proftp-docs — List for documentation maintainers

[Proftpd-docs] Userguide/directives/sgml LDAPUsers,1.1,1.2

[John M. <jw...@us...>]

Update of /cvsroot/pdd/Userguide/directives/sgml
In directory vz-cvs-3.sog:/tmp/cvs-serv9909

Modified Files:
	LDAPUsers 
Log Message:
mention %u interpolation for the base DN

Bug: 3789


Index: LDAPUsers
===================================================================
RCS file: /cvsroot/pdd/Userguide/directives/sgml/LDAPUsers,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- LDAPUsers	15 Oct 2010 18:20:38 -0000	1.1
+++ LDAPUsers	26 Jun 2012 19:19:18 -0000	1.2
@@ -70,13 +70,20 @@
 		<para>Activates LDAP authentication and UID to name mappings in
 		directory listings.</para>
 
-		<para>The first argument to this directive is the LDAP base DN to
-		use for authentication. The second argument is a template to be used
-		for the search filter when looking up users by username; %u will be
-		replaced with the username that is being authenticated. The third
-		argument is a template to be used for the search filter when looking
-		up users by UID number; %u will be replaced with the UID number that
-		is being looked up.</para>
+		<para>The first argument is the LDAP base DN to use for user
+		lookups. During authentication, %u will be replaced with the
+		username that is being authenticated. When looking up users by UID
+		number, %u will not be replaced. Usually, %u in the base DN is only
+		useful in "virtual user" environments, since mod_ldap won't be able
+		to look up other users.</para>
+
+		<para>The second argument is a template to be used for the search
+		filter when looking up users by username; %u will be replaced with
+		the username that is being authenticated.</para>
+
+		<para>The third argument is a template to be used for the search
+		filter when looking up users by UID number; %u will be replaced with
+		the UID number that is being looked up.</para>
 
 		<para>By default, the search filter templates look like this:</para>
 		<para>

[Proftpd-docs] www.proftpd.org/docs/howto Limit.html,1.3,1.4

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory vz-cvs-3.sog:/tmp/cvs-serv3535

Modified Files:
	Limit.html 
Log Message:

Updated website copy of Limit howto.


Index: Limit.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Limit.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- Limit.html	17 Feb 2010 16:08:21 -0000	1.3
+++ Limit.html	1 Jun 2012 16:28:48 -0000	1.4
@@ -37,7 +37,7 @@
 The FTP command groups are:
 <ul>
   <li>ALL<br>
-    <i>Covering</i>: all FTP commands
+    <i>Covering</i>: all FTP commands (but <b>not</b> <code>LOGIN</code>)
 
   <p>
   <li>DIRS<br>
@@ -255,8 +255,20 @@
     &lt;/Limit&gt;
   &lt;/IfUser&gt;
 </pre>
+
+<p>
+Or if you want to have a specific IP address, rather than a range, you can
+do this without classes (but still requiring <code>mod_ifsession</code>):
+<pre>
+  &lt;IfUser dave&gt;
+    &lt;Limit LOGIN&gt;
+      Deny from 1.2.3.4
+    &lt;/Limit&gt;
+  &lt;/IfUser&gt;
+</pre>
+
 Note that the same effect can be achieved by using the
-<a href="../../contrib/mod_wrap.html">mod_wrap</a> module to configure
+<a href="../../contrib/mod_wrap2.html">mod_wrap2</a> module to configure
 user-specific allow/deny files.
 
 <p>
@@ -360,6 +372,18 @@
 section).
 
 <p>
+What if you want to make sure the directory cannot be renamed, in addition to
+ensuring that it cannot be deleted?  Simply include the <code>RNFR</code> and
+<code>RNTO</code> FTP commands in the list of denied commands, <i>e.g.</i>:
+<pre>
+  &lt;Directory /path/to/dir&gt;
+    &lt;Limit RMD RNFR RNTO XRMD&gt;
+      DenyAll
+    &lt;/Limit&gt;
+  &lt;/Directory&gt;
+</pre>
+
+<p>
 <hr>
 Last Updated: <i>$Date$</i><br>
 <hr>

[Proftpd-docs] www.proftpd.org cvs.epl,1.13,1.14

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory vz-cvs-3.sog:/tmp/cvs-serv27654

Modified Files:
	cvs.epl 
Log Message:

Updating website instructions for checking out docs.


