File: ChangeLog

package info (click to toggle)
pure-ftpd 1.0.47-3
  • links: PTS
  • area: main
  • in suites: buster
  • size: 3,212 kB
  • sloc: ansic: 29,132; sh: 1,632; makefile: 500; perl: 280
file content (1831 lines) | stat: -rw-r--r-- 92,261 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831

* Version 1.0.47:
 - Unlike other directory listing commands, the STAT command should
use TLS on the control channel even if TLS has been disabled on the data
channel. It wasn't the case; this has been fixed. Thanks to Carlo
Cannas.
 - Return a 451 error code instead of 226 on aborted uploads.
 - The system user "_ftp" can be used as an alternative to "ftp" for
anonymous sessions.
 - Compatibility with libsodium > 1.0.12 was added (including minimal
mode).

* Version 1.0.46:
 - The server can now be linked against OpenSSL 1.1.x with the strict API.
 - Unmaintained contributions have been removed.
 - Globbing: the number of * in an expression has been limited to 3.

* Version 1.0.45:
 - TLS v1.0 sessions are now refused.
 - Version 1.0.44 didn't properly parse the TLSCipherSuite directive.
This has been fixed.

* Version 1.0.44:
 - The Perl and Python wrappers are gone. The daemon can now use a
configuration file without requiring external dependencies.
 - Pure-FTPd can now be linked against OpenSSL 1.1.x
 - The QUIT command didn't work properly when the server was compiled
without support for RFC2640. This has been fixed.
 - 3DES was removed from the default cipher suite.

* Version 1.0.43:
 - Passwords can now be hashed using Argon2.
 - The -J switch didn't work any more in 1.0.42. This has been fixed.
 - The default cipher suite was simplified.
 - Authentication against system accounts is compatible with OpenBSD 6.0.
 - Fixed: protocol conformance when TLS sessions are refused.
 - Altlog records can now be sent to `stdout`/`stderr`.

* Version 1.0.42:
 - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
compiled with libsodium.
 - The connection is now dropped if HTTP commands are received.
 - LDAP force_default_gid and force_default_uid now work as documented.
 - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
1.0.22 circa 2009, but disabled back then due to client compatibility
concerns) is now on by default, except in broken clients compatibility mode.

* Version 1.0.41:
 - libmariadb is looked for in addition to libmysqlclient
 - MySQL: my_make_scrambled_password() is not always an exported
symbol any more, so pure-ftpd now ships a reimplementation.
 - openssl/ec.h is not available on some Linux distributions that
disable EC in OpenSSL. This is being tested by autoconf.
 - New command-line switch: -2/--certfile= to set the path to the
certificate file when using TLS.

* Version 1.0.40:
 - Support for TCP_FASTOPEN added on Linux
 - The LDAP configuration file didn't allow a default gid without also
defining a default uid. This is no longer the case.
 - OpenBSD's glob() left the glob_t structure uninitialized if the
pattern was larger than PATH_MAX, causing globfree() to free() an
unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.

* Version 1.0.39:
 - Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5)
 - Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)

* Version 1.0.38:
 - The default cipher suite is now ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH
 - TLS forward secrecy support was added. DH parameters are loaded from
TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve
is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically
selected when using LibreSSL.
 - scrypt hashed passwords can be used in the MySQL, PostgreSQL and
LDAP backends.

* Version 1.0.37:
 - The -C: prefix can be added to the cipher suite in order to make valid
client certificates mandatory. This is no longer a compile-time option.
 - The Clear Command Channel (CCC) command is now supported.
 - pure-config.py is compatible with Python 3.
 - SSL (v2, v3) is refused by default.
 - The PureDB backend supports the scrypt function in order to hash
passwords. This is the preferred algorithm, but requires the presence
of libsodium.
 - DES-hashed passwords are not supported any more.
 - LDAP uid and gid values can over overridden in the LDAP configuration file.
 - New LDAPUseTLS directive for LDAP.
 - RC4 was killed.

* Version 1.0.36:
 - The safe_write()/safe_read() factorization broke extauth. Using
safe_read_partial() to read from the extauth pipe wasn't enough.
Bug reported by Rasmus Fauske.
 - Improved autoconf detection of -fstack-protector and -fPIE
 - If 10 digits are not enough to print the size of a file in an
ls-like output, bump the max number of digits to 18. This adds support for
files up to 1 exabyte.
 - Pure-FTPd can be compiled with Cygwin, ASLR/DEP is enabled by
default on Windows, and ASCII downloads on Windows have been fixed.
 - A new undocumented macro, ALLOW_EVERYTHING_IN_FILE_NAMES, allows
any characters in a file name. Disabled by default.
 - Don't display dot files (except . and ..) if dot_read_ok is 0 in
donlist() - but not in sglob() yet. This change is purely cosmetic. There are
many ways to figure out if a file exists.

* Version 1.0.35:
 - Improve compatibility with the Intel and Ekopath compilers.
 - Use more paranoid compiler options whenever possible, and preliminary
uncluttering of the autoconf script.
 - Try to cache locale-related data at startup after tzset(), rather
than during a session.
 - Fix quota computation after rename() overwrites an existing file.
Reported by Hiramoto Koujo, thanks!

* Version 1.0.34:
 - Fix safe_write() inverted checks that broke uploads.

* Version 1.0.33:
 - Sync built-in glob(3) code with OpenBSD-current, and remove code we
don't use instead of ifdef'ing it.
 - Repair checkproc() on Linux when support for capabitilies is
compiled in. Reported by Eric Gouyer.
 - Don't read /dev/*random every time we need a value. Just use
arc4random() everywhere and seed it before we possibly chroot().
 - Add support for MFMT, with the same code as SITE UTIME.
 - Support 2-arguments SITE UTIME.
 - LDAP: Add LDAPDefaultHomeDirectory, suggested by Landry Breuil.
 - Add SSL_OP_NO_SSLv3 to SSL options if the list of ciphers is
prefixed by -S: , needed by Brad.
 - Remove the various safe_read() / safe_write() instances and
factorize them in safe_rw.c
 - Call OpenSSL_add_all_algorithms(), suggested by Brad.
 - Mention that WinSCP works fine with Pure-FTPd.
 - On Linux, opening a named pipe that nobody reads with O_WRONLY yields ENXIO.
The workaround is to opens it O_RDWR. So, just do that.

* Version 1.0.32:
 - Support SHA1 password hashing in MySQL and PostgreSQL backends
 - Support for braces expansion in directory listings has been
disabled - Cf. CVE-2011-0418

* Version 1.0.31:
 - Introduce --tlsciphersuite (-J) to set the list of allowed ciphers,
thanks to Todd Rinaldo.
 - The -F switch has been documented in the built-in help.
 - Shell-like escaping is now partially handled when emulating the "ls"
command.
 - Use my_make_scrambled_password() instead of make_scrambled_password().
Suggested by Arkadiusz Miskiewicz.

* Version 1.0.30:
 - Use malloc() instead of an ever-growing stack in pure-quotacheck.
Fixes quota computation on a large number of files. Problem initially
reported by jeff at cpanel dot net.
 - Treat OPTS UTF-8 like OPTS UTF8. Suggested by yjfan at longtop dot
com.
 - Empty the command-line buffer after switching to TLS. Fixes a flaw
similar to Postfix's CVE-2011-0411.
 - Provide ANSI-compliant MySQL configuration example.
 - Fix some issues with man pages.

* Version 1.0.29:
 - max_dlmap_size was size_t instead off_t, causing misalignment while
downloading > 4 Gb files on a 32-bits arch. Reported by Viktor Butskih.
 - pread() vs lseek()+read() was a useless optimization, since pread()
doesn't change the file position and further reads weren't going through
plain read() calls.
 - iconv_fd_* should be initialized by (iconv_t) -1 as we test them upon
exit. Fixes segfaults on glibc.
 - pure-uploadscript tries to reach the pipe during 30 seconds instead of 10.

* Version 1.0.28:
 - FTPD_PAM_SERVICE_NAME can be defined in order to change the PAM service
name.
 - When an upload gets renamed (--autorename), send the new name to the
uploadscript instead of the original one.
 - The ALLO command now checks for the actual disk space in addition to the
virtal quota.
 - Work around OSX broken poll()
 - After an atomic resumed upload, don't append the previous file size to the 
quota.
 - Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset is 
 UTF8.
 - Fix AUTHD_ENCRYPTED 
 - Reset the CWD failures counter after a successful directory has been
created. It avoids spurious disconnections with ncftp.
 - Support for iPhone has been moved to another branch.
 - Fix crash with PostgreSQL.

* Version 1.0.27:
 - Have pureftpd_shutdown() shut the server down even if a client is
connected on iPhone.
 - Allow users with no quota to delete .pureftpd-upload-* files.
 - Unbreak ipv6 support, reported by Brad Smith.
 - Disable SSLv3 renegotiation if an old SSL library is used. If you really
want to re-enable SSLv3 renegotiation, even with a recent library, you can
always define ACCEPT_SSL_RENEGOTIATION.

* Version 1.0.26:
 - Fix incompatibilities with Cyberduck when TLS is enabled.
 - Don't TLS_accept() immediately after accept(). Reply on the connection
socket first, so that clients don't have to wait before knowing that they
can actually use TLS. It avoids lags with LFTP and hangs with Cyberduck.
 - Properly change the process name on Linux when the -S option is used, by
Margus Kaidja.
 - Unbreak authentication of non-chrooted users. Thanks to Juergen Daubert
for the bug report.

* Version 1.0.25:
 - Show symlinks as symlinks in MLSD, except when the broken client
compatibility mode is turned on and links are not dangling (just like the
old LIST and NLIST commands). Reported by Mime Cuvalo.
 - More gcc 2 compatibility, thanks to Todd Rinaldo.
 - Properly handle custom paths in man pages. Thanks to Scott Haneda and
Mathieu Parisot.
 - Have $localstatedir default to /var as it used to be unless
--localstatedir=... is explicitly passed to ./configure
 - Use @VERSION@ in man pages.
 - --without-pam disables PAM on OSX and iPhone.
 - Allow cross-compilation.
 - Experimental iPhone target.
 - Change the way it links, building a library first.
 - Don't use mmap() any more for downloads. It's too slow.
 - Don't use hard-coded paths in order to find MySQL and PostgreSQL
libraries and header files. Use mysql_config and pg_config instead.
Suggested by John Alberts.
 - Log the DELE command similar to the RETR and STOR commands. Suggested by
Martin Fuxa.
 - The primary group gets cached so that it's always displayed in directory
listings.
 - Avoid a client process to burn CPU in an infinite loop if the command
channel gets disconnected before the data channel. Reported by Thomas Min
and Margus Kaidja.
 - Restore the traditional behavior of a download restarting at the end of a
file. For some weird reasons, some clients still insist on doing that. Don't
send a 55x return code, just let them download... nothing.
 - Documentation updates.

* Version 1.0.24:
 - Refuse empty passwords in LDAP bind mode. Reported by Henning Brauer.
 - The package can now be compiled with gcc 2.

