1This file contains all major changes made during the development of bftpd. 2The uppermost change is the newest one. 3 4Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.6 5 - Perform memory allocation check in bftpd_cwd_mappath() 6 - Changed a strcmp() to strcasecmp() in command_retr function. 7 - Performed free(mapped) at end of command_retr. 8 - Performed memory checks and clean-up in various functions. 9 10Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.5 11 - The when using the FILE_AUTH option, the text 12 password file can contain anonymous users. That is, 13 users who do not require passwords. THIS IS DANGEROUS 14 ON MOST SYSTEMS. A entry with the password field set to 15 a * (star) does not require a password. See the 16 config file option FILE_AUTH for more information. 17 18Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.4 19 - Allow ANONYMOUS_USER config file option to be used with 20 the FILE_AUTH option. This basically allows anyone 21 to login to the system without a password if both 22 options are used! 23 - When a chroot fails during login the server will 24 no longer tell the client which directory it was trying 25 to chroot to. 26 - When the config.h file contains a definition for 27 NO_GETPWNAM then the getpwnam() function is not used. 28 Also, this forces the use of the FILE_AUTH option. If 29 NO_GETPWNAM is defined and FILE_AUTH is not used, all 30 connections are dropped. 31 32 33Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.3 34 - Introduced option to over-ride the local/LAN 35 IP address assigned to the host computer. This 36 option takes a 4-number IP address in the format 37 of "127.0.3.101". See OVERRIDE_IP in bftpd.conf for 38 more information. 39 - Removed description-pak file from source tree. 40 - The options PRE_WRITE_SCRIPT and POST_WRITE_SCRIPT 41 have been added to the bftpd.conf file. These options 42 let you run scripts before and after any command writes 43 to the file system. Handy if you want to re-mount. 44 Please see the bftpd.conf file for details. 45 46 47Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.2 48 - When using FILE_AUTH to login, check 49 DO_CHROOT option before performing 50 a chroot(). 51 52Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.1 53 - Removed code which uses sendfile(). 54 The sendfile code appears to cause a 55 conflict on some systems when used 56 with 64-bit file size variables. 57 58Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6 59 - Released bftpd without code changes, but 60 with updated Polish documentation. 61 62Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.5 63 - Added Polish documentation to website. 64 65Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.4.1 66 - Added ability to use a plain text file 67 for authentication. See config file option 68 FILE_AUTH for details. 69 70Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.4 71 - Fixed default configuration. 72 - Fixed compile warnings for vanilla config. 73 74Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.3.2 75 - Fixed Makefile to erase config.cache file during 76 "make clean" 77 - Added ability to uncompress files on the fly 78 during downloads. Any file with the extension 79 ".gz" can be decompressed during transfer to 80 the client with the use of the GZ_DOWNLOAD 81 in the config file. This option requires bftpd 82 be configured (pre-compile time) with the flag 83 --enable-libz. 84 85 86Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.3.1 87 - Changed ratio values to unsigned long 88 variables to support large files. 89 - Editted Makefile to allow bftpd to handle large 90 files (2GB+). 91 92Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.2.2 93 - Added ability to upload files and 94 compress them into .gz files on the fly. 95 See bftpd.conf file for the option. 96 This option requires --enable-libz be 97 used when running the configure script. 98 99 - Cleaned up code to avoid compiler warnings 100 from gcc 4.0.2. 101 Files changed: main.c commands.c 102 103Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.2.1 104 - When the config file is re-read, global 105 are changed only. 106 Files changes: options.c options.h 107 108 109Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.2 110 - Made re-reable options be able to hold larger 111 values. Up to 256 bytes/characters long. 112 - Replaced old rpm spec file with one from 113 Joe, which will be used from now on for 114 rpm builds. 115 116Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.1.3 117 - When a child/client dies, the 118 parent process will now attempt to 119 remove the client's log entry 120 from the bftpdutmp file. This 121 should prevent stale entries. 122 - Changed some default values to 123 constants in options.h 124 - Fixed typo(s) in bftpd.conf 125 - Set delete/over-write for global 126 users to be disabled by default 127 in bftpd.conf. 128 - Added the XFER_DELAY option to 129 the bftpd.conf file. This allows 130 the admin to set a time delay 131 between data transfer bursts. 