Index: cvs.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/cvs.epl,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- cvs.epl	16 May 2006 22:30:20 -0000	1.13
+++ cvs.epl	31 May 2012 17:02:06 -0000	1.14
@@ -38,7 +38,7 @@
 <ul>
     <li>Type the command <code>cvs -d
         :pserver:ano...@pr...:2401/cvsroot/proftp login</code>
-        (use <code>:pserver:ano...@pd...:2401/cvsroot/pdd</code> for docs).
+        (use <code>:pserver:ano...@pd...:/cvsroot/pdd</code> for docs).
     </li>
     <li>Hit Enter when prompted for a password (there is no password
         for anonymous access).
@@ -47,6 +47,10 @@
         :pserver:ano...@pr...:2401/cvsroot/proftp -z3 co
         proftpd</code>
     </li>
+    <li>Or, for docs, type in <code>cvs -d
+        :pserver:ano...@pd...:/cvsroot/pdd -z3 co
+        Userguide</code>
+    </li>
 </ul>
 
 <p>That's it. You can keep up to date by executing <code>cvs

[Proftpd-docs] www.proftpd.org sites.epl,1.32,1.33

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory vz-cvs-3.sog:/tmp/cvs-serv11646

Modified Files:
	sites.epl 
Log Message:

Adding Oxilion to the sites page, as per their request.


Index: sites.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/sites.epl,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -d -r1.32 -r1.33
--- sites.epl	10 Sep 2010 16:07:44 -0000	1.32
+++ sites.epl	14 May 2012 20:27:23 -0000	1.33
@@ -43,6 +43,12 @@
       high-performance and highly configurable GPL'd free RADIUS server.
   </li>
 
+  <li><a href="http://oxilion.nl/">Oxilion</a><br />
+      Hosting company located in The Netherlands providing quality services
+      like hosting,  RHEV and VMWare powered Virtual Data Center, storage and
+      connectivity services.
+  </li>
+
   <li><a href="http://www.chello.com/">Chello</a><br />
       European broadband ISP, powering numerous customer web sites and a
       large mirror site with ProFTPD.

[Proftpd-docs] www.proftpd.org/docs/contrib mod_deflate.html, NONE, 1.1 mod_qos.html, NONE, 1.1 index.html, 1.5, 1.6

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/contrib
In directory vz-cvs-3.sog:/tmp/cvs-serv11541

Modified Files:
	index.html 
Added Files:
	mod_deflate.html mod_qos.html 
Log Message:

Updating contrib module docs.



--- NEW FILE: mod_deflate.html ---
<!-- $Id: mod_deflate.html,v 1.1 2012/05/14 20:22:52 castaglia Exp $ -->
<!-- $Source: /cvsroot/pdd/www.proftpd.org/docs/contrib/mod_deflate.html,v $ -->

<html>
<head>
<title>ProFTPD module mod_deflate</title>
</head>

<body bgcolor=white>

<hr>
<center>
<h2><b>ProFTPD module <code>mod_deflate</code></b></h2>
</center>
<hr><br>

<p>
The <code>mod_deflate</code> module is designed to provide support for
<code>MODE Z</code> commands, which allows FTP clients and servers to
compress data for transfer.

<p>
This module is contained in the <code>mod_deflate.c</code> file for
ProFTPD 1.3.<i>x</i>, and is not compiled by default.  Installation instructions
are discussed <a href="#Installation">here</a>.  Detailed documentation on
<code>mod_deflate</code> usage can be found <a href="#Usage">here</a>.

<p>
The most current version of <code>mod_deflate</code> can be found at:
<pre>
  <a href="http://www.castaglia.org/proftpd/">http://www.castaglia.org/proftpd/</a>
</pre>

<h2>Author</h2>
<p>
Please contact TJ Saunders &lt;tj <i>at</i> castaglia.org&gt; with any
questions, concerns, or suggestions regarding this module.

