This file contains all major changes made during the development of bftpd. The uppermost change is the newest one. Max-Wilhelm Bruker -> 1.0.24 - The PATH_BFTPDUTMP configuration option was added (idea by Szabo Peter ). - Whenever a data connection is established, the reply message now contains the transfer mode (idea by Szabo Peter). - The -D, -h and -n command line options have been added (idea by Szabo Peter). Some code was changed to support operation without a configuration file. - ATTENTION! The option LOGFILE has changed. See sample config file. - In daemon mode, bftpd closes its sockets correctly now (important if you have a lot of connections), problem discovered by Olivier Kaloudoff. - Fixed a bug that prevented Mozilla from getting directory lists (found by Marc Pauls). - Daniel Mack fixed a memory leak in his code. - The configuration parser handles comments better now. - The USERLIMIT_GLOBAL configuration option has been added. - The USERLIMIT_SINGLEUSER configuration option has been added. - Some memory leaks discovered by David Heine were fixed. Max-Wilhelm Bruker -> 1.0.23 - A serious file corruption bug using sendfile was fixed. - A makefile bug was fixed. - The AUTO_CHDIR and HIDE_GROUP configuration options were added. - A bug in the RNFR and RNTO functions has been fixed. - A bug occuring when compiling on StrongARM has been fixed. - The config file has been made more tolerant to missing spaces (error reported by Saus101 ). - A bug in the HELP function was fixed. - Two BSD incompatibilities have been fixed. - A STAT bug was fixed. - bftpd now follows symlinks. - A bug in the daemonmode code was fixed. Max-Wilhelm Bruker -> 1.0.22 - The ALLOW_FXP configuration option has been added. - The DATA_TIMEOUT configuration option has been added. - The PASSIVE_PORTS configuration option has been added. - A control timeout bug has been fixed. - Configuration options are now written like name="value", allowing comments after the option. Directories are written like directory "/foo/bar" {. Please update your config files! - bftpdutmp logging has been implemented as well as some administration functions using it. Read the updated documentation for details on how to use them. - You needn't link gzip statically to bftpd any more if you want on-the-fly compression, but you can dynamically link against zlib instead now. The pax sources are still needed for tar on-the-fly. - A directory listing bug reported by Hendrik Harms has been fixed. Max-Wilhelm Bruker -> 1.0.21 - The XFER_BUFSIZE configuration option has been added, allowing tweaking of data throughput. If you and your clients are on a very fast network (fast meaning 100 Mbit/s or more), you should set this to 64000 or something like that. - The APPE command has been implemented. - The ALLO command has been implemented as an alias to NOOP. - The INITAL_CHROOT configuration option has been added. See the new example config file for details. - The ability to disable logging has been added :) - A bug making file transmissions impossible with old config files has been fixed. - A bug concerning file truncating when STORing has been fixed. Max-Wilhelm Bruker -> 1.0.20 - The FEAT function has been implemented. - A permission bug in the STOR function has been fixed. - The UMASK configuration option can now be used directory-specifically. - The EPSV and EPRT functions have been implemented, making IPv6 support possible somewhere in the future. Max-Wilhelm Bruker -> 1.0.19 - The NLST function has been made usable again. There has been an unnoticed bug in it since the globbing function has been implemented. - The XCWD, XCUP, XMKD, XRMD and XPWD functions have been implemented as aliases to CWD, CDUP, MKD, RMD and PWD. - The documentation is now in the SGML format, making it more extensible, hopefully. - The DATAPORT20 configuration option has been added. If set to yes, the server will open data connections from port 20, which should make firewall users happier. Max-Wilhelm Bruker -> 1.0.18 - The configuration file has been restructured. See README for details. - The PORT configuration option has been added, allowing you to change the port number the daemon should listen on (only for daemon mode). - A workaround for the /*/../* vulnerability mentioned on Bugtraq has been added, although it's not the right thing to do, really. - Compatibility to Solaris 8 has been improved. Josh Woodcock and Michael Smirnov gave some hints. - The CONTROL_TIMEOUT configuration option has been added. You can now say after how many seconds of idle time users should be kicked. - Hashes (#) in /etc/passwd and /etc/group are now supported as comments. This improves FreeBSD compatibility, I'm not sure about other systems. Max-Wilhelm Bruker -> 1.0.17 - A globbing bug was fixed, making Midnight Commander able to connect to bftpd. - A bug which appeared when doing LIST if a group line in /etc/group had more than 256 characters was fixed. - /etc/shells and /etc/ftpusers authentication were implemented by Christophe Bailleux. - You can now indent your configuration options with tabulators. - A small problem with the