* Version 1.0.23:
 - LDAP: accept "enabled" as a correct value for FTPStatus as it used
to be.
 - More useful error logging for OpenSSL errors.
 - Don't read certificates twice.
 - Fix compilation on Solaris with privsep, thanks to Ritesh Patel.
 - Don't replace : (as in IPv6 addresses) in host names. Thanks to Tero
Pelander.
 - Add SUP top AUXILIARY to LDAP schema, suggested by Zhang Huangbin.
 - Don't ignore dot files even if -D is not supplied with the MLSD command.
 - Deinline code
 - Throttling more reliable
 - STAT is now working over TLS
 - DH keys for ephemeral key exchange are now handled
 - Fix libiconv checking
 - The column was missing in the PassivePortRange comment (thanks to Igor
Alexadrov)
 - LDAP authentication through binding is now possible in addition to
passwords. This allows for the FTP server to run with an unprivileged LDAP
account. It also adds a warning if auth method password is used and doesn't find
a userPassword attribute. This usually indicates that the LDAP bind DN
cannot read the attributes, because it doesn't have sufficient privileges.
Contributed by Wilco Baan Hofman.
 - Perform charset conversions on directory names. Issue spotted by Xianghu
Zhao.
 - Almost a complete rewrite of the upload, download and TLS code for more
reliability
 - Seemlessly handle ABOR without any SIGURG
 - Try to immediately handle any kind of disconnection
 - Use poll() rather than select() as much as possible
 - Distinguish aborted (even the hard way) and completed download and upload
operations in log files
 - Minor corrections to he French messages
 - Don't use atomic uploads unless --notruncate or --autorename have been
enabled
 - Take care of removing .pureftpd-upload-* files in every possible case
 - List up to 10000 files per directory per default instead of 2000
 - Don't mess with TCP_NOPUSH, as it interferes with OpenSSL
 - New compile-time option: --with-implicittls in order to build a FTPS-only
server
 - ./configure --localstatedir can now be used in order to avoid storing the
scoreboard and other dynamic files in /var/run/
 - Quota handling reworked (easier, and way more reliable)
 - RNTO support even when quota are enabled.
 - A bunch of return codes were fixed to be more RFC-conformant.
 - ALLO command is now actually checking if an upload can occur without
blowing the quota.
 - Don't change the TCP window size. Admins should do this as part of their
system configuration.
 - Privsep is now enabled by default. Use --without-privsep to disable.
 - --without-banner is gone. If you have a cookie file (-F), the default
banner won't be displayed.
 - Compile with PAM by default on OSX.
 - Switch the privsep process to _pure-ftpd or pure-ftpd when no privileged
call is actually necessary. Since only the effective uid chances, it's not
brutally useful yet, but it paves the way for forthcoming changes.
 - Install man pages with local paths instead of hard-coded ones.

* Version 1.0.22:
 - New catalan translation, by Taik0.
 - TLS support for LDAP, contributed by Marc Balmer.
 - pureftpd.schema contained two errors. Reported by Ulrich Zehl.
 - Fix usage of MySQL 5 stored procedures, by Bernhard Fischer.
 - Don't issue a warning in ./configure when the certfile does exist.
Reported by Michael Bowe.
 - Have LDAP FTPStatus work since the schema changed. Thanks to David Majorel.
 - Compatibility with newer OpenLDAP versions. Thanks to Johan Str�m.
 - Don't hang up during uploads if we get any other command than QUIT and
ABORT.
 - SITE UTIME reads UTC time
 - A space is needed for inline content in response to the MLST command.
 - Time zone issues should be fixed for good. We have to redefine TZ,
tzset() is not enough on Linux when we are in a chroot environment.
 - Correctly respond to FEAT without removing extra features when passive
mode is disabled. Thanks to upb.
 - Better process name change setup for Linux.
 - Auto-created home directories are now created with mode 0777 (and
directory umask is applied), per common request. It's very important to
double check your umask.
 - Extend gid / uid to 10 digits in ls output. Extend file size as well.
 - Brazilian portuguese translation was updated.
 - Support new MySQL password scrambling, thanks to Jan Hudoba.
 - Larger mmap() chunks: downloads needs less CPU usage on platforms with
slow mmap() like OpenBSD.
 - Fix SecureFX compatibility.
 - Use PQescapeStringConn() for PostgreSQL instead of hand-made escaping.
 - messages_check.pl had to leave the package as it was GPL-licenced.
 - Don't respond to server that an upload succeeded before the temporary
file has been renamed.
 - TLS support on data channels, contributed by Rajat Upadhyaya from Novell
and Christian Cier-Zniewski.
 - Use sendfile() on recent Solaris versions in place of sendfilev().
 - Don't use a deprecated interface for Bonjour registration.
 - Tell authentication handlers if the connection is encrypted or not,
through a new AUTHD_ENCRYPTED environment variable. Suggested by Koczka
Ferenc.
 - README.Netfilter has been removed.
 - Create all directories, not only the basement when on-demand directory
creation is enabled and the user's home directory looks like /basement/./user.
Suggested by Frederico Gendorf.
 - Fixed error reporting when TLS support was compiled in, but TLS wasn't
enabled on the current session. Thanks to Arkadiusz Miskiewicz.
 - Log full path on file deletion. Thanks to Arkadiusz Miskiewicz.
 - Handle "ftp" and "anonymous" like normal accounts (with passwords) if -E
(no anonymous logins) is specified. Thanks to Arkadiusz Miskiewicz.
 - Sleep before answering a password failure, not the other way round. From
PLD Linux.
 - Fix gcc warning in puredb.
 - In broken mode, show symlinks as their real target. It can have side
effects, don't forget that broken mode is... broken mode.
 - Respect aliasing rules for sockaddr_storage usage.
 - Privsep is enabled by default in the installation GUI.
 - --with-everything now includes privsep.
 - update: fix compilation with gcc 2.x, reported by John Lightsey.

* Version 1.0.21:
    When SHA1HANDSOFF is defined, we shouldn't cast a pointer to a large union
to a char buffer, because of alignment required by some architectures.
    WITH_THROTTLING should actually be THROTTLING in src/log_extauth.c . It
fixes throttling with extauth. Reported and fixed by Marcus Merighi
<mcmer at tor.at> through Brad our beloved OpenBSD maintainer.
    Rendezvous has been renamed Bonjour.
    A double-close in the CHMOD command has been fixed, reported by Christer
Mjellem Strand.
    The old PAM sample has been removed.
    -F option added to pure-pw.
    MAX_USER_LENGTH has been bumped to 127 due to popular demand.
    pam/* can now be used if security/* doesn't exist. Fixes PAM
detection on MacOS X.
    Call tzset() in chrooted apps in order to get correct time zones in
syslog messages.
    simplify() simplifies paths ending by /. and /..
    MySQL's hash_password() needs 3 arguments since mySQL 4.1.
    Experimental support for RFC2640 (UTF-8 filename encoding) has been
added, derived from code by Jui-Nan Lin.
    The LDAP schema has been changed: FTPStatus should be a boolean.
    New switch: -p (--pidfile=) for pure-authd and pure-uploadscript, by Old
Sparky.
    By popular request, even non-chrooted users are now denied access if their
home directory is not mounted.
    If die() is called during a TLS-enabled session, encrypt the death
message. Contributed by Cynix.
    Don't wrongly abort transfer during file upload. Fix by Patrick Gosling.
    WITH_LARGE_FILES is now defined by default.
    sendfile64() support on Linux.
    privsep and main processes were swapped out so that pure-ftpwho displays
the right pid.
    OPTS MLST has been implemented.
    SITE UTIME has been implemented.
    TCP_CORK is on by default again. A new configure switch, --without-cork,
can disable it.
    Correctly format %c and %% in fakesprintf().
    The connection socket is now created with the Nagle algorithm disabled.
It was the trick to dramatically improve performance when transferring a lot
of small files.
    Updated getopt_long() and realpath() substitutes.
    Allow logging to named pipes (thanks to Steve Marple).
    Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server.
    Documentation updates.
    MySQL errors are now logged.

* Version 1.0.20:
    MacOS X Panther and Tiger sometimes returns EAI_SYSTEM (errno=ENOENT)
when a host is not found.
    The BSD getopt() update has been partly reverted.

* Version 1.0.19:
    Until OpenBSD has UBC, we need to explicitly call msync() to
synchronize data written by mmap() and read by read().
    Real disk space is no more shown unless SHOW_REAL_DISK_SPACE is defined.
    Fygul's email address has changed.
    Don't try to catch SIGKILL any more, it's uncatchable.
    PureUserAdmin was added to the contribs.
    getopt_long() was resynced with the OpenBSD version.
    The client socket switches to non-blocking mode before forking in
accept_client() - reported by Agri <agri at desnol.ru>.

* Version 1.0.18:
    Autoconf was bumped to 2.59, automake to 1.8.
    The sample source code in README.Authentication-Modules was bogus
because of a missing 'echo end' statement. Thanks to Peter Ahlert
<petera at gmx.net> for reporting this.
    New translation : hungarian. Contributed by B�nhalmi Csaba
<banhalmi at enternet.hu>.
    New translation : catalan. Contributed by Oriol Magran�
<omagrane at mediapro.es>.
    Max CPU time was bumped to 60 min.
    Disable hash_password() function call on MySQL 4.1.x and later.
    We now use two listening sockets (listenfd / listenfd6), one for IPv4, one
for IPv6. The standalone_server() function has been reworked and split.
    New urlencode() function to escape characters in W3C and CLF altlog files.
Based upon a suggestion and a patch by Volodin D.
    The xferlog format was also implemented by the way.
    New global : no_ipv4 to only listen to IPv6 in standalone mode.
    Use closefrom() if available to close all descriptors.
    Support for Rendezvous on MacOS X by Jean-Matthieu Schaffhauser.
    Support for Apple / GNUSTEP plist data output in pure-ftpwho, also by
Jean-Matthieu Schaffhauser.
    The FileInfo structure was renamed PureFileInfo to avoid a name clash on
Darwin.
    A lot of compile-time default values like GLOB_TIMEOUT, MAX_CPU_TIME and
MAX_USER_LENGTH, are now overridable without any change to src/ftpd.h
    ENABLE_UNICODE_CONTROL_CHARS has been replaced with
DISABLE_UNICODE_CONTROL_CHARS and a new switch, --without-unicode, defines
that macro.
    Unlink the right pid files in pure-authd and pure-uploadscript. Reported
and fixed by Oscar Sundbon <moose at djuren.org>.

* Version 1.0.17a:
    FD_SET(-1, ...) is invalid, but it could happen on aborted transfers,
causing Pure-FTPd to exit without removing ftpwho entries nor atomic files.
    safe_fd_set() has been introduced to solve this, it just works like
safe_fd_isset() and ignores descriptor -1 and it has been placed on the same
places.

* Version 1.0.17:
    Some fixes were made to the traditional Chinese translation by Flaw Zero
<flawzero at eyou.com>.
    Autoconf was upgraded to 2.58.
    TLS_CERTIFICATE_PATH has been renamed TLS_CERTIFICATE_FILE.
    --with-certfile has been added to ./configure to set up a value for
TLS_CERTIFICATE_FILE. The default value has been reverted to
/etc/ssl/private/pure-ftpd.pem.
    Solaris NIS accounts can now be converted using pure-pwconvert.
    Don't drop capabilities too early, or even chroot will be prohibited.
Thanks to Arkadiusz Patyk, Li-Ren and Philipp Kern for their report.
    Negative return codes are not used any more - reported by Andrew Victor
<andrew at sanpeople.com>
    System users whose password is '********' are now imported by
pure-pwconvert (for newer MacOS X).
    New file : README.MacOS-X.
    Use SO_REUSEPORT in place of SO_REUSEADDR to bind the ftp-data port on
FreeBSD. Suggested by Henri Virtanen <hvirtanen at daous.com>.
    Big change in the way upload are handled. We now maintain a per-process
unique file name in an "atomic_prefix" global. This is the name of a temporary
file that is actually used for upload, through the get_atomic_file() function
that adds the basename if needed. Once the upload is completed or aborted, the
temporary file is renamed. Or hard links are created when autorename is asked
for (autorename happens after the upload now, not before). It changes a lot of
stuff in dostor(), but it makes the whole thing easier and atomic uploads are
really nice for the end user. --no-truncate (and the global no_truncate) can
keep the old file when a new version of a file is being uploaded.
    Redundant calls to get_usec_time() were removed.
    Julien Andrieux's parser has been added to contribs.
    Errors when SSL certificates are missing are more explicit.
    The SITE TIME command was implemented. Suggested by Mark.
    A new sample of a PAM configuration file has been written. The previous
one is still available as pure-ftpd.old.

