Date: Mon, 3 Mar 1997 03:47:13 -0600 (CST) From: wu-ftpd-bugs@academ.com (Stan Barber) To: wu-ftpd@wugate.wustl.edu Subject: Academ version of wu-ftpd 2.4 Release 2 Beta 13 available for testing BETA 13 is now available. It has been tested on the following systems: Solaris 2.4 Sparc and x86, SunOS 4.1.4, FreeBSD 2.1.5-RELEASE, BSD/OS 1.1, BSD/OS 2.1, Unixware 2.1, SCO Open Server 5, Linux 1.3.39 and 2.0.0. I would like to hear from folks with access to HP-UX, Digital Unix, IRIX and AIX in particular. Please send mail to the wu-ftpd-bugs@academ.com address. If hardware companies wish to donate equipment running their proprietary UNIX derivatives to me for doing maintenance work on this and the other packages I maintain (NNTP, RN, etc), please contact me directly to discuss. If software companies that sell UNIX derivatives I don't to which I don't have access wish to donain copies of their UNIX derivative to me for the purposes of doing maintenace work on this and the other packages I maintain, please contact me directly to discuss. Finally, both The AUS-CERT and the CERT/CC have continued to provide me with feedback on the security issues with this software. This is another release candidate. The location is: ftp://ftp.academ.com/pub/wu-ftpd/private/wu-ftpd-2.4.2-beta-13.tar.Z NOTE: This directory is protected. Attempts to use a directory listing command will fail. -0-FIXES IN THIS RELEASE-0- ----------------------------------------------------------------------------- Tickets 23 from and 96 from reported a problem with compliing wu-ftpd on OSF. This is due to an failure in the software to include the correct include file. This is fixed in this release. ----------------------------------------------------------------------------- Ticket 157 from Albert Lunde pointed out an inconsistency in the forward definition of realpath when a STDC compiler is used. This is now fixed. ----------------------------------------------------------------------------- Ticket 161 from ianw@sco.com, ticket 168 from lamont@security.hp.com and ticket 220 from sr@inri.com all pointed out a problem in the code I put into popen.c to attempt to address an overflow problem. Too much late night coding for me:-). Anyway, a version of their suggested fix is in this release. ----------------------------------------------------------------------------- Ticket 162 and 222 from michael@ra.TSS.PeachNet.EDU and ianw@sco.COM, respectively, pointed out that there was an extra %s in one of the reply strings. This is now fixed ----------------------------------------------------------------------------- Ticket 168 from lamont@security.hp.com suggested that sysconf be used to get the number of fds. This has been added to popen.c and a change has been made to config.hpx to use that. I have also tried to add this to other configurations that are documented (or are known) to support sysconf. ----------------------------------------------------------------------------- Ticket 180 from David Pesticcio pointed out some problems with the INSTALL file. There was a missing step and other problems. These have been fixed for this release. ----------------------------------------------------------------------------- Ticket 182 from supplied some fixes to skey support. The patches supplied were used as a basis for those fixed included in this release. ----------------------------------------------------------------------------- Ticket 183 from supplied a patch to removed \r\n from any string put in setproctitle. This changes are includes in this release. ----------------------------------------------------------------------------- Ticket 184 from supplied a patch to enforce FreeBSD (when this software is built on FreeBSD) concerning the logging of numeric addresses when DNS name is larger than UT_HOSTSIZE field. ----------------------------------------------------------------------------- Ticket 185 from suggested that we should removed all references to LOG_TOOMANY, since it is no longer being actually implemented. We agree. ----------------------------------------------------------------------------- Ticket 186 from said that FreeBSD already had the fnmatch function in its C library and didn't need the version in the support library. The support library will now be built without this. ----------------------------------------------------------------------------- Ticket 191 from Ian Willis suggests that the failsafe number of fds in popen.c should be bigger than sizeof(long). He suggested 20, but I am setting it to 31. We'll see if that helps folks have fewer signal 10 or 11 errors that are unexplained. ----------------------------------------------------------------------------- Ticket 193 from pointed out that ftpcount.c does not include stdlib.h, which will cause malloc to allocate too little space to hold st_size on FreeBSD. This is now fixed. ----------------------------------------------------------------------------- Ticket 197 from Ian Willis provides some additional patches for SCO OpenServer 5. These are included in this release. ----------------------------------------------------------------------------- Ticket 216 from Alain Magloire provides some bounds checking ftpd when building the directory command to send to the operating system. His changes may not be portable to all platforms, since the use snprintf, but we'll give it a try. ----------------------------------------------------------------------------- Ticket 220 from sr@inri.com showd some coding problems in access.c when determining host access information. This fix is included in this release. ----------------------------------------------------------------------------- In researching other problems, I noticed that setproctitle was not being called correctly in a couple of placed in ftpd.c. There were not enough arguments. This is now fixed. ----------------------------------------------------------------------------- A new version of vsnprintf (and the addition of snprintf) has been made to the support library. This version comes from sendmail 8.8.5 (thanks, Eric!) and is quite an improvement over my previous lame effort. ----------------------------------------------------------------------------- I have also attempted to tune up all the configurations for systems to which I have access. Those systems I don't have access may or may not work. -----------------------------------------------------------------------------