1 2----------------------------------------------------------------------------- 3 More details on the bugs listed below can be found by using the bug number 4 indicated in the following URL: 5 6 http://bugs.proftpd.org/show_bug.cgi?id=N 7 8 where `N' is the bug number. 9 10 If the issue listed below mentions "Issue" instead of "Bug", the number 11 there references a GitHub issue, which can be found using a URL like: 12 13 https://github.com/proftpd/proftpd/issues/N 14 15 where `N' is the issue number. 16----------------------------------------------------------------------------- 17 181.3.7c - Released 29-Aug-2021 19-------------------------------- 20- Issue 1273 - Improve mod_tls log messages for unsupported older TLS protocol 21 requests. 22- Issue 1284 - Fix memory disclosure to RADIUS servers by mod_radius. 23- Issue 1282 - Properly handle <VirtualHost> sections that use interface/device 24 names. 25- Issue 1300 - PCRE expressions with capture groups are not being handled 26 properly. 27- Issue 1307 - AuthUserFile permissions check fails during SIGHUP, causing 28 ProFTPD to stop. 29 301.3.7b - Released 13-Jun-2021 31-------------------------------- 32- Issue 1063 - FTPS data transfers using TLSv1.3 might segfault when session 33 tickets cannot be decrypted. 34- Issue 1070 - Implement support for Redis 6.x AUTH semantics. 35- Bug 4405 - Memory use-after-free in mod_sftp causes unexpected 36 login/authentication issues. 37- Issue 1079 - prxs fails to detect module-specific configure/Makefile, 38 leading to unexpected module load errors. 39- Issue 1074 - TLS SNI connections to name-based VirtualHosts with 40 TLSCertificateChainFile fail unexpectedly. 41- Issue 1106 - TLS SNI can cause mod_quotatab to crash due to null pointer 42 dereferences. 43- Issue 1076 - TLS client-initiated renegotiations are supported unexpectedly. 44- Issue 1105 - Improper handling of multiple IP addresses, ServerAliases in 45 <VirtualHost> sections. 46- Issue 1149 - mod_quotatab_sql failing due to SQL syntax errors. This is 47 a regression caused by Issue #392. 48- Issue 1061 - Freeing uninitialized memory causes SFTP issues with ed25519 49 keys. 50- Issue 1111 - "Corrupted MAC on input" errors using SFTP umac-64@openssh.com 51 digest. 52- Issue 1171 - PassivePort randomization is broken due to SO_REUSEPORT option. 53- Issue 1134 - AuthUserFile-based logins, directory listings are very slow due 54 to unbuffered reads. 55- Issue 1193 - Improper checking for reused TLS session for data transfers 56 using OpenSSL 1.1.1. 57- Issue 1168 - Improve error handling of OpenSSH host keys converted to PEM 58 format. 59- Issue 1179 - TLSRSACertificateKeyFile sanity checks fail unexpectedly for 60 passphrase-protected keys. 61- Issue 1174 - ftptop segfaults when using libncursesw on Gentoo. 62- Issue 1204 - Once TLSTimeoutHandshake is reached, internal "timed out" flag 63 never reset. 64- Issue 1207 - On Gentoo, "./configure --disable-ncurses" fails to link ftptop, 65 due to "undefined reference to symbol 'stdscr'" error. 66- Issue 1212 - mod_sql_mysql needs to quote table names due to reserved MySQL 67 keywords. 68- Issue 754 - Some mod_snmp counters were not being incremented properly. 69- Bug 4428 - <VirtualHost> name resolution does not include all associated 70 IPv6 records. 71- Issue 1230 - Stack overflow due to unlimited recursion possible when parsing 72 JSON text. 73- Issue 1232 - Unable to use %{env:FTPS} in a SQLNamedQuery. The fix is to now 74 use %{note:FTPS} instead. 75 761.3.7a - Released 21-Jul-2020 77-------------------------------- 78- Issue 1055 - Fix build-time regression when using the --localstatedir 79 configure option. 80 811.3.7 - Released 20-Jul-2020 82-------------------------------- 83- Issue 1027 - mod_ldap crashes at ldap_mod_init(). 84- Issue 1038 - Support the SOURCE_DATE_EPOCH environment variable, for 85 reproducible builds. 86- Issue 1043 - Invalid SCP command leads to null pointer dereference. 87 881.3.7rc4 - Released 30-May-2020 89-------------------------------- 90- Bug 4376 - mod_sftp incorrectly handles SFTP protocol version 5/6 91 disposition flag. 92- Issue 908 - mod_sql_passwd fails to compile on FreeBSD due to timingsafe_bcmp 93 function. 94- Issue 907 - Implemented support for RSA SHA-2 publickey signatures in 95 mod_sftp, per RFC 8332. 96- Issue 912 - Support logging of data transfer remote ports in ExtendedLog. 97- Issue 317 - Implement pread(2), pwrite(2) FSIO API. 98- Issue 857 - Fixed regression in the handling of `%{env:...}` configuration 99 variables when the environment variable is not present. 100- Issue 940 - Second LIST of the same symlink shows different results. 101- Bug 4394 - LogFormat %a gives local server IP address instead of remote 102 client IP address. 103- Issue 946 - Improve handling of ldaps URLs, LDAPUseTLS directive in mod_ldap. 104- Issue 82 - Support configurable certificate settings in LDAP SSL/TLS 105 connections. 106- Issue 947 - Support use of SASL auth mechanisms for LDAPBindDN binds. 107- Issue 954 - Support buggy/ill-behaved FTPS client shutdown behavior for CCC 108 command. 109- Issue 959 - FTPS uploads using TLSv1.3 are likely to fail unexpectedly. 110- Issue 682 - IPv6 addresses not properly parsed in From directives, causing 111 unexpected <IfClass> mismatches. 112- Issue 964 - Unable to load mod_sftp, mod_sql_passwd as shared modules on 113 Alpine. 114- Issue 968 - Require TLSv1.3 data connection sessions to reuse same session as 115 control connection for TLSv1.3 session tickets. 116- Issue 366 - ftptop should support batch mode. ftptop now supports -b and -n 117 command-line options, like top(1). 118- Issue 808 - ProFTPD should ignore supplemental groups when run as a non-root 119 user. 120- Issue 980 - mod_sftp sends broken response when CREATETIME attribute is 121 requested. 122- Bug 4390 - Implement keepalive support for mod_sql/database connections. 123- Issue 693 - mod_sftp unsuccessful login count issues on AIX. 124- Issue 984 - Do not send EXT_INFO messages to SSH clients which did not 125 signal "ext-info-c". 126- Issue 983 - Use re-entrant versions of time functions where available. 127- Bug 4398 - Handle zero-length SFTP WRITE requests without error. 128- Bug 4185 - Implement options for tuning fields used in syslog/module logging. 129- Issue 1010 - Allow ban entries to apply to all <VirtualHost> sections. 130- Issue 1018 - PidFile should not be world-writable. 131- Issue 1014 - TLSv1.3 handshake fails due to missing session ticket key on 132 some systems. 133- Issue 1023 - Lowercased FTP commands not properly identified. 134 1351.3.7rc3 - Released 20-Feb-2020 136-------------------------------- 137- Issue 810 - mod_tls does not compile with LibreSSL 2.9.x. 138- Issue 750 - MaxClientsPerUser not enforced for SFTP logins when mod_digest 139 enabled. 140- Issue 850 - mod_tls should honor SNI in TLS handshake. 141- Issue 692 - Support bcrypt passwords in mod_sql_passwd. 142- Issue 793 - mod_sftp does not support OpenSSH-specific private key format. 143- Bug 4221 - Add support for ssh-ed25519 keys. 144- Issue 863 - Directory listing is slower compared to previous ProFTPD versions. 145- Issue 859 - Improper handling of TLS CRL lookups. 146- Bug 4340 - "SocketOptions keepalive off" does not disable TCP keepalive on 147 control connection. 148- Issue 870 - Leaking PAM handler and data in case of unsuccessful 149 authentication. 150- Bug 4385 - SSH authentication fails for many clients due to receiving of 151 SSH_MSG_IGNORE packet. 152- Issue 872 - Show PathAllowFilter, PathDenyFilter failure in system logging. 153 Commands denied by these Filter directives are now logged at the NOTICE 154 level in the system logging. 155- Bug 4382 - Incorrect %F SQLLog with SFTP, not FTP, uploads. 156- Issue 882 - mod_sql "named connection already exists" error when using 157 name-based virtual hosts. 158- Issue 890 - SFTP publickey authentication fails unexpectedly when user has 159 no shadow password info. 160- Issue 898 - ftpasswd fails to restore password file permissions in some cases. 161- Issue 903 - Use-after-free vulnerability in memory pools during data transfer. 162- Issue 902 - Out-of-bounds read in mod_cap getstateflags() function. This 163 happens because of an out-of-date libcap version; we now rely solely on the 164 system-provided libcap library. 165 1661.3.7rc2 - Released 19-Oct-2019 167-------------------------------- 168- Issue 846 - Remote denial-of-service due to issue in network IO handling 169 (CVE-2019-18217). 170 1711.3.7rc1 - Released 12-Oct-2019 172-------------------------------- 173- Bug 4304 - Configure script wrongly detects AIX lastlog functions. 174- Bug 3127 - ProFTPD does not build when configure is run from directory other 175 than source directory. 176- Bug 4279 - Disable Blowfish, RC4, RIPE-MD160 SSH2 algorithms by default. 177- Bug 4306 - AllowChrootSymlinks off could cause login failures depending on 178 filesystem permissions. 179- Issue 269 - Disable building of mod_ident by default. 180- Issue 501 - mod_ctrls: error: unable to bind to local socket: Address already 181 in use. 182- Issue 507 - Failed to handle multiple %{env:...} variables in single word 183 in configuration. 184- Issue 515 - Support %b variable for ExecEnviron directive. 185- Issue 521 - Broken OCSP Stapling implementation fails to find issuing 186 certificate properly. 187- Issue 518 - Provide option to disable sending of fake "tryLater" OCSP 188 response. 189- Issue 519 - Improve handling of cached OCSP responses. 190- Bug 4307 - High CPU load on CWD to non existing directory. This has been 191 addressed by improving the in-memory config tree DFS algorithm to 192 short-circuit recursive searching where possible. 193- Issue 505 - Support MODE Z even for FTPS sessions. 194- Issue 351 - Support FTP RANG command. 195- Bug 4308 - mod_sftp fails to check shadow password information when publickey 196 authentication used. 197- Bug 4309 - Use of "AllowEmptyPasswords off" breaks SFTP/SCP logins. 198- Issue 534 - Support configuring multiple curves using TLSECDHCurve. 199- Bug 4310 - Use of mod_facl as static module causes ProFTPD to die on 200 SIGHUP/restart. 201- Bug 4311 - Directory creation in mod_site_misc, mod_copy does not honor 202 directory Umask. 203- Issue 445 - Remove non-functional TransferPriority directive. 204- Issue 550 - Support Redis SELECT for multiple databases. 205- Issue 396 - Support for Redis Sentinel deployments in mod_redis. 206- Issue 556 - Use of curve25519-sha256@libssh.org SSH2 key exchange sometimes 207 fails. 208- Issue 536 - Support TLSv1.3 (assuming OpenSSL support). 209- Bug 4312 - Close extra file descriptors at startup. 210- Bug 4314 - <Anonymous> with AuthAliasOnly in effect does not work as expected. 211- Issue 568 - CreateHome NoRootPrivs only works partially. 212- Bug 4313 - ExtendedLog incorrectly/unexpectedly logs unknown/unsupported 213 commands. 214- Issue 578 - SFTP OPEN response includes attribute flags that are not actually 215 provided. 216- Bug 4318 - Truncation of file while being downloaded with sendfile enabled 217 causes timeouts due to infinite loop. 218- Bug 4320 - Confusing mod_sftp log message "disconnected by user (Application 219 error)" changed to "(Application disconnected)". 220- Bug 4241 - RootRevoke should be on/true by default. 221- Bug 4281 - Redesign support for Backend SQLAuthType for MySQL. If the MySQL 222 client library cannot support the SQLAuthType Backend, mod_sql_mysql will 223 emit a warning on startup. 224- Bug 4319 - FTP uploads frequently break due to "Interrupted system call" 225 error. 226- Issue 618 - Site-to-site transfers over TLS fail. 227- Bug 4322 - Can't see symlinks using any FTP client when using MLSD. 228- Issue 610 - Generate new DH parameters for mod_tls, mod_sftp for 1.3.7. 229- Bug 4325 - mod_tls 1.3.6 fails to compile using OpenSSL 0.9.8e. 230- Bug 4326 - Using MaxClientsPerHost 1 in <Anonymous> section denies logins. 231- Issue 642 - SQLNamedConnectInfo with different backend database does not work 232 properly. 233- Issue 654 - mod_sql_sqlite should error if configured SQLite database does 234 not exist. 235- Issue 656 - Segfault with mod_sftp+mod_sftp_pam after successful 236 authentication using keyboard-interactive method 237- Issue 660 - autoconf always fails to detect support for FIPS. 238- Issue 663 - SFTP connections fail when using "arcfour256" cipher. 239- Bug 4335 - mod_auth_otp fails to build with OpenSSL 1.1.x. 240- Bug 4341 - scp broken on FreeBSD 11. 241- Issue 676 - SQLLog for SCP: %{file-size} is not available. 242- Issue 674 - Update mod_sftp to handle changed APIs in OpenSSL 1.1.x releases. 243- Bug 4356 - Infinite loop possible in mod_sftp's set_sftphostkey() function. 244- Bug 4352 - Some ASCII text files corrupted when downloading. 245- Issue 797 - Properly use the --includedir, --libdir configure variables in 246 the generated proftpd.pc pkgconfig file. 247- Bug 4350 - Reading invalid SSH key from database results in 248 unexpected/unlogged disconnect failures. 249- Bug 4332 - Symlink navigation broken after 1.3.6 update. The changes for 250 Bug#4219 have been rolled back. 251- Issue 795 - Unable to connect to ProFTPD using TLSSessionTickets and TLSv1.3. 252- Bug 4372 - SITE CPFR/CPTO do not honor <Limit> configurations. 253- Issue 807 - Using "TLSProtocol SSLv23" does not enable all protocol versions. 254 2551.3.6 - Released 09-Apr-2017 256-------------------------------- 257- Bug 4284 - SITE UTIME not working with group permissions. 258- Bug 4289 - LDAPSearchScope does not alter search scope as expected. When 259 the LDAPServer directive is used with LDAP URLs, the LDAPSearchScope should 260 not be used; the handler was failing to handle this case properly. 261- Bug 4285 - In AIX, log failed logins so that user accounts can be locked by 262 the OS after multiple failed login attempts. 263- Added mod_wrap2_redis to the contrib/ modules directory. 264- Bug 4295 - AllowChrootSymlinks off does not check entire DefaultRoot path 265 for symlinks (CVE-2017-7418). 266- Bug 4299 - TimeoutLogin not working for SFTP connections. 267 2681.3.6rc4 - Released 15-Jan-2017 269-------------------------------- 270- Bug 4283 - All FTP logins treated as anonymous logins again. This is a 271 regression of Bug#3307. 272 2731.3.6rc3 - Released 14-Jan-2017 274-------------------------------- 275- Bug 4222 - Add support for curve25519-sha256@libssh.org key exchange. 276- Bug 4186 - ProFTPD creates name-based vhost when it should not. 277- Bug 4233 - Support enforcing minimum key lengths for SFTP/SCP. 278- Bug 4235 - Recursive SCP uploads of directories fail with "No such file or 279 directory". 280- Bug 4154 - Support for scrypt in mod_sql_passwd. This also includes 281 support for Argon2, assuming use of libsodium-1.0.9 or later. 282- Bug 4237 - Corrupted ASCII uploads. The refactoring work for Bug#4151 had 283 introduced a bug in the handling of ASCII uploads, now fixed. 284- Bug 4220 - Support reading geoip filters from SQL databases. 285- Bug 4242 - Using mod_memcache results in segfault (signal 11). Caused by 286 a bug in libmemcached-1.0.18 and earlier. 287- Bug 4244 - Long-running sessions consume memory continuously. 288- Bug 4248 - ALLO command failed unexpectedly. 289- Bug 4247 - ProFTPD runs out of memory when listing very large directories 290 (e.g. over 400GB). 291- Bug 4254 - SSH rekey during authentication can cause issues with clients. 292- Bug 4257 - Recursive SCP uploads of multiple directories not handled properly. 293- Bug 4252 - Clients sometimes receive extra 450 response on ABOR. 294- Bug 4259 - LIST returns different results for file, depending on path syntax. 295- Bug 4255 - "AuthAliasOnly on" in server config breaks anonymous logins. 296- Bug 4240 - Support OpenSSL 1.1.x API. 297- Bug 4262 - SITE CPTO returns 250 even when the copy operation fails due to 298 the user's quota being exceeded. 299- Bug 4263 - SITE CPTO terminated by TimeoutIdle. 300- Bug 4265 - Omit version information from ServerIdent banner by default. 301- Bug 4264 - Support larger fixed DH groups in SSH key exchange. 302- Bug 3849 - Allow wildcarded directory names in Include patterns. 303- Bug 3662 - Allow SIZE command while in ASCII mode via build-time option. 304- Bug 4272 - CapabilitiesEngine directive not honored for <IfUser>/<IfGroup> 305 sections. 306- Bug 4267 - NLST should allow for sorted output. The ListOptions directive 307 now supports a SortedNLST flag for such use cases. 308- Bug 4260 - Restarting server fails when using password-protected SSL 309 certificates and no TLSPassPhraseProvider. 310- Bug 4216 - SSH rekeying causes invalid packet due to interrupting timer. 311- Bug 4278 - Memory leak when mod_facl is used. 312 3131.3.6rc2 - Released 10-Mar-2016 314-------------------------------- 315- Bug 4187 - mod_geoip does not load all of the GeoIPTables properly. 316- Bug 4167 - CR/LF characters are not supported in filenames. 317- Bug 4188 - Support filtering based on country code and regional code in 318 mod_geoip. 319- Bug 4151 - FTP ASCII mode conversion algorithm is painfully slow. 320- Bug 4139 - Support rejecting empty passwords. See new AllowEmptyPasswords 321 directive. 322- Bug 4189 - Support protocol exclusion via TLSProtocol directive. 323- Bug 4153 - Support requiring multiple SSH authentication methods. 324- Bug 4191 - "Incorrect string value" reported by mod_sql_mysql for some UTF8 325 characters. 326- Bug 4097 - SSH rekey fails when using RSA hostkey smaller than 2048 bits. 327- Bug 4198 - MLSD/MLST fact type "cdir" is incorrectly used for the current 328 working directory. 329- Bug 4201 - HiddenStores temporary files not removed when exceeding quota 330 using SCP. 331- Bug 4202 - MLSD lines not properly terminated with CRLF. 332- Bug 4209 - Zero-length memory allocation possible, with undefined results. 333- Bug 4210 - Avoid unbounded SFTP extended attribute key/values. 334- Bug 4104 - Handle MasqueradeAddress resolution errors due to startup 335 sequencing. 336- Bug 4056 - Support using JSON when storing ban information in memcached. 337- Bug 4057 - Support using JSON when storing TLS session information in 338 memcached. 339- Bug 4212 - Ensure that FTP data transfer commands fail appropriately when 340 "RootRevoke on" is in effect. 341- Bug 4175 - Support for OCSP stapling. 342- Bug 4176 - Support for TLS session tickets. 343- Bug 4200 - Support TLS client configuration for SQL servers. 344- Bug 4213 - Deprecate the NoCertRequest TLSOption. 345- Bug 4214 - Allow UseEncoding to be set on a per-user basis. 346- Bug 4217 - Handle FTP re-authentication attempts better. 347- Bug 4218 - Support a LogFormat variable for logging command duration in 348 milliseconds. 349- Bug 4223 - Permissions on files uploaded via STOU do not honor configured 350 Umask. 351- Bug 4219 - Better handling of symlinks when chrooted. 352- Bug 4224 - Prohibit FTP indexing by web crawlers via auto-generated 353 robots.txt. 354- Added mod_auth_otp, mod_digest, mod_statcache to the contrib/ modules 355 directory. 356- Bug 4227 - Support SFTP clients that send multiple INIT requests. 357- Bug 4230 - TLSDHParamFile directive appears ignored because unexpected DH is 358 chosen. 359 3601.3.6rc1 - Released 27-May-2015 361-------------------------------- 362- Bug 4055 - "error setting listen fd IPV6_TCLASS: Protocol not available" log 363 message. 364- Bug 3944 - Session closed if active data transfer fails due to "Address 365 already in use" error. 366- Bug 3983 - Change default SyslogLevel to be NOTICE rather than DEBUG. 367- Bug 3990 - Use 213 response code for STAT on a file. STAT on a directory 368 now results in a 212 response code as well, per RFC 959. 369- Bug 4061 - SNMPAgent should support multiple addresses, including IPv6 370 addresses. 371- Bug 4062 - Support PID variable in HiddenStores filename. 372- Bug 4065 - mod_sftp should provide the SSH client banner as environment 373 variable, for logging. 374- Bug 4067 - Create ExtendedLog class for SFTP requests. 375- Bug 4068 - MaxClients directive doesn't work for <Anonymous> sessions. 376- Bug 4069 - NLST -a shows / directory instead of the current directory. 377- Bug 4063 - Unable to create directory on NFS/CIFS partition: Permission 378 denied. 379- Bug 4073 - Polycom VOIP phones unable to use FTPS data transfers. 380- Bug 4070 - Support wider range of causes of authentication failure. 381- Bug 4077 - ShaperLog not closed/reopened on SIGHUP, causing log rotation 382 problems. 383- Bug 4076 - Ability to disable mod_exec on a per-directory basis. 384- Bug 4079 - Invalid response encoding for SFTP space-available request. 385- Bug 4080 - mod_sftp does not implement SFTP LINK request properly. 386- Bug 4083 - Using SQLDefaultHomedir with null home results in "No such user". 387- Bug 4084 - "NLST *" returns files from subdirectories. 388- Bug 4081 - Not possible to create relative symlinks with SFTP. 389- Bug 4087 - mod_sftp does not handle "MaxLoginAttempts none" properly. 390- Bug 4089 - mod_sftp does not allow multiple attempts using a given 391 authentication method. 392- Bug 4090 - mod_wrap2_file does not support IPv6 addresses properly. 393- Bug 4091 - Log "Operation not permitted" privs errors at NOTICE rather than 394 ERROR. 395- Bug 4093 - Improve mod_sftp handling of missing packet payloads. 396- Bug 4050 - Use of PIPE_BUF causes build failure on platforms without it. 397- Bug 4020 - Add minimum delay options to mod_delay functionality. 398- Bug 4030 - Cache negative/failed Auth API name/ID lookups. 399- Bug 4094 - Available space on file system using %f displays wrong value. 400- Bug 4012 - Failure to build mod_tls when using static libcrypto due to libdl 401 linker errors. 402- Bug 4098 - mod_sftp unable to use SFTPHostKey due to being group readable in 403 CentOS 7. 404- Bug 4108 - SSL handshakes for data connections sometimes stall for 3-30 405 seconds. 406- Bug 4109 - setsockopt() call for IPV6_TCLASS should use IPPROTO_IPV6. 407- Bug 4110 - proftpd on Solaris should use /dev/conslog instead of /dev/log. 408- Bug 4114 - mod_tls should not support SSLv3 by default. 409- Bug 4112 - Failure to connect using mod_sftp sometimes due to too-small 410 buffers. 411- Bug 4035 - HiddenStores file not renamed every time. 412- Bug 4116 - Report exact SSL/TLS protocol version used in client connections. 413- Bug 4124 - DeleteAbortedStores defaults to "on" for all transfers, not just 414 HiddenStores. 415- Bug 4129 - mod_sql caches incorrect UID/GID when name cannot be retrieved. 416- Bug 4130 - Support the 3-timestamp form of SITE UTIME. 417- Bug 4131 - mod_sftp's autoconf script does not detect OpenSSL SHA2 support. 418- Bug 4058 - Create a 'timing' trace channel, for timing-related data. 419- Bug 4125 - mod_lang should provide way to reject illegally-encoded filenames. 420- Bug 4060 - Support unsorted LIST entries (-U) to decrease memory/CPU usage 421 for large directory listings. 422- Bug 4133 - LDAPUsers directive does not honor uid-number-filter-template 423 parameter. 424- Bug 4137 - GeoIPDenyFilter incorrectly takes precedence over GeoIPAllowFilter. 425- Bug 4138 - Support for hex-encoded salts in mod_sql_passwd. 426- Bug 4140 - SFTP READLINK requests to symlinks to directories fail. 427- Bug 4143 - HTTPS/FTPS protocol confusion leads to XSS. 428- Bug 4144 - Support APPE when HiddenStores are enabled. 429- Bug 4031 - Support JSON output format for ftpwho. 430- Bug 4145 - Segfault if AuthUserFile is a relative symlink. 431- Bug 4152 - Reduce logging of non-fatal "unable to open incoming connection" 432 errors. 433- Bug 4155 - SSH keys with too-long Comment headers aren't recognized by 434 mod_sftp_sql. 435- Bug 4159 - Support ability to disable ASCII translation transparently to FTP 436 clients. 437- Bug 4156 - Segfault handling LIST/NLST FTP command on Mac OS X. 438- Bug 4160 - Malformed response to SSH_FXP_REALPATH with SFTP version 6. 439- Bug 4163 - Remove support for EXPORT grade ciphers. 440- Bug 4164 - mod_sql fails to read UID/GID values larger than 32 bits from SQL 441 tables. 442- Bug 4157 - LIST/NLST of 1000s of files is slow on some platforms. 443- Bug 4059 - Implement additional RADIUS attributes. 444- Bug 4166 - mod_sftp sessions consume large amounts of memory due to rekeying. 445- Bug 4169 - Unauthenticated copying of files via SITE CPFR/CPTO allowed by 446 mod_copy. 447- Bug 4170 - Incorrect handling of control-byte field of SSH_FXP_REALPATH as 448 bitmask rather than enumeration for SFTP protocol version 6. 449- Bug 4168 - Race condition with HiddenStores and TimeoutIdle timeout, causing 450 hidden file not to be cleaned up properly. 