Version 1.3.10: 1) Bug Fix: Fixed warnings from gcc. (Beau Kuiper) 2) Change: Added %(x,*)d format for cookies. (Beau Kuiper) 3) Bug Fix: Fixed gid/uid handling, corrected casting, mainly useful for older machines with 16bit uid and gid (Beau Kuiper) 4) Bug Fix: Fixed manual page installation to put .1 at the end. (Decklen Foster) 5) Bug Fix: Fixed makefile problems. (Beau Kuiper) 6) Bug Fix: Fixed freeing of null pointers when specified configuration file is a directory. (Beau Kuiper) 7) Bug Fix: Fixed gid/uid handling so NIS works. (Beau Kuiper) 8) Change: Now using new malloc library. It is much better than most other mallocs, including GNU's (Beau Kuiper) 9) Change: Added the package Muddlestats. It seems very good and has a promising future. (McRee) 10) Bug Fix: Fixed uploads on IBM AIX systems. This bug has existed a long time. (Beau Kuiper, helped by Sergey Novoselov) 11) Bug Fix: Fixed recursive directory listings again (Beau Kuiper, helped by Nik Soggia) 12) Documentation: Minor changes to example configs. (Beau Kuiper) 13) Documentation: Added mudlogd documentation. (Beau Kuiper) 14) Change: Added the mudlogd program, which works separatly from muddleftpd to allow simple log rotation. (Beau Kuiper) Version 1.3.9: 1) Bug Fix: Connection rejections if DNS broken fixed. (Beau Kuiper) 2) Documentation: added mudpasswd manual page. (Decklen Foster) 3) Bug Fix: Better error reporting in ftpwho (Decklen Foster) 4) Documentation: Minor change to info page. (Decklen Foster) 5) Bug Fix: made forking into background a command line parameter instead of a #define (Beau Kuiper) 6) Change: added separate upload/download speed limiters for people with differing upload and download speeds, eg cable modem and ASDL. (Beau Kuiper) 7) Change: changed source tree directory structure, separating source files into thier own directory. (Beau Kuiper) 8) Bug Fix: Fixed directory listing again, so even simpler and better. (Beau Kuiper) 9) Bug Fix: Small memory leak in listing code fixed. (Beau Kuiper) 10) Bug Fix: Finally fixed date parsing in list code so year is displayed if last modified was a different year. (Beau Kuiper) 11) Bug Fix: String length checking fixes for config files. (Tomas Ogren) 12) Bug Fix: Memory alignment issues fixed in configuration include sections (Tomas Ogren) 13) Bug Fix: Some libc's don't like being told to vsnprintf without a buffer. Fixed autoconf script to check for this and use replacement if true. (reported by Tomas Ogren, fixed by Beau Kuiper) 14) Bug Fix: Moved HOST reply strings to reply.h (Beau Kuiper) 15) Change: added EPSV and EPRT commands, to support IPV6 at a later date. (Beau Kuiper) 16) Change: added busydumpdata directive option for main and virtual server sections. Now the server won't blindly disconnect if too many users connect at the same time. (Idea by Tomas Ogren, done by Beau Kuiper) 17) Bug Fix: Fixed makefiles to use configure specified manpage and info directories. (Decklin Foster) 18) Bug Fix: Fixed ABOR to forget any data port information. (Beau Kuoper) 19) Bug Fix: Fixed default data port handling, with server using the wrong IP address. (Beau Kuiper) 20) Bug Fix: Fixed SITE error message with no parameters. (Beau Kuiper) Version 1.3.8: 1) Bug Fix: Fixed bug in ratio record creation 2) Change: Added HOST support as outlined in the draft I have written. 3) Bug Fix: Minor fix for errorous exit. Now exits with 1 if an error occurs. Suggested by Decklin Foster 4) Bug Fix: More descriptive error messages for when the server has too many users. 5) Bug Fix: Recursive listing crashed muddleftpd if the last dir scanned but the recurse algorithm is empty. 6) Bug Fix: substantial fix to be more compatible with /bin/ls for recursive lists. Should fix mirror.pl 7) Bug Fix: upload resume using STOR command fixed. A very simple mistake that existed in the whole (1.3.X) series. 8) Bug Fix: Fixed free NULL pointer error when no ipacls specified. Version 1.3.7: 1) Bug Fix: Listing ACL's did not work correctly. 2) Bug Fix: Major bug in freeing children caused major problems after server maxusers had logged in and out. 3) Bug Fix: Bind errors were being displayed when using runasuser directive. They are now ignored (they are harmless) 4) Bug Fix: SIGHUP is now not acted upon if runasuser is active. Version 1.3.6: 1) Bug Fix: Fixed serious DOS bug when the new maxipconnect directive is used. Version 1.3.5: 1) Change: Pam module now accepts option pam_user, to force the username it will read from the password file and return the credentials for. 2) Bug Fix: better logging of some failed calls. 3) Change: Now quitdump, cddump and welcome do not need to be specified specially for chroot mode. 4) Bug Fix: string.c changed for easier porting. Was GCC dependant. 5) Bug Fix: memcpy bug while resolving hostnames. 6) Bug Fix: Improper handling of uid, gid in authentication. 7) Bug Fix: Warnings repaired, prototypes rebuilt using scribe. 