ChangeLog

2010-06-25  Werner Koch  <wk@g10code.com>

	* configure.ac (LDFLAGS): Add -lgcc_s.

2007-04-05  Marcus Brinkmann  <marcus@g10code.de>

	* src/ftp_session.c (do_retr, open_connection, send_readme): 
	Add dummy block between jump label and pthread_cleanup_pop() macro.

	* oftpd.startup (ARGS): Add $OPTIONS.
	* src/oftpd.h (debug_flags): Declare global variable.
	(DEBUG_NONE, DEBUG_XFER, DEBUG_CMDS): New macros.
	* src/oftpd.c (debug_flags): New global variable.
	(main): Support new -d option.
	* src/ftp_session.c (ftp_session_run): Only log if DEBUG_CMDS flag
	is set.
	(reply): Likewise.
	(do_retr): Log xfer in WU-FTPD format.

2007-03-26  Werner Koch  <wk@g10code.com>

	* src/telnet_session.c (do_telnet_session_print): Add argument S0
	to act as a prefix.
	(telnet_session_println_with_prefix): New.
	(telnet_session_print_with_prefix): New.
	* src/ftp_session.c: Use the new function.  Allow for CRLF
	terminated readme files.  Again for some ill behaving firewalls.

2007-03-23  Werner Koch  <wk@g10code.com>

	* configure.ac: Set version to 0.3.7-wk4.

	* src/telnet_session.c (telnet_session_print): Factor code out
	to ..
	(do_telnet_session_print): .. new.  Add additional argument S2.
	(telnet_session_println): Change to use the new fucntion.  This is
	required so that we use just one write for the common case that
	the CRLF fits into the same buffer.  Some firewalls have problems
	with receiving an FTP command without the CRLF in one [acket and
	the CRLF in the next one.

2007-02-08  Werner Koch  <wk@g10code.com>

	* src/oftpd.c (main): s/PACKAGE/PACKAGE_NAME/
	s/VERSION/PACKAGE_VERSION/.

	* configure.in: Renamed to configure.ac and converted to modern
	style.
	* acconfig.h: Removed.

2007-02-08  Marcus Brinkmann  <marcus@g10code.de>

	* src/telnet_session.c: Include <pthread.h>.
	(process_data): Enable cancellation.
	* src/ftp_session.c (netscape_hack): Likewise.
	(send_readme, do_list, do_nlst): Use cancellation cleanup handler.
	(set_pasv): Release socket_fd before invoking reply() in case of
	failure.
	(open_connection): Likewise.
	(do_pasv): Close outstanding passive port before invoking reply().
	(do_lpsv): Likewise.
	(do_epsv): Likewise.
	* src/file_list.c: Always include <pthread.h>.
	(fdprintf): Bump buffer size to PATH_MAX + 3.  Enable cancellation
	while writing.
	* src/ftp_listener.c (connection_handler): Do not use asynchronous
	cancellation.  Disable cancellation until further notice.

2007-02-06  Marcus Brinkmann  <marcus@g10code.de>

	* configure.in (AC_CHECK_HEADERS): Check for sys/sendfile.h.
	* src/file_list.c (file_nlst): Remove unused variable HIDDEN.
	* src/ftp_session.c [HAVE_SYS_SENDFILE_H]: Include
	<sys/sendfile.h>.
	(do_user, do_pass): Remove unused variable addr_port.
	(do_eprt): Remove unused variable HOST_PORT.
	(do_retr): Remove unused variable host_port.  Adjust format output
	parameter for timespec members, cast these to the format type.
	[!HAVE_FREEBSD_SENDFILE]: Do not define otherwise unused variable
	AMT_SENT.
	* src/ftp_listener.c (addr2string) [!INET6]: Do not define
	variables ERROR and ADDR to suppress compiler warning.
	(addr_to_string): Replace with prototype for addr2string.
	* src/oftpd.c: Remove extra argument EXE_NAME in syslog
	invocation.
	(my_syslog_fd): Remove unused global variable.
	* src/daemon_assert.c: Include <stdlib.h>.

2006-03-09  Werner Koch  <wk@g10code.de>

	* configure.in: Define ERRBUF_SIZE.

	* src/oftpd.c: Add option --version.