<h2>Directives</h2>
<ul>
  <li><a href="#DeflateEngine">DeflateEngine</a>
  <li><a href="#DeflateLog">DeflatefLog</a>
</ul>

<p>
<hr>
<h3><a name="DeflateEngine">DeflateEngine</a></h3>
<strong>Syntax:</strong> DeflateEngine <em>on|off</em><br>
<strong>Default:</strong> off<br>
<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code><br>
<strong>Module:</strong> mod_deflate<br>
<strong>Compatibility:</strong> 1.3.0rc1 and later

<p>
The <code>DeflateEngine</code> directive enables or disables the
<code>mod_deflate</code> compression functionality.  If set to <em>on</em>,
then <code>mod_deflate</code> will advertise support for <code>MODE Z</code>
compression via the <code>FEAT</code> command, and handle <code>MODE Z</code>
requests appropriately.

<p>
<hr>
<h3><a name="DeflateLog">DeflateLog</a></h3>
<strong>Syntax:</strong> DeflateLog <em>path|&quot;none&quot;</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code><br>
<strong>Module:</strong> mod_deflate<br>
<strong>Compatibility:</strong> 1.3.0rc1 and later

<p>
The <code>DeflateLog</code> directive is used to a specify a log file for
<code>mod_deflate</code> reporting and debugging. The <em>path</em> parameter
must be the full path to the file to use for logging.  Note that this path must
<b>not</b> be to a world-writable directory and, unless
<code>AllowLogSymlinks</code> is explicitly set to <em>on</em>
(generally a bad idea), the path must <b>not</b> be a symbolic link.

<p>
If <em>path</em> is &quot;none&quot;, no logging will be done at all.

<p>
<hr>
<h2><a name="Installation">Installation</a></h2>
To install <code>mod_deflate</code>, copy the <code>mod_deflate.c</code> file
into:
<pre>
  <i>proftpd-dir</i>/contrib/
</pre>
after unpacking the latest proftpd-1.3.<i>x</i> source code.  Then follow the
usual steps for using third-party modules in proftpd:
<pre>
  ./configure --with-modules=mod_deflate
  make
  make install
</pre>

<p>
<hr>
<h2><a name="Usage">Usage</a></h2>

<p>
Example <code>mod_deflate</code> configuration:
<pre>
  &lt;IfModule mod_deflate.c&gt;
    DeflateEngine on
    DeflateLog /var/log/proftpd/deflate.log
  &lt;/IfModule&gt;
</pre>

<p>
Sites that run <code>proftpd</code> 1.3.0 should disable sendfile use
when using <code>mod_deflate</code>, as the two features do not interoperate
well:
<pre>
  &lt;IfModule mod_deflate.c&gt;
    DeflateEngine on
    DeflateLog /var/log/proftpd/deflate.log

    UseSendfile off
  &lt;/IfModule&gt;
</pre>

<p><a name="FAQ">
<b>Frequently Asked Questions</b><br>

<p><a name="DeflateRFC2228">
<font color=red>Question</font>: I have compiled and configured <code>mod_deflate</code> properly in my <code>proftpd</code>, but I still can't use the MODE
Z functionality.  In my client, I see the following error.  Why?
<pre>
  501 'MODE Z' unrecognized transfer mode
</pre>
<font color=blue>Answer</font>: The most likely culprit is that your FTP client
is using an RFC 2228 protection mechanism (<i>e.g.</i> SSL/TLS).  In the
<code>DeflateLog</code>, you might see a message like:
<pre>
  Jul 21 23:01:37 mod_deflate/0.3.2[31084]: declining MODE Z (RFC2228 mechanism 'TLS' in effect)
</pre>

<p>
There are two reasons for the current behavior.  First, the SSL/TLS ciphersuite
that is negotiated can (depending on the ciphersuite) already include
compression of the encrypted data -- in which case, <code>MODE Z</code> is
redundant (and in effect inefficient, as it would waste CPU cycles trying to
re-compress already-compressed data).  Second, the internal ProFTPD APIs that
<code>mod_deflate</code> uses are the same APIs that <code>mod_tls</code> uses;
and that API does not currently handle chaining together of registered
handlers.  This would be needed in order to support <code>mod_deflate</code>'s
<code>MODE Z</code> functionality <i>and</i> the <code>mod_tls</code> encryption
at the same time.