8) Change: Ftp list code now supports recursive listing. The listing code is very fast/memory efficient. 9) Bug Fix: Fixed memory leak while authenticating user. 10) Change: Added funtions to retrieve hostname/ip from authentication modules. 11) Change: I am using my own glob routines now, sorts correctly for machines without glob. 12) Change: The fnmatch code I wrote is now being used regardless of whether the library has its own one. 13) Bug Fix: fnaccess and pfnaccess have been repaired, and can be used. 14) Change: Listing now shows total directory sizes like the real ls. 15) Bug Fix: Dumping relative files when changing directories caused the file for the last directory to be dumped 16) Bug Fix: ratiotool failed to set correct file permissions on a newly created ratio file. 17) Bug Fix: compile fixes for IRIX. 18) Bug Fix: Macros broken in ftpd.h 19) Bug Fix: Ips were shown backwards in ftpwho if reverse hostname was not found. 20) Change: Added option maxconnectperip. This limits the number of connections from a single IP address. 21) Bug Fix: Fix when user operation is more than 120 characters. This lead to ftpwho printing the hostname after the operation. 22) Bug Fix: cookies in access directives were not being applied correctly. 23) Bug Fix: Signals must be blocked while reloading config, or deleting users, or bad things happen Version 1.3.4: 1) Bug Fix: The internal password module was feeding the config error function the wrong variable. 2) Bug Fix: Fixed a bug in include handling that would prevent use in 64bit environments. 3) Bug Fix: Include looping is now checked before config file is loaded. 4) Change: Removed authparams option. Auth modules get to fend for themselves (this provides more functionality, and better directive names) 5) Bug Fix: Help was not being shown correctly. 6) Documentation: Updated some documentation. 7) Bug Fix: Possible to free NULL pointers in config.c 8) Change: Changed a few error messages to be more understandable. 9) Change: A temporary change that will lock up muddleftpd if it tries to free a NULL pointer. It locks muddleftpd up so a debugger can get a clean backtrace of the program. 10) Bug Fix: Fix for attempting to rotate logs while in droproot mode. 11) Bug Fix: Usernames are more rigourously checked because regular expression characters in accepted usernames may provide more access than intended. 12) Change: The anonymous authentication module now returns the uid and gid of nobody instead of the ftp user. This is more consistent with other ftp servers. 13) Change: Listing of devices is more accurate, showing the major and minor device numbers like real ls. 14) Change: Muddleftpd now uses the real hostname as the default hostname of the host and virtual servers. 15) Change: Ipacl for hostnames must be in brackets. Without brackets, it is always checked against the IP 16) Bug Fix: got rid of any use of inet_ntoa, since I wasn't using it right. 17) Change: Set default logstrength to log everything. 18) Documentation: Documented all server directives. Version 1.3.3: 1) Change: Can now use %v in group config to get current virtual server section name and %V to get current virtual server host name. Ratio %v and %V are now %a and %A 2) Change: Can now use tokens in greeting line. 3) Bug Fix: Fix for bug where directories with % in them did weird things (see version 1.2.10) 4) Change: New config option droproot. This option will drop all root prividges when a user logs. It also will use capibilities so it can still use low numbered ports on linux 2.2 or better if libcap is installed. 5) Change: reply.h now contains macros to the replys the server generates, It allows replies for foriegn languages or other ftp servers to be used, basicly changing the persona of the ftp server. 6) Bug Fix: muddleftpd was not correctly enforcing the one command at a time requirement of FTP. 7) Bug Fix: muddleftpd was not updateing upload/download byte counter. Version 1.3.2: 1) Bug Fix: Muddleftpd is much more careful now about the configuration file it listens to. The config file now must be owned by the user/group who runs it, and must not be world or group writable. This fixes a security vulnerability in ftpwho if it is setuid. Same for internal password files. 2) Change: Added the -n option to display IP's instead of hostnames in ftpwho. 3) Bug Fix: Fix for truncated replys where length of reply was more than 1024 characters. 4) Change: Implemented new directive include, which allows you to include another section in the current section. Good for creating templates. 5) Change: Changed how config errors were handled, improving error reporting and detection 6) Change: By default, muddleftpd is built to be quiet on startup. 7) Change: ratios now get data from groups section rather than a separate section. Use include to have ratio directives in other sections. 