============================================================================ - Buffer Overrun in src/log.c (sprintf) fixed, from bugtraq report. - mod_linuxprivs problem with glibc2.1 fixed (no more all-users as root), or rather worked around. glibc2.1 implements seteuid() incorrectly, resulting in euid->ruid swapping not working. - Memory usage under ls -R should be better (yes, we know it's still not perfect -- perfect will be in 1.3) - RNFR no longer allows renames _from_ files that don't pass PathAllowFilter/PathDenyFilter - TimeoutStalled now defaults to 3600 seconds (one hour), so that those who don't config their server properly [ahem, you *know* who you are :P] won't end up w/ ancient proftpd processes. - `TYPE A N' no longer causes an error. - Patch to fix SO_REUSEADDR problem w/ OpenBSD. March 9, 1999 - Version 1.2.0pre3 - `ServerIdent' directive changed to take an additional argument when the first argument is boolean true: ServerIdent on "Server ready message." The "Server ready message" is displayed after client connection (and after DisplayLogin) instead of the normal "ProFTPD version" message. `ServerIdent off' will continue to work as before, displaying the server's hostname followed by "FTP server ready." - New directive: MultilineRFC2228 (This needs to go into the docs) By default, proftpd sends multiline responses as per rfc 959, i.e.: 200-First line More lines... 200 Last line rfc 2228 specifies that "6xy" response codes will be sent as follows: 600-First line 600-More lines... 600 Last line Note that 2228 ONLY specifies this for response codes starting with '6'. Enabling this directive causes ALL responses to be sent in this format, which may be more compatible with certain web browsers and clients. Also note that this is NOT the same as wu-ftpd's multiline responses, which do not comply with any rfc. Using this method of multilines is more likely to be compatible with all clients, although it isn't strictly rfc, and is thus not enabled by default. - MacGyver's patch to do argv[] rewriting the Right Way, and some minor fixes to socket error handling. - IdentLookup fixed, no longer hangs indefinitely if unable to ident/ connect to client's ident port (timeout is 10 seconds) - "Runaway" proftpd child processes fixed! "Dead" proftpd child processes fixed! - "not a regular file" now returns 550 instead of 553. February 13, 1999 - Version 1.2.0pre2 - New UserDirRoot directive. When set to true, the chroot base directory becomes a subdirectory of the anonymous ftp directory, based on the username of the current user (i.e. assuming user "foo" is aliased to "ftp", logging in as "foo" causes proftpd to run as *real* user ftp, but to chroot into ~ftp/foo instead of just ~ftp). - New ServerIdent directive. Can be used to change the default message proftpd announces when a new client connects (good for security). - New DisplayConnect directive. Displays a file when a client initially connects. - New CDPath directive; works just like wu-ftpd's cdpath. - Makefile chown portability bug fixed. - proftpd.8 now documents SIGHUP usage. - UserAlias can now take "*" as a wildcard user argument, making it apply _any_ username as an alias. - mod_ls fixed (in a big way) ncftp's get -R should now work perfectly. - Security patch fixes potential CWD/MKD stack smash exploit. - CF_MERGEDOWN fixed, no longer dupes merged directives. - mod_readme.c module added to contrib directory. - mod_pam.c module added to contrib directory. - RFC959 APPE command now works. - Rehashing (-HUP) now properly discards old LogFormat logs, and recreates from the conf file. (Debian bug #28641) - Retrying a transfer after a failed data connection no longer results in "Internal error: non-PASV mode, yet data connection already exists" - PASV/PORT data-connection selections are now strictly RFC, i.e either one can override a previous PASV/PORT as long as the data connection has not yet actually been established. - Arguments inside "%{}" logformat macros should now work as documented (i.e "%{%Y%m%d}t") - Fixed memory leak in mod_ls.c, should no longer eat large amounts of memory when performing a recursive ls (-R). October 17, 1998 - Version 1.2.0pre1 - Another dirtree recursion bug fixed, similar to that in 1.1.7pl3. - Most auth related logging now includes destination IP and port. - Default syslog facilities are now correct - PR#53 (jan.menzel@gmx.de) - install -d (directory) no longer used, because of broken BSD-install. - Configuration script cleanup, everything is now cached properly. - Configure script now detects LOG_FTP and LOG_CRON, and allows their use via the SyslogFacility directive, if appropriate on the target platform. October 10, 1998 - Version 1.1.7pl3 - Recursive dirtree walking code fixup, a gcc bug was being trigger in just the right circumstances. Multiple UserAlias should now work properly with AuthAliasOnly turned on. - GroupOwner now properly uses AuthUserFile/AuthGroupFile. - Bug fix in directory listings, small oddity with listing symlinks to a directory fixed. - Performace tweaking to directory listing, time()/umask() no longer "over-called." - Makefiles have been adjusted to be more admin friendly. Now, by default, _everything_ is installed in the prefix directory (as specified by --prefix when running configure). The config file is now: /usr/local/etc/proftpd.conf by default, and