Changes:
- remove superfluous .if around BUILD_DEFS
- drop maintainership, i don't really use the package anymore
- XXX: this package doesn't compile on non-IPv6 enabled operating systems
1.2.2:
======
- Fix FreeBSD 5.1/5.2 issue with time_t being long long on that platform.
- Tweak vsftpd.conf.5 to avoid automated mails from ESR ;-)
- Add -v flag which just outputs the version and exits.
- Fix nasty issue resulting in listener instability under extreme load
(root cause was re-entering malloc/free).
- Fix build with modern glibc-2.3 and no libcap on Linux.
- Fix 64-bit file support on Solaris.
- Add initial support for running as the user which launched vsftpd,
i.e. no root needed. Warning - easy to create insecurity if you use
this without knowing what you are doing.
- For above run-as-launching-user support: make CDUP re-use CWD code
so that deny_file of *..* is useful.
- Attempt fix of 64-bit file support on FreeBSD (may need another go).
Changes:
- Apply NetBSD patch to sysdeputil.c to activate a few features. Thanks to
Lubomir Sedlacik <salo@netbsd.org>.
- Apply fix for broken clients that terminate commands with \r\r\n. Thanks
to Andrey Chernomyrdin <andrey@excom.spb.su>.
- AIX send_file support, thanks to Tomas Ogren <stric@ing.umu.se>.
- Fix typos in vsftpd.conf.5, thanks to SEKINE Tatsuo <tsekine@sdri.co.jp>.
- Simple -F flag support to LIST and NLST. Needed for some broken clients.
- Add simple ? wildcard in pattern matching.
- Make pasv_min_port and pasv_max_port work if they are the same value.
Thanks to Marvin Solomon <solomon@cs.wisc.edu>.
- Paranoia: ignore user_config_dir if username has a / in it.
- Implement stub ALLO command to keep busybox/ftpput happy.
- Implement REIN, ACCT and SMNT stubs.
- Implement FEAT along with an OPTS stub.
- Implement STAT (no-args version).
- Implement STAT (file/dir).
- Add very simple access control via hide_file and deny_file. These should
NOT be used for securing content as they are very dumb! Filesystem
permissions are still the recommended way for securing important content.
- Allow unsetting of string values with option= (i.e. blank).
- Default virtual users to being chroot()'ed to the guest_user's home
directory, if virtual_use_local_privs is not set.
- Add support for "user_sub_token", where you can set the home directory
of guest_user to "/home/virtual/$USER", and "user_sub_token" to "$USER"
to have a root directory auto generated based on username logging in,
e.g. fred logs in and gets chroot()'ed in /home/virtual/fred.
- Fix bug in str_replace_text if replace token matches at end of string.
- Recognize P@SW as PASV; works around an SMC router bug.
- Accept an async ABOR sequence if it arrives via non-urgent data. Fixes
issue with Cisco routers. Thanks to Eddie Corns <E.Corns@ed.ac.uk>.
- Implement simple {,} support in pattern matcher (nested not handled).
Handy to use with hide_file and deny_file options.
- Fix port range with pasv_min_port and pasv_max_port to use the full range
(the upper limit wasn't being used very often!).
- Activate SO_REUSEADDR on passive listen sockets - makes servers with
restricted port ranges much more useable!
- Add secure_email_list_enable, to provide simple anonymous password control.
For some cases, it's better than the hassle of virtual users. Idea thanks
to Malcolm O'Callaghan, <mjo@stamps.com>.
- Add some FAQ entries.
- Fix issue with failure to call openlog() before using tcp_wrappers. Part
of RH bugzilla #89765. (The more serious part was fixed with v1.2.0).
- take over maintainership, MAINTAINER is not reachable on his mail anymore
(non-existent domain).
Changes:
Logging has been enhanced, including syslog support. IPv6 support has been
added. STRU, MODE, STOU, HELP, and SITE HELP have been implemented. Better
control of which commands to allow has been added. pam_session support has
been added. Error messages have been improved. There are lots of bugfixes
and new configuration options.
- Eliminate crypt() not defined warning.
- "grep -q" is not standard to redirect to /dev/null instead.
- Make banned_email_file work second time around.
