Date: Thu, 1 Oct 1998 12:17:06 -0400 (EDT) From: Gregory A Lundberg To: WU-FTPD Discussion List Subject: [VR8] More enhancements and bug fixes for beta-18 These are available as both patches and pre-patched tarballs at my ftp site: ftp://ftp.vr.net/pub/wu-ftpd/ If you take just the patch files, please remember: they are cumulative. you cannot apply fixes from one set without earlier sets already having been applied. The first set for BETA-18 is VR3; VR1 and VR2 were for BETA-17 only. Several pre-compiled binaries for VR8 are also available. These include: Solaris/SunOS/Sparc ------------- sunos41x-ftpbin.tar.gz (FTP support executables, ls etc.) FTP242b18.wu-ftpd.2.4.2-beta18-VR8.SPARC.ULTRASparc.2.5.1.2.5.pkg.tar.Z FTP242b18.wu-ftpd.2.4.2-beta18-VR8.SPARC.ULTRASparc.2.5.1.2.5.pkg.tar.gz wu-ftpd-2.4.2-beta-18-vr8.sol26.bin.tar.gz SGI/IRIX -------- irix62-ftpbin.tar.gz (FTP support executables, ls etc.) wu-ftpd-2.4.2-beta-18-vr8.irix62.bin.tar.gz IBM/AIX ------- wu-ftpd-2.4.2-beta-18-vr8-AIX.3.2.5.tar.gz Intel/BSDI ---------- wu-ftpd-2.4.2-beta-18-vr8-BSDI-2.1.tar.gz wu-ftpd-2.4.2-beta-18-vr8-BSDI-3.1.tar.gz DEC/Unix -------- wu-ftpd-2.4.2-beta-18-vr8.dec.unix-40b.tar.gz Intel/Linux ----------- wu-ftpd-2.4.2-beta-18-vr8.linux.i386.tar.gz Thanks to all those who helped with debugging and built the pre-compiled binaries. This is a list of fixes to BETA 18 with VR7 applied from lundberg@vr.net --------------------------------------------------------------------------- Add 'SITE CHECKMETHOD' and 'SITE CHECKSUM'. Closes Stan's TODO item 8. SITE CHECKMETHOD [CRC|POSIX|MD5|RFC1321] Sets or displays the current check method. If no parameter is given, displays the current method; otherwise the method is set to the given algorithm. CRC and POSIX are equivalent and are the output of the GNU cksum(1) utility. MD5 and RFC1321 are equivalent and are the output of the GNU md5sum(1) utility. The default check method is RFC1321 (MD5). SITE CHECKSUM [] Calculates the checksum for the named file. If no file is given, the last file transferred (uploaded or download) is used. If no file has yet been transferred, reports an error. The current CHECKMETHOD is used to calculate the checksum. New ftpconversions: .crc and .md5 Two new file conversions were added to the example ftpconversion which allow using GET to retrieve the CRC or MD5 checksums for files. NOTE: SITE CHECKSUM requires the installation of two additional programs in the ~ftp/bin directory. These programs have the same requirements as the external ls(1) program also normally required in that directory. For systems without these programs, or which require building new copies, the GNU textutils package should be used. This package is available at ftp://ftp.gnu.org/pub/gnu/ the current version at the time of this writing is textutils-1.22.tar.gz Add IGNORE_NOOP as a new compile-time option. Make it the default. From a request sent to me from ayamura@ayamura.org on September 14, 1998. Add site-exec-max-lines ftpaccess clause. This clause makes the limit on output lines from SITE EXEC configurable. The default is a 20-line limit, which was the old compiled-in limit. From a request sent to me from ayamura@ayamura.org on September 14, 1998. Moved 'retrieve_is_data' to be always compiled into the code since it was needed for SITE CHECKSUM. Modify the password cryptography for C2 Digital Unix. From a patch sent to me from ayamura@ayamura.org on September 16, 1998. Additional patches sent during testing clean up some of the cross-platform user authentication code for SECUREOSF. Fix a bug in the parsing of ftpconversions which I found when I put in the new conversions for checksums. Turns out this was the same as the bug I fixed in VR4 parsing the ftpgroups file. Disallow certain email addresses as passwords for anonymous ftp. From patches submitted to the mailing list by tchrist@jhereg.perl.com on Feb 14, 1997 and star@eos.hokudai.ac.jp on Jun 9, 1998. Actual patches taken from BeroFTPD with permission. Corrected a bug where deny-email had to follow passwd-check in the ftpaccess file. Limit