132 This aid in bandwidth throttling. 133 Please see bftpd.conf for more 134 details on this feature. 135 - Added more re-read options 136 when catching signal SIGHUP. 137 The re-readable options are now: 138 HELLO_STRING, QUIT_MSG, XFERBUFSIZE, 139 DATA_TIMEOUT, CONTROL_TIMEOUT, 140 USERLIMIT_GLOBAL, USERLIMIT_SINGLEUSER, 141 USERLIMIT_HOST, DENY_LOGIN and XFER_DELAY. 142 143Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.1.2 144 - Program now catches signal SIGHUP. 145 - When bftpd catches the SIGHUP (hang up) 146 it re-reads the config file. It looks 147 for some config values, but not all. 148 At this time, the values which are 149 re-read are: 150 HELLO_STRING, QUIT_MSG and XFERBUFSIZE 151 152Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.1.1 153 - Added rpm spec file to redhat directory. 154 - Changed numberic string length (512) to a defined 155 string length (MAXCMD). Makes code more 156 compatible with main.c and uses less stack 157 memory. File changed: commands.c 158 - When receiving files, the transfer buffer 159 (XFER_BUFSIZE) is divided by the number of 160 connected clients. This should prevent bandwidth 161 being sucked back by multiple connections. 162 - Minor fixes, checking for malloc errors, 163 freeing memory and closing sockets. 164 File changed: commands.c 165 - When sending files, the transfer buffer 166 (XFER_BUFSIZE) is divided by the number 167 of connected clients. This should prevent 168 bandwidth being taken over by multiple connections. 169 - Changed Makefile so bftpd.8 gets installed as 170 a manual page in the proper location. 171 Also updated rpm spec file to include man page. 172 173 174Jesse Smith <slicer69@hotmail.com> -> 1.1.0 175 - Changed some bftpdutmp_log(0) lines to 176 calls to bftpdutmp_end(). This should be safer. 177 - Made sure that clients cannot write or append 178 to files if the "delete" command is disabled. I 179 think if they cannot delete the file they shouldn't 180 be allowed to truncate it to zero bytes either. 181 - Added reason for login failure to log file. 182 - Removed logging of getting user count from 183 temp file. Just seems to be taking up space. 184 185Jesse Smith <slicer69@hotmail.com> -> 1.0.24-2 186 - Added ability to block multiple connections from the 187 same IP address. This will keep download managers and 188 Internet Explorer from taking up multiple connections. 189 See the new option USERLIMIT_HOST in bftpd.conf. 190 - Made sure that bftpd logs out stale control connections 191 via added calls to bftpdutmp_log(0). 192 - Added alarm() calls before trying to read from 193 the control socket. We shouldn't assume we are going to 194 get anything. 195 196Jesse Smith <slicer69@hotmail.com> -> 1.0.24-1 197 - Fixed bug with NLIST command. The bftpd server should not be 198 sending leading path in front of filename when using NLIST. 199 File(s) affected: dirlist.c 200 - Added the MGET command. Allows client to receive multiple files 201 with one command. 202 File(s) affected: commands.c 203 - Added the MPUT command. Allows client to send multiple files 204 to the server with one command. 205 File(s) affected: commands.c 206 207Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.24 208 - The PATH_BFTPDUTMP configuration option was added (idea by Szabo Peter 209 <pts@math.bme.hu>). 210 - Whenever a data connection is established, the reply message now 211 contains the transfer mode (idea by Szabo Peter). 212 - The -D, -h and -n command line options have been added (idea by Szabo 213 Peter). Some code was changed to support operation without a configuration 214 file. 215 - ATTENTION! The option LOGFILE has changed. See sample config file. 216 - In daemon mode, bftpd closes its sockets correctly now (important if you 217 have a lot of connections), problem discovered by Olivier Kaloudoff. 218 - Fixed a bug that prevented Mozilla from getting directory lists (found 219 by Marc Pauls). 220 - Daniel Mack fixed a memory leak in his code. 221 - The configuration parser handles comments better now. 222 - The USERLIMIT_GLOBAL configuration option has been added. 223 - The USERLIMIT_SINGLEUSER configuration option has been added. 224 - Some memory leaks discovered by David Heine <dlheine@suif.stanford.edu> 225 were fixed. 226 227Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.23 228 - A serious file corruption bug using sendfile was fixed. 229 - A makefile bug was fixed. 230 - The AUTO_CHDIR and HIDE_GROUP configuration options were added. 231 - A bug in the RNFR and RNTO functions has been fixed. 232 - A bug occuring when compiling on StrongARM has been fixed. 233 - The config file has been made more tolerant to missing spaces (error 234 reported by Saus101 <Saus101@prime.gushi.org>). 235 - A bug in the HELP function was fixed. 236 - Two BSD incompatibilities have been fixed. 237 - A STAT bug was fixed. 238 - bftpd now follows symlinks. 239 - A bug in the daemonmode code was fixed. 240 241Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.22 242 - The ALLOW_FXP configuration option has been added. 