<p><a name="DeflateDataError">
<font color=red>Question</font>: I'm uploading a file using <code>MODE Z</code>,
but the upload always fails.  In the <code>DeflateLog</code>, I see:
<pre>
 error inflating data: [-3] Data error
</pre>
What is going wrong?  It is a <code>mod_deflate</code> bug?<br>
<font color=blue>Answer</font>: The most common cause of this error is when
the client is trying to upload a binary file (<i>e.g.</i> PDF, MPG, <i>etc</i>)
in <a href="http://www.proftpd.org/docs/howto/ASCII.html">ASCII</a> mode.

<p>
If <code>MODE Z</code> is not used in cases like this, the upload succeeds,
but the uploaded file on the server is corrupted.  When <code>MODE Z</code>
is in effect, the corruption (translation of newlines inappropriately) is
detected earlier (since <code>mod_deflate</code> can't uncompress the
compressed data properly, hence the report of a "Data error"), and the
upload fails.

<p>
The solution is make sure that the client uploads (and downloads) non-ASCII
files as binary files, not as ASCII files.

<p>
<hr><br>

Author: <i>$Author: castaglia $</i><br>
Last Updated: <i>$Date: 2012/05/14 20:22:52 $</i><br>

<br><hr>

<font size=2><b><i>
&copy; Copyright 2006-2010 TJ Saunders<br>
 All Rights Reserved<br>
</i></b></font>

<hr><br>

</body>
</html>


Index: index.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/contrib/index.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- index.html	9 Nov 2011 23:58:49 -0000	1.5
+++ index.html	14 May 2012 20:22:52 -0000	1.6
@@ -47,6 +47,11 @@
   </dd>
 
   <p>
+  <dt>The <a href="mod_deflate.html"><code>mod_deflate</code></a> module
+  <dd>For suppporting <code>MODE Z</code> compression of data transfers
+  </dd>
+
+  <p>
   <dt>The <a href="mod_dynmasq.html"><code>mod_dynmasq</code></a> module
   <dd>For automatically refreshing IP addresses of dynamic DNS names
   </dd>
@@ -74,6 +79,11 @@
   </dd>
 
   <p>
+  <dt>The <a href="mod_qos.html"><code>mod_qos</code></a> module
+  <dd>For configuring site-specific Quality of Service (QOS) packet values
+  </dd>
+
+  <p>
   <dt>The <a href="mod_quotatab.html"><code>mod_quotatab</code></a> module
   <dd>Adds quota support for <code>proftpd</code>
   </dd>

--- NEW FILE: mod_qos.html ---
<!-- $Id: mod_qos.html,v 1.1 2012/05/14 20:22:52 castaglia Exp $ -->
<!-- $Source: /cvsroot/pdd/www.proftpd.org/docs/contrib/mod_qos.html,v $ -->

<html>
<head>
<title>ProFTPD module mod_qos</title>
</head>

<body bgcolor=white>

<hr>
<center>
<h2><b>ProFTPD module <code>mod_qos</code></b></h2>
</center>
<hr><br>

<p>
The <code>mod_qos</code> module can be used to set the Differentiated
Services field (<a href="http://www.faqs.org/rfcs/rfc2474.html">RFC2474</a>)
of IP packet headers.  This can dramatically aid in the handling of these
packets in the network, depending on the network QoS configuration.

<p>
This module is contained in the <code>mod_qos</code> file for
ProFTPD 1.3.<i>x</i>, and is not compiled by default.  Installation
instructions are discussed <a href="#Installation">here</a>.

<p>
The most current version of <code>mod_qos</code> is distributed with
the <code>proftpd<code> source code.

<h2>Directives</h2>
<ul>
  <li><a href="#QoSOptions">QoSOptions</a>
</ul>

<hr>
<h2><a name="QoSOptions">QoSOptions</a></h2>
<strong>Syntax:</strong> QoSOptions <em>&quot;ctrlqos&quot; value|&quot;dataqos&quot; value</em><br>
<strong>Default:</strong> <em>None</em><br>
<strong>Context:</strong> &quot;server config&quot;, <code>&lt;VirtualHost&gt;</code><br>
<strong>Module:</strong> mod_qos<br>
<strong>Compatibility:</strong> 1.3.4rc1 and later

<p>
The <code>QoSOptions</code> directive configures the QoS bits to use for
the control and/or data connections.