451- Bug 3125 - Support for Mac OS X implementation of POSIX ACLs. 452- Bug 4174 - Support for TLS-PSK (pre-shared keys). 453- Bug 4178 - TLS session reuse requirement for data connections not properly 454 enforced. 455- Bug 4184 - Remove support for "weak" Diffie-Hellman groups. 456- Bug 3289 - Support the HOST command. 457 4581.3.5 - Released 15-May-2014 459-------------------------------- 460- Bug 4018 - Implement checks for sensitive directories when chrooted. 461- Bug 4022 - "Directory not empty" error when creating directory is misleading. 462- Bug 4025 - <IfClass> sections do not work for multiple SQLLog directives. 463- Bug 4029 - TLSOptions EnableDiags logs "unknown version (771)" for 464 TLS 1.1/1.2 connections. 465- Bug 3938 - mod_wrap2 uses reverse DNS regardless "UseReverseDNS off". 466- Bug 4032 - Restarting proftpd with mod_sftp fails due to permissions on 467 SFTPHostKey file. 468- Bug 4033 - mod_sftp fails to create SSH2 session using 'none' cipher. 469- Bug 4034 - SSH publickey authentication fails with "MaxLoginAttempts 1". 470- Bug 4024 - TLS 1.1/1.2 configurable, but not properly implemented. 471- Bug 4046 - ALLO command failed because of bad size check. 472- Bug 4048 - Race condition in mod_ban can lead to segfault of all new 473 connections. 474- Bug 4049 - mod_exec should include supplemental groups when running commands 475 as logged-in user. 476- Bug 4042 - MIC command between RNFR and RNTO should not be rejected. 477- Bug 4044 - mod_facl prevents a normal SIGHUP reload. 478- Bug 4052 - Enhance SQLPasswordPBKDF2 to support per-user query for settings. 479 4801.3.5rc4 - Released 28-Jan-2014 481-------------------------------- 482- Bug 3945 - Spurious log messages at session close. 483- Bug 3946 - Null pointer dereference causes segfault when logging 484 %{transfer-status}, %{transfer-failure} LogFormat variables on EXIT. 485- Bug 3947 - LogFormat %f variable not resolved properly for SFTP renames. 486- Bug 3950 - LogFormat %d/%D variables not resolved properly for directory 487 listings. 488- Bug 3949 - RNFR/RNTO not logged as expected for SFTP EXTENDED 489 posix-rename@openssh.com requests. 490- Bug 3948 - Support FTP response codes in ExtendedLog for SFTP data transfers. 491- Bug 3858 - mod_delay allows too-large values, leading to client hang on 492 authentication. 493- Bug 3951 - Null pointer dereference for mod_ldap logins when 494 LDAPDefaultAuthScheme not configured. 495- Bug 3954 - scp downloads result in segfault. 496- Bug 3957 - ProFTPD configuration with thousands of <Directory>/<Limit> 497 sections leads to slow logins. 498- Bug 3959 - mod_sftp does not honor <Directory>/<Limit> sections when symlinks 499 are involved. 500- Bug 3958 - Directory creation does not honor single-parameter Umask setting. 501- Bug 3960 - Support the CAP_FSETID Linux capability, for preserving directory 502 SGID bit. 503- Bug 3962 - Directory creation fails (chmod(2) EPERM) when root privs are used 504 in some cases. 505- Bug 3955 - Support secure FXP (site-to-site) transfers using SSCN. 506- Bug 3966 - LogFormat %f variable not resolved for some commands. 507- Bug 3971 - Support SQLOption for ignoring client library config files when 508 needed. 509- Bug 3972 - Authentication error on Cygwin due to bad code. 510- Bug 3973 - mod_sftp can be forced to allocate too much memory for 511 keyboard-interactive authentication. 512- Bug 3974 - PathDenyFilter directive does not work as expected for SFTP 513 sessions. 514- Bug 3963 - Improve permission setting when creating directories. 515- Bug 3975 - Error printed to stderr when loading GeoIP Lite country database 516 using IndexCache flag. 517- Bug 3976 - ProFTPD terminating (signal 11) crash for GeoLiteCity-20130903 518 database lookup. 519- Bug 3964 - Support running ExecOnEvent actions with logged-in user's 520 permissions. 521- Bug 3979 - mod_sql_odbc compiler warnings on 64-bit systems using unixODBC. 522- Bug 3952 - Make PersistentPasswd default to 'off'. 523- Bug 3981 - Null pointer dereference in mod_exec with ExecOption useStdin. 524- Bug 3982 - Normalize log messages and levels. 525- Bug 3888 - Add LDAPLog directive to mod_ldap. 526- Bug 3986 - Support filesystems which do not support chmod(2)/chown(2), 527 e.g. FAT/ExFAT. 528- Bug 3991 - SSL session caching modules use incorrect OpenSSL cache mode flags, 529 breaking session caching. 530- Bug 3987 - LogFormat variable for just the filename. 531- Bug 3965 - Timeout directives have inconsistent maximum values. 532- Bug 3998 - Support IgnoreSCPUploadTimes SFTPOption. 533- Bug 3995 - ftpasswd utility should prevent concurrent modification of files. 534- Bug 3994 - ftpasswd utility should support --lock/--unlock options. 535- Bug 3970 - ProFTPD should not use fd 2 (stderr) for files. 536- Bug 3772 - Support Elliptic Curve Cryptography (ECC) certs for 537 FTPS connections. 538- Bug 3992 - RSA signature issue when connecting using PuTTY/WinSCP. 539- Bug 3996 - Handling ALLO command can result in wrong response when chrooted. 540- Bug 3876 - ExecOnEvent should be configurable per <VirtualHost>/<Global>. 541- Bug 4001 - mod_sftp fails key exchange for 8192-bit DH group. 542- Bug 4002 - Add 7680-bit DH parameter to mod_sftp bundled dhparams.pem file. 543 A 3072-bit DH group was also added. 544- Bug 4004 - IgnoreSCPUploadPerms SFTPOption not honored properly for SCP 545 directory upload. 546- Bug 4006 - RADIUS "service-type" attribute encoded with wrong length on 547 64-bit system. 548- Bug 4011 - NLST ../ shows current directory contents rather than parent 549 directory. 550- Bug 4013 - SCP upload of shorter file does not completely overwrite existing 551 file of same name. 552- Bug 4014 - CommandBufferSize should override PR_DEFAULT_CMD_BUFSZ. 553 5541.3.5rc3 - Released 14-Jun-2013 555-------------------------------- 556- Bug 3910 - Clang's scan-build warns on set[u][g]id unchecked return value. 557- Bug 3914 - 1.3.5rc2 fails to build on Solaris 10. 558- Bug 3917 - Make DeleteAbortedStores on by default when HiddenStores enabled. 559- Bug 3918 - mod_sftp segfault after SIGHUP when evaluating client banner. 560- Bug 3864 - Support SQL query to lookup/use primary key for logged-in 561 user/group. 562- Bug 3920 - Support umac-64@openssh.com digest for mod_sftp. 563- Bug 3921 - Single failed keyboard-interactive login attempt causes SSH 564 connection to close prematurely. 565- Bug 3923 - mod_cap does not revoke root privileges properly for SFTP 566 connections. 567- Bug 3926 - Support OpenSSH fsync SFTP extension. 568- Bug 3925 - SFTP directory listings are sensitive to locale environment 569 variables. 570- Bug 3924 - HideFiles does not filter symlinks. 571- Bug 3929 - pam_session_close() requires root privs on some platforms. 572- Bug 3932 - SQLAuthType Backend returns "password mismatch" for MySQL 573 PASSWORD(). 574- Bug 3934 - HideUser/HideGroup do not work as expected for virtual users. 575- Bug 3935 - scp download of nonexistent file results in client hang. 576- Bug 3927 - Default ControlsSocket created despite custom ControlsSocket path. 577- Bug 3937 - Segfault when retrieving SSH public key from LDAP directory. 578- Added new mod_snmp contrib module. 579- Bug 3939 - Disable Controls for "ServerType inetd" servers. 580- Bug 3942 - mod_sftp_sql should support multiple keys concatenated together 581 in a single column. 582- Bug 3943 - Support for PBKDF2 passwords in mod_sql_passwd. 583- Bug 3941 - RLimitProcesses causes problems with setuid/setreuid. 584 5851.3.5rc2 - Released 06-Mar-2013 586-------------------------------- 587- Bug 3859 - MLSD fails to show symlinks when ShowSymlinks is not configured. 588- Bug 3860 - Add a default deny option for mod_geoip. 589- Bug 3862 - Support for FTPS-specific MasqueradeAddress functionality. A 590 new TLSMasqueradeAddress directive has been added to mod_tls. 591- Bug 3863 - mod_sftp does not handle MaxLoginAttempts properly. 592- Bug 3865 - BanEngine not set in "server config" results in "mod_ban not 593 enabled" ftpdctl error. 594- Bug 3866 - Issuing invalid 'ftpdctl ban' request causes segfault. 595- Bug 3867 - ftpasswd fails with "Permission denied" when adding subsequent 596 passwd/group entries. 597- Bug 3868 - Only first DH param in TLSDHParamFile is used, regardless of 598 requested keylength. 599- Bug 3870 - Handling of OPTS command can lead to crash. 600- Bug 3779 - Generate new DH parameters for mod_tls and mod_sftp. 601- Bug 3871 - REALPATH SFTP request not properly handled by <Limit DIRS> 602 configuration. 603- Bug 3872 - Use HiddenStores directive to customise suffix. 604- Bug 3873 - Provide FTP response code in ExtendedLog for failed SFTP REMOVE 605 request. 606- Bug 3869 - Use longer SSL session cache expiration by default. 607- Bug 3874 - Use of O_EXCL flag on HiddenStores files might break for NFS 608 filesystems. 609- Bug 3878 - QuotaExcludeFilter not honored for uploads when 'hard' limits are 610 used. 611- Bug 3879 - Allow additional columns in SQLNamedQuery queries used for quota 612 limits and tallies. 613- Bug 3882 - DisplayLogin with an absolute path does not work properly within 614 an <IfGroup> section. 615- Added new mod_log_forensic contrib module. 616- Bug 3881 - <Directory> sections within <IfGroup> sections not applied as 617 expected. 618- Bug 3884 - Configure script not detecting MySQL make_scrambled_password 619 functions. 620- Bug 3887 - <Limit ALL> erroneously blocks the PROT command used for FTPS. 621- Bug 3819 - Second and subsequent LIST of directory with many files is very 622 slow. 623- Bug 3889 - Support millisecond timestamp LogFormat variable. 624- Bug 3891 - Allow TLSProtocol directive in <VirtualHost> and <Global> sections. 625- Bug 3753 - Support SFTP request names in <Limit> sections better. 626- Bug 3892 - mod_auth_file should have strict permission checks of configured 627 files. 628- Bug 3893 - Add SQLLogOnEvent directive, for performing SQL query on 629 configurable event. 630- Bug 3894 - ftptop doesn't work with --enable-nls. 631- Bug 3895 - Missing TransferLog entry under some out-of-space conditions. 632- Bug 3897 - mod_sftp does not handle a REALPATH request properly for SFTP 633 protocol version 6. 634- Bug 3896 - Warn when world-writable config files are used. 635- Bug 3899 - Support authentication of users based on SSL/TLS client 636 certificate. 637- Bug 3903 - With mod_log_forensic enabled, SSH connections fail randomly. 638- Bug 3905 - Handle the Linux-specific PAM_RADIO_TYPE message properly. 639- Bug 3709 - Support download-triggered emails in the ftpmail script. 640- Bug 3904 - scp downloads using glob pattern sometimes fails. 641- Bug 3900 - ProFTPD terminating (signal 11) on some sftp connections. 642- Bug 3906 - Support ban rule for clients which perform SSL/TLS handshakes too 643 frequently. 644 6451.3.5rc1 - Released 04-Jan-2013 646-------------------------------- 647- Bug 3712 - mod_wrap2/mod_load build errors: missing config.h. 648- Bug 3713 - mod_tls cannot be compiled using Openssl 0.9.6. 649- Bug 3646 - Debug logging to stderr should include timestamps and PID. 650- Bug 3714 - ftpwho/ftptop are not showing command arguments (e.g. downloaded 651 file name). 652- Bug 3715 - MLSD/MLST fail when "DirFakeUser off" or "DirFakeGroup off" used. 653- Bug 3717 - proftpd fails to run with "Abort trap" error message. 654- Bug 3719 - LIST -R can loop endlessly if bad directory symlink exists. 655- Bug 3720 - Various module logfile permissions are 0600 instead of 0640. 656- Bug 3723 - mod_memcache segfault on server restart. 657- Bug 3721 - mod_rewrite does not replace characters if there are more than 658 8 occurrences. To handle this situation, a new RewriteMaxReplace directive 659 has been added for configuring this limit. 660- Bug 3724 - Unloading mod_quotatab causes segfault. 661- Bug 3686 - Support SHA2 digests in mod_sftp. See the SFTPDigests directive 662 documentation for more information. 663- Bug 3629 - Support <IfAuthenticated> conditional config section. 664- Bug 3682 - Configure does not detect libiconv under Gentoo FreeBSD. 665- Bug 3726 - mod_exec does not always capture stdout/stderr output from 666 executed command. 667- Bug 3727 - mod_wrap2 causes unexpected LogFormat %u expansion for SFTP 668 connections. 669- Bug 3729 - mod_ldap can segfault when LDAPUsers is used with no optional 670 filters. 671- Bug 3728 - Build failure in wtmp.c on Gentoo/FreeBSD on sparc. 672- Bug 3734 - DirFakeUser/DirFakeGroup off with name causes SIGSEGV for 673 MLSD/MLST commands. 674- Bug 3739 - Allow for configurable SSH version identifiers in mod_sftp. The 675 SSH version identifier can now be configured for mod_sftp via the 676 ServerIdent directive. 677- Bug 3718 - ftptop fails to build on OpenSUSE. 678- Bug 3699 - ProFTPD crash on start up on Mac OSX Lion with NLS enabled. 679- Bug 3744 - Support ls(1) -1 option for LIST command. 680- Bug 3746 - Support applying ListOptions only to NLST or to LIST commands. 681- Bug 3747 - Support option for displaying symlinks via MLSD using syntax 682 preferred by FileZilla. The new FactsOptions directive can be used for 683 this purpose. 684- Bug 3745 - Reject PASV command if no IPv4 address available. 685- Bug 3701 - Modify ScoreboardFile directive to support disabling scoreboarding. 686- Bug 3742 - Improper handling of self-signed certificate in client-sent cert 687 list when "TLSVerifyClient on" is used. 688- Bug 3749 - Compile of src/netacl.c fails on Tru64 UNIX (OSF/1) due to 689 conflict with system header. 690- Bug 3743 - Random stalls/segfaults seen when transferring large files 691 via SFTP. 692- Bug 3752 - proftpd process exit status is zero for "Failed binding to 693 address, port N: Address already in use" startup failure. 694- Bug 3751 - mod_ban does not close/reopen the BanLog/BanTable file descriptors 695 on restart, causing a file descriptor leak. 696- Bug 3707 - Add request/transfer ID to the logging of the initial and closing 697 commands for SFTP file transfers. This can now be accomplished using a 698 LogFormat variable of '%{note:sftp.file-handle}'. 699- Bug 3757 - Support SFTPOption for ignoring requests to modify file ownership. 700- Bug 3756 - mod_ctrls no longer listens on ControlsSocket after restart. 701- Bug 3731 - Support active data transfers while RootRevoke is in effect. 702- Bug 3737 - Allow UTF8 when UseEncoding is used. 703- Bug 3573 - Support Elliptic Curve Cryptography (ECC) in SSH. 704- Bug 3758 - ProFTPD crashes when handling mod_gss authentication due to null 705 pointer. 706- Ability to load SSH host keys from an SSH agent, in addition to files on 707 disk. See doc/contrib/mod_sftp.html#SFTPHostKey for more information. 708- Bug 3761 - SSH2 key exchange fails if client sends certain SSH message before 709 NEWKEYS. 710- Bug 3763 - Ensure that mod_sftp operates properly when OpenSSL FIPS mode is 711 enabled. 712- Bug 3764 - mod_sftp does not correctly handle a 'guess' KEX message when the 713 client guesses correctly. 714- Bug 3765 - mod_sftp should honor the GroupOwner directive for MKDIR requests. 715- Bug 3626 - Display variable %f off by a factor of 1024 on 64-bit platforms. 716- Bug 3673 - Support date/timestamp variables in mod_rewrite. 717- Bug 3754 - ProFTPD refuses to delete/rename a symlink pointing outside a 718 writable directory. 719- Bug 3766 - Support a QuotaDefault directive, for configuring default limits. 720- Bug 3767 - mod_rewrite segfault when handling SITE CHGRP without a parameter. 721- Bug 3768 - ExecTimeout 0 (zero) not treated as infinite. 722- Added new mod_geoip contrib module. 723- Bug 3769 - Ensure that encoded strings are NUL-terminated. 724- Bug 3732 - AIX build error: undefined symbol: .alloca. 725- Bug 3782 - SQLShowInfo does not work properly for error responses. 726- Bug 3780 - AIX gives "error setting listen fd IP_TOS: Invalid argument". 727- Bug 3736 - Trying to re-authenticate an existing FTP connection causes invalid 728 503 response. 729- Bug 3785 - Support resolution of tilde (~) within a chrooted session. 730- Bug 3787 - Read-only SFTP OPEN request permissions not properly ignored. 731- Bug 3740 - Overwrite permission denied when reloading multiple times and 732 multiple <VirtualHost> sections in proftpd.conf. 733- Bug 3791 - Invalid handling of SCP control messages fragmented over multiple 734 SSH packets. 735- Bug 3794 - Cygwin build failure in lib/tpl.c due to wrong include of mman.h. 736- Bug 3795 - ProFTPD needs to use -pthread linker option if linking against 737 OpenSSL with thread support. 738- Bug 3790 - Logfile timestamps change to GMT after MFMT command. 739- Bug 3798 - Downloading nonexistent file via SCP results in timeout rather 740 than error. 741- Bug 3800 - Multiple *Options directives should be handled properly. 742- Bug 3801 - mod_tls should have directive like Apache mod_ssl's 743 SSLHonorCipherOrder. The mod_tls module now supports a 744 TLSServerCipherPreference directive. 745- Bug 3804 - ioctl(RPROTDIS) code no longer needed on Solaris 11. 746- Bug 3808 - Segfault in mod_tls when mod_tls_shmcache used. 747- Bug 3809 - Segfaults in mod_radius when configured with RadiusGroupInfo. 748- Bug 3811 - ExtendedLog entries not written if MaxClients limit reached. 749- Bug 3814 - Support "configtest" command for contrib init.d script. 750- Bug 3816 - Installation of ftpasswd does not honor DESTDIR environment 751 variable. 752- Bug 3813 - Ability to use CreateHome to create parent directories as 753 non-root user, for better interoperability with NFS. 754- Bug 3806 - Support reverse DNS resolution for IPv6 addresses when 755 gethostbyname2(3) is not available. 756- Bug 3820 - Support device/interface names in <VirtualHost>, MasqueradeAddress, 757 and DefaultAddress. 758- Bug 3822 - Resolving %U/%u LogFormat variables inconsistent between 759 mod_log/mod_sql in certain cases. 760- Bug 3824 - Use RFC compliant address/port for data transfer if FTP client has 761 not sent PORT/PASV/EPRT/EPSV commands. 762- Bug 3825 - Handle RFC 1918 IP addresses in PORT/EPRT commands. 763- Bug 3827 - Use non-filesystem based SFTP handle generator instead of 764 mktemp(3). 765- Bug 3828 - Certain sequences of FTP data transfer commands lead to NULL 766 pointer dereferences in mod_deflate. 767- Bug 3830 - MFF/MFMT command segfaults due to insufficient parameter checks. 768- Bug 3829 - RNFR without following RNTO can lead to NULL pointer dereference. 769- Bug 3832 - Support disabling of system logging on per-connection basis. 770- Bug 3792 - Recursive SCP uploads using preserve-time (-p) option may not work. 771- Bug 3831 - Sporadic "451 Insufficient memory or file locked" failure when 772 downloading. 773- Bug 3833 - Enable TCP keepalive by default, with configurable SocketOption. 774- Bug 3837 - mod_tls unable to read certificate files after SIGHUP. 775- Bug 3842 - Incorrect handling of REALPATH requests for symlink paths in 776 mod_sftp. 777- Bug 3843 - ProFTPD should not fail when starting up due to loading same 778 module multiple times. 779- Bug 3845 - mod_sftp does not provide response codes for %s LogFormat variable 780 for AUTH ExtendedLog. 781- Bug 3846 - Avoid scanning ScoreboardFile needlessly on login if limits are 782 not configured. 783- Bug 3850 - ftpasswd should support generating SHA-256, SHA-512 hashes where 784 possible. 785- Bug 3851 - SFTPPassPhraseProvider fails due to incorrect pointer. 786- Bug 3852 - Support directive for ignoring symlink DefaultRoot directories. 787 See the new AllowChrootSymlinks directive. 788- Bug 3839 - Enhance mod_cap to support dropping root privs entirely. 789- Bug 3841 - Possible symlink race when applying UserOwner to newly created 790 directory. 791- Bug 3855 - Restarting proftpd may cause Include files not to be parsed. 792 7931.3.4 - Released 09-Nov-2011 794-------------------------------- 795- Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD. 796- Bug 3669 - mod_sql_mysql.so: undefined symbol: make_scrambled_password with 797 MySQL 5.5 on Fedora. 798- Bug 3192 - PQescapeStringConn() needs a better check. 799- Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks. 800 To disable this countermeasure, which may cause interoperability issues 801 with some clients, use the NoEmptyFragments TLSOption. 802- Bug 3706 - Support SFTPOption for ignoring requests to modify timestamps. 803- Bug 3640 - rpmbuild on CentOS5.5 (64bit): "File not found by glob". 804- Bug 3711 - Response pool use-after-free memory corruption error. 805 8061.3.4rc3 - Released 26-Sep-2011 807-------------------------------- 808- Bug 3637 - Enforce pcre and libmemcached version requirements. 809- Bug 3639 - Avoid spinning proftpd process if read(2) returns EAGAIN. 810- Bug 3641 - SITE CPFR/CPTO does not update quota tally. 811- Bug 3642 - Segfault seen in mod_sql_mysql if "SQLAuthenticate groupsetfast" 812 used. 813- Bug 3645 - Ensure that SQLNamedConnectInfos with PERSESSION connection 814 policies are opened before chroot. 815- Bug 3644 - Disable signal handling for exiting session processes. 816- Bug 3649 - MaxStoreFileSize can be bypassed using REST/APPE. 817- Bug 3652 - TCPAccessSyslogLevel directive broken by Bug#3317. 818- Bug 3653 - Segfault with "DefaultServer off" and no matching server for 819 incoming IP address. 820- Bug 3656 - Prefer "File too big" error message for MaxStoreFilesize. 821- Bug 3658 - TLSVerifyOrder directive is broken. 822- Bug 3555 - Support optional maximum number of clients to be disconnected 823 via 'ftpdctl kick'. 824- Bug 3660 - SITE MKDIR/RMDIR should update quota tallies properly. 825- Bug 3663 - TimeoutLogin cannot interrupt mod_delay as it should. 826- Bug 3664 - mod_sftp does not update process title. 827- Bug 3667 - Scoreboard scrubbing can block daemon process for long periods 828 of time. 829- mod_ldap configuration directives have been overhauled, hopefully 830 yielding a more straightforward, easier way to configure mod_ldap. 831 See the Changes section of README.LDAP for details. 832- Bug 3665 - GID of new files are inherited from parent directory on FreeBSD. 833 To provide the more expected behavior, where the GID of new files is that 834 of the logged-in user, on FreeBSD machines, the GroupOwner directive can 835 now handles a parameter value of "~" as "use GID of logged-in user". 836- Bug 3668 - File descriptor leak during scoreboard scrubbing. This leak 837 was inadvertently introduced by the fix for Bug#3667. 838- Bug 3670 - WrapDenyMsg not displayed when using mod_wrap2 + mod_sftp. 839- Bug 3671 - TLSOption AllowClientRenegotiations to be unconditionally required 840 for client-initiated renegotiations. This undoes the functionality added 841 for Bug#3585, in light of CVE-2011-1473. 842- Bug 3674 - After running "proftpd -t" command, ftpdctl commands no longer 843 work. 844- Bug 3675 - Automatically disable sendfile support for AIX systems. 845- Bug 3676 - RADIUS-based logins don't work using mod_sftp. 846- Bug 3679 - Support NAS-IPv6-Address RADIUS attribute. 847- Bug 3680 - SFTP MKDIR does not respect the IgnoreSFTPUploadPerms option. 848- Bug 3681 - Non POSIX test constructions in autoconf script. 849- Bug 3685 - NULL pointer dereference after an idle timeout. 850- Bug 3692 - SQLLog IGNORE_ERRORS parameter does not work. 851- Bug 3693 - Clients are disconnected if proftpd cannot listen on port for 852 passive data transfer. 853- Bug 3696 - ExtendedLog not getting written on timeouts. 854- Bug 3697 - Filenames with embedded IAC do not get processed correctly. 855- Bug 3698 - <Limit WRITE> does not prevent deletion of a file/directory via 856 renaming. 857 8581.3.4rc2 - Released 01-Apr-2011 859-------------------------------- 860- Bug 3566 - Ability to turn verbose process titles off. 861- Bug 3567 - IdentLookups do not work for IPv6 servers. 862- Bug 3571 - RLimitMemory "max" soft/hard limits don't work. 863- Bug 3572 - Support use of "notes" variables in SQLNamedQuery. 864- Bug 3500 - Support for other combinations of hashed values in mod_sql_passwd. 865- Bug 3524 - mod_quotatab_sql does not properly update the file upload count 866 for a DELE. 867- Bug 3575 - Process privileges may not handled properly when the 868 --enable-autoshadow configure option is used. 869- Bug 3577 - MFMT can fail due to utimes(2) peculiarities. 870- Bug 3544 - mod_sftp closes channel too early after scp download. This 871 manifests as "lost connection" using OpenSSH's scp(1). 872- Bug 3579 - mod_sftp_pam may tell client to disable echoing erroneously. 873- Bug 3578 - Ability to suppress sending messages from PAM to clients. 874- Bug 3580 - TLSSessionCache needs to allow configuring OpenSSL's internal 875 session caching expiration, for long-lived sessions. 