* Version 1.0.16c:
    We should disable the raw mode and send full HTML headers in CGI mode.
Reported by Bernard Lheureux <bernard.lheureux at bbsoft4.org>
    Spelling errors were fixed in the .no translation by Brynjar Eide
<post at mislykket.no>
    Always try to include sys/param.h before sys/mount.h in the autoconf
script. Patch by Brad Smith <brad at openbsd.org>.
    FAQ addition regarding the STOU command. Written by C. Jon Larsen
<jlarsen at richweb.com>
    PAM was broken in 1.0.16b due to PAM_SUCCESS not being copied to the right
slot. It has been fixed.
    Automake has been updated to 1.7.8.
    configure.ac has been cleaned up a bit regarding the conditionnal inclusion
of stdlib.h/unistd.h .
    RPMs are now built with largefile support, privsep and sysquotas by
default.

* Version 1.0.16b:
    PAM fixes.
    TLS should now compile on RedHat 9 that moved Kerberos headers to
a specific directory.
    free(NULL) is ok => all code like "if (<value> != NULL) free(<value>);" 
has been simplified.
    Automake has been upgraded to 1.7.7, Autoconf to 2.57a.
    The sysconf prefix is now used for SSL certificates as well.
    We break'ed too early when trying to resolve host names in
pure-ftpwho and the local host name couldn't even be resolved. The problem was
introduced in 1.0.16 when the MacOS X Panther workarounds were implemented.
    Thanks to JG <jg at cms.ac> for his bug report.
    /usr/local/include, /usr/kerberos/include and /usr/local/lib are only
added to CPPFLAGS/LDFLAGS if they actually exist.
    pure-ftpwho now outputs XHTML 1.1 conformant code in CGI mode.
    pure-ftpwho now properly escapes XHTML special characters.
    pure-ftpwho now announces the ISO-8859-15 character set in XML mode.
    Disable IPV6_V6ONLY by popular request by people lost with the need of the
-4 switch on some operating systems.

* Version 1.0.16a:
    Fix typo (sizeof_resolved instead of sizeof resolved) in
src/bsd-realpath.c . Not a vulnerability because it happens in the good way,
but it sometimes used to break uploadscript.

* Version 1.0.16:
    An obsolete comment in pure-ftpd.conf was fixed : RPMs don't parse
/etc/sysconf/pure-ftpd any more.
    Recognize the '##' prefix as a shadowed password - make
authentication work on Solaris with shadow/NIS.
    Add back some random sleep() between authentication failures in
addition to the exponential sleep. Zzzzz... sleeping is good in summer...
    Upgrade to automake 1.7.5.
    The list of options in the pure-ftpd(8) man page was reordered -
Thanks to our beloved Claudiu Costin.
    SSL/TLS support was added (bits in src/{ftpd.c,ftp_parser.c,tls.c,tls.h,
configure.ac}, new doc: README.TLS, new globals: tls_ctx, tls_cnx). New
related commands were introduced : AUTH, PBSZ and PROT.
    Uploaded files are now removed when realpath() fails and
bsd_realpath() was modified to fall back to getcwd()/chdir() if we
can't get a descriptor on the current directory because it is not
readable. It fixes pure-uploadscript on some platforms like MacOS X.
    HAVE_BROKEN_REALPATH is gone. USE_BUILTIN_REALPATH is born.
    A typo in the Python configuration file wrapper was fixed : -t was used in
place of -y.
    MacOS X Panther has a lousy getnameinfo() implementation that doesn't fill
the buffer when no DNS entry is found for a host and a numerical result wasn't
explicitly asked. As a result, Pure-FTPd didn't even start on Panther (saying
"bad IP address") . We now check for EAI_NONAME if available and we retry with
NI_NUMERICHOST if this is what getnameinfo() returns. Thanks to Yann Bizeul
for his valuable help on this issue.
    Implement a working strdup() replacement in puredb for systems lacking it.
    Some MAXPATHLEN / MAXPATHLEN + 1 cleanups. Basically when paths are
generated by our own functions, we use MAXPATHLEN for the complete
zero-terminated string. When a buffer is passed to a libc function, we reserve
a MAXPATHLEN + 1 buffer and give a MAXPATHLEN size, just to avoid bad
surprises if an off-by-one ever occurs in a getcwd() like function.
    Don't use make_scrambled_password() in the MySQL backend because the API
changed since MySQL 4.1.
    Removed fixed-size constant arrays in src/crypto.c because of MacOS X
linker bugs (grrr...) .

* Version 1.0.15:
    New translation : Turkish, contributed by Mehmet Cokcevik
<dns at netline.com.tr> .
    PostgreSQL documentation templates have been fixed - At least User
is a reserved keyword that needs quotes. Thanks to Henrik Edlund
<henrik at edlund.org> .
    The maximal length of an account has been bumped a bit (42 chars),
and that size is now consistent across functions through the
MAX_USER_LENGTH macro. Thanks to Darth Vader (freddyke) for suggesting
this.
    The comment about the location of the config file in the RedHat
init script was synced with the new location.
    Tokens in the configuration file are now case independent.
    Automatic creation of home directories was fixed. Thanks to 
Anthony DeRobertis for the fix.
    A typo in quota handling was fixed.
    Cable & Wireless NL is now WideXS and their mirror seems to be
working again.
    Always fill descriptors 0/1 in order to make pure-uploadscript
actually work when daemonizing. Thanks to Joerg Pulz
<Joerg.Pulz at frm2.tum.de> for pointing this out.
    Don't open pipes with O_NDELAY, some systems don't like it at all.
As a side effect, the server will now wait until pure-uploadscript is
actually started before accepting connections and this is a _good_ thing.
    The server load is not displayed any more, by popular request.
    The version number isn't displayed any more as well.
    GNU's getopt_long() has been replaced by an OpenBSD derivative.
    --without-longoptions has been removed. We keep the old macros and
#ifdef though, just in case we want to improve the minimal mode later.
    New unofficial macro : DISPLAY_FILES_IN_UTC_TIME to display directory
listings with UTC times.
    The danish translation was updated - Lyberth.
    pure-pw now returns error codes.
    WIN32_ANON_DIR can override the default anonymous FTP directory on
Win32.
    Fix "pure-pw usermod -y" by introducing has_per_user_max.
    New subcommand : "pure-pw list", that summarizes available
accounts in a puredb.
    Enlarge TCP window as it was a long time ago. It brings better
performances on BSD systems. Define NO_TCP_LARGE_WINDOW to disable.
    Try to early detect timeouts by checking whether select() returns 0.
    Don't try to reduce capabilities if we obviously can't because the
server has not been started by root.
    Pure-FTPd is now 100% covered by the BSD license.

* Version 1.0.14:
    Use random() if available, not rand() for fortune cookies.
    Remove broken lseek(fd, -1, 0).
    When writing to clients data sockets fails, the client probably
hung up. IE, for instance, doesn't seem to properly abort transfers
and say "QUIT" when a transfer is canceled by the user. So, log
MSG_ABORTED instead of MSG_DATA_WRITE_FAILED.
    Check whether we are inside a Virtuozzo virtual environment and
disable sendfile() if this is the case. Thanks to Kittiwat Manosuthi
for his help on this issue.
    Automake has been upgraded to version 1.7, autoconf to version 2.57.
    Introduce privsep.h, privsep_p.h, privsep.c and --with-privsep.
    Drop capabilities after the call to nice() because we need
CAP_SYS_NICE.
    Don't waste time with in dopasv() to get the name of the socket we
just created.
    Add "ptracetest".
    Enable __EXTENSIONS__ and _XPG4_2 on Solaris in ./configure.ac
    Also check whether a client has gone away by testing xferfd and
introduce safe_fd_isset() that just works like FD_ISSET() but doesn't
choke when the descriptor is -1. It fixes bus errors on FreeBSD.
    Add force_passive_ip_s in order to store the argument of -P.
Passive IP addresses are now resolved in doit() for every new
connection, by popular request. It means that "-P ftp.example.com" now
works, even for dynamic addresses.
    Split the function that creates an active data socket into two
parts : doport2() and doport3(). doport3() actually creates it,
doport2() does other gadgets like checking for FXP, etc.
    Carefully check whether we have OpenBSD/MicroBSD-like MD5/SHA1
functions in libc and not an incompatible variant like Cyrus SASL.
    The "Welcome to Pure-FTPd" decorations were replaced with
something more neutral.
    Introduce ISCTRLCODE() instead of doing it by hand every time and
properly reject Unicode control chars while we are at it.
    New contrib : Webmin module, by La Shampoo.

* Version 1.0.13a:
    Fix pure-config.pl with old versions of the Perl interpreter.
    Fix compilation with PostgreSQL, thanks to Sakari Tanhua 
<stanhua at cc.hut.fi> .
    
* Version 1.0.13 :
    Swap simplified and traditional chinese settings. Reported by Ying-Chieh
Liao <ijliao at csie.nctu.edu.tw> .
    Ignore ESTA if a passive IP is forced or the NAT mode is enabled, because
the private address is probably meaningless.
    README documentation improvements, contributed by Jeffrey Lim
<jf_____ at fastmail.fm>
    Avoid NGROUPS_MAX when possible - Idea from tuxfamily.org CVS tree.
    LDAP schema changed to work with newer OpenLDAP releases.
    New LDAP directives : LDAPFilter, LDAPHomeDir and LDAPVersion.
    Be a bit more heavy when creating home directories, it should solve
troubles users had with path containing extra slashes.
    Try again when the pipe can't be opened in pure-uploadscript.
    New --with-boring switch (BORING_MODE macro) .
    Fix sendfile() support on Solaris, thanks to Emmanuel Hocdet
<man at t-online.fr>
    Add uptime support for pure-mrtginfo on FreeBSD. Contributed by
Ying-Chieh Liao <ijliao at csie.nctu.edu.tw> .
    Fix error when deleting files with an absolute directory when quotas are
enabled. Contributed by Johannes Erdfelt <johannes at erdfelt.com> .
    dobanner() rewritten. It's now the same code to display .message and
.banner files and the content is sent line by line. We can't afford to load
everything and simply call addreply_noformat(), because if a banner starts
with a digit, it would be complicated to insert spaces to be RFC conformant.
    Fix typo in the example configuration file (pureftp -> pureftpd) .
Reported by Kyle Herbert (http://www.firstnetimpressions.com/) .
    Spanish translation updated (Lluis) .
    Chinese translation updated (Fygul) .
    There's now an unique official spelling : "Pure-FTPd".
    Autoconf 2.54, Automake 1.6.3.
    Move getloadavg() and similar functions to getloadavg.{h,c}.
    Get the 5-min load average, not the instant load.
    Raise the default maxdiskpct from 90% to 99%, as many people don't figure
out why they can't upload an ISO image when there's 700Mb free on a
7Gb partition.
    Relax permissions enforcement in dochmod() when quotas are enabled
- Thanks to Claudiu.
    Introduce checkprintable() function in ls.c : don't display files
whose name contains characters < 32.
    Contributed sfv-crc-check has been removed (people reported that it simply
doesn't work) .
    PAM sample fixed : ftplockout should really be ftpusers. Add some
common system accounts by the way.
    More flexible RPM spec file, contributed by Johannes Erdfelt
<johannes at erdfelt.com> .
    New translation : Czech, contributed by Martin Sarfy
<xsarfy at informatics.muni.cz> .
    Merge Clive Goodhead's patch to implement MYSQLDefaultGID and
MYSQLDefaultUID and port it to PostgreSQL.
    pure-config.pl has been completely rewritten in a clean way by
Aristoteles Pagaltzis <pagaltzis at gmx.de> .
    New contrib : pure-vpopauth.pl .
    Remove backtitle in gui/build.sh, it breaks radio lists on some
dialog versions.
    Enable --without-ascii by default on Win32. It means that text
files must be in Windows format (CR+LF) on the server, no more in an
Unix fashion, or clients will get bare LFs (and intelligent clients
will switch to binary mode, so files sent in Unix format will be
retrieved in Unix format - great) .
    redhat.init now uses pure-config.pl as different configuration
files was confusing people.