- Add force_dot_files to work around broken clients. The behaviour when
enabled is very wu-ftpd like.
- Implement SITE HELP - should work around IE bug?
- Update README, vsftpd.conf with references to read the manual page!
- Log revamp: add dual_log_enable to log to xferlog AND vsftpd.log.
- Log revamp: add syslog_enable to log vsftpd.log to syslog().
- Add "background" option to background the listener process.
- Fix warning is vsftpd.8 man page, Bill Nottingham <notting@redhat.com>.
- Fix tcp wrappers support to NOT emit loads of Bad file descriptor messages
to the system log.
- Add ability to make bandwidth limiter smoother by using e.g.
trans_chunk_size=8192.
- Add ability for virtual users to use local privs non anon privs, via
virtual_use_local_privs=YES.
- Fix sendfile() fallback on FreeBSD, thanks to Adam Stroud
<adstro@stny.rr.com>.
- Add pam_session support, as well as utmp and wtmp logging for local logins
(when using a PAM build). Tested pam_limits maxlogins works.
- Ensure the source IP address for PORT connects is always the same as the
control connection local IP address. Previously it was not when NOT using
connect_from_port_20 in the presence of multiple local IP addresses.
- Oops - make max_per_ip and max_clients work with the two process model
when both connect_from_port_20 and chown_uploads are false.
- Initial IPv6 support (EPSV only).
- Add EPRT support to IPv6.
- Fix "ls .file" to list .file even if the ls -a flag is not present. Noted
by and thanks to Sean Millichamp <sean@enertronllc.com>.
- Better error messages for config file parse fail: include setting name.
- Fix bug in str_split_text where text is greater than 1 character long!
- Make it build on Solaris8 - switch from utmp to utmpx and handle missing
LOG_FTP.
- Always check for VSFTPD_LOAD_CONF environment variable.
- Implement HELP properly (should help broken clients).
- Fix FreeBSD build (no utmpx.h, so disable feature).
- Fix chown_uploads.
- "Guess fix" for FreeBSD reported bug. I reckon FreeBSD is returning -EINTR
from a blocking close but still closing the fd, despite the error return. So
cater for this. Reported by Drew Vogel <dvogel@intercarve.net>.
- Add download_enable and dirlist_enable. Useful in conjunction with the
per-user config stuff.
- Add chmod_enable.
- Implement STRU and MODE for _old_, broken clients!
- Log connects.
- Fix 500 OOPS with chown_uploads and an APPE command.
- Improve some error messages: die -> die2 for more information.
- Repair max_per_ip (problem comparing IPv4 addresses).
- Make chown_uploads work with virtual users.
- Chmod files to 0600 before chown_uploads kicks in.
- Add STOU support.
- Add cmds_allowed config parameter.
- Add some FAQ entries.
Addresses PR pkg/21410 by Jens Liebau.
- honour PKG_SYSCONFDIR
- rcd script, standalone mode support
- tcp wrappers support
- install vsftpd:vsftpd user
- new HOMEPAGE and MASTER_SITES
1.1.3:
======
- Support for tcp_wrappers.
- First stab at Solaris sendfilev() support.
- Don't bomb out the listener on SIGHUP if the config became invalid.
- End vsf_findlibs.sh with "exit 0;" - thanks Lars Hecking <lhecking@nmrc.ie>!
- Integrate with tcp_wrappers - load config based on VSFTPD_LOAD_CONF
environment variables. Allows per-IP configurability in standalone mode.
- Fix build without tcp_wrappers.
- Fix Solaris sendfilev() support - interruption via a signal returns EINTR
rather than a partial byte count!
- Add to EXAMPLE/ - PER_IP_CONFIG and INTERNET_SITE_NOINETD
1.1.2:
======
- Add per-IP connection limits in standalone mode.
- Add logging of refused connect due to global or IP connection limits.
- (Many thanks for testing and suggestions from Rob van Nieuwkerk
<robn@verdi.et.tudelft.nl> and Adrian Reber <adrian@lisas.de>.
- Make connection limit exceeded messages nonblocking.
- Don't exit the listener if fork fails.
1.1.1:
======
- Fix port_promiscuous, oops! Thanks to Bjørn-Ove Heimsund
<bjornoh@mi.uib.no>.