8) Change: Sending SIGUSR1 to the server process will make it reopen the log file and instruct the children servers to do the same. Note that chrooted server children will not be able to reopen the log file. 9) Change: added fnmatch pattern based access controls, including controls to explicitly match slashes. 10) Bug Fix: Maximum process limit setting was broken, fixed. 11) Bug Fix: Symbolic links were always assumed readable in the listing code. Does not work because the /proc filesystem actually has non-world readable symbolic links. Version 1.3.1: 1) Change: Minor changes to how the scratchfile is used. 2) Change: Muddleftpd now uses proper unix style arguments. It has a usage screen and a version option. 3) Change: PORT command more verbose, repling where it will connect to. 4) Change: root privliges are given for connecting to low number ports. This is for RFC951 complience. 5) Bug Fix: Fixed code so muddleftpd runs of FreeBSD. Borrowed :-) some code from proftpd (for functions fgetpwent and fgetgrent) 6) Bug Fix: snprintf replacement code has a bug causing very bad problems. 7) Bug Fix: removed TCP_CORK code since it only slows data transfers down. 8) Bug Fix: Fixed a few compile bugs. 9) Change: Changed log format and how log was written 10) Change: Added support of dlopen modules for authentication modules 11) Change: Minor updates to authentication module interfaces. 12) Change: Passwords used by anonymous users are now logged. 13) Bug Fix: Fixed %N cookie for user count. 14) Change: Got rid of pidfile support, now ftpwho -p will return the pid of the running standalone muddleftpd. 15) Change: Now scratchfile is used for locking in both inetd and standalone modes. This means the server doesn't need to lock against the config file and it could be changed without problems. 16) Change: ftpwho program rewritten and much more useful now :-) 17) Bug Fix: A couple of missing returns fixed. Should have caused problems already :-) 18) Bug Fix: A bug in acl.c fixed where segfault would occur if no ACLs were specified for a user 19) Change: Authentication modules can now cancel authentication of a user if a serious error occurs. 20) Change: Authentication is now cancelled if an authentication module cannot be found. 21) Change: If muddleftpd cannot bind to a port when it starts up, then it will exit. If it cannot bind to a port when you issue a SIGHUP, then it will log it and continue. 22) Change: Commands can now be disabled per group within the config file. 23) Bug Fix: Data corruption bug after SIGHUP removes a virtual server fixed. 24) Change: When a user connects, muddleftpd will fail to recognize all but a few commands needed to login. 25) Change: ftpwho reports vservers using their section names. 26) Change: Now download speed limits can be specified per group These are highly accurate and reasonably smooth. 27) Bug Fix: Porting fixes for weirder unixes including simple-glob fixes. 28) Bug Fix: Small bug parsing gid lists caused crashes with long suplemental gid lists. 29) Change: Speed limits now also apply to file lists and uploads. 30) Bug Fix: New listing code would possibly break when a partial write occured. 31) Change: Finished logindumpdata support. Version 1.3.0: 1) Bug Fix: for large maxusers, the default settings would cause muddleftpd to croak. Fixed. 2) Bug Fix: for long usernames and non-default constant values, a possible problem with setting username has been fixed 3) Change: PAM module now does more logging to aid debugging. 4) Change: shared memory is more compact now, only storing thread users. 5) Change: EXPERIMENTAL INETD SUPPORT!!!! 6) Bug Fix: on systems that need -ldl for pam support, it would cause pam support not to compile. Fixed. 7) Bug Fix: if muddleftpd is running inetd mode, now errormessages go to the system log. 8) Change: Log message now emmitted if non-existant auth method used. 9) Change: Better debug logging system now in place. Can work even with inetd 10) Bug Fix: Fix to MDTM. This broke netscape quite convincingly 11) Bug Fix: Fix for netscape race and maybe other clients. 12) Change: All configuration is in single file now! This improves performace muchly esp under load. 13) Documentation: Examples updated for new code! 14) Bug Fix: Fix to logging where SITE commands were logged twice. 15) Bug Fix: Listing bug fixed where files were being used as regular expressions. 16) Chnage: Replaced ACL code. New code also recognises mkdir and rmdir, chmod and chdir. Add only applies to files now. 17) Change: Now ip's can be denied as well as allowed with the new ipacl directive. Note that the order ipacl's are specified in is very important. 18) Change: Now log messages are generated when a user logs out of the server. 19) Bug Fix: User cannot specify PORT command with data port < 1024 20) Bug Fix: Total file size is now given when doing binary downloads, regardless of starting position. Other ftp servers act this way, and some client expect it. 21) Bug Fix: Maximum timeout was not correctly set. 22) Change: Writing to control port now has timeout, so it cannot lock up. 23) Change: Continuation messages have new format that look nicer. 