Return-Path: owner-wu-ftpd@wugate.wustl.edu Message-Id: <19990906160239.A1902@vr.net> Date: Mon, 6 Sep 1999 16:02:39 -0400 Reply-To: Gregory A Lundberg Sender: owner-wu-ftpd@wugate.wustl.edu From: Gregory A Lundberg To: WU-FTPD Discussion List Subject: [bero@mandrakesoft.com: wu-ftpd 2.6.0pre1 available for testing] Mime-Version: 1.0 Content-Type: multipart/signed; boundary=6TrnltStXW4iwmi0; micalg=pgp-md5; protocol="application/pgp-signature" X-Mailer: Mutt 0.95.6i X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN --6TrnltStXW4iwmi0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable ----- Forwarded message from Bernhard Rosenkraenzer = ----- Date: Tue, 7 Sep 1999 00:01:47 +0200 (CEST) From: Bernhard Rosenkraenzer To: wuftpd-questions@wu-ftpd.org, wu-ftpd@wugate.wustl.edu Subject: wu-ftpd 2.6.0pre1 available for testing wu-ftpd 2.6.0pre1 is available for testing on ftp://ftp.wu-ftpd.org/private/prerelease/ Unless any major bugs turn up, 2.6.0 will be released in two weeks. Changes in 2.6.0: (not yet released) o Added the email-on-upload feature from BeroFTPD. See the ftpaccess man page for detauls on these added ftpaccess clauses: mailserver incmail mailfrom virtual
incmail virtual
mailfrom defaultserver incmail defaultserver mailfrom o Redhat added the -I option to disable RFC931 (AUTH/ident). Added to the baseline so Redhat users don't see a loss of a feature. Setting the timeout for rfc931 to zero will do the same thing in the ftpaccess file. o The test for whether restricted-uid/restricted-gid applied should have been done before the chroot so it used the system /etc/passwd and /etc/group files. o CDUP when you were already at the home directory, would complain about you being restricted (if you were). Instead it should give a positive reply, and do nothing. This makes it behave more like CDUP when you're not restricted to your home directory. o deny-uid and deny-gid were being tested for anonymous users. Bad move, it's too easy to forget to allow them. Use 'defaultserver private' to keep anonymous users away. o Correct the operation of the NLST command. Finally. mget should now work as users expect it to. o Prevent buffer overruns when processing message files. o Correct a reference through a NULL pointer when doing S/Key authentication and the user is not in the passwd file. o Check the return code from select() when setting up a data connection. Under some rare conditions it is possible that the select was called for an fd_set which has no members, hanging the daemon. o Ensure a pattern of "*" matches everything. The new path_compare (used on upload and throughput clauses in the ftpaccess file) sets the option FNM_PATHNAME, so: * matches everything /* matches /dogs but not /dogs/toto or /dogs/toto/photos /*/* matches /dogs/toto and /dogs/toto/photos but not /dogs Use FNM_LEADING_DIR when comparing to the current working directory. This effects upload and throughput clauses. This was a bugfix making the upload clauses behave as documented in the upload.configuration.HOWTO (and as they should have prior to switching = to the use of wu_fnmatch, but didn't). o setproctitle() support added for UnixWare. o Removed all FIXES files. Merged their contents into this CHANGES file (the one you're reading now). The old doc/FIXES directory has been tar'd and will be placed in the attic when 2.6.0 releases. o Corrected an error in the MAPPING_CHDIR feature which could be used to gain root privileges on the server. o Added -V command-line option to View the copyright and exit. o Added the privatepw command and documentation. o Port for FreeBSD corrected. o Adding the LICENSE file to the baseline. o Added print_copyright function so our copyright is embedded in the executables. o WU-FTPD Development Group copyright headers added. Original Copyright headers moved into the COPYRIGHT file. o RCS Ids from 2.4.x removed and new templates added for wu-ftpd.org usage. o Make sure the signal context is restored when jumping out of signal handlers. This was causing signal 11 on some systems. o Cleaned up the how-to of setting up virtual hosting support. o Corrected header file dependencies. o Changed NLST to nlst, necessary as ftpcmd.c #defines NLST. o Tidied up virtual variables. o Changed so compiles cleanly on SCO OpenServer 5, UnixWare 2 and UnixWare 7. o Anonymous users could get in even though no class was defined for them. o Support for non-ANSI/ISO compilers has been removed. You MUST have and ANSI/ISO C compiler. This has been true for some time, all that has changed is the (incomplete) support for older (K&R) compilers has been removed. o Added Kent Landfield's NEWVIRT scheme for extensive virutal hosting. See the updated documentation on virtual hosting for details. o ftprestart has been added to the base daemon kit. o A buffer overrun in the ftpshut command has been corrected. Since, on most sites, the ftpshut command is only usable by the superuser, this is not considered a security issue. If you have installed ftpshut with suid-root permissions (not the default), then there is the possibility this overrun could be used to leverage root