* Version 1.0.12 :
    Style : opt_l_ is now an argument of donlist() - no more need to set
up the global variable before calling the function.
    A (fake for now) ACCT command has been added. Maybe it will solve a
conflict with some versions of Fetch for Macintosh.
    NLST and MLSD should be able to handle only one file. Don't split file
names, don't parse options. Reported by Martin Hedenfalk.
    Support for sendfile() on HPUX and sendfilev() on Solaris. Contributed
by Kenneth Stailey.
    Don't display "you are user number 0".
    Check whether we have pread() in configure.ac .
    Remove dead scoreboard files in pure-ftpwho, even those whose status
isn't marked as free.
    New translation : Russian. Contributed by Andrey Ulanov
<drey at rt.mipt.ru> .
    New translations : simplified and traditional Chinese. Contributed
by Fygul Hether <fygul at fgs.org.tw> .
    New IPv6_OK message to tell people when a server also accepts IPv6
connections if DISPLAY_IPV6_OK is defined.
    In extauth, there's no more need to fill fields except auth_ok
when authentication is refused (auth_ok = {0,-1}) . uid/gid/dir are only
checked with auth_ok = 1. It's then easier to chain other authentication
modules.
    Linux binaries will now be linked against GlibC 2.2.x .
    Use the non-root mode for the Windows port.
    Don't forget to retrieve LDAP_FTPUID and LDAP_FTPGID when fetching
LDAP info.
    Introduce closedata() to close the data socket. It avoids
duplicate code. opendata() now returns void : the result is in the
xferfd global.
    fakesnprintf() now supports %c.
    Implement FTP Data Connection Assurance
(http://www.ietf.org/internet-drafts/draft-ietf-ftpext-data-connection-assurance-00.txt)
    Buglets fixed in the PostgreSQL documentation.
    Pure-FTPd User Manager added to the contribs.
    Add exponential delay after a 'cd' failure. Suggested by Jim.

* Version 1.0.11 :
    New translation : Norwegian. Contributed by Kurt Inge Sm�dal /
EasyISP.org <kurt at easyisp.org> .
    Fix typo (RATIO->RATIOS) in log_extauth.c and ratios are now working
with the extauth module :)
    Autoconf upgraded to 2.53 .
    PAGE_SIZE can be non constant. So we try to get it with getpagesize() or
sysconf() . PAGE_SIZE and MAP_SIZE have become page_size and map_size.
Thanks to brad at openbsd.org .
    Dutch translation updated - Johan Huisman <sietze.jan.huisman at 12move.nl>
    Typo in log_extauth.h (bandwidth -> bandwidth) . Fixes throttling with
extauth. Reported by iTooo <itooo at itooo.com> .
    Italian translation updates (Alex Dupre) .
    Workaround against Solaris streams bugs - Kenneth Stailey.
    getspnam() is now probed in addition to <shadow.h> in order to find
whether shadow passwords are available - Kenneth.
    Check for setreuid/setresuid/setregid/setresgid is seteuid/setegid
aren't available. Use them in place of seteuid/setegid if necessary - Kenneth.
    Fixed a typo in the previous line - Brad :)
    Use pstat_getdynamic() to get the load average if available. It works on
HPUX - Kenneth.
    Use pstat() to change the process title on HPUX - Kenneth.
    Cosmetic cleanups (tabs instead of spaces, etc) .
    The good'ol poweredby.jpg logo has been replaced by pure-ftpd.png, the
new official logo contributed by Gabriele Vinci <gabriele at pronto.it> .
    We now have plenty of FTP mirrors, see the end the README file.

* Version 1.0.10 :
    GCC updated to 3.0.4.
    Automake updated to 1.6. configure.ac has zapped deprecated
constructions.
    Autoconf updated to 2.52i. Autoconf doesn't like conditional *_LDFLAGS
in Makefiles any more.
    Probe for *postgresql* in addition to *pgsql* to find include/lib paths
for PostgreSQL (configure.ac) .
    *reply() functions rewritten from scratch: simpler code, no more
recursivity (makes Solaris happy) and faster processing.
    Accept '..' in file names in fakexlate() .
    Use addreply_noformat() whenever possible (speedup).
    New switch : -Z (--customerproof) . Right now, it adds | 0600 or | 0700
to chmod commands to avoid users locking their own files. Additionnaly, we
now try a traditional chmod() call if fchmod() fails. There's a race here,
but no security trouble to fear. Reported by Mark Reidel <mr at domainfactory.de>
    Spec file fixes, contributed by Jose Pedro Oliveira <jpo at di.uminho.pt>
    PureDB binary search could fail with -1 as a slot number - fixed.

* Version 1.0.9 :
    Korean translation updated.
    Spanish translation updated.
    Slovak translation updated.
    Load average is now checked on Irix - Contributed by Florin Andrei
<florin at sgi.com> and Chan Wilson <cwilson at sgi.com> .
    Make the PAM example more generic. -Thorsten.
    External authentication modules can now be compiled in even when
ratio/quotas/throttling aren't enabled. -reported by pierre at epinetworx.com .
    /dev/*random devices can now be probed at run-time when
PROBE_RANDOM_AT_RUNTIME is defined. Suggested by Kenneth Stailey.
    Remove loop alignment in minimal mode - GCC doesn't like it on Solaris.
    Enabling the non-root mode now implies virtual chroot. - Some big
improvements to the non-root mode. Almost all features of the root mode are
now working.
    SITE ALIAS buglet fixed - Kenneth.
    Parse a.b.c.d IP addresses (without /netmask) and blah.blah.blah
(hostnames) in log_puredb access/deny rules. Suggested by Maxnerd.
    Autoconf updated to 2.52h.
    Don't drop CAP_CHOWN before login completion, so that on-demand
directories are chown()ed to the right user when capabilities are enabled.
    fake* files are now under a BSD license.
    The PgSQL backend now accepts 'any' and 'md5' keywords for the password
hashing - Contributed by Bjoern.
    External authentication modules are now working on non-Linux systems :
we were sending every line from log_extauth to pure-authd in separate
packets to the local unix socket, but we were only reading a single packet
then. Now, we also group everything to a single packet before sending the
data.
    Merge Ben Gertzfield's extended LDAP schema.
    AtheOS is unfortuntely gone from the list of supported OS because it
lacks mmap().
    Invalid SQL queries are now logged in order to help debugging.

* Version 1.0.8 :
    Set errno in fake functions.
    Get rid of rd_len, rename rd -> root_directory, always ensure that it
has a trailing '/' to simplify further code.
    Recognize the /./ hack for anonymous users ('ftp' account). Contributed
by Teo de Hesselle <teo.dehesselle at uts.edu.au> .
    Strip leading / in fakechroot (just to be coherent with the trailing /
now in root_directory) .
    Have the non root mode work with virtual chroot. People are restricted
to the directory pure-ftpd was started in.
    Fix compilation on AtheOS.
    Allow pure-quotacheck to run as a non-root user (suggested by Philip Mak
<pmak at aaanime.net>) .
    Merge realpath() replacements from OpenBSD-current, because some Solaris
libC have a broken realpath() implementation.
    Support for MD5 hashed passwords in log_mysql. Contributed by Nicolas
Doye.
    Force a minimum of 64k i/o buffers.
    Get rid of the ugly daemons.c inclusion in pure-mrtginfo.c .
    Merge the W3C log format - contributed by Thomas Briggs <tom at sane.com> .
    Add initsupgroups() function and always call initgroups() *BEFORE*
chroot. An important fix pointed out by Adam Kruszewski (Fantomik) and
Wojtek "elluin" Kaniewski.
    Add CAP_SETUID if we're on a system with Linux capabilities, but no
setfsuid() call. Who knows, there are maybe very strange GlibC.
    New switch : -G (--norename), new global : disallow_rename .
    sizeof(FTPWhoEntry_.filename) increased in ftpwho-update.h .
    Reply with 530, not 550 when user isn't logged in. Reported by Philip
Mak <pmak at animeglobe.com> .
    Follow symlinks in pure-quotacheck. We need this to support virtual
chroot.
    Remove extra "." in "Entering passive mode" message to please some very
old BSD kernel proxies. Reported by BigAndy.
    Open descriptors 0,1,2 (->/dev/null) in forked uploadscripts, just to
please some programs that are crashing when they can't write to stderr
(example : Unison) .
    Add a fakechroot version of realpath() so that altlog works with
absolute file names.
    New FAKECHROOT_EXCEPTION macro to avoid I/O wrappers. -Used in
bsd-realpath() .
    Cygwin doesn't have a working initgroups() call (always returns -1) =>
don't abort if the call doesn't succeed. Also, have getpwnam() and getpwuid()
always return the same fake values on win32.
    Speedup : chroot("/") means no chroot at all, no need to wrap I/O
functions in that case.
    mode_t is an unsigned short on MacOS X, so it's promoted to unsigned
int - take care of that for fakeopen() mode.
    Fix throttling in ASCII mode - the nowait condition is o >= st.st_size,
not left > skip.
    Log passwords when the server is compiled with DEBUG.
    Remove TVFS conformance announcement (FEAT command) when virtual chroot
is enabled.
    Fix bashisms/zshmisms in configure.ac and links OpenSSL if needed with
OpenLDAP. Contributed by Ben Gertzfield (che_fox) .
    Merge pure-authd and the 'extauth' external authentication handler.
Relevant files are man/pure-authd.8, src/log_extauth* src/pure-authd* .
    Undefine fakechroot macros before their definition, it shuts the
compiler up on Solaris.

