-
-
Notifications
You must be signed in to change notification settings - Fork 190
/
Copy pathChangeLog
1913 lines (1796 loc) · 94.2 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
* Version 1.0.52:
- The QUIT command is now accepted during a transfer. Contributed by
Andrew Topp, thanks!
- The server can be built with --with-minimal again. Thanks to
@foxtrotttango
- Fixed an out of bounds read in the MLSD command. Thanks to
@whali3n51
- Larger mmap()ed pages are used on aarch64.
- Improved compatibility with HPUX, thanks to Sam James.
- Improved OpenSSL API compatibility, thanks to Maverick Chiou.
- Improved compatibility with OpenWall Linux, thanks to @jcj83429
- Improved compatibility with Netfilter, thanks to Matěj Vrba
* Version 1.0.51:
- Compatibility with OpenSSL 1.1.0 was improved.
- PostgreSQL: the port number is not escaped any more in connection
strings.
- TLS tickets are issued but not renewed - This fixes compatibility
issues with some clients.
- PureDB: additional checks for corrupted databases have been added,
and synchronization to disk uses F_FULLFSYNC on macOS X.
* Version 1.0.50:
- Support for MD5, SHA1 and MySQL PASSWORD() function were removed for
password hashing. You should now use scrypt, argon2 or the system crypt(3)
function.
- Soft fail if a USER command is received without TLS and the server is
configured to enforce TLS. Previously, the session was immediately closed,
but that was too brutal for some clients.
- Allow connections from the class E network range -- apparently
required in some cases when using Linux containers.
- Large file listings used to require way more stack allocations than
necessary, possibly reaching hard-coded limits and causing a forced
session close. This has been fixed.
- The SPSV command has been removed.
- Under some circumstances, the server would not start when configured
with directory aliases. This has been fixed.
- PostgreSQL: hard-coded global configuration strings were not escaped.
This has been fixed.
- A warning is now printed when a transfer happens in ASCII mode, as
this is rarely intentional.
- Compilation with --without-ascii is now possible again.
- Configuration options for features that have been disabled at
compile-time are not parsed any more.
- When virtual quotas were configured, files were removed after an
upload if the size quota was exceeded, but not during the upload. This
has been fixed.
- A configuration file can now include other files with the `Include`
directive.
* Version 1.0.49:
- This version fixes a regression introduced in version 1.0.48 that broke
the external authentication feature. Reported by Peter Hudec, thanks!
- Sockets from `pure-authd` and `pure-extauth` are now always owned by
`root` in order to cope with the absence of `CAP_DAC_OVERRIDE` on Linux.
Suggested by Arkadiusz Miśkiewicz, thanks!
* Version 1.0.48:
- SNI support has been added. A new service, `pure-certd`, can run
external code written in any language in order to map SNI names to TLS certificates.
- External authentication handlers get a new
`AUTHD_CLIENT_SNI_NAME` environment variable set when the client uses SNI.
- TLS certificates and keys can now be in different files.
- `make install` does not overwrite existing configuration files any
more. The example files layout has changed.
- TLS 1.3 is enabled when using OpenSSL 1.1.x.
- TLS < 1.2 is disabled by default.
- Quirks for obsolete OpenSSL versions have been removed.
- Username _ftp can be used as an alternative to ftp everywhere.
- Password hashing parameters are now chosen according to locally
available resources. The `pure-pw` command gets to new switches: `-C` (as
a hint regarding the number of simultaneous login attempts) and `-M`
(total memory, in MB, to reserve for password hashing).
- New translation: Albanian, thanks to Moisi Xhaferaj.
- The `PRET` command has been added. It can avoid opening useless data
connections for nonexistent content.
- Dot-files are always displayed. We don't lie any more in some
commands while not lying in other commands to respect the protocol.
- Support for RFC 2640 has been removed from the free version, as it
was early, experimental, slow, mostly broken and unmaintained code.
- The `NLST` command doesn't perform globbing any more.
- The `MLSD` command now prepends the path to file names.
* Version 1.0.47:
- Unlike other directory listing commands, the STAT command should
use TLS on the control channel even if TLS has been disabled on the data
channel. It wasn't the case; this has been fixed. Thanks to Carlo
Cannas.
- Return a 451 error code instead of 226 on aborted uploads.
- The system user "_ftp" can be used as an alternative to "ftp" for
anonymous sessions.
- Compatibility with libsodium > 1.0.12 was added (including minimal
mode).
* Version 1.0.46:
- The server can now be linked against OpenSSL 1.1.x with the strict API.
- Unmaintained contributions have been removed.
- Globbing: the number of * in an expression has been limited to 3.
* Version 1.0.45:
- TLS v1.0 sessions are now refused.
- Version 1.0.44 didn't properly parse the TLSCipherSuite directive.
This has been fixed.
* Version 1.0.44:
- The Perl and Python wrappers are gone. The daemon can now use a
configuration file without requiring external dependencies.
- Pure-FTPd can now be linked against OpenSSL 1.1.x
- The QUIT command didn't work properly when the server was compiled
without support for RFC2640. This has been fixed.
- 3DES was removed from the default cipher suite.
* Version 1.0.43:
- Passwords can now be hashed using Argon2.
- The -J switch didn't work any more in 1.0.42. This has been fixed.
- The default cipher suite was simplified.
- Authentication against system accounts is compatible with OpenBSD 6.0.
- Fixed: protocol conformance when TLS sessions are refused.
- Altlog records can now be sent to `stdout`/`stderr`.
* Version 1.0.42:
- Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
compiled with libsodium.
- The connection is now dropped if HTTP commands are received.
- LDAP force_default_gid and force_default_uid now work as documented.
- The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
1.0.22 circa 2009, but disabled back then due to client compatibility
concerns) is now on by default, except in broken clients compatibility mode.
* Version 1.0.41:
- libmariadb is looked for in addition to libmysqlclient
- MySQL: my_make_scrambled_password() is not always an exported
symbol any more, so pure-ftpd now ships a reimplementation.
- openssl/ec.h is not available on some Linux distributions that
disable EC in OpenSSL. This is being tested by autoconf.
- New command-line switch: -2/--certfile= to set the path to the
certificate file when using TLS.
