"Fossies" - the Fresh Open Source Software Archive

Member "vsftpd-3.0.5/Changelog" (2 Aug 2021, 69501 Bytes) of package /linux/misc/vsftpd-3.0.5.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "Changelog": 3.0.4_vs_3.0.5.

    1 0.0.1 initial versioned tarball released
    2 ----------------------------------------
    3 
    4 - Added "-ldl" to LIBS to get linking to work on RedHat6.1
    5 - Add RedHat6.1 on list of tested platforms :)
    6 
    7 0.0.2 packaged
    8 --------------
    9 
   10 - Emit version in greeting string
   11 - In PORT command, reject numbers <0 or >255. Problem noted by Solar Designer, 
   12 <solar@openwall.com>
   13 - Allow an option AND a path for LIST/NLST, e.g. "LIST -al /pub". Reported by
   14 Bill Nottingham <notting@redhat.com>, using ncftp. Further noted by Colin
   15 Hogben <chah@jet.uk> using emacs and James Antill <james@and.org>.
   16 - Don't prepend directory path for LIST (but still so for NLST). Noted by
   17 Colin Hogben <chah@jet.uk> and Ingo Luetkebohle <ingo@blank.pages.de>
   18 - Fix problem listing non-existant or unreadable directories - just return
   19 a blank listing rather than an error. Problem noted by Martin Sillence
   20 <martin.sillence@prnewswire.co.uk>, using squid.
   21 - Fix KDE's downloads (via KFM), it was using the "SIZE" command which I had
   22 not implemented. Reported by Simon Dales <simonD@nuffield.co.uk> and Jo Dillon
   23 <jo@trolltech.com>. Apparently implementing SIZE also fixed lftp's download
   24 time estimator, reported by Ingo Luetkebohle <ingo@blank.pages.de>
   25 - Remove abornal_exit() from utility.c
   26 - Fix so we don't write "500 OOPS: child died" upon QUIT. Reported by Solar
   27 Designer, <solar@openwall.com> and Tim Bagot <tsb@earth.li>
   28 
   29 0.0.3 packaged
   30 --------------
   31 
   32 - Oops: fix so we don't emit a status 150 mark unless we actually got a
   33 connection from the client (stops some clients hanging trying to list an
   34 inaccessible directory)
   35 
   36 0.0.4 packaged
   37 --------------
   38 
   39 - In verbose directory listing, report symlink targets. Use the traditional
   40 syntax of: "link_name -> target_path"
   41 - Damn netscape! The comma in the response text to PASV confused it, so it
   42 had to be removed. Discovered with tcpdump!
   43 - Don't require clients to redo PORT or PASV if a RETR or STOR fails due
   44 to inability to open/create file. Fixes Netscape symlink navigation problem.
   45 - Fix for listing absolute paths with only one /, e.g. "ls /.message" was
   46 failing
   47 
   48 0.0.5 packaged
   49 --------------
   50 
   51 - Remove README.ftpproto
   52 - Add SECURITY/OVERVIEW
   53 - Add SECURITY/DESIGN
   54 - Note that as a security tweak, we should lose more privs if we're configured
   55 for anonymous only logins (TODO)
   56 - Add SECURITY/IMPLEMENTATION, SECURITY/TRUST, but nothing in them yet.
   57 - Convert str.c to vsf_sysutil_*. This leaves the following to do:
   58   checkauth.c, main.c, postprivparent.c, privparent.c, privsock.c, utility.c
   59 - Convert privparent.c to vsf_sysutil_*.
   60 - Create BUGS and move existing listed bugs from TODO into this new file
   61 - Add parseconf.h, parseconf.c to handle parsing of a config file (work in
   62 progress)
   63 - Fix change_full_credentials() in utility.c, to always chdir() even if we
   64 are not going to do a chroot()
   65 - Rename get_random_byte() to vsf_sysutil_get_random_byte(), and move from
   66 utility.c to sysutil.c
   67 - Create new file secutil.c, move change_full_credentials() to it and rename
   68 - Convert utility.c to vsf_sysutil_*.
   69 - handle_local_login(): don't look up username; common_do_login() does it
   70 - implement different tunable umask() values for local/anonymous users
   71 - implement SITE UMASK
   72 - implement SITE CHMOD
   73 - whoops! allow non-anonymous users to overwrite files with STOR
   74 
   75 0.0.6 packaged
   76 --------------
   77 
   78 - SECURITY: when in anonymous-only mode, reject usernames that aren't the
   79 anonymous usernames. This is hoping some FTP clients will be stopped from
   80 sending a cleartext password. Idea from Gerald Teschl <gt@esi.ac.at>.
   81 - Decided to put "telnet strings" on the back burner :)
   82 - Sprinkling of static in main.c
   83 - Complete parseconf.c config file parsing and plug it into main.c
   84 - Convert main.c to vsf_sysutil_*. This leaves
   85   checkauth.c, postprivparent.c and privsock.c
   86 - Now we have runtime config, make compiled in defaults extra paranoid
   87 - Implement "tunable_anon_world_readable_only" to only serve publicly
   88 readable files anonymously
   89 - Add sample "vsftpd.conf"
   90 - Eww - missing "return" in parseconf.c
   91 - Move ASCII mode transfers out of critical section in TODO
   92 - parseconf.c: if an integer starts with "0", treat it as octal
   93 - Ban "SITE CHMOD" if !tunable_write_enable
   94 - Wrote SECURITY/TRUST
   95 - Wrote SECURITY/IMPLEMENTATION, probably more to come
   96 - Update INSTALL
   97 - Add "tunable_nopriv_user"
   98 - Update parseconf.c with the two latest new config variables
   99 - Add sysdeputil.h, sysdeputil.c for system specific facilities, i.e.
  100 capabilites, authentication.
  101 - Lose checkauth.c,h - they moved into sysdeputil.c,h
  102 - Lose config.h - it moved into sysdeputil.c
  103 - Convert postprivparent.c to vsf_sysutil_* (leaves privsock.c)
  104 - Convert privsock.c to vsf_sysutil_*. All done, yay!! :)
  105 - D'oh! Missing "!" in postlogin.c refused to server publicly readable files:)
  106 - Fix chown() of uploaded files (broken initialization order in main())
  107 - Add SPEED, and fill it with wild speculation
  108 - Rename distribution directory "vsftpd-x.x.x" (note the added "d")
  109 
  110 0.0.7 packaged
  111 --------------
  112 
  113 - Build with -O2
  114 - Fix "uninitialized" warnings -O2 exposed - the one in capabilities setup
  115 could be nasty!
  116 - Nail warning in vsf_sysutil_sendfile(). We're now "-Wall warning free"
  117 - Build with -Werror to signal intent to _stay_ warning free
  118 - A few int -> long in the area of file sizes and offsets
  119 - Remove comma's at end of enum lists (-pedantic caught it)
  120 - Impact from fixing warnings caused by -pedantic
  121 - Date format %e -> %d in date display, %e isn't everywhere
  122 - Paranoia in vsf_sysutil_malloc()
  123 - Clean up interface to substring searching in str.c
  124 - Cleanups in str.c
  125 - Squash most "unsigned<->signed" conversions exposed by -Wconversion
  126 - Lose "-g" to CFLAGS; after all we're bug-free now ;-)
  127 - Add "AUDIT"
  128 - Fix up a bunch of potential 64-bit issues (maybe >2Gb files will work on
  129 64-bit platforms now, no way to test)
  130 - Implement PR_SET_KEEPCAPS support for 2.2.18+ and 2.4.0+ kernels
  131 - In sysdeputil.c, change NULL -> 0 to help Solaris build problem
  132 - Repair vsf_sysutil_sendfile() and the caller
  133 - Logging: log the username
  134 - Logging: don't log "//" as start of filenames under certain conditions
  135 - Logging: log the date. Logging is almost useful now!
  136 - Logging: log MKD commands too; they are used in anon ftp a fair bit
  137 - Take the trouble to look into partial reads/writes. Looks like we are safe.
  138 - vsf_sysutil_read and vsf_sysutil_write now hide EINTR and retry
  139 - Replace some vsf_sysutil_{read,write} usage with
  140 vsf_sysutil_{read,write)_loop which handles partial reads and writes
  141 - Implement a sendfile() replacement for systems which lack it
  142 - Implement runtime checking for system specific Linux stuff, i.e.
  143 prctl(PR_SET_KEEPCAPS). This is inspired by RedHat7.0 headers claiming to
  144 be a 2.4.0 kernel, but actually you are running on 2.2.x! :-(
  145 - Strip the build executable at link time
  146 
  147 0.0.8 packaged
  148 --------------
  149 
  150 - A few incorrect sizeof()'s in postlogin.c, thanks to Antonomasia
  151 <ant@notatla.demon.co.uk> for noting these.
  152 - Decide that ASCII support isn't too important for now (waiting for users to
  153 demand it). Also decide that ABOR is a must :( Thanks to Zach Brown
  154 <zab@zabbo.net> for the discussion.
  155 - More TODO items thanks to Stephen White <swhite@ox.compsoc.net> - 2.0.x
  156 issues.
  157 - Provide a definition for SHUT_RDWR in sysutil.c, not all systems have that
  158 definition yet. Thanks Stephen White <swhite@ox.compsoc.net>.
  159 - Tidy privparent.c
  160 - Decide ASCII _is_ quite important, thanks Solar ;-)
  161 - Bit of extra paranoia in sysutil.c: don't call mem*() if size == 0
  162 - Tidy str.c
  163 - Command line: if vsftpd has an argument, it is a path to a config file.
  164 - Set TCP_NODELAY on command stream
  165 - Don't lseek() for RETR in common case with REST set to 0
  166 - Correct error code for transfer after succesful connection (425 -> 426)
  167 - ABOR support. Bah.
  168 - APPE support (why not, it was trivial). Putting off ASCII support ;-)
  169 - Add ASCII transfer support. Bah.
  170 - Tidy up sysutil.c, fix breakage in read_loop and write_loop.
  171 
  172 0.0.9 packaged
  173 --------------
  174 
  175 - Remove ".message" from distribution. Thanks Mitchell Blank Jr
  176 <mitch@sfgoth.com>
  177 - Note where I can get some load testing software, thanks to Dan Kegel
  178 <dank@alumni.caltech.edu>. I'll do that soon because I hope to waste wu-ftpd.