scoreboard is /usr/local/var/proftpd/. This will require some changes for package maintainers. To help with this, proftpd configure is now completely GNU autoconf compliant. To build on a target system outside of a single prefix directory, you would do something like: ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run This will install: o Admin and daemon binaries in /usr/sbin o Normal user binaries in /usr/bin o Configuration file in /etc o Manual pages in /usr/man Additionally, the scoreboard directory will be: o /var/run/proftpd (The additional directory is automatically added and created at install) - New header file, include/default_paths.h, path macros removed from top-level config.h October 6, 1998 - Version 1.1.7pl2 - Pulled version macro out of include/conf.h and placed in it's own file, include/version.h - PathAllowFilter/PathDenyFilter now apply to ALL write operations, not just STOR (as well as RETR). - More than a single HideUser/HideGroup can now be used in a given context. All such directives will be applied, so that all specified user/groups are hidden. - AIX `tr' portability fix - PR#51 (flo@quit.mediaways.net) - all man pages updated - ftpcount/ftpwho now take an additional argument, --path (or -p) which is the fullpath to the scoreboard files (as specified by the ScoreboardPath directive). ftpcount/ftpwho is now more "intelligent" regarding the path not existing, warning the user. - setpgid() is now used in preference to setpgrp(), if available on target platform. - No more segfaults if incorrect /etc/passwd or /etc/group permissions. - ExtendedLog w/out a command-class argument no longer causes a segfault. - ExtendedLog inside Anonymous will now override outer ExtendedLog directives _with the same filename_. i.e. ExtendedLog /var/log/virt.log ALL ExtendedLog /var/log/virt.log NONE # No extended logging for this anonymous context AND # /var/log/virt.log - %F cookies in DisplayLogin/DisplayFirstChdir should now properly display kb on _very_ large filesystems. September 23, 1998 - Version 1.1.7pl1 - E-mail passwords no longer hidden by mod_log, while true passwords in an anonymous context ARE hidden in ps and ftpwho listings. - Added -l command line option, displays a list of all compiled-in modules (ala apache). - Updated much documentation. - Symlinked contrib'd modules from the modules/ directory. Copying a 3rd party or non-standard module into modules/ is therefore no longer necessary. Just ./configure --with-modules=mod_1:mod_2:...:mod_n Actually, cvs doesn't allow symlinks, however they are created when you run ./configure, so the above _will_ work. - New contrib module, mod_linuxprivs, uses the new POSIX standard capabilities found in Linux 2.1 kernels to provide "fine-grain" access control over the entire daemon after authentication. Essentially allows proftpd to run as non-root, and be _much_ more secure. See README.linux-privs - Added additional shell code in configure which permits add'l modules (--with-module) to specify extra libraries that are needed and extra directories that the top-level make should chdir to and run make in. The syntax (should be near the top of the module) is: $Libraries: -L[extra-lib-paths] -l[extra-lib]$ $Directories: [whitespace delimited list of extra directories]$ The contents of "Libraries" is passed VERBATIM to the linker. See contrib/mod_linuxprivs.c for examples of this. - MaxClients/MaxClientsPerHost should now properly virtualize per - MaxClients works again in blocks. - TransferLog, UtmpLog and ExtendedLog can now be used inside , and blocks. September 16, 1998 - Version 1.1.7 - New directive `AllowForeignAddress'. Defaults to off. When turned on, allows a client PORT command to specify an address _other_ than the client's own; thus allowing FXP, etc to work (server-to-server transfer). When off, the typical (address mismatch) is logged if a client attempts this. Even when turned on, low-numbered ports are not accepted. - Mapping user/groups specified in configurations is now defered until after client-connect. This allows you to use user or group names that are specified in an AuthUserFile/AuthGroupFile database inside proftpd's configuration. - should now work w/ (broken) FreeBSD. Also, symlinks in should work properly w/ . - Uploading a file into a symlinked directory no longer overrides security (the fully resolved symlink path is used). - The HANDLED, DECLINED and ERROR/ERROR_* macros now take an add'l leading argument, the cmd_rec* structure used by the module handler; instead of assuming the variable is always named "cmd". - Two new directives, AllowUser and DenyUser, work exactly like AllowGroup/DenyGroup, except a "user-expression" is used instead of a group-expression. The expression has the same syntax. I know proftpd is in code freeze, but someone brought it to my attention that this represents more of a "bug" than a lack of feature. - AllowGroup now works in blocks. - MaxClientsPerHost fixed. PR#46 (vlad@elis.tusur.ru) - New command line option, --persistent (or -p) [0|1]. 0 = Disable _default_ PersistentPasswd support. 