total connect time. From a patch submitted to the mailing list by pschwan@apk.net on Sep 27, 1997. This closes Stan's TODO item 14. Phil lost his original patch, so the actual patch was taken from BeroFTPD with permission. Phil Schwan's xferstats program implements Stan's TODO item 6. Marking it closed. Download Phil's xferstats separately. Trust me, it's far better that the Perl script included in the package. Kent Landfield's privatepw program implements Stan's TODO item 2. Marking it closed. Download Kent's privatepw separately. Bernard Rosenkraenzer's BeroFTPD is now tracking my VR patches. With the inclusion of NEWVIRT in BeroFTPD, Stan's TODO item 24 is complete. Marking it closed. Download BeroFTPD if you use virtual hosting. Add 'hostname' option for the 'virtual' clause so we may set the name of our multi-homed ftp sites as we can with our default site. Discovered in testing. If a guest logs in on the virtual server deny the login unless their chroot point is the virtual server's root. This restricts guest logins to the site admin and anonymous users. From a patch submitted to the mailing list on December 11, 1996 by scott@galileo.cuug.ab.ca. Added the restriction that no real users may log in on the virtual server. Add 'email' option for the 'virtual' clause so we may set this as well. Discovered in testing. This takes virtual hosts as far as I need them. If you need more control, use BeroFTPD or newvirt. Add 'greeting' clause to control the amount of information the server gives out on the greeting. Personal preference. Code reading for the next patch I found another undocumented feature. If the on a 'class' or 'deny' clause starts with a slach (/) it names a file which contains any number of additional entries per line and any number of lines. Updated manpage. ttsg@ttsg.com caught me in a good mood and requested the ability to disable all DNS lookups in the daemon. I've done this as a compile-time option and included a discussion of the risks and benefits in the config.h for the daemon. Enabling this feature can be a win for busy sites because it can reduce the time required to make a connection as well as eliminate syslog messages caused by bad DNS management at the remote sites. More typos in ftpaccess.5, some mine, some have been there for ages. Earlier VR patches changed the behavior of the xferlog to always show the full, real path for the file. This should have been a compile-time option. BSD auth failures crashed the daemon. This looks like it's been a long- standing problem. Thanks to ttsg@ttsg.com for giving me a machine to test and debug this problem. If no 'ftp' user existed, the HELP-HACKERS patch failed to send a response which would hang the ftp client. Another from ttsg@ttsg.com. DEC Unix 4 needs a different configuration. Use './build du4'. Reported by dg@ulysium.net. Testing CLOSED_VIRTUAL_SERVER pointed out a bug in user() .. the attemmpt to sleep to slow down password guessers can't work since signals are off. The daemon sleeps forever. This has been there for years. Changed my mind and added two more virtual-server features so we can deny anonymous login on a virtual servier and so we can allow specified users to log in even though they're real or chroot'd to another directory. Also added a feature to deny real, guest or anonymous on the default server. Added USE_VAR and USE_ETC for IRIX (sgi) configuration. Noted by ayamura@ayamura.org testing the VR8 patches. DEC Unix complains about the function 'main()' having more than two parameters for STRICT ANSI/ISO C compliance. This warning can be safely ignored. Also, minor problems and a fix for syslog in the support/makefiles/Makefile.dec and src/makefiles/Makefile.dec which prevented bulding on DEC Unix 3.x. From ayamura@ayamura.org testing the VR8 patches. AIX complained (rightly so) about several problems with the source which prevented compiling using K&R. From ttsg@ttsg.com, testing VR8 patches. -- Gregory A Lundberg Senior Partner, VRnet Company 1441 Elmdale Drive lundberg+wuftpd@vr.net Kettering, OH 45409-1615 USA 1-800-809-2195