* Version 1.0.40:
- Support for TCP_FASTOPEN added on Linux
- The LDAP configuration file didn't allow a default gid without also
defining a default uid. This is no longer the case.
- OpenBSD's glob() left the glob_t structure uninitialized if the
pattern was larger than PATH_MAX, causing globfree() to free() an
unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.
* Version 1.0.39:
- Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5)
- Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)
* Version 1.0.38:
- The default cipher suite is now ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH
- TLS forward secrecy support was added. DH parameters are loaded from
TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve
is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically
selected when using LibreSSL.
- scrypt hashed passwords can be used in the MySQL, PostgreSQL and
LDAP backends.
* Version 1.0.37:
- The -C: prefix can be added to the cipher suite in order to make valid
client certificates mandatory. This is no longer a compile-time option.
- The Clear Command Channel (CCC) command is now supported.
- pure-config.py is compatible with Python 3.
- SSL (v2, v3) is refused by default.
- The PureDB backend supports the scrypt function in order to hash
passwords. This is the preferred algorithm, but requires the presence
of libsodium.
- DES-hashed passwords are not supported any more.
- LDAP uid and gid values can over overridden in the LDAP configuration file.
- New LDAPUseTLS directive for LDAP.
- RC4 was killed.
* Version 1.0.36:
- The safe_write()/safe_read() factorization broke extauth. Using
safe_read_partial() to read from the extauth pipe wasn't enough.
Bug reported by Rasmus Fauske.
- Improved autoconf detection of -fstack-protector and -fPIE
- If 10 digits are not enough to print the size of a file in an
ls-like output, bump the max number of digits to 18. This adds support for
files up to 1 exabyte.
- Pure-FTPd can be compiled with Cygwin, ASLR/DEP is enabled by
default on Windows, and ASCII downloads on Windows have been fixed.
- A new undocumented macro, ALLOW_EVERYTHING_IN_FILE_NAMES, allows
any characters in a file name. Disabled by default.
- Don't display dot files (except . and ..) if dot_read_ok is 0 in
donlist() - but not in sglob() yet. This change is purely cosmetic. There are
many ways to figure out if a file exists.
* Version 1.0.35:
- Improve compatibility with the Intel and Ekopath compilers.
- Use more paranoid compiler options whenever possible, and preliminary
uncluttering of the autoconf script.
- Try to cache locale-related data at startup after tzset(), rather
than during a session.
- Fix quota computation after rename() overwrites an existing file.
Reported by Hiramoto Koujo, thanks!
* Version 1.0.34:
- Fix safe_write() inverted checks that broke uploads.
* Version 1.0.33:
- Sync built-in glob(3) code with OpenBSD-current, and remove code we
don't use instead of ifdef'ing it.
- Repair checkproc() on Linux when support for capabilities is
compiled in. Reported by Eric Gouyer.
- Don't read /dev/*random every time we need a value. Just use
arc4random() everywhere and seed it before we possibly chroot().
- Add support for MFMT, with the same code as SITE UTIME.
- Support 2-arguments SITE UTIME.
- LDAP: Add LDAPDefaultHomeDirectory, suggested by Landry Breuil.
- Add SSL_OP_NO_SSLv3 to SSL options if the list of ciphers is
prefixed by -S: , needed by Brad.
- Remove the various safe_read() / safe_write() instances and
factorize them in safe_rw.c
- Call OpenSSL_add_all_algorithms(), suggested by Brad.
- Mention that WinSCP works fine with Pure-FTPd.
- On Linux, opening a named pipe that nobody reads with O_WRONLY yields ENXIO.
The workaround is to opens it O_RDWR. So, just do that.
* Version 1.0.32:
- Support SHA1 password hashing in MySQL and PostgreSQL backends
- Support for braces expansion in directory listings has been
disabled - Cf. CVE-2011-0418
* Version 1.0.31:
- Introduce --tlsciphersuite (-J) to set the list of allowed ciphers,
thanks to Todd Rinaldo.
- The -F switch has been documented in the built-in help.
- Shell-like escaping is now partially handled when emulating the "ls"
command.
- Use my_make_scrambled_password() instead of make_scrambled_password().
Suggested by Arkadiusz Miskiewicz.
* Version 1.0.30:
- Use malloc() instead of an ever-growing stack in pure-quotacheck.
Fixes quota computation on a large number of files. Problem initially
reported by jeff at cpanel dot net.
- Treat OPTS UTF-8 like OPTS UTF8. Suggested by yjfan at longtop dot
com.
- Empty the command-line buffer after switching to TLS. Fixes a flaw
similar to Postfix's CVE-2011-0411.
- Provide ANSI-compliant MySQL configuration example.
- Fix some issues with man pages.
* Version 1.0.29:
- max_dlmap_size was size_t instead off_t, causing misalignment while
downloading > 4 Gb files on a 32-bits arch. Reported by Viktor Butskih.
- pread() vs lseek()+read() was a useless optimization, since pread()
doesn't change the file position and further reads weren't going through
plain read() calls.
- iconv_fd_* should be initialized by (iconv_t) -1 as we test them upon
exit. Fixes segfaults on glibc.
- pure-uploadscript tries to reach the pipe during 30 seconds instead of 10.
* Version 1.0.28:
- FTPD_PAM_SERVICE_NAME can be defined in order to change the PAM service
name.
- When an upload gets renamed (--autorename), send the new name to the
uploadscript instead of the original one.
- The ALLO command now checks for the actual disk space in addition to the
virtual quota.
- Work around OSX broken poll()
- After an atomic resumed upload, don't append the previous file size to the
quota.
- Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset is
UTF8.
- Fix AUTHD_ENCRYPTED
- Reset the CWD failures counter after a successful directory has been
created. It avoids spurious disconnections with ncftp.
- Support for iPhone has been moved to another branch.
- Fix crash with PostgreSQL.
* Version 1.0.27:
- Have pureftpd_shutdown() shut the server down even if a client is
connected on iPhone.
- Allow users with no quota to delete .pureftpd-upload-* files.
- Unbreak ipv6 support, reported by Brad Smith.
- Disable SSLv3 renegotiation if an old SSL library is used. If you really
want to re-enable SSLv3 renegotiation, even with a recent library, you can
always define ACCEPT_SSL_RENEGOTIATION.