<p>
The possible values to use are:
<ul>
  <li>cs0
  <li>cs1
  <li>cs2
  <li>cs3
  <li>cs4
  <li>cs5
  <li>cs6
  <li>cs7
  <li>af11
  <li>af12
  <li>af13
  <li>af21
  <li>af22
  <li>af23
  <li>af31
  <li>af32
  <li>af33
  <li>af41
  <li>af42
  <li>af43
</ul>
See <a href="http://www.faqs.org/rfcs/rfc2474.html">RFC2474</a> for a better
discussion of these values.

<p>
<b>Note</b> that while the following values are also supported, their use is
deprecated, and can have adverse effects on TCP congestion control:
<ul>
  <li>lowcost
  <li>lowdelay
  <li>mincost
  <li>reliability
  <li>throughput
</ul>

<p>
<hr>
<h2><a name="Installation">Installation</a></h2>
For including <code>mod_qos</code> as a staticly linked module in your <code>proftpd</code>, use:
<pre>
  ./configure --with-modules=mod_qos
</pre>
Alternatively, <code>mod_qos</code> could be built as a DSO module:
<pre>
  ./configure --enable-dso --with-shared=mod_qos
</pre>
Then follow the usual steps:
<pre>
  make
  make install
</pre>

<p>
<hr><br>

Author: <i>$Author: castaglia $</i><br>
Last Updated: <i>$Date: 2012/05/14 20:22:52 $</i><br>

<br><hr>

<font size=2><b><i>
&copy; Copyright 2010 TJ Saunders<br>
 All Rights Reserved<br>
</i></b></font>

<hr><br>

</body>
</html>

[Proftpd-docs] www.proftpd.org/docs/howto Umask.html,1.2,1.3

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory vz-cvs-3.sog:/tmp/cvs-serv11269/howto

Modified Files:
	Umask.html 
Log Message:

Updating website copies of mod_core, Umask docs.


Index: Umask.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Umask.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- Umask.html	5 Jan 2010 17:06:09 -0000	1.2
+++ Umask.html	26 Mar 2012 16:25:56 -0000	1.3
@@ -13,18 +13,22 @@
 <hr>
 
 <p>
-ProFTPD's <a href="http://www.proftpd.org/docs/directives/linked/config_ref_Umask.html"><code>Umask</code></a> configuration directive is used to set the
-file permission bits on newly created files and directories.  However, the way
-in which <code>Umask</code> is to be used is not entirely straightforward.
+ProFTPD's <a href="../modules/mod_core.html#Umask"><code>Umask</code></a>
+configuration directive is used to set the file permission bits on newly
+created files and directories.  However, the way in which <code>Umask</code>
+is to be used is not entirely straightforward.
 
 <p>
 <code>Umask</code> is used to set the value that <code>proftpd</code> will
 use when calling <code>umask(2)</code>.  The <code>umask(2)</code> function
-works something like this: <code><i>mode - umask</i></code>.
-(Technically, the operation is <code><i>mode & ~umask</i></code>). Thus, with
-a <i>mode</i> of <code>0666</code>, and a <i>umask</i> of <code>0022</code>,
-the permissions on the newly created file will be <code>0644</code>
-(<i>e.g.</i> <code>rw-r--r--</code>).
+works something like this:
+<pre>
+  new file mode = <i>base-mode</i> - <i>umask</i>
+</pre>
+(Technically, the operation is <code><i>base-mode & ~umask</i></code>).
+Thus, with a <i>base-mode</i> of <code>0666</code>, and a <i>umask</i> of
+<code>0022</code>, the permissions on the newly created file will be
+<code>0644</code> (<i>e.g.</i> <code>rw-r--r--</code>).
 
 <p>
 A quick review of permission bits:
@@ -42,22 +46,67 @@
 <code>5 = 4 + 1</code> (<i>e.g.</i> <code>r-x</code>).  And finally, other
 or world permissions are specified using the last bit, which in the
 example is <code>0</code> (no permissions, <i>e.g.</i> <code>---</code>).
-The full represenation of a <i>mode</i> of <code>0750</code>, as one would
-see it in a directory listing, would thus be: <code>rwxr-x---</code>.
 