1 = Enable _default_ PersistentPasswd support. Note that the option ONLY changes the default, it can still be explicitly set via the "PersistentPasswd" directive. September 12, 1998 - Version 1.1.7pre1 - **CODE FREEZE** - %L in DisplayLogin/DisplayFirstChdir now displays FQDN, likewise %E (by default) is `root@fqdn'. - TransferLog NONE Disables all transfer logging (xferlog) WtmpLog NONE Disables wtmp logging SystemLog NONE Disables all syslog logging - Potential segv during subsequent transfer operations after a RNTO fails fixed. PR#45 (jay@cimedia.com) - Added contrib/mod_ratio.c and contrib/README - Native CC ports for IRIX 6.3, DEC OSF/1 and AIX 3.2 - New directive 'UseReverseDNS', takes one boolean argument (on|off|true|false). Controls whether or not reverse DNS lookups are performed on *data connections* (reverse lookups are ALWAYS performed on control connections). The default is `on'. With reverse lookups disabled, the remote host name of a data connection if always set to the ascii equiv. of the dotted quad IP address. September 8, 1998 - Version 1.1.6pl2 - Added contrib/ directory for contributed _unsupported_ utils/etc. Currently contains a third-party rewrite of the perl script `xferstats'. - Added xferlog.5 manpage. - Some tweaking to tcp and ip options, attempting to increase localhost performance on Linux 2.1.* kernels. Now should get about 2MB/s on 2.1.* and > 5MB/s on 2.0.*. Not sure why 2.0.* is faster, still looking at this. Supposedly setting a large MTU in 2.1.* kernels can help greatly. - HideGroup now works if the file/directory is owned by the current user. - Symlinks should now be displayed properly (again?!) - The SIZE command now always returns files sizes as though IMAGE mode (binary) was the current transfer mode. Calculating the transfer size on extremely large files in ascii mode can take a long time, and represents a potential DoS attack. - Two new directives: PathAllowFilter and PathDenyFilter. Both take a single regular expression argument which respectively allow and disallow stored files depending on the regular expression match. Example: PathDenyFilter "(\.ftpaccess)|(\.htaccess)$" Note that these directives currently require libc posix regex support (regcomp()/regexec(), etc). If not detected during configuration/compilation, you'll received a message indicating that the directives cannot be used, should you try to use them. A built-in regex library will hopefully be provided in the future. - The -HUP signal (rehash) no longer loses all bindings (causing proftpd to not respond on any configured ports). PR#40 (mreimer@vpop.net) - BSDI 3.1 port tested. uid->user mapping should now work inside chroot, as well as authentication working properly. PR#39 (vermont@gate.net) - sign problem fixed with PORT and PASV commands (affected Solaris) - *really* long filenames will no longer cause an FPE in mod_ls August 13, 1998 - Version 1.1.6pl1 - New directive context, . Most other directives can be used inside a context (with the exception of a few where it makes no sense to do this). Each tree is specially parsed and "merged" into BOTH the main host and all virtual hosts. This has the desirable affect of allowing the creation of a "global" configuration which is applied everywhere. Multiple blocks can be used; they will all be merged together after the configuration file is parsed. - New core module, modules/mod_log.c, implements the following new directives and features: * SystemLog Redirects all "normal" syslog logging to the given filename. * LogFormat "" Create a custom logging format to be identified by . The format string can contain one or more of the following meta characters: %b - bytes sent for request %f - filename stored or retrieved %{FOOBAR}e - contents of environment variable FOOBAR %h - remote host name %a - remote ip address %l - remote logname (from ident) %p - port of server serving request %v - servername of server serving request %P - process id of server serving request %r - full command received from client %t - Time %{format}t - formatted time (strftime(3) format) %T - Time taken to transmit/receive file, in seconds %s - Numeric response code (status) %u - Local userid Default format is: "%h %l %u %t \"%r\" %s %b" * ExtendedLog []] Creates an "extended" log. is a comma delimited (no whitespace!) list of which commands to log (by class). If no classes are specified, ALL commands are logged. Valid classes are: none - No commands auth - Authentication commands (USER, PASS) info - Informational commands (PWD, SYST, etc) dirs - Directory commands (LIST, CWD, MKD, etc) read - File reading (RETR) write - File/directory writing or creation (STOR, MKD) misc - Miscellaneous commands (SITE, etc) all - Log ALL commands must be a predefined log format created with LogFormat. If no format-nickname is specified, the default ("%h %l %u %t \"%r\" %s %b") format is used. ExtendedLog directives can be placed in the main server config, or in a or context, allowing you to have completely separate logfiles for different virtual hosts. - New directive MaxInstances, used to control the maximum number of child processes allowed in standalone mode (and thus counter a DoS attack). Default is 'none' (unlimited child processes). - New directive MaxClientsPerHost, PR #38 (vlad@elis.tusur.ru), restricts the maximum number of connections allowed from a given host/userid pair. Useful inside blocks. - No longer susceptible to "FTP bounce" attack (PORT command with low- numbered port) Aug 9, 1998 - Version 1.1.6 - "./" and "../" are NOT listed in directory listings again. This feature has been previously added per user