2005-04-30  Werner Koch  <wk@g10code.de>

	Bumped version to 0.3.7-wk1.

	* src/file_list.c (file_nlst, file_list): Fixed the paranoia test for
	overlong directories.

2005-04-30  Werner Koch  <wk@g10code.de>

	Ported patches from Shane Kerr's 0.3.7 release:
	
	* configure.in: Disabled support for sendfile() on FreeBSD.  It
	appears to me that there's a bug in the sendfile() user-level
	library.  I would welcome advice from any FreeBSD developer
	wishing to set me straight.  

	* src/ftp_session.c (do_size): Changed SIZE command to return
	error for directories.
	* src/file_list.c: #ifdef wrap GLOB_ABORTED for really old gcc
	compilers (Slackware or older installations).
	(skip_ls_options): Add code to skip command line options that are
	intended for "ls".

2004-01-12  Werner Koch  <wk@gnupg.org>

	* src/ftp_listener.c (connection_acceptor): Don't increase the
	error counter for EMFILE conditions but sleep a few seconds.

2003-08-13  Werner Koch  <wk@gnupg.org>

	* src/oftpd.c (reopen_syslog_hack): Removed.
	(init_syslog_hack): Removed.  That was a whole stupid thing by me
	as I didn'd realized that we are running chroot and so the
	/dev/log socket could not be reopened by libc.
	(main): Print a warning if there is no /dev directory below the
	chroot.

	* src/file_list.c (file_nlst,file_list): Don't list "/dev".
	* src/ftp_session.c (change_dir, do_retr)
	(do_size, do_mdtm): Likewise.

2003-08-12  Werner Koch  <wk@gnupg.org>

	* src/oftpd.c (reopen_syslog_hack): Simply comparing the fd is not
	enough due to race conditions.  So always check whether the syslog
	fd is still bound to a unix domain socket.

2003-08-09  Werner Koch  <wk@gnupg.org>

	* src/oftpd.c (main): Give LOG_FACILITY file scope.
	(init_syslog_hack): New
	(reopen_syslog_hack): New.
	* src/ftp_session.c (set_pasv, open_connection): Insert
	reopen_syslog_hack calls.
	* src/ftp_listener.c (connection_acceptor, ftp_listener_init): Ditto.
	* src/ftp_session.c (open_connection): Ditto.
	
	* src/file_list.c: As an extra safeguard check the provided
	dir_len.
	(file_nlst): Ditto.
	(fdprintf): Extra paranoid safeguard for buggy vsnprintfs.

2003-05-22  Werner Koch  <wk@gnupg.org>

	* src/ftp_command.c (parse_offset): Fixed offset checking.

	* configure.in (AC_CHECK_SIZEOF): Add tests for off_t,
	unsigned long and unsigned long long. 

2003-05-06  Werner Koch  <wk@gnupg.org>

	* src/ftp_session.c (do_lprt): Do not set the port after emitting
	an error.  Fixes an assertion failure in ip_equal.

2003-05-05  Werner Koch  <wk@gnupg.org>

- New option -r, --pasv-range to limit the range for passive ports to
  specific firewall rules.

2001-05-28, Shane Kerr <shane@time-travellers.org>
- Version 0.3.6 released.
- Beat FreeBSD into submission.  Now compiles (and runs!) on FreeBSD
  out of the box.

2001-05-11, Shane Kerr <shane@time-travellers.org>
- Changed REST to only work for IMAGE (i.e. binary) mode.
- Added the SIZE command.
- Added the MDTM (modification time) command.

2001-04-20, Shane Kerr <shane@time-travellers.org>
- Moved SIGPIPE ignore to run even in --nodetach mode.  Needed to avoid
  unwanted signals on TCP disconnects.

2001-04-19, Shane Kerr <shane@time-travellers.org>
- Added more logging: all client messages are logged with address and
  port, and all server responses are also logged.  This occurs at DEBUG
  level, as it is probably not normally of interest.

2001-04-18, Shane Kerr <shane@time-travellers.org>
- Version 0.3.5 released.
- Changed resume code to reset offset to 0 after each file transfer.
- Set accept() socket to NONBLOCK to insure the listener doesn't get
  stuck waiting for a connection.  This is documented in the NOTES
  section for the accept() call in Linux.
- Added sendfile() support on Linux systems.