876- Bug 3585 - Allow client-requested SSL session renegotiation when securely 877 supported. 878- Bug 3586 - mod_sftp behaves badly when receiving badly formed SSH messages. 879- Bug 3591 - %F LogFormat variable should work for MKD/RMD commands. 880- Bug 3592 - Support case-insensitivity option for 881 PathAllowFilter/PathDenyFilter directives. 882- Bug 3593 - Using "$shell $libtool" in prxs does not work for all shells. 883- Added new mod_tls_memcache contrib module. 884- Bug 3599 - Support SFTPOptions parameter for ignoring SFTP SETSTAT/FSETSTAT 885 permission changes. 886- Bug 3598 - HiddenStores makes the APPE command overwrite files instead of 887 appending them. APPE is now denied if HiddenStores is in effect. 888- Bug 3565 - Support a MaxCommandRate, for detecting and throttling clients 889 which are sending commands too quickly. 890- Bug 3559 - ExtendedLog should support EXIT command, for logging when a 891 session ends. 892- Bug 3538 - WrapAllowMsg directive broken due to Bug#3423. 893- Bug 3604 - Support DirFakeUser, DirFakeGroup and DirFakeMode for MLSD/MLST 894 commands. 895- Bug 3605 - DisplayReadme output should appear after DisplayLogin for the 896 PASS command. 897- Bug 3595 - Avoid buggy glibc regcomp(3) for regular expressions. To do 898 this, use the new --enable-pcre configure option to enable the use of the 899 PCRE library for regular expression support. 900- Bug 3607 - SocketOptions receive/send buffer size parameters no longer work. 901- Bug 3606 - mod_wrap2 needs to support netmask rules for IPv6 addresses. 902- Bug 3608 - Make mod_quotatab poll for the QuotaLock file. 903- Bug 3576 - Support setting CapabilitiesSet on per-user basis via 904 mod_ifsession's <IfUser> and <IfGroup>. 905- Bug 3612 - APPE/STOU upload flags erroneously preserved across upload 906 commands. 907- Bug 3609 - Support full PCRE regular expressions if PCRE support is enabled. 908- Bug 3614 - Malicious module can use sreplace() function to overflow buffer. 909- Bug 3616 - Install contrib utilities as part of 'make install' target. 910- Bug 3619 - Exiting sessions don't seem to die properly. 911- Bug 3618 - ScoreboardFile locking should be more resilient. 912- Bug 3617 - Enhance the Trace directive to support range of channel log levels. 913- Bug 3620 - Need LogFormat variable for IP address of server handling session. 914- Bug 3262 - Allow SQL logging to separate database/server. 915- Bug 3574 - Better handling of ALLO command. 916- Bug 3621 - mod_quotatab increments tallies for aborted uploads if 917 DeleteAbortedStores is on. 918- Bug 3622 - mod_delay sometimes logs "unable to load DelayTable into memory". 919- Bug 3624 - Plaintext command injection in FTPS support. 920- Bug 3625 - mod_ifsession rules using regular expressions do not work. 921- Bug 3623 - Truncated client name saved in ScoreboardFile. 922- Bug 3627 - %w variable populated with non-absolute path in SQLLog statement. 923- Bug 3628 - Unnecessarily verbose "warning: unable to throttle bandwidth: 924 Interrupted system call". 925- Bug 3630 - SSH DISCONNECT messages sent by mod_sftp even for FTP connections 926 in some cases. 927- Bug 3632 - mod_sql should log "unrecoverable database error" at a higher 928 priority. 929- Bug 3631 - Support TraceOptions directive, for altering TraceLog format 930 slightly. 931- Bug 3633 - Using SQLOption noDisconnectOnError can cause ExtendedLog logging 932 to silently fail. 933- Bug 3610 - Proftpd is eating CPU when reparsing configuration file on SIGHUP. 934- Bug 3634 - Incorrect generation of DSA signature for SSH sessions. 935 9361.3.4rc1 - Released 17-Dec-2010 937-------------------------------- 938- Bug 3399 - <Limit> statement does not restore access to MFMT commands. 939- Bug 3365 - First certificate in TLSCertificateChainFile is skipped. 940- Bug 3302 - MLST response should include full path name. 941- Bug 3400 - Add Japanese translation. 942- Bug 3401 - mod_sftp does not compile with pre-0.9.7 OpenSSL. 943- Bug 3402 - mod_tls does not compile with pre-0.9.7 OpenSSL due to Bug#3349. 944- Bug 3403 - File upload followed by MLSD leads to wrong file size entries in 945 TransferLog. 946- Bug 3339 - Support ban rule for clients which login too frequently. 947- Bug 3405 - Multiple SFTPAuthorizedUserKeys stores causes segfault on 64-bit 948 platforms. 949- Bug 3404 - SyslogLevel not applied to SystemLog. 950- Bug 3354 - Renaming a file across mount points to a full disk does not fail 951 as expected. 952- Bug 3353 - Support setting IPTOS/DSCP markings on data and control streams. 953 There is a mod_qos module for handling this; see the RELEASE_NOTES for more 954 details. 955- Bug 3392 - Display <VirtualHost> information in 'ban info' ftpdctl action 956 response. 957- Bug 3393 - Specify the <VirtualHost> when using 'ban' or 'permit' ftpdctl 958 actions. 959- Bug 2196 - Handle IPv4-mapped IPv6 addresses as IPv4 addresses. 960- Bug 3407 - Use glob characters as literal characters if no glob match found 961 for LIST/NLST. 962- Bug 2768 - Provide --with-mysql-config/--with-postgres-config build options. 963- Bug 3408 - Use <termios.h> instead of <sys/termios.h> where possible. 964- Bug 3374 - TLSVerifyClient and TLSOptions NoCertRequest are incompatible. 965- Added mod_copy, mod_deflate, mod_ifversion to the contrib/ modules directory. 966- Bug 3373 - RadiusGroupInfo should not require that both names and IDs be VSAs. 967- Bug 3371 - Group limits in <LIMIT LOGIN> blocks won't work with 968 RADIUS-supplied groups. 969- Bug 3412 - Include files not included after restart due to permissions. 970- Bug 3409 - Build failure on newer FreeBSD due to utmp/utmpx system changes. 971- Bug 3318 - MLSD should indicate symlinks if ShowSymlinks is enabled. 972- Bug 3411 - Support ftpdctl action to manually request a mod_dynmasq refresh. 973- Bug 3417 - Unsafe use of pointer when scanning config for ScoreboardFile. 974- Bug 3418 - %U sometimes showing up as "(none)" in ExtendedLog. 975- Bug 3421 - RewriteHome does not work properly for SFTP connections. 976- Bug 3413 - Support DirFakeUser, DirFakeGroup for SFTP connections. 977- Bug 3419 - SSL_shutdown() errors with openssl-0.9.8m. 978- Bug 3423 - Last line of multiline DisplayLogin file improperly handled. 979- Bug 3426 - mod_sftp does not log to TransferLog by default. 980- Bug 3425 - Improperly constructed destination paths for SCP uploads. 981- Bug 3428 - Honor the Trace directive in mod_ifsession sections. 982- Bug 3429 - mod_sftp should honor the UserOwner and GroupOwner directives. 983- Bug 3427 - mod_sftp does not handle recursive SCP uploads properly. 984- Bug 3432 - ExecBeforeCommand does not interpolate the %F/%f variables 985 properly. 986- Bug 3434 - TraceLog contains messages even with "Trace DEFAULT:0" configured. 987- Bug 3433 - SFTPDisplayBanner does not handle variables in configured file. 988- Bug 3435 - Encoding/decoding conversion can cause CPU spike. 989- Bug 3436 - Support build-time option to disable use of nonblocking open of 990 log files. Use --disable-nonblocking-log-open to get the pre-1.3.3 behavior 991 of opening log files. 992- Bug 3437 - UseImplicitSSL TLSOption causes PBSZ/PROT commands to fail. 993- Bug 3439 - Encoding fails if an NLS-enabled proftpd starts in a UTF8 locale. 994- Bug 3438 - <Limit> configuration cannot be applied to OPTS command. 995- Bug 3440 - ScanOnLogin QuotaOption not honored properly if tally record has 996 to be created. 997- Bug 3444 - Support SFTPOptions parameter to disable optimistic KEXINIT 998 behavior. 999- Bug 3445 - mod_sftp should send its NEWKEYS message first, before reading 1000 the client's NEWKEYS message. 1001- Bug 3443 - Deprecate the DisplayGoAway directive. 1002- Bug 3446 - .ftpaccess ignored in some cases. 1003- Bug 3447 - mod_sftp can become confused during large recursive SCP uploads. 1004- Bug 3448 - Ensure that STAT/LSTAT/FSTAT SFTP requests do not use cached/stale 1005 data. 1006- Bug 3449 - mod_sftp does not properly handle the O_TRUNC flag in a SFTP OPEN 1007 request. 1008- Bug 3450 - mod_sftp does not properly handle the O_APPEND flag in a SFTP OPEN 1009 request. 1010- Bug 3451 - WinSCP can't upload files using protocol version 5 with mod_sftp. 1011- Bug 3452 - mod_sftp does not advertise its supported SFTP extensions for 1012 protocol version 5. 1013- Bug 3454 - msgfmt(1) options used for generating NLS files are not compatible 1014 with Solaris' msgfmt. 1015- Bug 3457 - Support LogFormat variable for indicating whether a file is being 1016 modified. A new "%{file-modified}" LogFormat variable is supported. 1017- Bug 3456 - Problem attempting to recursively download a directory via SCP. 1018- Bug 3458 - mod_sftp incorrectly performs OpenSSL cleanup. 1019- Bug 3459 - mod_radius segfaults during incorrect login due to stale data. 1020- Bug 3431 - Ensure that timezone info files are opened prior to chroot. 1021- Bug 3460 - REALPATH SFTP request can cause improperly cached directory 1022 configuration. 1023- Bug 3462 - ftpasswd script's --delete-user option does not work. 1024- Bug 3463 - ftpasswd script's --delete-group option does not work. 1025- Bug 3466 - mod_ifsession does not check for properly closed <IfUser> contexts. 1026- Bug 3465 - SIGSEGV at LIST after CCC. 1027- Bug 3470 - Deferred resolution <Directory> paths not handled properly by 1028 mod_sftp. 1029- Bug 3469 - ExtendedLog's %f variable not properly expanded for DELE if path 1030 begins with tilde ('~'). 1031- Bug 3467 - mod_ifsession does not merge <Directory> blocks properly. 1032- Bug 3471 - Null values in allow/deny rules causes mod_wrap2 to segfault. 1033- Bug 3472 - mod_sftp publickey authentication fails for large keys. 1034- Bug 3424 - Bad LDAP lookup can cause mod_ldap segfault under some conditions. 1035- Bug 3396 - Support -c and -u LIST options. 1036- Bug 3395 - Provide LogFormat variable %d for non-directory commands. 1037- Bug 3476 - LIST/NLST of path starting with "-" fails. 1038- Bug 3475 - Add new 'noGetgrouplist' AuthUnixOption to work around buggy 1039 libc code. 1040- Bug 3474 - Using SQLite database and SQLLog directive can lead to problems 1041 under load. 1042- Bug 3479 - Support anonymous username variable in mod_exec. 1043- Bug 3480 - mod_sftp does not interoperate with old ssh.com/Tectia clients. 1044 A new "OldProtocolCompat" SFTPOption has been added. 1045- Bug 3481 - Problem with SFTP directory listings. 1046- Bug 3483 - NULL pointer dereference handling SITE command in mod_quotatab. 1047- Bug 3485 - Disabling IPv6 via -4 or --ipv4 command-line options does not work. 1048- Bug 3487 - Null pointer dereference with EPRT/EPSV/PASV/PORT command during 1049 data transfer. 1050- Bug 3482 - ProFTPD corrupts utmpx log files on FreeBSD 9.0/HEAD. 1051- Bug 3491 - Directory pattern not matching as expected. 1052- Bug 3492 - Null pointer dereference during data transfer due to RNFR/RNTO. 1053- Bug 3493 - mod_sftp should only expect Subject key header to match if 1054 explicitly configured. 1055- Bug 3494 - Null pointer dereference for IPv6-enabled proftpd when no 1056 DefaultServer configured. 1057- Bug 3496 - Sessions don't end when the control connection is closed during 1058 a data transfer. 1059- Bug 3495 - Support SMTP authentication in the ftpmail Perl script. See 1060 the doc/contrib/ftpmail.html doc for more information. 1061- Bug 3501 - <Anonymous> logins with "AuthAliasOnly on" still handled as 1062 anonymous logins. 1063- Bug 3502 - Support environment variables better in the config file. 1064- Bug 3503 - Support CreateHome parameter for specifying the group ownership 1065 of the home directory. 1066- Bug 3390 - Add extra %-variable to LogFormat directive to log UID/GID of 1067 logged user. Both LogFormat and SQLLog now support new %{uid} and %{gid} 1068 variables. 1069- Bug 3505 - Support for SSH2 client "alive" checks, a la OpenSSH's 1070 ClientAliveCount/Interval. 1071- Bug 3506 - Support ListOption for returning 226 response code when listing 1072 nonexistent file, instead of 450. 1073- Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite. 1074- Bug 3512 - Add ability to check client certificate CommonName (CN) when 1075 verifying SSL/TLS clients. 1076- Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux. 1077- Bug 3514 - Test suite tmpdir improvements. 1078- Bug 3484 - Support range expressions for IP addresses in Allow/Deny/From 1079 rules. 1080- Bug 3516 - Support the "space-available" SFTP extension. 1081- Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE 1082 commands. 1083- Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc 1084 functionality via proftpd.conf. 1085- Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc. 1086- Bug 3520 - MultilineRFC2228 directive should be supported in <VirtualHost> 1087 and <Global> sections. 1088- Bug 3521 - Telnet IAC processing stack overflow. 1089- Bug 3522 - Error when handling SSH DISCONNECT messages with no language tag. 1090- Bug 3525 - Default syslog logging causes logging to the wrong syslog 1091 facilities. 1092- Bug 3528 - ExtendedLog %s variable not expanded properly for successful PASS 1093 commands. 1094- Bug 3526 - CPU usage at 100% when checking HideFiles pattern. Credit goes 1095 to Thomas Shinnick for providing the fix for this; it addresses a more 1096 general problem of high memory and CPU consumption when proftpd searches 1097 for .ftpaccess files. 1098- Bug 3529 - "LIST /*" now lists more than the expected directory. 1099- Bug 3310 - UseSendfile should be supported in <Directory> and .ftpaccess 1100 sections. 1101- Bug 3531 - mod_quotatab contains duplicate EDQUOT errno code. 1102- Bug 3530 - Conflicting interactions among HideUser, HideGroup, and 1103 HideNoAccess directives. 1104- Bug 3208 - Improve ScoreboardFile performance under load. This adds a 1105 new ScoreboardMutex directive, which can be used to explicitly configure 1106 the file mutex used for starting/ending sessions. By default, the 1107 ScoreboardMutex path will be automatically set to the same ScoreboardFile 1108 path, with a ".lck" suffix appended. 1109- Bug 3536 - mod_sql has insufficient bounds checking in sql_prepare_where() 1110 function. 1111- Bug 3547 - Multiple AllowClass directives not handled properly. 1112- Bug 3515 - Support DisplayLogin functionality for SFTP connections. 1113- Bug 3548 - Null pointer segfault in mod_sftp when handling aborted connection. 1114- Bug 3551 - SQLAuthType Crypt implementation needs to handle NULL return value 1115 from crypt(3). 1116- Bug 3550 - SFTP compressed uploads can cause corrupted uploaded files. 1117- Bug 3554 - Support Apache-style %I, %O LogFormat variables. 1118- Bug 3556 - Disable protocol support on per-user/group/class basis. 1119- Bug 3508 - mod_wrap2 should support checking of WrapTables allow/deny rules 1120 at connect time. 1121- Bug 3558 - Check all DNS names for a client against DNS names/patterns in 1122 access rules. 1123- Bug 3560 - ExtendedLog shows incorrect byte size for first file downloaded 1124 via SFTP in some cases. 1125 11261.3.3 - Released 24-Feb-2010 1127-------------------------------- 1128- Bug 3389 - Cannot create mod_ban whitelists using <Class> and <IfClass> 1129 sections. 1130- Bug 3397 - HideFiles none does not work properly on a per-user basis. 1131 11321.3.3rc4 - Released 12-Feb-2010 1133-------------------------------- 1134- Bug 3355 - mod_ban should support BanEngine in <VirtualHost> config sections. 1135- Bug 3358 - mod_tls doesn't compile with pre-0.9.7 openssl. 1136- Bug 3357 - mod_sftp fails to compile on AIX. 1137- Bug 3356 - Build timestamp using date(1) can fail depending on environment. 1138- Bug 3359 - mod_tls_shmcache segfaults during syntax check. 1139- Bug 3362 - Regression in handling of MaxLoginAttempts in 1.3.3rc1. 1140- Bug 3370 - Lack of PID protection in ScoreboardFile. 1141- Bug 3372 - ProFTPD crashes when retrying a failed login with mod_radius 1142 being used. 1143- Bug 3375 - Minor SIGHUP-based memory leak in mod_tls. 1144- Bug 3376 - Handle the full RFC4716 formatted keys in SQL values. 1145- Bug 3377 - mod_wrap2 attempts to resolve 'ALL' keyword as an IP address. 1146- Bug 3383 - ExtendedLog variables for protocol and version not handled 1147 properly. 1148- Bug 3381 - RADIUS authentication broken on 64-bit platforms. 1149- Bug 3380 - Support user-specific salts in encoded passwords. 1150- Bug 3385 - Memory leak during SCP download. 1151- Bug 3386 - Downloading via SCP can stall due to rekeying. 1152- Bug 3387 - SIGHUP will eventually cause certain modules (as DSO modules) to 1153 segfault. 1154 11551.3.3rc3 - Released 10-Dec-2009 1156-------------------------------- 1157- Bug 3303 - FileZilla reports "Server did not properly shut down TLS 1158 connection" after TimeoutIdle triggered. 1159- Bug 3305 - Emulate Solaris 10 syslog "header" on Solaris 10 servers. 1160- Bug 3307 - All FTP logins treated as anonymous logins. 1161- Bug 3312 - Uploading via SFTP/SCP to FIFO whose reader is closed causes 1162 session to hang. 1163- Bug 3313 - Uploading via SFTP to FIFOs fails due to illegal lseek(2), 1164 truncate(2) calls. 1165- Bug 3314 - Downloading from FIFOs via SFTP/SCP fails. 1166- Bug 3315 - Support the %u variable in SFTPAuthorizedUserKeys paths. 1167- Bug 3316 - Messages from PAM modules are ignored when authenticating SSH 1168 clients via 'keyboard-interactive'. 1169- Bug 3317 - mod_wrap/libwrap should honor SyslogFacility setting. 1170- Bug 3311 - configure script should automatically detect when -ldl is needed 1171 by OpenSSL. 1172- Bug 3324 - Vulnerability in SSL/TLS protocol during renegotiation 1173 (CVE-2009-3555). 1174- Bug 3327 - Clear external SSL session caches on server restart/shutdown. 1175- Bug 3326 - Shared memory segment used for session cache should be protected 1176 via mlock(2). 1177- Bug 3322 - Support the "version-select" SFTP extension. 1178- Bug 3321 - Support the "check-file-name" and "check-file-handle" SFTP 1179 extensions. 1180- Bug 3320 - Support the "copy-file" SFTP extension. 1181- Bug 3328 - Failed database transaction can cause mod_quotatab to loop 1182 endlessly. 1183- Bug 3307 - Transparently handle the X-variant commands when checking <Limit> 1184 permissions. The fix for this issue has been reimplemented to be more 1185 transparent; some existing configurations were broken by the previous 1186 implementation. 1187- Bug 3329 - Support the "vendor-id" SFTP extension. 1188- Bug 3332 - Segfault in mod_wrap when TCPAccessFiles do not exist and client 1189 sends USER for account which does not exist. 1190- Bug 3333 - mod_sql_mysql should support calling stored procedures better. 1191- Bug 3337 - <Directory> sections with a trailing directory name of one 1192 character have <Limit> problems. This is regression caused by Bug#3146. 1193- Bug 3331 - Update bundled libtool to 2.2.4. 1194- Bug 3341 - mod_wrap2 segfaults when a valid user retries the USER command. 1195- Bug 3342 - FEAT response contains LF without preceding CR. 1196- Bug 3306 - ECONNREFUSED while handling SIGHUP. 1197- Bug 3345 - mod_sftp returns EACCES rather than ENOENT for an OPEN request 1198 for a nonexistent file. 1199- Bug 3344 - Support SHA256, SHA512 passwords in databases. 1200- Bug 3348 - Rewriting of home directories via RewriteHome does not work for 1201 chrooted sessions. 1202- Bug 3349 - SSL_SESSION_cmp not available in OpenSSL 1.0.0 betas. 1203- Bug 3350 - Segfault caused by scrubbing zero-length portion of memory. 1204- Bug 3347 - mod_auth_file handles 'getgroups' request incorrectly. 1205- Bug 3351 - Nonchrooted logins on HPUX do not get proper UID/GID. 1206- Bug 3352 - mod_sftp does not reject/close connections that have been rejected 1207 by mod_wrap. 1208 12091.3.3rc2 - Released 20-Oct-2009 1210-------------------------------- 1211- Bug 3263 - Supplying option SFTPRekey timeout parameter causes segmentation 1212 fault. 1213- Bug 3265 - SFTP requests are logged to ExtendedLog without regard to classes. 1214- Bug 2758 - ProFTPD doesn't always pay attention to AccessDenyMsg. 1215- Bug 3266 - Support "implicit" FTPS. 1216- Bug 2070 - AuthAliasOnly off in <Global> section kills anonymous logins. 1217- Bug 3268 - Files whose names start with whitespace are not listed properly. 1218- Bug 1908 - ExtendedLog to work properly in <Anonymous> context. 1219- Bug 3269 - RewriteCondition OR/ornext flag does not work. 1220- Bug 3254 - NLST/LIST and symbolic link problem. 1221- Bug 3272 - Avoid encoding if to/from charsets are the same. 1222- Bug 3274 - Timestamp formatting in TransferLog needs padded day-of-month. 1223- Bug 3270 - Lost connections to databases not correctly handled. This 1224 also adds support for a new "noReconnect" SQLOption. 1225- Bug 3275 - Improper SSL/TLS certificate subjectAltName verification. 1226- Bug 3252 - %F/%f Display variables can report wrong size on 64-bit systems. 1227- Bug 3278 - Aborted data transfers not reflected in RADIUS accounting. 1228- Bug 3282 - With "SQLNegativeCache on", mod_sql will look up wrong cached 1229 user value for subsequent USER commands. 1230- Bug 3284 - Slower transfers of multiple small file transfers after upgrade 1231 from 1.3.0a to 1.3.2a. 1232- Bug 3279 - .ftpaccess configurations not merged properly with existing 1233 configuration. 1234- Bug 3287 - MaxTransfersPerHost, MaxTransfersPerUser directives not supported 1235 properly. 1236- Bug 2013 - Track RFC2228 sessions in scoreboard. The scoreboard entry 1237 format now has a 'protocol' field, for tracking 'ftp' and 'ftps'. 1238- Bug 3286 - Client command field in scoreboard entry too short for SSH2/SFTP 1239 commands. 1240- Bug 3229 - LangDefault does not accept any setting on FreeBSD. 1241- Bug 2368 - Allow contrib modules to extend mod_sql's SQLAuthTypes. This 1242 also includes a new mod_sql_passwd contrib module which can handle 1243 hex- and base64-encoded MD5 and SHA1 passwords, without the leading 1244 "{digest}" prefix required by the mod_sql OpenSSL SQLAuthType. 1245- Bug 3292 - "Incorrect MAC received on packet" error using AES CTR ciphers. 1246- Bug 3293 - SFTPCipher arcfour256 does not work properly. 1247- Bug 3294 - Support configurable HiddenStores prefixes. 1248- Bug 3295 - proftpd segfaults when STAT is used with ListOptions "-1". 1249- Bug 3296 - mod_quotatab should reject an upload via APPE if the quota is 1250 already exceeded. 1251- Bug 3297 - Symlinks to directories which end in trailing slashes may not be 1252 handled properly. 1253- Bug 3298 - QuotaExcludeFilter directive ignored by mod_quotatab. 1254- Bug 3290 - Change default mod_sql connection policy to open database 1255 connection on first use. 1256- Bug 3281 - TimeoutLogin not handled properly by mod_ban. 1257- Bug 3213 - Use locale-sensitive libncursesw library for ftptop where 1258 available. 1259- Bug 3214 - ftpwho/ftptop truncate UTF8 strings due to byte, versus character, 1260 lengths. 1261- Bug 3300 - Support disabling use of S_RLOGIN when calling AIX 1262 loginrestrictions(). A new AuthUnixOptions directive is added to support 1263 just this one setting, 'aixNoRLogin'. 1264 12651.3.3rc1 - Released 30-Jun-2009 1266-------------------------------- 1267- Bug 1801 - Faulty SQLConnectInfo PERCALL policy - connections not closed 1268 after each call. 1269- Bug 2894 - Deprecate the AnonymousGroup directive. 1270- Bug 3123 - Use PQescapeStringConn() rather than PQescapeString(). 1271- Bug 3133 - mod_facts should advertise TVFS support in the FEAT response. 1272- Bug 3128 - mod_sql_sqlite should use transactions for INSERT/UPDATE 1273 statements. 1274- Bug 3155 - Change the IdentLookups default to 'off'. The RFC1413 IDENT 1275 lookup adds latency to the login process, so much so that it is a FAQ 1276 to configure "IdentLookups off". In addition, the IDENT protocol is not 1277 secure; it can easily be spoofed using man-in-the-middle attacks. Sites 1278 that require IDENT lookups must now explicitly configure "IdentLookups on". 1279- Bug 3156 - Allow resumed downloads when HiddenStore is in effect. 1280- Bug 3170 - RewriteMap unescape URL encoding broken by RewriteCondition 1281 backreference handling. 1282- Bug 2728 - Support for variables in ServerIdent directive. The %L, %V, 1283 and %v variables are now supported for ServerIdent identity strings. 1284- Bug 3178 - mod_wrap2 does not handle IPv4-mapped IPv6 addresses. 1285- Bug 3179 - Restarted proftpd using mod_shaper will segfault. 1286- Bug 2720 - HideUser/HideGroup should be more flexible. 1287- Bug 3183 - Incorrect logging to wtmp. 1288- Bug 2608 - DNS should not be used for "server config" address discovery. 1289 A new -S command-line option has been added, for specifying the IP address 1290 to use for the host, rather than using DNS to resolve the host IP address 1291 from the hostname. 