24) Change: New group system is working, It now traverses a list of groups in the user file to determine what group a user is. It needs more work ATM. 25) Change: added IP and name access lists to make group system very, very, very configurable. 26) Bug Fix: For systems which uses non-DES encryption, muddleftpd used crypt correctly. 27) Change: added hostname based matching and hostnames in logs. 28) Change: reverse dns timout setting added 29) Change: Alternate long reply format option added, allows for bad proxys and stuff. 30) Change: VIRTUAL SERVER SUPPORT ADDED. Not yet completed or optimised for file descriptor usage. 31) Bug Fix: Fixed several small bugs found in 1.2.2. 32) Bug Fix: A minor bug working with parameters fixed. 33) Bug Fix: A bug when parsing config files caused tabs to be misinterpreted. 34) Change: Smart binding. This allow muddleftpd to minimize the number of file descriptors used when binding files. 35) Change: Zero binding. When used with smart binding above, allows virtual servers to be used on all servers. This basicly makes sure all binds are performed on address 0.0.0.0 36) Change: Using rlimits instead of manually checking memory size for determining overuse of memory. 37) Change: Made single configuration file loading to be less memory intensive. 38) Change: Server will now reload config file with a HUP signal. 39) Change: Server now lets you specify if you want to real chroot to the rootdir instead of doing a pretend chroot. It is ignored if root access isn't avaliable. This provides extreme security for paranoid system administrators (like me!) 40) Change: When a user logs in, the uid/gid is switched to that user instead of being left as root. This reduces code size and improves security. I also seem to learn things the hard way (I should have had this ages ago) 41) Change: Ratio support. An external binary file is used for this, and users are added to it as they log in. Ratio's are implimented so multiple sessions are no problem. Ratios apply to both files and bytes, and can be persistant or non-persistant. 42) Change: Config changes. Now parameters are easier to specify, and including spaces is easy. 43) Change: By default, muddleftpd now doesn't allow access to non regular files (eg device files). To re-enable use devaccess in group sections. 44) Change: Full group support, include supplementry group lists. 45) Change: Added a ratio changing program, ratiotool. It can add, edit and psudo-delete ratio file entries. It is safe to use while the server is running. 46) Bug fix: Fixed a small bug that always put an extra / at the beginning of a filename in the log if rootdir is / 47) Change: If rootdir contains symlinks, they are now dereferenced as the user logs in. 48) Change: Added a realdir option. This will automaticly report the real directory name, with all symlinks dereferenced, instead of the internal construction. 49) Change: Added code to detect broken snprintf, and to work out which syntax it uses and use that syntax. 50) Change: Detects if double ints work correctly and disables ratios if they don't 51) Change: Added fxpallow option, so server-server transfers may work on a per-group basis. 52) Change: Implemented output buffer to make sure long replies are sent effeciently. 53) Change: Input from dumped files and user is now put through a filter that removes non-printable characters. 54) Change: Implemented options to specify long replies directly in the config file 55) Change: Data port handling rewritten, should be a little faster now. 56) Change: Sendfile() support implemented. This should improve performace slightly, but linux needs a better sendfile :( 57) Change: Groups and vserver limits are handled in a much better way now. Faster for standalone operation, correct for inetd operation. 58) Change: Log now contains thread id so it is easier to trace what a specific user is doing Version 1.2.10: 1) Bug Fix: Bug where % in pathname would cause weird errors when current directory was displayed. It was caused by using the output of one printf (with user supplied data) as the format string in the next. Fixed by removing all (except where it is obviously safe) non-constant format strings in the source. Entire source was checked for the problem. Version 1.2.9: 1) Bug Fix: Mudpasswd backported from 1.3.X. Fixes problems with mudpasswd segfaulting. 2) Change: Included an init file for system V init scripts 3) Chnage: Added a spec file for rpm generation. Havn't tested it yet. Version 1.2.8: 1) Bug Fix: Another config file reading bug fixed. If you used tabs at the end of a value, they would not be discarded by the ftp server. 