permissions. o Several new ftpaccess clauses have been added. These allow control of the various timeouts used within the daemon. The new clauses are: timeout accept timeout connect timeout data timeout idle timeout maxidle timeout RFC931 o Myriad places where inactivity timeouts were not being properly detected or handled have been corrected. The built-in directory listings, both the original NLST and the build-in LIST (ls), now detect inactivity. The original NLST did not which could lead to hanging daemons. C FILE handles for data connections are now always flushed, then the socket is shutdown cleanly before being closed. As a side effect, the daemon now more often properly detects incomplete transfers. This can lead, though, to the xferlog showing the correct byte count (meaning the daemon read or wrote that many bytes over the data connection), but still log the transfer as incomplete (meaning the socket did not properly shutdown so the client probably missed some data). o The daemon no longer attempts to replace the system's header when compiling. Instead, it uses its own local copy at all times. o The daemon will now wait for the transfer to complete before sending 'Transfer complete' or similar messages. This improves the daemon's reliability for poorly written clients which take recipt of the message as indication the transfer has completed rather than reading until the connection closes. o Guest and anonymous logout was not recorded on Linux. Removed call to updwtmp and returned to old method of updating the lastlog. o Script "vr.sh" is no longer needed. The Development Group will not be releasing patches to upgrade; they can be obtained from CVS if needed. o "realpath_on_steroids" is no longer needed. Removed. o Use a custom version of fnmatch() which changes the rules for matching file and directory names. The most visible result of this is noretrieve and allow-retrieve are now much more flexible. See the ftpaccess manpage for examples. o Use the correct SPT_TYPE for FreeBSD 2.0 or later. o Correct the class=3D logic on the allow-retrieve clause. o Enhanced DNS extensions. This adds three ftpaccess clauses: dns refuse_mismatch [override] dns refuse_no_reverse [override] dns resolveroptions [options] o Corrected a reference in the manpage for ftpconversions to ftpd. o The string 'path-filter' is now used in the system logs to describe problems resulting from failing a path-filter check. The daemon used to just say 'bad filename' which was misleading to some people. o Added instruction on how to support PAM on Solaris. Right now this means hand editing src/config/config.sol and src/makefiles/Makefile.sol. o Checking that all platforms use config.h, src/config/config.isc was found to have forgotten to include the file. o A security deficency on SunOS 4.1, not having a working getcwd() function, has been corrected by using the provided function. Compilation bugs in the portable getcwd() function have been corrected. o The daemon will no longer hang attempting to close the RFC931 socket when the remote end is firewalled and does not respond to traffic for this protocol. This was determined to be inappropriate handling of SIGALRM; handling for this signal has been cleaned up throughout the daemon. o The daemon may now be built using GNU autoconf. This is in the early stages and not all platforms may be supported. The old build system will be maintained for at least the 2.6.0 release; until the major platforms are all known to be supported. o Two new ftpaccess clauses have been added. These allows the site admin to selectively allow PORT and PASV data connections where the remote IP address does not match the remote IP address on the control connection. The new clauses are: port-allow [ ...] pasv-allow [ ...] o The daemon now includes an internal 'ls' command. o Ported to Mac OS/X. 0 Added (limited) support for AFS and DCE user authentication. This is only know to work on AIX, and needs porting to other platforms. For now, this requires hand work to enable. o Added an ftpaccess clause to enable TCP keepalives. This clause is: keepalive o You can now specify the xferlog filename for the default server just as you can for the virtual hosts; in the ftpaccess file. The new clause is: xferlog o ftpaccess manpage cleaned up. Many typos corrected, some techincal changes. Indentation should now be correct. o Apache's .indent.pro to the src and support directories. Ran all *.c and *.h files through it. ftpcmd.y has been indented by hand. The code is now a lot more readable! o A bug in the parsing for the deny !nameserved ftpaccess clause has been corrected. o Technical corrections in the ftpd manpage. ----- End forwarded message ----- --=20 Gregory A Lundberg WU-FTPD Development Group 1441 Elmdale Drive lundberg@wu-ftpd.org Kettering, OH 45409-1615 USA 1-800-809-2195 --6TrnltStXW4iwmi0 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGP 6.5 iQB1AwUBN9QPyQ2nXFkJc83RAQEZWgL/Up0YfI6I24LCA5RRrz/MjkQ2MVuoAAW8 /9Fxni1vhyHmczX4gpOqenxNf1sElVq4vnM3SbQiBSMhkqhaPzagNrgALzROndG1 W4MzdRuY1VR9GZGS1DK+APaqfUczjDxq =9dsz -----END PGP SIGNATURE----- --6TrnltStXW4iwmi0--