1292- Bug 3184 - When started in a chroot, proftpd fails to set transfer buffer 1293 size. 1294- Added mod_sftp, mod_sftp_pam, and mod_sftp_sql to the contrib modules. 1295- Bug 3185 - mod_wrap2 does not honour partial DNS name in access files. 1296 This appears to have been a regression caused by the fix for Bug#3178. 1297- Bug 3186 - Support use of <IfClass> directive with mod_ban. The 1298 BanEngine directive can now appear in an <IfClass> section, in order 1299 to exclude connection classes from mod_ban's rules. 1300- Bug 3188 - prxs broken due to typo. 1301- Bug 3154 - Update bundled libtool version. The bundled libltdl version 1302 has been updated to libtool 1.5.26. 1303- Bug 3111 - Support SSL/TLS server certificates stored in PKCS#12 files. 1304- Bug 3189 - Linker errors occur when using "make -j" parallel builds. 1305 ProFTPD now builds successfully using "make -jN", where N is the number 1306 of simultaneous build processes to use. 1307- Bug 3176 - Postgres chokes on standard charset names. 1308- Bug 3129 - Support configurable scoreboard scrubbing. A new configuration 1309 directive, ScoreboardScrub, can be used to control whether the ScoreboardFile 1310 is scrubbed, and how often. 1311- Bug 3190 - MLSD/MLST do not honor <Limit> configurations. 1312- Bug 3196 - mod_quotatab does not honor last group in supplemental group list. 1313- Bug 3203 - Missing SQL backend modules can lead to null pointer segfault in 1314 mod_sql. 1315- Bug 3204 - Better support for installation and libs in prxs. The prxs 1316 tool now handles the $Libraries$ build system hints in source files, 1317 and honors the DESTDIR environment variable. 1318- Bug 3167 - Support rewriting of home directories. 1319- Bug 2985 - Newest .spec file requires relatively current version of RPM. 1320 The provided .spec file now requires RPM 4.2 or later. 1321- Bug 3207 - Support for SSL/TLS session caching across processes/machines. 1322 The mod_tls module now supports a TLSSessionCache directive, and an API 1323 for modules to provide external SSL session caching mechanisms. 1324- Bug 3210 - Data transfers protected by SSL/TLS should reuse the control 1325 connection SSL session. If the TLSRequired policy allows/requires SSL/TLS 1326 protections on data transfers, then reuse of the SSL session from the 1327 control connection is now enforced. Use "TLSOptions NoSessionReuseRequired" 1328 to relax this requirement. 1329- Bug 3215 - mod_wrap2_sql should support comma-delimited lists of clients. 1330 This is the same as Bug#3048, only it affects the mod_wrap2_sql module. 1331- Bug 2613 - Configure script should not append '/proftpd' to the 1332 --localstatedir. 1333- Bug 2680 - Add support for <VirtualHost 0.0.0.0>. 1334- Bug 3187 - Inconsistent mod_ban logging and display when using 1335 "BanEngine off" in an <IfClass> configuration. 1336- Bug 3219 - Support environment variable substitutions in mod_rewrite rules. 1337 RewriteCondition and RewriteRules can now contain "%{ENV:var}" style 1338 strings for environment variable substitution. 1339- Bug 3221 - Command line defines (-D/--define) are lost on SIGHUP. 1340- Bug 3028 - Unable to escape special characters in RewriteRule substitution 1341 string. 1342- Bug 3161 - Updating tallies for deleted files should occur based on file 1343 ownership. 1344- Bug 2067 - Allow/Deny Filters should be supported in the <Limit> context. 1345- Bug 2434 - Buggy interaction between custom SQLUserInfo and 'userset' 1346 SQLAuthenticate parameter. See the SQLUserInfo description for more details. 1347- Bug 3226 - HideFiles directive not working properly in <Anonymous> sections. 1348- Bug 3231 - Use getgrset(3) on AIX to emulate getgrouplist(3). 1349- Bug 3043 - SQLGroupInfo should allow custom queries. See the SQLGroupInfo 1350 description for more information. 1351- Bug 2178 - Extend TLSRequired for <Directory> and .ftpaccess contexts. 1352- Bug 3209 - mod_wrap2 should support the 'spawn' feature (or equivalent) of 1353 tcpwrappers. Using mod_wrap/mod_wrap2 in conjunction with the mod_exec 1354 module, this is now possible. 1355- Bug 3225 - Opening of files during restart can inappropriately use 1356 stdin/stdout/stderr descriptors, leading to bad behavior. The "bad behavior" 1357 can manifest as server shutdown (due to mod_tls errors), 1358 "Bad file descriptor" log messages, etc. 1359- Bug 3234 - SSL connections can cause 100% CPU usage. 1360- Bug 3233 - Dynamic config causes many copies of static configs to be merged. 1361- Bug 3086 - mod_quotatab write locking is ineffective. 1362- Bug 3029 - Support a RewriteCondition variable for renames. 1363- Bug 3230 - Differentiate among protocol connections in DelayTable. 1364- Bug 3032 - CR character allowed in filename but not shown. 1365- Bug 3237 - "error setting IPV6_V6ONLY: Protocol not available" message 1366 filling up log file. 1367- Added mod_shaper, mod_exec to the contrib modules. 1368- Bug 3249 - mod_ban support for TimeoutLogin. 1369- Bug 3253 - Support for %S variable in SQL queries. 1370- Bug 3247 - "TLSRequired auth" and "TLSOptions AllowPerUser" are incompatible. 1371- Bug 3256 - "SO_OOBINLINE" error occurring again. This is a regression of 1372 Bug 2332 caused by code movement in 1.3.2. 1373- Bug 3258 - Log cluttered with "using sendfile capability" messages. 1374- Bug 3261 - Badly formatted TLSRenegotiate directive causes proftpd to hang. 1375- Bug 3257 - CAP_AUDIT_WRITE capability needed for some PAM modules. 1376- Bug 3243 - Broken support for AllowOverride per user/group/class conditionals. 1377 The user/group/class conditional arguments to the AllowOverride directive 1378 were not properly honored. The fix for this is to remove all support in 1379 the AllowOverride directive, and instead use mod_ifsession for conditionals. 1380 13811.3.2 - Released 5-Feb-2009 1382-------------------------------- 1383- Bug 3169 - Multiple RewriteRules for the same RewriteCondition not processed 1384 properly. 1385- Bug 3171 - ExtendedLog should log full SITE command using %m. 1386- Bug 3173 - Encoding-dependent SQL injection vulnerability. 1387 13881.3.2rc4 - Released 23-Jan-2009 1389-------------------------------- 1390- Bug 2045 - SQLShowInfo should not be displayed when query returns no data. 1391- Bug 2915 - mod_rewrite does not work well for SITE commands. 1392- Bug 1636 - GroupRatio does not check user's supplemental group membership. 1393- Bug 3137 - ProFTPD does not log filename %f for uploaded files. 1394- Bug 3142 - "Invalid number of arguments MFMT" due to spaces in path argument. 1395- Bug 3144 - mod_dynmasq returns same IP address, even though actual IP 1396 address has changed. 1397- Bug 3040 - Support for CreateHome parent directories owned by user. 1398- Added Russian translation. 1399- Bug 2020 - HideFiles sometimes fails. 1400- Bug 3146 - <Directory> paths using glob characters may not match as expected. 1401- Bug 3147 - Comma-delimited commands in <Limit> sections not handled properly. 1402- Bug 3149 - Bad handling of %p, %V, and %v variables in mod_sql. 1403- Bug 3150 - mod_facl erroneously assumes no permissions, rather than all 1404 permissions, in some cases. 1405- Bug 3159 - mod_rewrite build fails due to missing mode argument in open(2) 1406 call on some platforms. 1407 14081.3.2rc3 - Released 20-Nov-2008 1409-------------------------------- 1410- Bug 3114 - Bad handling of uid/gid parameters for CreateHome. 1411- Bug 3115 - Cross-site request forgery. 1412- Bug 3116 - SQLNegativeCache with no group info can cause segfault. 1413- Bug 3117 - Authentication improperly allowed (Bug#2922 regression). 1414- Bug 3119 - Search for libcap2 in addition to libcap for mod_cap support. 1415- Bug 3120 - WrapTables not allowed in <Anonymous> context. 1416- Bug 3122 - iconv() not detected properly on FreeBSD when --enable-nls is used. 1417- Bug 3124 - mod_sql improperly substitutes variables in user/group names. 1418- Bug 3089 - Memory pool double-free on session exit after aborted data 1419 transfer. 1420- Bug 3092 - FSIO API needs mechanism for allowing registered FS handlers to 1421 permit atomic renames. 1422- Bug 2767 - gcc 4.0/amd64 warnings. 1423- Bug 3126 - Segfault in mod_sql_sqlite when user belongs to multiple groups. 1424- Bug 3130 - HideFiles can cause segfault. 1425- Bug 3131 - Session process uses 100% CPU after aborted transfer. 1426- Bug 3132 - Handling of SIGABRT signal leads to endless loop. 1427- Bug 3073 - Command arguments not decoded properly in some places. 1428- Bug 3135 - Aborting a download can lead to segfault in some cases. 1429 14301.3.2rc2 - Released 17-Sep-2008 1431-------------------------------- 1432- Added Chinese translation 1433- Bug 3076 - RPM build failing on 64 bit OS due to incomplete .spec. 1434- Bug 3082 - Use "DEFAULT" keyword instead of "ALL" for Trace directive. 1435 Hopefully the "DEFAULT" keyword will be more accurate, more descriptive 1436 of the actual functionality triggered by the keyword. 1437- Bug 3083 - Multiple issues with handling of <Class> definitions. 1438- Bug 3077 - Transparently handle the X-variant commands when checking 1439 <Limit> permissions. 1440- Bug 3036 - Quota information not persisted if session ends abruptly. 1441- Bug 3094 - Perform unidirectional SSL/TLS shutdown on data connections. 1442- Bug 3096 - libcap version errors on newer Linux kernel. 1443- Bug 3074 - Support configure option for pkgconfig .pc file install 1444 location. 1445- Bug 3095 - TLSPassphraseProvider port number truncated. 1446- Bug 3099 - Add trace logging of filesystem permission errors. To see 1447 this additional logging, use Trace logging, and configure it to log 1448 the "fileperms" log channel. 1449- Bug 3100 - Support ftpmail options for sending emails only for specific 1450 users. See doc/contrib/ftpmail.html for more details. 1451- Bug 3030 - GroupOwner should work for all groups. Previously, GroupOwner 1452 (without using UserOwner) could fail, if the user did not belong to 1453 the specified group. Now proftpd will automatically detect, when 1454 handling GroupOwner, when root privileges need to be used for the 1455 configured group. 1456- Bug 3101 - mod_wrap2 does not compile on FreeBSD with custom includes. 1457- Bug 3098 - Socket descriptor leak when using syslog logging, especially at 1458 SyslogLevel 'notice' or higher. 1459- Bug 3055 - Support Display variable for specifying the timestamp format. 1460 See doc/howto/DisplayFiles.html for more information. 1461- Bug 2537 - mod_sql does not support %{...}t variable. SQLNamedQuery 1462 statements can now use "%{time:...}" variables for formatting time strings 1463 using strftime(3). 1464- Bug 2564 - Improper logging of "max connections per host". The issue was 1465 one of the timing of the logging of the "Login successful" message. Now 1466 it happens as part of a LOG_CMD handler for the PASS command. 1467- Bug 3104 - Syslog logging does not work on Mac OS X. 1468- Bug 2991 - Need a `prxs' (ProFTPD Extensions) command-line tool for building 1469 shared modules without proftpd source. 1470- Bug 3106 - Add support for Mac OSX 10.5 sendfile. 1471- Bug 3107 - TLSProtocol supports misleading "SSLv23" parameter. 1472- Bug 3108 - Support removing MLST from FEAT list. The mod_facts module 1473 now supports a FactsAdvertise directive; see doc/modules/mod_facts.html 1474 for details. 1475- Bug 3109 - Errors with file uploads logged but not reported to clients. 1476- Bug 3112 - Uploaded files are not removed if close() fails. 1477 14781.3.2rc1 - Released 15-Apr-2008 1479-------------------------------- 1480- Bug 2978 - Support more verbose OpenSSL diagnostic logging. There is now 1481 support for an "EnableDiags" TLSOptions setting, which logs a lot of 1482 SSL/TLS protocol information to the TLSLog. 1483- Bug 2969 - Allow APPE after REST. 1484- Bug 2983 - Use getgrouplist(3) for group lookup, if available. This may 1485 potentially speed up the group membership lookup on some systems. 1486- Bug 2984 - mod_auth_file uid2name() does not cache results causing slow LIST 1487 response. 1488- Bug 2925 - Add caching of IP address and DNS name lookups. This may help 1489 speed up data transfers, especially rapid-fire data transfers as used by 1490 "download accelerators". 1491- Bug 2979 - Ability to ban clients which connect too often. The mod_ban 1492 module now supports a "ClientConnectRate" BanOnEvent rule. 1493- Bug 2987 - Verbose ban information (i.e. 'ftpdctl ban info -v') not working 1494 on FreeBSD. 1495- Bug 2986 - Authoritative PAM is not honored. 1496- Bug 2988 - mod_wrap2_file ignores "ALL" keyword. 1497- Bug 2982 - Support limit on number of simultaneous file transfers from one 1498 client. Two new configuration directives, MaxTransfersPerHost and 1499 MaxTransfersPerUser, have been added. 1500- Bug 2386 - Controls should use kernel-enforced credentials where possible. 1501- Added mod_dynmasq contrib module. See doc/contrib/mod_dynmasq.html for 1502 more information. 1503- Bug 2968 - Ability to allow protection on control channel, but reject 1504 protection on data channel. See doc/contrib/mod_tls.html#TLSRequired 1505 for details. 1506- Added mod_unique_id contrib module. See doc/contrib/mod_unique_id.html 1507 for details. 1508- Bug #2990 - TLSCryptoDevice does not work. 1509- Bug #2989 - Unable to authenticate users if RadiusUserInfo is not configured. 1510- Bug #2937 - Should list modules (with versions) for modules loaded as DSOs. 1511 The -vv command-line option now shows all modules (and versions), both 1512 static and shared. See the RELEASE_NOTES for more details. 1513- Bug #2993 - Unable to compile 1.3.1 on Debian unstable/amd64. The configure 1514 script was brokenly checking for the umode_t data type, which is not needed 1515 by the proftpd source code. 1516- Bug #2992 - The %f LogFormat variable expanded improperly to "-" for 1517 SITE CHMOD. 1518- Bug #2995 - The %f LogFormat variable expanded to same file for RNFR and 1519 RNTO. 1520- Bug #2996 - Requirement for same OpenSSL header, library version in mod_tls 1521 too restrictive. If differences are detected now, the difference is logged, 1522 but the daemon will start up. 1523- Bug 3005 - OOB abort closes the control connection. 1524- Bug 3004 - 'ScanOnLogin' QuotaOption does not honor QuotaDirectoryTally 1525 directive. 1526- Bug 3006 - 'ScanOnLogin' QuotaOption may try to update a nonexistent tally 1527 record. 1528- Bug 3001 - Incomplete downloads not logged properly in TransferLog if 1529 sendfile is used. 1530- Bug 3012 - SITE UTIME should support YYYYMMDDhhmmss format. 1531- Bug 3013 - "TLSOptions AllowPerUser" not working as expected. 1532- Bug 3019 - DisplayLogin in <Anonymous> section not displayed properly. 1533- Bug 3015 - Support for RFC3659. There is a new module, mod_facts, which 1534 implements the RFC3659 commands of MLSD and MLST, as well as the MFF and 1535 MFMT commands from an Internet Draft. 1536- Bug 2894 - The AnonymousGroup directive has been marked for deprecation, 1537 and will be removed in a future release. 1538- Bug 3003 - Fallback to normal transmission in case of sendfile EOVERFLOW 1539 error missing. 1540- Bug 2874 - Data transfer buffers should be allocated at startup, not at 1541 compile time. 1542- Bug 3014 - Optionally set PAM_TTY item when using PAM. Use 1543 "AuthPAMOptions NoTTY" to disable this. 1544- Bug 2741 - Apply TimeoutNoTransfer, TimeoutStalled, TimeoutIdle to 1545 <Anonymous> section. 1546- Bug 2997 - Uploading files with "~" causes harmless but annoying log 1547 message. 1548- Bug 2889 - Update SQLLog so that RNTO stores the path when using the 1549 %F variable. 1550- Bug 2731 - Add ability to set process priority for file transfers. A new 1551 TransferPriority directive has been added, which can be used to set the 1552 scheduling priority of the session process during file transfers. 1553- Bug 3020 - Server replies to NLST with 450 at the wrong time. 1554- Bug 1771 - mod_ratio compile warnings. 1555- Bug 1973 - mod_ratio uses the too-small int datatype for tracking bytes. 1556 The mod_ratio module has been updated to use off_t, instead of int, for 1557 tracking bytes. 1558- Bug 1896 - Check AIX account status. The AIX-specific loginrestrictions() 1559 and passwdexpired() functions, if present, are now used by the mod_auth_unix 1560 module during login. 1561- Bug 2453 - Separate RFC1413 code into mod_ident module. 1562- Bug 3023 - Allow uploading to /dev/null. This allows testing of network 1563 link speeds by uploading directly to /dev/null on the server. 1564- Bug 3022 - Timed SQL connections don't reconnect to database. 1565- Added mod_sql_sqlite contrib module, for authenticating using a SQLite 1566 database. See doc/contrib/mod_sql_sqlite.html for more details. 1567- Added mod_sql_odbc contrib module, for connecting to a database via 1568 ODBC drivers. See doc/contrib/mod_sql_odbc.html for more information. 1569- Bug 3025 - Using %b in a SQLNamedQuery does not properly log the file size 1570 for DELE. 1571- Bug 3026 - RewriteCondition does not negate -d -f -s tests. 1572- Bug 3027 - Unmatched backreferences are not handled properly in RewriteRules. 1573 Unmatched backreferences are now replaced with empty strings. 1574- Bug 2999 - Data transfer not aborted when control connection is closed. 1575- Bug 3031 - IPv4-mapped IPv6 connections not matched properly against IPv4 1576 glob ACLs. 1577- Bug 3033 - Class rules not honoring '!' negation character. 1578- Bug 3034 - Rewritten command parameters need to be set in multiple places. 1579- Bug 2577 - IPv6 support should be enabled by default. IPv6 support is 1580 now enabled by default in the proftpd build, but the shipping 1581 proftpd.conf has: 1582 1583 UseIPv6 off 1584 1585 To disable IPv6 support completely at build time, use the --disable-ipv6 1586 configure option. 1587- Bug 2000 - mod_cap should not use bundled libcap. Now if a system libcap 1588 is present, that system library will be used instead of the bundled libcap. 1589 If no system libcap is present, the bundled libcap will be used. 1590- Bug 3044 - Segfault if mod_delay fails to load DelayTable. 1591- Bug 3048 - mod_wrap2_file should support comma-delimited lists of clients. 1592- Bug 3045 - "QuotaOptions ScanOnLogin" does not work for 'class' or 1593 'all' limits. 1594- Bug 3047 - BanOnEvent should support optional ban message. Now messages 1595 for individual ban rules can be configured, in addition to the BanMessage 1596 directive. 1597- Added contrib/ftpmail, a Perl script which reads a TransferLog FIFO and 1598 sends automatic email notifications whenever uploads occur. See 1599 doc/contrib/ftpmail.html for more details. 1600- Bug 3050 - Support use of OpenSSL in FIPS mode. See doc/howto/TLS.html for 1601 details on how to use FIPS mode. 1602- Bug 3051 - mod_quotatab incorrectly reduces file count on rename. 1603- Bug 2840 - Online Certificate Status Protocol (OCSP) support. 1604- Bug 3058 - Handling of OPTS command results in badly set values in code. 1605- Bug 3059 - Wrong handling of UTF8 conversions. 1606- Bug 3061 - Segfault in mod_quotatab_sql if the SQL query returns NULL 1607 bytes/files values. 1608- Bug 3056 - Support non-UTF8 encoding and character sets. See 1609 doc/modules/mod_lang.html for more information on the UseEncoding directive. 1610- Bug 3064 - Better handling of 0xFF character for Cyrillic, non-UTF8 charsets. 1611 These character sets use the same value as the Telnet IAC character in 1612 the alphabet. RFC959 states that FTP control messages must support Telnet 1613 characters; this requirement causes problems for the character sets. 1614 This the RFC959 requirement is relaxed if --enable-nls is used, and if 1615 one of the problematic character sets is configured. 1616 16171.3.1 - Released 5-Oct-2007 1618-------------------------------- 1619- Bug 2944 - mod_sql_mysql fails to compile due to missing quotation. 1620- Bug 2946 - Anonymous logins fail if the mod_facl module is enabled. 1621- Bug 2947 - SIGBUS on Mac OS X when dynamically loading shared libs. 1622- Bug 2950 - Hostname with multiple IP addresses might cause "ai_family not 1623 supported" error if IPv6 support enabled. 1624- Bug 2955 - Undeclared identifier MAP_FAILED for mod_delay on AIX. 1625- Bug 2958 - mod_wrap2 does not handle multiple rules in access files. 1626- Bug 2963 - Use of -A option for LIST/NLST commands not cleared for 1627 subsequent commands. 1628- Bug 2964 - Building RPM fails because of *snprintf trying to be redefined. 1629 This is actually caused by a particular combination of compiler flags 1630 (-O2 and -Wp,-D_FORTIFY_SOURCE=2), which are used by the `rpmbuild' 1631 command in some Linux releases. 1632- Bug 2974 - Install error if multiple modules, using their own build script, 1633 are built as shared modules. 1634- Bug 2981 - Command-line long options --ipv4 and --ipv6 do not work. 1635- Bug 2795 - Improvements to RPM .spec file to build more of the modules, plus 1636 better optional packaging organization. 1637 16381.3.1rc3 - Released 04-Jul-2007 1639-------------------------------- 1640- Bug 2875 - Malformed getopt checks cause compilation errors in getopt.c. 1641- Bug 2877 - ServerType 'inetd' results in "getnameinfo error: ai_family not 1642 supported" errors in log. 1643- Bug 2878 - Error compiling proftpd on Solaris 2.9 using --with-lastlog. 1644- Bug 2881 - ProFTPD does not support OPTS UTF8 command when --enable-nls is 1645 used. 1646- Bug 2883 - Problem with locale and SQL database queries. 1647- Bug 2893 - ProFTPD can use the wrong group data if the user name changes. 1648- Bug 2897 - mod_quotatab subtracts size of deleted file from bytes-transferred 1649 tally. 1650- Bug 2902 - Stack read overrun in mod_xfer on 32bit platform. Use an 1651 explicit compiler cast to ensure that the proper data type size is used 1652 in the arguments for a variadic function. 1653- Bug 2906 - RewriteCondition backreferences not properly substituted. 1654- Bug 2913 - TYPE command does not clear ASCII flag from LIST/NLST commands. 1655- Bug 2911 - NLST on a nonexistent path, followed by an NLST on an existing 1656 file, causes segfault. 1657- Bug 2922 - Auth API allows one auth module to authenticate user data provided 1658 by a different auth module. 1659- Bug 2921 - NLST fails if using POSIX ACLs. The mod_ls module, when 1660 handling the NLST command, was using an unnecessary access(2) check. 1661- Bug 2864 - DisplayLogin should work regardless of chroot. This now works 1662 for DisplayQuit and DisplayTransferFiles as well. 1663- Bug 2920 - ABOR command not handled during data transfer. 1664- Bug 2924 - DeleteAbortedStores doesn't work when the ABOR command is used. 1665- Bug 2890 - SystemLog permission errors on SIGHUP when mod_tls is enabled. 1666- Bug 2932 - Syslog contains "error setting IPV6_V6ONLY: Protocol not 1667 available". Check the IPV6_V6ONLY socket option first, and only attempt 1668 to disable it if needed. Also use the IPPROTO_IPV6 socket level. 1669- Bug 2934 - Function perm_copy_fd() not in older Linux libacl versions. 1670- Bug 2923 - ftptop display flickers if delay is greater than 25 seconds. 1671- Bug 2900 - Some kernels incorrectly reuse IPv6 ports for EPSV command. 1672- Bug 2935 - DELE command doesn't check file stat result before logging. 1673- Bug 2938 - mod_wrap2 does not honor WrapTables for <Anonymous> logins. 1674- Bug 2939 - Anonymous restrictions apply after a failed anonymous login 1675 followed by a successful normal user login. 1676- Bug 2942 - BanLog directive does not accept "none" parameter. 1677 16781.3.1rc2 - Released 12-Jan-2007 1679-------------------------------- 1680- Bug 2856 - Support for RADIUS NAS-Identifier attribute. 1681- Bug 2849 - Error msg "Not owner" returned by "SIZE in ASCII mode" is 1682 misleading. 1683- Bug 2857 - Failure to properly unregister event handlers leads to segfault 1684 after restarts. 1685- Bug 2869 - mod_sql botches WHERE clauses. 1686- Bug 2872 - CreateHome doesn't recreate symlinks from skeleton properly. 1687 16881.3.1rc1 - Released 12-Dec-2006 1689-------------------------------- 1690- Bug 2766 - Support for automatic stack trace if SIGSEGV is received. 1691- Bug 2714 - mod_auth_file munges AuthUserFile, AuthGroupFile records. 1692- Bug 2721 - mod_auth_unix does not behave properly when first in AuthOrder. 1693- Bug 2535 - Compare directives using integer comparisons when possible to 1694 improve performance. 1695- Bug 2753 - CCC not closing SSL/TLS connection correctly. 1696- Bug 2654 - FEAT command should be subject to <Limit>. 