request, but it is NOT standard and screws with mirroring software in a big way. Using the LsDefaultOptions directive with a '-a' argument will cause ALL .dotfiles to be displayed, including "./" and "../". - New directive 'TimeoutStalled', used to control the maximum number of seconds a data connection can be open w/ no actual data being tranferred. Default is 'TimeoutStalled none' (no timeout). - inet_aton() check put back in configure script. inet_addr is now only used if no inet_aton() available on target platform. - Verified OpenBSD 2.3 port works, one small fix for shadowed password handling. - Added "true" vsnprintf()/snprintf() for OSF and other platforms that need it. Aug 4, 1998 - Version 1.1.6pre4 - New directive 'ScoreboardPath', sets path for scoreboard file(s). Default is: /var/run - ftpwho now takes -v argument, showing current working directory and full host name for each connection. - scoreboard file (/var/run/proftpd-*) now contains much more information, as well as a header with magic number + version to aid in later file format changes. - build/make fixes July 31, 1998 - Version 1.1.6pre2 - __vsnprintf will now be used on Solaris systems. - ident requests now timeout after 10 seconds, to avoid the ident firewall (or NAT) problem. default timeout can be changed in include/options.h - Can now be built outside of source tree (supposedly). Now uses autoheader to generate config.h.in. (PR#36 - objectx@polyphony.scei.co.jp) July 30, 1998 - Version 1.1.6pre1 (cvs only) - After authentication, clients can no longer use USER or PASS commands (PR#37 - vlad@elis.easur.edu.ru). - New directive 'Bind' (syntax: Bind
), permits binding of additional IP addresses to a VirtualHost (or main configuration). Bind may be used multiple times in a given context. - AuthUserFile w/ same uid now should work correct for DefaultRoot purposes. Keep in mind that there will _definitely_ be some oddities if you use duplicate uids/gids in your AuthUserFile/AuthGroupFiles. - Symbolic links now properly "point" to their target (rather than to a bogus permission string) - ftpwho now shows the % of transfer complete for sessions actively in RETR mode. **WARNING**, because the scoreboard file format has now changed, make absolutely sure you do a complete 'make install' in order to update ftpwho/ftpcount when installing 1.1.6*. - ./ and ../ are now ALWAYS displayed in file listings. - New directive 'LsDefaultOptions', allows ftp admin to specify "default" options that will apply to all LIST/NLST/STAT commands (such as -a to display .dotfiles) - New SyslogFacility directive, used to configure the syslog facility that proftpd uses for all logging. When this directive is used, ALL logging is done at the given facility, rather than being broken up into AUTH/DAEMON. - DirFakeMode, similar to DirFakeUser/DirFakeGroup, allows a "fake" octal mode to be configured, which all files/directories in the given context will be listed with. Does not affect real permissions in any way. July 21, 1998 - Version 1.1.5pl4 - mget should now work correctly (bug fix in fs_dircat) - configure problem with Linux libc5 system fixed - Bug fixes for match_ip (PR#35 -- eff@icomm.ru) - AuthGroupFile now works correctly again. - Fix (hopefully) for solaris compilation (libresolv) July 19, 1998 - Version 1.1.5pl3 - dec unix portability fixes (fnmatch & glob) July 18, 1998 - Version 1.1.5pl2 - now compiles under AIX 4.2.1. Note: still quite a few compiler warnings, but then again, the AIX header files are definitely hinky. gcc only. - portability/compiler warning cleanup under irix 6.4. gcc only. - mod_auth.c now uses setgroups() instead of initgroups() so that AuthGroupFile will work correctly for setting up group membership - "trapped" inside welcome.msg (or DisplayLogin directive file) should no longer occur if file does not exist. - cd ~ will no longer dump core - IRIX 6.2 portability fixes (thanks to jg@meer.net) - modules/glue.sh should now be portable (heh) - Deny/Allow directives now allow CIDR syntax (xxx.xxx.xxx.xxx/xx). - .ftpaccess (dynamic configuration) is now only read ONCE per directory (unless it's mtime changes). Should improve speed greatly. July 14, 1998 - Version 1.1.5pl1 - GNUism fix in 1.1.5 accidentally removed the INSTALL variable, so make install will not work in 1.1.5. July 14, 1998 - Version 1.1.5 - Removed GNUisms from Make.* files - Minor portability fixes. July 10, 1998 - Version 1.1.5pre3 (cvs only) - ShowSymlinks Off directory virtualization should now work better (had problems with cdup, etc) - Portability fixes for Solaris 2.5.1 - Minor proof reading of doc/API, with some additions. - Minor code cleanup and obvious fixes to header and module source. - If ShowSymlinks off is set, broken symbolic links are now completely hidden in directory listings. - cwd should now work properly, instead of responding "No such file or directory" in some cases. - HideUser/HideGroup work again (broken with conversion to vfs) - Minor fixes in modules, now includes specific priority so cascading handlers will work properly. - add_response()/add_response_err() should now work properly across module handler calls. The response list is sent to the client once all handlers have run. - src/data.c now properly uses add_response()/add_response_err() - mod_ls.c should now handle aborted data connections properly using