  179 - Fix an Alpha build warning and check return value from final pam_end().
  180 Reported by Solar Designer <solar@openwall.com>.
  181 - Add xinetd.d/vsftpd, from Kurt Seifried <listuser@seifried.org>.
  182 - Integrate comments/fixes into SECURITY documentation, thanks to Antonomasia
  183 <ant@notatla.demon.co.uk>
  184 - SECURITY: default tunable_chroot_local_user to 0, because it is dangerous to
  185 give users write access to the filesystem root (think of opening trusted
  186 files relative to the root). Thanks again Solar Designer
  187 <solar@openwall.com>.
  188 - Add "make install" target. Currently it is minimal!
  189 - Clearer error message if vsftpd is started manually. Suggestion from
  190 Tom <tom@lemuria.org>.
  191 - Report futuristic or old (>6 months) dates in a different format, showing
  192 the year like /bin/ls does.
  193 - Add KERNEL-2.4.0-WARNING. Whoo-hoo. Why do all my non-trivial programs seem
  194 to trigger kernel bugs?
  195 - SECURITY: refuse to allow anonymous logins if some bonehead has configured
  196 the anonymous ftp user with write access to the ftp root.
  197 - Fix ASCII downloads so that \n UNCONDITIONALLY maps to \r\n. This behaviour
  198 is now consistent with wu-ftpd and results in simpler code.
  199 - Fix ASCII uploads to not to fail to strip some \r characters. Noted by
  200 Mitchell Blank Jr <mitch@sfgoth.com>.
  201 - Add TODO items: log transfer rate and anonymous password. Andrew Anderson
  202 <andrew@redhat.com>.
  203 
  204 0.0.10 packaged
  205 ---------------
  206 
  207 - Remove errant #include <sys/sendfile.h> from sysutil.c. Noted by Jan-Frode
  208 Myklebust <janfrode@parallab.uib.no>
  209 - Use gettimeofday(2) not time(2), for better resolution.
  210 - Add transfer rate to the log
  211 - Add <limits.h> to sysutil.c, spotted by Kevin Vajk <kvajk@cup.hp.com>.
  212 - Spell "LICENSE" correctly: Kevin Vajk <kvajk@cup.hp.com>.
  213 - Use fcntl() for locking instead of flock() because it is much more standard.
  214 flock() usage noted by Kevin Vajk <kvajk@cup.hp.com>.
  215 - Use more portable IPPROTO_* instead of SOL_* (IPPROTO_IP, IPPROTO_TCP).
  216 Thanks to Neil Blakey-Milner <nbm@mithrandr.moria.org> porting to FreeBSD.
  217 - Start of Solaris port, thanks to Kurt Seifried <seifried@securityportal.com>
  218 for access to a Solaris 8 box.
  219 - Portability fix: include <netinet/in_systm.h> before <netinet/ip.h>.
  220 - Port to Solaris 8: new directory port. New file porting_junk.h. New file
  221 solaris_bogons.h
  222 - Add vsf_findlibs.sh to cater for different platform link requirements. Now
  223 builds on Solaris and Linux with "make".
  224 - struct sockaddr casts to kill Solaris warnings.
  225 - sysdeputil.c: remove unused variable warnings.
  226 - sysutil.c: use _exit() instead of exit() to avoid libc doing stuff on exit.
  227 Fixes segfault reported by Joshua Hill <josh@untruth.org>.
  228 - Add BENCHMARKS. Many thanks to Andrew Anderson <andrew@redhat.com>.
  229 - Fix disconnect/crash if SIGURG received whilst blocking on command stream.
  230 - Update INSTALL with more platforms.
  231 
  232 0.0.11 packaged
  233 ---------------
  234 
  235 - Brag about performance in README. And why not.
  236 - Better bail-out message if the "ftp" anonymous user isn't found
  237 - Better bail-out message if the secure chroot directory isn't found
  238 - Introduce tunable_one_process_model and start work on it
  239 - Fix rare segfault on exit - race leading to infinite stack recursion
  240 - Don't bail out if we didn't get an argv[0]. Who cares? Noted by Kurt Seifried
  241 <seifried@securityportal.com>.
  242 - Change logged date format to include the year.
  243 - Add option to log in standard (wu-ftpd like) "xferlog" format.
  244 - Cater for sendfile() returning EINTR in sysdeputil.c
  245 - Use SO_LINGER on data sockets, to get accurate transfer rates!
  246 - Cater for an interrupted blocking close()
  247 - Tuning: eliminate 3 mprotect(), 1 munmap() and 1 mmap() system call per
  248 command read.
  249 - Prevent infinite loops calling sendfile(). Two bugs - we needed to check
  250 the sendfile() return for 0 (doh!!) and also, we sometimes did lseek() on
  251 a file, to beyond its end. Thanks to Daniel Veillard <Daniel.Veillard@imag.fr>
  252 for reporting.
  253 - Tuning: cache fd's for /etc/passwd and /etc/group to avoid syscalls.
  254 - Tuning: "assist" the get*uid(), get*nam() calls to not make lots of useless
  255 syscalls, if /etc/group and /etc/passwd are missing. Thanks to Daniel Veillard
  256 <Daniel.Veillard@imag.fr> for reporting.
  257 - Use SO_LINGER timeout of 5 mins; INT_MAX seemed to do nothing!
  258 - Finally(!) fix transfer rate timing.
  259 
  260 0.0.12 packaged
  261 ---------------
  262 
  263 - Update INSTALL. Mention the config file can be given on the command line.
  264 - Lower VSFTP_MAX_COMMAND_LINE to 4096 (wu-ftpd uses 512 I think).
  265 - Add RedHat/vsftpd-rh7.spec, kindly provided by Emmanuel Galanos
  266 <egalanos@anchor.net.au>.
  267 - Add more RedHat/* spec files etc, kindly provided by Andrew Anderson
  268 <andrew@redhat.com>.
  269 - Cleanup: move two process model code to "twoprocess.c".
  270 - Damn! Make the file lock _block_ if it's busy, in sysutil.c.
  271 - Finish implementing one process model - benchmarks to follow
  272 - Don't log success if the download is ABOR'ed during the blocking close().
  273 - Build on systems without PAM (obviously local logins won't work..)
  274 - Beware of FreeBSD accept() bug: ai32@drexel.edu
  275 - Implemented a customizable ftp banner with "ftpd_banner" config file setting
  276 - Builds on OpenBSD 2.8 - woohoo
  277 - FreeBSD: look for libpam.so* in /usr/lib
  278 - FreeBSD: add #include <sys/param.h> otherwise CMSG_* break.
  279 - Kill privparent.[ch] - merged them into twoprocess.c
  280 - Enable SIGCHLD handler _before_ forking - should nail a race which could lead
  281 to zombies. Inspired by zombie report from Joe Klemmer <klemmerj@webtrek.com>.
  282 - Data connection timeout code.
  283 - ftpcmdio.c: Don't cancel the alarm when we get a command. For safety, we
  284 insist that that the only way to "cancel" the alarm is to reset it. This
  285 prevents hangs blocking on write() to the command stream. Of course, data
  286 transfers are long running operations and have their own timeouts.
  287 - Data transfer timeout now kills session.
  288 - Take care that no writes block once we've decided to abandon ship.
  289 - FreeBSD sendfile() support. I wonder if it works!
  290 
  291 0.0.13 packaged
  292 ---------------
  293 
  294 - Split out directory listing code into ls.c
  295 - Change blocking accept() and connect() code to use select() not SIGALRM!
  296 - Remove alarm() timeout junk from file locking in logging.c
  297 - Cater for signals interrupting the blocking file lock
  298 - Whoops: fix data timeout incorrectly going off. Noted and fixed by Joshua
  299 Hill <josh@untruth.org>.
  300 - Implement tunable_pasv_promiscuous to relax PASV IP checks. Useful if you
  301 are playing with secure tunneling of command connection. Idea, patch from
  302 Seth Vidal <skvidal@phy.duke.edu>.
  303 - Much better line-by-line file reading string buffer functions.
  304 - Use the above better functions for directory messages and config file
  305 reading. This eliminates a probable quadratic algorithm, i.e. it's a speedup.
  306 - Explictly free certain buffers rather than using the static trick. For
  307 example, the config file buffer which is only used once.
  308 - Massive cleanup and refactoring of login code.
  309 - Add ability to specify file containing list of banned e-mail addresses for
  310 anonymous users. Apparently a required feature for big sites trying to avoid
  311 DDoS attacks.
  312 - Add ability to specify file containing list of users to chroot(), request
  313 from helo <helo@neounix.com>, who also persuaded me not to use the homedir
  314 hack in /etc/passwd.
  315 - Add TODO: PASV port range config setting, for firewalled setups. From Rafal
  316 Wojtczuk <nergal@idea.avet.com.pl>.
  317 - Rudimentary support for non-PAM local user authentication, with
  318 encouragement and helpful discussion from D Richard Felker III
  319 <dalias@aerifal.cx>.
  320 - Use MAP_ANON instead of mmap() /dev/zero for anonymous pages. It saves
  321 using a file descriptor. Neither are standard(?) but MAP_ANON seems to work
  322 on a superset of systems compared with mmap() /dev/zero.
  323 - Ability to specify a PASV local port range with pasv_min_port and
  324 pasv_max_port. Request from Rafal Wojtczuk <nergal@idea.avet.com.pl>.
  325 - Non-PAM authentication: check /etc/shells, and support shadow password and
  326 account expiry.
  327 - First cut at a vsftpd.conf man page! (vsftpd.conf.5)
  328 
  329 0.0.14 packaged
  330 ---------------
  331 
  332 - Default to ASCII mode transfers, as per RFC. Bug noted with Macintosh client
  333 by William Day <day@chem.duke.edu>.
  334 - Implement "ls -a".
  335 - Implement "ls -r".
  336 - Implement "ls -l", i.e. "NLST -L" now works
  337 - Implement "ls -t". Superb - now the oft-used "ls -ltr" works!
  338 - setproctitle() support - FreeBSD only in the first cut.
  339 - setproctitle() on Linux support - what a hack! This crap really needs kernel
  340 support. I'm ashamed I bothered.
  341 - Repair the contributed spec files a bit, based on reports from Oleg Drokin
  342 <green@iXcelerator.com> and Jakob Lichtenberg <jl@it-c.dk>.