1697- Bug 2740 - TYPE command not allowed before USER/PASS, causes problem for 1698 `ftp -n'. 1699- Bug 2777 - ProFTPD does handle data sockets properly on FreeBSD 6. 1700- Bug 2664 - Add 'delay info' ftpdctl action for showing DelayTable values. 1701 This patch also added a 'delay reset' ftpdctl action, for clearing the 1702 DelayTable. 1703- Bug 2769 - mod_auth_pam needs a patch to allow pam_group to work. 1704- Bug 2599 - Support for using OpenSSL "engines". 1705- Bug 2611 - CreateHome should allow non-root-owned parent directories. 1706- Bug 2686 - Allow CCC command but still require SSL/TLS protection during 1707 authentication. 1708- Bug 2628 - SQLHomedirOnDemand should be deprecated. The CreateHome 1709 directive should be used instead. 1710- Bug 2627 - Support for RADIUS quotatab module. The mod_quotatab_radius 1711 module has been added to the contrib/ directory. See README.modules 1712 and doc/contrib/mod_quotatab_radius.html for more information. 1713- Bug 2651 - LogFormat should support variable for logging the response 1714 message. A new %S logging variable has been added. 1715- Bug 2447 - HAVE_OPENSSL should be managed by configure. There is a 1716 new configure option, --enable-openssl, which is honored by mod_ldap 1717 and mod_sql. This configure option can be used instead of using 1718 the HAVE_OPENSSL CFLAGS variable, although HAVE_OPENSSL will still work. 1719- Bug 2733 - IP TOS not being set for data transfers. Other socket-level 1720 options were not being properly honored for data transfers, too. 1721- Added mod_ban. See doc/contrib/mod_ban.html for more details. 1722- Enhanced the mod_sql API to allow other modules (such as mod_conf_sql) 1723 to make fuller use of SQL databases via mod_sql. 1724- Bug 2713 - Ability to check a user's existing disk bytes/files usage and 1725 update tally accordingly. The mod_quotatab module now has a QuotaOptions 1726 directive, one of whose parameters is ScanOnLogin, which directs the 1727 module to update existing tallies after scanning the user's home 1728 directory. 1729- Bug 2786 - REST in ASCII mode returns error but leaves session in 1730 inconsistent state. 1731- Bug 2785 - IPv4-mapped IPv6 network ACLs not matched properly against 1732 IPv4 connections. 1733- Bug 2732 - Support for DisplayChdir, rather than DisplayFirstChdir. 1734- Bug 2506 - Better ability to configure what sort of debug output to generate. 1735 This is done via the new Trace and TraceLog directives. 1736- Bug 2514 - Trouble with mod_tls and DSA certificates. 1737- Bug 2792 - ProFTPD fails after SIGHUP signal when Controls support is 1738 enabled. 1739- Bug 2775 - Support for DisplayFileTransfer directive. 1740- Bug 2793 - LogFormat variable for the ProFTPD version. This adds a 1741 "%{version}" variable to the LogFormat directive. 1742- Bug 2797 - Add ability to force cleaning the scoreboard. This can now 1743 be done using "ftpdctl scoreboard scrub". 1744- Bug 2800 - free_proc_title() in developer build tries to free strings from 1745 pool allocated by mod_tls. 1746- Bug 2801 - Error compiling proftpd on NetBSD 3.0/sparc64. 1747- Bug 2687 - Support for more efficient group table schema. A new 1748 directive, SQLOptions, has been added. One possible parameter of this 1749 directive is 'useNormalizedGroupSchema', in which case mod_sql will 1750 process the group info table in a more efficient manner. 1751- Bug 2798 - MDTM should return time in GMT. MDTM responses now always use GMT. 1752- Bug 2784 - Ability to specify MySQL Unix domain socket path. 1753- Bug 2610 - Support for logging to /var/log/lastlog. See the RELEASE_NOTES 1754 for more details on how to use this feature. 1755- Bug 2710 - ProFTPD should install its header files into the installation 1756 location. The `make install' target now causes proftpd header files, 1757 including config.h, to be installed into a include/proftpd/ directory 1758 in the installation location. 1759- Bug 2626 - ERROR macro collision can cause compiler errors on HP-UX. 1760 The ERROR, DECLINED, and HANDLED macros have been renamed PR_ERROR, 1761 PR_DECLINED, and PR_HANDLED, respectively. Compatibility macros for 1762 older contrib modules are available. 1763- Bug 2807 - mod_sql processes SQLLog QUIT query twice. This bug is a 1764 consequence of Bug 1965. 1765- Bug 2810 - Incorrect use of assignment instead of comparison in mod_wrap. 1766- Bug 2803 - mod_auth_file does not properly iterate through AuthUserFile 1767 entries. 1768- Bug 2809 - conf.h should be included before mysql.h in mod_sql_mysql.c. 1769- Bug 2774 - Idle clients exhibit excessive usage of system resources. 1770 This occurs because of interrupted system calls, which trigger tightly 1771 spinning retry loops within the process. The ability to tune the delay 1772 used in these retry loops has been added to address this behavior. 1773- Added mod_wrap2, mod_wrap2_file, and mod_wrap2_sql. See 1774 doc/contrib/mod_wrap2.html for more details. 1775- Bug 2825 - SSL/TLS CRLs are not working properly. 1776- Bug 2835 - Group quotas not honored for supplemental group membership. 1777- Bug 2837 - Defines improperly persist across daemon restarts. 1778- Bug 2839 - ProFTPD seems to re-read the file two times in RETR command. 1779 The problem was one where sendfile() was being used, and the sendfile() 1780 called failed for some reason. In that case, proftpd would fall back 1781 to transmitting the data via normal, non-sendfile() means. If the 1782 sendfile() call had actually sent data to the client already, this 1783 fallback attempt would result in the client receiving too much data. 1784 Now, if there was an error using sendfile(), proftpd logs the error 1785 and considers it a failed transfer due to an I/O error. 1786- Bug 2756 - Support for TLSPassPhraseProvider. 1787- Bug 2799 - SQLNamedQuery should support environment variables. SQL 1788 queries defined using the SQLNamedQuery directive can now use 1789 "%{env:VAR}" to have the environment variable VAR substituted into the 1790 query. 1791- Bug 2828 - Support variables in SQL Where directives. Now the variables 1792 supported for SQLNamedQuery statements, except for "%{n}" numeric 1793 references, are also supported for the SQLGroupWhereClause and 1794 SQLUserWhereClause directives. 1795- Bug 2842 - Filesystem statcache is not correctly caching return value of 1796 stat(). 1797- Bug 2817 - Ability to disable IPv6 support at runtime. You can now 1798 configure "UseIPv6 off" in your proftpd.conf to disable IPv6 support 1799 (assuming proftpd was compiled using --enable-ipv6). 1800- Bug 2847 - HiddenStores files not properly removed if data transfer times 1801 out. 1802- Bug 2848 - Unable to properly parse config files using Windows-style line 1803 endings. Such line endings can appear in the proftpd.conf if the file 1804 is transferred using Windows machines, or using FTP clients that do not 1805 properly translate CRLF to LF when handling ASCII files. 1806- Bug 2850 - Small event pool allocation on 64-bit machine leads to segfault 1807 on startup. 1808- Bug 2860 - Failure to check for data length in mod_tls could lead to remote 1809 buffer overwriting. 1810- Bug 2863 - LIST of nonexistent file causes RST on data channel. 1811- Bug 2862 - NLST / returns a listing of the current directory. 1812- Bug 2867 - Local authorized user buffer overflow in Controls request 1813 handling. 1814 18151.3.0a - Released 27-Nov-2006 1816-------------------------------- 1817- Bug 2858 - CVE-2006-5815: remote code execution in ProFTPD. 1818 18191.3.0 - Released 16-Apr-2006 1820-------------------------------- 1821- Bug 2733 - libtool requires sh/bash. 1822- Bug 2770 - FreeBSD compiler warning that "__GLIBC__" is not defined. 1823- Bug 2771 - FreeBSD compiler warning about undeclared fgetpwent/fgetgrent 1824 functions. 1825- Bug 2772 - FreeBSD compiler warning that "_FILE_OFFSET_BITS" is not defined. 1826 18271.3.0rc5 - Released 18-Mar-2006 1828-------------------------------- 1829- Bug 2757 - Add support for quota modules to RPM spec. 1830- Bug 2759 - Adding --with-includes to configure can cause problems when 1831 building with other packages. Fixed so that CPPFLAGS and LDFLAGS are 1832 restored to their original settings after running the configure 1833 script. This was a regression (of sorts) from fixing Bug #2708. 1834- Bug 2764 - REST command does not return an error for negative numbers. 1835- Bug 2717 - Wrong timestamp in logs for chrooted processes. Ultimately 1836 this behavior looks to be a glibc bug. In the meantime, the workaround 1837 is to manually set the TZ environment variable, if it is not already 1838 set, before calling chroot(). This bug appears to be specific to 1839 glibc, thus the workaround is only enabled on platforms using glibc-2.3 1840 or later. 1841- Bug 2765 - Child process segfaults while handling a SIGTERM. 1842- Bug 2723 - mod_delay causes process to hang on OS X when proftpd exits. 1843 18441.3.0rc4 - Released 01-Mar-2006 1845-------------------------------- 1846- Bug 2703 - Disk quota exceeded for small files not being triggered. 1847- Bug 2706 - utmp/wtmp logging on NetBSD needs some tweaks. 1848- Bug 2708 - configure cannot detect some headers. The configure 1849 script now adds the directories mentioned via the --with-includes 1850 and --with-libraries options to the CPPFLAGS and LDFLAGS environment 1851 variables. 1852- Bug 2711 - Controls socket detection broken. 1853- Bug 2712 - DisplayFirstChdir directive does not work. 1854- Bug 2705 - proftpd fails to log anything to syslog after dropping privs 1855 on Solaris. This happens because of the default permissions on /dev/log 1856 on Solaris. 1857- Portability tweaks for Mac OS 10.4. 1858- Bug 2729 - Authoritative PAM authentication doesn't work. The mod_auth_pam 1859 module still had code for supporting the deprecated AuthPAMAuthoritative 1860 directive. As per Bug #2440, however, the AuthOrder directive should 1861 be used for configuring authoritativeness. This fixes mod_auth_pam 1862 to behave properly using the new AuthOrder setting. 1863- Bug 2709 - mod_sql improperly strips spaces from names, allowing for 1864 confusing authentication. 1865- Bug 2735 - Allow REST 0 in ASCII mode. 1866- Bug 2746 - Data transfer function does not return error condition in case of 1867 read errors. 1868- Bug 2752 - FEAT reply not RFC 2389 compliant. 1869 18701.3.0rc3 - Released 31-Oct-2005 1871-------------------------------- 1872- Bug 2660 - Add mod_facl in rpm spec file. 1873- Bug 2662 - OpenSolaris/Solaris 11 has TCP_CORK but not SOL_TCP. 1874- Bug 2667 - mod_tls handles SIGHUP badly. 1875- Bug 2668 - mod_ctrls fails to open socket during SIGHUP. 1876- Bug 2669 - mod_radius segfaults if PASS command sent with no USER command. 1877- Bug 2674 - mod_sql string escape problem during group lookups. 1878- Bug 2676 - configure option --disable-ipv6 enables IPv6. 1879- Bug 2685 - ListOptions' max parameters cannot be set higher than 255. 1880- Bug 2689 - Parser does not complain about unclosed configuration sections. 1881- Bug 2695 - Client IP/host is not logged when client exits. 1882- Bug 2697 - Improper SSL session shutdown sequence used for some FTPS clients. 1883- Bug 2682 - Signals can interrupt privilege switching. 1884- Bug 2692 - R_DUP response messages can break the FTP protocol responses. 1885 18861.3.0rc2 - Released 24-Jul-2005 1887-------------------------------- 1888- Bug 2584 - mod_sql_postgres missing end-of-comment character. 1889- Bug 2587 - HideNoAccess does not work for DefaultRoot/<Anonymous> logins. 1890- Bug 2590 - AIX uses unsigned int for ULONG_MAX, causing printf format warning. 1891- Bug 2591 - wrong argument type in call to pr_log_debug in mod_delay.c on AIX. 1892- Bug 2593 - `make install-modules' does not honour DESTDIR environment variable. 1893- Bug 2596 - STAT command can cause segfault. 1894- Bug 2588 - AIX requires _USE_IRS #define to use hstrerror(). 1895- Bug 2582 - ProFTPD on Tru64 with SIA does not call sia_ses_estab(). 1896- Added new 'dns' control to mod_ctrls_admin, for enabling/disabling 1897 UseReverseDNS configuration at runtime. See doc/contrib/mod_ctrls_admin.html 1898 for details. 1899- Bug 2605 - Compiler warnings/errors about missing typecasts on HP-UX. 1900- Bug 2589 - Makefile in modules/ directory is not portable. 1901- Bug 2598 - Build system should check for duplicate module requests. 1902- Bug 2585 - Proftpd does not write RFC 3164 compliant messages into /dev/log. 1903- Bug 2601 - mod_delay sometimes delays for a long time. 1904- Bug 2622 - Segfault seen randomly in mod_delay. 1905- Bug 2578 - ProFTPD does not listen on IPv6 addresses on FreeBSD. 1906- Bug 2624 - "fh_data" macro collision causes compiler error on Tru64 V5.1A. 1907- Bug 2250 - Add ports, compiling info to FreeBSD README. 1908- Bug 2631 - Segfault when using RadiusAcctServer. 1909- Bug 2632 - Invalid application of `sizeof' to an incomplete type on AIX. 1910- Bug 2637 - <Limit STAT> does not work. 1911- Bug 2636 - Data connection failure when handling STOR does not trigger 1912 error response. 1913- Bug 2639 - HiddenStores does not work. 1914- Bug 2630 - Use of mmap in mod_delay may be problematic on HP-UX. This 1915 change adds locking of the DelayTable, which may (or may not) also 1916 help on other platforms. 1917- Bug 2644 - mod_sql_mysql should handle old MySQL password format more 1918 gracefully. Starting with MySQL 4.1.1, the format for passwords stored 1919 using the MySQL PASSWORD() function changed. This format change causes 1920 issues for sites that have passwords stored in the older format. Users 1921 of mod_sql+mod_sql_mysql would see this as users being unable to login. 1922 Now, if compiled against MySQL 4.1.1 or later, mod_sql_mysql will first 1923 check the password using the current MySQL format; if that fails it 1924 will fall back to checking the old format. Note that this only affects 1925 sites which have "SQLAuthTypes Backend" in their proftpd.conf. 1926- Bug 2647 - Improper "socklen_t" redefine for HP-UX when using X/Open. 1927- Fixed mod_sql bug where using SQLLog and SQLNamedQuery with the %L or 1928 %a variables, and logging the EXIT pseudo-command, would cause a segfault. 1929- Bug 2375 - Slow directory listing with several blank .ftpaccess files. 1930- Bug 2646 - ftpshut format string vulnerability. 1931- Bug 2645 - SQLShowInfo format string vulnerability. 1932- Bug 2560 - Reporting errors when user filesystem quota is exceeded. 1933- Bug 2653 - When MaxStoreFileSize is reached, error should be EDQUOT rather 1934 than EPERM. 1935- Bug 2657 - Segfault in tls_get_error() function in mod_tls. 1936- Bug 2658 - Segfault in mod_radius when using long password. 1937 19381.3.0rc1 - Released 10-Apr-2005 1939-------------------------------- 1940- Bug 2449 - ProFTPD silently ignores extra command-line parameters 1941- Bug 2457 - Directory listing provides bad info when path ends with /. 1942- Bug 2458 - Bad handling of CreateHome parameters. 1943- Bug 2463 - mod_xfer doesn't check how many bytes it has written to disk. 1944- Bug 2476 - Incorrect detection of symbolic link loop across devices. 1945- Add support for a -V command-line option, which displays various 1946 compile-time settings. 1947- Bug 2455 - Allow fine-tuning of how often mod_xfer updates the scoreboard. 1948 This adds an --enable-scoreboard-updates configure option. 1949- Bug 2389 - 64-bit compilation warnings. 1950- Bug 2468 - Ability to disable address/port collision checking. A new 1951 command-line option, -N, can be used to disable proftpd's checks for 1952 <VirtualHost> address/port collisions. 1953- Bug 2488 - Wrong order of privs calls on HP generates "unable to setregid()" 1954 error (Bug #2317 revisited). 1955- Bug 2392 - mod_sql needs better handling of its backend modules. 1956- Daniel Weuthen <dw@megabit.net> contributed a SuSE-specific init.d script 1957 for ProFTPD. 1958- Bug 2485 - SQL backend modules close all open connections too early. 1959 This fixes a bug where a "signal 11" would be reported, when a session 1960 ends, if the "EXIT" SQLLog command was configured. 1961- New mod_ldap version 2.8.13 1962- Bug 2490 - <Limit ALL> affects PORT command. When the EPRT, EPSV, PASV, 1963 and PORT commands became <Limit>able (see Bug #2086), they became 1964 affected by <Limit ALL> as well, which breaks older configurations. 1965 Using the following configuration: 1966 1967 <Limit PORT PASV> 1968 AllowAll 1969 </Limit> 1970 1971 is a way to workaround this bug in 1.2.10 installations. 1972- Bug 2492 - Off-by-one error in FreeBSD PAM username length check. 1973- Bug 2496 - NLST off-by-one bug when handling relative paths in a chrooted 1974 session. 1975- Bug 2494 - ABOR problem with Cisco routers copy ftp flash. 1976- Bug 2499 - make_cmd() does not NULL-terminate cmd->argv[]. 1977- Bug 2497 - Users can login without password if pam_start() fails. 1978- Bug 2273 - Ability to limit number of unauthenticated clients from a single 1979 host. There is a new MaxConnectionsPerHost directive for configuring 1980 the maximum number of connections from a single host at the same time. 1981- Bug 1965 - Change timing of handling of QUIT command. The actual ending 1982 of the session is now done by LOG_CMD/LOG_CMD_ERR handlers for the QUIT 1983 command. This allows modules that wish to do POST_CMD processing of 1984 QUIT, like mod_sql, a chance to see the command. 1985- Bug 2484 - Better ftptop formatting. 1986- Bug 2071 - Add Variables API. 1987- Added DSO support. See the README.DSO file for more information. 1988- Bug 2509 - sendfile() usage fails with > 2GB files. 1989- Bug 2480 - Remote users discovery. Leon Juranic described an information 1990 leak via timing differences in the handling of the USER command for 1991 valid versus invalid users. The mod_delay module was added to address 1992 this timing difference. See doc/modules/mod_delay.html for details. 1993- Bug 2518 - Ability to log SSL/TLS commands in an ExtendedLog. A 1994 new "SEC" logging class has been added for use in ExtendedLog directives, 1995 e.g 'ExtendedLog /path/to/rfc2228.log SEC'. 1996- Bug 2507 - Enable use of sendfile by default. Use the new UseSendfile 1997 directive to disable, e.g. 'UseSendfile off'. 1998- Bug 2471 - Restart command (REST) is not working correctly for text files. 1999 When in ASCII mode, ProFTPD now refuses to handle REST. This behavior 2000 is documented in doc/howto/ASCII.html. 2001- Bug 2454 - Extend <VirtualHost> to honor multiple addresses. With this 2002 change, the Bind directive is now deprecated. See the RELEASE_NOTES 2003 for more details. 2004- Bug 2516 - Getting "421 Login Timeout" immediately upon connect. 2005- Bug 2520 - Turning on AuthAliasOnly disables MaxClientsPerHost. 2006- Bug 2510 - Use of ExportCertData TLSOption leads to segfault. 2007- Bug 2528 - Incorrect username 'and' parsing in AllowUser. 2008- Bug 2170 - Add byte count variables, similar to the file count Display 2009 variables. The added variable names are: 2010 2011 %{total_bytes_in} 2012 %{total_bytes_out} 2013 %{total_bytes_xfer} 2014 2015 In addition, variables of a similar syntax can be used for display 2016 file counts, instead of the already-existing variables: 2017 2018 %{total_files_in} 2019 %{total_files_out} 2020 %{total_files_xfer} 2021 2022- Bug 2027 - Add log message for timed out passive transfers. 2023- Bug 2406 - Add a SQLEngine directive. See the mod_sql documentation 2024 for details. 2025- Bug 2229 - NLST and LIST behave differently e.g. when listing an empty 2026 directory. 2027- Bug 2534 - Add suport for -S ListOption, for sorting files by file size. 2028- Bug 2536 - mod_ifsession does not properly merge in all directives. 2029- Bug 2540 - Fails to disable mod_delay if no DelayTable file exists. 2030- Bug 2541 - <Directory ~user> path resolved at startup time, rather than at 2031 session time. 2032- Bug 2549 - Allow contrib modules to be built from multiple source files. 2033- Bug 1651 - Add contrib module to limit connection acceptance based on system 2034 load. mod_load is now one of the provided contrib/ modules. 2035- Bug 2503 - Bundled libcap library does not compile on IA64 machine. 2036- Bug 2556 - Rename of directory across devices fails. The solution is to 2037 prevent renaming of directories. Proper support for copying of directories 2038 will require module support. 2039- Bug 2563 - Linking fails on Solaris with libz and libmysqlclient. The 2040 linker in question was Solaris ld, not GNU ld; the Solaris linker is 2041 more particular about the order of specified libraries. GNU ld is 2042 less strict. 2043- Bug 2331 - ProFTPD should honor POSIX ACLs. Please read the README.facl 2044 file for more information on POSIX ACL support in ProFTPD. 2045- Bug 2573 - TLSProtocol directive in proftpd.conf is ignored. By fixing 2046 this bug, sites may find that a mod_tls configuration which worked 2047 prior to 1.3.0rc1 now does not work, failing with an error like 2048 "wrong version number" appearing in the TLSLog. To restore the previous 2049 behavior, these sites can use "TLSProtocol SSLv23" in proftpd.conf. 2050- Bug 2559 - IPv6 socket option should be set for ServerType inetd. 2051- Bug 2164 - Support non-PASS response codes (i.e. 232). 2052- Bug 2515 - mod_quotatab should enforce hard limits at the filesystem level. 2053- Bug 2567 - Segmentation fault with 64-bit binary due to structure layout 2054 difference. 2055- Bug 2551 - Recursive LIST with symlinked directories gives duplicate results. 2056- Bug 2576 - PWD command does not handle " character properly. 2057- Bug 2493 - mod_tls should support CCC command. 2058- Bug 2580 - ProFTPD on Tru64 with SIA allows login with blank password. 2059- Bug 2554 - mod_delay gets segfault-signal on several logins. 2060 20611.2.10 - Released 04-Sep-2004 2062-------------------------------- 2063- Bug 2440 - Unable to use PAM authentication properly. Use a "*" after 2064 the module name in an AuthOrder directive to indicate that an auth 2065 module is authoritative. 2066- Bug 2441 - AIX5 portability bug with mod_auth_unix, mod_auth_file. 2067- Bug 2442 - Segfault in FreeBSD PAM library with long login names. 2068- Bug 2445 - AuthUserFile in <Global> context overrides <VirtualHost> setting. 2069- Bug 2444 - Use of sendfile() does not interoperate well with RFC2228 2070 security mechanisms. Using sendfile(2) to send data bypasses the handling 2071 of the data by RFC2228 security mechanisms (such as those provided by 2072 mod_tls). So if security mechanisms are detected, do not use sendfile(). 2073- Scrub the ScoreboardFile for stale sessions in inetd mode. 2074- Bug 2427 - proftpd gets a memory fault when run from ssh batch mode. 2075 20761.2.10rc3 - Released 13-Jul-2004 2077-------------------------------- 2078- Fixed typo that prevented 1.2.10rc2 from compiling. 2079 20801.2.10rc2 - Released 13-Jul-2004 2081--------------------------------- 2082- Bug 2396 - NLST command doesn't understand options. This was caused by 2083 the solution for Bug 2322. However, it is not a popular solution, so 2084 NLST will once again handle options, but only the relevant options. 2085- Bug 2034 - Add support for a "graceful shutdown" signal. See 2086 contrib/mod_ctrls_admin.html#shutdown for details. 2087- Bug 2400 - <Class> search order is wrong. The documentation correctly 2088 stated that <Class> sections are matched in order of definition, but the 2089 code has the match order in the reverse order of definition. 2090- Bug 2401 - MaxClientsPerClass only checks first directive in config file. 2091- Bug 2399 - Rename start/stop control actions to up/down. 2092- Bug 2082 - Add mod_rewrite "replaceall" builtin function. See the 2093 RewriteMap documentation for more details. 2094- Bug 2403 - Sending SIGHUP to proftpd stops it when using Classes. The fix 2095 for Bug #2400 could result in an infinite loop during a SIGHUP. 2096- Bug 2405 - "LIST *" should not list dotfiles. 2097- Bug 2366 - Add support for -h LIST option. 2098- Bug 2332 - SO_OOBINLINE error after upgrading proftpd from 1.2.6 to 1.2.9. 2099 This is due mostly to a change in the logging; a check for error values 2100 and logging of them was added. The setting of this particular socket option 2101 has been moved earlier in the session, as it was found that short-lived 2102 TCP connections, as from monitoring systems, would cause this error. 2103- Bug 2407 - mod_auth_file does not allow for proper cascading of "end" and 2104 "set" auth requests. 2105- Bug 2410 - CreateHome always copies skel directory. 2106- Bug 2336 - Use of /dev/log on Solaris leads to kernel memory leak. 2107 ProFTPD's use of the /dev/log device on Solaris was tickling a Solaris 2108 kernel bug that caused the Solaris kernel to leak memory. 