * Version 1.0.19:
  445     Until OpenBSD has UBC, we need to explicitly call msync() to
  446 synchronize data written by mmap() and read by read().
  447     Real disk space is no more shown unless SHOW_REAL_DISK_SPACE is defined.
  448     Fygul's email address has changed.
  449     Don't try to catch SIGKILL any more, it's uncatchable.
  450     PureUserAdmin was added to the contribs.
  451     getopt_long() was resynced with the OpenBSD version.
  452     The client socket switches to non-blocking mode before forking in
  453 accept_client() - reported by Agri <agri at desnol.ru>.
  454 
  455 * Version 1.0.18:
  456     Autoconf was bumped to 2.59, automake to 1.8.
  457     The sample source code in README.Authentication-Modules was bogus
  458 because of a missing 'echo end' statement. Thanks to Peter Ahlert
  459 <petera at gmx.net> for reporting this.
  460     New translation : hungarian. Contributed by Bánhalmi Csaba
  461 <banhalmi at enternet.hu>.
  462     New translation : catalan. Contributed by Oriol Magrané
  463 <omagrane at mediapro.es>.
  464     Max CPU time was bumped to 60 min.
  465     Disable hash_password() function call on MySQL 4.1.x and later.
  466     We now use two listening sockets (listenfd / listenfd6), one for IPv4, one
  467 for IPv6. The standalone_server() function has been reworked and split.
  468     New urlencode() function to escape characters in W3C and CLF altlog files.
  469 Based upon a suggestion and a patch by Volodin D.
  470     The xferlog format was also implemented by the way.
  471     New global : no_ipv4 to only listen to IPv6 in standalone mode.
  472     Use closefrom() if available to close all descriptors.
  473     Support for Rendezvous on MacOS X by Jean-Matthieu Schaffhauser.
  474     Support for Apple / GNUSTEP plist data output in pure-ftpwho, also by
  475 Jean-Matthieu Schaffhauser.
  476     The FileInfo structure was renamed PureFileInfo to avoid a name clash on
  477 Darwin.
  478     A lot of compile-time default values like GLOB_TIMEOUT, MAX_CPU_TIME and
  479 MAX_USER_LENGTH, are now overridable without any change to src/ftpd.h
  480     ENABLE_UNICODE_CONTROL_CHARS has been replaced with
  481 DISABLE_UNICODE_CONTROL_CHARS and a new switch, --without-unicode, defines
  482 that macro.
  483     Unlink the right pid files in pure-authd and pure-uploadscript. Reported
  484 and fixed by Oscar Sundbon <moose at djuren.org>.
  485 
  486 * Version 1.0.17a:
  487     FD_SET(-1, ...) is invalid, but it could happen on aborted transfers,
  488 causing Pure-FTPd to exit without removing ftpwho entries nor atomic files.
  489     safe_fd_set() has been introduced to solve this, it just works like
  490 safe_fd_isset() and ignores descriptor -1 and it has been placed on the same
  491 places.
  492 
  493 * Version 1.0.17:
  494     Some fixes were made to the traditional Chinese translation by Flaw Zero
  495 <flawzero at eyou.com>.
  496     Autoconf was upgraded to 2.58.
  497     TLS_CERTIFICATE_PATH has been renamed TLS_CERTIFICATE_FILE.
  498     --with-certfile has been added to ./configure to set up a value for
  499 TLS_CERTIFICATE_FILE. The default value has been reverted to
  500 /etc/ssl/private/pure-ftpd.pem.
  501     Solaris NIS accounts can now be converted using pure-pwconvert.
  502     Don't drop capabilities too early, or even chroot will be prohibited.
  503 Thanks to Arkadiusz Patyk, Li-Ren and Philipp Kern for their report.
  504     Negative return codes are not used any more - reported by Andrew Victor
  505 <andrew at sanpeople.com>
  506     System users whose password is '********' are now imported by
  507 pure-pwconvert (for newer MacOS X).
  508     New file : README.MacOS-X.
  509     Use SO_REUSEPORT in place of SO_REUSEADDR to bind the ftp-data port on
  510 FreeBSD. Suggested by Henri Virtanen <hvirtanen at daous.com>.
  511     Big change in the way upload are handled. We now maintain a per-process
  512 unique file name in an "atomic_prefix" global. This is the name of a temporary
  513 file that is actually used for upload, through the get_atomic_file() function
  514 that adds the basename if needed. Once the upload is completed or aborted, the
  515 temporary file is renamed. Or hard links are created when autorename is asked
  516 for (autorename happens after the upload now, not before). It changes a lot of
  517 stuff in dostor(), but it makes the whole thing easier and atomic uploads are
  518 really nice for the end user. --no-truncate (and the global no_truncate) can
  519 keep the old file when a new version of a file is being uploaded.
  520     Redundant calls to get_usec_time() were removed.
  521     Julien Andrieux's parser has been added to contribs.
  522     Errors when SSL certificates are missing are more explicit.
  523     The SITE TIME command was implemented. Suggested by Mark.
  524     A new sample of a PAM configuration file has been written. The previous
  525 one is still available as pure-ftpd.old.
  526 
  527 * Version 1.0.16c:
  528     We should disable the raw mode and send full HTML headers in CGI mode.
  529 Reported by Bernard Lheureux <bernard.lheureux at bbsoft4.org>
  530     Spelling errors were fixed in the .no translation by Brynjar Eide
  531 <post at mislykket.no>
  532     Always try to include sys/param.h before sys/mount.h in the autoconf
  533 script. Patch by Brad Smith <brad at openbsd.org>.
  534     FAQ addition regarding the STOU command. Written by C. Jon Larsen
  535 <jlarsen at richweb.com>
  536     PAM was broken in 1.0.16b due to PAM_SUCCESS not being copied to the right
  537 slot. It has been fixed.
  538     Automake has been updated to 1.7.8.
  539     configure.ac has been cleaned up a bit regarding the conditionnal inclusion
  540 of stdlib.h/unistd.h .
  541     RPMs are now built with largefile support, privsep and sysquotas by
  542 default.
  543 
  544 * Version 1.0.16b:
  545     PAM fixes.
  546     TLS should now compile on RedHat 9 that moved Kerberos headers to
  547 a specific directory.
  548     free(NULL) is ok => all code like "if (<value> != NULL) free(<value>);" 
  549 has been simplified.
  550     Automake has been upgraded to 1.7.7, Autoconf to 2.57a.
  551     The sysconf prefix is now used for SSL certificates as well.
  552     We break'ed too early when trying to resolve host names in
  553 pure-ftpwho and the local host name couldn't even be resolved. The problem was
  554 introduced in 1.0.16 when the MacOS X Panther workarounds were implemented.
  555     Thanks to JG <jg at cms.ac> for his bug report.
  556     /usr/local/include, /usr/kerberos/include and /usr/local/lib are only
  557 added to CPPFLAGS/LDFLAGS if they actually exist.
  558     pure-ftpwho now outputs XHTML 1.1 conformant code in CGI mode.
  559     pure-ftpwho now properly escapes XHTML special characters.
  560     pure-ftpwho now announces the ISO-8859-15 character set in XML mode.
  561     Disable IPV6_V6ONLY by popular request by people lost with the need of the
  562 -4 switch on some operating systems.
  563 
  564 * Version 1.0.16a:
  565     Fix typo (sizeof_resolved instead of sizeof resolved) in
  566 src/bsd-realpath.c . Not a vulnerability because it happens in the good way,
  567 but it sometimes used to break uploadscript.
  568 
  569 * Version 1.0.16:
  570     An obsolete comment in pure-ftpd.conf was fixed : RPMs don't parse
  571 /etc/sysconf/pure-ftpd any more.
  572     Recognize the '##' prefix as a shadowed password - make
  573 authentication work on Solaris with shadow/NIS.
  574     Add back some random sleep() between authentication failures in
  575 addition to the exponential sleep. Zzzzz... sleeping is good in summer...
  576     Upgrade to automake 1.7.5.
  577     The list of options in the pure-ftpd(8) man page was reordered -
  578 Thanks to our beloved Claudiu Costin.
  579     SSL/TLS support was added (bits in src/{ftpd.c,ftp_parser.c,tls.c,tls.h,
  580 configure.ac}, new doc: README.TLS, new globals: tls_ctx, tls_cnx). New
  581 related commands were introduced : AUTH, PBSZ and PROT.
  582     Uploaded files are now removed when realpath() fails and
  583 bsd_realpath() was modified to fall back to getcwd()/chdir() if we
  584 can't get a descriptor on the current directory because it is not
  585 readable. It fixes pure-uploadscript on some platforms like MacOS X.
  586     HAVE_BROKEN_REALPATH is gone. USE_BUILTIN_REALPATH is born.
  587     A typo in the Python configuration file wrapper was fixed : -t was used in
  588 place of -y.
  589     MacOS X Panther has a lousy getnameinfo() implementation that doesn't fill
  590 the buffer when no DNS entry is found for a host and a numerical result wasn't
  591 explicitly asked. As a result, Pure-FTPd didn't even start on Panther (saying
  592 "bad IP address") . We now check for EAI_NONAME if available and we retry with
  593 NI_NUMERICHOST if this is what getnameinfo() returns. Thanks to Yann Bizeul
  594 for his valuable help on this issue.
  595     Implement a working strdup() replacement in puredb for systems lacking it.
  596     Some MAXPATHLEN / MAXPATHLEN + 1 cleanups. Basically when paths are
  597 generated by our own functions, we use MAXPATHLEN for the complete
  598 zero-terminated string. When a buffer is passed to a libc function, we reserve
  599 a MAXPATHLEN + 1 buffer and give a MAXPATHLEN size, just to avoid bad
  600 surprises if an off-by-one ever occurs in a getcwd() like function.
  601     Don't use make_scrambled_password() in the MySQL backend because the API
  602 changed since MySQL 4.1.
  603     Removed fixed-size constant arrays in src/crypto.c because of MacOS X
  604 linker bugs (grrr...) .
  605 
  606 * Version 1.0.15:
  607     New translation : Turkish, contributed by Mehmet Cokcevik
  608 <dns at netline.com.tr> .
  609     PostgreSQL documentation templates have been fixed - At least User
  610 is a reserved keyword that needs quotes. Thanks to Henrik Edlund
  611 <henrik at edlund.org> .