  343 - Show remote IP and local username in setproctitle() support.
  344 - Add vsftpd.8 man page, thanks to Daniel Jacobowitz <dan@debian.org>.
  345 - In sysdeputil.c, check macros LINUX_VERSION_CODE and KERNEL_VERSION are
  346 defined. From James Antill <james@and.org>.
  347 - Workaround a broken firewall that expects a very precise PASV response. We
  348 now match wu-ftpd. Many many thanks to Jakob Lichtenberg <jl@it-c.dk> for
  349 his help.
  350 - If tunable_anon_world_readable_only (default), don't list directories unless
  351 they are world readable.
  352 - Use qsort() for directory sorting - eliminates gross quadratic sorting.
  353 Turbo charges directory listings with 1000's of entries.
  354 - Fix big memory leak in str_list_free().
  355 - Simplify + reduce heap usage in strlist.c
  356 - Optimize away lots of excessive heap usage and redundant copying in str.c
  357 - By default, show numeric user/group id's in directory listings. Makes
  358 generating directory listings perhaps 4 times(!) faster, and is noticeable
  359 with e.g. 5000 entries in a directory. n.b. this performance figure is as
  360 measured on a glibc-2.2 system, so glibc would seem to be inefficient.
  361 - Don't use MSG_DONTWAIT - prefer the more portable fcntl()/O_NONBLOCK. Fixes
  362 glibc-2.0 build issues.
  363 - Work around broken Linux-2.0 unix fd passing. Now builds/runs on RH5.2.
  364 - Build fixes for FreeBSD 3.5, with help from Jerry Walsh <jerry@aardvark.ie>.
  365 - Only restrict directory listings to world-readable for _anonymous_ users!
  366 Thanks again Jerry Walsh <jerry@aardvark.ie> for the report.
  367 - Add TUNING
  368 - Special case for security/performance: if we need _no_ privilege, then
  369 force one process model. Security: root dropped totally straight away.
  370 Performance: no messing around forking etc.
  371 - Minor performance tweaks, don't leave big mappings lying around from
  372 config file parsing.
  373 
  374 0.0.15 packaged
  375 ---------------
  376 
  377 - Argh. Fix SuSE 6.0 build issue (time_t used but not defined). Reported by
  378 Peter Stern <peter@frontierflying.com>.
  379 - Another SuSE 6.0 issue - another damn system lacking CMSG_SPACE etc.
  380 - Cope with any return value from blocking close(2). Previously, we missed
  381 EAGAIN, which some systems might return (not Linux).
  382 - New wizzy synchronous signal framework, to prevent re-entrancy issues. It
  383 presents an interface very similar to the traditional UNIX async interface.
  384 Technically this is a security fix; imagine a SIGURG (user controllable!)
  385 coming in whilst we are deep inside glibc. The SIGURG handler is non-trivial
  386 and may well re-enter and upset glibc. Specific example: the malloc subsystem.
  387 - When handing SIGURG, account the time taken under the data tranfer timeout.
  388 - Install the command timeout handler before we write anything to the remote.
  389 - Cleanup capabilities handling to be taken care of in secutil.c.
  390 - Fix bug: one_process_model mode could lose supplementary groups.
  391 - Add "SIZE" file.
  392 - Make one_process_model work with the anon deny e-mail list.
  393 - Massive cleanups. Start moving static state into a session structure.
  394 - Oops - fix Solaris 8 build by fixing include order in porting_junk.h, and
  395 include a dirfd() replacement. Noted by William Yodlowsky
  396 <wyodlows@andromeda.rutgers.edu> and Mike Batchelor <mikebat@tmcs.net>.
  397 - Fix return of a void function call in a void function. It upsets Sun's
  398 compiler. (gcc is fine with it, I'm not sure if it's against the rules).
  399 Noted by Mike Batchelor <mikebat@tmcs.net>.
  400 - Make it possible to use port ranges starting lower than 5001, from
  401 Matthew Kirkwood <weejock@ferret.lmh.ox.ac.uk>.
  402 - Use a /dev/zero mmap() fallback if we do not find MAP_ANON. This should
  403 fix the build on Solaris 2.6, 2.7 machines. Reported by Mike Batchelor
  404 <mikebat@tmcs.net>. Also noted as one of the problems facing an IRIX build.
  405 - Add MDTM support, so clients like ncftp can set the date on downloaded files.
  406 - Add irix_bogons.h, trying to port to IRIX 6.5, with help from Jan-Frode
  407 Myklebust <janfrode@parallab.uib.no>.
  408 - Don't reference "struct msghdr.msg_flags", not all systems have it. Clear it
  409 with vsf_sysutil_memclr() instead. Found on IRIX 6.5.11
  410 - Cater for systems lacking getusershell(), e.g. IRIX 6.5.11, by not using it.
  411 - Fix compiler error with header files claiming 2.4 headers but only having
  412 2.2 headers. Reported by Ben Ricker <bricker@wellinx.com>.
  413 - Kill warning on system without capabilities.
  414 - Add -R option to ls (disabled by default), to cater for broken clients which
  415 assume it is present (e.g. mirror).
  416 - Add "Makefile.sun", from Mike Batchelor <mikebat@tmcs.net>.
  417 - Fix PORT transfer crashes with "one_process_model". Reported by
  418 Andrew Anderson <andrew@redhat.com>.
  419 - Cater for HP-UX shared libraries which end in ".sl", from Kevin Vajk
  420 <kvajk@cup.hp.com>.
  421 - Add hpux_bogons.h, and make MAP_ANON a synonym for MAP_ANONYMOUS.
  422 - Move send_fd and recv_fd to sysdeputil.c and provide old-style fd passing
  423 code for IRIX and HP-UX.
  424 - Get it going on HP-UX 11.11 and HP-UX 10.20, thanks to Kevin Vajk
  425 <kvajk@cup.hp.com>. Minor changes to hpux_bogons.h
  426 - Update vsftpd.conf with "ls_recurse_enable".
  427 - Get it going on IRIX 6.5.11, thanks to Jan-Frode Myklebust
  428 <janfrode@parallab.uib.no>.
  429 - Fix reporting of filenames in MKD operations (regression since 0.0.15).
  430 - Wow - lots of contributed .spec files. Adopt those from Seth Vidal
  431 <skvidal@phy.duke.edu>.
  432 - Fix FreeBSD build.
  433 
  434 0.9.0 packaged
  435 --------------
  436 
  437 - Fix .spec files to include URL, from Seth Vidal <skvidal@phy.duke.edu>.
  438 - Don't let unprintable characters escape into setproctitle(). Thanks to
  439 Solar Designer for the suggestion.
  440 - Make the PAM service name a tunable, suggestion from Solar Designer.
  441 - Add option to log all FTP protocol (log_ftp_protocol).
  442 - Log logins, successful or failed.
  443 - Refuse to download a file in ASCII mode if REST position != 0. Solar
  444 reminded me by looking in the BUGS file.
  445 - Clearly mark an ASCII download in the FTP response string.
  446 - Argh. Fix broken upload timeout again (goes off erroneously).
  447 - Fix logging of FTP protocol, add logging of pid. Reported by Frank Fiamingo
  448 <FiamingF@strsoh.org>.
  449 - Fix bug where logging code bug()'s on the second logged operation, iff
  450 logging is in fact disabled! Reported by Alexander Schreiber
  451 <alexander.schreiber@informatik.tu-chemnitz.de>.
  452 - From Solar: be paranoid about libc implementations of isprint() in sysutil.c
  453 - Careful not to write any unprintable characters into the log.
  454 - fchmod() files that we fchown(), to prevent suid games, etc.
  455 - Cleanups, added comments to some headers.
  456 - Minor speedups to some str.c string handling functions.
  457 - Joe Klemmer <klemmerj@webtrek.com> reports zombies again! Nail a couple of
  458 races: make the SIGCHLD handler async, and cater for an interrupted wait(2)
  459 syscall.
  460 - If chroot_local_user=YES then chroot_list_enable becomes a list of users to
  461 NOT chroot(). With input from Lars Hecking <lhecking@nmrc.ie>.
  462 
  463 0.9.1 packaged
  464 --------------
  465 
  466 - DAMN! Fix silly "missing newline" logging bug.
  467 
  468 0.9.1 repackaged
  469 ----------------
  470 
  471 - Refuse to start if local_enable and anonymous_enable are NO, hit by
  472 Lars Hecking <lhecking@nmrc.ie>.
  473 - Report anonymous e-mail in the LOGIN log event, idea from Joachim Blaabjerg
  474 <styx@mailbox.as>.
  475 - Fix man page install in vsftpd-rh7.spec, from Matthew Galgoci
  476 <mgalgoci@redhat.com>.
  477 - Fix chown_upload bug noted by brett <beldridg@best.com>.
  478 - Add concept of guest user, idea from Andrew Anderson <andrew@redhat.com>.
  479 - Simple bandwidth limitation, inspired by Mads Martin JÝrgensen
  480 <mmj@suse.de>.
  481 - Fix chown_upload bug in a different way.
  482 - Correct *_umask details in vsftpd.conf.5, from brett <beldridg@best.com>.
  483 - Don't show .files unless "ls -a" was specified, n.b. this differs in
  484 behaviour from wu-ftpd, but not proftpd.
  485 - Implement directory write(2) buffering, for a 33% reduction in CPU used to
  486 send big dirs. Activate the bandwidth limit on directory listings.
  487 - HPUX enhancements: setproctitle and sendfile. Thanks to Kevin Vajk
  488 <kvajk@cup.hp.com>.
  489 - We DON'T need to follow symlinks on "ls -R" - phew.
  490 - Add README.solaris. Thanks to Mike Batchelor <mikebat@tmcs.net>.
  491 - Implement passing remote host to PAM (for pam_access etc.), thanks to
  492 Emmanuel Galanos <egalanos@cerberus.anchor.net.au>.
  493 - Fix guest_enable so that this means all non-anonymous users are guest users.
  494 - Add ability to deny selected users before they get the chance to send their
  495 cleartext password!!
  496 - Fix FreeBSD build - use a cast instead of floor() which needs libm.
  497 
  498 0.9.2 packaged
  499 --------------
  500 
  501 - Fix potential leak in PAM handling code.