* Version 1.0.7 :
    Use /dev/arandom and random() instead of /dev/urandom and rand() when
possible. Suggested by Brad Smith <brad at openbsd.org>.
    Korean translation updated (Im).
    GCC upgraded to 3.0.3 for binary packages.
    Don't chroot to /etc/pure-ftpd/<ip>/. , but to /etc/pure-ftpd/<ip> for
virtual users. Virtual chroot didn't like it.
    RPM packages can now be built with LDAP, Mysql and PostgreSQL.
Contributed by Ben <ben at zaeon.com> .
    Directory aliases (DIRALIASES macro, diraliases.{c,h}, minor tweaks to
ftpd.c (docwd) and ftp_parser.c (site alias)) . Contributed by Kenneth
Stailey <kstailey at yahoo.com> .
    Cindy has moved.
    Add a fake chroot wrapper for stat[v]fs[64]() and rm/mkdir.
    Check directory, not file for stat[v]fs[64]() - Option -k should really
work now.
    Don't count .ftpquota in pure-quotacheck. Reported by Jan Pavlik.

* Version 1.0.6 :
    New fakechroot.{c,h} files. They contain wrappers for most I/O functions
to emulate chroot and follow symbolic links.
    PostgreSQL support, based upon log_mysql.
    Known issue with virtual chroot (FIXME) : files with ".." in their names
are denied.
    Danish and Korean translations updated.
    Typos were fixed in the Polish translation (contributed by Mariusz
Pekala <skoot at poczta.onet.pl>).
    Check for libelf before libkvm in Autoconf (Kenneth)
    Don't enable TCP_NODELAY any more on the connection socket. FTP Explorer
doesn't like it.
    Don't assume that crypt() always returns non-NULL pointers. Thanks to
Paul <paul at chipmunkweb.yi.org> for his help on that issue.
    New translation : Swedish (messages_sv.h).
    Don't clear dot_{read,write}_ok when quotas are enabled. Instead, check
for enabled quotas in checknamesanity() and refuse everything with
".ftpquota" in it => ok because only 'ls' performs globbing.

* Version 1.0.5 :
    Rename and delete operations are now syslogged.
    Strange characters are now stripped from .banner/.message files.
    Unofficial macros to give more power to anon users :
ANON_CAN_CHANGE_PERMS, ANON_CAN_DELETE, ANON_CAN_RESUME and ANON_CAN_RENAME.
    Return 550 when an upload excess quota.
    New unofficial macro : LOG_ANON_EMAIL .
    File deletion and rename are now logged.
    [v]snprintf() replacements have been totally rewritten.
    Accept multiple ip/mask filtering rules in the puredb backend.
    The load average can now be read on Solaris < 2.6 (where getloadavg()
isn't implemented) . Contributed by Keneth Stailey.
    Documentation updates (FAQ and pure-ftpd man page), translation updates.
    Autoconf updated to 2.52g, Automake to 1.5b.

* Version 1.0.4 :
    Clean up pure-config.pl and use Perl's exec with an array, circumventing
the system shell. (Gives less surprises with strange characters in the config
file, is also more efficient.) (Matthias)
    Clean up pure-config.py and use os.execv, work done by Joshua Rodman.
Thanks a lot. Autoconf adjustments to pure-config.py by Matthias.
    Fix configure.ac to use ":" in the path to AC_PATH_PROG rather than " ",
add PYTHON search, declare PERL and PYTHON precious, if not found, default to
/usr/bin/env <program>, add pure-config.py to AC_CONFIG_FILES. (Matthias)
    Close descriptors in pure-ftpwho (paranoia. I wasn't able to change any
ftpwho file even without this -j.)
    New ADD_EXTRA_GROUPS_TO_ANON unofficial macro to enable supplementary
groups for anonymous users (disabled by default) .
    Accept 2000 chars long .message files even on systems where MAXPATHLEN
is very low (e.g. Irix and FreeBSD) . Contributed by Michael Glad
<glad at daimi.au.dk> .
    Recognize "p@sw" as a synonym for "pasv" to bypass SMC Barricade mangling.
    Fixed compilation on Corel Netwinder devices (Gareth Woolridge).
    Allow EPSV when IPv6, regardless of the broken compatibility flag.
    A workaround for buggy Autoconf versions was added in configure.ac
(AC_PATH_PROG didn't work when the path wasn't a variable : IFS was set but
it wasn't effective without any substitution) .
    Have dodele() handle unlink() errors even when virtual quotas are
enabled. Also, the stat() (that was changed to lstat())/rename() race was
fixed by an additional lstat() on the destination file.
    simplify() has been moved to ftpd.c . We call it for mkd/rnto/stor file
names before stripping spaces, just to be a bit more annoying with warez
players.
    VUSERS stuff was removed. It has been obsoleted by the puredb backend.
    New FAQ file.
    The ML address has changed to pureftpd.org/ml instead of a direct link
to SF, just in case we move to something more reliable.

* Version 1.0.3 :
    New ASCII conversion function (doasciiwrite()), faster, easier and less
buggy than the original one. And it fixes a funny compatibility issue with
Homesite.
    Look for perl in /usr/bin before /usr/local/bin (better to build RPM
packages) .
    Don't forget to remove libsafe before building binary packages :)
    New unofficial macros : DISABLE_MKD_RMD and DEFAULT_TO_BINARY_TYPE.

* Version 1.0.2 :
    Upgraded to Autoconf 2.52f.
    Disallow rnto to existing files when quotas are enabled. Not for
nonexistent files.
    Don't use setfsuid() when system quotas are enabled -> undef
HAVE_SETFSUID_H in ftpd.h if SYSTEM_QUOTAS if defined.
    Always restrict the size of chunks for downloads when ftpwho is enabled.
    Parse every component of the path in create_home_and_chdir().
    Include some more (v)snprintf() implementations, using vfprintf() and
_doprnt() . Needed for Tru64.
    The upload pipe now receives upload info as follows :
\002username\001filename\000 . That way, virtual user names can be read.
    PureDB is now covered by a BSD license and it was upgraded to version
2.0 .
    Don't forget the -k option in Perl/Python parsers.

* Version 1.0.1 :
    Enable keepalive on data sockets, disable ndelay.
    Downgrade to autoconf 2.52.
    Fix 'left' value when throttling is enabled in doretr() with sendfile() .
    Add --without-nonalnum / PARANOID_FILE_NAMES.
    New funny french messages.
    Quota fixes when uploads are aborted. New dostor_quota_update_close_f()
function. Yeah, what a nice and long name :)

* Version 1.0.0 :
    Remove the last dynamic array in dostor(), use ALLOCA instead.
    Solaris considers mmap()ed region as char * instead of void *. Add
explicit casts to shut up the compiler.
    Add CallUploadScript in pureftpd.conf sample.
    Support Base64-encoded MD5/SHA and salted MD5 (SMD5) and SHA (SSHA) 
LDAP passwords.
    Updated danish translation - Lyberth.
    Updated polish translation - Arkadiusz.
    New messages_sk.h and messages_kr.h translation files.
    Renamed messages_sp.h -> messages_es.h .
    Separate {bandwidth,quota,ratio} changed pairs in AuthResult.
    Accept @ for LDAP logins.
    Have pure-uploadscript write a /var/run/pure-uploadscript.pid file.
    Irix portability fixes, thanks to Florin Andrei <elf_too at yahoo.com>.
    MLST/FEAT conformance fixes.
    PAM fixes (Thorsten).
    Get rid of the dot_ok global.
    Have the main server delete ftpwho files.
    Check for statvfs64().
    Spec file improvements (Bernie).
    keepallfiles = 0 when users belong to the trusted group.
    Disable quota for anonymous users.
    Fix various compiler warnings (Matthias).
    Have pure-pw support puredb files even when the server hasn't been
compiled --with-puredb. Suggested by Arkadiusz.
    New --with-sysconfdir configure switch. Suggested by Arkadiusz and
Matthias.
    Don't strip spaces in commands, unless SKIP_TRAILING_SPACES is defined.
It was an historical behavior but it breaks spaces before and after file
names, passwords beginning with spaces, etc. Thanks to Andreas Piening
<Andreas.Piening at ePost.de> for helping to solve that issue.
    Replace extra spaces around uploaded file names (and rnto) with '_' to
avoid stupid practices of warez folks.
    New message files format checker (messages_check.pl) provided by
Matthias Andree.
    Add mysnprintf.{c,h} wrapper for brain damaged snprintf() implementations.
    Refuse rename() with --keepallfiles.
    Upgraded autoconf to 2.52d. Get rid of acconfig.h .
    Changed configure.ac trailer - Contributed by CmdrTaco of Slashdot (only
two people know why... this is the mystery of pureftpd :)
    Misc. nice cleanups everywhere (Matthias, Bernhard, Jason, Arkadiusz).
    Upgraded to gcc 3.0.2 for binaries.
    Don't increase size quota when overwriting existing files - Reported by
Eric <ericnew at pacific.net.sg> .

* Version 0.99.9 :
    Complete rewrite of src/*ftpwho*. We now use a scoreboard directory
(/var/run/pure-ftpd) with mmap()ed structures instead of SysV IPC. It might
be a bit slower than IPC, but it's definitely more reliable, it doesn't need
any OS tweaking, it's simpler code, etc.
    Support the service part in getnameinfo() emulation code for pure-ftpwho.
    Ansified bsd-glob* and gnu-getopt* .
    Avoid a clash for struct statfs between sys/vfs.h and sys/capability.h .
    Consider negative filedescriptors as valid (prepare for O_DIRECT).
    -H is now a synonym for -n in pure-ftpwho.
    Use safe_write() when possible instead of plain write().
    Much efficient buffering code in ls.c .
    New -m switch in pure-pw. New environment variables for the default path.
    Refuse atomic replacement of files when quotas are enabled.
    Accept pure-pw mkdb without any further argument.
    New pid_file glob.
    Documentation fixups. Contributed by James Metcalf <james at asset-ict.com>
and http://www.php4hosting.com/ .

* Version 0.99.4 :
    Change uploaded and downloaded to unsigned long long. Display file
sizes as unsigned long long in src/ls.c. (Thorsten/Matthias)
    RPM improvements. (Thorsten)
    Chroot everyone by default in pure-pwconvert.
    Refuse 0Kb bandwidth for throttling in pure-pw. Reported by Ben Weir.

* Version 0.99.3 :
    Don't include users that don't have a valid directory in pure-pwconvert.
    Old versions of MySQL (<= 3.22.x) are now supported.
mysql_real_escape_string() wasn't implemented. We now just check this in
configure and fallback to mysql_escape_string() if necessary.
    Fixed RPM building with PAM, thanks to Sergey Mihailov.
    Add PureDB to configuration file wrappers, thanks to Sergey Mihailov.
    Include sysconfig sample in RPMs.
    Support MySQL's password() hashing function. Contributed by Robin Ericsson.
    Dutch translation updated (Johan�Huisman�<sietze.jan.huisman at 12move.nl>) .
    New keyword in mysql config : MySQLTransactions.
    Reject new uploads if user_quota_files/size > quota->files/size .
    dynamic.c rewritten in a simpler way.
    Allow @ and : in MySQL login names (Contributed by Arkadiusz).
    Add ratios and bandwidth to the MySQL backend.
    Accept the "any" keyword for MySQL auth. Don't if...else if
crypto schemes. Try them all in order instead. (src/log_mysql.c)
    Duplicate the content of environ instead of nullizing it. Longer, but it
helps pure-ftpd work on older C libraries (libc5).
    Individually check IPv6-specific functions and macros. Some systems e.g.
MacOS X have a partial implementation (getaddrinfo() without getnameinfo()) .
    Check for SysV semaphores and don't enable ftpwho on operating systems
they are missing on.
    Really support extended DES hashing.
    Cleanups to german messages, more informative message for PASV usage
with IPv6. (Matthias Andree) .
    Strip extra info in gecos (src/pure-pwconvert.c) .
    Add IP filtering and time restrictions to log_puredb/pure-pw.
    New SQL digraph : \D.