 <p>
-The <code>proftpd</code> daemon always starts with a base <i>mode</i> of
+Here are some concrete examples to help illustrate things:
+<p>
+<table border=1>
+  <tr>
+    <td><b>Mode</b></td>
+    <td><b>Label</b></td>
+    <td><b>Description</b></td>
+  </tr>
+
+  <tr>
+    <td>&nbsp;&nbsp;<code>0777</code>&nbsp;&nbsp;</td>
+    <td>&nbsp;&nbsp;<code>rwxrwxrwx</code>&nbsp;&nbsp;</td>
+    <td>read/write/execute permissions for user owner, group owner, and other</td>
+  </tr>
+
+  <tr>
+    <td>&nbsp;&nbsp;<code>0666</code>&nbsp;&nbsp;</td>
+    <td>&nbsp;&nbsp;<code>rw-rw-rw-</code>&nbsp;&nbsp;</td>
+    <td>read/write permissions for user owner, group owner, and other</td>
+  </tr>
+
+  <tr>
+    <td>&nbsp;&nbsp;<code>0755</code>&nbsp;&nbsp;</td>
+    <td>&nbsp;&nbsp;<code>rwxr-xr-x</code>&nbsp;&nbsp;</td>
+    <td>read/write/execute permissions for user owner, read/execute permissions for group owner and other</td>
+  </tr>
+
+  <tr>
+    <td>&nbsp;&nbsp;<code>0750</code>&nbsp;&nbsp;</td>
+    <td>&nbsp;&nbsp;<code>rwxr-x---</code>&nbsp;&nbsp;</td>
+    <td>read/write/execute permissions for user owner, read permission for group owner, no permissions for other</td>
+  </tr>
+
+  <tr>
+    <td>&nbsp;&nbsp;<code>0644</code>&nbsp;&nbsp;</td>
+    <td>&nbsp;&nbsp;<code>rw-r--r--</code>&nbsp;&nbsp;</td>
+    <td>read/write permissions for user owner, read permission for group owner and other</td>
+  </tr>
+
+  <tr>
+    <td>&nbsp;&nbsp;<code>0511</code>&nbsp;&nbsp;</td>
+    <td>&nbsp;&nbsp;<code>r-x--x--x</code>&nbsp;&nbsp;</td>
+    <td>read/execute permissions for user owner, execute permission for group owner and other</td>
+  </tr>
+</table>
+
+<p>
+The <code>proftpd</code> daemon always starts with a <i>base-mode</i> of
 <code>0666</code> when creating files.  Note that <code>Umask</code> can only
-be used to &quot;take away&quot; permissions granted by the base
-<i>mode</i>; it cannot be used to add permissions that are not there. This
-means that files uploaded to a <code>proftpd</code> server will never have the
-execute permission enabled by default (the base <i>mode</i> is does not have
-any execute bits enabled).  This is a conscious security design decision.  For
-directories, the base <i>mode</i> is <code>0777</code>.  The <i>umask</i> used
-for directories can be configured using the optional second parameter to the
-<code>Umask</code> directive; if this second parameter is not used, the
-<i>umask</i> used for created directories will default to the same
-<i>umask</i> as used for files.
+be used to &quot;take away&quot; permissions granted by the <i>base-mode</i>;
+it cannot be used to add permissions that are not there.  This means that
+files uploaded to a <code>proftpd</code> server will never have the execute
+permission enabled by default, since the <code>0666</code> <i>base-mode</i>
+does not have any execute bits enabled).  This is a conscious security design
+decision.  For directories, a different <i>base-mode</i> of <code>0777</code>
+is used.  The <i>umask</i> used for directories can be configured using the
+optional second parameter to the <code>Umask</code> directive; if this second
+parameter is not used, the <i>umask</i> used for created directories will
+default to the same <i>umask</i> as used for files.
 
 <p>
 If it is necessary to make uploaded files executable, the
@@ -80,6 +129,53 @@
 deprecated (as of <code>proftpd-1.2.2rc2</code>) <code>AllowChmod</code>
 configuration directive.
 