  612     The maximal length of an account has been bumped a bit (42 chars),
  613 and that size is now consistent across functions through the
  614 MAX_USER_LENGTH macro. Thanks to Darth Vader (freddyke) for suggesting
  615 this.
  616     The comment about the location of the config file in the RedHat
  617 init script was synced with the new location.
  618     Tokens in the configuration file are now case independent.
  619     Automatic creation of home directories was fixed. Thanks to 
  620 Anthony DeRobertis for the fix.
  621     A typo in quota handling was fixed.
  622     Cable & Wireless NL is now WideXS and their mirror seems to be
  623 working again.
  624     Always fill descriptors 0/1 in order to make pure-uploadscript
  625 actually work when daemonizing. Thanks to Joerg Pulz
  626 <Joerg.Pulz at frm2.tum.de> for pointing this out.
  627     Don't open pipes with O_NDELAY, some systems don't like it at all.
  628 As a side effect, the server will now wait until pure-uploadscript is
  629 actually started before accepting connections and this is a _good_ thing.
  630     The server load is not displayed any more, by popular request.
  631     The version number isn't displayed any more as well.
  632     GNU's getopt_long() has been replaced by an OpenBSD derivative.
  633     --without-longoptions has been removed. We keep the old macros and
  634 #ifdef though, just in case we want to improve the minimal mode later.
  635     New unofficial macro : DISPLAY_FILES_IN_UTC_TIME to display directory
  636 listings with UTC times.
  637     The danish translation was updated - Lyberth.
  638     pure-pw now returns error codes.
  639     WIN32_ANON_DIR can override the default anonymous FTP directory on
  640 Win32.
  641     Fix "pure-pw usermod -y" by introducing has_per_user_max.
  642     New subcommand : "pure-pw list", that summarizes available
  643 accounts in a puredb.
  644     Enlarge TCP window as it was a long time ago. It brings better
  645 performances on BSD systems. Define NO_TCP_LARGE_WINDOW to disable.
  646     Try to early detect timeouts by checking whether select() returns 0.
  647     Don't try to reduce capabilities if we obviously can't because the
  648 server has not been started by root.
  649     Pure-FTPd is now 100% covered by the BSD license.
  650 
  651 * Version 1.0.14:
  652     Use random() if available, not rand() for fortune cookies.
  653     Remove broken lseek(fd, -1, 0).
  654     When writing to clients data sockets fails, the client probably
  655 hung up. IE, for instance, doesn't seem to properly abort transfers
  656 and say "QUIT" when a transfer is canceled by the user. So, log
  657 MSG_ABORTED instead of MSG_DATA_WRITE_FAILED.
  658     Check whether we are inside a Virtuozzo virtual environment and
  659 disable sendfile() if this is the case. Thanks to Kittiwat Manosuthi
  660 for his help on this issue.
  661     Automake has been upgraded to version 1.7, autoconf to version 2.57.
  662     Introduce privsep.h, privsep_p.h, privsep.c and --with-privsep.
  663     Drop capabilities after the call to nice() because we need
  664 CAP_SYS_NICE.
  665     Don't waste time with in dopasv() to get the name of the socket we
  666 just created.
  667     Add "ptracetest".
  668     Enable __EXTENSIONS__ and _XPG4_2 on Solaris in ./configure.ac
  669     Also check whether a client has gone away by testing xferfd and
  670 introduce safe_fd_isset() that just works like FD_ISSET() but doesn't
  671 choke when the descriptor is -1. It fixes bus errors on FreeBSD.
  672     Add force_passive_ip_s in order to store the argument of -P.
  673 Passive IP addresses are now resolved in doit() for every new
  674 connection, by popular request. It means that "-P ftp.example.com" now
  675 works, even for dynamic addresses.
  676     Split the function that creates an active data socket into two
  677 parts : doport2() and doport3(). doport3() actually creates it,
  678 doport2() does other gadgets like checking for FXP, etc.
  679     Carefully check whether we have OpenBSD/MicroBSD-like MD5/SHA1
  680 functions in libc and not an incompatible variant like Cyrus SASL.
  681     The "Welcome to Pure-FTPd" decorations were replaced with
  682 something more neutral.
  683     Introduce ISCTRLCODE() instead of doing it by hand every time and
  684 properly reject Unicode control chars while we are at it.
  685     New contrib : Webmin module, by La Shampoo.
  686 
  687 * Version 1.0.13a:
  688     Fix pure-config.pl with old versions of the Perl interpreter.
  689     Fix compilation with PostgreSQL, thanks to Sakari Tanhua 
  690 <stanhua at cc.hut.fi> .
  691     
  692 * Version 1.0.13 :
  693     Swap simplified and traditional chinese settings. Reported by Ying-Chieh
  694 Liao <ijliao at csie.nctu.edu.tw> .
  695     Ignore ESTA if a passive IP is forced or the NAT mode is enabled, because
  696 the private address is probably meaningless.
  697     README documentation improvements, contributed by Jeffrey Lim
  698 <jf_____ at fastmail.fm>
  699     Avoid NGROUPS_MAX when possible - Idea from tuxfamily.org CVS tree.
  700     LDAP schema changed to work with newer OpenLDAP releases.
  701     New LDAP directives : LDAPFilter, LDAPHomeDir and LDAPVersion.
  702     Be a bit more heavy when creating home directories, it should solve
  703 troubles users had with path containing extra slashes.
  704     Try again when the pipe can't be opened in pure-uploadscript.
  705     New --with-boring switch (BORING_MODE macro) .
  706     Fix sendfile() support on Solaris, thanks to Emmanuel Hocdet
  707 <man at t-online.fr>
  708     Add uptime support for pure-mrtginfo on FreeBSD. Contributed by
  709 Ying-Chieh Liao <ijliao at csie.nctu.edu.tw> .
  710     Fix error when deleting files with an absolute directory when quotas are
  711 enabled. Contributed by Johannes Erdfelt <johannes at erdfelt.com> .
  712     dobanner() rewritten. It's now the same code to display .message and
  713 .banner files and the content is sent line by line. We can't afford to load
  714 everything and simply call addreply_noformat(), because if a banner starts
  715 with a digit, it would be complicated to insert spaces to be RFC conformant.
  716     Fix typo in the example configuration file (pureftp -> pureftpd) .
  717 Reported by Kyle Herbert (http://www.firstnetimpressions.com/) .
  718     Spanish translation updated (Lluis) .
  719     Chinese translation updated (Fygul) .
  720     There's now an unique official spelling : "Pure-FTPd".
  721     Autoconf 2.54, Automake 1.6.3.
  722     Move getloadavg() and similar functions to getloadavg.{h,c}.
  723     Get the 5-min load average, not the instant load.
  724     Raise the default maxdiskpct from 90% to 99%, as many people don't figure
  725 out why they can't upload an ISO image when there's 700Mb free on a
  726 7Gb partition.
  727     Relax permissions enforcement in dochmod() when quotas are enabled
  728 - Thanks to Claudiu.
  729     Introduce checkprintable() function in ls.c : don't display files
  730 whose name contains characters < 32.
  731     Contributed sfv-crc-check has been removed (people reported that it simply
  732 doesn't work) .
  733     PAM sample fixed : ftplockout should really be ftpusers. Add some
  734 common system accounts by the way.
  735     More flexible RPM spec file, contributed by Johannes Erdfelt
  736 <johannes at erdfelt.com> .
  737     New translation : Czech, contributed by Martin Sarfy
  738 <xsarfy at informatics.muni.cz> .
  739     Merge Clive Goodhead's patch to implement MYSQLDefaultGID and
  740 MYSQLDefaultUID and port it to PostgreSQL.
  741     pure-config.pl has been completely rewritten in a clean way by
  742 Aristoteles Pagaltzis <pagaltzis at gmx.de> .
  743     New contrib : pure-vpopauth.pl .
  744     Remove backtitle in gui/build.sh, it breaks radio lists on some
  745 dialog versions.
  746     Enable --without-ascii by default on Win32. It means that text
  747 files must be in Windows format (CR+LF) on the server, no more in an
  748 Unix fashion, or clients will get bare LFs (and intelligent clients
  749 will switch to binary mode, so files sent in Unix format will be
  750 retrieved in Unix format - great) .
  751     redhat.init now uses pure-config.pl as different configuration
  752 files was confusing people.
  753 
  754 * Version 1.0.12 :
  755     Style : opt_l_ is now an argument of donlist() - no more need to set
  756 up the global variable before calling the function.
  757     A (fake for now) ACCT command has been added. Maybe it will solve a
  758 conflict with some versions of Fetch for Macintosh.
  759     NLST and MLSD should be able to handle only one file. Don't split file
  760 names, don't parse options. Reported by Martin Hedenfalk.
  761     Support for sendfile() on HPUX and sendfilev() on Solaris. Contributed
  762 by Kenneth Stailey.
  763     Don't display "you are user number 0".
  764     Check whether we have pread() in configure.ac .
  765     Remove dead scoreboard files in pure-ftpwho, even those whose status
  766 isn't marked as free.
  767     New translation : Russian. Contributed by Andrey Ulanov
  768 <drey at rt.mipt.ru> .
  769     New translations : simplified and traditional Chinese. Contributed
  770 by Fygul Hether <fygul at fgs.org.tw> .
  771     New IPv6_OK message to tell people when a server also accepts IPv6
  772 connections if DISPLAY_IPV6_OK is defined.
  773     In extauth, there's no more need to fill fields except auth_ok
  774 when authentication is refused (auth_ok = {0,-1}) . uid/gid/dir are only
  775 checked with auth_ok = 1. It's then easier to chain other authentication
  776 modules.
  777     Linux binaries will now be linked against GlibC 2.2.x .
  778     Use the non-root mode for the Windows port.
  779     Don't forget to retrieve LDAP_FTPUID and LDAP_FTPGID when fetching
  780 LDAP info.
  781     Introduce closedata() to close the data socket. It avoids
  782 duplicate code. opendata() now returns void : the result is in the
  783 xferfd global.
  784     fakesnprintf() now supports %c.