* Version 0.99.2a :
    When quotas were enabled, but no quota was specified, uploads were
always truncated to 0 bytes. It has been fixed.

* Version 0.99.2 :
    Upgraded Automake to 1.5.
    New translation : dutch.
    Fix --createhome option, reported by Lan Yufeng.
    New quotas.{c,h} files.
    Fix compilation when MySQL stuff is installed in /usr .
    Remove host name in the minimal banner.
    Add [NOTICE] and [DEBUG] qualifiers to logfile().
    New DONT_LOG_IP macro, force '?' into host global.    
    Some operating systems (at least Solaris > 2.7 and FreeBSD < 4.3) have
strange troubles with reusing TCP ports, even when SO_REUSEADDR is enabled.
Although it is an OS issue, we try several unassigned privileged ports as a
workaround for active connections. The last ressort is to let the OS assign
a port. But you can filter everything >1023 on your firewall if you feel
paranoid (and fix the server OS) .
    New unofficial macro : ANON_CAN_RESUME, to authorize anonymous users to
resume transfers.
    New -n / --quota option.
    New program : pure-quotacheck.
    Merged the PureDB package.
    RPM can now be build with PAM support, thanks to a new variable called
con_pam. Contributed by Juan Pablo Gimenez <jpg at rcom.com.ar>
    Add a "password" attributes to the PAM sample.
    Stat the / directory and compare it with what we are chmod()ing. If it's
the same inode/device pair, enforce read+exec+write rights for the user.
    Use AF_UNSPEC as a family instead of AF_INET/AF_INET6 when getaddrinfo()
is called with AI_PASSIVE.
    All authentication stuff has been moved in src/log_*.c files, including
what's needed to parse/allocate/free related structures. All modules have the
same hooks, grouped in a new structure : Authentication .
    Semantic change for AuthResult.auth_ok : 0 means a soft error (user not
found, or server temporarely down), -1 means hard error (bad password), 1
means ok. To be secure, we fall back to the next authentication method only
on soft errors. Also, AuthResult objects are now passed by address to
authentication handlers.
    New --with-puredb switch in the autoconf script.
    New files : src/pure-pw.{c,h} man/pure-pw.8
    Disable TCP_CORK, some Linux users reported strange behavior because of
this.
    Disallow crazy chunk sizes for uploads, to save our beloved stack,
especially when throttling is enabled. Thanks to Daniel Tschan.
    Made zrand() returns an unsigned int, so that zrand() % xxx is always
positive.
    New files : src/log_puredb.{c,h}
    Scan several common paths for pure-ftpd in pure-config.pl.
    New pure-pwconvert tool, suggested by <olle at xmms.org> .

* Version 0.99.1b :
    Fix access problems to remote MySQL servers. - Thanks to John Hart.
    New program : "pure-statsdecode" to convert timestamps into human-
readable dates in "stats" logfiles.
    Add peer info to authentication (pw_*_check()) functions.
    When MySQL or LDAP are enabled, add additional groups of the system uid.
    Made LDAP attributes more configurable (macroized strings in log_ldap.h) .
    New digraph for SQL substitions : \R (remote IP) .
    New fields for the LDAP configuration file parser : LDAPDefaultUID and
LDAPDefaultGID.
    Updated the LDAP documentation.
    Check that programs linked against mysqlclient can run in configure.ac .
Because some people forgot to add libmysqlclient.so in the configuration of
the dynamic linker.
    New create_home global, new --createhomedir/-j switch, new
create_home_and_chdir() function.

* Version 0.99.1a :
    New alternative logging format : "stats", designed for the ftpStats
application.
    Cosmetic fix with ratios.
    New -K / --keepallfiles directive.
    Workaround for broken clients that don't properly end up their command
lines.

* Version 0.99.1 :
    Don't call uploadscript on downloaded files when CLF logs are enabled.
    New SNCHECK macro to check snprintf() return values. Older
implementations return -1 for overflows, while C99 dictates that the number
of chars that would have normally be written should be returned. So, we
check the implementation in configure.ac and define this macro to do the
right thing.
    Don't try to read /dev/urandom when chrooted.
    CORK and NODELAY can't be used together.
    Support pipelining (fixes lftp async mode).
    Changes of process names are now properly handled on Linux - Thanks to
Juergen Henge-Ernst.
    Split Unix auth stuff into log_unix.{c,h}, new AuthResult structure.
    Properly report download progression and speed in pure-ftpwho. The
problem was in sendfile() downloads, when both FTPWHO and THROTTLING were
defined (&& instead of || in the test... stupid failed optimization) .
    Fix getnameinfo() emulation by passing a valid IP address to
gethostbyaddr() .
    Allow LDAP path override.
    Disallow root uid/gid in LDAP.
    Document that adding "shadow" to PAM sample rules can fix some hardened
distributions, suggested by Joe Silva.
    Use statvfs, not statvfs64 for large files on Linux when __REDIRECT is
defined.
    Externalize zrand().
    Merge MySQL authentication.
    Fix throttling + large files.

* Version 0.99b :
    Check socket/resolver libs in configure.ac before socket-related tests.
It fixes LDAP compilation on Solaris.
    Pad the day to two characters in CLF.
    Downloaded/uploaded files are now logged with LOG_NOTICE priority.
    Add --without-sendfile configure switch - sets DISABLE_SENDFILE macro.
Disabling sendfile is useful on some OS with some filesystems that don't
support zero-copy transfers like SMBFS on FreeBSD 4.3 .
    Merge hash functions : crypto.{c,h}, crypto-sha1.{c,h} and crypto-md5.{c,h}
    Renamed pam_ftp_check() to pw_pam_check() .
    Don't display group list in minimal mode.
    Fill in the uid/name cache after an authenticated login.
    Minor RPMs improvements. -Still not a relocatable package, though-
    Fix non-root mode : don't dereference pw in dopass() if NULL.
    Include the BSD license in COPYING.

* Version 0.99a :
    Always display the local IP and port with pure-ftpwho -v.
    Don't log an extra \001 is CLF output, properly report negative time
zones, zerofill hour/min/sec to 2 digits.

* Version 0.99 :
    New README.Debian file.
    Fix ls -C arithmetic error with long file names. Reported by Old Mole.
    Corrected the german translation for grammatical/spelling errors,
translated missing messages. -Contributed by Bernhard Weisshuhn.
    Danish translation. -Contributed by Isak Lyberth.
    Log login attempts with disabled accounts. Admin can still check what's
wrong even --with-paranoidmsg . The new message is MSG_DISABLED_ACCOUNT.
    Improved pure-config.pl.in : extra parameters can be added in command
line.
    Fix throttling on FreeBSD : BSD sendfile() returns -1/0 , not the
number of transmitted bytes.
    Show s/S/t/T flags in ls -l - Suggested by Bernie.
    Removed --without-chmod, added -R options.

* Version 0.99pre2 :
    Fixes to make pureftpd compile on Solaris 7 and 8. Warning:
untested. Large file support may be broken.
    Minor robustness/warning fixes.
    "ftp" can be used as a fake shell, no need to add it to /etc/shells.
    Documented that anonymous FTP needs an "ftp" account in an LDAP
directory - Thanks to Adrian Zurek.
    Fixed a typo in pure-config.pl : UserBandwidth handled $2 not $1 -
Thanks to Vincent the Herisson
    Upgraded Automake to 1.4p5 and Autoconf 2.52.
    Renamed deprecated configure.in to configure.ac .
    RPM fixes - Contributed by Oliver Soell <oliver at fusionit.com>
    More accurate throttling, don't only check seconds, but also usec 
- Contributed by Frank de Bot.
    Don't log client crashes as timeouts - Reported by Matthias Andree.
    Stop if --with-pam was specified, but PAM headers are missing.
    Add %s in die() - Thanks to Matthias Andree.
    New logpid global - Matthias.
    Added PARANOID_MESSAGES macro (see src/messages.h)
    Have RNTO work when the target file name already exists - Reported by
Bernhard Weisshuhn.
    Allow transfers through sendfile() longer than <idletime> , needed for
very large files transferred over slow links (odd idea, but why not) .
    Changed the trustedgid behavior when the /./ trick is used : members of
the trusted group *are* chrooted, but they have no ratio and dot-files are
allowed.
    Added --with-paranoidmsg compile-time option to enable PARANOID_MESSAGES.
    Implemented alternative IPv6 functions for backward compatibility with
old IPv4 only stacks. Check out src/ipv4stack.* and the new OLD_IP_STACK
macro. We assume the stack is IPv4-only if getaddrinfo() doesn't exist.
    Display version number in '-h'.
    New files : altlog.{c,h}
    New option : -O / --altlog , new macro WITH_ALTLOG, new globals altlog_*,
new autoconf switch --with-altlog .    
    Try to use ALLOCA in internal statement blocks instead of local
fixed-size arrays. The result is the same and the source code is a bit more
complex, but it saves stack space especially on path names.
    Minor code cosmetic cleanups (I really hate if/loops without braces) .
    Improvements to the FreeBSD port : LDAP can be compiled in.
    List KcmPureftpd in README.Contrib .
    New --with-bloat^H^H^H^H^Heverything autoconf switch.
    Added NO_PROCNAME_CHANGE macro just in case people don't want processes
to change name (workaround for a bug on older glibc) .
    Return 550 instead of 530 when CWD fails. Silly broken clients like
AbsoluteFTP choked on this.
    Don't assume that no sendfile() implies support for large files.

* Version 0.99pre1 :
    Have MSIE open an authentication dialog when anonymous users are
forbidden (-E) in compatibility mode (-b) .
    Don't CORK_OFF a bad file descriptor in error() - Reported by Sami Farin.
    Don't reply with PASV/SPSV/EPSV when -N is enabled.
    Don't forget to initialize gl_pathc and gl_pathv in glob_() - OpenBSD
didn't like it.
    Fixed typos in documentation.

* Version 0.98.7 :
    gui/build.sh improvements by Peter Pentchev.
    Correct typo in the pure-uploadscript man page.
    Always parse the last element in upload ASCII conversion.
    Reduce the random tapping delay, some users find it annoying.
    More parser cleanups and optimizations.
    Don't glob any more for chmod and dele.
    Follow symbolic links for downloads.
    Made autorename an argument for dostor() for dostou() atomicity.
    Minor optimizations for passive port computation (to be paranoid, we
never rely on OS port assignment, so give up the old TrollFTP code)
    Replace since -> xfer_since in pure-ftpwho to avoid FPE. Add even a
signal handler, just in case.
    Never forget to check that shm_data_cur is != NULL before dereferencing
it.
    Wait a bit when MAX_THROTTLING_DELAY is reached.
    Don't make PAM sessions failures fatals. And don't even try to open a
session when WITHOUT_PAM_SESSION is defined.

* Version 0.98.6 :
    Properly truncate uploaded files, even if restartat == 0.
    Added MSG_NO_ASCII_RESUME.