  502 - Fix build in the non-PAM case (dammit!!). Reported by Alexey E. Korchagin
  503 <Webmaster@buzuluk.ru> and Michael Fengler <michael.fengler@adpag.de>.
  504 - Include filename and size in bytes in the "here comes the data" 150 message.
  505 - Change link flags from "-s" to "-Wl,-s"
  506 - Add libcap support - should fix ia64, Alpha build problems with syscalls.
  507 - Tidy up vsf_findlibs.sh
  508 - Work with NFS mounted home dirs and root_squash, thanks to Hunter Matthews
  509 <thm@duke.edu> for the report.
  510 - Add FAQ.
  511 - Improve "make install".
  512 - Fix Solaris build (nanosleep is in a separate library, typical).
  513 - Fix REST + STOR combination, investigation inspired by Mike Batchelor
  514 <mikebat@tmcs.net>.
  515 
  516 0.9.3 packaged
  517 --------------
  518 
  519 - Update xinetd file to reflect /usr/local location. Thanks to Fridtjof
  520 Busse <fridtjof@fbunet.de>.
  521 - Make our 150 response code match wu-ftpd - allows broken "ange-ftp" of
  522 emacs to do a percentage complete indicator. Reported by Jonathan Kamens
  523 <jik@kamens.brookline.ma.us> via Andrew Anderson <andrew@redhat.com>.
  524 - Fix build on S390, ia64 platforms (poor kernel includes). Patch from
  525 <mmj@suse.de>.
  526 - Fix up vsf_findlibs.sh to cater for RedHat7.2 which has libcap. Reported
  527 by Chris Burton <chris@post.cpac.uk.com>.
  528 - Boast some more in BENCHMARKS.
  529 - Add anon_root and local_root, inspired by Ole Tange <tange@tange.dk>.
  530 - Fix up vsf_findlibs.sh to cater for broken Mandrake, and also consider
  531 the case of missing PAM headers (no pam-devel installed). Thanks to
  532 Jeff Baldwin <jeff_baldwin@unc.edu> for access to Mandrake.
  533 
  534 At this point: 1.0.0 packaged and released
  535 ------------------------------------------
  536 Ah, the wonderful psychology of release numbers
  537 -----------------------------------------------
  538 
  539 - Fix IRIX build (capabilities issue), Jan-Frode Myklebust
  540 <janfrode@parallab.uib.no>.
  541 - Fix FreeBSD build, reported by Jim Breton
  542 <jamesb-security-audit@alongtheway.com>.
  543 - Fix Debian build, reported by Brian Clark <brianj@fusionwerks.com>.
  544 
  545 1.0.1 packaged
  546 --------------
  547 
  548 - Fix .spec files to use /usr/local/sbin not /usr/sbin, noted by Bill Unruh
  549 <unruh@physics.ubc.ca>.
  550 - Small doc tweaks and improvements(?)
  551 - Add COPYING, the GNU GPL version 2.
  552 - Add use_localtime config option to override the use of GMT times.
  553 - Add tunable_check_shell (default YES) so people can disable this if they
  554 are not using PAM.
  555 - AIX 5.1 build support, thanks to Jan-Frode Myklebust
  556 <janfrode@parallab.uib.no>.
  557 - Add "hide_ids" option to show user/group in directory listings as "ftp".
  558 Request from Solar.
  559 - Use the seemingly more portable setreuid() and setregid(), poxy HP.
  560 - Use status 550 instead of 500 for known but disabled commands.
  561 - Rename "dirchange.[ch]" to "banner.[ch]".
  562 - Multiline connect banner support via "banner_file" config option.
  563 - Minor error message changes.
  564 - Add more FAQ entries.
  565 - Add patch to specify PASV address - thanks to Mike McLean <mikem@redhat.com>.
  566 - Drop the 2.4.0 kernel warning file
  567 - Rudimentary standalone listener support - to be expanded in a later release.
  568 - If sendfile() returns EINVAL just fall back to normal routines - handles
  569 non-pagecache backed files.
  570 - Add "port_promiscuous" setting - should help enabling FXP.
  571 - Modify anon_root and local_root to change directory _before_ applying the
  572 chroot().
  573 - Open all files O_NONBLOCK to avoid pipes blocking on open.
  574 - Support wu-ftpd style per-user chroot() via /./ in /etc/passwd HOMEDIR.
  575 - Add SIGHUP support to new built in listener.
  576 - Per-user config overrides, via "user_config_dir" - woohoo!
  577 - Warning fixes, i.e. change "index" to "indexx" thanks to Olaf Kirch
  578 <okir@suse.de>.
  579 - Make sure the standalone daemon doesn't leak zombies!
  580 - Supposedly fix kernel messages about MSG_PEEK race - thanks to advice from
  581 Alexey <kuznet@ms2.inr.ac.ru>.
  582 - Add global client limit for standalone mode.
  583 - Add username that failed when we die with str_getpwnam.
  584 - Add a bunch of documentation under EXAMPLES.
  585 
  586 At this point: 1.1.0 package released
  587 -------------------------------------
  588 
  589 (Note - 1.1.0 also included large file (>2Gb) support).
  590 
  591 - Fix port_promiscuous, oops! Thanks to BjÝrn-Ove Heimsund
  592 <bjornoh@mi.uib.no>.
  593 - Fix to support umasks which create executable files. Reported by
  594 "Martin, Andreas" <AMartin@hegau-klinikum.de>.
  595 - Make the messages more.. professional :( Thanks to Steven G. Taylor
  596 <staylor@redhat.com>.
  597 - Allow anon users to append to files if they can delete files! Suggestion
  598 from Michael Leuchtenburg <michael@slashhome.org>.
  599 - Hopefully fix Solaris build (-lresolv)
  600 - Replace atoll() with a homebrew - modern FreeBSD, OpenBSD lack it.
  601 - Different solution for a umask which creates executable files:
  602 file_open_mode.
  603 - First attempt at Tru64 build, working with <Sulla17@aol.com>.
  604 - A few minor FAQ additions.
  605 - Change date format in the log from Sep 09 -> Sep  9. Avoids breaking some
  606 broken log parsers.
  607 - Make "INSTALL" better and clearer.
  608 - Fix passwd_chroot_enable, reported by James Jones <james@richland.edu>.
  609 - Finish Tru64 building :-)
  610 - Add tunable_no_anon_password as asked for by Stephen Quinney
  611 <stephen.quinney@computing-services.oxford.ac.uk>.
  612 
  613 At this point: 1.1.1 package released
  614 -------------------------------------
  615 
  616 - Add per-IP connection limits in standalone mode.
  617 - Add logging of refused connect due to global or IP connection limits.
  618 - (Many thanks for testing and suggestions from Rob van Nieuwkerk
  619 <robn@verdi.et.tudelft.nl> and Adrian Reber <adrian@lisas.de>.
  620 - Make connection limit exceeded messages nonblocking.
  621 - Don't exit the listener if fork fails.
  622 
  623 At this point: 1.1.2 package released
  624 -------------------------------------
  625 
  626 - Support for tcp_wrappers.
  627 - First stab at Solaris sendfilev() support.
  628 - Don't bomb out the listener on SIGHUP if the config became invalid.
  629 - End vsf_findlibs.sh with "exit 0;" - thanks Lars Hecking <lhecking@nmrc.ie>!
  630 - Integrate with tcp_wrappers - load config based on VSFTPD_LOAD_CONF
  631 environment variables. Allows per-IP configurability in standalone mode.
  632 - Fix build without tcp_wrappers.
  633 - Fix Solaris sendfilev() support - interruption via a signal returns EINTR
  634 rather than a partial byte count!
  635 - Add to EXAMPLE/ - PER_IP_CONFIG and INTERNET_SITE_NOINETD
  636 
  637 At this point: 1.1.3 package released
  638 -------------------------------------
  639 
  640 - Eliminate crypt() not defined warning.
  641 - "grep -q" is not standard to redirect to /dev/null instead.
  642 - Make banned_email_file work second time around.
  643 - Add force_dot_files to work around broken clients. The behaviour when
  644 enabled is very wu-ftpd like.
  645 - Implement SITE HELP - should work around IE bug?
  646 - Update README, vsftpd.conf with references to read the manual page!
  647 - Log revamp: add dual_log_enable to log to xferlog AND vsftpd.log.
  648 - Log revamp: add syslog_enable to log vsftpd.log to syslog().
  649 - Add "background" option to background the listener process.
  650 - Fix warning is vsftpd.8 man page, Bill Nottingham <notting@redhat.com>.
  651 - Fix tcp wrappers support to NOT emit loads of Bad file descriptor messages
  652 to the system log.
  653 - Add ability to make bandwidth limiter smoother by using e.g.
  654 trans_chunk_size=8192.
  655 - Add ability for virtual users to use local privs non anon privs, via
  656 virtual_use_local_privs=YES.
  657 - Fix sendfile() fallback on FreeBSD, thanks to Adam Stroud
  658 <adstro@stny.rr.com>.
  659 - Add pam_session support, as well as utmp and wtmp logging for local logins
  660 (when using a PAM build). Tested pam_limits maxlogins works.
  661 - Ensure the source IP address for PORT connects is always the same as the
  662 control connection local IP address. Previously it was not when NOT using
  663 connect_from_port_20 in the presence of multiple local IP addresses.
  664 - Oops - make max_per_ip and max_clients work with the two process model
  665 when both connect_from_port_20 and chown_uploads are false.
  666 - Initial IPv6 support (EPSV only).
  667 - Add EPRT support to IPv6.
  668 - Fix "ls .file" to list .file even if the ls -a flag is not present. Noted
  669 by and thanks to Sean Millichamp <sean@enertronllc.com>.
  670 - Better error messages for config file parse fail: include setting name.
  671 - Fix bug in str_split_text where text is greater than 1 character long!
  672 - Make it build on Solaris8 - switch from utmp to utmpx and handle missing
  673 LOG_FTP.
  674 - Always check for VSFTPD_LOAD_CONF environment variable.
  675 - Implement HELP properly (should help broken clients).
  676 - Fix FreeBSD build (no utmpx.h, so disable feature).
  677 - Fix chown_uploads.
  678 - "Guess fix" for FreeBSD reported bug. I reckon FreeBSD is returning -EINTR
  679 from a blocking close but still closing the fd, despite the error return. So
  680 cater for this. Reported by Drew Vogel <dvogel@intercarve.net>.