* Version 1.0.26:
- Fix incompatibilities with Cyberduck when TLS is enabled.
- Don't TLS_accept() immediately after accept(). Reply on the connection
socket first, so that clients don't have to wait before knowing that they
can actually use TLS. It avoids lags with LFTP and hangs with Cyberduck.
- Properly change the process name on Linux when the -S option is used, by
Margus Kaidja.
- Unbreak authentication of non-chrooted users. Thanks to Juergen Daubert
for the bug report.
* Version 1.0.25:
- Show symlinks as symlinks in MLSD, except when the broken client
compatibility mode is turned on and links are not dangling (just like the
old LIST and NLIST commands). Reported by Mime Cuvalo.
- More gcc 2 compatibility, thanks to Todd Rinaldo.
- Properly handle custom paths in man pages. Thanks to Scott Haneda and
Mathieu Parisot.
- Have $localstatedir default to /var as it used to be unless
--localstatedir=... is explicitly passed to ./configure
- Use @VERSION@ in man pages.
- --without-pam disables PAM on OSX and iPhone.
- Allow cross-compilation.
- Experimental iPhone target.
- Change the way it links, building a library first.
- Don't use mmap() any more for downloads. It's too slow.
- Don't use hard-coded paths in order to find MySQL and PostgreSQL
libraries and header files. Use mysql_config and pg_config instead.
Suggested by John Alberts.
- Log the DELE command similar to the RETR and STOR commands. Suggested by
Martin Fuxa.
- The primary group gets cached so that it's always displayed in directory
listings.
- Avoid a client process to burn CPU in an infinite loop if the command
channel gets disconnected before the data channel. Reported by Thomas Min
and Margus Kaidja.
- Restore the traditional behavior of a download restarting at the end of a
file. For some weird reasons, some clients still insist on doing that. Don't
send a 55x return code, just let them download... nothing.
- Documentation updates.
* Version 1.0.24:
- Refuse empty passwords in LDAP bind mode. Reported by Henning Brauer.
- The package can now be compiled with gcc 2.
* Version 1.0.23:
- LDAP: accept "enabled" as a correct value for FTPStatus as it used
to be.
- More useful error logging for OpenSSL errors.
- Don't read certificates twice.
- Fix compilation on Solaris with privsep, thanks to Ritesh Patel.
- Don't replace : (as in IPv6 addresses) in host names. Thanks to Tero
Pelander.
- Add SUP top AUXILIARY to LDAP schema, suggested by Zhang Huangbin.
- Don't ignore dot files even if -D is not supplied with the MLSD command.
- Deinline code
- Throttling more reliable
- STAT is now working over TLS
- DH keys for ephemeral key exchange are now handled
- Fix libiconv checking
- The column was missing in the PassivePortRange comment (thanks to Igor
Alexadrov)
- LDAP authentication through binding is now possible in addition to
passwords. This allows for the FTP server to run with an unprivileged LDAP
account. It also adds a warning if auth method password is used and doesn't find
a userPassword attribute. This usually indicates that the LDAP bind DN
cannot read the attributes, because it doesn't have sufficient privileges.
Contributed by Wilco Baan Hofman.
- Perform charset conversions on directory names. Issue spotted by Xianghu
Zhao.
- Almost a complete rewrite of the upload, download and TLS code for more
reliability
- Seamlessly handle ABOR without any SIGURG
- Try to immediately handle any kind of disconnection
- Use poll() rather than select() as much as possible
- Distinguish aborted (even the hard way) and completed download and upload
operations in log files
- Minor corrections to he French messages
- Don't use atomic uploads unless --notruncate or --autorename have been
enabled
- Take care of removing .pureftpd-upload-* files in every possible case
- List up to 10000 files per directory per default instead of 2000
- Don't mess with TCP_NOPUSH, as it interferes with OpenSSL
- New compile-time option: --with-implicittls in order to build a FTPS-only
server
- ./configure --localstatedir can now be used in order to avoid storing the
scoreboard and other dynamic files in /var/run/
- Quota handling reworked (easier, and way more reliable)
- RNTO support even when quota are enabled.
- A bunch of return codes were fixed to be more RFC-conformant.
- ALLO command is now actually checking if an upload can occur without
blowing the quota.
- Don't change the TCP window size. Admins should do this as part of their
system configuration.
- Privsep is now enabled by default. Use --without-privsep to disable.
- --without-banner is gone. If you have a cookie file (-F), the default
banner won't be displayed.
- Compile with PAM by default on OSX.
- Switch the privsep process to _pure-ftpd or pure-ftpd when no privileged
call is actually necessary. Since only the effective uid chances, it's not
brutally useful yet, but it paves the way for forthcoming changes.
- Install man pages with local paths instead of hard-coded ones.
* Version 1.0.22:
- New catalan translation, by Taik0.
- TLS support for LDAP, contributed by Marc Balmer.
- pureftpd.schema contained two errors. Reported by Ulrich Zehl.
- Fix usage of MySQL 5 stored procedures, by Bernhard Fischer.
- Don't issue a warning in ./configure when the certfile does exist.
Reported by Michael Bowe.
- Have LDAP FTPStatus work since the schema changed. Thanks to David Majorel.
- Compatibility with newer OpenLDAP versions. Thanks to Johan Ström.
- Don't hang up during uploads if we get any other command than QUIT and
ABORT.
- SITE UTIME reads UTC time
- A space is needed for inline content in response to the MLST command.
- Time zone issues should be fixed for good. We have to redefine TZ,
tzset() is not enough on Linux when we are in a chroot environment.
- Correctly respond to FEAT without removing extra features when passive
mode is disabled. Thanks to upb.
- Better process name change setup for Linux.
- Auto-created home directories are now created with mode 0777 (and
directory umask is applied), per common request. It's very important to
double check your umask.
- Extend gid / uid to 10 digits in ls output. Extend file size as well.
- Brazilian portuguese translation was updated.
- Support new MySQL password scrambling, thanks to Jan Hudoba.
- Larger mmap() chunks: downloads needs less CPU usage on platforms with
slow mmap() like OpenBSD.
- Fix SecureFX compatibility.