* Version 0.98.5 :
    Recognize ADAT command for Kerberized Fetch 5 (Macintosh).
    Added a contrib/ directory and README.Contrib.
    Minor Autoconf and code cleanups.
    Debian package updates - no more hang at end of the install procedure.
    Open PAM session (patch by Sami Koskinen <tossu at cc.hut.fi>).
    It looks like some OS/C libraries don't like to share syslog
descriptors. To be safe, we have to reopen the syslog for each client, 
grr!
    Disable auto login (handy, but buggy clients sending fancy commands
before authentication choked on this) .
    Disable the 'man page segfault' humor :(
    Fix largefile compilation on Linux (reported hy Andreas Westin).
    Don't wait for throttling when download is completed.
    Use statfs() and getloadavg() on *BSD.
    Don't keepalive, don't linger.
    Don't forget to parse the last element in pure-ftpwho (reported by
Brandon Covert).
    Merge the virtual host login code with the regular login code (suggested
by Chris Mentjox <chris at widexs.nl>.
    ftp_parser.c/sfgets() rewritten to optimize read() calls.
    Use the same policy to forbit dot-files for cd and for other commands,
for consistency and to ease migration from other servers.
    Don't unlink() partially uploaded files unless user is anonymous.
    Add fillenv() and newenv_*() in pure-uploadscript.c
    Skip initial \n in banners.
    Rewritten upload acceptation to avoid duplicate code and possible races.
    Externalized some functions to save stack space.
    Add non_noupload global and the -i flag.
    Don't chmod 600 incomplete uploads. I will miss that feature, but some
people don't like it and pure-uploadscript may be a better alternative for
integrity checking.
    New trustedip global, that contains the trusted IP address allowed
to accept non-anonymous connections.
    WITH_VIRTUAL_HOST macro to #ifdef the virtual hosting code.
    Check for statvfs_t, security/pam_misc.h and sys/loadavg.h for Solaris.

* Version 0.98.4 :
    Slightly reduce the password delay if PAM and LDAP aren't enabled.
    Open the syslog as soon as possible (before accepting client
connections) . It solves the nasty long-standing syslog-output-in-client-fd
bug.
    Don't localtime(NULL), it crashes under FreeBSD.

* Version 0.98.3 :
    Close listenfd, but close(2) only if it's a tty (maybe it's an
uploadscript descriptor) .
    Save errno in signal handlers.
    Paranoia : introduce a random delay after password entering.
    Disable signals in die() and sigurg(). This is just paranoia, the signal
handlers are *not* vulnerable to the problems described in the Razor paper.
    Fix ls <link to directory> behavior, to list the content of the
directory, not the directory name.

* Version 0.98.2a :
    Upgrade to Automake 1.4-p2 and Autoconf 2.50.
    Accept "." in LDAP user names.
    Fix --sysloghack for Debian users (DEBUG was defined)   

* Version 0.98.2 :
    Portability : check for __ss_len, not only ss_len.
    New function for platforms without setfsuid() : usleep2(), blocking
signals when we are sleeping.
    long double usage in pure-ftpwho, to avoid floating point exceptions.
    Upgraded to Automake 1.4-p1.
    Define syslog names if libc hasn't them.
    Check for nsl/socket/resolv requirements.
    Use statvfs is statfs is not available.
    Fix compilation against old OpenLDAP versions (1.x) .
    Added --without-globbing (also defined in minimal mode) .
    Check for sendfile() variants (Linux, FreeBSD or none) . FreeBSD (and
possibly other OS with a similar implementation) can now use sendfile().
    ABOR is now handled. We do this by intercepting SIGURG and by keeping
the transfer file descriptor in xfer_fd (may be datafd or what accept()
returned) .
    Added a restartat field in the ftpwho structure.
    Complete rewrite of sreaddir(). We're now using two distinct memory
segments : one for metadata (struct FileInfo) and another one for file
names. Also, stat()ing data is done when reading the directory content and
kept in memory to avoid stat()ing again for displaying. And we have buffers
grow instead of restarting. And we don't rely on the what st_size returns
for the directory, that's useless and it eats memory for nothing. And ls -S
works. To summarize, the new built-in ls rocks, it's way more efficient than
the previous BSD horror. And it's portable. We stat() again for modern
listing, though (MLST), because we need inode and device numbers and we
have to deref links and MLST should be ready for extended attributes (like
ACL), while sreaddir() shouldn't fill memory with extra info.
    Log virtual domains logins.
    Handle virtual domains in pure-uploadscript.
    Fix XML output (Jason Lunz)
    Solaris port and documentation.

* Version 0.98.1 :
    Fix display of group listing for group names with white spaces and very
long group names.
    Umask for dirs and umask for files are now different (umask & umask_d) .
    New --with-sysloghack flag.

* Version 0.98-final :
    Added Spanish translation by Luis Llorente Campo
<luisllorente at luisllorente.com> .
    Added download_total_size, download_current_size, local_addr and
xfer_date to the FTPWhoEntry structure.
    New output targets : shell (-s) and verbose ASCII (-v) .
    Paranoia : add more entropy to the zrand() function.
    Changed u_mask default to 133, uploaded files are now 777.
    bandwidth_throttling was split into bandwidth_throttling_ul and
bandwidth_throttling_dl.
    Syslog is now opened after forking. It fixes the nasty syslog-to-
clientconn bug due to dup2() and/or syslog mutex internals.
    Logging can be disabled with '-f none' .

* Version 0.98pre2 :
    Don't use a fancy directory separator for recursive 'ls' because NcFTP
chokes on this when mirroring. It's a pity. The previous one looked great.
But we have to keep clients happy.
    Listen on IPv4+IPv6 by default even on OpenBSD.
    Minor optimizations (don't test for optarg != NULL, trust getopt() and
use switch instead of else if to parse command-line options) .
    Renamed mrtginfo to pure-mrtginfo, because mrtginfo was too confusing
and it could clash with other packages.
    Added pure-uploadscript and its man page.
    Added the '-o' option and the --with-uploadscript configuration flag.
    Documentation : added forgotten NATmode example in the pure-ftpd.conf
file.

* Version 0.98pre1 :
    Don't hardcode the pure-ftpd path in pure-config.pl (Peter Pentchev).
    Actually include the polish translation.
    Updated the Netfilter documentation. The EPSV/EPRT patch is no longer
pertinent, because EPSV/EPRT support was merged in kernel 2.4.3ac14.
    Fixed welcome.msg typo (Thanks to Togusa).
    Increased the banner size to 2000.
    Support long options even if getopt_long is unavailable (especially for
BSD) .

* Version 0.97.7 :
    Upgraded to Autoconf 2.49e.
    Semaphores/shared memory perms should be & 0777 for FreeBSD.
    Merged polish translation (Arkadiusz) .
    Cleaned up headers includes.
    Added HTML and XML outputs to pure-ftpwho.
    Added pure-ftpwho man page.

* Version 0.97.7pre3 :
    Changed 'killall -HUP xinetd' to 'killall -USR2 xinetd' in the README
file (pointed out by Olivier Tharan <olive at zehc.net>) .
    configure.in : fixed --without-ascii, add --with-welcomemsg.

* Version 0.97.7pre2 :
    pure-ftpwho marks a slot as free is there is no associated process. 
    Possible fix for a realloc() problem reported by Emmanuel Hocdet.
    Added dmalloc support.

* Version 0.97.7pre1 :
    Block SIGCHLD before calling iptrack_add() .
    HAS_WAITPID is HAVE_WAITPID.
    Check for setproctitle (*BSD) .
    Reset restartat to 0 after a successful stor/retr (Jobush) .
    Don't open with LOG_CONS.
    Completed the romanian translation (Claudiu) .
    Added WELCOME_MSG_COMPATIBILITY hack.
    Optimization : only call setprogname if state_needs_update != 0.
    maxusers defaults to 50 and maxip to (1 + maxusers / 10) .
    ftpwho. Added --with-ftpwho.

* Version 0.97.6 :
    Merged docwd/ls bounds checking for ~ expansion.
    Enable the '.banner' file for authenticated users.
    Cleaned up the man page.
    Added disallow_passive global.
    Optimized bsd-glob.c.   

* Version 0.97.5 :
    Cleaned up bsd-glob, no need for alternate directory functions.
    Replaced __ macro by _COMA_ to avoid conflicts on Tru64.
    Replaced \s by \s+ in pure-config.pl.in and pure-config.py (Emmanuel
Hocdet) .
    Properly probe next ports if a random port can't be bound.
    In dostor(), get the file size is in 'filesize', not in the initial
stat() call.
    Added the '-4' option.
    Updated the 'Contributors' part in the man page.
    Removed leading space in dosize() result.
    Added u_mask global.

* Version 0.97.4 :
    getgroups() should always be called *after* seteuid()! The BSD port
broke this.

* Version 0.97.3 :
    Always log the speed, whatever it is (suggested by William Kern(el panic)) .
    Always display the current number of clients in the initial banner.
    Always chdir() before chroot().
    Use of <config.h> instead of -D for cleaner compilation (contributed by
Jason Lunz).
    Clear arguments, to avoid bloat in the 'ps auxw' table.
    Recognize HELP SITE and SITE HELP.
    Added addreply_noformat for multi-lines responses.
    STAT command.
    Support "modern" directory listings (modern_format() func) . Used to
implement MLST and MLSD. Listings are "modern" or "traditional" according to
the modern_listings global.
    Added --with-minimal.
    Added --with-nonroot to disable chroot()/setfsuid(), so that the server
can work without root privileges.
    Added --with-language.
    Fixed largefile+throttling compilation.
    Changed 'quota' to 'ratio' everywhere. Quotas will be something else.
    Create /var/run/pure-ftpd.pid . Remove it when a signal is caught.
    Added romanian translation from Claudiu Costin <claudiuc at kde.org>.
    Added german translation from Mathias Gumz <gumz at cs.uni-magdeburg.de>.
    Added french translation from Ping <ping at root42.net>.
    Allow download of 0-byte files (reported by Louis Rouxel).
    Include <netinet/in_systm.h> and <sys/mount.h> if presents.
    Define STORAGE_LEN and STORAGE_FAMILY for BSD and Glibc compatibility.
    Use seteuid() instead of setfsuid() on non-linux systems.
    Non-pam, non-shadow passwords are working again.
    Upgraded to automake 1.4d.
    Latest unstable glibc for Debian define ss_family instead of
__ss_family. A test in configure.in was added for this. A test for ss_len
was added by the way.

* Version 0.97.2 :
    Added epsv_all.
    Tell the client when per-IP limit is reached.
    Daemonize if '-B' is given (daemonize global).
    Don't assume that 0 isn't a valid file descriptor. Yes we use 0/1 for
the command socket so 0 should never be reused again. But it's to be quiet
in our mind and to prevent bad surprises if we ever change this in the
future.
    Add file size to speedstring (speedrate() function) .
    Compare dataconn IP with *peer* IP, not cltrconn!!! It broke passive
transfers in 0.97.1, grrr...
    Corrected a bashiszm in configure.in (Arkadiusz Miskiewicz)

* Version 0.97.1 :
    Added more entropy for the port number of passive connections and
refuse connections from hosts who doesn't own the control socket.
    .message and .banner files couldn't contain only white spaces - fixed.
    Disable HELP in broken mode because very old WSFTP clients send this.
Donnu why. But they do.
    Add a message to the syslog when the per-IP limit is reached.