- Fix to support umasks which create executable files. Reported by
"Martin, Andreas" <AMartin@hegau-klinikum.de>.
- Make the messages more.. professional :( Thanks to Steven G. Taylor
<staylor@redhat.com>.
- Allow anon users to append to files if they can delete files! Suggestion
from Michael Leuchtenburg <michael@slashhome.org>.
- Hopefully fix Solaris build (-lresolv)
- Replace atoll() with a homebrew - modern FreeBSD, OpenBSD lack it.
- Different solution for a umask which creates executable files:
file_open_mode.
- First attempt at Tru64 build, working with <Sulla17@aol.com>.
- A few minor FAQ additions.
- Change date format in the log from Sep 09 -> Sep 9. Avoids breaking some
broken log parsers.
- Make "INSTALL" better and clearer.
- Fix passwd_chroot_enable, reported by James Jones <james@richland.edu>.
- Finish Tru64 building :-)
- Add tunable_no_anon_password as asked for by Stephen Quinney
<stephen.quinney@computing-services.oxford.ac.uk>.
1.1.0:
======
- large file (>2Gb) support).
- Fix .spec files to use /usr/local/sbin not /usr/sbin, noted by Bill Unruh
<unruh@physics.ubc.ca>.
- Small doc tweaks and improvements(?)
- Add COPYING, the GNU GPL version 2.
- Add use_localtime config option to override the use of GMT times.
- Add tunable_check_shell (default YES) so people can disable this if they
are not using PAM.
- AIX 5.1 build support, thanks to Jan-Frode Myklebust
<janfrode@parallab.uib.no>.
- Add "hide_ids" option to show user/group in directory listings as "ftp".
Request from Solar.
- Use the seemingly more portable setreuid() and setregid(), poxy HP.
- Use status 550 instead of 500 for known but disabled commands.
- Rename "dirchange.[ch]" to "banner.[ch]".
- Multiline connect banner support via "banner_file" config option.
- Minor error message changes.
- Add more FAQ entries.
- Add patch to specify PASV address - thanks to Mike McLean <mikem@redhat.com>.
- Drop the 2.4.0 kernel warning file
- Rudimentary standalone listener support - to be expanded in a later release.
- If sendfile() returns EINVAL just fall back to normal routines - handles
non-pagecache backed files.
- Add "port_promiscuous" setting - should help enabling FXP.
- Modify anon_root and local_root to change directory _before_ applying the
chroot().
- Open all files O_NONBLOCK to avoid pipes blocking on open.
- Support wu-ftpd style per-user chroot() via /./ in /etc/passwd HOMEDIR.
- Add SIGHUP support to new built in listener.
- Per-user config overrides, via "user_config_dir" - woohoo!
- Warning fixes, i.e. change "index" to "indexx" thanks to Olaf Kirch
<okir@suse.de>.
- Make sure the standalone daemon doesn't leak zombies!
- Supposedly fix kernel messages about MSG_PEEK race - thanks to advice from
Alexey <kuznet@ms2.inr.ac.ru>.
- Add global client limit for standalone mode.
- Add username that failed when we die with str_getpwnam.
- Add a bunch of documentation under EXAMPLES.
- Fix potential leak in PAM handling code.
- Fix build in the non-PAM case
- Include filename and size in bytes in the "here comes the data" 150 message.
- Change link flags from "-s" to "-Wl,-s"
- Tidy up vsf_findlibs.sh
- Work with NFS mounted home dirs and root_squash
- Add FAQ.
- Improve "make install".
- Fix Solaris build (nanosleep is in a separate library, typical).
- Fix REST + STOR combination
- Make our 150 response code match wu-ftpd - allows broken "ange-ftp" of
emacs to do a percentage complete indicator.
- Add anon_root and local_root
vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. Obviously
this is not a guarantee, but a reflection that I have written the entire
codebase with security in mind, and carefully designed the program to be
resilient to attack.
Recent evidence suggests that vsftpd is also extremely fast (and this is
before any explicit performance tuning!) In tests against wu-ftpd, vsftpd
was always faster, supporting over twice as many users in some tests.
Package provided by Jacek Latos <vaneth@krasnik.org> in pkg/13208;
minor modifications by me.