- Use PQescapeStringConn() for PostgreSQL instead of hand-made escaping.
- messages_check.pl had to leave the package as it was GPL-licenced.
- Don't respond to server that an upload succeeded before the temporary
file has been renamed.
- TLS support on data channels, contributed by Rajat Upadhyaya from Novell
and Christian Cier-Zniewski.
- Use sendfile() on recent Solaris versions in place of sendfilev().
- Don't use a deprecated interface for Bonjour registration.
- Tell authentication handlers if the connection is encrypted or not,
through a new AUTHD_ENCRYPTED environment variable. Suggested by Koczka
Ferenc.
- README.Netfilter has been removed.
- Create all directories, not only the basement when on-demand directory
creation is enabled and the user's home directory looks like /basement/./user.
Suggested by Frederico Gendorf.
- Fixed error reporting when TLS support was compiled in, but TLS wasn't
enabled on the current session. Thanks to Arkadiusz Miskiewicz.
- Log full path on file deletion. Thanks to Arkadiusz Miskiewicz.
- Handle "ftp" and "anonymous" like normal accounts (with passwords) if -E
(no anonymous logins) is specified. Thanks to Arkadiusz Miskiewicz.
- Sleep before answering a password failure, not the other way round. From
PLD Linux.
- Fix gcc warning in puredb.
- In broken mode, show symlinks as their real target. It can have side
effects, don't forget that broken mode is... broken mode.
- Respect aliasing rules for sockaddr_storage usage.
- Privsep is enabled by default in the installation GUI.
- --with-everything now includes privsep.
- update: fix compilation with gcc 2.x, reported by John Lightsey.
* Version 1.0.21:
When SHA1HANDSOFF is defined, we shouldn't cast a pointer to a large union
to a char buffer, because of alignment required by some architectures.
WITH_THROTTLING should actually be THROTTLING in src/log_extauth.c . It
fixes throttling with extauth. Reported and fixed by Marcus Merighi
<mcmer at tor.at> through Brad our beloved OpenBSD maintainer.
Rendezvous has been renamed Bonjour.
A double-close in the CHMOD command has been fixed, reported by Christer
Mjellem Strand.
The old PAM sample has been removed.
-F option added to pure-pw.
MAX_USER_LENGTH has been bumped to 127 due to popular demand.
pam/* can now be used if security/* doesn't exist. Fixes PAM
detection on MacOS X.
Call tzset() in chrooted apps in order to get correct time zones in
syslog messages.
simplify() simplifies paths ending by /. and /..
MySQL's hash_password() needs 3 arguments since mySQL 4.1.
Experimental support for RFC2640 (UTF-8 filename encoding) has been
added, derived from code by Jui-Nan Lin.
The LDAP schema has been changed: FTPStatus should be a boolean.
New switch: -p (--pidfile=) for pure-authd and pure-uploadscript, by Old
Sparky.
By popular request, even non-chrooted users are now denied access if their
home directory is not mounted.
If die() is called during a TLS-enabled session, encrypt the death
message. Contributed by Cynix.
Don't wrongly abort transfer during file upload. Fix by Patrick Gosling.
WITH_LARGE_FILES is now defined by default.
sendfile64() support on Linux.
privsep and main processes were swapped out so that pure-ftpwho displays
the right pid.
OPTS MLST has been implemented.
SITE UTIME has been implemented.
TCP_CORK is on by default again. A new configure switch, --without-cork,
can disable it.
Correctly format %c and %% in fakesprintf().
The connection socket is now created with the Nagle algorithm disabled.
It was the trick to dramatically improve performance when transferring a lot
of small files.
Updated getopt_long() and realpath() substitutes.
Allow logging to named pipes (thanks to Steve Marple).
Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server.
Documentation updates.
MySQL errors are now logged.
* Version 1.0.20:
MacOS X Panther and Tiger sometimes returns EAI_SYSTEM (errno=ENOENT)
when a host is not found.
The BSD getopt() update has been partly reverted.
* Version 1.0.19:
Until OpenBSD has UBC, we need to explicitly call msync() to
synchronize data written by mmap() and read by read().
Real disk space is no more shown unless SHOW_REAL_DISK_SPACE is defined.
Fygul's email address has changed.
Don't try to catch SIGKILL any more, it's uncatchable.
PureUserAdmin was added to the contribs.
getopt_long() was resynced with the OpenBSD version.
The client socket switches to non-blocking mode before forking in
accept_client() - reported by Agri <agri at desnol.ru>.
* Version 1.0.18:
Autoconf was bumped to 2.59, automake to 1.8.
The sample source code in README.Authentication-Modules was bogus
because of a missing 'echo end' statement. Thanks to Peter Ahlert
<petera at gmx.net> for reporting this.
New translation : hungarian. Contributed by Bánhalmi Csaba
<banhalmi at enternet.hu>.
New translation : catalan. Contributed by Oriol Magrané
<omagrane at mediapro.es>.
Max CPU time was bumped to 60 min.
Disable hash_password() function call on MySQL 4.1.x and later.
We now use two listening sockets (listenfd / listenfd6), one for IPv4, one
for IPv6. The standalone_server() function has been reworked and split.
New urlencode() function to escape characters in W3C and CLF altlog files.
Based upon a suggestion and a patch by Volodin D.
The xferlog format was also implemented by the way.
New global : no_ipv4 to only listen to IPv6 in standalone mode.
Use closefrom() if available to close all descriptors.
Support for Rendezvous on MacOS X by Jean-Matthieu Schaffhauser.
Support for Apple / GNUSTEP plist data output in pure-ftpwho, also by
Jean-Matthieu Schaffhauser.
The FileInfo structure was renamed PureFileInfo to avoid a name clash on
Darwin.
A lot of compile-time default values like GLOB_TIMEOUT, MAX_CPU_TIME and
MAX_USER_LENGTH, are now overridable without any change to src/ftpd.h
ENABLE_UNICODE_CONTROL_CHARS has been replaced with
DISABLE_UNICODE_CONTROL_CHARS and a new switch, --without-unicode, defines
that macro.
Unlink the right pid files in pure-authd and pure-uploadscript. Reported
and fixed by Oscar Sundbon <moose at djuren.org>.