243 - The DATA_TIMEOUT configuration option has been added. 244 - The PASSIVE_PORTS configuration option has been added. 245 - A control timeout bug has been fixed. 246 - Configuration options are now written like name="value", allowing 247 comments after the option. Directories are written like 248 directory "/foo/bar" {. Please update your config files! 249 - bftpdutmp logging has been implemented as well as some administration 250 functions using it. Read the updated documentation for details on how 251 to use them. 252 - You needn't link gzip statically to bftpd any more if you want on-the-fly 253 compression, but you can dynamically link against zlib instead now. 254 The pax sources are still needed for tar on-the-fly. 255 - A directory listing bug reported by Hendrik Harms 256 <hendrik.harms@bigfoot.de> has been fixed. 257 258Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.21 259 - The XFER_BUFSIZE configuration option has been added, allowing tweaking 260 of data throughput. If you and your clients are on a very fast network 261 (fast meaning 100 Mbit/s or more), you should set this to 64000 or 262 something like that. 263 - The APPE command has been implemented. 264 - The ALLO command has been implemented as an alias to NOOP. 265 - The INITAL_CHROOT configuration option has been added. See the new 266 example config file for details. 267 - The ability to disable logging has been added :) 268 - A bug making file transmissions impossible with old config files has 269 been fixed. 270 - A bug concerning file truncating when STORing has been fixed. 271 272Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.20 273 - The FEAT function has been implemented. 274 - A permission bug in the STOR function has been fixed. 275 - The UMASK configuration option can now be used directory-specifically. 276 - The EPSV and EPRT functions have been implemented, making IPv6 support 277 possible somewhere in the future. 278 279Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.19 280 - The NLST function has been made usable again. There has been an 281 unnoticed bug in it since the globbing function has been implemented. 282 - The XCWD, XCUP, XMKD, XRMD and XPWD functions have been implemented 283 as aliases to CWD, CDUP, MKD, RMD and PWD. 284 - The documentation is now in the SGML format, making it more extensible, 285 hopefully. 286 - The DATAPORT20 configuration option has been added. If set to yes, 287 the server will open data connections from port 20, which should make 288 firewall users happier. 289 290Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.18 291 - The configuration file has been restructured. See README for details. 292 - The PORT configuration option has been added, allowing you to change 293 the port number the daemon should listen on (only for daemon mode). 294 - A workaround for the /*/../* vulnerability mentioned on Bugtraq has 295 been added, although it's not the right thing to do, really. 296 - Compatibility to Solaris 8 has been improved. Josh Woodcock 297 <josh@hamparts.com> and Michael Smirnov <smb@mh.vstu.edu.ru> gave 298 some hints. 299 - The CONTROL_TIMEOUT configuration option has been added. You can now 300 say after how many seconds of idle time users should be kicked. 301 - Hashes (#) in /etc/passwd and /etc/group are now supported as comments. 302 This improves FreeBSD compatibility, I'm not sure about other systems. 303 304Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.17 305 - A globbing bug was fixed, making Midnight Commander able to connect 306 to bftpd. 307 - A bug which appeared when doing LIST if a group line in /etc/group 308 had more than 256 characters was fixed. 309 - /etc/shells and /etc/ftpusers authentication were implemented by 310 Christophe Bailleux. 311 - You can now indent your configuration options with tabulators. 312 - A small problem with the ip_conntrack_ftp kernel module has been fixed, 313 which was the fault of ip_conntrack_ftp. It was found by Erik Hensema 314 <erik@hensema.xs4all.nl>. 315 - ASCII transfer mode has been implemented. 316 - You can now prevent a user from executing specific commands by using 317 the ALLOWCOMMAND_XXXX=no option. 318 319Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.16 320 - .tar and .gz on-the-fly support has been implemented. Look in the 321 README file if you want to do that. 322 - Supplementary group IDs are now initialized correctly. 323 - PORT commands now check if the supplied IP address really belongs 324 to the client, so that an attacker can't make the server connect 325 to a machine in its LAN. 326 - A bug making the wtmp logging system unusable under BSD systems was 327 fixed. 328 - A bug making the server crash when logging in a non-existent user 329 with ANONYMOUS_USER enabled was fixed. 330 - A patch supplied by Christophe Bailleux was applied, changing the 331 following: 332 - Spaces after a command in each command string are removed. 333 - The HELP command was implemented. 334 - CWD to ~ now works. 