2) Bug Fix: Repaired the README file. Version 1.2.7: 1) Bug Fix: Rename bug fixed. Ops :-) Occured because errno wasn't reset correctly. Version 1.2.6: 1) Bug Fix: Fixed bug where garbage was printed if null password was supplied. Version 1.2.5: 1) Bug Fix: snprintf madness fixed. Server now works for all known snprintf types. 2) Bug Fix: fixed the provided snprintf so it reports -1 if result is too long. 3) Bug Fix: ftpwho would segfault in certain denied access cases. Version 1.2.4: 1) Bug Fix: Parsing problems with tab separating name and value pairs fixed. 2) Change: Ftpwho program revamped. It can now do reverse IP lookups for hostnames and supports regular options. Run ftpwho -h to see options. 3) Bug Fix: Problems with zero length strings on ftp commands fixed. No real problems, just zero length parameters need to be detected and reported as missing parameters. 2) Bug Fix: A secuity problem with cddump relative files has been fixed. If the user could create a symlink as the name of a relative cddump file, the user could view any file on the system over the control connection. Version 1.2.3 (was 1.1.1c) 1) Bug Fix: Active data connections now bind to specific interface. Old method seemed to fail when used with strict ip filewalls. 2) Bug Fix: If an error occured accepting a control connection, the server would bad. 3) Bug Fix: If the PASV command couldn't bind to a port, it wouldn't cleanly report the error. 4) Bug Fix: An extra close was hiding the real cause of data port connection failure. 5) Bug Fix: Some calls to create sockets were not checked correctly. 6) Bug Fix: No error was displayed if passive port connection accept fails 7) Bug Fix: Slight change in Makefile so that CFLAGS is recognised. Version 1.1.1b (now 1.2.2): 1) Bug Fix: if you didn't set authmethod in the config file, the server process would crash. 2) Bug Fix: if you use a non-DES crypt function, muddleftpd would not authenticate properly. This bugfix fixes for a least slackware 7.0. 3) Change: New versioning system. Now I copy the linux versioning system since I cannot get it right myself. 4) Bug Fix: if a list failed due that was not the fault of glob, then server would crash tring to free a non-existant variable: 5) Change: You can use group/usernames for uid/gid specification now in user config files and authentication modules. Version 1.1.1a (now 1.2.1): 1) Bug Fix: Long usernames would cause the server to crash. Not an exploitable bug, but not very nice looking. 2) Bug Fix: files dumped over control connection were not logged correctly. Version 1.1.1 (now 1.2.0): 1) Bug Fix: A minor memory leak was sealed. 2) Bug Fix: Changed ACL error code to EACCES instead of EPERM. 3) Documentation: Added the info file back. 4) Change: log entry generated when a user logs out of the ftp server 5) Bug Fix: Server will not allow client to specify a data port less than 1024. 6) Bug Fix: Changed byte count when starting download to total size of file regardless of restart position. Other ftp servers act this way, and some clients use this info. 7) Change: When authenticating users, the server will change to the configuration directory. This will improve robustness of marginally defined configurations. 8) Bug Fix: Maximum timeout was not set correctly when logging user in. 9) Bug Fix: Minor fixes for platform independance in mudpasswd. Version 1.1.1beta3: 1) Bug Fix: invalid rootdir message didn't show root dir. 2) Bug Fix: fix for site commands being logged twice. 3) Documentation: info files removed for now since maintainer hasn't reponded to email. 4) Bug Fix: Directory listing problems solved. Version 1.1.1beta2: 1) Bug Fix: Pam support didn't compile on system with dynamic linking in a library 2) Bug Fix: Small change to code to prevent problems if username length constants get changed. 3) Bug Fix: Fix to MDTM command, broke netscape access quite well :) 4) Bug Fix: Fix for netscape race and maybe other clients. Version 1.1.1beta1: 1) Change: Changed the error message management system. Now much better. 2) Change: Help now contains descriptions for each command. 3) Change: Full shadow password support with account expiry. 4) Change: User now gets message as to why login fails. 5) Bug Fix: strerror was compiled even if it already existed! 6) Change: PAM support has been added! 7) Bug Fix: now all root logins get demoted to user nobody like they should 8) Bug Fix: now user nobody from the password file is used to determine what user nobody is. Any system without a user nobody is in SERIOUS TROUBLE! 9) Change: Added the disabled user authentication which will disable a user. 10) Bug Fix: Added a copy of the usleep function for older computers. 11) Documentation: Fixed documentation for new features. 12) Bug Fix: Put limits on maximum generated string lengths to prevent users from filling virtual memory. 13) Change: Added SITE IDLE command. Version 1.1.1beta0: 1) Change: Log message emitted when user cannot login due to bad root dir 2) Change: Error messages for socket connection are better handled. 