add_response_err() - src/fs.c fixed so that new files are opened mode 0666 (which will of course be appropriately modified by the current umask) July 9, 1998 - Version 1.1.5pre2 (cvs only) - Patch to GNU glob() so that it no longer tries to closedir() on a NULL stream. - In order to make glob() work with the virtual fs, it's pretty much necessary to have GNU glob(). Added additional tests in configure so that the provided GNU glob() will be compiled in if any important "GNUisms" of the target platform are missing. - First attempt at virtual file system modularity. new core file src/fs.c, all file operations are now piped through here. Added a new test module, mod_tar.c, however do NOT be tempted to use it yet, it won't work properly. Still more work to be done (hash tables, etc) in src/fs.c, before it's really functional. - Optimized src/dirtree.c quite a bit, in order to get the number of stat()/lstat()s down. Still lots of work to be done in this area. - Added add_response() and add_response_err() core functions so that it is now easier for modules to add a response to the list send to clients once all handlers have been called. - ShowSymlinks now defaults to 'On' in ALL cases (both anonymous and otherwise). This seems to make more sense. - include/privs.h modified to be more portable. Now uses seteuid() if possible, otherwise setreuid(). posix saved uids are no longer "manipulated", as this can be non-portable (some bsds for example). - Added fgetpwent()/fgetgrent() to libsupp for systems which do not provide it in libc. configure now checks for these functions. - Added conditional code for FreeBSD2.* and 3.*, so sockets are created as root (and thus the SO_REUSEADDR problem doesn't occur). June 27, 1998 - Version 1.1.5pre1 (cvs only) - Complete redesign of modules API. New file "doc/API" documents the version 2.0 API. The redesign _significantly_ enhances module capabilities, including "cascading" command handlers, authentication handlers, and more. This will allow third-party modules to significantly enhance & change proftpd's behaviour. Of important note are: * New module modules/mod_unixpw.c, which implements the new 2.0 authentication module API in regard to unix password (nis, /etc/passwd, etc) lookups and authentication. * New core functions in src/auth.c. All authentication/user/group/ password operations are now handled by the auth_* functions, which provide the "glue" to the modular authentication system. * New directive 'PersistentPasswd', allows the "persistent" password feature to be enabled/disabled at runtime. The default is platform dependant (on whether or not configure determines that this is needed). If you are running NIS, you will VERY likely want to shut this off. * AuthUserFile and AuthGroupFiles now turn on persistence for passwd/ group file lookups, and will now base authentication (as well as directory listings) on the indicated file(s). * A sample module has been included (modules/mod_sample.c). This is a real working module that can be included in proftpd with the "--with-modules=mod_sample" (see below) argument to configure. The module doesn't do anything terribly useful, but it's extensively documented (well, sort of :}). * Additional modules may now be installed/configured at configure time. The core modules (mod_core, mod_auth, mod_xfer, mod_site, mod_ls and mod_unixpw) must ALWAYS be compiled in, however add'l modules can be added using the '--with-modules=[module_list]' argument to configure. [module_list] is a colon seperated list of add'l modules *w/out* .o or .c extensions. Example: ./configure --with-modules=mod_sample:mod_mymod - When binding to port 20, proftpd will now retry the bind up to 10 times if it fails with "Address in use". June 26, 1998 - Version 1.1.4 - RootLogin should now work as advertised. - A few configure script fixes, now tests for libresolv & libbind. - DirHideUID and DirHideGID directives have been renamed to DirFakeUser & DirFakeGroup, respectively. These seem to make more sense, as "Hide" in proftpd is used elsewhere to mean files & directories actually _invisible_ to the user. - Updated Free Software Foundation address. - PR#29: MaxClient anonymous fix June 14, 1998 - Version 1.1.4pre1 - Ooops.. new i/o code didn't properly detect EOF. Fixed. - A few fixes from Andrew Tridgell (I think we're almost ready to go to tarball, once the timeout problems are resolved) - Timer problems w/ new i/o code should _hopefully_ now work. Please let me know immediately if there are any timeout related problems. - STAT command is now back in (and moved to mod_ls). June 13, 1998 - Version 1.1.3 (cvs only) - CHANGES has been renamed to changelog - The I/O system has been *completely* rewritten. This was done for three reasons: simplicity, to pave the way for easier module linkage (i.e. mod_pam, etc), and because the old way just wasn't Right. :P The new system is non-asyncronous (unlike the old), meaning that proftpd processes now block while transfering data. As a primary result of this, recursive directory listings (ls -R) will now work exactly as expected (no more ncftp timeouts). Much code has been removed from modules/mod_xfer, and a new core object file has been added: data.c, who's purpose is to handle everything necessary for data connections. Of course, src/io.c has changed vastly because of this. - Numerous fixes to