ip_conntrack_ftp kernel module has been fixed, which was the fault of ip_conntrack_ftp. It was found by Erik Hensema . - ASCII transfer mode has been implemented. - You can now prevent a user from executing specific commands by using the ALLOWCOMMAND_XXXX=no option. Max-Wilhelm Bruker -> 1.0.16 - .tar and .gz on-the-fly support has been implemented. Look in the README file if you want to do that. - Supplementary group IDs are now initialized correctly. - PORT commands now check if the supplied IP address really belongs to the client, so that an attacker can't make the server connect to a machine in its LAN. - A bug making the wtmp logging system unusable under BSD systems was fixed. - A bug making the server crash when logging in a non-existent user with ANONYMOUS_USER enabled was fixed. - A patch supplied by Christophe Bailleux was applied, changing the following: - Spaces after a command in each command string are removed. - The HELP command was implemented. - CWD to ~ now works. Max-Wilhelm Bruker -> 1.0.15 - You can override the default path to the config file with the command line parameter '-c'. - wtmp logging was implemented, so that bftpd logins show up in commands like 'last'. - You can have bftpd bind to only one interface, for example, if you want to run an FTP proxy server on the same port on another network interface. - The LIST and NLST commands now support globbing. - A security problem in the syslog code was fixed. Max-Wilhelm Bruker -> 1.0.14 - A lot of bugs found by Christophe Bailleux have been fixed, as always. - bftpd can now cope with special characters, such as umlauts. - SITE commands are now disabled by default. - A bug preventing resolution of GIDs on some systems has been fixed. - Debian packages are now built for every new version. - You can now specify if any password should fit for a particular user, so that you don't have to set a user's password to nothing (security). - You can now turn off chroot() for particular users. Max-Wilhelm Bruker -> 1.0.13 - David L. Nicol tested bftpd on Tru64. He also improved the character filtering routine. - Some RFC incompliance was fixed, improving compatibility with FTPExplorer and LeechFTP. - The SIZE command was implemented. - A bug making the server segfault when being killed was fixed. - A buffer overflow bug found by asynchro , Jonathan Heusser and Christophe Bailleux was fixed. - The SITE CHMOD and SITE CHOWN commands were implemented. You can turn them off in the config file. - A lot of useful changes proposed by Heiko Rother were made: - Standalone mode, independent from inetd - Better support for symbolic links - Display of user/group name instead of UID/GID - Ability to set the umask - Ability to log into syslog Max-Wilhelm Bruker -> 1.0.12 - SmartFTP support was improved (parameters to LIST beginning with - are discarded). - A buffer overflow bug found by Christophe Bailleux was fixed. Max-Wilhelm Bruker -> 1.0.11 - PAM support was implemented. Specify --enable-pam while starting configure to use it. - You can now specify users who should be unable to log in. Max-Wilhelm Bruker -> 1.0.10 - Applied a big patch from Daniel Mack that makes some things better, for example virtual host support, a FreeBSD correction for the directory listings, etc. - The MDTM command was implemented. Max-Wilhelm Bruker -> 1.0.9 - Fixed another bug preventing successful running on Solaris. - Implemented "message of the day". - Fixed an evil bug in string substitution. - Fixed a bug causing the server to crash when listing an empty directory. - The NLST command was implemented. Max-Wilhelm Bruker -> 1.0.8 - Fixed a bug that caused StarOffice not to work. - Removed the use of a non-Posix function that prevented compiling on Solaris. - Implemented an option to let root have / as his home directory independent of his real one. Max-Wilhelm Bruker -> 1.0.7 - The PASV command was implemented. Max-Wilhelm Bruker -> 1.0.6 - bftpd also compiles on FreeBSD and Solaris. - Aliases for users can be set. - Error messages are now printed correctly. - "In bftpd.conf you can define if you want bftpd to use /etc/shadow" was removed again because it was stupid. - Ratio was added. Max-Wilhelm Bruker -> 1.0.5 - ls-independant directory listing was implemented. You don't need special directories or files in your home directory any longer. - Compiling works with configure for portability reasons now. - bftpd also compiles on BSD/OS and DG-UX. - The name of the log file can now be set in bftpd.conf. - The RMD command was implemented. - Internet Explorer and Netscape compatability was improved. - The REST command was implemented. - The ABOR command was implemented (but with very stupid code!). - In bftpd.conf you can define if you want bftpd to use /etc/shadow. Max-Wilhelm Bruker -> 1.0.4 - Logging was implemented. - A wrong error number for 'Permission denied' was fixed. Max-Wilhelm Bruker -> 1.0.3 - A config file and two options have been implemented: You can disable the server and you can disable .ftp. Max-Wilhelm Bruker -> 1.0.2 - It is now checked if .ftp is a symbolic link so that users don't link .ftp to /.