* Version 1.0.17a:
FD_SET(-1, ...) is invalid, but it could happen on aborted transfers,
causing Pure-FTPd to exit without removing ftpwho entries nor atomic files.
safe_fd_set() has been introduced to solve this, it just works like
safe_fd_isset() and ignores descriptor -1 and it has been placed on the same
places.
* Version 1.0.17:
Some fixes were made to the traditional Chinese translation by Flaw Zero
<flawzero at eyou.com>.
Autoconf was upgraded to 2.58.
TLS_CERTIFICATE_PATH has been renamed TLS_CERTIFICATE_FILE.
--with-certfile has been added to ./configure to set up a value for
TLS_CERTIFICATE_FILE. The default value has been reverted to
/etc/ssl/private/pure-ftpd.pem.
Solaris NIS accounts can now be converted using pure-pwconvert.
Don't drop capabilities too early, or even chroot will be prohibited.
Thanks to Arkadiusz Patyk, Li-Ren and Philipp Kern for their report.
Negative return codes are not used any more - reported by Andrew Victor
<andrew at sanpeople.com>
System users whose password is '********' are now imported by
pure-pwconvert (for newer MacOS X).
New file : README.MacOS-X.
Use SO_REUSEPORT in place of SO_REUSEADDR to bind the ftp-data port on
FreeBSD. Suggested by Henri Virtanen <hvirtanen at daous.com>.
Big change in the way upload are handled. We now maintain a per-process
unique file name in an "atomic_prefix" global. This is the name of a temporary
file that is actually used for upload, through the get_atomic_file() function
that adds the basename if needed. Once the upload is completed or aborted, the
temporary file is renamed. Or hard links are created when autorename is asked
for (autorename happens after the upload now, not before). It changes a lot of
stuff in dostor(), but it makes the whole thing easier and atomic uploads are
really nice for the end user. --no-truncate (and the global no_truncate) can
keep the old file when a new version of a file is being uploaded.
Redundant calls to get_usec_time() were removed.
Julien Andrieux's parser has been added to contribs.
Errors when SSL certificates are missing are more explicit.
The SITE TIME command was implemented. Suggested by Mark.
A new sample of a PAM configuration file has been written. The previous
one is still available as pure-ftpd.old.
* Version 1.0.16c:
We should disable the raw mode and send full HTML headers in CGI mode.
Reported by Bernard Lheureux <bernard.lheureux at bbsoft4.org>
Spelling errors were fixed in the .no translation by Brynjar Eide
<post at mislykket.no>
Always try to include sys/param.h before sys/mount.h in the autoconf
script. Patch by Brad Smith <brad at openbsd.org>.
FAQ addition regarding the STOU command. Written by C. Jon Larsen
<jlarsen at richweb.com>
PAM was broken in 1.0.16b due to PAM_SUCCESS not being copied to the right
slot. It has been fixed.
Automake has been updated to 1.7.8.
configure.ac has been cleaned up a bit regarding the conditional inclusion
of stdlib.h/unistd.h .
RPMs are now built with largefile support, privsep and sysquotas by
default.
* Version 1.0.16b:
PAM fixes.
TLS should now compile on RedHat 9 that moved Kerberos headers to
a specific directory.
free(NULL) is ok => all code like "if (<value> != NULL) free(<value>);"
has been simplified.
Automake has been upgraded to 1.7.7, Autoconf to 2.57a.
The sysconf prefix is now used for SSL certificates as well.
We break'ed too early when trying to resolve host names in
pure-ftpwho and the local host name couldn't even be resolved. The problem was
introduced in 1.0.16 when the MacOS X Panther workarounds were implemented.
Thanks to JG <jg at cms.ac> for his bug report.
/usr/local/include, /usr/kerberos/include and /usr/local/lib are only
added to CPPFLAGS/LDFLAGS if they actually exist.
pure-ftpwho now outputs XHTML 1.1 conformant code in CGI mode.
pure-ftpwho now properly escapes XHTML special characters.
pure-ftpwho now announces the ISO-8859-15 character set in XML mode.
Disable IPV6_V6ONLY by popular request by people lost with the need of the
-4 switch on some operating systems.
* Version 1.0.16a:
Fix typo (sizeof_resolved instead of sizeof resolved) in
src/bsd-realpath.c . Not a vulnerability because it happens in the good way,
but it sometimes used to break uploadscript.
* Version 1.0.16:
An obsolete comment in pure-ftpd.conf was fixed : RPMs don't parse
/etc/sysconf/pure-ftpd any more.
Recognize the '##' prefix as a shadowed password - make
authentication work on Solaris with shadow/NIS.
Add back some random sleep() between authentication failures in
addition to the exponential sleep. Zzzzz... sleeping is good in summer...
Upgrade to automake 1.7.5.
The list of options in the pure-ftpd(8) man page was reordered -
Thanks to our beloved Claudiu Costin.
SSL/TLS support was added (bits in src/{ftpd.c,ftp_parser.c,tls.c,tls.h,
configure.ac}, new doc: README.TLS, new globals: tls_ctx, tls_cnx). New
related commands were introduced : AUTH, PBSZ and PROT.
Uploaded files are now removed when realpath() fails and
bsd_realpath() was modified to fall back to getcwd()/chdir() if we
can't get a descriptor on the current directory because it is not
readable. It fixes pure-uploadscript on some platforms like MacOS X.
HAVE_BROKEN_REALPATH is gone. USE_BUILTIN_REALPATH is born.
A typo in the Python configuration file wrapper was fixed : -t was used in
place of -y.
MacOS X Panther has a lousy getnameinfo() implementation that doesn't fill
the buffer when no DNS entry is found for a host and a numerical result wasn't
explicitly asked. As a result, Pure-FTPd didn't even start on Panther (saying
"bad IP address") . We now check for EAI_NONAME if available and we retry with
NI_NUMERICHOST if this is what getnameinfo() returns. Thanks to Yann Bizeul
for his valuable help on this issue.
Implement a working strdup() replacement in puredb for systems lacking it.