  785     Implement FTP Data Connection Assurance
  786 (http://www.ietf.org/internet-drafts/draft-ietf-ftpext-data-connection-assurance-00.txt)
  787     Buglets fixed in the PostgreSQL documentation.
  788     Pure-FTPd User Manager added to the contribs.
  789     Add exponential delay after a 'cd' failure. Suggested by Jim.
  790 
  791 * Version 1.0.11 :
  792     New translation : Norwegian. Contributed by Kurt Inge Smådal /
  793 EasyISP.org <kurt at easyisp.org> .
  794     Fix typo (RATIO->RATIOS) in log_extauth.c and ratios are now working
  795 with the extauth module :)
  796     Autoconf upgraded to 2.53 .
  797     PAGE_SIZE can be non constant. So we try to get it with getpagesize() or
  798 sysconf() . PAGE_SIZE and MAP_SIZE have become page_size and map_size.
  799 Thanks to brad at openbsd.org .
  800     Dutch translation updated - Johan Huisman <sietze.jan.huisman at 12move.nl>
  801     Typo in log_extauth.h (bandwidth -> bandwidth) . Fixes throttling with
  802 extauth. Reported by iTooo <itooo at itooo.com> .
  803     Italian translation updates (Alex Dupre) .
  804     Workaround against Solaris streams bugs - Kenneth Stailey.
  805     getspnam() is now probed in addition to <shadow.h> in order to find
  806 whether shadow passwords are available - Kenneth.
  807     Check for setreuid/setresuid/setregid/setresgid is seteuid/setegid
  808 aren't available. Use them in place of seteuid/setegid if necessary - Kenneth.
  809     Fixed a typo in the previous line - Brad :)
  810     Use pstat_getdynamic() to get the load average if available. It works on
  811 HPUX - Kenneth.
  812     Use pstat() to change the process title on HPUX - Kenneth.
  813     Cosmetic cleanups (tabs instead of spaces, etc) .
  814     The good'ol poweredby.jpg logo has been replaced by pure-ftpd.png, the
  815 new official logo contributed by Gabriele Vinci <gabriele at pronto.it> .
  816     We now have plenty of FTP mirrors, see the end the README file.
  817 
  818 * Version 1.0.10 :
  819     GCC updated to 3.0.4.
  820     Automake updated to 1.6. configure.ac has zapped deprecated
  821 constructions.
  822     Autoconf updated to 2.52i. Autoconf doesn't like conditional *_LDFLAGS
  823 in Makefiles any more.
  824     Probe for *postgresql* in addition to *pgsql* to find include/lib paths
  825 for PostgreSQL (configure.ac) .
  826     *reply() functions rewritten from scratch: simpler code, no more
  827 recursivity (makes Solaris happy) and faster processing.
  828     Accept '..' in file names in fakexlate() .
  829     Use addreply_noformat() whenever possible (speedup).
  830     New switch : -Z (--customerproof) . Right now, it adds | 0600 or | 0700
  831 to chmod commands to avoid users locking their own files. Additionnaly, we
  832 now try a traditional chmod() call if fchmod() fails. There's a race here,
  833 but no security trouble to fear. Reported by Mark Reidel <mr at domainfactory.de>
  834     Spec file fixes, contributed by Jose Pedro Oliveira <jpo at di.uminho.pt>
  835     PureDB binary search could fail with -1 as a slot number - fixed.
  836 
  837 * Version 1.0.9 :
  838     Korean translation updated.
  839     Spanish translation updated.
  840     Slovak translation updated.
  841     Load average is now checked on Irix - Contributed by Florin Andrei
  842 <florin at sgi.com> and Chan Wilson <cwilson at sgi.com> .
  843     Make the PAM example more generic. -Thorsten.
  844     External authentication modules can now be compiled in even when
  845 ratio/quotas/throttling aren't enabled. -reported by pierre at epinetworx.com .
  846     /dev/*random devices can now be probed at run-time when
  847 PROBE_RANDOM_AT_RUNTIME is defined. Suggested by Kenneth Stailey.
  848     Remove loop alignment in minimal mode - GCC doesn't like it on Solaris.
  849     Enabling the non-root mode now implies virtual chroot. - Some big
  850 improvements to the non-root mode. Almost all features of the root mode are
  851 now working.
  852     SITE ALIAS buglet fixed - Kenneth.
  853     Parse a.b.c.d IP addresses (without /netmask) and blah.blah.blah
  854 (hostnames) in log_puredb access/deny rules. Suggested by Maxnerd.
  855     Autoconf updated to 2.52h.
  856     Don't drop CAP_CHOWN before login completion, so that on-demand
  857 directories are chown()ed to the right user when capabilities are enabled.
  858     fake* files are now under a BSD license.
  859     The PgSQL backend now accepts 'any' and 'md5' keywords for the password
  860 hashing - Contributed by Bjoern.
  861     External authentication modules are now working on non-Linux systems :
  862 we were sending every line from log_extauth to pure-authd in separate
  863 packets to the local unix socket, but we were only reading a single packet
  864 then. Now, we also group everything to a single packet before sending the
  865 data.
  866     Merge Ben Gertzfield's extended LDAP schema.
  867     AtheOS is unfortuntely gone from the list of supported OS because it
  868 lacks mmap().
  869     Invalid SQL queries are now logged in order to help debugging.
  870 
  871 * Version 1.0.8 :
  872     Set errno in fake functions.
  873     Get rid of rd_len, rename rd -> root_directory, always ensure that it
  874 has a trailing '/' to simplify further code.
  875     Recognize the /./ hack for anonymous users ('ftp' account). Contributed
  876 by Teo de Hesselle <teo.dehesselle at uts.edu.au> .
  877     Strip leading / in fakechroot (just to be coherent with the trailing /
  878 now in root_directory) .
  879     Have the non root mode work with virtual chroot. People are restricted
  880 to the directory pure-ftpd was started in.
  881     Fix compilation on AtheOS.
  882     Allow pure-quotacheck to run as a non-root user (suggested by Philip Mak
  883 <pmak at aaanime.net>) .
  884     Merge realpath() replacements from OpenBSD-current, because some Solaris
  885 libC have a broken realpath() implementation.
  886     Support for MD5 hashed passwords in log_mysql. Contributed by Nicolas
  887 Doye.
  888     Force a minimum of 64k i/o buffers.
  889     Get rid of the ugly daemons.c inclusion in pure-mrtginfo.c .
  890     Merge the W3C log format - contributed by Thomas Briggs <tom at sane.com> .
  891     Add initsupgroups() function and always call initgroups() *BEFORE*
  892 chroot. An important fix pointed out by Adam Kruszewski (Fantomik) and
  893 Wojtek "elluin" Kaniewski.
  894     Add CAP_SETUID if we're on a system with Linux capabilities, but no
  895 setfsuid() call. Who knows, there are maybe very strange GlibC.
  896     New switch : -G (--norename), new global : disallow_rename .
  897     sizeof(FTPWhoEntry_.filename) increased in ftpwho-update.h .
  898     Reply with 530, not 550 when user isn't logged in. Reported by Philip
  899 Mak <pmak at animeglobe.com> .
  900     Follow symlinks in pure-quotacheck. We need this to support virtual
  901 chroot.
  902     Remove extra "." in "Entering passive mode" message to please some very
  903 old BSD kernel proxies. Reported by BigAndy.
  904     Open descriptors 0,1,2 (->/dev/null) in forked uploadscripts, just to
  905 please some programs that are crashing when they can't write to stderr
  906 (example : Unison) .
  907     Add a fakechroot version of realpath() so that altlog works with
  908 absolute file names.
  909     New FAKECHROOT_EXCEPTION macro to avoid I/O wrappers. -Used in
  910 bsd-realpath() .
  911     Cygwin doesn't have a working initgroups() call (always returns -1) =>
  912 don't abort if the call doesn't succeed. Also, have getpwnam() and getpwuid()
  913 always return the same fake values on win32.
  914     Speedup : chroot("/") means no chroot at all, no need to wrap I/O
  915 functions in that case.
  916     mode_t is an unsigned short on MacOS X, so it's promoted to unsigned
  917 int - take care of that for fakeopen() mode.
  918     Fix throttling in ASCII mode - the nowait condition is o >= st.st_size,
  919 not left > skip.
  920     Log passwords when the server is compiled with DEBUG.
  921     Remove TVFS conformance announcement (FEAT command) when virtual chroot
  922 is enabled.
  923     Fix bashisms/zshmisms in configure.ac and links OpenSSL if needed with
  924 OpenLDAP. Contributed by Ben Gertzfield (che_fox) .
  925     Merge pure-authd and the 'extauth' external authentication handler.
  926 Relevant files are man/pure-authd.8, src/log_extauth* src/pure-authd* .
  927     Undefine fakechroot macros before their definition, it shuts the
  928 compiler up on Solaris.
  929 
  930 * Version 1.0.7 :
  931     Use /dev/arandom and random() instead of /dev/urandom and rand() when
  932 possible. Suggested by Brad Smith <brad at openbsd.org>.
  933     Korean translation updated (Im).
  934     GCC upgraded to 3.0.3 for binary packages.
  935     Don't chroot to /etc/pure-ftpd/<ip>/. , but to /etc/pure-ftpd/<ip> for
  936 virtual users. Virtual chroot didn't like it.
  937     RPM packages can now be built with LDAP, Mysql and PostgreSQL.
  938 Contributed by Ben <ben at zaeon.com> .
  939     Directory aliases (DIRALIASES macro, diraliases.{c,h}, minor tweaks to
  940 ftpd.c (docwd) and ftp_parser.c (site alias)) . Contributed by Kenneth
  941 Stailey <kstailey at yahoo.com> .
  942     Cindy has moved.
  943     Add a fake chroot wrapper for stat[v]fs[64]() and rm/mkdir.
  944     Check directory, not file for stat[v]fs[64]() - Option -k should really
  945 work now.
  946     Don't count .ftpquota in pure-quotacheck. Reported by Jan Pavlik.
  947 
  948 * Version 1.0.6 :
  949     New fakechroot.{c,h} files. They contain wrappers for most I/O functions
  950 to emulate chroot and follow symbolic links.
  951     PostgreSQL support, based upon log_mysql.
  952     Known issue with virtual chroot (FIXME) : files with ".." in their names
  953 are denied.
  954     Danish and Korean translations updated.
  955     Typos were fixed in the Polish translation (contributed by Mariusz
  956 Pekala <skoot at poczta.onet.pl>).
  957     Check for libelf before libkvm in Autoconf (Kenneth)
  958     Don't enable TCP_NODELAY any more on the connection socket. FTP Explorer
  959 doesn't like it.
