Date: Thr, 1 Apr 1999 12:00:00 -0500 (EST) From: Gregory A Lundberg To: WU-FTPD Discussion List Subject: [VR17] WU-FTPD-2.4.2-VR17 Released WU-FTPD-2.4.2-VR17 is now available. The VR updates for WU-FTPD include additional features requested over the years by the user community and include a number of bug fixes for both the base 2.4.2 release and earlier VR updates. Major changes in this update include: All platforms ------------- The ENTIRE 'make install' scheme has been revamped. I did this as a result of taking one of the Good Ideas (tm) from Redhat's RPM (which several others have emailed me about as well) and applying it to all target platforms. This is the area I expect to have the most trouble. Please be sure to at least read over the new makefile for your targets. As I gave warning about on the open mailing list, I've moved the FIXES* files into a sub-directory under doc. Be sure to remember to mkdir doc/FIXES mv FIXES* doc/FIXES on your old source kits if you'll be attempting to diff for changes, or want to try hand-applying the VR17 patches. Not noted elsewhere: Oops! When I rolled VR16 it was against Stan's 2.4.2 tarball. That means all the ownerships and permissions fell back to his mess. VR17's tarball has them corrected. Solaris ------- Solaris now supports QUOTA. Linux ----- Linux now supports PAM. I've tested this on RH4 and RH5 servers. Note that PAM prevents diagnostic messages in the syslog about bad user shells and appearance in /etc/ftpusers .. all you see is a login failure message. Linux autodetects PAM and disables all other authentication methods if found. If you have PAM installed but don't want to build for it, add NOPAM=1 to the build command line. Linux also now autodetects OPIE. This update is available as both patches and pre-patched tarballs at: ftp://ftp.vr.net/pub/wu-ftpd/ A current mirrors listing is available at: fpt://ftp.vr.net/pub/wu-ftpd/MIRRORS MD5 Package --- ------- 27a15b3f3c18121dee99b891f109270c wu-ftpd-2.4.2-vr17.tar.Z 8978595cb355b9dd5ecc2ccd01d01b45 wu-ftpd-2.4.2-vr17.tar.gz Most users only need the tarball appropriate for their system (gz or Z). d0a26079cfdc42e3e981c2bef428f9f4 wu-ftpd-2.4.2.tar.Z 7d035f8b3fb4bee116e5f995ce5c5beb wu-ftpd-2.4.2-vr16.patch 425a58e58b3dc7af6574fbef756e9900 wu-ftpd-2.4.2-vr17.patch If you take just the patch files, please remember: they are cumulative. you cannot apply fixes from one set without earlier sets already having been applied. The first set for BETA-18 is VR3; VR1 and VR2 were for BETA-17 only. The first set for WU-FTPD-2.4.2 is VR16; VR3 through VR15 were for BETA-18 only. A patch set covering the changes from BETA-18-VR15 to VR16 is available in the attic directory. Pre-compiled binaries for VR17 are available. Check the binaries directory to see if a pre-compiled version is available for your platform. This is a list of fixes to 2.4.2 with VR16 applied from lundberg@vr.net --------------------------------------------------------------------------- The primary goal for VR17 was to merge the changes Redhat makes in their RPM release into the mainstream daemon. The first section is notes from the merge. For specific changes, skip to the second section. --------------------------------------------------------------------------- I used a fresh copy of Redhat's original wu-ftpd-2.4.2b18-2.1.src.rpm Changes made Add RPM_OPT_FLAGS, default -O3, to Linux Makefiles * Added DESTDIR for 'make install' Makefile * Added 'mkdir -p' to ensure destination directories exist * Added OWNERUID and OWNERGID for ownership, default bin/bin (I allowed separate UID/GID for each file area) Added PAM support for Linux, autodetected * bugfix: initialize c_time in ftpshut.c * bugfix: removed mv's to save old installed binaries * bugfix: use ps www and sed off trailing blanks for wide displays Changes not made SITE EXEC max lines, use site-exec-max-lines instead _PATH_EXECPATH to /usr/bin/ftp-exec; lame /lib/libc.a to /usr/lib/libc.a; /lib/libc.a works fine, LIBC does not appear to be used anyway install permissions; Redhat's are too loose CERT security patch for Feb99 alert; superceeded by VR updates RHS config localizations When creating a SRPM, check for changes needed for RPM_OPT_FLAGS and other RHS localizations. All past RPM changes should now be merged or otherwise supported. * Changes