Add ssl (default off) and tcpwrappers (default on) options.
Changes:
- Improve logging (log deletes, renames, chmods, etc. as requested by users).
- Add no_log_lock to work around Solaris / Veritas locking hangs.
- Add EPRT, EPSV, PASV and TVFS to FEAT response.
- Implement use of MDTM to set timestamps.
- Recognize FEAT prior to login.
- Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data
connections! Hurrah.
- Increase max size of .message files to 4000 characters, thanks to Eric
Pancer for the report.
- Add easy builddefs.h ability to disable PAM builds even when PAM is installed.
- Report vsftpd version in STAT output.
- Add REFS file.
- Change parent<->child socket comms from DGRAM to STREAM for increased
reliability. The main benefit is should the parent be killed (or crash out)
then the child won't block on a read() that will never return.
- Make str_reserve reserve space for the trailing zero as well, so we don't
cause a reallocation if we exactly fill the buffer.
- Optimize the sending of strings over the parent<->child comms links.
- Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly
compiled out.
- Fix vsftpd.conf.5 typos, thanks to Dmitry V. Levin
- If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring
totally. Thanks to Brad
- Lose Makefile.sun and README.solaris special cases.
- Add SSL / TLS info to SECURITY texts.
- Add README.ssl
- Add documentation for new SSL options to vsftpd.conf.5.
- Add support for CWD ~ (and in general support ~ at start of any filename).
Also support stuff like ~chris/pics, if tilde_user_enable=YES is set. Note that
all of this is for very very broken clients :-(
- Fix compile warnings.
- Update INSTALL with (recent) OS X as a working platform.
At this point: v2.0.0 released!
===============================
- Add -lcrypto for the SSL build; needed for some systems! Thanks to Nelson
Chang
- Oops; fix session bale out if an empty length password is given.
- Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so).
- Fix vsftpd.conf.5 man page error in "ssl_sslv3", thanks to Etienne Chevillard
- Clarify licensing: I allow linking of my GPL software with the OpenSSL
libraries. Thanks to Jonas Bofjall
- Add COPYRIGHT.
- Fix build on OpenBSD, FreeBSD, probably NetBSD too (they aren't SuSv2
compliant; timezone should be a variable not a function).
- Fix build where PAM build is enabled but PAM headers are missing.
- Fix build on RHEL3 (remove errant include from twoprocess.c).
At this point: v2.0.1 released!
===============================
- Fix FAQ typo, thanks to Jose Santiago Oyervides Gonzalez
- Emit data transfer status messages (success / failure) after flushing and
waiting for the full data transfer to reach the client. This should help work
around buggy FTP clients such as FlashFXP, which is known to truncate files
incorrectly.
(v2.0.2pre1)
- Make str_empty actually allocate an empty string.
- Change the ASCII receive code to ONLY rip out \r if it is just before a \n;
someone finally complained about this.
(v2.0.2pre2)
- Enable AIX Large File Support #define from Tomas gren
- Add a couple of FAQ entries.
- Fix time delta code areas to cope with negative deltas, which will occur
if the clock is adjusted backwards. Thanks to Andrew Anderson
for a great report.
- Fix "errno" checks to be robust in multiple places; previously, calls to
failing library calls could be made inbetween the original library call and
the "errno" reads. Thanks to Andrew Anderson for a great
report.
- Make bandwidth limiter work with SSL data connections.
(v2.0.2pre3)
- Note that the SSL / bandwidth limiter bug fixed a much more serious bug:
SSL data connection dropouts after data_connection_timeout seconds.
- Typo fixes.
At this point: v2.0.2 released! (need to get the SSL dropout fix out)
=====================================================================
- Document what regex expressions are supported in the man page.
- New settings rsa_private_key_file and dsa_private_key_file to allow
separate files for the certificates and private keys.
- Initial, simple fix for timed out processes not exiting when SSL is in use.
Better fix (which reports timeout to client properly) to follow.
- Add which setsockopt option failed to die("setsockopt") calls.
- Fix when running on recent OpenBSDs - OpenBSD change broke vsftpd. Lower
linger timeout from INT_MAX to 32767 (SHORT_MAX). Reported by
Ewoud van der Vliet and Ed Vazquez (v2.0.3pre1)
- Fix error with IPv4 connections to IPv6 listeners and PORT type data
connections when connect_from_port_20 is set. RedHat bugzilla 134541. Reported
by Joe Orton, Radek Vokal and Andreas Kupfer
- Remove vsf_sysutil_sockaddr_same_family (unused).
- Support protocol 1 (IPv4) in EPRT.
- Add ssl.c to AUDIT.
- Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list.
- Allow "EPSV 1" to mean IPv4 EPSV.
- Report dummy IP but correct port with IPv6 / PASV.
- Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write;
fixes SSL upload failures when data timeouts are in use with some clients.
Specifically, I used the test case FileZilla 2.2.12a on Windows XP. Reported
by Lee Lawrence (using CuteFTP and BackupEdge) and
Christian DELAIR (using lftp, FileZilla and
SmartFTP). Thanks to these two people for valuable help.