  960     Don't assume that crypt() always returns non-NULL pointers. Thanks to
  961 Paul <paul at chipmunkweb.yi.org> for his help on that issue.
  962     New translation : Swedish (messages_sv.h).
  963     Don't clear dot_{read,write}_ok when quotas are enabled. Instead, check
  964 for enabled quotas in checknamesanity() and refuse everything with
  965 ".ftpquota" in it => ok because only 'ls' performs globbing.
  966 
  967 * Version 1.0.5 :
  968     Rename and delete operations are now syslogged.
  969     Strange characters are now stripped from .banner/.message files.
  970     Unofficial macros to give more power to anon users :
  971 ANON_CAN_CHANGE_PERMS, ANON_CAN_DELETE, ANON_CAN_RESUME and ANON_CAN_RENAME.
  972     Return 550 when an upload excess quota.
  973     New unofficial macro : LOG_ANON_EMAIL .
  974     File deletion and rename are now logged.
  975     [v]snprintf() replacements have been totally rewritten.
  976     Accept multiple ip/mask filtering rules in the puredb backend.
  977     The load average can now be read on Solaris < 2.6 (where getloadavg()
  978 isn't implemented) . Contributed by Keneth Stailey.
  979     Documentation updates (FAQ and pure-ftpd man page), translation updates.
  980     Autoconf updated to 2.52g, Automake to 1.5b.
  981 
  982 * Version 1.0.4 :
  983     Clean up pure-config.pl and use Perl's exec with an array, circumventing
  984 the system shell. (Gives less surprises with strange characters in the config
  985 file, is also more efficient.) (Matthias)
  986     Clean up pure-config.py and use os.execv, work done by Joshua Rodman.
  987 Thanks a lot. Autoconf adjustments to pure-config.py by Matthias.
  988     Fix configure.ac to use ":" in the path to AC_PATH_PROG rather than " ",
  989 add PYTHON search, declare PERL and PYTHON precious, if not found, default to
  990 /usr/bin/env <program>, add pure-config.py to AC_CONFIG_FILES. (Matthias)
  991     Close descriptors in pure-ftpwho (paranoia. I wasn't able to change any
  992 ftpwho file even without this -j.)
  993     New ADD_EXTRA_GROUPS_TO_ANON unofficial macro to enable supplementary
  994 groups for anonymous users (disabled by default) .
  995     Accept 2000 chars long .message files even on systems where MAXPATHLEN
  996 is very low (e.g. Irix and FreeBSD) . Contributed by Michael Glad
  997 <glad at daimi.au.dk> .
  998     Recognize "p@sw" as a synonym for "pasv" to bypass SMC Barricade mangling.
  999     Fixed compilation on Corel Netwinder devices (Gareth Woolridge).
 1000     Allow EPSV when IPv6, regardless of the broken compatibility flag.
 1001     A workaround for buggy Autoconf versions was added in configure.ac
 1002 (AC_PATH_PROG didn't work when the path wasn't a variable : IFS was set but
 1003 it wasn't effective without any substitution) .
 1004     Have dodele() handle unlink() errors even when virtual quotas are
 1005 enabled. Also, the stat() (that was changed to lstat())/rename() race was
 1006 fixed by an additional lstat() on the destination file.
 1007     simplify() has been moved to ftpd.c . We call it for mkd/rnto/stor file
 1008 names before stripping spaces, just to be a bit more annoying with warez
 1009 players.
 1010     VUSERS stuff was removed. It has been obsoleted by the puredb backend.
 1011     New FAQ file.
 1012     The ML address has changed to pureftpd.org/ml instead of a direct link
 1013 to SF, just in case we move to something more reliable.
 1014 
 1015 * Version 1.0.3 :
 1016     New ASCII conversion function (doasciiwrite()), faster, easier and less
 1017 buggy than the original one. And it fixes a funny compatibility issue with
 1018 Homesite.
 1019     Look for perl in /usr/bin before /usr/local/bin (better to build RPM
 1020 packages) .
 1021     Don't forget to remove libsafe before building binary packages :)
 1022     New unofficial macros : DISABLE_MKD_RMD and DEFAULT_TO_BINARY_TYPE.
 1023 
 1024 * Version 1.0.2 :
 1025     Upgraded to Autoconf 2.52f.
 1026     Disallow rnto to existing files when quotas are enabled. Not for
 1027 nonexistent files.
 1028     Don't use setfsuid() when system quotas are enabled -> undef
 1029 HAVE_SETFSUID_H in ftpd.h if SYSTEM_QUOTAS if defined.
 1030     Always restrict the size of chunks for downloads when ftpwho is enabled.
 1031     Parse every component of the path in create_home_and_chdir().
 1032     Include some more (v)snprintf() implementations, using vfprintf() and
 1033 _doprnt() . Needed for Tru64.
 1034     The upload pipe now receives upload info as follows :
 1035 \002username\001filename\000 . That way, virtual user names can be read.
 1036     PureDB is now covered by a BSD license and it was upgraded to version
 1037 2.0 .
 1038     Don't forget the -k option in Perl/Python parsers.
 1039 
 1040 * Version 1.0.1 :
 1041     Enable keepalive on data sockets, disable ndelay.
 1042     Downgrade to autoconf 2.52.
 1043     Fix 'left' value when throttling is enabled in doretr() with sendfile() .
 1044     Add --without-nonalnum / PARANOID_FILE_NAMES.
 1045     New funny french messages.
 1046     Quota fixes when uploads are aborted. New dostor_quota_update_close_f()
 1047 function. Yeah, what a nice and long name :)
 1048 
 1049 * Version 1.0.0 :
 1050     Remove the last dynamic array in dostor(), use ALLOCA instead.
 1051     Solaris considers mmap()ed region as char * instead of void *. Add
 1052 explicit casts to shut up the compiler.
 1053     Add CallUploadScript in pureftpd.conf sample.
 1054     Support Base64-encoded MD5/SHA and salted MD5 (SMD5) and SHA (SSHA) 
 1055 LDAP passwords.
 1056     Updated danish translation - Lyberth.
 1057     Updated polish translation - Arkadiusz.
 1058     New messages_sk.h and messages_kr.h translation files.
 1059     Renamed messages_sp.h -> messages_es.h .
 1060     Separate {bandwidth,quota,ratio} changed pairs in AuthResult.
 1061     Accept @ for LDAP logins.
 1062     Have pure-uploadscript write a /var/run/pure-uploadscript.pid file.
 1063     Irix portability fixes, thanks to Florin Andrei <elf_too at yahoo.com>.
 1064     MLST/FEAT conformance fixes.
 1065     PAM fixes (Thorsten).
 1066     Get rid of the dot_ok global.
 1067     Have the main server delete ftpwho files.
 1068     Check for statvfs64().
 1069     Spec file improvements (Bernie).
 1070     keepallfiles = 0 when users belong to the trusted group.
 1071     Disable quota for anonymous users.
 1072     Fix various compiler warnings (Matthias).
 1073     Have pure-pw support puredb files even when the server hasn't been
 1074 compiled --with-puredb. Suggested by Arkadiusz.
 1075     New --with-sysconfdir configure switch. Suggested by Arkadiusz and
 1076 Matthias.
 1077     Don't strip spaces in commands, unless SKIP_TRAILING_SPACES is defined.
 1078 It was an historical behavior but it breaks spaces before and after file
 1079 names, passwords beginning with spaces, etc. Thanks to Andreas Piening
 1080 <Andreas.Piening at ePost.de> for helping to solve that issue.
 1081     Replace extra spaces around uploaded file names (and rnto) with '_' to
 1082 avoid stupid practices of warez folks.
 1083     New message files format checker (messages_check.pl) provided by
 1084 Matthias Andree.
 1085     Add mysnprintf.{c,h} wrapper for brain damaged snprintf() implementations.
 1086     Refuse rename() with --keepallfiles.
 1087     Upgraded autoconf to 2.52d. Get rid of acconfig.h .
 1088     Changed configure.ac trailer - Contributed by CmdrTaco of Slashdot (only
 1089 two people know why... this is the mystery of pureftpd :)
 1090     Misc. nice cleanups everywhere (Matthias, Bernhard, Jason, Arkadiusz).
 1091     Upgraded to gcc 3.0.2 for binaries.
 1092     Don't increase size quota when overwriting existing files - Reported by
 1093 Eric <ericnew at pacific.net.sg> .
 1094 
 1095 * Version 0.99.9 :
 1096     Complete rewrite of src/*ftpwho*. We now use a scoreboard directory
 1097 (/var/run/pure-ftpd) with mmap()ed structures instead of SysV IPC. It might
 1098 be a bit slower than IPC, but it's definitely more reliable, it doesn't need
 1099 any OS tweaking, it's simpler code, etc.
 1100     Support the service part in getnameinfo() emulation code for pure-ftpwho.
 1101     Ansified bsd-glob* and gnu-getopt* .
 1102     Avoid a clash for struct statfs between sys/vfs.h and sys/capability.h .
 1103     Consider negative filedescriptors as valid (prepare for O_DIRECT).
 1104     -H is now a synonym for -n in pure-ftpwho.
 1105     Use safe_write() when possible instead of plain write().
 1106     Much efficient buffering code in ls.c .
 1107     New -m switch in pure-pw. New environment variables for the default path.
 1108     Refuse atomic replacement of files when quotas are enabled.
 1109     Accept pure-pw mkdb without any further argument.
 1110     New pid_file glob.
 1111     Documentation fixups. Contributed by James Metcalf <james at asset-ict.com>
 1112 and http://www.php4hosting.com/ .
 1113 
 1114 * Version 0.99.4 :
 1115     Change uploaded and downloaded to unsigned long long. Display file
 1116 sizes as unsigned long long in src/ls.c. (Thorsten/Matthias)
 1117     RPM improvements. (Thorsten)
 1118     Chroot everyone by default in pure-pwconvert.
 1119     Refuse 0Kb bandwidth for throttling in pure-pw. Reported by Ben Weir.
 1120 
 1121 * Version 0.99.3 :
 1122     Don't include users that don't have a valid directory in pure-pwconvert.
 1123     Old versions of MySQL (<= 3.22.x) are now supported.
 1124 mysql_real_escape_string() wasn't implemented. We now just check this in
 1125 configure and fallback to mysql_escape_string() if necessary.