  681 - Add download_enable and dirlist_enable. Useful in conjunction with the
  682 per-user config stuff.
  683 - Add chmod_enable.
  684 - Implement STRU and MODE for _old_, broken clients!
  685 - Log connects.
  686 - Fix 500 OOPS with chown_uploads and an APPE command.
  687 - Improve some error messages: die -> die2 for more information.
  688 - Repair max_per_ip (problem comparing IPv4 addresses).
  689 - Make chown_uploads work with virtual users.
  690 - Chmod files to 0600 before chown_uploads kicks in.
  691 - Add STOU support.
  692 - Add cmds_allowed config parameter.
  693 - Add some FAQ entries.
  694 
  695 At this point: v1.2.0 released!
  696 ===============================
  697 
  698 - Apply NetBSD patch to sysdeputil.c to activate a few features. Thanks to
  699 Lubomir Sedlacik <salo@netbsd.org>.
  700 - Apply fix for broken clients that terminate commands with \r\r\n. Thanks
  701 to Andrey Chernomyrdin <andrey@excom.spb.su>.
  702 - AIX send_file support, thanks to Tomas Ogren <stric@ing.umu.se>.
  703 - Fix typos in vsftpd.conf.5, thanks to SEKINE Tatsuo <tsekine@sdri.co.jp>.
  704 - Simple -F flag support to LIST and NLST. Needed for some broken clients.
  705 - Add simple ? wildcard in pattern matching.
  706 - Make pasv_min_port and pasv_max_port work if they are the same value. Thanks
  707 to Marvin Solomon <solomon@cs.wisc.edu>.
  708 - Paranoia: ignore user_config_dir if username has a / in it.
  709 - Implement stub ALLO command to keep busybox/ftpput happy.
  710 - Implement REIN, ACCT and SMNT stubs.
  711 - Implement FEAT along with an OPTS stub.
  712 - Implement STAT (no-args version).
  713 - Implement STAT (file/dir).
  714 - Add very simple access control via hide_file and deny_file. These should
  715 NOT be used for securing content as they are very dumb! Filesystem permissions
  716 are still the recommended way for securing important content.
  717 - Allow unsetting of string values with option= (i.e. blank).
  718 - Default virtual users to being chroot()'ed to the guest_user's home
  719 directory, if virtual_use_local_privs is not set.
  720 - Add support for "user_sub_token", where you can set the home directory of
  721 guest_user to "/home/virtual/$USER", and "user_sub_token" to "$USER" to
  722 have a root directory auto generated based on username logging in, e.g.
  723 fred logs in and gets chroot()'ed in /home/virtual/fred.
  724 - Fix bug in str_replace_text if replace token matches at end of string.
  725 - Recognize P@SW as PASV; works around an SMC router bug.
  726 - Accept an async ABOR sequence if it arrives via non-urgent data. Fixes issue
  727 with Cisco routers. Thanks to Eddie Corns <E.Corns@ed.ac.uk>.
  728 - Implement simple {,} support in pattern matcher (nested not handled). Handy
  729 to use with hide_file and deny_file options.
  730 (v1.2.1pre2)
  731 - Fix port range with pasv_min_port and pasv_max_port to use the full range
  732 (the upper limit wasn't being used very often!).
  733 - Activate SO_REUSEADDR on passive listen sockets - makes servers with
  734 restricted port ranges much more useable!
  735 - Add secure_email_list_enable, to provide simple anonymous password control.
  736 For some cases, it's better than the hassle of virtual users. Idea thanks to
  737 Malcolm O'Callaghan, <mjo@stamps.com>.
  738 - Add some FAQ entries.
  739 (v1.2.1pre3)
  740 - Fix issue with failure to call openlog() before using tcp_wrappers. Part
  741 of RH bugzilla #89765. (The more serious part was fixed with v1.2.0).
  742 
  743 At this point: v1.2.1 released!
  744 ===============================
  745 
  746 - Fix FreeBSD 5.1/5.2 issue with time_t being long long on that platform.
  747 Thanks to Matthias Andree <matthias.andree@gmx.de>.
  748 - Tweak vsftpd.conf.5 to avoid automated mails from ESR ;-)
  749 - Remove vsftpd spec files, they are old and buggy.
  750 - Add -v flag which just outputs the version and exits.
  751 - Fix nasty issue resulting in listener instability under extreme load (root
  752 cause was re-entering malloc/free). Many thanks to Olivier Baudron
  753 <olivier.baudron@m4x.org> for an excellent report.
  754 (v1.2.2pre1)
  755 - Fix build with modern glibc-2.3 and no libcap on Linux.
  756 - Fix 64-bit file support on Solaris.
  757 (v1.2.2pre2)
  758 - Add initial support for running as the user which launched vsftpd, i.e. no
  759 root needed. Warning - easy to create insecurity if you use this without
  760 knowing what you are doing.
  761 - For above run-as-launching-user support: make CDUP re-use CWD code so that
  762 deny_file of *..* is useful.
  763 - Attempt fix of 64-bit file support on FreeBSD (may need another go).
  764 - Update INSTALL to refer to more modern platforms.
  765 
  766 At this point: v1.2.2 released! (need to get the listener fix out)
  767 ==================================================================
  768 
  769 - Improve logging (log deletes, renames, chmods, etc. as requested by users).
  770 - Add no_log_lock to work around Solaris / Veritas locking hangs.
  771 - Add EPRT, EPSV, PASV and TVFS to FEAT response.
  772 - Implement use of MDTM to set timestamps.
  773 - Recognize FEAT prior to login.
  774 - Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data
  775 connections! Hurrah.
  776 - Increase max size of .message files to 4000 characters, thanks to Eric
  777 Pancer <epancer@security.depaul.edu> for the report.
  778 - Add easy builddefs.h ability to disable PAM builds even when PAM is installed.
  779 - Report vsftpd version in STAT output.
  780 - Add REFS file.
  781 - Change parent<->child socket comms from DGRAM to STREAM for increased
  782 reliability. The main benefit is should the parent be killed (or crash out)
  783 then the child won't block on a read() that will never return.
  784 - Make str_reserve reserve space for the trailing zero as well, so we don't
  785 cause a reallocation if we exactly fill the buffer.
  786 - Optimize the sending of strings over the parent<->child comms links.
  787 - Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly
  788 compiled out.
  789 - Fix vsftpd.conf.5 typos, thanks to Dmitry V. Levin <ldv@altlinux.org>.
  790 - If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring
  791 totally. Thanks to Brad <brad@intradonline.com>.
  792 - Lose Makefile.sun and README.solaris special cases.
  793 - Add SSL / TLS info to SECURITY texts.
  794 - Add README.ssl
  795 - Add documentation for new SSL options to vsftpd.conf.5.
  796 - Add support for CWD ~ (and in general support ~ at start of any filename).
  797 Also support stuff like ~chris/pics, if tilde_user_enable=YES is set. Note that
  798 all of this is for very very broken clients :-(
  799 - Fix compile warnings.
  800 - Update INSTALL with (recent) OS X as a working platform.
  801 
  802 At this point: v2.0.0 released!
  803 ===============================
  804 
  805 - Add -lcrypto for the SSL build; needed for some systems! Thanks to Nelson
  806 Chang <nelsoncybernet@bigfoot.com>.
  807 - Oops; fix session bale out if an empty length password is given.
  808 - Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so).
  809 - Fix vsftpd.conf.5 man page error in "ssl_sslv3", thanks to Etienne Chevillard
  810 <echevillard@yahoo.fr>.
  811 - Clarify licensing: I allow linking of my GPL software with the OpenSSL
  812 libraries. Thanks to Jonas Bofjall <job@abc.se>.
  813 - Add COPYRIGHT.
  814 - Fix build on OpenBSD, FreeBSD, probably NetBSD too (they aren't SuSv2
  815 compliant; timezone should be a variable not a function).
  816 - Fix build where PAM build is enabled but PAM headers are missing.
  817 - Fix build on RHEL3 (remove errant include from twoprocess.c).
  818 
  819 At this point: v2.0.1 released!
  820 ===============================
  821 
  822 - Fix FAQ typo, thanks to Jose Santiago Oyervides Gonzalez
  823 <jose.oyervides@elnorte.com>.
  824 - Emit data transfer status messages (success / failure) after flushing and
  825 waiting for the full data transfer to reach the client. This should help work
  826 around buggy FTP clients such as FlashFXP, which is known to truncate files
  827 incorrectly.
  828 (v2.0.2pre1)
  829 - Make str_empty actually allocate an empty string.
  830 - Change the ASCII receive code to ONLY rip out \r if it is just before a \n;
  831 someone finally complained about this.
  832 (v2.0.2pre2)
  833 - Enable AIX Large File Support #define from Tomas gren <stric@cs.umu.se>.
  834 - Add a couple of FAQ entries.
  835 - Fix time delta code areas to cope with negative deltas, which will occur
  836 if the clock is adjusted backwards. Thanks to Andrew Anderson
  837 <andrew@redhat.com> for a great report.
  838 - Fix "errno" checks to be robust in multiple places; previously, calls to
  839 failing library calls could be made inbetween the original library call and
  840 the "errno" reads. Thanks to Andrew Anderson <andrew@redhat.com> for a great
  841 report.
  842 - Make bandwidth limiter work with SSL data connections.
  843 (v2.0.2pre3)
  844 - Note that the SSL / bandwidth limiter bug fixed a much more serious bug:
  845 SSL data connection dropouts after data_connection_timeout seconds.
  846 - Typo fixes.
  847 
  848 At this point: v2.0.2 released! (need to get the SSL dropout fix out)
  849 =====================================================================
  850 
  851 - Document what regex expressions are supported in the man page.
  852 - New settings rsa_private_key_file and dsa_private_key_file to allow
  853 separate files for the certificates and private keys.
  854 - Initial, simple fix for timed out processes not exiting when SSL is in use.
  855 Better fix (which reports timeout to client properly) to follow.
  856 - Add which setsockopt option failed to die("setsockopt") calls.
  857 - Fix when running on recent OpenBSDs - OpenBSD change broke vsftpd. Lower
  858 linger timeout from INT_MAX to 32767 (SHORT_MAX). Reported by
  859 Ewoud van der Vliet <e.c.vandervliet@student.utwente.nl> and Ed Vazquez
  860 <ed.vazquez@dhha.org>.