2001-04-14, Shane Kerr <shane@time-travellers.org>
- Fixed a bug caused by parsing EPRT commands.  The server doesn't
  actually allow these commands, but it bravely attempts to parse them
  anyway.  A special shout out to Anders Nordby for finding this.  The
  error caused the server to terminate on an assert() fail, which is
  good because no server corruption happened, but it's bad because the
  server terminated without any indication.  Therefore....
- Changed most assert() calls to daemon_assert() calls.  These terminate
  the application as before, but log to syslog and STDERR.
- Added ability to run as a non-daemon process.  This will allow the
  server to be started from init, for instance.
- Added support for SIGTERM and SIGINT.  If one of these is received,
  then the server closes the port 21 socket - meaning that it will
  accept no further connections.  When all existing connections have
  closed, then the server exits.  A new server may be started before
  this occurs, to handle new connections.  This allows very short
  downtimes:
      # killall oftpd; sleep 1; /etc/init.d/oftpd start
  This will result in a 1 second period of time where no new connections
  are accepted, with no existing connections closed.  It's probably best
  to wait for this second, to allow the signal time to arrive.  :)

2001-04-08, Shane Kerr <shane@time-travellers.org>
- Changed check for '/' in path - was improperly allowing escaped '/'
  characters through the check!
- Set TCP_NODELAY flag on socket - much reduced latency on control
  channel for high-speed connections.
- New and improved init script from Eric Jensen.

2001-04-07, Anders Nordby <anders@fix.no>
- FreeBSD port.

2001-04-03, Shane Kerr <shane@time-travellers.org>
- Version 0.3.4 released.
- Changed FTP listener code to attempt to continue processing when
  formerly fatal errors occur.
- Added man page.
- Added Red Hat init script donated by Eric Jensen to release.

2001-03-28, Shane Kerr <shane@time-travellers.org>
- Version 0.3.3 released.
- Use IP address and port of the control connection port for default
  Data Transfer Port, as defined by RFC 959.  Note that the default
  server process DTP is never used in oftpd, but that's not a problem as
  I read the RFC.
- Use config.h

2001-03-27, Matthew Danish <mdanish@andrew.cmu.edu>
- configure.in and af_portability.h fixes to allow compilation on
  systems with both RFC 2553 and XNET formats

2001-03-27, Shane Kerr <shane@time-travellers.org>
- Fixed bug where wrong server address was used on initalization of
  ftp_server class.  Passive probably didn't work in the 0.3.x series
  for IPv4!

2001-03-26, Shane Kerr <shane@time-travellers.org>
- Version 0.3.2 released.
- Minor additions for better error reporting on error creating threads
  in listener, as well as checking success on setgid() and setuid().  I
  can't believe I wasn't!!!
- Set syslog() to use FTP_DAEMON

2001-03-23, Shane Kerr <shane@time-travellers.org>
- Fixed configure bug on Debian systems.  Special thanks to Matthew
  Danish for helping me on this one.

2001-03-20, Matthew Danish <mdanish@andrew.cmu.edu>
- Clean up parsing of FTP address in ftp_listener.c
- Added options to specify interface and maximum number of client
  connections at startup.
- Added --long-style command-line options.

2001-03-21, Shane Kerr <shane@time-travellers.org>
- The "Spring Fever" edition, version 0.3.1 released.

  Added workaround for the evil glob() denial-of-service attack.  I
  chose the simple method of preventing file listing with both path
  separator and wildcards.  Either is okay, but not both.  I don't
  expect this to cause problems with legitimate use, but I could be
  wrong.  It was much simpler than my other thought.  :)

  Changed code so that ECONNABORTED and ECONNRESET errors don't increase
  the error count.  This is to prevent a malicious client from taking a
  server down by sending a large number of connection requests that it
  then aborts.

  Integrated code from Matthew Danish <mdanish@andrew.cmu.edu> that
  allows the user to specify the port to use from the command line.
  Thanks!

  Warnings from 0.3.0 still apply.  Use with caution.  Spring is in the
  air, after all.

2001-03-20, Shane Kerr <shane@time-travellers.org>
- Version 0.3.0 released.  This is almost guaranteed not to work, as
  I've not tested it with clients that support the new features.  But I
  decided that after a year, I wasn't living up to the "release early,
  release often" motto of open source.