 1126     Fixed RPM building with PAM, thanks to Sergey Mihailov.
 1127     Add PureDB to configuration file wrappers, thanks to Sergey Mihailov.
 1128     Include sysconfig sample in RPMs.
 1129     Support MySQL's password() hashing function. Contributed by Robin Ericsson.
 1130     Dutch translation updated (Johan Huisman <sietze.jan.huisman at 12move.nl>) .
 1131     New keyword in mysql config : MySQLTransactions.
 1132     Reject new uploads if user_quota_files/size > quota->files/size .
 1133     dynamic.c rewritten in a simpler way.
 1134     Allow @ and : in MySQL login names (Contributed by Arkadiusz).
 1135     Add ratios and bandwidth to the MySQL backend.
 1136     Accept the "any" keyword for MySQL auth. Don't if...else if
 1137 crypto schemes. Try them all in order instead. (src/log_mysql.c)
 1138     Duplicate the content of environ instead of nullizing it. Longer, but it
 1139 helps pure-ftpd work on older C libraries (libc5).
 1140     Individually check IPv6-specific functions and macros. Some systems e.g.
 1141 MacOS X have a partial implementation (getaddrinfo() without getnameinfo()) .
 1142     Check for SysV semaphores and don't enable ftpwho on operating systems
 1143 they are missing on.
 1144     Really support extended DES hashing.
 1145     Cleanups to german messages, more informative message for PASV usage
 1146 with IPv6. (Matthias Andree) .
 1147     Strip extra info in gecos (src/pure-pwconvert.c) .
 1148     Add IP filtering and time restrictions to log_puredb/pure-pw.
 1149     New SQL digraph : \D.
 1150 
 1151 * Version 0.99.2a :
 1152     When quotas were enabled, but no quota was specified, uploads were
 1153 always truncated to 0 bytes. It has been fixed.
 1154 
 1155 * Version 0.99.2 :
 1156     Upgraded Automake to 1.5.
 1157     New translation : dutch.
 1158     Fix --createhome option, reported by Lan Yufeng.
 1159     New quotas.{c,h} files.
 1160     Fix compilation when MySQL stuff is installed in /usr .
 1161     Remove host name in the minimal banner.
 1162     Add [NOTICE] and [DEBUG] qualifiers to logfile().
 1163     New DONT_LOG_IP macro, force '?' into host global.    
 1164     Some operating systems (at least Solaris > 2.7 and FreeBSD < 4.3) have
 1165 strange troubles with reusing TCP ports, even when SO_REUSEADDR is enabled.
 1166 Although it is an OS issue, we try several unassigned privileged ports as a
 1167 workaround for active connections. The last ressort is to let the OS assign
 1168 a port. But you can filter everything >1023 on your firewall if you feel
 1169 paranoid (and fix the server OS) .
 1170     New unofficial macro : ANON_CAN_RESUME, to authorize anonymous users to
 1171 resume transfers.
 1172     New -n / --quota option.
 1173     New program : pure-quotacheck.
 1174     Merged the PureDB package.
 1175     RPM can now be build with PAM support, thanks to a new variable called
 1176 con_pam. Contributed by Juan Pablo Gimenez <jpg at rcom.com.ar>
 1177     Add a "password" attributes to the PAM sample.
 1178     Stat the / directory and compare it with what we are chmod()ing. If it's
 1179 the same inode/device pair, enforce read+exec+write rights for the user.
 1180     Use AF_UNSPEC as a family instead of AF_INET/AF_INET6 when getaddrinfo()
 1181 is called with AI_PASSIVE.
 1182     All authentication stuff has been moved in src/log_*.c files, including
 1183 what's needed to parse/allocate/free related structures. All modules have the
 1184 same hooks, grouped in a new structure : Authentication .
 1185     Semantic change for AuthResult.auth_ok : 0 means a soft error (user not
 1186 found, or server temporarely down), -1 means hard error (bad password), 1
 1187 means ok. To be secure, we fall back to the next authentication method only
 1188 on soft errors. Also, AuthResult objects are now passed by address to
 1189 authentication handlers.
 1190     New --with-puredb switch in the autoconf script.
 1191     New files : src/pure-pw.{c,h} man/pure-pw.8
 1192     Disable TCP_CORK, some Linux users reported strange behavior because of
 1193 this.
 1194     Disallow crazy chunk sizes for uploads, to save our beloved stack,
 1195 especially when throttling is enabled. Thanks to Daniel Tschan.
 1196     Made zrand() returns an unsigned int, so that zrand() % xxx is always
 1197 positive.
 1198     New files : src/log_puredb.{c,h}
 1199     Scan several common paths for pure-ftpd in pure-config.pl.
 1200     New pure-pwconvert tool, suggested by <olle at xmms.org> .
 1201 
 1202 * Version 0.99.1b :
 1203     Fix access problems to remote MySQL servers. - Thanks to John Hart.
 1204     New program : "pure-statsdecode" to convert timestamps into human-
 1205 readable dates in "stats" logfiles.
 1206     Add peer info to authentication (pw_*_check()) functions.
 1207     When MySQL or LDAP are enabled, add additional groups of the system uid.
 1208     Made LDAP attributes more configurable (macroized strings in log_ldap.h) .
 1209     New digraph for SQL substitions : \R (remote IP) .
 1210     New fields for the LDAP configuration file parser : LDAPDefaultUID and
 1211 LDAPDefaultGID.
 1212     Updated the LDAP documentation.
 1213     Check that programs linked against mysqlclient can run in configure.ac .
 1214 Because some people forgot to add libmysqlclient.so in the configuration of
 1215 the dynamic linker.
 1216     New create_home global, new --createhomedir/-j switch, new
 1217 create_home_and_chdir() function.
 1218 
 1219 * Version 0.99.1a :
 1220     New alternative logging format : "stats", designed for the ftpStats
 1221 application.
 1222     Cosmetic fix with ratios.
 1223     New -K / --keepallfiles directive.
 1224     Workaround for broken clients that don't properly end up their command
 1225 lines.
 1226 
 1227 * Version 0.99.1 :
 1228     Don't call uploadscript on downloaded files when CLF logs are enabled.
 1229     New SNCHECK macro to check snprintf() return values. Older
 1230 implementations return -1 for overflows, while C99 dictates that the number
 1231 of chars that would have normally be written should be returned. So, we
 1232 check the implementation in configure.ac and define this macro to do the
 1233 right thing.
 1234     Don't try to read /dev/urandom when chrooted.
 1235     CORK and NODELAY can't be used together.
 1236     Support pipelining (fixes lftp async mode).
 1237     Changes of process names are now properly handled on Linux - Thanks to
 1238 Juergen Henge-Ernst.
 1239     Split Unix auth stuff into log_unix.{c,h}, new AuthResult structure.
 1240     Properly report download progression and speed in pure-ftpwho. The
 1241 problem was in sendfile() downloads, when both FTPWHO and THROTTLING were
 1242 defined (&& instead of || in the test... stupid failed optimization) .
 1243     Fix getnameinfo() emulation by passing a valid IP address to
 1244 gethostbyaddr() .
 1245     Allow LDAP path override.
 1246     Disallow root uid/gid in LDAP.
 1247     Document that adding "shadow" to PAM sample rules can fix some hardened
 1248 distributions, suggested by Joe Silva.
 1249     Use statvfs, not statvfs64 for large files on Linux when __REDIRECT is
 1250 defined.
 1251     Externalize zrand().
 1252     Merge MySQL authentication.
 1253     Fix throttling + large files.
 1254 
 1255 * Version 0.99b :
 1256     Check socket/resolver libs in configure.ac before socket-related tests.
 1257 It fixes LDAP compilation on Solaris.
 1258     Pad the day to two characters in CLF.
 1259     Downloaded/uploaded files are now logged with LOG_NOTICE priority.
 1260     Add --without-sendfile configure switch - sets DISABLE_SENDFILE macro.
 1261 Disabling sendfile is useful on some OS with some filesystems that don't
 1262 support zero-copy transfers like SMBFS on FreeBSD 4.3 .
 1263     Merge hash functions : crypto.{c,h}, crypto-sha1.{c,h} and crypto-md5.{c,h}
 1264     Renamed pam_ftp_check() to pw_pam_check() .
 1265     Don't display group list in minimal mode.
 1266     Fill in the uid/name cache after an authenticated login.
 1267     Minor RPMs improvements. -Still not a relocatable package, though-
 1268     Fix non-root mode : don't dereference pw in dopass() if NULL.
 1269     Include the BSD license in COPYING.
 1270 
 1271 * Version 0.99a :
 1272     Always display the local IP and port with pure-ftpwho -v.
 1273     Don't log an extra \001 is CLF output, properly report negative time
 1274 zones, zerofill hour/min/sec to 2 digits.
 1275 
 1276 * Version 0.99 :
 1277     New README.Debian file.
 1278     Fix ls -C arithmetic error with long file names. Reported by Old Mole.
 1279     Corrected the german translation for grammatical/spelling errors,
 1280 translated missing messages. -Contributed by Bernhard Weisshuhn.
 1281     Danish translation. -Contributed by Isak Lyberth.
 1282     Log login attempts with disabled accounts. Admin can still check what's
 1283 wrong even --with-paranoidmsg . The new message is MSG_DISABLED_ACCOUNT.
 1284     Improved pure-config.pl.in : extra parameters can be added in command
 1285 line.
 1286     Fix throttling on FreeBSD : BSD sendfile() returns -1/0 , not the
 1287 number of transmitted bytes.
 1288     Show s/S/t/T flags in ls -l - Suggested by Bernie.
 1289     Removed --without-chmod, added -R options.
 1290 
 1291 * Version 0.99pre2 :
 1292     Fixes to make pureftpd compile on Solaris 7 and 8. Warning:
 1293 untested. Large file support may be broken.
 1294     Minor robustness/warning fixes.
 1295     "ftp" can be used as a fake shell, no need to add it to /etc/shells.
 1296     Documented that anonymous FTP needs an "ftp" account in an LDAP
 1297 directory - Thanks to Adrian Zurek.
 1298     Fixed a typo in pure-config.pl : UserBandwidth handled $2 not $1 -
 1299 Thanks to Vincent the Herisson
 1300     Upgraded Automake to 1.4p5 and Autoconf 2.52.
 1301     Renamed deprecated configure.in to configure.ac .
 1302     RPM fixes - Contributed by Oliver Soell <oliver at fusionit.com>
 1303     More accurate throttling, don't only check seconds, but also usec 
 1304 - Contributed by Frank de Bot.