  861 (v2.0.3pre1)
  862 - Fix error with IPv4 connections to IPv6 listeners and PORT type data
  863 connections when connect_from_port_20 is set. RedHat bugzilla 134541. Reported
  864 by Joe Orton <jorton@redhat.com>, Radek Vokal <rvokal@redhat.com> and
  865 Andreas Kupfer <kupfer@42h.de>.
  866 - Remove vsf_sysutil_sockaddr_same_family (unused).
  867 - Support protocol 1 (IPv4) in EPRT.
  868 - Add ssl.c to AUDIT.
  869 - Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list.
  870 - Allow "EPSV 1" to mean IPv4 EPSV.
  871 - Report dummy IP but correct port with IPv6 / PASV.
  872 - Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write;
  873 fixes SSL upload failures when data timeouts are in use with some clients.
  874 Specifically, I used the test case FileZilla 2.2.12a on Windows XP. Reported
  875 by Lee Lawrence <leel@aspin.co.uk> (using CuteFTP and BackupEdge) and
  876 Christian DELAIR <christian@cognition.fr> (using lftp, FileZilla and
  877 SmartFTP). Thanks to these two people for valuable help.
  878 (v2.0.3pre2)
  879 - Implicitly disable connect_from_port_20 and chown_uploads when a non-root
  880 user is using run_as_launching_user.
  881 - Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure
  882 anonymous-only solution (useful when you don't have root access and a range
  883 of acceptable anonymous passwords as credentials).
  884 - Use SSL BIO callbacks to fix data connection timeout checks; the checks
  885 weren't all occurring promply.
  886 
  887 At this point: v2.0.3 released! (need to get about three imporant fixes out)
  888 ============================================================================
  889 
  890 - Add explicit "This FTP server does not allow anonymous logins" message.
  891 - Add paranoid checks to sysutil.c for large values / lengths.
  892 - Fix incorrect comment about ASCII and SIZE in the vsftpd.conf example.
  893 - Load per-IP config files earlier; allows more settings to be tuned on a
  894 per-IP level. Suggested by Reber Tobias <t.reber@dkfz-heidelberg.de>.
  895 - Fix MDTM on non-existant files. Reported by Ken A <ka@pacific.net>.
  896 - {} regex fix so that {*} correctly matches everything. Reported by
  897 Tom Van de Wiele <tom.vandewiele@gmail.com>.
  898 - Add "mdtm_write" option to disable MDTM being able to set file timestamps.
  899 - Fix HPUX build, thanks to Kevin Vajk <kvajk@cup.hp.com>.
  900 - Add optional file locking support via lock_upload_files (default on).
  901 - Apply LDFLAGS patch from Mads Martin Joergensen <mmj@suse.de>.
  902 - Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once
  903 at startup.
  904 - Apply patch to fix timezone issues (caused by chroot() interacting badly with
  905 newer glibc versions). Thanks to Dmitry V. Levin <ldv@altlinux.org> and
  906 Mads Martin Joergensen <mmj@suse.de>.
  907 
  908 At this point: v2.0.4 released!
  909 ===============================
  910 
  911 - Apply fix for O_NONBLOCK vs. XFS DMAPI filesystem. Thanks to Sudha Srinivasan
  912 <sudhas@sgi.com>.
  913 - Fix build warnings exposed by my upgrade to Fedora Core 5 / GCC4.1.1.
  914 - Be more honest in FEAT response if PORT or PASV are disabled! Reported by
  915 Charles Honton <chas@honton.org>. Allows MS Explorer to get the transfer mode
  916 correct.
  917 - pam_pwdb.so -> pam_unix.so in example PAM file. Thanks to
  918 Rhodes, Colin <colin.rhodes@airways.co.nz>.
  919 - Add FAQ issue regarding "chroot fails with SSL" - in fact, sshd is being hit
  920 here instead ;-)
  921 - Minor man page doc tweaks.
  922 - Tiny bit of paranoia in privops.c.
  923 - Revert change to reject anonymous logins before asking for password. This
  924 fixes complaints about IE not showing the FTP login dialog.
  925 - Change SSL certificate load to cater for chaining too.
  926 - Added delay_failed_login and delay_successful_login to help limit resources
  927 taken by brute force attacks.
  928 - Kick session after a few login fails. Allows IP blocking solutions to be more
  929 immediately effective.
  930 - Replace setenv() with more portable putenv(). First part of Solaris fix.
  931 - Replace tm_gmtoff usage with timezone and daylight. Second part of Solaris
  932 fix.
  933 - Set PAM items TTY and RUSER if possible.
  934 - OpenBSD build warning fixes.
  935 - So, timezone and daylight are not available on BSD, so redo the whole TZ
  936 thing again. Should use only very portable constructs now.
  937 
  938 At this point: v2.0.5 released!
  939 ===============================
  940 
  941 - Fix delay_failed_login typo. Oops.
  942 - Patch the getcwd and readlink sysutil helpers to reflect that they wouldn't
  943 like a 0-sized buf. No caller is affected. Thanks Ilja van Sprundel
  944 <ilja@suresec.org>.
  945 - Allow a (fake) reauth as the same user as the logged in user. Should resolve
  946 .NET related report from Sabo Jim <Jim.Sabo@thomson.net>.
  947 - Tweak from Lucian Adrian Grijincu <lucian.grijincu@gmail.com> to take
  948 unnecessary port calculations out of a loop.
  949 - Fix byte I/O accounting in the error path of do_file_send_rwloop, thanks to
  950 <echen@siac.com>.
  951 - Don't log FireFox's attempts to RETR directories! Reported by
  952 Nixdorf, Tim <tnixdorf@dnps.com>.
  953 - Fix STOU sending the same 150 status line twice - oops! Reported by
  954 <yamazaki@iij.ad.jp>.
  955 - Fix xferlog format for virtual (guest) users, reported by Andy Fletcher
  956 <andy@withnail.org>.
  957 - Fix bug with empty user list file and userlist_deny=NO. Reported by
  958 Marcin Zawadzki/GlobalVanet.com <marcin.zawadzki@globalvanet.com>.
  959 - Pretend we have proper UTF8 support and respond positively to OPTS UTF8 ON.
  960 Thanks Stanislav Maslovski <stanislav.maslovski@gmail.com>.
  961 - Add control over the file permissions used in the chown()ing of anonymous
  962 uploads: chown_upload_mode (default 0600 as before). Suggestion from
  963 An Pham <apham@medforcetech.com>.
  964 - Do a retry getting the active ftp socket in vsf_privop_get_ftp_port_sock();
  965 should help buggy Solaris systems. Reported by Michael Masterson
  966 <mjmasterson@xo.com>.
  967 - Add debug_ssl option to dump out some SSL connection details.
  968 - Use code 522, not 521, to indicate that the server requires an encrypted
  969 data connection. Still does not seem to coax lftp to retry :(
  970 - Recognize OPTS pre-login.
  971 - A whole ton of SSL improvements, including ability to force requirement of
  972 a client cert; data and control channel client cert cross checking. Ability
  973 to require fully valid / authentic client certs. No cert-based auth yet.
  974 - Change my e-mail to my GMail account.
  975 
  976 At this point: v2.0.6 released!
  977 ===============================
  978 
  979 - Fix finding libcap for the link on Slackware systems, thanks to Roman
  980 Kravchenko <roman@atech.lv>.
  981 - Fix build on Solaris 2.8 due to non-standard C, thanks to IIDA Yosiaki
  982 <y-iida@secom.co.jp>.
  983 - Fix man page typo, thanks Matt Selsky <selsky@columbia.edu>.
  984 - Bring the PASV listen() into the bind() retry loop to resolve a race under
  985 extreme load. Thanks to Curtis Taylor <cjt@us.ibm.com>.
  986 - Enhance logging for debug_ssl.
  987 - Shutdown the SSL data connections properly. This prevents clients such as
  988 recent FileZilla from complaining. Reported by various people.
  989 - Add option to enforce proper SSL shutdown on uploads. Left it off after much
  990 agonizing because clients are so broken in this area.
  991 - Add option to delete failed uploads.
  992 
  993 At this point: v2.0.7 released!
  994 ===============================
  995 
  996 - Remove .postlogin.c.swp (thanks Kaibin Li <kbli@fortinet.com>)!
  997 - findlibs repairs for libcap; builds on my Ubuntu 6.06 again.
  998 - Apply patch to fix "error: assignment of read-only member '__in'" build
  999 error on broken systems where the WIFEXITED() etc. macros write to their
 1000 argument. Thanks Ingo Terpelle <it@exanto.de>.
 1001 - Replace spaces in xferlog with underscores, report from
 1002 Michael Wittauer <michael.wittauer@sonydadc.com>.
 1003 - Reload default config values before re-parsing config file on SIGHUP. This
 1004 makes the values correct in the case a setting was removed from the file.
 1005 - Do not issue an FTP response for a blank line on the control channel. Fixes
 1006 issues with some broken NAT devices. ProFTPd does the same, so hopefully
 1007 nothing will break. Report from Frank Bulk <fbulk@mypremieronline.com>.
 1008 - Replace usage of broken _syscall() with syscall(). Fixes build errors for
 1009 those without libcap-devel installed.
 1010 - Add implicit SSL support with implicit_ssl option.
 1011 - Remove arbitrary restriction on one process model + SSL.
 1012 - Set a session ID on the SSL context.
 1013 - Add the skeleton of a built-in ptrace sandbox. Not yet useful for anything
 1014 other than catching compile errors. Yes, I'm crazy :P
 1015 - Use PR_SET_PDEATHSIG all over the place so that when the listener is killed,
 1016 existing sessions are booted too.
 1017 - Use SSL_peek; makes SSL pipelining work. Note that I never found any SSL
 1018 client that need it, but still a nice code clean-up.
 1019 - Change ASCII download behaviour so \r\n does not become \r\r\n. This mirrors
 1020 proftpd behaviour instead of wu-ftpd. Thanks Paul Abel <pabel@fexcodcc.com>.
 1021 - Switch all sighandlers to the synchronous ones. Prevents us having to
 1022 block and unblock signals all the time.
 1023 - Add a "use alarm" option to synchronous signal handlers, to ensure the race
 1024 condition against a blocking call does not result in a permanent
 1025 non-delivery.
 1026 - Use SIGTERM for privileged parent process shutdown, so they can still update
 1027 u/wtmp properly.