* Version 0.97-final :
    Strip debugging mode (XDBG) unless compiled with -DDEBUG. Who needs this
on production servers, anyway?
    In standalone mode, close the listening socket when SIGTERM is received.
    Catch maxusers in the standalone server code. If the server is busy,
don't even try to fork (optimisation) .
    The default syslog facility is now 'ftp' instead of 'local2'.
    Paranoia : set the close-on-exec flag on the listening socket and close
stdin/stdout/stderr.
    Dynamically change process titles to reflect their activity (pure-ftpd
[SERVER|IDLE|UPLOAD|DOWNLOAD]) .
    Accept non-ascii (accents) file names (check if <32U in checknamesanity).
    Added dynamic.c for IP tracking. Yes, the code could be optimized for
speed with two hashed tables (ip->number pid->link to the previous table).
But it's simple and fast enough if you don't have 500000000 simultaneous
users (and if you do, you have a high end machine, don't you?) .
    Added '-E' flag. anon_only = 0 (normal mode) -1 (no anon) or +1 (anon
only) .

* Version 0.97pre5 :
    Added '-U' option to change the umask (Thanks to Guenter Bittner for the
suggestion).
    Standalone mode : updated configure.in (NO_STANDALONE, NO_INETD),
standalone_server(), standalone global, daemons() is skipped if we are only
standalone, ...
    Added '-x' and '-X' options to prevent users from writing/reading
dot-files, even though they are authenticated (add globals
dot_write_forbidden and dot_read_forbidden) . Restricting access to
directories starting with '.' added many lines of code for such a simple
operation. However, it's done in a secure way : we don't get fooled by
relative paths and links.
    Bandwidth throttling in now in KB/s (throttling_bandwidth global) . We
do it the long, but right way, with compensation_delay = (transmitted bytes
/ throttling_bandwidth) - (tn - t0), recalculated between each
received/transmitted chunk. A bit slow and bloated, however, but more
efficient than a fixed approximation. To minimize bandwidth starvation with
non-transfer commands, we impose a delay (throttling_delay) of 1sec/bandwidth.

* Version 0.97pre4 :
    Added '-D' option to force 'ls' display dot-files even when a client
doesn't send the '-a' option (ls -la) .
    Keep the previous permissions when overwriting a file. Thanks to Darren
Casey for reporting this.
    New '-I' option to change the maximum idle time (idletime global) .
Also, a new function (antiidle()) is called for each dummy command (no
login, no transfer) . Because many modern FTP client send "noop", "cwd" or
"pwd" all the time to avoid timeouts. When we encounter something like this,
we give it grace time (twice the normal timeout, because the client is
active), but we disconnect him if this grace time expires anyway.

* Version 0.97pre3 / 0.96.2 :
    HELP is ignored if followed by an argument.
    Made SITE commands work anew with subcommands in upper case.
    Finally replaced the GNU globbing stuff by ported BSD code (NetBSD libc
variant) . It's faster, it's cleaner, it's less buggy. The code was modified
to accept recursion limits (rather than a maximum buffer size), match limits,
and tilde expansion was disabled.
    Limited the default maximum listed files to 2000 instead of 4242 and 5
subdirectories for recursion.
    Support for shadow passwords expiration dates.
    New eye-candy delimiters for subdirectories in a directory listing.
    Moved capabilities-related functions to caps{.c,.h,_p.h} .
    Support for large (> 2 Gb) files.
    Reduced the IPv6 EPRT code, we now call doport2() like IPv4 PORT/EPRT
commands. That way, we now support IPv6 FXP as well.
    Added the new logfile() function to customize the syslog output.

* Version 0.97pre2 :
    Fixed a memory leak/duplicate free problem in glib-glob().
    Added memory usage limits.
    Added missing messages from ls.c to the "messages.h" file for translation.
    Reverted the cap_free() calls semantic.

* Version 0.97pre1 :
    Check for and convert 4-in-6 addresses (fourinsix() function). Also
check for valid addresses (checkvalidaddr()) .
    Also check /proc/net/tcp6 when IPv6 is enabled.
    Code cleanups.
    Added DIE and DIE_MEM macro to shrink the source code.
    Commands are already in lower case, so don't call strcasecmp() anymore,
strcmp() is faster.
    Paranoia : refuse invalid IP addresses (multicast, null, broadcast).
    Converted all strings to macros for localisation.
    Ignore ~ if we use LDAP to avoid useless queries. But tilde expansion
with LDAP is still implemented, just #undef IGNORE_TILDE if you want to use
it.
    Added overlapcpy() function in place of safe strcpy. This looks pointless
under Linux, but we must follow the specs, anyway.
    Upgraded to Autoconf 2.49d.

* Version 0.96.1 :
    Changed the ASCII restart message ("Okay, but your client violates RFC")
to something more friendly.
    New possibly more secure glob() implementation. It's a hack of GlibC
2.2.2's glob() providing sglob(), able to limit recursion depth and the
number or results. It's not perfect (is should return GLOB_NOSPACE in some
situations instead of an empty list), but it should be a definitive solution
against all possible globbing attacks.
    Added a limit of 17 minutes of CPU time consumming. Yes, 17 minutes is a
huge limit.

* Version 0.96 :
    When FXP is refused, send 500 as a reply. It helps broken NAT boxes deal
with Pure-FTPd servers since the client thinks EPSV isn't supported and it
tries PORT instead.
    Added chdir() after listing a directory just in case we didn't get back
where we started if we reached a limit.
    Avoid loops in directory listings.

* Version 0.96pre1 :
    Added '-P' flag to explicitly set an IP address in reply to a PASV
command.
    Added '-A' flag to chroot() everyone. If '-A' is combined with '-a', the
last option takes precedence.
    Added '-H' flag to avoid DNS resolution.
    Reverted the 0.95.1 change : 7 bits is always supported, even without
'-b'.
    Added FEAT command (rfc2389) .
    Allow anonymous users to create directories if they have write access to
the parent directory.
    Fixed virtual hosts and updated man page/README.
    Changed every sockaddr_in structure to sockaddr_storage. Added
STORAGE_PORT, STORAGE_PORT6, STORAGE_SIN_ADDR, STORAGE_SIN_ADDR6 and
STORAGE_FAMILY macros (ftpd_p.h) . Added addrcmp() to compare two
sockaddr_storage addresses (is there a faster way to do this?) and
generic_aton() to have an ipv4/ipv6 inet_aton() function. IPv6 support
should be completed, yeah!
    Added max_ls_depth and max_ls_files globals and changed listdir()
prototype to abort if we went to deep into the directory tree. Added -L
option.
    Added allow_anon_mkdir global.
    New function fortune() to display a random line of a text file. It
uses mmap() and should be very fast. A new global fortunes_file stores NULL
(no cookie) or the cookies file name. Added '-F' to set the file name.

* Version 0.95.2 :
    Changed 'ls' format to add one space to the size format and the size
is now casted to unsigned long long.
    Implemented STOU and ALLO.
    Implemented APPE. The dostor() prototype was changed to accept an
'append' parameter to 'restart' according to the current file size.
    Added '-e' flag to only accept anonymous users (anon_only global,
checked in douser()).
    Reverted the previous capabilities change. CAP_SYS_CHROOT can be safely
dropped, but we have to call drop_login_caps() later in dopass().
    Updated man page (list of supported commands and minor typo fixes).

* Version 0.95.1 :
    Daemons.c : only counts sockets in CONNECTED state (1). So that
listening sockets are implicetely ignored and closing sockets aren't
creating false counts.
    Capabilities : we need CAP_SYS_CHROOT even after login to properly
handle the -a flag.
    Removed 'md5' in the PAM example.
    Ignore type (ASCII/8 bits) if broken == 0, always do 8 bits by default.

* Version 0.95 (final) :
    Changed the PAM sample file (pam_pwdb->pam_unix) to please more
Linux distributions.
    Fixed getpwnam() NULL pointer dereferencement when user didn't exist.
    Changed passive mode acknowledgement to "227 Entering Passive Mode" to
please Netfilter's ip_conntrack_ftp module.
    Added SPSV command.
    Added XCWD and XCUP aliases.
    Disallow PORT commands to ports < 1024.
    Various source code cleanups.
    Really reset restart offset to 0 when offset is too large for a file size.
    Paranoia : disallow '\' characters when dot-files aren't allowed.
    Added quotas (quota_upload, quota_download, quota_for_non_anon, -Q/-q
flags, autoconf QUOTAS macro) .
    Paranoia : check every (v)snprintf() return value.
    PAM is now disabled by default in autoconf. Spec file was updated to
reflect the change.
    LDAP support. Added the log_ldap* files and a wrapper for getpwnam.
    Cleaned the doc format (tabs).
    Disallow EPSV in broken compatibility mode (-b).
    Added a generic basic parser (parser.*), currently only used for LDAP.
    Disallow command-line options whose support isn't compiled-in.
    Documented Xinetd configuration and the Netfilter troubles.
    Added a check for the 'gauge' typo instead of 'gauge' on some old Dialog
versions.

* Version 0.95-pre4 :
    Added a Dialog GUI for easy compilation.
    Version number is now displayed in the main banner.
    Added alarm signals to timeout everywhere.
    Check if peer structure is filled after accept() system call.
    Implemented SITE HELP.
    Updated spec file.
    Added dot_ok and checknamesanity() to forbid ".xxx" uploads to
non-chrooted users and anonymous users.

* Version 0.95-pre3 :
    Changed error handling for restart (REST) command to please CuteFTP
and LeechFTP.
    Fixed a typo in the autoconf script (--with-throttling) .
    Simplified dopass().
    Added tapping delay in dopass() and MAX_PASSWD_TRIES macro.
    Disabled IPv6. It will be enabled anew when full support will be
implemented (not only 4-in-6).

* Version 0.95-pre2 :
    Upgraded to autoconf 2.49c and automake 1.4b .
    Built binary packages : Debian, RPM and Slackware.
    
* Version 0.95-pre1 :
    Added some paranoid bounds checking.
    Support for bandwidth throttling. See throttling_delay (time we
should usleep() for between each packet or command) and global 'throttling'.
    Upload should not be limited to a 16k window : adjust receive to the
size of 'window' (defaults to 51200. Should we have it default to
CONF_TCP_SO_RCVBUF?) .

* Version 0.94 :

    Fixed cap_free() calls (needs a pointer).
    Added CAP_DAC_READ_SEARCH (for initial user home directory chdir) to
the startup capabilities. Also added CAP_NET_ADMIN (to allow setting TOS) to
the login capabilities.
    Added SITE CHMOD support.
    
* Version 0.93 :

    Support for the FXP protocol.

* Version 0.92 :

    LeechFTP (a popular Zindoz client) does a "REST 1" in ASCII mode
after logging in. Well, maybe this violates RFC, but let's add a workaround
(see dorest() / STRICT_REST) . Thanks to _PinG_ <ping at enjoy-unix.org> for
reporting that kludge.
    Syslog identity changed to "pure-ftpd".
    Added noopidle (time_t of the first NOOP) and idletime_noop (maximum
idle time with nothing but NOOP from the client) . idletime_noop defaults to
1.5 * idletime.
    Shortened the default idle time to 900 seconds.
    Idle time is now in minutes if >= 120 sec.

* Version 0.91 :

    Updated credits.
    Use TCP_CORK.
    Explicit super-server requirement notification. 
    Changed daemons() prototype to accept a port number to look for.
ftpd.c and mrtginfo.c were updated to reflect the change. Global
server_port now stores the real port the connection socket was bound to.
    Updated man pages.

* Version 0.90 : 

    Initial release.