 1305     Don't log client crashes as timeouts - Reported by Matthias Andree.
 1306     Stop if --with-pam was specified, but PAM headers are missing.
 1307     Add %s in die() - Thanks to Matthias Andree.
 1308     New logpid global - Matthias.
 1309     Added PARANOID_MESSAGES macro (see src/messages.h)
 1310     Have RNTO work when the target file name already exists - Reported by
 1311 Bernhard Weisshuhn.
 1312     Allow transfers through sendfile() longer than <idletime> , needed for
 1313 very large files transferred over slow links (odd idea, but why not) .
 1314     Changed the trustedgid behavior when the /./ trick is used : members of
 1315 the trusted group *are* chrooted, but they have no ratio and dot-files are
 1316 allowed.
 1317     Added --with-paranoidmsg compile-time option to enable PARANOID_MESSAGES.
 1318     Implemented alternative IPv6 functions for backward compatibility with
 1319 old IPv4 only stacks. Check out src/ipv4stack.* and the new OLD_IP_STACK
 1320 macro. We assume the stack is IPv4-only if getaddrinfo() doesn't exist.
 1321     Display version number in '-h'.
 1322     New files : altlog.{c,h}
 1323     New option : -O / --altlog , new macro WITH_ALTLOG, new globals altlog_*,
 1324 new autoconf switch --with-altlog .    
 1325     Try to use ALLOCA in internal statement blocks instead of local
 1326 fixed-size arrays. The result is the same and the source code is a bit more
 1327 complex, but it saves stack space especially on path names.
 1328     Minor code cosmetic cleanups (I really hate if/loops without braces) .
 1329     Improvements to the FreeBSD port : LDAP can be compiled in.
 1330     List KcmPureftpd in README.Contrib .
 1331     New --with-bloat^H^H^H^H^Heverything autoconf switch.
 1332     Added NO_PROCNAME_CHANGE macro just in case people don't want processes
 1333 to change name (workaround for a bug on older glibc) .
 1334     Return 550 instead of 530 when CWD fails. Silly broken clients like
 1335 AbsoluteFTP choked on this.
 1336     Don't assume that no sendfile() implies support for large files.
 1337 
 1338 * Version 0.99pre1 :
 1339     Have MSIE open an authentication dialog when anonymous users are
 1340 forbidden (-E) in compatibility mode (-b) .
 1341     Don't CORK_OFF a bad file descriptor in error() - Reported by Sami Farin.
 1342     Don't reply with PASV/SPSV/EPSV when -N is enabled.
 1343     Don't forget to initialize gl_pathc and gl_pathv in glob_() - OpenBSD
 1344 didn't like it.
 1345     Fixed typos in documentation.
 1346 
 1347 * Version 0.98.7 :
 1348     gui/build.sh improvements by Peter Pentchev.
 1349     Correct typo in the pure-uploadscript man page.
 1350     Always parse the last element in upload ASCII conversion.
 1351     Reduce the random tapping delay, some users find it annoying.
 1352     More parser cleanups and optimizations.
 1353     Don't glob any more for chmod and dele.
 1354     Follow symbolic links for downloads.
 1355     Made autorename an argument for dostor() for dostou() atomicity.
 1356     Minor optimizations for passive port computation (to be paranoid, we
 1357 never rely on OS port assignment, so give up the old TrollFTP code)
 1358     Replace since -> xfer_since in pure-ftpwho to avoid FPE. Add even a
 1359 signal handler, just in case.
 1360     Never forget to check that shm_data_cur is != NULL before dereferencing
 1361 it.
 1362     Wait a bit when MAX_THROTTLING_DELAY is reached.
 1363     Don't make PAM sessions failures fatals. And don't even try to open a
 1364 session when WITHOUT_PAM_SESSION is defined.
 1365 
 1366 * Version 0.98.6 :
 1367     Properly truncate uploaded files, even if restartat == 0.
 1368     Added MSG_NO_ASCII_RESUME.
 1369 
 1370 * Version 0.98.5 :
 1371     Recognize ADAT command for Kerberized Fetch 5 (Macintosh).
 1372     Added a contrib/ directory and README.Contrib.
 1373     Minor Autoconf and code cleanups.
 1374     Debian package updates - no more hang at end of the install procedure.
 1375     Open PAM session (patch by Sami Koskinen <tossu at cc.hut.fi>).
 1376     It looks like some OS/C libraries don't like to share syslog
 1377 descriptors. To be safe, we have to reopen the syslog for each client, 
 1378 grr!
 1379     Disable auto login (handy, but buggy clients sending fancy commands
 1380 before authentication choked on this) .
 1381     Disable the 'man page segfault' humor :(
 1382     Fix largefile compilation on Linux (reported hy Andreas Westin).
 1383     Don't wait for throttling when download is completed.
 1384     Use statfs() and getloadavg() on *BSD.
 1385     Don't keepalive, don't linger.
 1386     Don't forget to parse the last element in pure-ftpwho (reported by
 1387 Brandon Covert).
 1388     Merge the virtual host login code with the regular login code (suggested
 1389 by Chris Mentjox <chris at widexs.nl>.
 1390     ftp_parser.c/sfgets() rewritten to optimize read() calls.
 1391     Use the same policy to forbit dot-files for cd and for other commands,
 1392 for consistency and to ease migration from other servers.
 1393     Don't unlink() partially uploaded files unless user is anonymous.
 1394     Add fillenv() and newenv_*() in pure-uploadscript.c
 1395     Skip initial \n in banners.
 1396     Rewritten upload acceptation to avoid duplicate code and possible races.
 1397     Externalized some functions to save stack space.
 1398     Add non_noupload global and the -i flag.
 1399     Don't chmod 600 incomplete uploads. I will miss that feature, but some
 1400 people don't like it and pure-uploadscript may be a better alternative for
 1401 integrity checking.
 1402     New trustedip global, that contains the trusted IP address allowed
 1403 to accept non-anonymous connections.
 1404     WITH_VIRTUAL_HOST macro to #ifdef the virtual hosting code.
 1405     Check for statvfs_t, security/pam_misc.h and sys/loadavg.h for Solaris.
 1406 
 1407 * Version 0.98.4 :
 1408     Slightly reduce the password delay if PAM and LDAP aren't enabled.
 1409     Open the syslog as soon as possible (before accepting client
 1410 connections) . It solves the nasty long-standing syslog-output-in-client-fd
 1411 bug.
 1412     Don't localtime(NULL), it crashes under FreeBSD.
 1413 
 1414 * Version 0.98.3 :
 1415     Close listenfd, but close(2) only if it's a tty (maybe it's an
 1416 uploadscript descriptor) .
 1417     Save errno in signal handlers.
 1418     Paranoia : introduce a random delay after password entering.
 1419     Disable signals in die() and sigurg(). This is just paranoia, the signal
 1420 handlers are *not* vulnerable to the problems described in the Razor paper.
 1421     Fix ls <link to directory> behavior, to list the content of the
 1422 directory, not the directory name.
 1423 
 1424 * Version 0.98.2a :
 1425     Upgrade to Automake 1.4-p2 and Autoconf 2.50.
 1426     Accept "." in LDAP user names.
 1427     Fix --sysloghack for Debian users (DEBUG was defined)   
 1428 
 1429 * Version 0.98.2 :
 1430     Portability : check for __ss_len, not only ss_len.
 1431     New function for platforms without setfsuid() : usleep2(), blocking
 1432 signals when we are sleeping.
 1433     long double usage in pure-ftpwho, to avoid floating point exceptions.
 1434     Upgraded to Automake 1.4-p1.
 1435     Define syslog names if libc hasn't them.
 1436     Check for nsl/socket/resolv requirements.
 1437     Use statvfs is statfs is not available.
 1438     Fix compilation against old OpenLDAP versions (1.x) .
 1439     Added --without-globbing (also defined in minimal mode) .
 1440     Check for sendfile() variants (Linux, FreeBSD or none) . FreeBSD (and
 1441 possibly other OS with a similar implementation) can now use sendfile().
 1442     ABOR is now handled. We do this by intercepting SIGURG and by keeping
 1443 the transfer file descriptor in xfer_fd (may be datafd or what accept()
 1444 returned) .
 1445     Added a restartat field in the ftpwho structure.
 1446     Complete rewrite of sreaddir(). We're now using two distinct memory
 1447 segments : one for metadata (struct FileInfo) and another one for file
 1448 names. Also, stat()ing data is done when reading the directory content and
 1449 kept in memory to avoid stat()ing again for displaying. And we have buffers
 1450 grow instead of restarting. And we don't rely on the what st_size returns
 1451 for the directory, that's useless and it eats memory for nothing. And ls -S
 1452 works. To summarize, the new built-in ls rocks, it's way more efficient than
 1453 the previous BSD horror. And it's portable. We stat() again for modern
 1454 listing, though (MLST), because we need inode and device numbers and we
 1455 have to deref links and MLST should be ready for extended attributes (like
 1456 ACL), while sreaddir() shouldn't fill memory with extra info.
 1457     Log virtual domains logins.
 1458     Handle virtual domains in pure-uploadscript.
 1459     Fix XML output (Jason Lunz)
 1460     Solaris port and documentation.
 1461 
 1462 * Version 0.98.1 :
 1463     Fix display of group listing for group names with white spaces and very
 1464 long group names.
 1465     Umask for dirs and umask for files are now different (umask & umask_d) .
 1466     New --with-sysloghack flag.
 1467 
 1468 * Version 0.98-final :
 1469     Added Spanish translation by Luis Llorente Campo
 1470 <luisllorente at luisllorente.com> .
 1471     Added download_total_size, download_current_size, local_addr and
 1472 xfer_date to the FTPWhoEntry structure.
 1473     New output targets : shell (-s) and verbose ASCII (-v) .
 1474     Paranoia : add more entropy to the zrand() function.
 1475     Changed u_mask default to 133, uploaded files are now 777.
 1476     bandwidth_throttling was split into bandwidth_throttling_ul and
 1477 bandwidth_throttling_dl.
 1478     Syslog is now opened after forking. It fixes the nasty syslog-to-
 1479 clientconn bug due to dup2() and/or syslog mutex internals.
 1480     Logging can be disabled with '-f none' .
 1481 
 1482 * Version 0.98pre2 :
 1483     Don't use a fancy directory separator for recursive 'ls' because NcFTP
 1484 chokes on this when mirroring. It's a pity. The previous one looked great.