3) Change: added -d option to list a directory instead of its contents. 4) Change: Major refit of auth code. Now all auth code is modularied into the different sources. Makes adding new auth schemes easily. 5) Change: new unix auth module can autodetect shadow passwords! 6) Change: config files can handle windows style files. 7) Change: added an internal password file support module. 8) Change: added runasuser option in main config file. 9) Change: removed runasuid and runasgid from main config file. 10) Change: created a simple mudpasswd program to modify internal password files. 11) Change: Minor server reply tweeks. 12) Documentation: Fixed examples for new code. 13) Change: Added the badauthwait option to the main config file to cause the server to wait a specifed number of milliseconds if the user doesn't provide the correct password. 14) Change: Added the userjail option to user files so when the user logs in, he/she will not be able to log into a new user. Good for anonymous accounts. 15) Change: Added the logintrys option to the main config file. This tells the server how many attempts a connection has to login before the server refuses to log the user in. Version 1.1: 1) Documentation: Added man page and info pages. Thanks to Jonas Oberg for this. 2) Bug Fix: Spelling mistake in init.c fixed. Thanks to Jonas Oberg for noticing my mistake. 3) Change: Server will now detect if it needs root access to bind to a port and gives a message to the user if it is so. Version 1.1.beta3: Final beta if no bugs are found! 1) Bug Fix: Fixed Makefile so QUIET=1 option is recognised. 2) Bug Fix: Fixed spelling mistake in init.c (already instead of aleady) 3) Documentation: Added some documentation on how to build and install muddleftpd (muddleftpd.txt) 4) Documentation: Updated README and INSTALL. 5) Bug Fix: If unixuser is specified and that specified user doesn't exist, login will fail automaticly. 6) Bug Fix: If it can't load a user's config file, it will now output a log message. 7) Bug Fix: Checks on files and directories now done in user auth files. 8) Change: Minor optimisations to improve processing of file dumping, streamlines code. 9) Bug Fix: busydump was crashing, due to incorrect working directory value, fixed! 10) Bug Fix: the username in the shared memory structure is properly updated at the correct time. Allows a user with maxconnect 1, to relogin. 11) Documentation: Added documentation for user configuration files. 12) Bug Fix: now mud authenication stuff is not compiled by default. 13) Documentation: Added documentation for cookies in user config files. 14) Documentation: Added documentation for accepted ftp commands. 15) Documentation: Gave up on HTML documentation! Version 1.1.beta2: 1) Change: Failed magic cookie tranformations are logged so that the admin can find if cookies fail. (I decided that this change is minor enough and important enough to be added before version 1.1) 2) Bug Fix: Download statistics were not correctly tallyed. 3) Documentation: Added documentation for dumped file magic cookies (cookies.txt) 4) Documentation: Added documentation for ftpwho. (ftpwho.txt) 5) Documentation: changed user.other so that if the example config is directly used, it won't open gaping holes in the system. 6) Bug Fix: Server dies improperly on startup if shared memory isn't initalized 7) Bug Fix: Commented out error message about shadow passwords not working as root. Change 1 should produce a log entry if the user tries to use shadow passwords without root access. 8) Documentation: Created a new set of examples, that are more secure, and better for creating a full configuration. 9) Bug Fix: Updated socket.c, now if the server fails binding data connections for any reason, it lets the computer choose the port. Version 1.1.beta1: Thanks to Mike Javorski for the first 3 fixes. 1) Bug Fix: Removed SO_SNDLOWAT and SO_RCVLOWAT log messages because they are unimportant and seem to be annoying people :) The feature is still there, it will just fail quietly on systems that have problems with it. 2) Bug Fix: Manual page installation fixed (but commented out becuase the manual page is yet to be written. 3) Bug Fix: Fixed ftpwho.c for ANSI C complience. Now main returns an int. 4) Bug Fix: Defined prototypes for listing functions and found a bug where they wern't supplied correct parameters. 5) Bug Fix: Server now checks if you are already logged in before accepting a password command. 6) Bug Fix: Ops, I must have been on drugs to not have noticed this bug before now (and write the broken code). SIZE in ascii mode was badly broken. 7) Bug Fix: SITE CHMOD was broken and logged out the client 8) Bug Fix: HELP missed the first command when printing out a command list. 9) Bug Fix: When using runasuid/runasgid, the parent terminal holder would not get killed due to the process not having permission after changing uid. 10) Bug Fix: When using runasuid/runasgid, and listening on ports less than 1024, muddleftpd would fail to create data ports because it couldn't bind to the port. 11) Bug Fix: prototypes in ftpd.h for procnum.c fixed. 