+<p>
+<b>Examples of Using the <code>Umask</code> Directive</b><br>
+You have just installed <code>proftpd</code>, and now need to figure out what
+permissions file/directories created on your FTP server should have.  As
+a conscientious FTP server administrator, you want files/directories to
+have the minimum necessary permissions (rather than letting users have access
+to files/directories that they do not need).
+
+<p>
+If only the user who creates the files and directories should have full
+access, <i>e.g.</i> so they can read and write their own files, then you might
+use:
+<pre>
+  # Only the user can see their own files/directories
+  Umask 0066 0077
+</pre>
+With this configuration, a newly uploaded file would have <code>0600</code>
+(<code>rw-------</code>) permissions:
+<pre>
+  0600 = 0666 - 0066
+</pre>
+and a newly created directory would have <code>0700</code>
+(<code>rwx------</code>) permissions:
+<pre>
+  0700 = 0777 - 0077
+</pre>
+
+<p>
+Another common case is where you have many users who are uploading files
+for sharing with other users.  So you want the files to be readable by
+everyone, but only the user who uploaded the file should have permission for
+writing/changing the file.  For this, you might use:
+<pre>
+  # Only the user can change their own files
+  Umask 0022
+</pre>
+With this configuration, a newly uploaded file would have <code>0644</code>
+(<code>rw-r--r--</code>) permissions:
+<pre>
+  0644 = 0666 - 0022
+</pre>
+and a newly created directory would have <code>0755</code>
+(<code>rwxr-xr-x</code>) permissions:
+<pre>
+  0755 = 0777 - 0022
+</pre>
+
 <p><a name="FAQ"></a>
 <b>Frequently Asked Questions</b><br>
 
@@ -97,6 +193,42 @@
 <code>SITE CHMOD</code> command to change the permissions on the file to
 have the execute permissions.
 
+<p><a name="UmaskDeletePermission">
+<font color=red>Question</font>: I have a <code>Umask</code> value of
+<code>0066</code>, so that only I have read/write permissions on my files.  But other users can delete my files!  Is this a <code>proftpd</code> bug?<br>
+<font color=blue>Answer</font>: No.  The permission for deleting a file is
+<b>not</b> governed by the write permission on the deleted file; it is
+controlled by the write permission <i>on the directory containing the file</i>.
+
+<p>
+If you think of a directory as a "table of contents", with entries for each
+of the files in that directory, then deleting a file means deleting the entry
+for that file from the "table of contents", which is a write on the directory
+(not on the deleted file).
+
+<p>
+Let's assume that your files were in a directory whose permissions were
+<code>0777</code> (<code>rwxrwxrwx</code>).  This means that everyone has
+write permissions in that directory.  It also means that everyone can
+delete files from that directory.
+
+<p>
+Now let's assume that your files instead were in a directory whose permissions
+where <code>0755</code> (<code>rwxr-xr-x</code>).  This means that only the
+user owner of the directory can delete files from that directory, and no one
+else.
+
+<p>
+For directories which contain files from different users, one of the
+little-known (and very useful) permissions to have for the directory is
+<code>1777</code> (<code>rwxrwxrwt</code>).  The leading 1 (and <code>t</code>)
+indicates the "sticky bit".  This obscure bit is little used these days,
+<i>except</i> in this useful configuration.  When the sticky bit is set on
+a directory (making it a "sticky directory"), normal users may not delete or
+rename files of other users in that directory.  Because of this property,
+"sticky directories" are quite useful as shared directories (<i>e.g.</i>
+<code>/tmp</code>).
+
 <p>
 <hr>
 Last Updated: <i>$Date$</i><br>

[Proftpd-docs] www.proftpd.org/docs/modules mod_core.html,1.2,1.3

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/modules
In directory vz-cvs-3.sog:/tmp/cvs-serv11269/modules

Modified Files:
	mod_core.html 
Log Message:

Updating website copies of mod_core, Umask docs.