 1485 But we have to keep clients happy.
 1486     Listen on IPv4+IPv6 by default even on OpenBSD.
 1487     Minor optimizations (don't test for optarg != NULL, trust getopt() and
 1488 use switch instead of else if to parse command-line options) .
 1489     Renamed mrtginfo to pure-mrtginfo, because mrtginfo was too confusing
 1490 and it could clash with other packages.
 1491     Added pure-uploadscript and its man page.
 1492     Added the '-o' option and the --with-uploadscript configuration flag.
 1493     Documentation : added forgotten NATmode example in the pure-ftpd.conf
 1494 file.
 1495 
 1496 * Version 0.98pre1 :
 1497     Don't hardcode the pure-ftpd path in pure-config.pl (Peter Pentchev).
 1498     Actually include the polish translation.
 1499     Updated the Netfilter documentation. The EPSV/EPRT patch is no longer
 1500 pertinent, because EPSV/EPRT support was merged in kernel 2.4.3ac14.
 1501     Fixed welcome.msg typo (Thanks to Togusa).
 1502     Increased the banner size to 2000.
 1503     Support long options even if getopt_long is unavailable (especially for
 1504 BSD) .
 1505 
 1506 * Version 0.97.7 :
 1507     Upgraded to Autoconf 2.49e.
 1508     Semaphores/shared memory perms should be & 0777 for FreeBSD.
 1509     Merged polish translation (Arkadiusz) .
 1510     Cleaned up headers includes.
 1511     Added HTML and XML outputs to pure-ftpwho.
 1512     Added pure-ftpwho man page.
 1513 
 1514 * Version 0.97.7pre3 :
 1515     Changed 'killall -HUP xinetd' to 'killall -USR2 xinetd' in the README
 1516 file (pointed out by Olivier Tharan <olive at zehc.net>) .
 1517     configure.in : fixed --without-ascii, add --with-welcomemsg.
 1518 
 1519 * Version 0.97.7pre2 :
 1520     pure-ftpwho marks a slot as free is there is no associated process. 
 1521     Possible fix for a realloc() problem reported by Emmanuel Hocdet.
 1522     Added dmalloc support.
 1523 
 1524 * Version 0.97.7pre1 :
 1525     Block SIGCHLD before calling iptrack_add() .
 1526     HAS_WAITPID is HAVE_WAITPID.
 1527     Check for setproctitle (*BSD) .
 1528     Reset restartat to 0 after a successful stor/retr (Jobush) .
 1529     Don't open with LOG_CONS.
 1530     Completed the romanian translation (Claudiu) .
 1531     Added WELCOME_MSG_COMPATIBILITY hack.
 1532     Optimization : only call setprogname if state_needs_update != 0.
 1533     maxusers defaults to 50 and maxip to (1 + maxusers / 10) .
 1534     ftpwho. Added --with-ftpwho.
 1535 
 1536 * Version 0.97.6 :
 1537     Merged docwd/ls bounds checking for ~ expansion.
 1538     Enable the '.banner' file for authenticated users.
 1539     Cleaned up the man page.
 1540     Added disallow_passive global.
 1541     Optimized bsd-glob.c.   
 1542 
 1543 * Version 0.97.5 :
 1544     Cleaned up bsd-glob, no need for alternate directory functions.
 1545     Replaced __ macro by _COMA_ to avoid conflicts on Tru64.
 1546     Replaced \s by \s+ in pure-config.pl.in and pure-config.py (Emmanuel
 1547 Hocdet) .
 1548     Properly probe next ports if a random port can't be bound.
 1549     In dostor(), get the file size is in 'filesize', not in the initial
 1550 stat() call.
 1551     Added the '-4' option.
 1552     Updated the 'Contributors' part in the man page.
 1553     Removed leading space in dosize() result.
 1554     Added u_mask global.
 1555 
 1556 * Version 0.97.4 :
 1557     getgroups() should always be called *after* seteuid()! The BSD port
 1558 broke this.
 1559 
 1560 * Version 0.97.3 :
 1561     Always log the speed, whatever it is (suggested by William Kern(el panic)) .
 1562     Always display the current number of clients in the initial banner.
 1563     Always chdir() before chroot().
 1564     Use of <config.h> instead of -D for cleaner compilation (contributed by
 1565 Jason Lunz).
 1566     Clear arguments, to avoid bloat in the 'ps auxw' table.
 1567     Recognize HELP SITE and SITE HELP.
 1568     Added addreply_noformat for multi-lines responses.
 1569     STAT command.
 1570     Support "modern" directory listings (modern_format() func) . Used to
 1571 implement MLST and MLSD. Listings are "modern" or "traditional" according to
 1572 the modern_listings global.
 1573     Added --with-minimal.
 1574     Added --with-nonroot to disable chroot()/setfsuid(), so that the server
 1575 can work without root privileges.
 1576     Added --with-language.
 1577     Fixed largefile+throttling compilation.
 1578     Changed 'quota' to 'ratio' everywhere. Quotas will be something else.
 1579     Create /var/run/pure-ftpd.pid . Remove it when a signal is caught.
 1580     Added romanian translation from Claudiu Costin <claudiuc at kde.org>.
 1581     Added german translation from Mathias Gumz <gumz at cs.uni-magdeburg.de>.
 1582     Added french translation from Ping <ping at root42.net>.
 1583     Allow download of 0-byte files (reported by Louis Rouxel).
 1584     Include <netinet/in_systm.h> and <sys/mount.h> if presents.
 1585     Define STORAGE_LEN and STORAGE_FAMILY for BSD and Glibc compatibility.
 1586     Use seteuid() instead of setfsuid() on non-linux systems.
 1587     Non-pam, non-shadow passwords are working again.
 1588     Upgraded to automake 1.4d.
 1589     Latest unstable glibc for Debian define ss_family instead of
 1590 __ss_family. A test in configure.in was added for this. A test for ss_len
 1591 was added by the way.
 1592 
 1593 * Version 0.97.2 :
 1594     Added epsv_all.
 1595     Tell the client when per-IP limit is reached.
 1596     Daemonize if '-B' is given (daemonize global).
 1597     Don't assume that 0 isn't a valid file descriptor. Yes we use 0/1 for
 1598 the command socket so 0 should never be reused again. But it's to be quiet
 1599 in our mind and to prevent bad surprises if we ever change this in the
 1600 future.
 1601     Add file size to speedstring (speedrate() function) .
 1602     Compare dataconn IP with *peer* IP, not cltrconn!!! It broke passive
 1603 transfers in 0.97.1, grrr...
 1604     Corrected a bashiszm in configure.in (Arkadiusz Miskiewicz)
 1605 
 1606 * Version 0.97.1 :
 1607     Added more entropy for the port number of passive connections and
 1608 refuse connections from hosts who doesn't own the control socket.
 1609     .message and .banner files couldn't contain only white spaces - fixed.
 1610     Disable HELP in broken mode because very old WSFTP clients send this.
 1611 Donnu why. But they do.
 1612     Add a message to the syslog when the per-IP limit is reached.
 1613 
 1614 * Version 0.97-final :
 1615     Strip debugging mode (XDBG) unless compiled with -DDEBUG. Who needs this
 1616 on production servers, anyway?
 1617     In standalone mode, close the listening socket when SIGTERM is received.
 1618     Catch maxusers in the standalone server code. If the server is busy,
 1619 don't even try to fork (optimisation) .
 1620     The default syslog facility is now 'ftp' instead of 'local2'.
 1621     Paranoia : set the close-on-exec flag on the listening socket and close
 1622 stdin/stdout/stderr.
 1623     Dynamically change process titles to reflect their activity (pure-ftpd
 1624 [SERVER|IDLE|UPLOAD|DOWNLOAD]) .
 1625     Accept non-ascii (accents) file names (check if <32U in checknamesanity).
 1626     Added dynamic.c for IP tracking. Yes, the code could be optimized for
 1627 speed with two hashed tables (ip->number pid->link to the previous table).
 1628 But it's simple and fast enough if you don't have 500000000 simultaneous
 1629 users (and if you do, you have a high end machine, don't you?) .
 1630     Added '-E' flag. anon_only = 0 (normal mode) -1 (no anon) or +1 (anon
 1631 only) .
 1632 
 1633 * Version 0.97pre5 :
 1634     Added '-U' option to change the umask (Thanks to Guenter Bittner for the
 1635 suggestion).
 1636     Standalone mode : updated configure.in (NO_STANDALONE, NO_INETD),
 1637 standalone_server(), standalone global, daemons() is skipped if we are only
 1638 standalone, ...
 1639     Added '-x' and '-X' options to prevent users from writing/reading
 1640 dot-files, even though they are authenticated (add globals
 1641 dot_write_forbidden and dot_read_forbidden) . Restricting access to
 1642 directories starting with '.' added many lines of code for such a simple
 1643 operation. However, it's done in a secure way : we don't get fooled by
 1644 relative paths and links.
 1645     Bandwidth throttling in now in KB/s (throttling_bandwidth global) . We
 1646 do it the long, but right way, with compensation_delay = (transmitted bytes
 1647 / throttling_bandwidth) - (tn - t0), recalculated between each
 1648 received/transmitted chunk. A bit slow and bloated, however, but more
 1649 efficient than a fixed approximation. To minimize bandwidth starvation with
 1650 non-transfer commands, we impose a delay (throttling_delay) of 1sec/bandwidth.
 1651 
 1652 * Version 0.97pre4 :
 1653     Added '-D' option to force 'ls' display dot-files even when a client
 1654 doesn't send the '-a' option (ls -la) .
 1655     Keep the previous permissions when overwriting a file. Thanks to Darren
 1656 Casey for reporting this.
 1657     New '-I' option to change the maximum idle time (idletime global) .
 1658 Also, a new function (antiidle()) is called for each dummy command (no
 1659 login, no transfer) . Because many modern FTP client send "noop", "cwd" or
 1660 "pwd" all the time to avoid timeouts. When we encounter something like this,
 1661 we give it grace time (twice the normal timeout, because the client is
 1662 active), but we disconnect him if this grace time expires anyway.
 1663 
 1664 * Version 0.97pre3 / 0.96.2 :
 1665     HELP is ignored if followed by an argument.
 1666     Made SITE commands work anew with subcommands in upper case.
 1667     Finally replaced the GNU globbing stuff by ported BSD code (NetBSD libc
 1668 variant) . It's faster, it's cleaner, it's less buggy. The code was modified
 1669 to accept recursion limits (rather than a maximum buffer size), match limits,
 1670 and tilde expansion was disabled.
