changes

wu-ftpd类unix下的ftp服务器,可用于嵌入式系统

 
  Copyright (c) 1999,2000,2001 WU-FTPD Development Group.  
  All rights reserved.
  
  Portions Copyright (c) 1980, 1985, 1988, 1989, 1990, 1991, 1993, 1994
    The Regents of the University of California.
  Portions Copyright (c) 1993, 1994 Washington University in Saint Louis.
  Portions Copyright (c) 1996, 1998 Berkeley Software Design, Inc.
  Portions Copyright (c) 1989 Massachusetts Institute of Technology.
  Portions Copyright (c) 1998 Sendmail, Inc.
  Portions Copyright (c) 1983, 1995, 1996, 1997 Eric P.  Allman.
  Portions Copyright (c) 1997 Stan Barber.
  Portions Copyright (c) 1997 Kent Landfield.
  Portions Copyright (c) 1991, 1992, 1993, 1994, 1995, 1996, 1997
    Free Software Foundation, Inc.  
 
  Use and distribution of this software and its source code are governed 
  by the terms and conditions of the WU-FTPD Software License ("LICENSE").
 
  If you did not receive a copy of the license, it may be obtained online
  at http://www.wu-ftpd.org/license.html.
 
  $Id: CHANGES,v 1.44.2.1 2001/11/29 17:25:33 wuftpd Exp $


Changes in 2.6.2: Released 29 Nov, 2001

 o  Added checks for missing "]" and "}" in filename globs, this completes
    the file globbing heap corruption vulnerability fix.

 o  Added checks to the globbing code for overflow of restbuf, and additional
    globerr setting and checking to speed up return on error.

 o  Changed the globbing code to use qsort, much faster when sorting a large
    number of strings.

 o  Handle ftpglob() returning a vector containing just a NULL string, fixes
    problems caused by CWD ~{

 o  Somehow the fix for pasv-allow didn't actually make it into 2.6.1

 o  Provide a compile-time option to revert NLST to showing directories.

 o  Fix missing format strings in debugging code.

Changes in 2.6.1: Released 2 Jul, 2000

 o  Fix security leaks that could result in a root shell compromise.

 o  Fix memory leaks in internal ls (this feature still needs more testing;
    you should probably not use it on high-traffic production servers yet.)

 o  Fix up the port-allow command in ftpaccess.

 o  Merge in the virtual passwd/virtual shadow features of BeroFTPD.

 o  Some fixes to the configure script.

 o  SITE MINFO was missed in 2.6.0 when disabling SITE NEWER.

 o  Fix documentation of data-limit.

Changes in 2.6.0: Released 18 Oct, 1999

 o  On sigpipe, always log a lost connection.

 o  Added a log message on attempts to download files marked unretrievable.

 o  The SITE NEWER feature has been disabled.  A compile-time option has been
    added to re-enable it.  See config.h.noac for more information on this.

 o  With restricted-uid/gid, CWD to a non-existant directory would display the
    full pathname rather than just relative to the user's home.  Actually, the
    fix catches most cases where this could occur, not just the CWD verb.

 o  Fixed a bug in the restricted-uid/gid feature which could allow access
    outside the user's home directory in some cases.

 o  Bumped MAXHST (max. hosts allowed on a line) for ftphosts from 10 to 12.
    Fixed a bug related to this which can cause the server to crash checking
    host access.

 o  The internal ls (see below) was judged to be unready.  It has been disabled
    by default but can be enabled with a compile-time option for those who wish
    to attempt to debug it (be warned, it has a lot of problems).

 o  Split the "bad shell or user not in ftpusers" syslog message into two
    messages to prevent confusion.

 o  Filename globs for LIST, NLST and SITE EXEC, as well as a few internal
    uses, are cleaned up before processing.  For example: */./../* becomes
    just *.  This prevents certain memory starvation DoS attacks.

 o  Corrections for RFC compliance can break some clients.  If possible, the
    broken client should be updated, but a compile-time option has been
    added.  See the config.h.noac for more information on this.

 o  Created doc/HOWTO directory and moved VIRTUAL.FTP.SUPPORT and 
    upload.configuration.HOWTO there.

 o  Add a README.AUTOCONF file describing the autoconf build in detail.