2109- Added a TimeoutLinger directive to complement the --enable-timeout-linger 2110 configure option. 2111- Bug 2125 - -vv command line switch should list versions of modules. 2112- Bug 2420 - Name field is not escaped before querying database. 2113 The mod_quotatab module was not properly escaping the name string it 2114 used when looking up records from SQL databases. 2115- Bug 2424 - SQLDefaultHomedir overrides column value. 2116- Bug 2411 - Caching effects cause RNTO to fail if AllowOverwrite is off and 2117 target path does not exist. 2118- Bug 2422 - %v not working in SQLNamedQuery. 2119- Bug 2418 - chmod returns 550 with filename containing multiple spaces. 2120- Bug 2431 - mod_sql does not use UID/GID properly in cache lookups. 2121- Bug 2303 - Problem evaluating multiple <Class> rules. 2122- Bug 2419 - Ability to disable TLSRequired on per-user basis (e.g. for 2123 anonymous logins). 2124- Bug 2438 - Display variable %z not expanded properly. 2125- Bug 2439 - <Limit CWD> doesn't work. 2126 21271.2.10rc1 - Released 28-Apr-2004 2128--------------------------------- 2129- Bug 2135 - Add ability to handle passphrase-protected server keys. mod_tls 2130 can now properly prompt for passphrases for protected server certificate 2131 keys when the daemon is starting up. 2132- Bug 2086 - Add limits for PORT, PASV. This means that now one can use 2133 <Limit> to place access controls on the PORT and PASV commands. This 2134 applies to the EPRT and EPSV commands as well. 2135- Bug 2174 - mod_auth_unix should not act authoritatively. This was causing 2136 problems when using mod_auth_unix.c and the AuthOrder configuration 2137 directive. 2138- Bug 2098 - Added SetEnv and UnsetEnv configuration directives. 2139- Bug 2271 - Improper autoconf check for getaddrinfo() on Tru64 UNIX 5.1. 2140 The getaddrinfo symbol is a macro, not a function, on that platform. 2141- Bug 2255 - RADIUS Service-Type should reflect attribute expectations. 2142- Added Event API. 2143- Bug 2272 - Address/port collision check needs to handle DefaultAddress. 2144- Bug 2072 - Add Controls API. 2145 This API includes a new program, ftpdctl, that is used to communicate 2146 directly with the proftpd daemon via a new core module, mod_ctrls. For 2147 this new functionality to be used, proftpd must be configured using the 2148 added --enable-ctrls option. 2149- Bug 2015 - Add AND, OR keywords to Allow/DenyUser directives. 2150 The AllowUser, DenyUser, AllowGroup, and DenyGroup directives now take 2151 an optional keyword that indicates what type of expression they are: 2152 AND, OR, or regex. By default, AllowUser and DenyUser are OR expressions, 2153 and AllowGroup and DenyGroup are AND expressions. For example: 2154 2155 AllowUser regex ^ftp 2156 DenyUser AND dave,bob 2157 AllowGroup OR web,doc 2158 2159 These demonstrate that the optional keyword modifier must be the first 2160 parameter in the configuration directive. 2161- Bug 2046 - Change RFNR and RNTO logging class to WRITE. This means that 2162 ExtendedLogs that use the WRITE logging class will now include the 2163 RNFR and RNTO commands. 2164- Mac OS X 10.3 portability fixes. 2165- Bug 2274 - Default server only binds to one IP address of host if 2166 the --enable-ipv6 configure option is used. ProFTPD will now properly 2167 bind to all addresses for the default "server config" server. 2168- Bug 2048 - Add ability to get configuration file values from environment. 2169 For example, you can now have the following in your proftpd.conf: 2170 2171 DefaultAddress %{env:PR_DEFAULT_ADDR} 2172 2173 which indicates to ProFTPD's configuration parser to get the value of 2174 the PR_DEFAULT_ADDR environment variable, and substitute it in, e.g.: 2175 2176 PR_DEFAULT_ADDR=1.2.3.4 ./proftpd ... 2177 2178 If the indicated environment variable is not present, the value is 2179 substituted with the empty string. 2180- Bug 1635 - Older systems' chown(1) does not support -h option. The solution 2181 is to prevent this error from stopping the 'make install' process, as it 2182 is a harmless error on such systems. 2183- Bug 2290 - gmtime() static storage may be overwritten by modules. 2184- Bug 2288 - ServerFQDN set to 255.255.255.255 and not hostname. 2185- Added mod_quotatab to the contrib area. 2186- Bug 2300 - poll() returns 1 and read returns 0, resulting in an infinite 2187 loop. The actual bug was caused by a goto that was being inappropriately 2188 used; a return value was not being checked to see if it was an error value. 2189- Bug 2305 - Compile Problems since > 1.2.9 2190 Fix the build under Solaris - ftpdctl needs to be linked against libsocket 2191 and libnsl. 2192- Bug 2267 - Broken IP subnet matching. Added new ACL parsing/matching code. 2193- Bug 2307 - MySQL 4.1.1 API change causes mod_sql_mysql compilation failure. 2194- Bug 2319 - Build scripts have owner-only execute permission. This was 2195 causing problems whenever a user other than the owner of the files 2196 attempted to build proftpd. 2197- Bug 2320 - autoconf check for socklen_t doesn't work on FreeBSD 4.8-RELEASE. 2198 The fix is to include <sys/types.h>, if present, sooner in the check. 2199- Bug 1925 - Clean up of Class code. The Class and Classes directives are 2200 now deprecated. See README.classes for more details. 2201- Bug 2295 - mod_tls returns multiline response to AUTH commands. 2202- Bug 2322 - NLST -a returns listing formatted for LIST -a. RFC959 does not 2203 explicitly allow dash-style options for LIST or NLST, although many clients 2204 attempt to use them. De facto FTP server behaviors handle options for LIST; 2205 options for NLST will be explicitly rejected. 2206- Bug 2315 - Overlapping virtual server causes error. If a <VirtualHost> 2207 was configured to handle the same IP address and port as the "server config" 2208 server, the wrong server configuration was being removed. 2209- Bug 2324 - Directories whose names contain whitespace are inaccessible. 2210- Bug 2306 - ftpcount output should handle case of no users. When no clients 2211 are connected, ftpcount now displays "0 users". 2212- Bug 2337 - TLSRenegotiate parameters not processed correctly. 2213- Bug 2340 - Problem with parallel builds. Proper dependencies added when 2214 building ftpwho and ftptop. 2215- Bug 2327 - SQLNegativeCache causes unnecessary errors in server logging. 2216- Bug 2237 - HiddenStores does not check for existing file in edge case. 2217- Bug 2171 - Add delete options to ftpasswd. The ftpasswd script now 2218 supports the --delete-user and --delete-group options. 2219- Bug 2105 - Remove Authoritative directives. The AuthPAMAuthoritative 2220 directive, and the "*" syntax of SQLAuthenticate, have been deprecated. 2221- Bug 1696 - Include directive should support directories. The Include 2222 directive now functions just like Apache's Include directive, including 2223 handling glob characters. 2224- Bug 2311 - MaxClients counts unauthenticated users. According to the 2225 documentation, the MaxClients configuration directive should only count 2226 authenticated clients. 2227- Bug 2339 - STAT command doesn't follow RFC959. Previously, ProFTPD did 2228 not support use of the STAT command during file transfers. This 2229 functionality is now implemented. Sites wishing to prevent this can 2230 limit use of the STAT command by using <Limit STAT>. 2231- Bug 2257 - Add SITE SYMLINK command to mod_site. Rather than adding 2232 this command to the mod_site module, a new module, mod_site_misc, has 2233 been added to the contrib area. The mod_site_misc module implements 2234 SITE SYMLINK, and a few other SITE commands. See contrib/mod_site_misc.html 2235 for details. 2236- Bug 2355 - Send error message to client when 'TLSRequired on' is in effect. 2237 Previously, if SSL/TLS was configured to be required for both control 2238 and data channels, if the client did not perform the SSL/TLS handshake for 2239 a data transfer, the connection would hang. Now, an error message is sent 2240 to the client if no handshake is done. 2241- Bug 2353 - REST doesn't handle offsets greater than 2 GB. 2242- Bug 2357 - ftptop should use COLS for determining display width. 2243- Bug 2321 - FTP permission checks inconsistent for DELE and RMD/XRMD when 2244 symlink is in directory path. This bug affected the RNFR command as well. 2245- Bug 2361 - Second USER command causes problems with chrooted session. 2246- Bug 2363 - ABOR response RFC 959 compliance. The 226 response was being 2247 sent before closing the data connection; RFC 959 implies that the data 2248 connection is closed first. 2249- Bug 2369 - EPSV should not send network address when MasqueradeAddress is 2250 used. RFC 2428 does not address the case where a server may wish to 2251 return an address in the EPSV response that differs from the control 2252 connection address, as is done in a PASV response for forwarding devices 2253 (e.g. NAT, firewall). Until the proper behavior can be determined, 2254 do not honor MasqueradeAddress for EPSV. 2255- Bug 2367 - LIST *.* strange behaviour. The builtin listing mechanism 2256 was inadvertently recursing into globbed directories when recursion was 2257 not actually requested. 2258- Bug 2371 - ftpasswd should have option to compare password against value 2259 in passwd file. ftpasswd now supports a --not-previous-password option. 2260- Added a `howto' directory under `doc/', for mini-HOWTOs. 2261- Bug 2221 - proftpd on hp-ux 11.22. The default data type of socklen_t 2262 on HP-UX 11 is problematic; many system calls expect an int, and the 2263 default type is a size_t. This mismatch causes problems for 64-bit 2264 builds. 2265- Bug 2385 - Renames fail with error "Invalid cross-device link". 2266- Bug 2383 - mod_ctrls.c: ctrls_listen(): Invalid size in bind() argument. 2267 The size of struct sockaddr_un is not consistent across platforms. 2268- Bug 2387 - PRIVS_USER macro should set effective GID to user's primary GID. 2269- Added a `modules/' directory under `doc/', for core module documentation. 2270 Currently there are HTML docs for mod_auth_file, mod_cap, and mod_ctrls. 2271- Bug 2317 - Wrong order of privs calls on HP generates "unable to setregid()" 2272 error. 2273 22741.2.9 - Released 31-Oct-2003 2275--------------------------------- 2276- Bug 2181 - The prior fix for Bug#2181, handling of the PORT command when the 2277 --enable-ipv6 configure option is used, was not quite correct. A problem 2278 still existed when an IPv4 client used the PORT command when talking to 2279 an IPv4-only vhost (as opposed to an IPv4 and IPv6 vhost). Now PORT is 2280 properly handled in all cases. 2281- Bug 2204 - On systems that use the gethostbyname2() function, IPv4 clients 2282 were not being properly resolved to their DNS names. 2283- Bug 2242 - proftpd reread included additional config as user nobody instead 2284 of root. The bug was caused by configuration directive handlers 2285 (specifically, SyslogFacility and SystemLog) that would incorrectly change 2286 the process privileges; depending on the order of configuration in 2287 proftpd.conf, some Included files might not be parseable due to permissions 2288 problems. 2289- Bug 2197 - The RPM .spec has been updated for easy RPM builds from CVS 2290 snapshots. 2291- Check for excessive length of symlink directory listing entries (submitted 2292 by Michael Hendrickx <michael@scanit.be>) 2293- Two memory leaks, seen mostly during recursive directory listings, have 2294 been fixed. 2295 22961.2.9rc3 - Released 15-Oct-2003 2297--------------------------------- 2298- Bug 2167 - getnameinfo() on FreeBSD doesn't support IP address lookups. 2299- Bug 2176 - getnameinfo() error on Cygwin during startup. 2300 The sa_family member of the address was not being properly initialized 2301 in some instances. 2302- Bug 2179 - ROOT_UID instead of ROOT_GID used in setegid() call. 2303 This affects Cygwin installations. 2304- Fixed ASCII file remote exploit discovered by X-Force at ISS: 2305 http://xforce.iss.net/xforce/alerts/id/154 2306- Bug 2181 - IPv4 active transfers don't work when using --enable-ipv6. 2307 IPv4-mapped IPv6 addresses were not being properly compared for active 2308 data transfers. 2309- Bug 2200 - Correct segfaults with xlate_ascii_write() on IRIX. 2310- Bug 2024 - DefaultServer not functioning properly. 2311 The addition of the Bindings API in 1.2.8rc1 inadvertently caused the 2312 DefaultServer directive to not be properly honored in some configurations. 2313- Bug 2183 - Directory configuration lookups broken in 1.2.9rc2 (same as 2314 Bug 2165). 2315- Bug 2191 - Segfault in mod_sql_mysql when using 'Backend' SQLAuthType. 2316 This happens only with MySQL 4.1. In MySQL 4.1, the way in which MySQL 2317 handles its passwords changed, and mod_sql_mysql was using the new 2318 interface incorrectly. 2319- Bug 2202 - AllowLogSymlinks check is flawed. 2320 Calling open(2) on a path that is a symlink will follow that symlink; 2321 the AllowLogSymlink check assumed that open() did not follow the symlink. 2322 The fix is to use the O_NOFOLLOW flag when opening log file paths. However, 2323 this flag does not exist on Solaris machines, and so there still exists 2324 a race condition on Solaris when checking that a log path is not a symlink. 2325- Bug 2188 - Wildcard sockets not properly handled on FreeBSD. 2326 Similar to bugs 2167, the sin_len/sin6_len members of socket structures 2327 were not being properly set for wildcard sockets. 2328- Bug 2204 - Reverse DNS lookups not happening properly on connected clients 2329 on FreeBSD. The gethostbyname2() function needs to be used on FreeBSD. 2330- Bug 2222 - Overlapping vhosts should warn instead of die. 2331 Prior to 1.2.9rc1, it was possible to have multiple vhosts configured that 2332 resolved to the same IP address/port combination. This typically occurs 2333 when DNS names are used, and different DNS names resolve to the same IP 2334 address. In 1.2.9rc1, these collisions are scanned for, and such collisions 2335 are treated as a fatal error. With this change, such colliding vhosts 2336 are handled similar to vhosts that have unresolvable names: they are 2337 logged, then removed from the in-memory list of vhosts. 2338 23391.2.9rc2 - Released 11-Sep-2003 2340--------------------------------- 2341- Bug 2051 - freebytes in TransferRate does not work properly. 2342- Bug 2043 - Proftpd converts LF to CRLF on PUT on Cygwin. This turned out 2343 to be caused by the Cygwin layer. The fix was to use the Cygwin-specific 2344 O_BINARY open() flag when opening binary files on Cygwin. 2345- Bug 1804 - Permit selection of additional contrib modules when building 2346 the RPM 2347- Bug 2074 - MaxStoreFileSize restriction capabilities ignored. This bug 2348 was affecting MaxRetrieveFileSize as well. 2349- Bug 2075 - LIST / fails under Cygwin. This was due to the addition of 2350 an additional path separator character; Cygwin treats paths that start 2351 with "//" differently than paths that start with "/". 2352- Bug 2076 - The --enable-transfer-buffer-size configure option doesn't work 2353 properly. It was overriding the --enable-buffer-size option, rather than 2354 the corresponding tunable buffer size. 2355- Bug 2069 - Long MKD path causes truncated server response. 2356- Fixed handling of %N/%y in DisplayConnect files. 2357- Bug 2083 - "550 Access denied" on group permission with AuthGroupFile. This 2358 was caused by a strictly linear search in the AuthGroupFile from the 2359 current file pointer to end of file, which (depending on the ordering of 2360 entries in the file) might have skipped necessary group entries. 2361- Bug 2088 - proftpd -t segfault. A very specific configuration would cause 2362 a segfault in the configuration parser: if the first sub-context in a given 2363 context (e.g. a <Limit> context within a <Directory> context) was empty, 2364 the removal of that empty context from the internal structures by the 2365 parser would inadvertently trigger a segfault later. This has been 2366 fixed by using a better memory pool, with a longer lifetime, for allocating 2367 the internal configuration structures. 2368- Bug 2090 - mod_rewrite doesn't compile on Solaris 8. The FIONREAD macro 2369 was undefined, due to a strange necessity in the Solaris system headers 2370 for a missing flag. 2371- Bug 2100 - Invalid domain in <VirtualHost> tag causes segmentation fault. 2372- Fixed handling of mod_tls' TLSCertificateChainFile directive. 2373- Bug 2103 - AuthAliasOnly in server context causes hang. 2374- Bug 2110 - Segfault if gethostname(2) returns NULL. 2375- Bug 2113 - mod_sql default uses mysql keyword "password". The default 2376 has been changed to "passwd". 2377- Bug 2115 - ftptop depends on snprintf but doesn't link in lib/libsupp.a 2378 on snprintf-less platforms 2379- Corrected handling of mod_tls' TLSCACertificateFile and TLSCACertificatePath 2380 directives so that they are properly allowed in <VirtualHost> and <Global> 2381 contexts. 2382- Bug 2119 - FEAT response format does not conform to RFC2389. Extraneous 2383 leading whitespace removed. 2384- Fixed file descriptor leaks that occur if mod_tls encounters errors when 2385 handling CA certificate files. 2386- Bug 2118 - mod_sql's %F doesn't work for DELE command; %f is inconsistent. 2387 mod_sql's handling of cookies is now updated to match mod_log. 2388- Bug 1711 - IPv6 support. Support for EPRT and EPSV added. To enable IPv6 2389 support, use the new --enable-ipv6 configure option. 2390- Bug 2130 - %y in DisplayLogin is not updated correctly. 2391- Bug 2137 - NLST and IgnoreHidden causes segfault. 2392- Bug 2142 - sstrncpy() not available to lib/vsnprintf.c. sstrncpy() is now 2393 implemented in the support library (libsupp.a). 2394- Bug 2144 - Rework autoconf handling of --enable-sia option. 2395- Bug 2147 - Segmentation fault processing file in ASCII mode. 2396- Fixed mod_ifsession's handling of multiple configuration sets. 2397- Bug 2148 - Enforce PR_TUNABLE_LOGIN_MAX. 2398- Bug 2141 - Glob Allow/Deny parameters cause extraneous log messages when 2399 comparing addresses. 2400- Bug 1804 - RPM spec file improvements 2401 The spec file now has xinetd support, builds under newer version of RPM, 2402 installs standalone support with the main proftpd RPM, and accepts --with 2403 mod_modname arguments during the build process. 2404- Bug 2127 - Entry in the file section 2405 The RPM spec's %files section now honors the install prefix. 2406- Bug 2108 - IgnoreHidden should not hide dotfiles 2407 Dotfiles are now displayed when the -a argument is supplied, even when the 2408 IgnoreHidden directive is enabled. To replicate the old behavior of hiding 2409 dotfiles no matter what, use either of the following directives: 2410 ListOptions "" strict 2411 HideFiles ^\..* 2412- Bug 2146 - DNS names not handled properly when --enable-ipv6 is used 2413 DNS names with both A and AAAA records were not being properly handled; 2414 listening sockets for both the IPv4 and IPv6 addresses were not being 2415 established. 2416- Bug 2007 - autoconf header detection problem. 2417 On FreeBSD and other platforms, changes in autoconf require that headers 2418 be included in the proper order during configure's check. 2419- Bug 2153 - Small error in handling PR_AUTH_RFC2228 authentication code 2420- Bug 2154 - SQL query loses shell information. 2421 An index was not being properly incremented in some cases when retrieving 2422 user information. 2423- Bug 2161 - Duplicate autoconf check for sia.h. 2424- Bug 2122 - EAGAIN on Solaris can cause an infinite loop. 2425 Under certain conditions, when reading from a descriptor on Solaris, 2426 EAGAIN can be returned, which proftpd did not handle properly. 2427 24281.2.9rc1 - Released 15-May-2003 2429--------------------------------- 2430- Bug 1828 - mod_sql can only find mysql.sock if in /tmp. This was caused 2431 by the fact that mod_sql_mysql did not load/read the MySQL .cnf 2432 configuration files. Now, when starting, mod_sql_mysql will read .cnf 2433 files for "client" sections. 2434- Bug 1960 - Add removed file size by DELE command to xferlog. 2435- Bug 1967 - Add display of uptime to ftpwho, ftptop. 2436- Added AnonRejectPasswords directive. 2437- Added ftpshut -R command-line option, for deleting the ftpshut shutdown 2438 file. 2439- Bug 1972 - %T not correctly shows time at performance of a command "rename". 2440 This was due to improper use of uninitialized data. 2441- Bug 1794 - Scoreboard format changes. 2442- Bug 1979 - Add TLSTimeoutHandshake directive. This adds a directive to 2443 configure a timer when SSL/TLS handshakes are occurring, to prevent 2444 a malicious client from attempting to DOS a TLS-enabled server. The default 2445 timeout is 5 minutes. 2446- Bug 1869 - Add option "-S/--server" to ftpcount, ftptop, ftpwho. This 2447 option can be used to specify a ServerName; the utilities will then 2448 display information for that specific server. 2449- Bug 1980 - Login with incorrect password possible when using mod_radius. 2450 This was caused by the retaining of the OK state when a user authenticated 2451 via RADIUS, but the login process later fails (e.g. home directory 2452 inaccessible or something similar); subsequent logging in as a different 2453 user would succeed because the OK flag was not cleared. 2454- Added contrib module mod_ifsession-0.9rc6. 2455- Bug 1932 - Make Max* checks a PASS POST_CMD handler. One of the consequences 2456 of this change is that the Max* limits will always be enforced after the 2457 PASS command has been sent, not after the USER command (as used to be done). 2458 Also, MaxHostsPerUser and MaxClientsPerUser limits will be determined using 2459 the locally resolved username, not using any user aliases. 2460- ProFTPD now checks for IP address/port collisions in the configuration 2461 file, and will refuse to start unless all configured server contexts 2462 have unique IP address/port combinations. 2463- Bug 1969 - Add scoreboard-scrubbing timer. The scoreboard will be scanned 2464 now every 30 seconds for entries with invalid PIDs; this timer can be 2465 adjusted using the PR_TUNABLE_SCOREBOARD_SCRUB_TIMER #define. 2466- Bug 1921 - Socket-level performance tweaks. This change deprecates the 2467 tcpReceiveWindow and tcpSendWindow configuration directives, replacing 2468 them with a single SocketOptions configuration directive. This new 2469 directive can be used to tune the TCP send and receive window sizes as well 2470 as the TCP max segment size. A new configure option, 2471 --enable-transfer-buffer-size, is also added, to be used for tuning the 2472 size of internal buffers used for file transfers. Using this option to 2473 configure an 8K buffer size often results in higher transfer speeds. 2474- Bug 1849 - Compile can have trouble finding mysql.h. The MySQL backend 2475 module was assuming that mysql.h would be found in a directory named 2476 "mysql"; for some distributions this is not the case. Similarly for 2477 the Postgres backend module and the libpq-fe.h file. Users may need to 2478 alter the --with-includes configure option used when building mod_sql. 2479- Bug 1915 - Unsafe pointer usage in scoreboard file format. 2480- Bug 1983 - Filenames beginning with '#' fail to upload/download. 2481- Bug 1985 - mod_rewrite fails to build on platforms without flock(). 2482- Bug 1730 - mod_sql_mysql logging of long transfers fails. This turned out 2483 to be caused by the default MySQL timeouts on non-interactive sessions 2484 (8 hours). The fix involves marking mod_sql_mysql sessions as interactive; 2485 this means that users may use the 'interactive-timeout' option in their 2486 .cnf files to override the default interactive session timeout (also 8 hours). 2487- Bug 1989 - SQLLog '*' doesn't match any commands. 2488- Bug 1986 - mod_rewrite backreferences not zero-based (use $1 not $0?). The 2489 bug here turned out to be an off-by-one offset; mod_rewrite was starting 2490 at 1 when examining matched groups, rather than 0. Most of the time $0 will 2491 not be what is desired, however, for $0 refers to the original string being 2492 matched. 2493- Bug 1987 - mod_rewrite seems not to handle more than one backreference. 2494- By default, mod_tls will now turn manually turn RSA blinding on, when 2495 OpenSSL older than 0.9.7b is used, in order to thwart certain timing attacks 2496 possible against RSA operations. The following URL contains more information: 2497 http://www.openssl.org/news/secadv_20030317.txt 2498- Bug 1995 - incorrect handling of curses/ncurses header and libraries in 2499 ftptop 2500- New mod_radius directives: RadiusGroupInfo, RadiusVendor. mod_radius 2501 now looks for custom response information in Vendor-Specific Attributes 2502 (VSAs) rather than the normal RADIUS attributes; VSAs are more flexible. 