NEWS   [plain text]

$NetBSD: NEWS,v 1.7 2008/09/29 00:55:57 lukem Exp $

This is tnftpd version 20080929.

Changes in tnftpd from 20080609 to 20080929:

	Don't split large commands into multiple commands; just fail on them.
	This prevents cross-site request forgery (CSRF)-like attacks,
	when a web browser is used to access an ftp server.

	Enhance -C to support an optional @host ('-C user[@host]'):
	checks whether user as connecting from host would be granted
	access by ftpusers(5).

	Support IPv6 in the host directive of ftpusers(5).

	Fix pathnames in the installed manual pages to contain
	the appropriate $(prefix) substitution.

	Portability improvements for Mac OS X 10.3.x and Solaris 10.

	Fix memory leak in fts(3) on Solaris.

Changes in tnftpd from 20061217 to 20080609:

	Implement -n to disable hostname lookups.

	Add configure --with-pam to enable PAM authentication support.
	Defaults to checking for PAM.

	Add configure --with-skey to enable S/Key authentication support.
	Incompatible with --with-pam, defaults to no.

	Convert to autoconf 2.61.

	Improve detection of large file support.

	Disable SOCKS support; I don't have the ability to test it,
	and the autoconf checks were very out of date.

	Update the fts(3) replacement.

	Use fcntl(3) locking instead of flock(3) or lockf(3).

	Portability fixes and improvements.

Changes in tnftpd from 20061204 to 20061217:

	Portability fix: provide a replacement daemon(3) if necessary.

Changes in tnftpd from 20040810 to 20061204:

	Fix buffer overflow in local version of glob(3).

	Implement -D to run as a stand-alone daemon.

	Add ftpd.conf(5) options:

	Enforce account expiration, and support shadow password aging
	where appropriate.

	Return 450 instead of 550 upon NLST error.

	Portability fixes and improvements.