 o  UC, Berkeley, has removed the requirement that all advertising material
    must include credit to them.  Removed the clause from the LICENSE and
    the historical licenses in the COPYRIGHT file.

 o  Added the email-on-upload feature from BeroFTPD.  See the ftpaccess man
    page for defaults on these added ftpaccess clauses:

        mailserver <hostname>
        incmail <emailaddress>
        mailfrom <emailaddress>
        virtual <address> incmail <emailaddress>
        virtual <address> mailfrom <emailaddress>
        defaultserver incmail <emailaddress>
        defaultserver mailfrom <emailaddress>

 o  Redhat added the -I option to disable RFC931 (AUTH/ident).  Added to
    the baseline so Redhat users don't see a loss of a feature.  Setting
    the timeout for rfc931 to zero will do the same thing in the ftpaccess
    file.

 o  The test for whether restricted-uid/restricted-gid applied should have
    been done before the chroot so it used the system /etc/passwd and
    /etc/group files.

 o  CDUP when you were already at the home directory, would complain about
    you being restricted (if you were).  Instead it should give a positive
    reply, and do nothing.  This makes it behave more like CDUP when you're
    not restricted to your home directory.

 o  deny-uid and deny-gid were being tested for anonymous users.  Bad move,
    it's too easy to forget to allow them.  Use 'defaultserver private' to
    keep anonymous users away.

 o  Correct the operation of the NLST command.  Finally.  mget should now
    work as users expect it to.

 o  Prevent buffer overruns when processing message files.

 o  Correct a reference through a NULL pointer when doing S/Key
    authentication and the user is not in the passwd file.

 o  Check the return code from select() when setting up a data connection.
    Under some rare conditions it is possible that the select was called
    for an fd_set which has no members, hanging the daemon.

 o  Ensure a pattern of "*" matches everything.  The new path_compare (used
    on upload and throughput clauses in the ftpaccess file) sets the option
    FNM_PATHNAME, so:

        *    matches everything
        /*   matches everything
        /*/* matches /dogs/toto and /dogs/toto/photos but not /dogs

 o  setproctitle() support added for UnixWare.

 o  Removed all FIXES files.  Merged their contents into this CHANGES file
    (the one you're reading now).  The old doc/FIXES directory has been
    tar'd and will be placed in the attic when 2.6.0 releases.

 o  Corrected an error in the MAPPING_CHDIR feature which could be used to
    gain root privileges on the server.

 o  Added -V command-line option to View the copyright and exit.

 o  Added the privatepw command and documentation.

 o  Port for FreeBSD corrected.

 o  Adding the LICENSE file to the baseline.

 o  Added print_copyright function so our copyright is embedded in the
    executables.

 o  WU-FTPD Development Group copyright headers added.  Original Copyright
    headers moved into the COPYRIGHT file.

 o  RCS Ids from 2.4.x removed and new templates added for wu-ftpd.org
    usage.

 o  Make sure the signal context is restored when jumping out of signal
    handlers.  This was causing signal 11 on some systems.

 o  Cleaned up the how-to of setting up virtual hosting support.

 o  Corrected header file dependencies.

 o  Changed NLST to nlst, necessary as ftpcmd.c #defines NLST.

 o  Tidied up virtual variables.

 o  Changed so compiles cleanly on SCO OpenServer 5, UnixWare 2 and
    UnixWare 7.

 o  Anonymous users could get in even though no class was defined for them.

 o  Support for non-ANSI/ISO compilers has been removed.  You MUST have and
    ANSI/ISO C compiler.  This has been true for some time, all that has
    changed is the (incomplete) support for older (K&R) compilers has been
    removed.

 o  Added Kent Landfield's NEWVIRT scheme for extensive virutal hosting.
    See the updated documentation on virtual hosting for details.

 o  ftprestart has been added to the base daemon kit.

 o  A buffer overrun in the ftpshut command has been corrected.  Since, on
    most sites, the ftpshut command is only usable by the superuser, this
    is not considered a security issue.  If you have installed ftpshut with
    suid-root permissions (not the default), then there is the possibility
    this overrun could be used to leverage root permissions.

 o  Several new ftpaccess clauses have been added.  These allow control of
    the various timeouts used within the daemon.  The new clauses are:

        timeout accept <seconds>
        timeout connect <seconds>
        timeout data <seconds>
        timeout idle <seconds>
        timeout maxidle <seconds>
        timeout RFC931 <seconds>

 o  Myriad places where inactivity timeouts were not being properly
    detected or handled have been corrected.