335 336Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.15 337 - You can override the default path to the config file with the command 338 line parameter '-c'. 339 - wtmp logging was implemented, so that bftpd logins show up in 340 commands like 'last'. 341 - You can have bftpd bind to only one interface, for example, if you 342 want to run an FTP proxy server on the same port on another network 343 interface. 344 - The LIST and NLST commands now support globbing. 345 - A security problem in the syslog code was fixed. 346 347Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.14 348 - A lot of bugs found by Christophe Bailleux <cb@grolier.fr> have been 349 fixed, as always. 350 - bftpd can now cope with special characters, such as umlauts. 351 - SITE commands are now disabled by default. 352 - A bug preventing resolution of GIDs on some systems has been fixed. 353 - Debian packages are now built for every new version. 354 - You can now specify if any password should fit for a particular user, 355 so that you don't have to set a user's password to nothing 356 (security). 357 - You can now turn off chroot() for particular users. 358 359Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.13 360 - David L. Nicol <david@kasey.umkc.edu> tested bftpd on Tru64. 361 He also improved the character filtering routine. 362 - Some RFC incompliance was fixed, improving compatibility with 363 FTPExplorer and LeechFTP. 364 - The SIZE command was implemented. 365 - A bug making the server segfault when being killed was fixed. 366 - A buffer overflow bug found by asynchro <asynchro@pkcrew.org>, 367 Jonathan Heusser <jonathanheusser@gyml.unibas.ch> and Christophe 368 Bailleux <cb@grolier.fr> was fixed. 369 - The SITE CHMOD and SITE CHOWN commands were implemented. You can turn 370 them off in the config file. 371 - A lot of useful changes proposed by Heiko Rother <rother@cmsnet.de> 372 were made: 373 - Standalone mode, independent from inetd 374 - Better support for symbolic links 375 - Display of user/group name instead of UID/GID 376 - Ability to set the umask 377 - Ability to log into syslog 378 379Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.12 380 - SmartFTP support was improved (parameters to LIST beginning with - 381 are discarded). 382 - A buffer overflow bug found by Christophe Bailleux <cb@grolier.fr> 383 was fixed. 384 385Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.11 386 - PAM support was implemented. Specify --enable-pam while starting 387 configure to use it. 388 - You can now specify users who should be unable to log in. 389 390Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.10 391 - Applied a big patch from Daniel Mack that makes some things better, 392 for example virtual host support, a FreeBSD correction for the 393 directory listings, etc. 394 - The MDTM command was implemented. 395 396Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.9 397 - Fixed another bug preventing successful running on Solaris. 398 - Implemented "message of the day". 399 - Fixed an evil bug in string substitution. 400 - Fixed a bug causing the server to crash when listing an empty 401 directory. 402 - The NLST command was implemented. 403 404Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.8 405 - Fixed a bug that caused StarOffice not to work. 406 - Removed the use of a non-Posix function that prevented compiling 407 on Solaris. 408 - Implemented an option to let root have / as his home directory 409 independent of his real one. 410 411Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.7 412 - The PASV command was implemented. 413 414Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.6 415 - bftpd also compiles on FreeBSD and Solaris. 416 - Aliases for users can be set. 417 - Error messages are now printed correctly. 418 - "In bftpd.conf you can define if you want bftpd to use /etc/shadow" 419 was removed again because it was stupid. 420 - Ratio was added. 421 422Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.5 423 - ls-independant directory listing was implemented. You don't need 424 special directories or files in your home directory any longer. 425 - Compiling works with configure for portability reasons now. 426 - bftpd also compiles on BSD/OS and DG-UX. 427 - The name of the log file can now be set in bftpd.conf. 428 - The RMD command was implemented. 429 - Internet Explorer and Netscape compatability was improved. 430 - The REST command was implemented. 431 - The ABOR command was implemented (but with very stupid code!). 432 - In bftpd.conf you can define if you want bftpd to use /etc/shadow. 433 434Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.4 435 - Logging was implemented. 436 - A wrong error number for 'Permission denied' was fixed. 437 438Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.3 439 - A config file and two options have been implemented: You can 440 disable the server and you can disable .ftp. 441 442Max-Wilhelm Bruker <brukie@gmx.net> -> 1.0.2 443 - It is now checked if .ftp is a symbolic link so that users don't 444 link .ftp to /. 445