12) Bug Fix: ftpwho.c now includes as required. 13) Bug Fix: fixed compiler warning compiling sglob.c on systems without glob. 14) Bug Fix: Prototype for strerror if the system hasn't got an strerror 15) Bug Fix: Fixed problems about double defining crypt 16) Bug Fix: -lsocket and -lnsl should work for machines that need them now. Version 1.1.beta0: 1) Bug Fix: forkwrapper is declared int instead of pid_t in ftpd.h fixed. 2) Bug Fix: On systems that don't support GLOB_PERIOD, compile will fail, fixed. 3) Documentation: Added some documentation for the main config file, in doc/config.txt 4) Bug Fix: Compile warning fixed for ftp.c 5) Bug Fix: Fixed race condition in starting up program where tty could hang if the parent recieved the signal to give it back too soon. 6) Documentation: Added some HTML documentation (just a quick conversion of doc/config.txt) Version 1.1.alpha5: Imposing a feature freeze for Version 1.1. Only bugfixes and documentation from here. 1) Change: Magic cookies when authing clients is now handled more gracefully. No user side changes. This allows Change 6. 2) Bug Fix: Empty listing caused memory leak. Fixed. 3) Change: Server now holds the terminal until after the startup messages so the prompt occurs after it. 4) Change: Startup message fixed for correctness. 5) Bug Fix: pids are now type pid_t, gids are now type gid_t, and uids are now type uid_t in my program. They were ints before!. 6) Change: Now magic cookies work in dumped files (eg welcome file) so you can give info out. The cookies are similar to the real wu.ftpd cookies. 7) Change: Added email option in config file for magic cookie %E. 8) Change: Now you can bind to a port to a specific interface by using port/ip as a parameter to ftpport. eg to bind port 21 on the loopback device use "ftpport 21/127.0.0.1" in the config file. Version 1.1.alpha4: 1) Change: SITE command now operates similarly to normal command. No user visible changes. 2) Change: Messages have changed so that the code is more general. 3) Change: STAT ACCESS has been moved over the SITE ACCESS. 4) Change: help routine is more generalized, giving better results, less code and more maintainablity. 5) Change: Now I use config.h instead of lots of compile options. Thanks to Decklin Foster for the patch. 6) Change: The pidfile is used to check if muddleftpd is still running. If it is, muddleftpd refuses to start. Note, you can still have multiple instances of muddleftpd if they run with different config files. 7) Bug Fix: config file name was not initalized properly. 8) Change: Added a new user config option (quitdump) that prints a file when the user quits. Version 1.1.alpha3: 1) Bug Fix: New parameter bug where process will segfault if it cannot correctly substitue a %(a,b)h parameter. 2) Change: Ftp listing is better now, it recognises the -a option and displays all files. This improves interpolability with misbehaving clients. 3) Change: I removed the status reporting option and the code that does it. 4) Change: Shared memory used by muddleftpd can now be externally accessed. (for things like ftpwho) 5) Change: Added a simple ftpwho program that actually works without races by accessing the shared memory. 6) Change: The default config file is now specified in config.h Version 1.1.alpha2: 1) Change: Changed the status reporting so it now dumps info into a file that can be read by other programs. 3) Change: The admin now has the option to create a pidfile as muddleftpd starts. 2) Change: Changed the way parameters are processed. Now you can select a range of characters to include. eg %(10,12)h means to substitute characters 10 through 12 into the string. The old %h still works. Version 1.1.alpha1: 1) Change: Added simple shadow password support 2) Change: Changed the way listing works. Simpler, easier 3) Change: now STAT works. 4) Change: A list cannot be longer than MAXLISTSIZE 5) Bug Fix: A long running LIST -n ./ bug has been fixed. It caused an embarrasing infinite loop. Been in there for ages. A big thanks to Richard(Sputa@os3.os.ds.mfcr.cz) for the tipoff. 6) Bug Fix: Resume position should not be allowed to be negative. Version 1.1.alpha0: * means ported back to 1.0 1)*Bug Fix: Rename fixed again to check if RNFR was run before RNTO 2) Change: The main routine now uses the select.c services. 3) Change: The server can bind to many ports, and serve ftp over them 4)*Bug Fix: Memory leak in displaying symbolic links in listing. 5) Change: Internal list function now displays setuid/setgid and sticky bit. Rewrote to be much smaller. 6)*Bug Fix: Fixed ENOTDIR error to becone MYERR_NODIR instead of MYERR_NOFILE in file.c 7)*Bug Fix: Minor changes to error descriptions in ftp.c 8) Change: ~ works for going to your home directory. 