2503- Fixed a bug with mod_tls' use of SSL_shutdown(), to prevent it from hanging 2504 when interacting with some buggy FTPS clients (e.g FlashFXP, SmartFTP) 2505- Bug 1935 - mod_ls memory leak. When a recursive directory listing is 2506 requested (and allowed), proftpd would use its memory pool system, 2507 allocating memory for every file to be listed. For large/deep directory 2508 structures, this memory usage could grow quite large. And, due to the 2509 way in which the underlying memory allocator (the C library, usually) 2510 works, that memory is never really released back to the operating system. 2511 This means that tools like ps and top reporting a never-shrinking memory 2512 footprint for the process. To help alleviate this, proftpd has been 2513 altered to use malloc/realloc when providing recursive directory listings, 2514 making the memory footprint a little smaller. The caching behavior of 2515 the underlying memory allocator cannot be changed, though. 2516- Bug 1997 - UnixWare 7.1.3 & port 20. 2517- Bug 1998 - Add ListOptions for setting limits on -R listings. New 2518 keywords have been added to the ListOptions directive: maxdepth, maxdirs, 2519 and maxfiles. 2520- Bug 2011 - No "FTP session closed." msgs written to logfile. This affected 2521 only inetd-run servers. 2522- Added two new configure options, --disable-curses and --disable-ncurses. 2523 By default, ftptop will use ncurses if available, then curses (if available). 2524 In some cases, both curses and ncurses may be present, and yet the admin 2525 would prefer ftptop to use curses. Using the above options, one can 2526 disable ftptop's use of ncurses or curses, as needed. 2527- Bug 2016 - man pages should be autogenerated to reflect the --prefix used. 2528- Bug 2018 - Incorrect caching of TransferRate values. 2529- Bug 1813 - configure code: mistake in BSD sendfile semantic detection. 2530- Bug 2019 - proftpd support for Solaris 8/9 native sendfile 2531- Bug 2002 - Per-<Directory> PathAllowFilter/PathDenyFilter. 2532- Added RootRevoke directive. 2533- Bug 2021 - Inetd mode and scoreboard format changes. 2534- Bug 1532 - Human readable disk free cookie. Display* files can now make 2535 use of a %f magic cookie for displaying the available disk space with 2536 units (i.e. KB, MB, GB, etc). This compliments the currently available 2537 %F cookie, used to display the number of bytes of available space (without 2538 units). 2539- Bug 2003 - mod_auth.c does not compile for cygwin on W2K. 2540- Bug 2029 - Rewrite rule may execute more than once if multiple 2541 RewriteConditions exist. This turned out to be caused by mod_rewrite's 2542 merging down of its directives, and the way in which multiple occurrences 2543 of directives are handled. Now, even for merged-down mod_rewrite directives, 2544 a given RewriteRule will only be processed once. 2545- Fixed minor fd leak where listening socket descriptors were not being 2546 properly closed in a session process, when the session is first starting. 2547- Cygwin compilation/portability fixes. 2548- Fixed bug where AllowForeignAddress was not properly blocking "bounce" 2549 attacks in some cases. Patch contributed by Patrick Hardy <kaber@trash.net>. 2550- Bug 2032 - AuthOrder not working when first option is mod_auth_file.c. This 2551 was caused by mod_auth_file's returning of an ERROR condition, rather than 2552 DECLINED, when the module could not obtain the user's encrypted password 2553 for verification. 2554- Bug 2047 - 1024 or more chars in .ftpaccess causes lockup. Certain conditions 2555 allowed for parsing of configuration files to enter an infinite loop. 2556- Bug 2031 - Add support for flags for RewriteCondition, RewriteRule 2557 (a la Apache's mod_rewrite). mod_rewrite now supports various tests that 2558 can be used in RewriteConditions, the NC and OR flags for RewriteConditions, 2559 and the NC and L flags for RewriteRules. 2560- Bug 1977 - Add %u variable support in configuration file. With this feature, 2561 one can configure DefaultRoot paths such as /home/%u/public_ftp, and the 2562 %u variable will be expanded to the logged in user name. 2563 25641.2.8 - Released 04-Mar-2003 2565--------------------------------- 2566- Bug 1863 - Unable to build under UnixWare 7 2567- Bug 1943 - Unable to install on FreeBSD 5.0. FreeBSD 5.0's header files 2568 have been rewritten, and glibc's glob.h collided with the new files. The 2569 fix was simply to use size_t, rather than trying to determine and use 2570 __size_t (glob.h was intended to be used during library compilation, not 2571 during application compilation). 2572- Bug 1950 - OSX setgrent(3) returns int, causing compiler warning. Unlike 2573 most other Unix flavours (but like FreeBSD), OSX's setgrent(3) returns 2574 int, rather than void. A configure check was written to test for this. 2575- Bug 1949 - Compiler warns of 'long double' usage on OSX. Typecasts have 2576 been added to quell some warnings, and an autoconf check added for compiler 2577 support for -Wno-long-double to quell others. 2578- Bug 1952 - Umask Bug: Server Not Honoring VirtualHost Umask. This was 2579 a statcache caching effect bug. 2580- Bug 1916 - Transfers hang with strange transfertime in logfile. This 2581 appears to have been due to use of an uninitialized value. 2582- Bug 1948 - mod_xfer relinquishes privs before chmod takes place. In 2583 places where UserOwner is used to "give away" files, the chmod() attempt 2584 that follows the chown() (used to preserve permissions sometimes altered 2585 by the operating system's chown(2) call) did not use root privs, and thus 2586 the client did not have permission to write the file. 2587- Added FTPS FEAT responses, as per Section 5 of the FTPS Draft. 2588- Bug 1956 - Upload transfer rate broken. The wrong variable was being used. 2589- Bug 1941 - SCO OpenServer 5.0.5 issues. Fixing this bug required adding 2590 more autoconf portability checks. 2591- Bug 1958 - ftpwho -o oneline has newlines when client is idle. 2592- Bug 1908 - ExtendedLog to work properly again in <Anonymous> context. 2593- Bug 1966 - SCO OpenServer 5.0.5 and inetd. 2594- Bug 1953 - STAT -R does not work. There were some variable initialization 2595 issues in the handling of options for the STAT command. 2596- Bug 1970 - Transfer time wraps around and causes problems with transfer 2597 speed calculation. This was a reporting problem, mostly. An internal 2598 variable was storing time in microseconds; now using milliseconds. 2599- Bug 1937 - Transfer hangs when using TransferRate limits on a resumed 2600 download. This turned out to be a misuse of the resumed file position 2601 when calculating the TransferRate. 2602- Bug 1964 - When uploading to an NFS mounted file system in passive mode 2603 read() get EAGAIN and closes connection. This turned out to be caused 2604 by control messages in the STREAMS device (and thus relevant only to 2605 systems that use STREAMS). 2606- Portability fixes for FreeBSD-5.0. 2607- Bug 1976 - Login hangs, spawned process runs in endless loop in mod_auth. 2608 This was caused by a combination of "AuthAliasOnly on" and UserAlias 2609 directives in which the alias and the username were identical. Different 2610 alias and username in a UserAlias directive is now required. 2611 26121.2.8rc2 - Released 29-Jan-2003 2613--------------------------------- 2614- Bug 1894 - Double chdir into self-referencing symlink fails with 2615 "No such file or directory". The errno value has been changed from 2616 ENOENT to ELOOP. 2617- Bug 1272 - Requested Addition: DenyFilter by User or DenyFilter by Directory. 2618 AllowFilter and DenyFilter are now extended to <Directory> and .ftpaccess 2619 contexts. 2620- Bug 1671 - new directive SQLLogFile. 2621- mod_linuxprivs has been renamed to mod_cap and is now built into ProFTPD 2622 by default if the host OS (Linux) supports it. autoconf detection code 2623 based on a submission by Mihai RUSU <dizzy@roedu.net>. The mod_cap 2624 directives are CapabilitiesEngine and CapabilitiesSet. 2625- Bug 1893 - Apple likes to move things. PAM support works on OS X again. 2626 Submitted by: thesin@users.sourceforge.net (Justin F. Hallett) 2627- Bug 1826 - Makefiles are a bit icky 2628- Bug 1904 - Tru64 UNIX 4.0D and sstrncpy() 2629- Bug 1891 - SGI syslog isn't being written to. Turns out that /dev/log on 2630 SGI is a STREAMS device, just as for Solaris. The fix for this bug works 2631 for IRIX6; earlier versions of IRIX may still see this bug. 2632- Bug 1919 - <Directory> section already configured for $dir needs 2633 clarification. This has been resolved by adding a debug statement (level 2) 2634 to the <Directory> handler that reports on the given/resolved paths used. 2635- Bug 1910 - ProFTPD hangs on SIGHUP. This was triggered by mixing stdio 2636 and regular I/O library calls related to password and group entries. 2637- Add -Wundef and -Wfloat-equal to CFLAGS (Suggested by Steve Grubb 2638 <linux_4ever@yahoo.com>) 2639- Fixed broken tcpReceiveWindow and tcpSendWindow configuration directives. 2640 The setsockopt(2) function was being called at the wrong time during the 2641 establishment of the data connection. 2642- %f for DELE commands was not being properly expanded. 2643- Bug 1923 - %N magic cookie reports incorrectly. This was an off-by-one 2644 bug. 2645- %L was reporting the remote IP address, rather than the local IP address. 2646- Bug 1922 - Server allows RNTO an existing file even with AllowOverwrite 2647 turned off. Now, RNTOs to existing files are denied unless AllowOverwrite 2648 is on. 2649- ftptop now displays transfer rates in it's "transfer speed" display mode. 2650 Use the 't' key to toggle between ftptop display modes. 2651- Bug 1926 - AuthOrder doesn't work 2652- Bug 1918 - AuthUserFile not works normally. 2653- Bug 1241 - Additional functionality: HomedirOnDemand. This has been added 2654 as a new configuration directive, CreateHome. 2655- Bug 1734 - Cygwin - Unable to set uid 2656- Bug 1938 - upload to root directory fails. This was caused by caching 2657 effects. 2658- Bug 1939 - RLimitMemory seems broken. The problem turned out to be bad 2659 handling of the case where sizes were used without specifying units. 2660- Bug 1911 - NLST is not being Limited in DIRS. The issue was that directory 2661 paths were not being properly expanded, for purposes of looking up <Limit>s, 2662 in the handling of NLST. 2663 26641.2.8rc1 - Released 28-Dec-2002 2665--------------------------------- 2666- Bug 1597 - Problems with HP-UX 10/11 trusted systems, mod_pam, and mod_unixpw. 2667- Bug 1482 - Add new %U meta to LogFormat, for logging original username. 2668- Bug 1683 - Handling of VirtualHosts on startup. Now, rather than dying 2669 when unable to resolve a <VirtualHost> DNS hostname when starting up, the 2670 daemon will log the error, and skip the bad <VirtualHost>. 2671- Bug 1825 - AUTH macro namespace cleanup. A "PR_" prefix has been added to 2672 the AUTH_* macros, to help prevent namespace collisions. This means that 2673 some third-party auth modules may need to be updated. 2674- Bug 1806 - Add RFC2389 support. 2675- Bug 1833 - Add ability to have add'l module initialization callback. 2676- Bug 1743 - No magic cookie for number of files transfered. New cookies 2677 added for Display* files: "%i" for total number of files uploaded (read "in") 2678 during a session, "%o" for total number of files download (written "out") 2679 during a session, and "%t" for total number of files transferred (both 2680 uploaded and downloaded). 2681- Bug 1653 - Complete the FS API abstraction implementation. The Developer 2682 Guide will have the complete details on using this API. 2683- Bug 1712 - TLS support. mod_tls-2.0.5 has been added to the distribution. 2684 Many, many thanks to Peter Runestig for his work on this, and for maintaining 2685 his code through so many versions of ProFTPD. 2686- Bug 1788 - Add ability to configure auth module checking order. This is 2687 now configurable via the new AuthOrder directive. 2688- Bug 1205 - Add debug option to SystemLog. Actually, this feature request 2689 has been resolved by adding a new DebugLevel configuration directive, so 2690 that a debugging verbosity can be set in the configuration file as well 2691 as on the command line. 2692- Added mod_rewrite to distribution. 2693- Bug 1403 - per-server system logs via ServerLog directive. 2694- Bug 1605 - MKD and RMD do not log filepaths with %f or %F option in 2695 ExtendedLog. 2696- Removing the RateRead* and RateWrite* configuration directives, and replacing 2697 them with a single new directive, TransferRate. 2698- Bug 1789 - Add ability to block recursive directory listings. The 2699 LsDefaultOptions configuration directive has been deprecated in favor of 2700 the more feature-rich ListOptions directive. 2701- Added Bindings API 2702- Bug 1515 - Enable mod_log to log into default log / syslog. The ExtendedLog 2703 directive can now take a "path" of the form: "syslog:level", where the 2704 "syslog:" prefix tells mod_log to log that ExtendedLog data via syslog, 2705 and the "level" informs mod_log of which syslog level to use. 2706- AIX sendfile support. Thanks to Andy Igoshin <ai@vsu.ru> for the patch. 2707- 1858 - move "session closed" logging from graceful quit to child exit 2708 sequence. This allows for better log reporting, with respect to sessions 2709 ended through means such as catastrophic death of client, or segfaults. 2710- Added --enable-devel configure option, for enabling code of interest to 2711 developers 2712- Bug 1507 - regex pattern matching in [Allow/Deny][User/Group]. This has 2713 been implemented by adding a "regex" optional parameter to the AllowGroup, 2714 DenyGroup, AllowUser, and DenyUser directives. The documentation will 2715 be adjusted accordingly. 2716- Bug 1882 - SITE chmod 777 file<space>name. The patch for this works 2717 for filename parameters to the SITE CHGRP command as well. 2718- Bug 1881 - Bug in Function MaxClients. This was caused by an off-by-one 2719 bug in the handling of non-anonymous settings. 2720- Bug 1886 - Ftpwho uses too many lines when authenticating. 2721- Bug 1875 - same radius packet id for start- and stop-accounting record. 2722- Bug 1883 - socklen_t patch. Thanks to Andy Igoshin <ai@vsu.ru> for the 2723 patch. 2724- Bug 1885 - -q/--quiet option for use with the -n/--nodaemon flag. Useful 2725 for running proftpd from inittab or with daemontools. 2726- Bug 1677 - Integrate ProFTPD with C2/SIA on Tru64 Unix. The --enable-sia 2727 configure option has been added. 2728- Bug 1837 - Add module specifically for handling Auth*Files, providing 2729 finer-grained control. The new mod_auth_file module is compiled in by 2730 default, and can be disabled using the --disable-auth-file configure option. 2731 For consistency, mod_unixpw.c has been renamed to mod_auth_unix (and now 2732 has a --disable-auth-unix configure option), and mod_pam.c has been renamed 2733 to mod_auth_pam.c (with an explicit --enable-auth-pam configure option). 2734- Bug 1900 - ftpwho's output on uploads. ftpwho now reports "n/a" rather than 2735 "0%" on uploads, for the server does not know how large of a file is being 2736 uploaded in advance, and cannot determine a "percentage done" value. 2737- Bug 1888 - Increase mod_linuxprivs configurability. Two new directives, 2738 LinuxPrivsEngine and LinuxPrivsCapabilities, are added. 2739- Bug 1905 - AIX needs "config.h" included before *anything* else. 2740- Bug 1903 - ftpwho depends on snprintf but doesn't link in lib/libsupp.a 2741 Primarily of issue under Solaris 2.5 and Tru64 4.0D. 2742- Bug 1863 - Unable to build under UnixWare 7 2743- Bug 1906 - Add description strings to AC_DEFINE 2744 27451.2.7 - Released 05-Dec-2002 2746---------------------------- 2747- Bug 1840 - Problem with syslog default destination on HP-UX. HPUX uses 2748 a default device of /dev/log.un rather than /dev/log. 2749- Bug 1844 - DisplayLogin %y macro is off by 1. Consequence of scoreboarding 2750 code changes. 2751- Bug 1838 - Since 1.2.6: in add_useralias() setting flag CF_MERGEDOWN breaks 2752 aliased anonymous functionality. The fix was to set the CF_MERGEDOWN flag 2753 only if the UserAlias directive is not being used in the <Anonymous> 2754 context. 2755- Bug 1812 - Double logging lines for ExtendedLog. No need to merge this 2756 particular directive down. 2757- Bug 1848 - undefined reference to `halfdelay'. curses does not seem to 2758 provide this function, as ncurses does. The patch works around this by 2759 using halfdelay() if linking against ncurses, and using nodelay() and sleep() 2760 if linking against curses. 2761- Bug 1839 - undefined reference to `get_fs_size'. Expand BSD 2762 statfs()/statvfs() support beyond FreeBSD. 2763- Bug 1680 - Error in startup script. Add /usr/local/sbin/ to the included 2764 rc script's $PATH 2765- Bug 1852 - Proftpd gets signal 11 on "quote site". The mod_site module 2766 was not properly checking the number of parameters for SITE commands. 2767- Bug 1856 - TimesGMT acts like default is 'off'. The default for this 2768 directive was inadvertently set to "off", rather than the documented default 2769 setting of "on". 2770- Bug 1853 - SyslogFacility: unable to open syslog. This turned out to be 2771 due to the fact that /dev/log on Solaris (and other platforms?) is a 2772 STREAMS device, which requires open() and putmsg(), rather than connect() 2773 and send(). 2774- 1846 - File overwrites fail. Tracked down by Sergei Rozinov to involve 2775 uninitialized stack data. 2776- Bug 1861 - 'ftpwho -v -o oneline' print all connections in one line. This 2777 bug appeared in 1.2.7rc3, a consequnce of Bug#1815. 2778- Bug 1868 - Wrong cmdopts in ftpcount.c. 2779- Added custom memory scrubber routine to deal with the issue mentioned in 2780 this Bugtraq thread: http://online.securityfocus.com/archive/1/298598 2781 27821.2.7rc3 - Released 15-Nov-2002 2783------------------------------- 2784- Fixed configure script detection and handling of ncurses (HAVE_LIBNCURSES 2785 was not being properly defined). 2786- Added --enable-scoreboard-buffer-size option to configure script, for 2787 tuning the size of some scoreboard fields (e.g. the full client command 2788 and the current working directory). 2789- Bug 1287 - Error compile with autoshadow option. AIX does not have 2790 traditional shadow support, and uses other mechanisms. This means that 2791 the --enable-autoshadow and --enable-shadow configure options should not 2792 be used when configuring proftpd for AIX. The configure script has been 2793 updated to detect when these options are used on AIX, and to automatically 2794 disable them. 2795- Bug 1722 - Can't work magic cookie %F on FreeBSD. 2796- Make sure session.xfer uses cleared memory so unset structure members 2797 won't contain random values. 2798- Fixed handling of AuthAliasOnly, broken slightly by Bug#1567. 2799- Bug 1800 - Proftpd child segfaults when using a PASS without no USER first. 2800 mod_wrap was making a bad assumption about the USER name being available. 2801 This assumption has been corrected. 2802- Bug 1803 - Check for SIZEOF_UNSIGNED_LONG_LONG to determine LFS support 2803 breaks some Linux installations 2804- Bug 1805 - PAM support under Mac OS X 2805- Bug 1772 - Docs fixup in RPM spec file 2806- Bug 1398 - there is no log rotate for /var/log/xferlog 2807- Bug 1814 - class names are truncated in scoreboard entry 2808- ftptop can now use either curses or ncurses 2809- Bug 1818 - proftpd doesn't compile on hpux11 2810- Bug 1760 - AllowOverwrite not operational. 2811- Bug 1703 - mod_sql_mysql compile error. This was eventually tracked down 2812 to an overlap between ProFTPD's bundled getopt implementation, and 2813 MySQL's bundled getopt implementation. To prevent this problem, a new 2814 --without-getopt configure option has been added, which tells the ProFTPD 2815 build process to explicitly not use the ProFTPD bundled getopt 2816 implementation. 2817- Only link ftptop with lib{n,}curses - it isn't needed in any other 2818 binaries 2819- Bug 1815 - Patch to add class information to ftpwho (with verbose on) 2820- Bug 1810 - Wrong permissions assigned to uploaded file. This turned out 2821 to be related to the addition of the statcache code, and its interaction 2822 with the UserOwner and GroupOwner configuration directives. 2823- Bug 1830 - MaxClientsPerHost (small) Bug. Off-by-one error in the handling 2824 of the MaxClientsPerHost directive, introduced by the change in timing of 2825 scoreboard modifications of the new scoreboarding code. 2826- ftpasswd now exits with different values, depending on the problem cause. 2827 Thanks to Graham Dunn <gdunn@inscriber.com> for these changes. 2828 28291.2.7rc2 - Released 22-Oct-2002 2830------------------------------- 2831- Bug 1757 - non-ANSI Syntax in netio.c 2832- Bug 1735 - Proftpd 1.2.6 compiled on FreeBSD 4.6.2 exits on signal 11 2833- Bug 1759 - ftpwho shows much more connections than really is. This bug 2834 only occurred for those daemons running in inetd mode. 2835- Bug 1769 - Lack of supplemental groups can cause segfault. This bug is 2836 a result of the fix for Bug 1666. 2837- Bug 1770 - Forgetting to check for no IP in string. 2838- Moved the switching to the User/Group for a vhost up in the order, to occur 2839 before any modules' session initialization callback is invoked. 2840- Bug 1644 - LogFormat local IP and FQDN tags missing. Added %L to LogFormat 2841 meta sequences for logging local server IP address, and %V for 2842 logging local server FQDN. 2843- Bug 1785 - Bad handling of symlinks. This bug appeared as a consequence 2844 of Bug#1486's fix, which involved caching of struct stats in 2845 order to effect a speed-up of directory listings. 2846- Bug 1778 - 1.2.7rc1 fails to link on OpenBSD 3.2-current. The ftptop 2847 utility was not properly utilizing the macro detecting the 2848 presence (or absence) of the ncurses library. 2849- Adding new configure options (see configure --help) for setting some of 2850 the "tunable" values in options.h via the configure command. 2851 28521.2.7rc1 - Released 01-Oct-2002 2853------------------------------- 2854- Bug 1649 - setproctitle() prepends and appends process name 2855- Bug 1666 - Auth modules can return duplicate supplemental groups 2856- Bug 1654 - Add DESTDIR in Makefile 2857- Bug 1682 - Broken SyslogFacility requires custom syslog code 2858- Bug 1076 - Toggle parsing of .ftpaccess files with a AllowOverride 2859- Bug 1724 - AuthPAM off does not work beginning 1.2.5 2860- Bug 1593 - mod_sql doesn't cache failed uid lookups 2861- Bug 1719 - Add RFC2228 stuff to distribution 2862- Bug 1663 - Add SITE CHGRP command 2863- Bug 1725 - disconnect when specify multiple ranges on Allow 2864- Bug 1253 - No ability to configure address for main server 2865- Bug 1432 - Pedantic handling of leading whitespace in FTP commands 2866- Bug 1652 - Add connection-rate limiting mechanism 2867- Bug 1662 - Define _GNU_SOURCE 2868- Bug 1486 - mod_ls is extremely slow 2869- Bug 1669 - Filename meta (%f) not correctly expanded for some commands 2870 in WRITE logging class 2871- Bug 1065 - New directives to limit file size on upload and download 2872- Bug 1658 - Separate session/daemon resource limit settings 2873- Bug 1436 - Feature Enhancement: Timeouts on a <Virtualhost> basis 2874- Bug 1737 - Enhance file hiding via regular expressions 2875- Bug 1736 - RETR does not handle an inappropriate REST 2876- Bug 1745 - multiple similar entries in extended log 2877- Added NetIO API 2878- Bug 1726 - Cygwin's Makefile inconsistency 2879- Bug 1713 - Scoreboard changes 2880- Bug 1395 - Check return values in PRIVS calls 2881- Bug 1732 - No checking for NULL at inet_ascii and pr_fnmatch 2882- Bug 1687 - Add contrib module for RADIUS authentication, accounting 2883- Bug 1572 - Need to use pam_end() to close session on Solaris 8 2884- Bug 1475 - Minor changes to SITE command handling 2885- Bug 1748 - SQLLog doesn't work with DELE (no filename with %f) 2886- Bug 1694 - SQLLog QUIT doesn't execute on connection close 2887- Bug 1675 - add new MaxClientsPerUser configuration option 2888 28891.2.6 - Released 04-Sep-2002 2890---------------------------- 2891New mod_ldap (2.8.10) 2892- Fixed bug in matching of IP addresses introduced by Bug#1701 2893 28941.2.6rc2 - Released 15-Aug-2002 2895------------------------------- 2896- Bug 1681 - Fixed bug made when adding <IfDefine>, <IfModule> support 2897- Bug 1645 - Changed ordering of close() of HiddenStor files slightly 2898- Bug 1674 - Changed timing of allocation of dynamic buffer (to avoid segfaults) 2899 in the supplied fgetgrent() function, which is used for 2900 AuthGroupFiles under FreeBSD. 