mod_ls.c, so that aborted directory listings are now handled properly, and some optimization. - Fix in dirtree.c, now sure how this was even working, but a bad pointer cast resulted in directives inside a block not being iterated through properly. - PATH_MAX fixed in mod_ls - GLOB_PERIOD is now tested for in configure, if it's not found gnu glob*() is compiled in, regardless of glob() availability on the target system. - PR#27 (gustav@pvv.ntnu.no) applied, with some modifications. This moves some of the config macros used by modules to dirtree.h (where they really belong), as well as configuration support routines to dirtree.c. Also adds two additional directives [Note: I altered their names slightly to make them a bit more recognizable, also extended their usage], which are as yet undocumented: DirHideUID On|Off [] - Causes all directory listings to be displayed as though they are owned by . If is not specified, the username "ftp" is used instead. DirHideGID On|Off [] - As above, however this affects the group of files and dirs listed instead of the owner. Both directives can be used in main config, and blocks. - New RootLogin directive (by popular request ). This directive takes one boolean argument and allows root login when enabled. Need I even say "Be Careful"? root logins are still logged, however. - New IdentLookups directive. Undocumented, controls whether or not the RFC1413 protocol is used upon user connect to "attempt" to determine the remote username (which is used in certain messages). Default is that ident lookups are on. Syntax: IdentLookups off June 1, 1998 - Version 1.1.3pre2 [not released] - A few ansi C fixups, should aid w/ portability. Thanks to Andrew Tridgell for PR#23. - syntax now allows for "~/dir" or simply "~". When such a directory is used, resolution of the actual path is "defered" until a user authenticates, at which time ~ is replaced with the user's full home directory (just as DefaultRoot does). May 26, 1998 - Version 1.1.3pre1 - TransferLog _should_ now be configurable in either main config, or contexts. PR#19 - Patch from 1.0.x: PR#18 - No code changes, but one undocumented feature of DefaultRoot is that the syntax "DefaultRoot ~/directory" will cause all matching users to be jailed into $HOME/directory. - Massive code changes in mod_auth, all for the support of the new AnonymousGroup directive (undocumented, at this time). Syntax: AnonymousGroup All users matching are assumed to be anonymous logins (i.e. require no password). Be careful with this one. :) Useful for a "all anonymous" virtualhost, such as. DefaultRoot ~/ftp AnonymousGroup users Thus, all users in group `users' now have their own private anonymous ftp site (assuming they have an `ftp' directory). Site wide access control for home directories will come next. May 25, 1998 - Version 1.1.2 - Various small patches from production source tree (PR#16 & PR#17) - Port 0 now disables socket binding on a particular host or virtualhost (see development.notes for technical info) - A few misc. changes to mod_ls. May 24, 1998 - Version 1.1.2pre2 - anonymous Directory/User patch from 1.0.3. - Finally broke down and fixed the "port 20" problem. Note that there was NO GOOD WAY TO FIX THIS, so I settled for the lesser of all evils. Not sure if it will stay this way forever, but proftpd now behaves like legacy ftp servers and uses either posix.1 saved-uids or bsdish uid swapping when a user authenticates, which essentially means that it can "restore" root privs if needed (such as to bind to a low numbered port). This is a _major_ change in design, policy-wise at least (code changes are minimal). Strongly suggest those running 1.1.x take a look at the code to make sure there are no gaping holes. - because of the above change, proftpd now blocks nearly all signals when switching to root and performing privileged operations. Such operations have also been altered so that they should never block (and thus signals are unblocked immediately). May 21, 1998 - Version 1.1.1 - Fixed mod_ls to handle ShowSymlinks directive properly - Added glob.c/glob.h from gnu libc6 to libsupport, and appropriate detection to configure script. glob() will now be available on non posix.2 systems. - Added DenyGroup and AllowGroup directives (see html docs) May 20, 1998 - ** Version 1.1.1pre1 branched off from 1.0.3pre1 - mod_ls now in place, list and nlst commands now fully support -R (recursion) and the like. Created new cvs repository (/var/proftpd-dev) for development version. Please bang on this to see if it breaks. - dropped old "auth deamon" support from 1.1.0pre-alpha. It was the right direction, but not the "right way". May 20, 1998 - Version 1.0.3pre1 (cvs only) - RFC patch (Entering Passive Mode) - SIGSEGV when unable to connect to client data port. May 19, 1998 - Version 1.0.2 - uid/gid swapping is now used on systems that don't support posix.1 saved ids. If your libc's headers defined _POSIX_SAVED_IDS, the saved id mechanism will be used. - Outbound data connections now bound to the appropriate virtual host address rather than the main system address (firewall related) - Some additional #ifdefs inserted for solaris2.x. - Various RFC959 patches... - Multiline replies are now fully RFC compliant. - DELE and RMD now return 250 instead of 200. - MKD now returns 257 "full/path/to/new/dir" - directory successfully