(v2.0.3pre2)
- Implicitly disable connect_from_port_20 and chown_uploads when a non-root
user is using run_as_launching_user.
- Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure
anonymous-only solution (useful when you don't have root access and a range
of acceptable anonymous passwords as credentials).
- Use SSL BIO callbacks to fix data connection timeout checks; the checks
weren't all occurring promply.
At this point: v2.0.3 released! (need to get about three imporant fixes out)
============================================================================
- Add explicit "This FTP server does not allow anonymous logins" message.
- Add paranoid checks to sysutil.c for large values / lengths.
- Fix incorrect comment about ASCII and SIZE in the vsftpd.conf example.
- Load per-IP config files earlier; allows more settings to be tuned on a
per-IP level. Suggested by Reber Tobias
- Fix MDTM on non-existant files. Reported by Ken A
- {} regex fix so that {*} correctly matches everything. Reported by
Tom Van de Wiele
- Add "mdtm_write" option to disable MDTM being able to set file timestamps.
- Fix HPUX build, thanks to Kevin Vajk
- Add optional file locking support via lock_upload_files (default on).
- Apply LDFLAGS patch from Mads Martin Joergensen
- Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once
at startup.
- Apply patch to fix timezone issues (caused by chroot() interacting badly with
newer glibc versions). Thanks to Dmitry V. Levin and
Mads Martin Joergensen
At this point: v2.0.4 released!
===============================
CHANGES contains:
- renamed control channel to &bitlbee, to avoid confusions
- Jabber cleanup
- Handle RSS-to-Jabber feeds
- AIM notifications
- typing notifications come in as CTCP
- fixes a possible DoD bug
Also, the package now installs the full user-guide, and bitlbee.conf(5) man
page
- even faster application startup
- binary relocatibility on Linux by means of binreloc
- be more verbose when being asked for it
- select color index when picking from an indexed drawable
- allow to migrate windows between displays
- mouse-wheel scrolling and zooming in plug-in previews
- added keyboard shortcuts ([ and ]) for changing the brush radius
- improved Oilify plug-in
- bug fixes and code cleanup
Changes 2.3.5:
- optionally add jitter to paint strokes
- implemented Snap to Path
- added PDB API to access the Image Grid
- ease access to Keyboard Shortcuts editor
- optimizations to the Tile Cache and Undo/Redo implementations
- more work on the Buffer PDB API
- bug fixes to the new zoomable plug-in previews
- optimization of the SIOX algorithm
- menu reorganisation in the Toolbox menu
- export "Open As Layer" to the PDB as file-load-layer
- added keyboard control for the Curves tool
- load and save embedded ICC profiles from/to PNG images
- improved appearance of some tool icons on dark background
- added PDB API to get and set path visibility
- let data editors follow the active brush, palette and gradient (optional)
- some rearrangements in the new toplevel Colors menu
- speed up reloading of data files
- allow to copy the location of data files to the clipboard
- allow to disable saving of the document history in the preferences
- slightly faster application startup
- more use of ngettext for plural forms
- bug fixes and code cleanup
This change fixes a bug with entities for -,\ and /
Bump PKGREVISION, and take maintainership
(issues of changing distfiles have been advertised upstream)
for manipulating PLISTs. This module is not used by default pending
more widespread testing -- currently the variable _USE_PLIST_MODULE
must be defined in /etc/mk.conf to enable its use.
The main features of the new PLIST module are:
(1) Splits out the PLIST-handling code from bsd.pkg.mk into a
separate "plist" module.
(2) Splits out giant, multi-line awk scripts stored in make
variables into separate awk scripts that may be joined
together to post-process PLISTs. Each of these awk scripts
consolidates the processing for one set of files, e.g.,
man pages, info pages, etc., and is more easily commented
than a make variable.
(3) Splits out the print-PLIST code from the regular PLIST code
since they have no common pieces (print-plist.mk vs.
plist.mk).
(4) Completely re-implements the shared-library handling to be
more efficient. Along the way, this also fixes a problem
for Mac OS X users where the PLISTs incorrectly contained
absolute paths.
(5) Completely re-implements the info-file handling so that we
can migrate from INFO_FILES definitions to just adding
info/foo.info entries in the static PLISTs.
(6) Adds commented-out support for automatically compressed or
decompressed info page entries based on the value of MANZ.
These changes will be activated after texinfo.mk has been
replaced by something that is built using the more modern
primitives now available in pkgsrc.
(7) Move the file compression logic into a separate script
"doc-compress" that compresses or decompresses files while
minding symlinks. This script is now called by bsd.pkg.mk
to do the "autmoatic man page handling". In the future,
it will also handle the "automatic info page handling" and
possible others.
In general, the idea is to move stuff out of the Makefiles and into
separate files where we don't need to worry about quoting rules
and where each file can have a separate history of commits. This
simplifies the makefile logic (especially in terms of readability)
and also simplifies maintenance of the code.