Some MAXPATHLEN / MAXPATHLEN + 1 cleanups. Basically when paths are
generated by our own functions, we use MAXPATHLEN for the complete
zero-terminated string. When a buffer is passed to a libc function, we reserve
a MAXPATHLEN + 1 buffer and give a MAXPATHLEN size, just to avoid bad
surprises if an off-by-one ever occurs in a getcwd() like function.
Don't use make_scrambled_password() in the MySQL backend because the API
changed since MySQL 4.1.
Removed fixed-size constant arrays in src/crypto.c because of MacOS X
linker bugs (grrr...) .
* Version 1.0.15:
New translation : Turkish, contributed by Mehmet Cokcevik
<dns at netline.com.tr> .
PostgreSQL documentation templates have been fixed - At least User
is a reserved keyword that needs quotes. Thanks to Henrik Edlund
<henrik at edlund.org> .
The maximal length of an account has been bumped a bit (42 chars),
and that size is now consistent across functions through the
MAX_USER_LENGTH macro. Thanks to Darth Vader (freddyke) for suggesting
this.
The comment about the location of the config file in the RedHat
init script was synced with the new location.
Tokens in the configuration file are now case independent.
Automatic creation of home directories was fixed. Thanks to
Anthony DeRobertis for the fix.
A typo in quota handling was fixed.
Cable & Wireless NL is now WideXS and their mirror seems to be
working again.
Always fill descriptors 0/1 in order to make pure-uploadscript
actually work when daemonizing. Thanks to Joerg Pulz
<Joerg.Pulz at frm2.tum.de> for pointing this out.
Don't open pipes with O_NDELAY, some systems don't like it at all.
As a side effect, the server will now wait until pure-uploadscript is
actually started before accepting connections and this is a _good_ thing.
The server load is not displayed any more, by popular request.
The version number isn't displayed any more as well.
GNU's getopt_long() has been replaced by an OpenBSD derivative.
--without-longoptions has been removed. We keep the old macros and
#ifdef though, just in case we want to improve the minimal mode later.
New unofficial macro : DISPLAY_FILES_IN_UTC_TIME to display directory
listings with UTC times.
The danish translation was updated - Lyberth.
pure-pw now returns error codes.
WIN32_ANON_DIR can override the default anonymous FTP directory on
Win32.
Fix "pure-pw usermod -y" by introducing has_per_user_max.
New subcommand : "pure-pw list", that summarizes available
accounts in a puredb.
Enlarge TCP window as it was a long time ago. It brings better
performances on BSD systems. Define NO_TCP_LARGE_WINDOW to disable.
Try to early detect timeouts by checking whether select() returns 0.
Don't try to reduce capabilities if we obviously can't because the
server has not been started by root.
Pure-FTPd is now 100% covered by the BSD license.
* Version 1.0.14:
Use random() if available, not rand() for fortune cookies.
Remove broken lseek(fd, -1, 0).
When writing to clients data sockets fails, the client probably
hung up. IE, for instance, doesn't seem to properly abort transfers
and say "QUIT" when a transfer is canceled by the user. So, log
MSG_ABORTED instead of MSG_DATA_WRITE_FAILED.
Check whether we are inside a Virtuozzo virtual environment and
disable sendfile() if this is the case. Thanks to Kittiwat Manosuthi
for his help on this issue.
Automake has been upgraded to version 1.7, autoconf to version 2.57.
Introduce privsep.h, privsep_p.h, privsep.c and --with-privsep.
Drop capabilities after the call to nice() because we need
CAP_SYS_NICE.
Don't waste time with in dopasv() to get the name of the socket we
just created.
Add "ptracetest".
Enable __EXTENSIONS__ and _XPG4_2 on Solaris in ./configure.ac
Also check whether a client has gone away by testing xferfd and
introduce safe_fd_isset() that just works like FD_ISSET() but doesn't
choke when the descriptor is -1. It fixes bus errors on FreeBSD.
Add force_passive_ip_s in order to store the argument of -P.
Passive IP addresses are now resolved in doit() for every new
connection, by popular request. It means that "-P ftp.example.com" now
works, even for dynamic addresses.
Split the function that creates an active data socket into two
parts : doport2() and doport3(). doport3() actually creates it,
doport2() does other gadgets like checking for FXP, etc.
Carefully check whether we have OpenBSD/MicroBSD-like MD5/SHA1
functions in libc and not an incompatible variant like Cyrus SASL.
The "Welcome to Pure-FTPd" decorations were replaced with
something more neutral.
Introduce ISCTRLCODE() instead of doing it by hand every time and
properly reject Unicode control chars while we are at it.
New contrib : Webmin module, by La Shampoo.
* Version 1.0.13a:
Fix pure-config.pl with old versions of the Perl interpreter.
Fix compilation with PostgreSQL, thanks to Sakari Tanhua
<stanhua at cc.hut.fi> .
* Version 1.0.13 :
Swap simplified and traditional chinese settings. Reported by Ying-Chieh
Liao <ijliao at csie.nctu.edu.tw> .
Ignore ESTA if a passive IP is forced or the NAT mode is enabled, because
the private address is probably meaningless.
README documentation improvements, contributed by Jeffrey Lim
<jf_____ at fastmail.fm>
Avoid NGROUPS_MAX when possible - Idea from tuxfamily.org CVS tree.
LDAP schema changed to work with newer OpenLDAP releases.
New LDAP directives : LDAPFilter, LDAPHomeDir and LDAPVersion.
Be a bit more heavy when creating home directories, it should solve
troubles users had with path containing extra slashes.
Try again when the pipe can't be opened in pure-uploadscript.
New --with-boring switch (BORING_MODE macro) .
Fix sendfile() support on Solaris, thanks to Emmanuel Hocdet
<man at t-online.fr>
Add uptime support for pure-mrtginfo on FreeBSD. Contributed by
Ying-Chieh Liao <ijliao at csie.nctu.edu.tw> .
Fix error when deleting files with an absolute directory when quotas are
enabled. Contributed by Johannes Erdfelt <johannes at erdfelt.com> .
dobanner() rewritten. It's now the same code to display .message and
.banner files and the content is sent line by line. We can't afford to load
everything and simply call addreply_noformat(), because if a banner starts
with a digit, it would be complicated to insert spaces to be RFC conformant.
Fix typo in the example configuration file (pureftp -> pureftpd) .
