Date: Mon,  1 Mar 1999 12:00:00 -0500 (EST)
From: Gregory A Lundberg <lundberg+wuftpd@vr.net>
To: WU-FTPD Discussion List <wu-ftpd@wugate.wustl.edu>
Subject: [VR15] More enhancements and bug fixes for beta-18

The VR15 update for WU-FTPD 2.4.2 (beta-18) is now available. 

The VR updates for WU-FTPD include additional features requested over the
years by the user community and include a number of bug fixes for both the
base 2.4.2 (beta-18) release and earlier VR updates.

This update is primarily bug fixes to improve cross-platform compatability
and to correct minor problems noted in testing on various platforms.

Wildcards in IP numbers have been re-enabled, improving the ability of the
VR series to serve as a drop-in replacement for older versions of the
daemon.

A new feature has been added to improve security for real and guest users
by restricting them to their home directories.  See the 'restricted-uid'
option in the ftpaccess man page for details and an example.

These are available as both patches and pre-patched tarballs at:

  ftp://ftp.vr.net/pub/wu-ftpd/

A current mirrors listing is available at:

  fpt://ftp.vr.net/pub/wu-ftpd/MIRRORS

  MD5                               Package
  ---                               -------
  a47f029bd6ab37dbb2ad7e4c99fd6e60  wu-ftpd-2.4.2-beta-18-vr15.tar.Z
  890a9e42ba5c6895fc58b22d3a4dd51f  wu-ftpd-2.4.2-beta-18-vr15.tar.gz

  bcd74875a953676ba9f8de4c315f9712  wu-ftpd-2.4.2-beta-18-vr3.patch
  863e294eddfe2c772cd9c541372c7e1d  wu-ftpd-2.4.2-beta-18-vr4.patch
  8f7d523eff5785a901d8ec9330e7b2a4  wu-ftpd-2.4.2-beta-18-vr5.patch
  891ea301ab535e3aa55c5da4c3b3dd37  wu-ftpd-2.4.2-beta-18-vr6.patch
  dc1672289c2da25880f7c63f21b37122  wu-ftpd-2.4.2-beta-18-vr7.patch
  602b1431727261a4b16340853f6d81c3  wu-ftpd-2.4.2-beta-18-vr8.patch
  9eee17b78a3a245dd71476e9426baaa0  wu-ftpd-2.4.2-beta-18-vr9.patch
  c85059908d124be5a6a9c8331c5322c0  wu-ftpd-2.4.2-beta-18-vr10.patch
  fb9596c5950cee6bad0e0d70fa168ccf  wu-ftpd-2.4.2-beta-18-vr11.patch
  caaeceacb995768c8f99628fe54af798  wu-ftpd-2.4.2-beta-18-vr12.patch
  1ee90ee4ba0df2be01c7b3151584e5d4  wu-ftpd-2.4.2-beta-18-vr13.patch
  06a7bb970ae9a0f0223851b28337638f  wu-ftpd-2.4.2-beta-18-vr14.patch
  06b836e378df226143271e3514f895cd  wu-ftpd-2.4.2-beta-18-vr15.patch

If you take just the patch files, please remember: they are cumulative. 
you cannot apply fixes from one set without earlier sets already having
been applied.  The first set for BETA-18 is VR3; VR1 and VR2 were for
BETA-17 only.

Pre-compiled binaries for VR15 are available.  Check the binaries directory
to see if a pre-compiled version is available for your platform.



This is a list of fixes to BETA 18 with VR14 applied from lundberg@vr.net
---------------------------------------------------------------------------
Philip Gwyn <gwynp@artware.qc.ca> points out that /etc is cluttered enough
but the config files make it harder than it has to be to use /etc/ftpd for
the daemon configuration files.  Updated config files to test for a value
before setting the default.  Look in src/makefiles/Makefile.lnx for an
example of how to automatically test the target for this, or just add
-DUSE_ETC_FTPD to COPTS in your Makefile.

Mark Lysek <mjl@squid.jpl.nasa.gov> notes that wildcards (*) on hostmatch
used to work and don't any more.  The were removed because the original
method was insecure.  His patch solves the problem and re-institutes this
feature without the potential security problems of the old method.

Alain ENOUT <enout@eurecom.fr> submits a change to allow OPIE to use the
OPIE access file, thus allowing some users to user password authentication
while requiring others to use OPIE.