	The built-in directory listings, both the original NLST and the
	build-in LIST (ls), now detect inactivity.  The original NLST did
        not which could lead to hanging daemons.

	C FILE handles for data connections are now always flushed, then
        the socket is shutdown cleanly before being closed.

	As a side effect, the daemon now more often properly detects
	incomplete transfers.  This can lead, though, to the xferlog
	showing the correct byte count (meaning the daemon read or wrote
	that many bytes over the data connection), but still log the
	transfer as incomplete (meaning the socket did not properly
        shutdown so the client probably missed some data).

 o  The daemon no longer attempts to replace the system's <arpa/ftp.h>
    header when compiling.  Instead, it uses its own local copy at all
    times.

 o  The daemon will now wait for the transfer to complete before sending
    'Transfer complete' or similar messages.  This improves the daemon's
    reliability for poorly written clients which take recipt of the message
    as indication the transfer has completed rather than reading until the
    connection closes.

 o  Guest and anonymous logout was not recorded on Linux.  Removed call to
    updwtmp and returned to old method of updating the lastlog.

 o  Script "vr.sh" is no longer needed.  The Development Group will not be
    releasing patches to upgrade; they can be obtained from CVS if needed.

 o  "realpath_on_steroids" is no longer needed.  Removed.

 o  Use a custom version of fnmatch() which changes the rules for matching
    file and directory names.  The most visible result of this is
    noretrieve and allow-retrieve are now much more flexible.  See the
    ftpaccess manpage for examples.

 o  Use the correct SPT_TYPE for FreeBSD 2.0 or later.

 o  Correct the class= logic on the allow-retrieve clause.

 o  Enhanced DNS extensions.  This adds three ftpaccess clauses:

        dns refuse_mismatch <filename> [override]
        dns refuse_no_reverse <filename> [override]
        dns resolveroptions [options]

 o  Corrected a reference in the manpage for ftpconversions to ftpd.

 o  The string 'path-filter' is now used in the system logs to describe
    problems resulting from failing a path-filter check.  The daemon used
    to just say 'bad filename' which was misleading to some people.

 o  Added instruction on how to support PAM on Solaris.  Right now this
    means hand editing src/config/config.sol and
    src/makefiles/Makefile.sol.

 o  Checking that all platforms use config.h, src/config/config.isc was
    found to have forgotten to include the file.

 o  A security deficency on SunOS 4.1, not having a working getcwd()
    function, has been corrected by using the provided function.
    Compilation bugs in the portable getcwd() function have been corrected.

 o  The daemon will no longer hang attempting to close the RFC931 socket
    when the remote end is firewalled and does not respond to traffic for
    this protocol.  This was determined to be inappropriate handling of
    SIGALRM; handling for this signal has been cleaned up throughout the
    daemon.

 o  The daemon may now be built using GNU autoconf.  This is in the early
    stages and not all platforms may be supported.  The old build system
    will be maintained for at least the 2.6.0 release; until the major
    platforms are all known to be supported.

 o  Two new ftpaccess clauses have been added.  These allows the site admin
    to selectively allow PORT and PASV data connections where the remote IP
    address does not match the remote IP address on the control connection.
    The new clauses are:

        port-allow <class> [<addrglob> ...]
        pasv-allow <class> [<addrglob> ...]

 o  The daemon now includes an internal 'ls' command.

 o  Ported to Mac OS/X.

 0  Added (limited) support for AFS and DCE user authentication.  This is
    only know to work on AIX, and needs porting to other platforms.  For
    now, this requires hand work to enable.

 o  Added an ftpaccess clause to enable TCP keepalives.  This clause is:

        keepalive <yes|no>

 o  You can now specify the xferlog filename for the default server just as
    you can for the virtual hosts; in the ftpaccess file.  The new clause
    is:

        xferlog <absolute path>

 o  ftpaccess manpage cleaned up.  Many typos corrected, some techincal
    changes.  Indentation should now be correct.

 o  Apache's .indent.pro to the src and support directories.  Ran all *.c
    and *.h files through it.  ftpcmd.y has been indented by hand.  The
    code is now a lot more readable!