9) Change: Download/Upload now don't memmove buffer. 10) Change: make a substitute glob using old BSD re_comp calls for very old systems. 11)*Bug Fix: Uid/Gid cache full causes problems. 12) Change: for passive downloads, makes sure the host that connects to the dataport is also the host that the control port is connected to 13)*Bug Fix: Obscure bug in ftplist.c fixed! 14) Change: The server sets the high and low water marks for the sockets on opening a data connection to improve performace. 15) Change: Added the STOU command! 16) Change: Added the ability to type a file before the user logs in 17) Change: Added the ability to type a file when the user enters a directory. 18) Change: The welcome file is now an absolute filename instead of relative to rootdir 19)*Bug Fix: Timeout didn't get updated properly when user logged on. 20) Change: Added timeout to STAT command. 21) Change: Added the APPE command! 22) Change: Added the ALLO command. Does nothing. 23) Change: Added the ACCT command. Does nothing. 24)*Bug Fix: The server didn't kill children ftpd processes. Now it does. 25)*Bug Fix: If you didn't specify a groupname in a user file, the server would crash. 26) Change: Changed maxthreads directive to maxusers. 27) Change: Cleaned up reading of commands. 28) Change: Started to use assertions to debug code. 29) Bug Fix: Server full log message not logged correctly. 30) Change: select.c adjusted to work better. 31) Bug Fix: server made 2 replys on logout. 32) Bug FIx: server can handle lots of dataconnections now. 33) Change: now too many login message is configurable per user using the busydump directive. 34) Change: ASCII upload resume disabled. It is not actually possible to this safely. Use the APPE command instead. 35) Change: Changed data collection to use shared memory rather than pipes. Faster, easier to access and allows future changes. 36) Change: Error messages now output the filename and line the error occured on. 37) Change: I am starting to use assersions to test features, find bugs. 38) Bug Fix: Server exits if it can't write to the log file, i.e disk full or other fatal error. 39) Change: Passive is handled better througth the main select handler. 40) Change: A simple strerror replacement has been thrown in for unlucky systems that don't have it. 41) Bug Fix: High and low water marks are only set if the constants for them exist. See 14. 42) Bug Fix: --prefix parameter in configure works as expected. Version 1.0: These fixed are ported back from version 1.1.alpha0. 1) Bug Fix: very obscure and rare bug fixed in ftplist.c 2) Bug Fix: Memory leak fixed in listing symbolic links. 3) Bug Fix: Rename fixed to check if the command RNFR was run first. 4) Bug Fix: Fixed ENOTDIR to become MYERR_NODIR instead of MYERR_NOFILE in file.c 5) Bug Fix: Modified error descriptions in error.c 6) Bug Fix: Fixed problems with full UID/GID caches. 7) Bug FIx: Timeout wasn't updated when user logged in. 8) Bug Fix: children processes are now automaticly killed when you kill the parent. 9) Change: Changed maxthreads to maxusers in the config file 10) Bug Fix: If you don't specify a groupname in the user config file, then the server will crash. Version 1.0.beta3: 1) Bug Fix: Buffers in acl.c fixed. Checked the rest of the code for possible buffer problems. 2) Bug Fix: stats.c buffers fixed. (not really a problem) 3) Bug Fix: pnums.c buffers fixed. (not really a problem) 4) Bug Fix: ftplist.c buffers fixed. (not really a problem) 5) Bug Fix: Rename properly fixed. For some reason it worked with the bug, and that worries me a little! 6) Change: reentrant.c (old name for original threaded version) cleaned up a little. Version 1.0.beta2: 1) Bug Fix: QUIT stopped working on 1.0.beta1, now fixed. 2) Bug Fix: Buffers in auth.c fixed completely. 3) Bug Fix: newfile.c has a realloc bug in it. ie it used a pointer to the buffer after remalloc was run, and since realloc may move the data to a new location, it was unstable but difficult to debug! 4) Bug Fix: a couple of memory over-freeing bugs fixed. 5) Change: Symbolic links listed properly. Version 1.0.beta1: 1) Bug Fix: unimplemented type would print response code twice. 2) Bug Fix: %U wasn't recognized unless unixuser was specified. 3) Bug Fix: Permanent group changes specified in config file would not work. 4) Change: FTP server now runs data transfers (almost) completely non-blocking. Timeout and ABOR work properly. ASCII resume works now too. 5) Change: Most of the code has been rewritten to use dynamic buffers, removing most problems with fixed buffer code. 6) Change: cdup, pwd, and cwd all use the same code now, thus all return the current directory 7) Change: mkdir now uses the 257 return code. 8) Change: all commands now give better error messages based on the real error, not the most likely error. Version 1.0.beta0: 1) First Version with CHANGES file.