Reported by Kyle Herbert (http://www.firstnetimpressions.com/) .
Spanish translation updated (Lluis) .
Chinese translation updated (Fygul) .
There's now an unique official spelling : "Pure-FTPd".
Autoconf 2.54, Automake 1.6.3.
Move getloadavg() and similar functions to getloadavg.{h,c}.
Get the 5-min load average, not the instant load.
Raise the default maxdiskpct from 90% to 99%, as many people don't figure
out why they can't upload an ISO image when there's 700Mb free on a
7Gb partition.
Relax permissions enforcement in dochmod() when quotas are enabled
- Thanks to Claudiu.
Introduce checkprintable() function in ls.c : don't display files
whose name contains characters < 32.
Contributed sfv-crc-check has been removed (people reported that it simply
doesn't work) .
PAM sample fixed : ftplockout should really be ftpusers. Add some
common system accounts by the way.
More flexible RPM spec file, contributed by Johannes Erdfelt
<johannes at erdfelt.com> .
New translation : Czech, contributed by Martin Sarfy
<xsarfy at informatics.muni.cz> .
Merge Clive Goodhead's patch to implement MYSQLDefaultGID and
MYSQLDefaultUID and port it to PostgreSQL.
pure-config.pl has been completely rewritten in a clean way by
Aristoteles Pagaltzis <pagaltzis at gmx.de> .
New contrib : pure-vpopauth.pl .
Remove backtitle in gui/build.sh, it breaks radio lists on some
dialog versions.
Enable --without-ascii by default on Win32. It means that text
files must be in Windows format (CR+LF) on the server, no more in an
Unix fashion, or clients will get bare LFs (and intelligent clients
will switch to binary mode, so files sent in Unix format will be
retrieved in Unix format - great) .
redhat.init now uses pure-config.pl as different configuration
files was confusing people.
* Version 1.0.12 :
Style : opt_l_ is now an argument of donlist() - no more need to set
up the global variable before calling the function.
A (fake for now) ACCT command has been added. Maybe it will solve a
conflict with some versions of Fetch for Macintosh.
NLST and MLSD should be able to handle only one file. Don't split file
names, don't parse options. Reported by Martin Hedenfalk.
Support for sendfile() on HPUX and sendfilev() on Solaris. Contributed
by Kenneth Stailey.
Don't display "you are user number 0".
Check whether we have pread() in configure.ac .
Remove dead scoreboard files in pure-ftpwho, even those whose status
isn't marked as free.
New translation : Russian. Contributed by Andrey Ulanov
<drey at rt.mipt.ru> .
New translations : simplified and traditional Chinese. Contributed
by Fygul Hether <fygul at fgs.org.tw> .
New IPv6_OK message to tell people when a server also accepts IPv6
connections if DISPLAY_IPV6_OK is defined.
In extauth, there's no more need to fill fields except auth_ok
when authentication is refused (auth_ok = {0,-1}) . uid/gid/dir are only
checked with auth_ok = 1. It's then easier to chain other authentication
modules.
Linux binaries will now be linked against GlibC 2.2.x .
Use the non-root mode for the Windows port.
Don't forget to retrieve LDAP_FTPUID and LDAP_FTPGID when fetching
LDAP info.
Introduce closedata() to close the data socket. It avoids
duplicate code. opendata() now returns void : the result is in the
xferfd global.
fakesnprintf() now supports %c.
Implement FTP Data Connection Assurance
(http://www.ietf.org/internet-drafts/draft-ietf-ftpext-data-connection-assurance-00.txt)
Buglets fixed in the PostgreSQL documentation.
Pure-FTPd User Manager added to the contribs.
Add exponential delay after a 'cd' failure. Suggested by Jim.
* Version 1.0.11 :
New translation : Norwegian. Contributed by Kurt Inge Smådal /
EasyISP.org <kurt at easyisp.org> .
Fix typo (RATIO->RATIOS) in log_extauth.c and ratios are now working
with the extauth module :)
Autoconf upgraded to 2.53 .
PAGE_SIZE can be non constant. So we try to get it with getpagesize() or
sysconf() . PAGE_SIZE and MAP_SIZE have become page_size and map_size.
Thanks to brad at openbsd.org .
Dutch translation updated - Johan Huisman <sietze.jan.huisman at 12move.nl>
Typo in log_extauth.h (bandwidth -> bandwidth) . Fixes throttling with
extauth. Reported by iTooo <itooo at itooo.com> .
Italian translation updates (Alex Dupre) .
Workaround against Solaris streams bugs - Kenneth Stailey.
getspnam() is now probed in addition to <shadow.h> in order to find
whether shadow passwords are available - Kenneth.
Check for setreuid/setresuid/setregid/setresgid is seteuid/setegid
aren't available. Use them in place of seteuid/setegid if necessary - Kenneth.
Fixed a typo in the previous line - Brad :)
Use pstat_getdynamic() to get the load average if available. It works on
HPUX - Kenneth.
Use pstat() to change the process title on HPUX - Kenneth.
Cosmetic cleanups (tabs instead of spaces, etc) .
The good'ol poweredby.jpg logo has been replaced by pure-ftpd.png, the
new official logo contributed by Gabriele Vinci <gabriele at pronto.it> .
We now have plenty of FTP mirrors, see the end the README file.
* Version 1.0.10 :
GCC updated to 3.0.4.
Automake updated to 1.6. configure.ac has zapped deprecated
constructions.
Autoconf updated to 2.52i. Autoconf doesn't like conditional *_LDFLAGS
in Makefiles any more.
Probe for *postgresql* in addition to *pgsql* to find include/lib paths
for PostgreSQL (configure.ac) .
*reply() functions rewritten from scratch: simpler code, no more
recursivity (makes Solaris happy) and faster processing.
Accept '..' in file names in fakexlate() .
Use addreply_noformat() whenever possible (speedup).
New switch : -Z (--customerproof) . Right now, it adds | 0600 or | 0700
to chmod commands to avoid users locking their own files. Additionally, we
now try a traditional chmod() call if fchmod() fails. There's a race here,
but no security trouble to fear. Reported by Mark Reidel <mr at domainfactory.de>
Spec file fixes, contributed by Jose Pedro Oliveira <jpo at di.uminho.pt>
PureDB binary search could fail with -1 as a slot number - fixed.