created. - PWD and MKD now properly quote the " character. May 18, 1998 - Version 1.0.1 - Added scripting in configure.in to check for various C compiler flags "desired", some of which are gnuisms (such as -Wall). Non-gcc compilers should no longer choke on such. - Added Solaris2.6.README, regarding oddities with solaris' xti. - Incorporate patch from Kelemen Peter : - Solaris 2.6 typedefs in_addr_t in /usr/include/netinet/in.h, ugg. - Incorporate patch from Simon Wilkinson : - Problem with NAMLEN macro, introduces possibility of proftpd underallocating and segfaulting. [Ed: it's good to get rid of this one, thanks Simon!] - Incorporate patch from Stephen R. van den Berg : - Two bugfixes with respect to the HideNoAccess flag. - Fix a bug with respect to the default hostname taking over a specific virtual host by accident. - Allow for passwd and group file specification. This allows one to completely virtualise a virtual host with a separate user/group list. [Ed: This also most _DEFINITELY_ requires NEED_PERSISTANT_PASSWD] ???????? ??, 1998 - Version 1.0.1 - SITE CHMOD now works properly with octal modes that don't have a '0' prepended (patch originally released as 'proftpd-1.0.0-chmod.patch'. - proftpd-1.0.0-localtime.patch applied. Directory listings return localtime rather than gmtime. Note that the mdtm localtime patch has NOT been applied, and will not (it's just plain "wrong"). :) It can be found at ftp://ftp.proftpd.org/patches December 29, 1997 - Version 1.0.0 - MDTM no longer reports certain files as non-existant. - NOOP command now correctly implemented. - Minor cleanups/porting aids. - Several potential stack overrun bugs fixed. - Numerous fixes that could affect blocks depending on your usage of symlinks. All checking is now done on *absolute* directories, after symlinks have been recursed. Status: Complete November 18, 1997 - Version 0.99.0pl11 - Fixed bug which could cause proftpd to catch SIGSEGV if a 'UserAlias' directive was the last non-BLOCK directive in a particular context. - fsync() is no longer called in src/log.c, typo fixed in src/support.c - setsid() is now used instead of ioctl() in src/main.c, should be more portable. - Numerous fixes in directive tree management, as well as some optimization. If it weren't for this change, pl11 would be 1.0.0, but I'm not totally convinced that something didn't slip through in all the changes. Please let me know if proftpd behaves oddly in relation to configuration, or if directives don't behave in a documented fashion. November 11, 1997 - Version 0.99.0pl10 - MD5 hashed password authentication will now work if your libc supports transparent use of md5_crypt() from the crypt() function. Only libc6 is guaranteed to do this, some libc5s do (under Linux). MD5 support has NOT been natively added, your libc MUST provide it. - Fixed bug involving certain directives not being found if at least one context didn't exist for a server/anon configuration. Notably, AllowOverwrite will now work if placed in a context without being inside of a specific block. - Fixed memory hole/bug in inet_copy_connection(), which may have been responsible for data loss/corruption/odd behavior. - Added "magic cookie" replacement strings for DisplayLogin & DisplayFirstChdir files. These are as follows: %T Current Time %F Available space on file system %C Current working directory %R Remote host name %L Local host name %u Remote username as reported by the ident protocol %U Local username used at login %M Maximum number of connections in this context %N Current number of connections in this context %E Server admin's email address (as specifed by the ServerAdmin directive) - Added ServerAdmin directive to specify an e-mail address for the ftp administrator. Defaults to 'root@hostname' if not specified. - Added support for ident protocol lookups, used for "magic cookies" in DisplayLogin/DisplayFirstChdir. October 29, 1997 - Version 0.99.0pl9 - Added man pages for ftpwho(1) and ftpcount(1). - Added X* versions of all the three letter commands. Some FTP clients (Win95's default, for example) use these instead of the three letter (RFC) versions. - Passwords can now contain spaces. - Added the SIZE command (not sure how it got left out), so that FTP clients which rely upon it to estimate transfer time (ie. ncftp) now work properly. - Cosmetic fix. Anon FTP connections now display "send e-mail address as password" rather than the "password required" message. - IPs that do not map to names are now displayed properly when no configuration is defined for the address (no VirtualHost). - Added an ftpshut utility (plus man pages) for admins. Installed in /usr/sbin by default. October 12, 1997 - Version 0.99.0pl8 - ** CODE FREEZE ** No new features will be added to this development tree. pl8 will be released shortly for testing. If all goes well for this (or future pls if needed), this will become 1.0.0. Then, a new tree will be started for 1.1.x, for all the new and lusted after featurage. =P - Added a simple man page, which is installed (by default) as /usr/man/man8/proftpd.8. - Added the non-RFC (but defacto standard) MDTM command, used by some clients to determine the modification time of a file (debian's dpkg, for example). - Bug fix in the PORT command, didn't allow arguments greater than 254 to be passed, which means that any two-byte port which consists