  In addition to working in the changes since the last release, I've
  done:

  o removed free list from ftp_listener; simple is better
  o use a random port rather than incrememting sequence; useful for
    preventing classes of data hijacking attacks

  There is a potential DOS attack against all versions, see the BUGS
  file.  This will be fixed ASAP (hopefully tomorrow).

2001-02-22, Matthew Danish <mdanish@andrew.cmu.edu>
- Fix for missing <sys/types.h> check in configure.in

2000-12-13, Mauro Tortonesi <mauro@ferrara.linux.it>
- Added IPv6 support (EPRT & EPSV - RFC2428)
- Added LPRT and LPSV support (RFC1639)

2000-08-25, Shane Kerr <shane@time-travellers.org>
- Fixed telnet module to properly handle telnet escape sequences (since
  no clients actually use this, it wasn't really a problem)

2000-06-01, Shane Kerr <shane@time-travellers.org>
- Beau Kuiper, author of muddleftpd, sent me a fix for the Netscape
  timing bug.  Thanks!!!

2000-04-03, Shane Kerr <shane@time-travellers.org>
- Version 0.2.0 released

2000-03-30, Shane Kerr <shane@time-travellers.org>
- Changed README send to only send on directory change if you actually
  change to a different directory.  That is, "CWD ." does not send a
  README file.  The reason for this is that many clients perform a 
  "CWD /" as soon as it connects, which cause the README to be sent
  twice - yuck!
- Added missing check for closed file descriptor in write_fully().
- Converted use of FILE pointers to file descriptors.  This wasn't done
  in the most efficient possible method (i.e. with buffers), but it does
  remove the maximum FILE limitation from the server.

2000-03-29, Shane Kerr <shane@time-travellers.org>
- Added -D_REENTRANT flag to compile options.
- Added an error data type to return details about errors that occur 
  in module initialization.
- Changed telnet module to never drop characters on outbound, even if
  we have a ton of DO and WILL commands from the other end.

2000-03-27, Shane Kerr <shane@time-travellers.org>
- Fixed bug in telnet code when sending "" string.
- Now sends README to client if file is in directory on connect
  or directory change.
- Simplified watchdog a bit by adding pointer to watchdog in the
  watched structure.
- Wrapped invariant() methods with #ifndef NDEBUG so they won't
  get compiled in non-debug code (in case there's ever a 
  non-debug version)

2000-03-22, Shane Kerr <shane@time-travellers.org>
- Changed NLST and LIST to silently drop a file specification that
  starts with a '-'.  This will ignore attempts to pass an argument
  to "ls" that some clients try - it probably won't do what they 
  expect, but at least they'll get a list of files.

2000-03-19, Shane Kerr <shane@time-travellers.org>
- Set file descriptors 0, 1, and 2 to go to "/dev/null", so that
  any error messages sent by, say, the kernel don't accidentally
  go to a user.
- Changed watchdog to have a single thread to watch all connections, 
  rather than a thread per connection.  This is considerably more
  complex, but effectively doubles the number of connections that
  can be supported (due to thread limits).

2000-03-16, Shane Kerr <shane@time-travellers.org>
- Added support for REST command.  (Note that this is *not* the REST
  exactly as described by RFC.  The REST in the RFC only applies to
  block or compressed mode transfer, which oftpd does not currently
  support.  However, it appears that Unix systems interpret the 
  parameter to the REST command as the offset into the file to resume
  from.

2000-03-13, Shane Kerr <shane@time-travellers.org>
- Version 0.1.3 released

2000-03-12, Shane Kerr <shane@time-travellers.org>
- Fixed bug when connection limit reached
- Fixed bug when attempt to bind() an already bound port

2000-03-12, Shane Kerr <shane@time-travellers.org>
- Version 0.1.2 released

2000-03-11, Shane Kerr <shane@time-travellers.org>
- Move configuration values into oftpd.h
- Wrap source to 80 columns
- Fix pthread_create() error check (code had incorrectly used errno
  rather than the return of pthread_create() to determine error)
- Fix threads to run in detached mode (when appropriate)
- Solaris port completed
- Support for STOR added (reply with 553 error)
- Added free list for per-thread information structures.