made marked with an asterisk (*) effect all target platforms. --------------------------------------------------------------------------- SPECIFIC CHANGES Scott Parmenter reports problems with web clients understanding the restricted-uid effects. Instead of just remapping / to ~ this patch inserts ~ before all directory names starting with /. Scott Parmenter noted while code-reading that a call to restrict_check(".") was omitted from the LIST command when there is no directory given. This is probably unnecessary, but should be there for consistency. Added vers.c and edit to 'make cleandir' in the src directory. These files are automatically created during the build process. Updated upload.configuration.HOWTO to describe more of the configuration having to do with class= rules and overwrite, delete and rename clauses. Redhat's SRPM includes a patch to handle wide process listings in the ftpcount/ftpwho commands. Their hack tried to pipe to the output through sed, which won't work. Do the same thing by-hand and it'll work for all platforms as well. Redhat's SRPM includes a patch to fix an uninitialized variable in ftpshut which could effect the way the command works with default values. Redhat's SRPM includes a patch to add PAM support. Redhat's patch forced PAM for Linux, I've set it up so the makefile auto-detects that your system has PAM installed. Ian Willis reports dead code for removal. Scott Parmenter reports dead code for removal. 'make install' now accepts DESTDIR to install into a directory structure other than the root file system. A number of other optional parameters are available to override the default ownership of the installed files. Missing directories are automatically created. File permisssions were reduced to the minimum necessary. Albert Lunde provided corrections for building on HP/UX. Scott Parmenter noted that file locking in ftpcount/ftpwho was not completed. In addition to finishing the work, he provided some additional fixes needed for Trusted Solaris. Alan Neiman provided QUOTA support for Solaris. Jacques Distler points out that under some conditions _PATH_WTMP is not being set in pathnames.h Roger Hanke points out that 'log security' covers all but a few messages about filesystem operations. Make it cover the few it didn't already cover. Nikos Mouat requested the FIXES-* files be moved from the main directory. Good point, they are starting to cutter things up. I've moved them to the directory doc/FIXES .. this will cause problems for people running diff to see what's changed but they'll have to live with it. Added doc/misc directory where I'll start putting interesting tidbits which may help people get their servers going. Scott Parmenter wrote an appnote about a problem he had with Trusted Solaris. Added his email to doc/misc. Alain ENOUT provided information about OPIE, added to doc/misc .. see src/makefiles/Makefile.lnx for a way to automatically have the daemon use OPIE. Send me your Makefile if you do something similar for your system. Rene Hexel points out that the labels unix and __unix__ are depricated on BSD, effecting the logic for the reponse to the SYST command. Ayamura Kikuchi says not all SunOS 4.1 boxes actually have a getcwd() function. Added a note from Chad Price in src/logwtmp.c about the brokenness of Solaris' last command. Ayamura Kikuchi pointed out I'd not documented the daemonaddress ftpaccess clause. That was intentional on my part but I've added a little documentation about it to the manpage anyway. Kazuyoshi Komine reported that MNTMAXSTR was possibly undefined on Digital Unix 4.0 even when not using QUOTA_DEVICE. Jacques Distler reports that the default shell on NextStep want -d instead of -e. Changed to test instead of [] since that's more portable; will probably do the same to other systems in a future release. Tim Rosmus provided fixes to allow the daemon to compile on Ultrix. Steve Costaras discovered the GNU EGCS is broken. A quick check and we can avoid the brokenness. Leif Ericksen discovered the Solaris patch for QUOTA support was wrong. This should fix it. Chris Myers had problems with undefined behavior in ftpcmd.y on Digitial Unix 4.0e. Quick cleanup fixes it. Ian Willis submitted a patch which should fix numerous complaints involving virtual_len filed by beta testers.