Oliver Billmann <oliver@billix.franken.de> and Kazuyoshi Komine
<komine@cc.meisei-u.ac.jp> note a couple more errors in quota support.

Tomasz R. Surmacz <tsurmacz@ict.pwr.wroc.pl> points out the Perl script for
xferstats provided with the daemon calls for /usr/local/bin/perl when Perl
is usually in /usr/bin/perl.  You shouldn't be using this script anyway,
get Phil's version; it's MUCH better.

Ayamura Kikuchi <ayamura@ayamura.org> says Sun forgot to include RAND_MAX
in their implementation of srand()/rand() on SunOS 4.1.

Glenn Nielsen <glenn@more.net> has contributed a patch which enhances the
operation of guest users by restricting guests to their home directories.
This is similar in intent to a patch posted to the mailing list on Dec 1,
1997, by Thorsten.Ludewig@@RZ.FH-Wolfenbuettel.DE which suggested the use
of a 'chdir' clause which operated similar to 'chmod'.  Glenn's patch,
however, was a much more complete implementation.  The original patch used
a single compiled-in uid; I have added ftpaccess clauses to control the
operation of this feature.  Refer to the man page for ftpaccess for a
description of these new clauses.

Steve D'Angona X4319 <dangona@nist.gov> pointed out several places where
int was being used and size_t was correct.  This may, or may not, fix
problems getting the daemon to work on AIX.

Rainer Kuerschner <kuersch@ita.uni-heidelberg.de> discovered why defumask
was causing problems on HPUX.  Another case of mis-matched
definition/extern.

Stefan Vogel <vogel@physik.unizh.ch> made a comment about alloc which made
me look and discover that a number of places there was no check for errors
from the allocation.

Stefan Vogel <vogel@physik.unizh.ch> points out an error which causes AIX
to sometimes report 0 for the filesize when a download begins.

Stefan Vogel <vogel@physik.unizh.ch> says the reason the daemon won't work
on AIX is the size_t_blksize change made as an experiment way-back-when.
Backed out that change.  Let's see what happens.

Shigeharu Isoda <s-isoda@ricelabo.com> reports a #define conflict on
NetBSD.  Protect it with #ifndef.

Scott Parmenter <Scott.Parmenter@trw.com> was codereading and noticed a
typo selecting the wrong HELP_CRACKERS patch in one place.  Duh.

Ian Willis <ianw@sco.COM> provides some code cleanup for the xferlog print
which we fixed in VR14.

Albert Lunde <Albert-Lunde@nwu.edu> reports a case where _PATH_XFERLOG may
not be defined at all in src/pathnames.h.  Ouch.

Stefan Vogel <vogel@physik.unizh.ch> provided additional corrections for
AIX 4.2 and large file support.  Earlier versions of AIX may need to edit
support/makefiles/Makefile.aix if they don't have snprintf() or strdup().

Geir Johannessen <joge@stud.ntnu.no> reports the -X command-line option and
'log syslog' are not working as documented.  The switch was re-initialized
by the 'log' clauses.

Oliver Billmann <oliver@billix.franken.de> points out we really don't need
to #undef NO_PRIVATE twice in config.h .. it just confuses things.

Ian Willis <ianw@sco.COM> sent along changes completing the changeover from
SCO Unix to SCO OpenServer 5.

The stock compiler on SunOS 4.1 is breaindead.  Use gcc instead.  Also
found during trials that getcwd() works fine on s41 and enabled it.  Found
that on a SunOS 4.1 using NFS in the FTP area, fchdir() doesn't always work
so if you have problems, #define HAS_NO_FCHDIR to see if that helps.

Stefan Vogel <vogel@physik.unizh.ch> sent along changes completing support
for AIX.To enable Large File support, use './build aix LF=YES'

Steve D'Angona X4319 <dangona@nist.gov> noticed that NLST with a directory
ending with / doubled up the slash.  This had been there for years.

Aris Yannopoulos <aris@ccs.neu.edu> requests a means to completely disable
anonymous FTP access.  Done as a compile-time option, see config.h



-- 

Gregory A Lundberg              Senior Partner, VRnet Company
1441 Elmdale Drive              lundberg+wuftpd@vr.net
Kettering, OH 45409-1615 USA    1-800-809-2195