 1671     Limited the default maximum listed files to 2000 instead of 4242 and 5
 1672 subdirectories for recursion.
 1673     Support for shadow passwords expiration dates.
 1674     New eye-candy delimiters for subdirectories in a directory listing.
 1675     Moved capabilities-related functions to caps{.c,.h,_p.h} .
 1676     Support for large (> 2 Gb) files.
 1677     Reduced the IPv6 EPRT code, we now call doport2() like IPv4 PORT/EPRT
 1678 commands. That way, we now support IPv6 FXP as well.
 1679     Added the new logfile() function to customize the syslog output.
 1680 
 1681 * Version 0.97pre2 :
 1682     Fixed a memory leak/duplicate free problem in glib-glob().
 1683     Added memory usage limits.
 1684     Added missing messages from ls.c to the "messages.h" file for translation.
 1685     Reverted the cap_free() calls semantic.
 1686 
 1687 * Version 0.97pre1 :
 1688     Check for and convert 4-in-6 addresses (fourinsix() function). Also
 1689 check for valid addresses (checkvalidaddr()) .
 1690     Also check /proc/net/tcp6 when IPv6 is enabled.
 1691     Code cleanups.
 1692     Added DIE and DIE_MEM macro to shrink the source code.
 1693     Commands are already in lower case, so don't call strcasecmp() anymore,
 1694 strcmp() is faster.
 1695     Paranoia : refuse invalid IP addresses (multicast, null, broadcast).
 1696     Converted all strings to macros for localisation.
 1697     Ignore ~ if we use LDAP to avoid useless queries. But tilde expansion
 1698 with LDAP is still implemented, just #undef IGNORE_TILDE if you want to use
 1699 it.
 1700     Added overlapcpy() function in place of safe strcpy. This looks pointless
 1701 under Linux, but we must follow the specs, anyway.
 1702     Upgraded to Autoconf 2.49d.
 1703 
 1704 * Version 0.96.1 :
 1705     Changed the ASCII restart message ("Okay, but your client violates RFC")
 1706 to something more friendly.
 1707     New possibly more secure glob() implementation. It's a hack of GlibC
 1708 2.2.2's glob() providing sglob(), able to limit recursion depth and the
 1709 number or results. It's not perfect (is should return GLOB_NOSPACE in some
 1710 situations instead of an empty list), but it should be a definitive solution
 1711 against all possible globbing attacks.
 1712     Added a limit of 17 minutes of CPU time consumming. Yes, 17 minutes is a
 1713 huge limit.
 1714 
 1715 * Version 0.96 :
 1716     When FXP is refused, send 500 as a reply. It helps broken NAT boxes deal
 1717 with Pure-FTPd servers since the client thinks EPSV isn't supported and it
 1718 tries PORT instead.
 1719     Added chdir() after listing a directory just in case we didn't get back
 1720 where we started if we reached a limit.
 1721     Avoid loops in directory listings.
 1722 
 1723 * Version 0.96pre1 :
 1724     Added '-P' flag to explicitly set an IP address in reply to a PASV
 1725 command.
 1726     Added '-A' flag to chroot() everyone. If '-A' is combined with '-a', the
 1727 last option takes precedence.
 1728     Added '-H' flag to avoid DNS resolution.
 1729     Reverted the 0.95.1 change : 7 bits is always supported, even without
 1730 '-b'.
 1731     Added FEAT command (rfc2389) .
 1732     Allow anonymous users to create directories if they have write access to
 1733 the parent directory.
 1734     Fixed virtual hosts and updated man page/README.
 1735     Changed every sockaddr_in structure to sockaddr_storage. Added
 1736 STORAGE_PORT, STORAGE_PORT6, STORAGE_SIN_ADDR, STORAGE_SIN_ADDR6 and
 1737 STORAGE_FAMILY macros (ftpd_p.h) . Added addrcmp() to compare two
 1738 sockaddr_storage addresses (is there a faster way to do this?) and
 1739 generic_aton() to have an ipv4/ipv6 inet_aton() function. IPv6 support
 1740 should be completed, yeah!
 1741     Added max_ls_depth and max_ls_files globals and changed listdir()
 1742 prototype to abort if we went to deep into the directory tree. Added -L
 1743 option.
 1744     Added allow_anon_mkdir global.
 1745     New function fortune() to display a random line of a text file. It
 1746 uses mmap() and should be very fast. A new global fortunes_file stores NULL
 1747 (no cookie) or the cookies file name. Added '-F' to set the file name.
 1748 
 1749 * Version 0.95.2 :
 1750     Changed 'ls' format to add one space to the size format and the size
 1751 is now casted to unsigned long long.
 1752     Implemented STOU and ALLO.
 1753     Implemented APPE. The dostor() prototype was changed to accept an
 1754 'append' parameter to 'restart' according to the current file size.
 1755     Added '-e' flag to only accept anonymous users (anon_only global,
 1756 checked in douser()).
 1757     Reverted the previous capabilities change. CAP_SYS_CHROOT can be safely
 1758 dropped, but we have to call drop_login_caps() later in dopass().
 1759     Updated man page (list of supported commands and minor typo fixes).
 1760 
 1761 * Version 0.95.1 :
 1762     Daemons.c : only counts sockets in CONNECTED state (1). So that
 1763 listening sockets are implicetely ignored and closing sockets aren't
 1764 creating false counts.
 1765     Capabilities : we need CAP_SYS_CHROOT even after login to properly
 1766 handle the -a flag.
 1767     Removed 'md5' in the PAM example.
 1768     Ignore type (ASCII/8 bits) if broken == 0, always do 8 bits by default.
 1769 
 1770 * Version 0.95 (final) :
 1771     Changed the PAM sample file (pam_pwdb->pam_unix) to please more
 1772 Linux distributions.
 1773     Fixed getpwnam() NULL pointer dereferencement when user didn't exist.
 1774     Changed passive mode acknowledgement to "227 Entering Passive Mode" to
 1775 please Netfilter's ip_conntrack_ftp module.
 1776     Added SPSV command.
 1777     Added XCWD and XCUP aliases.
 1778     Disallow PORT commands to ports < 1024.
 1779     Various source code cleanups.
 1780     Really reset restart offset to 0 when offset is too large for a file size.
 1781     Paranoia : disallow '\' characters when dot-files aren't allowed.
 1782     Added quotas (quota_upload, quota_download, quota_for_non_anon, -Q/-q
 1783 flags, autoconf QUOTAS macro) .
 1784     Paranoia : check every (v)snprintf() return value.
 1785     PAM is now disabled by default in autoconf. Spec file was updated to
 1786 reflect the change.
 1787     LDAP support. Added the log_ldap* files and a wrapper for getpwnam.
 1788     Cleaned the doc format (tabs).
 1789     Disallow EPSV in broken compatibility mode (-b).
 1790     Added a generic basic parser (parser.*), currently only used for LDAP.
 1791     Disallow command-line options whose support isn't compiled-in.
 1792     Documented Xinetd configuration and the Netfilter troubles.
 1793     Added a check for the 'gauge' typo instead of 'gauge' on some old Dialog
 1794 versions.
 1795 
 1796 * Version 0.95-pre4 :
 1797     Added a Dialog GUI for easy compilation.
 1798     Version number is now displayed in the main banner.
 1799     Added alarm signals to timeout everywhere.
 1800     Check if peer structure is filled after accept() system call.
 1801     Implemented SITE HELP.
 1802     Updated spec file.
 1803     Added dot_ok and checknamesanity() to forbid ".xxx" uploads to
 1804 non-chrooted users and anonymous users.
 1805 
 1806 * Version 0.95-pre3 :
 1807     Changed error handling for restart (REST) command to please CuteFTP
 1808 and LeechFTP.
 1809     Fixed a typo in the autoconf script (--with-throttling) .
 1810     Simplified dopass().
 1811     Added tapping delay in dopass() and MAX_PASSWD_TRIES macro.
 1812     Disabled IPv6. It will be enabled anew when full support will be
 1813 implemented (not only 4-in-6).
 1814 
 1815 * Version 0.95-pre2 :
 1816     Upgraded to autoconf 2.49c and automake 1.4b .
 1817     Built binary packages : Debian, RPM and Slackware.
 1818     
 1819 * Version 0.95-pre1 :
 1820     Added some paranoid bounds checking.
 1821     Support for bandwidth throttling. See throttling_delay (time we
 1822 should usleep() for between each packet or command) and global 'throttling'.
 1823     Upload should not be limited to a 16k window : adjust receive to the
 1824 size of 'window' (defaults to 51200. Should we have it default to
 1825 CONF_TCP_SO_RCVBUF?) .
 1826 
 1827 * Version 0.94 :
 1828 
 1829     Fixed cap_free() calls (needs a pointer).
 1830     Added CAP_DAC_READ_SEARCH (for initial user home directory chdir) to
 1831 the startup capabilities. Also added CAP_NET_ADMIN (to allow setting TOS) to
 1832 the login capabilities.
 1833     Added SITE CHMOD support.
 1834     
 1835 * Version 0.93 :
 1836 
 1837     Support for the FXP protocol.
 1838 
 1839 * Version 0.92 :
 1840 
 1841     LeechFTP (a popular Zindoz client) does a "REST 1" in ASCII mode
 1842 after logging in. Well, maybe this violates RFC, but let's add a workaround
 1843 (see dorest() / STRICT_REST) . Thanks to _PinG_ <ping at enjoy-unix.org> for
 1844 reporting that kludge.
 1845     Syslog identity changed to "pure-ftpd".
 1846     Added noopidle (time_t of the first NOOP) and idletime_noop (maximum
 1847 idle time with nothing but NOOP from the client) . idletime_noop defaults to
 1848 1.5 * idletime.
 1849     Shortened the default idle time to 900 seconds.
 1850     Idle time is now in minutes if >= 120 sec.
 1851 
 1852 * Version 0.91 :
 1853 
 1854     Updated credits.
 1855     Use TCP_CORK.
 1856     Explicit super-server requirement notification. 
 1857     Changed daemons() prototype to accept a port number to look for.
 1858 ftpd.c and mrtginfo.c were updated to reflect the change. Global
 1859 server_port now stores the real port the connection socket was bound to.
 1860     Updated man pages.
 1861 
 1862 * Version 0.90 : 
 1863 
 1864     Initial release.