2901- Bug 1697 - Fixed memory leak involving allocated regex_t *s and SIGHUP 2902- Bug 1701 - Fixed/enhanced name/IP matching function by adding matching of 2903 ip1/ip2 to function; it was just name1/name2, name1/ip2 matching. 2904 29051.2.6rc1 - Released 02-July-2002 2906-------------------------------- 2907- Bug 1407 - Removed unnecessary check for prior PORT/PASV in STOR 2908 PRE_CMD handler (RETR PRE_CMD handler did not have these checks) 2909- Added new Define, <IfDefine>, <IfModule> configuration directives, new 2910 command-line option -D (a la Apache) 2911- Bug 1556 - Restructuring the way signals are handled, so that signal handling 2912 functions are executed synchronously, not asynchronously 2913- Bug 1463 - Added reporting of dispatching to auth handlers at debug level 6 2914- Bug 1258 - Added STOU command handler 2915- Bug 1534 - Added LFS support 2916- Bug 1647 - Changed unnecessary use of umode_t to mode_t in mod_ls. 2917- Bug 1650 - Mergedown bug with LsDefaultOptions directive fixed. 2918- Bug 1306 - Added a TimeoutSession directive that can be used to set a maximum 2919 time limit on an entire session. 2920- Bug 1643 - Cleaned up several source code files. 2921- Bug 1569 - Cygwin support, added README.cygwin 2922- Bug 1171 - Added handling backslash-escaped newlines in configuration files, 2923 so that a directive can be split across multiple lines using 2924 a trailing \ before the newline character. 2925- Removed the deprecated AllowChmod and ShowDotFiles configuration directives. 2926- Bug 1655 - Added support for a -n option when listing directories. 2927- Bug 1502 - Added a lingering_close function. As discussed in the bug 2928 report, this may cause issues with some clients; keep an eye 2929 for this, as the timeout (ten minutes) may be too long or short. 2930- Bug 1664 - Changed mod_sql to decline UID-to-name resolution if a UID 2931 field has been configured to NULL; similarly for GID. 2932- Removed mod_quota.c due to bugs, lack of maintainership. Consult 2933 http://bugs.proftpd.org for a list of the mod_quota bugs. 2934- Bug 1667 - Moved definition of USE_SHADOW, AUTO_SHADOW macros from command 2935 line into config.h, with the other macros. 2936- Bug 1628 - Added getgroups auth handler to mod_sql. The lack of this was 2937 causing some DefaultRoot directives (those that relied on 2938 group-expressions) not be correctly honored, as mod_sql was 2939 not supplying the groups for the users. 2940- Bug 1543 - Change mod_sql to not remove embedded whitespace within a 2941 username, just to strip leading and trailing whitespace. 2942 29431.2.5 - Released 08-Jun-2002 2944---------------------------- 2945New mod_sql (4.08) 2946- Bug 1379 - Changed mod_sql.c to use memset() instead of bzero() 2947- Bug 1576 - Checks for a NULL pointer in a border case involving use of 2948 SQLHomedirOnDemand 2949- Bug 1586 - Fixed bad assumption concerning row count involving SQL-provided 2950 group information 2951- Bug 1625 - Adds compatibility fix to mod_sql_mysql for older MySQL libraries 2952 (a function name changed in MySQL 3.23.14) 2953 29541.2.5rc3 - Released 30-May-2002 2955------------------------------- 2956New mod_ldap (2.8.6) 2957- Bug 1612 - Fixed logging of RFC931 usernames in xferlog 2958- Bug 1595 - Transfers that result in error conditions no longer cause 2959 the data connection to be closed prematurely via data_cleanup() 2960- Bug 1627 - Fixed bug in timer code where timers were being blocked 2961 indefinitely, manifesting as non-functioning idle timeouts 2962- Bug 1521 - Cleanup of function prototypes 2963- Bug 1379 - Changing remaining bzero/bcopy occurrences to memset/memcpy 2964- Bug 1394 - ftpstats program is not working 2965 29661.2.5rc2 - Released 13-May-2002 2967------------------------------- 2968- Added Andrew Houghton to the credits 2969- Added in the new format FAQ 2970- Bug 1580 - Minor additions to the RPM spec file to allow RPMs to be built 2971 by non-root users. 2972- Bug 1546 - PF_ARGV_WRITABLE, PF_ARGV_WRITEABLE are used mixed. Fixed to 2973 use PF_ARGV_WRITEABLE consistently (less changes to make). 2974- Bug 1608 - src/dirtree.c produces two unnecessary warnings. Fixed to 2975 cast to mode_t for initialization of variables. 2976- Bug 1610 - compiling mod_core.c gives an unneeded/dazzling msg 2977- Removed legacy documentation, updated licence template, licence update 2978 in ftp.h to include the SSL clause. Updated CREDITS (ML) 2979- New mod_ldap (2.8.3) 2980- Bug 1544 - Daemon does not switch to configured User/Group identity in 2981 <VirtualHost> as documented 2982- Bug 1581 - Changed Hide{User,Group} directive to use pointers for 2983 proper handling of uid_t/gid_t types 2984- Migrated to the new form of the directive list from the pdd sgml sources 2985 (ML) 2986- Bug 1563 - Moved checking for bad address lookup up, to prevent segfault 2987 when using MasqueradeAddress 2988- Bug 1567 - Fixed parsing of AuthAliasOnly to honor Boolean parameter 2989- Bug 1579 - the contrib RPM init.d script make inappropriate use of 2990 ftpshut in a few cases 2991- Bug 1588 - Examined return value of inet_get_conn_info() to prevent 2992 segfaults for ephemeral TCP connections 2993- Bug 1570 - Changed MasqueradeAddress context checks in code to match 2994 docs 2995- Bug 1601 - RNTO handler did not properly cleanup after itself in an 2996 error condition, tickling a later segfault 2997- Bug 1523 - Amended fix for this bug to include a pool that should prevent 2998 memory leaks for long-running daemons 2999- Bug 1566 - Changed OpenBSD-specific macro checks to allow for proper 3000 use of sockets 3001- Bug 1578 - RootLogin's configuration directive handler did not properly 3002 set the mergedown flag 3003- New mod_wrap (1.2.3) 3004- Bug 1509 - removed contrib/genuser.pl (per TJ) 3005- Bug 1509 - added contrib/ftpasswd utility script (contributed by TJ) 3006- Bug 1318 - sendfile() semantics incorrect under Linux 3007- Bug 1450 - Timers removed immediately/alarm() return no longer used for 3008 timing 3009- Bug 1446 - DefaultServer overrides SocketBindTight 3010- Bug 1378 - Replace alloca stuff in glibc-glob.c with something more standard 3011- Bug 1498 - <Limit LOGIN> block failing with mod_ldap 3012- Bug 1381 - include/glibc-glob.h fix for Tru64 UNIX 3013- Bug 1465 - can't bind to port that hasn't been closed by forked child 3014 process 3015- Bug 1379 - replace bzero/bcopy with memset/memcpy 3016- Bug 1476 - doc updates 3017- Bug 1520 - security checks for TransferLogs 3018- Bug 1435 - AccessDenyMsg for <Anonymous> not working 3019- Bug 1492 - Bad interaction between HiddenStor and UserOwner 3020- Bug 1493 - incorrect parsing of AuthUserFile 3021- Bug 1485 - Adds CF_MERGEDOWN_MULTI config_rec flag 3022- Bug 1459 - server fails to send response in some cases 3023- Bug 1533 - use memset correctly 3024- Bug 1517 - doc update 3025- Bug 1461 - modules/mod_unixpw.c pw_getgroups() makes dangerous assumption 3026- Bug 1512 - Minor credentials cleanups 3027- Bug 1516 - wrong response to CDUP/XCUP/XCWD 3028- Bug 1451 - add_config_param_str() no longer uses permanent_pool 3029- Bug 1523 - umask allocation in <Global> moved to permanent_pool 3030- Bug 1380 - updated getopt library for Tru64/AIX 3031- Bug 1468 - segfault with empty .ftpaccess 3032- Bug 1445 - PID file contents change when attempting to start 3033 the daemon a second time 3034- Bug 1539 - losing SGID bit on created directories w/ {User,Group}Owner 3035 in effect 3036- Bug 1537 - doc update 3037 30381.2.5rc1 - Released 18-Dec-2001 3039------------------------------- 3040- New mod_sql (4.07) 3041- New mod_wrap (1.2.2) 3042- New mod_ldap (2.8.1) 3043- New Directive: UseGlobbing, allows glibc-based filepath globbing 3044 to be disabled. 3045- Bug 1113 - Make.rules for HPUX incorrectly generated 3046- Bug 1334 - (should have been in 1.2.4, but was missed somehow) 3047 MaxClients none in VirtualHost forbids connect 3048- Bug 1368 - umask bug is hopefully squashed for good 3049- Bug 1389 - fixed hang on PWD 3050- Bug 1355 - Added POST_CMD_ERR handler to API 3051- Bug 1396 - DenyFilter works only in server config scope 3052- Bug 1410 - SIGIO now conditionally compiled 3053- Bug 1281 - Improper checking of server context 3054- Bug 1364 - Immediate chown() after file creation 3055- Bug 1415 - Change allowed contexts for Include 3056- Bug 1430 - Possible bad handling of Directory contexts 3057- Bug 1426 - sigsegv on `ls ///////////' 3058- Bug 1360 - Add getgroups abstraction for auth modules 3059- Bug 1289 - Increase information passed to timer callbacks 3060- Bug 1341 - Bad tracking of forked processes 3061- Bug 1400 - Improper use of MODRET_HASDATA macro 3062- Bug 1416 - PidFile in <Global> context is unnecessary, even wasteful 3063- Bug 1429 - Trivial fixes to dispatch reporting 3064- Bug 1419 - Remove unnecessary colons from PRIVS_ macros 3065- Bug 1418 - Slight change to exithandler handling to allow module 3066 finalization slot 3067- Bug 1392 - Added LOG_CMD_ERR cleanup handler for LIST/NLST/RETR/ 3068 STOR/APPE/STOU, to defer clearing of transfer counters. 3069- Bug 1391 - ABOR handler now clears session.xfer 3070- Check retr_file for validity when RESToring 3071 30721.2.4 - Released 19-Oct-2001 3073---------------------------- 3074Ooops. 1.2.3 was released with a bug that breaks Umask on 3075certain platforms. This results in files being mode 0. 3076- Bug 1348 - Fix for mode 0 problem 3077 30781.2.3 - Released 18-Oct-2001 3079---------------------------- 3080PASS argument now intentionally hidden in the proctitle. 3081- Bug 1242 - More verbose logging of regex evaluations 3082- Bug 1343 - Better reporting of command dispatching 3083- Bug 1335 - Documentation patch 3084- Bug 1334 - MaxClients none in <VirtualHost> now works 3085- Bug 1344 - QUIT now properly logged. 3086- Bug 1247 - Allow/Deny now bahave as in <1.2.2 (multiple lines work) 3087- Bug 1327 - AllowForeignAddress now merges down 3088- Bug 1280 - datatype fixups 3089- Bug 1311 - DirFake* can no longer raise sigsegv 3090- Bug 1331 - Reverse DNS is now forward checked for security 3091- Bug 1305 - limits.h is now included if present 3092 30931.2.2 - Released 17-Aug-2001 3094---------------------------- 3095README.mod_sql update from author 3096new mod_sql from author 3097- Bug 1285 - Documentation updates 3098- Bug 1278 - pedantic fix to access_check() 3099- Bug 1266 - Use of APPEnd could corrupt files 3100- Bug 1286 - mod_ls displays set[ug]id bits 3101- Bug 1145 - DirFakeUser now applies to STAT 3102- Bug 1216 - xferlog man page update 3103- Bug 1111 - INSTALL update 3104- Bug 1262 - Doc update 3105- Bug 1217 - Doc update 3106- Bug 1187 - Upstream update to mod_quota 3107- Bug 1232 - UserOwner no longer performs chgrp 3108- Bug 1219 - compilation fix under gcc 3.0 3109- Bug 1230 - Portability fix for Sol 8 (sparcv9) 3110- Bug 1169 - Fix bug introduced by 1098, breaking DefaultRoot other 3111 than "~*" 3112- Bug 1234 - ABOR now always returns 226 (as per RFC959) 3113- New mod_sql from upstream maintainer 3114 31151.2.2rc3 - Released 19-Jun-2001 3116------------------------------- 3117- Bugs 1164,1020,1134,1190,1207 3118 Documentation updates 3119- Bug 1215 - Removed setpgid()/setpgrp() from fork_server() 3120- Bug 1145 - DirFakeUser can display current logged in user 3121- Bug 1210 - Possible silent truncation in net-ascii mode 3122- Bug 1212 - special files (devices, etc) didn't show up in directory 3123 listings. 3124- Bug 1189 - (again) <Directory> dups allowed in <Anonymous> 3125- Bug 1155 - non rfc behavior on filenames with spaces 3126- Bug 1193 - Error "~" processing while renaming files 3127- Bug 1203 - negation ('!') notation in Allow/Deny ACL broken 3128- Bug 1161 - %F magic cookie now displays free space on cwd 3129- Bug 1151 - Allow <Limit> searching in vhost or main server conf 3130- Copyright/License updated to allow linking to OpenSSL 3131- Bug 1183 - Removed duplicate find_class() call 3132- Bug 1189 - <Directory> duping checked for 3133- Bug 1185 - symlinks in homedirs now resolved at login 3134- Bug 1149 - Patch to contrib RPM init script 3135- Bug 1132 - Compilation fix for glibc 2.0 3136- Bug 1201 - Modifications to contrib/xferstats.holger-preiss 3137- Bug 1090 - {Allow,Deny}Filter Errors now *really* logged 3138- New mod_sql (and friends) from upstream maintainer 3139- Bug 1175 - GNU HURD portability 3140- Bug 1176 - PWD/XPWD can now be <Limit>ed 3141- Bug 1177 - mod_readme moved to contrib/ 3142- Bug 1155 - HPUX portability cleanup 3143- Bug 1172 - Compiler clean for getopt code. 3144- Bug 1170 - Compiler cleanup for pr_fnmatch code. 3145- Bug 1169 - Better handling of DefaultRoot/DefaultChdir 3146- Bug 1168 - variable definitions moved from proftpd.h to main.c 3147- Bug 1160 - BSD root socket semantics needed for svr4.2mp;UX/4800 3148- Bug 1156 - USER command now takes an argument with spaces in it 3149- Bug 1152 - Off-by-one in the PassivePorts code 3150- Bug 1137 - NLST displayed hidden files 3151 31521.2.2rc2 - Released 20-Apr-2001 3153------------------------------- 3154The `AllowChmod' directive has been deprecated, and will not work 3155consistently. Use <Limit SITE_CHMOD> instead. 3156 3157- Bug 1112 - Compilation fix for IRIX 6.2. 3158- Bug 1128 - Fixed possibled Linux sendfile() corruption issue. 3159- Bug 1093 - Checking for world writable log files and symlinks. 3160- Bug 1094 - AuthUserFile/AuthGroupFile disallow relative paths. 3161- Bug 1096 - Case sensitivity issues in config, better checking of 3162 RLimit* directive arguments. 3163- Bug 1090 - AllowFilter/DenyFilter now logs correctly. 3164- Bug 1119 - glibc-glob compilation issue on IRIX6. 3165- Bug 1090 - ExtendedLog should now report ALL events (even errors) 3166 31671.2.2rc1 - Released 24-Mar-2001 3168------------------------------- 3169- Bug 1085 - Better logging of "User is not a UserAlias" and "Can't find 3170 user." 3171- Bug 1043 - Fixed possible infinite loop in bandwidth throttling code. 3172- New RLimit* directives used to control resource usage on support platforms. 3173- Bug 1075 - Sub-contexts (<Directory>, etc) weren't being fully copied from 3174 <Global> to vhosts. 3175- Bug 1049 - New User/Groups weren't being seen after startup w/out a SIGHUP. 3176- Bug 1066 - new GNU glob() and friends, which properly limits recursion and 3177 avoids DoS issues. Built-in glob support is now always compiled in to 3178 proftpd regardless of libc support on build platform. 3179- New directive "MasqueradeAddress", used to emit a "fake" (non-interface) IP 3180 in server ident, magic cookies and PASV commands. Useful for firewalled or 3181 NAT'd networks that are not FTP aware. 3182- Bug 1044 - New directive "AccessDenyMsg", works just like AccessAllowMsg, 3183 but does the obvious. 3184- Bug 1055 - Not really a bug, but still .. ftpwho/ftpcount now attempt to 3185 scan proftpd.conf looking for ScoreboardPath, if all else fails 3186- Bug 1042 - <Directory /> arbitrarily not matching. 3187 31881.2.1 - Released 01-Mar-2001 3189---------------------------- 3190- A relatively major issue was discovered with session.groups which may cause 3191 any group-expressions inside of <Limit> (DenyGroup, etc) to malfunction. 3192 This is the primary reason for the 1.2.1 release. 3193- Default CFLAGS changed from "-g3 -O6" to "-O2" because it is reported 3194 that -O6 is highly experimental, and including debugging really isn't all 3195 the useful, as someone _really_ interested in debugging can edit Make.rules. 3196- Defining classes without an explicit "Classes On" now generates a log 3197 warning. 3198- New mod_sql and mod_ldap from their respective maintainers. 3199 32001.2.0-final - Released 26-Feb-2001 3201---------------------------------- 3202- Numerous additional bug fixes from Bugzilla. See http://bugs.proftpd.org 3203 for more info. 3204- New and updated README.* and INSTALL. 3205- initgroups() support has been removed, it will be re-added in 1.3 after we 3206 have proper modular support in authentication modules. 3207- mod_sql.c, mod_sql_mysql.c and mod_sql_postgres.c back in, with a new 3208 maintainer (replacements for mod_sqlpw and friends). 3209- instead of using kill(pid,SIGCONT) to determine if scoreboard pids are 3210 correct, proftpd now uses kill(pid,0) which should be a lot lighter on 3211 heavy-load systems. Thanks to Rob Schulhof <rrs@digisle.net> for pointing 3212 out that kill(pid,0) is both valid AND useful. ;) Also removed some 3213 completely useless and redundant /proc stat code which did the same thing 3214 as kill(pid,0) on linux systems. 3215- logging to file (via SystemLog) is now done with a single write instead of 3216 two in order to be atomic. 3217 32181.2.0rc3 - Released: 05-Feb-2001 3219-------------------------------- 3220- mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the 3221 distribution. They are currently unmaintained and have numerous bugs. 3222 If any kind soul <grin> is interested in maintaining them, they may be 3223 brought back into a future version of proftpd. 3224- sendfile now defaults to off, use --enable-sendfile at configure 3225 time to enable. Additionally, sendfile is probably fixed. 3226- initgroups/getgroups new defaults to off, use --enable-initgroups at 3227 configure time to enable (mainly useful for large systems). Be careful, 3228 though, as initgroups/getgroups breaks module handling and will not work 3229 in conjunction with other third-party modules (mod_sqlpw, etc). 3230- Passive FTP works properly now (was broken in RC2). 3231- Compilation problems fixed on some obscure platforms. 3232- PAM authentication finally works again on Solaris (due to an annoying bug in 3233 Solaris). 3234- Added the DeleteAbortedStores directive. 3235- Fixed a minor bug in SITE HELP. 3236- Eliminated a race when logging in with MaxClients. 3237- AllowChmod defaults to 'on' now for simplicity and compatibility. 3238- Honor ExtendedLog NONE. 3239- Added SyslogLevel directive. 3240- Added --with-includes option to configure. 3241- Added --with-libraries option to configure. 3242- On systems with wtmpx, don't use wtmp at all. 3243- Handle files that begin with ~ properly. 3244- Documentation updated for PAM on FreeBSD operating systems. 3245- NUMEROUS other bug fixes, including many security issues 3246 32471.2.0RC2 - Released: 27-Jul-2000 3248-------------------------------- 3249- Made sure ServerUseReverseDNS was honored. 3250- Compile problems on various problems. 3251- Added descriptions for more errors to be more RFC compliant. 3252- UID/GID handling is more portable now on systems with unusual UID/GID sizes. 3253- PAM handles should be persistent across jailed environments. 3254- Various additions to configure to make it more portable and correct. 3255- AllowChmod works properly now. 3256- HP/UX sendfile support. 3257- Cleaned up configure and supporting files. 3258 32591.2.0RCl - Released: 11-Jul-2000 3260-------------------------------- 3261- Fixed a bug in mod_ls that could cause a crash. 3262- Fixed a minor bug related to group permissions. 3263- Fixed a bug in calculating file system size when using statvfs. 3264- Fixed a bug when a 'TYPE L' directive is passed improperly. 3265- Fixed Umask directive handling in directories. 3266- Changed bandwidth throttling to use select() instead of usleep() to work 3267 better across platforms. 3268- Updated mod_ldap to 2.5.2. 3269- Environment is now preserved before trying anything fancy with set_proc_title. 3270- Warn a user if an invalid class is specified in ExtendedLog. 3271- Logging of transfer times is more precise now. 3272- mod_quota now comes with ProFTPD in the contrib directory. 3273- FreeBSD 4.0 support. 3274- Unixware support. 3275- Updated config.guess and config.sub to reflect new platforms. 3276- Added a %k directive to DisplayQuit that shows a more user-friendly count of 3277 data transferred (ie: 23MB, 1.2GB, etc.). 3278- Added a -t option to ProFTPD to allow syntax testing of a config file. 3279- Made config file errors more useful by giving the filename and line number of 3280 the error. 3281- Added %A, %F, and %m directives to LogFormat to allow for the creation of 3282 CLF-style logs. 3283- Portability fixes to mod_tar. 3284- Timezone is preserved across jailed environments now. 3285- Slightly optimized directory listing/sorting in mod_ls as an interim measure. 3286 mod_ls will be rewritten entirely in 1.3. 3287- Added a -L option to mod_ls, so things like mirror work properly with 3288 symbolic links. 3289- Fixed the 'password shows up where username should be' problem with MySQL 3290 authentication. 3291- Fixed a potential security problem in setproctitle-enabled systems. 3292- Documented a buffer issue with CustomLog -- This will be entirely rewritten 3293 in 1.3. 3294- Fixed a potential buffer problem in mod_ls. 3295- Clarified syslog message information in INSTALL. 3296- ProFTPD will now generate a PID file in standalone operation. 3297- DisplayReadme now accepts patterns. 3298- Added AllowChmod directive. 3299- Allow comments and blank lines in password files. 3300- *snprintf emulation was incomplete on Solaris and other platforms with no 3301 *snprintf implementation. 3302- PAM now properly registers and closes a session, conforming closer to the PAM 3303 specification. 3304- More documentation updates. 3305- Fix a permissions display problem under certain circumstances. 3306- Minor fixes to classes support. 3307- AllowForeignAddress now applies to passive connections as well. 3308- Major performance upgrade to groups initialization. Those that have large 3309 groups shouldn't see the 'hangs forever on login' problems. 3310- Fixed GroupOwner's semantics and added the related UserOwner directive. 3311- Added SQLKey, SQLKeyField, and SQLAuthoritative to mod_sql. 3312- Fixed access checks for LIST and NLST. 3313- Cleaned up use of '.' and '..' in mod_ls. 3314- Fixed a case where ServerUseReverseDNS wasn't being honored. 3315 33161.2.0pre10 - Released: 17-Jan-2000 3317---------------------------------- 3318- sendfile() handles errors and non-optimal conditions The Right Way(tm). 3319- install_group works right in warped cases of having more than one GID 0 3320 group defined. No, don't ask. :) 3321- sendfile() doesn't log spurious messages unless it's in debug mode now. 3322- A meaningful error is now generated with bad group files. 3323- Complex group permissions work correctly now, where they did not in a 3324 rare case. 3325- Updated included version of mod_ldap. 3326- Bandwidth and sendfile() use are now mutually exclusive. 3327- Corrected minor log issues. 3328- Fixed various compilation issues on various platforms (isn't this vague :)). 3329- More informative error messages. 3330- Minor semi-Y2K issue in mod_readme fixed (don't ask...look at the code :)). 3331- Corrected error messages on most commands in cases where an invalid number 3332 of arguments are specified. 3333- An error message is now generated when ~ expansion is meaningless. 3334- Invalid host entries don't show up as (null) anymore. 3335 33361.2.0pre9 - Released: 27-Oct-1999 3337--------------------------------- 3338- New support for BSD sendfile() semantics. 3339- sendfile() deprecates politely on Linux 2.0.x. 3340- AuthPAMAuthoritative now defaults to False. This should clear up any 3341 confusion on using PAM with AuthUserFile and friends. 3342- Removed Bandwidth from the documentation. 3343- Fixed a rare segfault in mod_auth. 3344- Logging has changed slightly to be more informative and more consistent. 3345 All messages that get logged are now preceded with 3346 <virtualhost> (remote host[remote ip]). 3347- mod_ldap for authentication against LDAP directories is now in place. 3348- ftpwho/ftpcount -- a grammatical error corrected, and they now build 3349 as separate binaries. 3350- Fixed the 'no names, just UIDs' bug. 3351- Added genuser.pl to facilitate AuthUserFile entry creation. 3352- Umask now takes an optional second argument, specifying a directory umask. 3353- Work around FreeBSD's broken setpassent(), and a new option to override 3354 this in fixed versions of FreeBSD's libc (--enable-force-setpassent). 3355- Generate RPMs for both inetd and standalone versions of ProFTPD. 3356- Added AuthUsingAlias to allow for more fine-grain control of anonymous 3357 logins. 3358- Added support for 'TYPE L 8' and 'TYPE L 7' per RFC 959. 3359