of '255' caused "Illegal PORT command." - If a dotted quad IP is used in a block, proftpd refuses to allow connections (FQDN must be used). Fixed -- Numeric IPs will now work correctly. - Bug which caused proftpd to crash when transfering large amounts of ASCII mode data (notably, gigantic directory listings) fixed. - Added --enable-shadow and --enable-autoshadow arguments to the configure script. These are for use by binary distributors, to force certain code options to be compiled in. For more information, see the TODO file. September 23, 1997 - Version 0.99.0pl7 - Added 'DefaultRoot' directive which allows all users or certain groups to be chroot() jailed at login (into either their home directory, or a specified directory). See the directive reference documentation (http://www.proftpd.org/reference.html) for more info. - Fixed nasty bug in I/O, where a "infinite loop" was possible if a client dropped the control connection at just the right moment. This bug fix is the main impetus behind releasing 0.99.0pl7 ASAP. Hopefully all such "stuck loop" problems are fixed now. - Directory interpolation (i.e. ~username) is now done during normal run time, instead of at config file parse time. This will prevent problems with user's home directories changing and proftpd needing to be restarted. Note: This still needs some rework in the next version. - Fixed bug in code dealing with symlinks. Symlinks will no longer cause proftpd to "hang" in a loop eating all CPU. Note: Maximum symbolic link depth is 32. - Complete refit of utmp/wtmp code. Utilities such as 'last' should now work correctly -- no more missing host field, odd tty names and permanent ("still logged on") logins. - Clients which estimate download transfer time will now work correctly. - autoconf/configure should now produce configure/header files that will allow ProFTPD to compile _relatively_ cleanly under Irix 5.3, BSDI 2.1 and Solaris 2.5. Solaris does report some non-harmful warnings due to broken sun header files. July 8, 1997 - Version 0.99.0pl6 - Numerous code cleanups so compilation *should* look clean with -Wall. - Added 'DefaultServer' directive to allow configuration of a particular server (virtual or root) which handles all incoming "unknown" destination addresses. See documentation for more info. - Fixed a *massive* parsing bug which caused any operations on filenames or directories with whitespace in them to fail. - Fixed bug which caused SIGSEGV when trying to login to anonymous server with unknown username. - Added more code for portability, namely fnmatch() and strsep(). Irix 5.3 and BSDI ports close but not done, Irix is *almost* there. (thanks go to Chris Brown for all his efforts) - Debug level 4 now logs all commands to syslog (instead of level 2). PASS commands are intentionally hidden. June 26, 1997 - Version 0.99.0pl6-private - Added a support library which will include all code that might be missing from a particular platform's libc. Currently includes getopt() and getopt_long(). This is to aid portability issues. - Added 'SocketBindTight' directive to configure how listening sockets are bound when proftpd is in standalone mode. See reference.html for more info. - Fixed problem with CWD/PWD and symlinks. Navigating through symbolic links to directories should now work properly. - Added 'ShowSymlinks' directive to control how links are displayed in directory listings. See reference.html for more info. - Allow/Deny/Order directives inside contexts now work fully and properly. - A couple GNU autoconf tweaks to aid in porting efforts. June 10, 1997 - Version 0.99.0pl5 - Major fixes to ftpcount/ftpwho and proftpd's run-time logging. ftpcount/ftpwho *should* now accurate report all user's currently logged in and proftpd will no longer duplicate entries. - ASCII xfer from client to server caused occasional corruption. Fixed. - Timeouts not working in certain cases due to a race condition. Fixed. - ws_ftp95 (some version) had a problem w/ proftpd due to both sides of a data connection not being closed. Fixed. - Multiple anonymous logins not working properly due to a slight recursion bug. Fixed. - Idented sample configuration files for easier readability. - Added AccessGrantMsg, UserPassword and GroupPassword directives. See documentation for usage. June 4, 1997 - Version 0.99.0pl4 - PASV mode transfers fixed. Netscape and possibly other web browsers use PASV mode. - Top level configuration directives checked as part of normal FTP command authorization weren't working unless a context existed which matched (at some level) the command. Example of broken configuration which is now fixed: Port 21 ... AllowOverwrite on ... # No exists, so AllowOverwrite would not apply - wasn't being used at all, however worked. Fixed. - /var/log/xferlog "wu-ftpd" style logging wasn't recording full pathnames of files transfered. - Various problems with restarted transfers (via REST) either not restarting or causing later transfers to not function. Fixed. - caused "Bad file number". Fixed. - Added 'make install' to install proftpd, ftpcount and ftpwho (simply a symlink to ftpcount). ********************************************************************** June 1, 1997 - Version 0.99.0pl3 - First publically available beta. Submitted into Debian 2.0 linux distribution w/ some intermediate fixes that will end up in 0.99.0pl4