 1028 - Do RAND_load_file from /dev/urandom in the child context because I don't
 1029 trust the OpenSSL API vs. fork(). Different children do have different RNG
 1030 state; this is defense in depth.
 1031 - More thoroughly close the remote ends of the priv_sock, ensuring that child
 1032 death results in no blocking in the parent. This is a matter of tidyness; the
 1033 SIGCHLD handler will reliably tear down the parent.
 1034 - Do the same for the SSL slave / consumer channels.
 1035 - Fix OpenBSD build.
 1036 - Move SSL data handling into the SSL slave process. Incurs some extra
 1037 overhead in terms of context switches and copies, but it enables this next
 1038 item:
 1039 - By default, require SSL data connections to exhibit SSL session re-use of
 1040 the control channel. Unlike the cert thing, this _is_ something we can turn
 1041 on by default as most clients seem to do reuse. Yay.
 1042 - Change 522 response for SSL connection fail to note when session reuse is
 1043 required.
 1044 (v2.1.0pre1 here)
 1045 - More work on the inbuilt ptrace()-sandbox support.
 1046 - Clear the idle alarm when starting data transfer if there is no data alarm.
 1047 - Fix syslog format; don't embed 2nd copy of date, pid. Thanks to
 1048 Renť Berber <r.berber@computer.org>.
 1049 - Lock file before truncating it for upload. Fixes various simultaneous
 1050 upload corruption issues.
 1051 - Make sure to give 426 error code on uploads if ABOR was received.
 1052 - Add cmds_denied option to complement cmds_allowed.
 1053 - Ignore lines in config file containing only white space.
 1054 - Require write_enable / anon_upload_enable / etc. to process STOU.
 1055 - FC10 patch (vsftpd-1.0.1-missingok.patch): tweak to logrotate file.
 1056 - FC10 patch (vsftpd-1.2.1-nonrootconf.patch): bail if the config file is not
 1057 owned by the currently running user.
 1058 - FC10 patch (vsftpd-2.0.1-tcp_wrappers.patch): explicitly call openlog() to
 1059 avoid syslog() bug where some settings are not initialized.
 1060 - FC10 patch (vsftpd-2.0.3-daemonize_fds.patch): when backgrounding, replace
 1061 fd 0,1,2 with /dev/null fd.
 1062 - FC10 patch (vsftpd-2.0.5-correct_comments.patch): comment tweaks in the
 1063 sample config file.
 1064 - FC10 patch (vsftpd-2.0.5-fix_unique.patch): use the default filename given
 1065 by STOU if it is available.
 1066 - FC10 patch (vsftpd-2.0.5-pam_end.patch): call pam_end() properly so modules
 1067 can act on errors if they want.
 1068 - FC10 patch (vsftpd-2.0.5-pasv_dot.patch): Strict RFC compliance for PASV
 1069 command; add a trailing period.
 1070 - FC10 patch (vsftpd-2.0.5-uname_size.patch): allow longer usernames. It's not
 1071 1990 any more, so trust PAM etc. to not stack-buffer-overflow.
 1072 - FC10 patch (vsftpd-2.0.5-underscore_uname.patch): permit username to start
 1073 with underscore or period.
 1074 - FC10 patch (vsftpd-2.0.6-listen.patch): default listen to YES.
 1075 - Fix crash on SIGHUP introduced in 2.1.0pre1. Oops.
 1076 - FC10 patch (vsftpd-2.0.5-bind_denied.patch): retry PASV bind() on EACCES
 1077 too, which can happen on SELinux systems.
 1078 - Default resource limit for child processes: 100MB address space.
 1079 - Finishing touches to the initial sandbox policy; only permit connect() to
 1080 the host on the control channel being the nicest touch.
 1081 (v2.1.0pre2 here)
 1082 - Fix 64-bit build (oops)! Thanks Martin Nagy <mnagy@redhat.com>.
 1083 - Fix config of SSL built in; not enabled; two process model. Report from
 1084 Martin.
 1085 - Shutdown the command connection in the priv parent's SIGTERM handler; kills
 1086 of children where the PR_SET_PDEATHSIG cannot due to different user ids.
 1087 (v2.1.0pre3 here)
 1088 - Fix build on FC10.
 1089 - Some FAQ tweaks.
 1090 - Permit fcntl(F_GETFD) in sandbox policy. Needed for FC10. Not sure where it
 1091 comes from but it is harmless. (My guess would be glibc-2.9's new support for
 1092 using O_CLOEXEC more).
 1093 - Fix build warning on 64-bit.
 1094 - Fix build on OpenBSD again.
 1095 (v2.1.0pre4 here)
 1096 - Bring userlist_deny handling inside the max_login_fail accounting.
 1097 
 1098 At this point: v2.1.0 released!
 1099 ===============================
 1100 
 1101 - Apply Tavis' RLIMIT_NOFILE trick in the twoprocess model's initial
 1102 unprivileged child.
 1103 - Fix build error due to __NR_utimes.
 1104 - Ugh. Can't use RLIMIT_NOFILE in the SSL case because the process later
 1105 receives data transfer fd's via recvmsg(). It's a total shame because doing
 1106 the SSL handshake under even lower privs would be a real boost.
 1107 (v2.1.1pre1 here)
 1108 - Fix some declarations occuring in the middle of a block; broke older more
 1109 strict compilers.
 1110 - Handle the case where libcap is now libcap.so.2; fixes build on my new
 1111 Ubuntu 9.04.
 1112 - Enhance 522 error message to point to require_ssl_reuse option.
 1113 - Fix NASTY regression whereby data transfer timeouts would fire incorrectly
 1114 under SSL transfers. In addition, the transfer rate caps were not working
 1115 under SSL transfers. Reported by several people.
 1116 - Use the login delay machinery for userlist-based denials too. Thanks to
 1117 Tomas Hoger <thoger@redhat.com> for the patch.
 1118 - Fix another tedious regression whereby absent per-user config files were
 1119 causing a session fail rather than being gracefully ignored.
 1120 - Use the somewhat new CLONE_NEWPID / CLONE_NEWIPC to provide more isolation
 1121 in the vsftpd low-priv processes (CLONE_NEWNET pending).
 1122 - Use RLIMIT_NPROC to disallow fork()ing etc. in processes that do not need
 1123 to create new ones.
 1124 - Add "isolate" config flag to disable the new weird clone() flags if
 1125 necessary.
 1126 
 1127 At this point: v2.1.1 released!
 1128 ===============================
 1129 
 1130 - Fix compile error in sysdeputil.c on some Linux systems.
 1131 
 1132 At this point: v2.1.2 released!
 1133 ===============================
 1134 
 1135 - Fix compile on systems with no RLIMIT_NPROC, oops.
 1136 - Change some unsigned int to socklen_t's to avoid warnings on various
 1137 platforms, e.g. AIX.
 1138 - Add some syscall constants to ptracesandbox.c to fix the build on systems
 1139 with 2.4 kernel headers.
 1140 - Look for libs in /lib64 and /usr/lib64 too (Fixes Fedora 11 x86_64 compile).
 1141 - Fix EACCES mapping, thanks Solar Designer <solar@openwall.com>.
 1142 - Dont emit a bogus "OOPS: " message upon a QUIT, report from Solar Designer
 1143 <solar@openwall.com>.
 1144 - Tweak example vsftpd.conf to add commented out chroot_local_user=YES,
 1145 from Ivan I. Grushin <mcgru@intrice.ru>.
 1146 - Where available, use CLONE_NEWNET to isolate the untrusted processes so that
 1147 they can't do arbitrary connect() and instead have to ask the privileged
 1148 process for sockets. Moderate code disturbance - hope for no breakage :-/
 1149 - Disable implicit activation of one_process_model so that an anonymous setup
 1150 can benefit from the no-network isolation of the unprivileged process (where
 1151 available).
 1152 (vsftpd-2.2.0pre1)
 1153 - Call pam_get_item(PAM_USER) after authentication in case a PAM module
 1154 remapped the username. Based on a patch from John McNair <john.mcnair@ihg.com>.
 1155 - Apply a couple of IPv6 fixes from Corinna Schultz <corinna.schultz@gmail.com>,
 1156 particularly when MS operating systems are talking on link local addresses.
 1157 - Handle the error case for accepting a PASV connection in the two process
 1158 model properly.
 1159 - Pull in a couple of minor tidyup patches from Openwall.
 1160 - Add "-o" command line option to specify option, e.g. vsftpd -olisten=NO. Also
 1161 respect ordering with respect config files, e.g.
 1162 vsftpd -olisten=NO /etc/vsftpd.conf -olocal_enable=NO
 1163 Inspiration from Solar / Openwall.
 1164 (vsftpd-2.2.0pre2)
 1165 - Revert listen to be "NO" by default and also set max_per_ip / max_clients
 1166 to 2000 / 50 as a default. Thanks to Solar.
 1167 - Sanity check for admin: check config files are regular files.
 1168 - Error out if opening the per-user config file gives an error other than
 1169 ENOENT. Thanks Solar (who is on fire today ;-)
 1170 (vsftpd-2.2.0pre3)
 1171 - Apply some typo fixes from Solar.
 1172 - Error out on read() errors when reading config files.
 1173 (vsftpd-2.2.0pre4)
 1174 - Add tunable_isolate_network to parseconf.c, thanks Stefan Pfetzing
 1175 <dreamind@dreamind.de>.
 1176 - Don't try and use CLONE_NEWPID etc. if we get EPERM -- may happen even to
 1177 root if using linux-vserver. Also thanks to Stefan Pfetzing
 1178 <dreamind@dreamind.de>.
 1179 - Couple of typo tweaks from Cristi Terpea <cristi.terpea@fortech.ro>.
 1180 - Change // style comments to /* style.
 1181 - Fix pointer aliasing issue in new PAM_USER item support, thanks to Solar.
 1182 
 1183 At this point: v2.2.0 released!
 1184 ===============================
 1185 
 1186 - Apply patch to set SSL context timeout to maximum, from Tim Kosse
 1187 <tim.kosse@filezilla-project.org>. Should prevent data connection failures
 1188 after a long transfer or idle period.
 1189 - Apply async-safety signal tweaks from Solar.
 1190 - Fix crash regression with the pasv_address option enabled.