* Version 1.0.9 :
Korean translation updated.
Spanish translation updated.
Slovak translation updated.
Load average is now checked on Irix - Contributed by Florin Andrei
<florin at sgi.com> and Chan Wilson <cwilson at sgi.com> .
Make the PAM example more generic. -Thorsten.
External authentication modules can now be compiled in even when
ratio/quotas/throttling aren't enabled. -reported by pierre at epinetworx.com .
/dev/*random devices can now be probed at run-time when
PROBE_RANDOM_AT_RUNTIME is defined. Suggested by Kenneth Stailey.
Remove loop alignment in minimal mode - GCC doesn't like it on Solaris.
Enabling the non-root mode now implies virtual chroot. - Some big
improvements to the non-root mode. Almost all features of the root mode are
now working.
SITE ALIAS buglet fixed - Kenneth.
Parse a.b.c.d IP addresses (without /netmask) and blah.blah.blah
(hostnames) in log_puredb access/deny rules. Suggested by Maxnerd.
Autoconf updated to 2.52h.
Don't drop CAP_CHOWN before login completion, so that on-demand
directories are chown()ed to the right user when capabilities are enabled.
fake* files are now under a BSD license.
The PgSQL backend now accepts 'any' and 'md5' keywords for the password
hashing - Contributed by Bjoern.
External authentication modules are now working on non-Linux systems :
we were sending every line from log_extauth to pure-authd in separate
packets to the local unix socket, but we were only reading a single packet
then. Now, we also group everything to a single packet before sending the
data.
Merge Ben Gertzfield's extended LDAP schema.
AtheOS is unfortunately gone from the list of supported OS because it
lacks mmap().
Invalid SQL queries are now logged in order to help debugging.
* Version 1.0.8 :
Set errno in fake functions.
Get rid of rd_len, rename rd -> root_directory, always ensure that it
has a trailing '/' to simplify further code.
Recognize the /./ hack for anonymous users ('ftp' account). Contributed
by Teo de Hesselle <teo.dehesselle at uts.edu.au> .
Strip leading / in fakechroot (just to be coherent with the trailing /
now in root_directory) .
Have the non root mode work with virtual chroot. People are restricted
to the directory pure-ftpd was started in.
Fix compilation on AtheOS.
Allow pure-quotacheck to run as a non-root user (suggested by Philip Mak
<pmak at aaanime.net>) .
Merge realpath() replacements from OpenBSD-current, because some Solaris
libC have a broken realpath() implementation.
Support for MD5 hashed passwords in log_mysql. Contributed by Nicolas
Doye.
Force a minimum of 64k i/o buffers.
Get rid of the ugly daemons.c inclusion in pure-mrtginfo.c .
Merge the W3C log format - contributed by Thomas Briggs <tom at sane.com> .
Add initsupgroups() function and always call initgroups() *BEFORE*
chroot. An important fix pointed out by Adam Kruszewski (Fantomik) and
Wojtek "elluin" Kaniewski.
Add CAP_SETUID if we're on a system with Linux capabilities, but no
setfsuid() call. Who knows, there are maybe very strange GlibC.
New switch : -G (--norename), new global : disallow_rename .
sizeof(FTPWhoEntry_.filename) increased in ftpwho-update.h .
Reply with 530, not 550 when user isn't logged in. Reported by Philip
Mak <pmak at animeglobe.com> .
Follow symlinks in pure-quotacheck. We need this to support virtual
chroot.
Remove extra "." in "Entering passive mode" message to please some very
old BSD kernel proxies. Reported by BigAndy.
Open descriptors 0,1,2 (->/dev/null) in forked uploadscripts, just to
please some programs that are crashing when they can't write to stderr
(example : Unison) .
Add a fakechroot version of realpath() so that altlog works with
absolute file names.
New FAKECHROOT_EXCEPTION macro to avoid I/O wrappers. -Used in
bsd-realpath() .
Cygwin doesn't have a working initgroups() call (always returns -1) =>
don't abort if the call doesn't succeed. Also, have getpwnam() and getpwuid()
always return the same fake values on win32.
Speedup : chroot("/") means no chroot at all, no need to wrap I/O
functions in that case.
mode_t is an unsigned short on MacOS X, so it's promoted to unsigned
int - take care of that for fakeopen() mode.
Fix throttling in ASCII mode - the nowait condition is o >= st.st_size,
not left > skip.
Log passwords when the server is compiled with DEBUG.
Remove TVFS conformance announcement (FEAT command) when virtual chroot
is enabled.
Fix bashisms/zshmisms in configure.ac and links OpenSSL if needed with
OpenLDAP. Contributed by Ben Gertzfield (che_fox) .
Merge pure-authd and the 'extauth' external authentication handler.
Relevant files are man/pure-authd.8, src/log_extauth* src/pure-authd* .
Undefine fakechroot macros before their definition, it shuts the
compiler up on Solaris.
* Version 1.0.7 :
Use /dev/arandom and random() instead of /dev/urandom and rand() when
possible. Suggested by Brad Smith <brad at openbsd.org>.
Korean translation updated (Im).
GCC upgraded to 3.0.3 for binary packages.
Don't chroot to /etc/pure-ftpd/<ip>/. , but to /etc/pure-ftpd/<ip> for
virtual users. Virtual chroot didn't like it.
RPM packages can now be built with LDAP, Mysql and PostgreSQL.
Contributed by Ben <ben at zaeon.com> .
Directory aliases (DIRALIASES macro, diraliases.{c,h}, minor tweaks to
ftpd.c (docwd) and ftp_parser.c (site alias)) . Contributed by Kenneth
Stailey <kstailey at yahoo.com> .
Cindy has moved.
Add a fake chroot wrapper for stat[v]fs[64]() and rm/mkdir.
Check directory, not file for stat[v]fs[64]() - Option -k should really
work now.
Don't count .ftpquota in pure-quotacheck. Reported by Jan Pavlik.
* Version 1.0.6 :
New fakechroot.{c,h} files. They contain wrappers for most I/O functions
to emulate chroot and follow symbolic links.
PostgreSQL support, based upon log_mysql.