 1191 - Typo fix and look for libnsl in /lib64, from Robby Workman
 1192 <rworkman@slackware.com>.
 1193 - When asking the client to send us a cert, make sure we broadcast some suitable
 1194 certificates. Fixes compatibility with the z/OS FTP client when
 1195 tunable_ssl_request_cert=YES.
 1196 - Rip out the silly "cached time" concept. Simplifies things and fixes
 1197 incorrect transfer time bug reported by Rajeev V. Pillai. Explicitly pass around
 1198 the cached current time in seconds in the one place that needs to avoid
 1199 repeated gettimeofday() calls (directory listing).
 1200 - Do the login fail delay in the parent process for cases where we checked
 1201 a username / password.
 1202 
 1203 At this point: v2.2.1 released!
 1204 ===============================
 1205 
 1206 - Change "File receive OK." to "Transfer complete." to placate some broken
 1207 clients. Thanks Holger Kiehl <Holger.Kiehl@dwd.de>.
 1208 - Fix erroneous "child died" upon FTP client connect, when under load. Awesome
 1209 thanks to Holger Kiehl <Holger.Kiehl@dwd.de> for running diagnostic tests on
 1210 his live server.
 1211 - Boot the session if an overly long line is encountered.
 1212 (vsftpd-2.2.2pre1)
 1213 
 1214 At this point: v2.2.2 released!
 1215 ===============================
 1216 
 1217 - Add extremely simply HTTP support. It's very experimental, ignorant of HTTP
 1218 protocol and headers, and likely has all sorts of other issues. The use case
 1219 it might satisfy is if you need to serve simple static unathenticated content
 1220 with large levels of paranoia.
 1221 - Fix port_promiscuous breakage. Report from Soeren <soeren84@fastmail.net>.
 1222 (v2.3.0pre1)
 1223 - Minor FAQ update.
 1224 - Use a larger address space limit if using text_userdb_names=YES
 1225 - Always use CLONE_NEWNET if possible when in HTTP mode.
 1226 - Change REST + STOR so that it's possible to overwrite part of file without
 1227 truncating it.
 1228 (v2.3.0pre2)
 1229 - Boot the session if we see a USER where encryption was required. May prevent
 1230 the transmission of plaintext passwords by buggy clients. Idea from
 1231 Marcin Hlybin <marcin@rootnode.net>.
 1232 - Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n
 1233 fixups.
 1234 
 1235 At this point: v2.3.0 released!
 1236 ===============================
 1237 
 1238 - Fix silly regression re: log files being overwritten from the start.
 1239 - Rename a few file-open functions to make it clearer what they do.
 1240 
 1241 At this point: v2.3.1 released!
 1242 ===============================
 1243 
 1244 - Argh! Fix version number.
 1245 
 1246 At this point: v2.3.2 released!
 1247 ===============================
 1248 
 1249 - Avoid consuming excessive CPU when matching filenames to patterns. Thanks to
 1250 Maksymilian Arciemowicz <cxib@securityreason.com>.
 1251 - Some bugfixes from RaphaŽl Rigo <raphael.rigo@syscall.eu> -- good bugs but
 1252 no apparent security impact.
 1253 
 1254 At this point: v2.3.3 released!
 1255 ===============================
 1256 
 1257 - Fix compile. Extreme suckage.
 1258 
 1259 At this point: v2.3.4 released!
 1260 ===============================
 1261 
 1262 - Try and force glibc to cache zoneinfo files in an attempt to work around
 1263 glibc parsing vulnerability. Thanks to Kingcope.
 1264 - Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke
 1265 <martin@meltin.net>.
 1266 - Some simple fixes and cleanups from Thorsten Brehm <tbrehm@dspace.de>.
 1267 - Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to
 1268 steve willing <eiji-gravion@hotmail.com>.
 1269 - Handle connect() failures properly. Thanks to Takayuki Nagata
 1270 <tnagata@redhat.com>.
 1271 - Add stronger checks for the configuration error of running with a writeable
 1272 root directory inside a chroot(). This may bite people who carelessly turned
 1273 on chroot_local_user but such is life.
 1274 
 1275 At this point: v2.3.5 released!
 1276 ===============================
 1277 
 1278 - Update vsf_findlibs.sh to work on Ubuntu 11.10+
 1279 - Make listen mode the default.
 1280 - Add -Werror to build flags.
 1281 - Fix missing "const" in ssl.c
 1282 - Add seccompsandbox.c to support a seccomp filter sandbox; works against Ubuntu
 1283 12.04 ABI.
 1284 - Rearrange ftppolicy.c a bit so the syscall list is easily comparable with
 1285 seccompsandbox.c
 1286 - Rename deprecated "sandbox" to "ptrace_sandbox".
 1287 - Add a few more state checks to the privileged helper processes.
 1288 - Add tunable "seccomp_sandbox", default on.
 1289 - Use hardened build flags. Distros of course override these and provide their
 1290 own build flags but no harm in showing how it could be done.
 1291 - Retry creating a PASV socket upon port reuse race between bind() and listen(),
 1292 patch from Ralph Wuerthner <ralph.wuerthner@de.ibm.com>.
 1293 - Don't die() if recv() indicates a closed remote connection. Problem report
 1294 on a Windows client from Herbert van den Bergh,
 1295 <herbert.van.den.bergh@oracle.com>.
 1296 - Add new config setting "allow_writeable_chroot" to help people in a bit of
 1297 a spot with the v2.3.5 defensive change. Only applies to non-anonymous.
 1298 - Remove a couple of fixed things from BUGS.
 1299 - strlen() trunction fix -- no particular impact.
 1300 - Apply some tidyups from mmoufid@yorku.ca.
 1301 (vsftpd-3.0.0-pre1)
 1302 - Fix delete_failed_uploads if there is a timeout. Report from Alejandro
 1303 HernŠndez Hdez <aalejandrohdez@gmail.com>.
 1304 - Fix other data channel bugs such as failure to log failure upon timeout.
 1305 - Use exit codes a bit more consistently.
 1306 - Fix bad interaction between SSL and trans_chunk_size.
 1307 - Redo data timeout to fire properly for SSL sessions.
 1308 - Redo idle timeout to fire properly for SSL sessions.
 1309 - Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing.
 1310 - Use 10 minutes as a max linger time just in case an alarm gets lost.
 1311 (vsftpd-3.0.0-pre2)
 1312 - Change PR_SET_NO_NEW_PRIVS define, from Kees Cook.
 1313 - Add AES128-SHA to default SSL cipher suites for FileZilla compatibility.
 1314 Unfortunately the default vsftpd SSL confiuration still doesn't fully work
 1315 with FileZilla, because FileZilla has a data connection security problem:
 1316 no client certificate presentation and no session reuse. At least the error
 1317 message is now very clear.
 1318 - Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst
 1319 a data transfer is in progress.
 1320 - Fix delete_failed_uploads for anonymous sessions.
 1321 - Don't listen for urgent data if the control connection is SSL, due to possible
 1322 protocol synchronization issues.
 1323 
 1324 At this point: v3.0.0 released!
 1325 ===============================
 1326 
 1327 - Fix some seccomp related build errors on certain CentOS and Debian versions.
 1328 - Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort()
 1329 opens and maps /proc/meminfo but only for larger item counts?
 1330 - Seccomp filter sandbox: deny socket() gracefully for text_userdb_names.
 1331 - Fix various NULL crashes with nonsensical config settings. Noted by Tianyin Xu
 1332 <tixu@cs.ucsd.edu>.
 1333 - Force cast to unsigned char in is* char functions.
 1334 - Fix harmless integer issues in strlist.c.
 1335 - Started on a (possibly ill-advised?) crusade to compile cleanly with
 1336 Wconversion. Decided to suspend the effort half-way through.
 1337 
 1338 At this point: v3.0.1 released!
 1339 ===============================
 1340 
 1341 - One more seccomp policy fix: mremap (denied).
 1342 - Support STOU with no filename, uses a STOU. prefix.
 1343 
 1344 At this point: v3.0.2 released!
 1345 ===============================
 1346 
 1347 - Increase VSFTP_AS_LIMIT to 200MB; various reports.
 1348 - Make the PWD response more RFC compliant; report from Barry Kelly
 1349 <barry@modeltwozero.com>.
 1350 - Remove the trailing period from EPSV response to work around BT Internet
 1351 issues; report from Tim Bishop <tdb@mirrorservice.org>.
 1352 - Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
 1353 <mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
 1354 - Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
 1355 probably have a different distro / libc / etc. and there are multiple reports.
 1356 - Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
 1357 this case gracefully. Report from Vasily Averin <vvs@odin.com>.
 1358 - List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
 1359 - Make some compile-time SSL defaults (such as correct client shutdown
 1360 handling) stricter.
 1361 - Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
 1362 delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
 1363 - Kill the FTP session if we see HTTP protocol commands, to avoid
 1364 cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
 1365 - Kill the FTP session if we see session re-use failure. A report from
 1366 Tim Kosse <tim.kosse@filezilla-project.org>.
 1367 (vsftpd-3.0.3pre1)
 1368 - Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
 1369 - Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
 1370 - Minor SSL logging improvements.
 1371 - Un-default tunable_strict_ssl_write_shutdown again. We still have
 1372 tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
 1373 upload integrity.
 1374 (vsftpd-3.0.3pre2)
 1375 
 1376 At this point: v3.0.3 released!
 1377 ===============================
 1378 
 1379 - Fix build on Fedora 33 (one warning, one incorrect libcap used).
 1380 - Fix SSL build (terrible grep for symbol in vsf_findlibs.sh)!
 1381 - Fix runtime SIGSYS crashes on Fedora 33 (seccomp sandbox policy tweaks).
 1382 - Reject HTTP verbs pre-login.
 1383 - Disable TLS prior to v1.2 by default.
 1384 - Close the control connection after 10 unknown commands pre-login.
 1385 - Reject any TLS ALPN advertisement that's not 'ftp'.
 1386 - Add ssl_sni_hostname option to require a match on incoming SNI hostname.
 1387 
 1388 At this point: v3.0.4 released!
 1389 ===============================
 1390 
 1391 - Fix ALPN callback to correctly select the 'ftp' string if present. Works
 1392 with FileZilla-3.55.0.
 1393 - Fix a couple of seccomp policy issues with Fedora 34.
 1394 
 1395 At this point: v3.0.5 released!
 1396 ===============================