Index: mod_core.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/modules/mod_core.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- mod_core.html	19 Mar 2012 18:27:45 -0000	1.2
+++ mod_core.html	26 Mar 2012 16:25:56 -0000	1.3
@@ -46,6 +46,7 @@
   <li><a href="#TraceLog">TraceLog</a>
   <li><a href="#TraceOptions">TraceOptions</a>
   <li><a href="#TransferLog">TransferLog</a>
+  <li><a href="#Umask">Umask</a>
 </ul>
 
 <hr>
@@ -1055,6 +1056,40 @@
 
 <p>
 <hr>
+<h2><a name="Umask">Umask</a></h2>
+<strong>Syntax:</strong> Umask <em>file-umask [dir-umask]</em><br>
+<strong>Default:</strong> None<br>
+<strong>Context:</strong> &quot;server config&quot;, &lt;VirtualHost&gt;, &lt;Global&gt;, &lt;Anonymous&gt;, .ftpaccess<br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 0.99.0 and later
+
+<p>
+The <code>Umask</code> directive sets the mask applied to newly created file
+and directory permissions.  Any parameters supplied must be an octal number,
+in the format <code>0<i>xxx</i></code>.
+
+<p>
+An optional second <em>dir-umask</em> parameter can specify a different
+<code>Umask</code> to be used when creating directories, rather than files.
+If this second parameter is not used, directories are created using the
+<em>file-umask</em> value from the first parameter. For more information on
+umasks, consult your operating system documentation/man pages.
+
+<p>
+<b>Note</b>: ProFTPD will <b>not</b> create files that have the executable bit
+enabled; this is a security-driven design decision.  The permissions of an
+uploaded file can be changed by issuing a <code>SITE CHMOD</code> command,
+<i>e.g.</i>:
+<pre>
+  SITE CHMOD 0755 /path/to/uploaded/file
+</pre>
+
+<p>
+The <code>Umask</code> <a href="../howto/Umask.html">howto</a> also talks about
+umasks in greater detail.
+
+<p>
+<hr>
 <h2><a name="Installation">Installation</a></h2>
 The <code>mod_core</code> module is <b>always</b> installed.
 

[Proftpd-docs] www.proftpd.org/docs/howto Logging.html,1.2,1.3

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory vz-cvs-3.sog:/tmp/cvs-serv21504

Modified Files:
	Logging.html 
Log Message:

Updating website copy of Logging howto.


Index: Logging.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Logging.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- Logging.html	24 Feb 2010 18:55:58 -0000	1.2
+++ Logging.html	19 Mar 2012 18:28:20 -0000	1.3
@@ -17,10 +17,11 @@
 Logging the activity of the server is an integral part of effective server
 administration.  ProFTPD provides several different and flexing logging
 mechanisms.  When examining the different logging mechanisms, have in
-mind the intended use of the logged data, the volume, any post-processing
-that may need to be done, etc.  Log files are more useful when they contain a
-complete record of server activity. It is often easier to simply post-process
-the log files to remove requests that you do not want to consider.  
+mind the intended use of the logged data, the volume of data being logged,
+any post-processing that may need to be done, <i>etc</i>.  Log files are more
+useful when they contain a complete record of server activity. It is often
+easier to simply post-process the log files to remove requests that you do not
+want to consider.  
 
 <p>
 <b>Security Warning</b><br>
@@ -42,7 +43,7 @@
 your <code>proftpd.conf</code> that are not appearing, check for the warnings
 about world-writable directories.)  The <code>proftpd</code> process will also,
 by default, log a warning if the file given is a symlink; this symlink check
-can be configured via the <a href="http://www.proftpd.org/docs/directives/linked/config_ref_AllowLogSymlinks.html"><code>AllowLogSymlinks</code></a> directive.
+can be configured via the <a href="../modules/mod_log.html#AllowLogSymlinks"><code>AllowLogSymlinks</code></a> directive.
 
 <p>
 In addition, log files may contain information supplied directly by the client,
@@ -51,7 +52,7 @@
 raw logs.
 
 <p><a name="Syslog"></a>
-<b><code>syslog</code></b><br>
+<b>Unix <code>syslog</code> Logging</b><br>
 By default, <code>proftpd</code> will log via <code>syslog(3)</code>, using
 the <code>daemon</code> facility (<code>auth</code> for some logging),
 at various levels: <code>err</code>, <code>notice</code>, <code>warn</code>,
@@ -59,32 +60,84 @@
 level).  The location of the server's log files in this case is determined by
 your <code>/etc/syslog.conf</code> configuration.
 
+<p>
+You can fine-tune your <code>proftpd</code>'s syslog-based logging via the
+<a href="../modules/mod_core.html#SyslogFacility"><code>SyslogFacility</code></a> and <a href="../modules/mod_core.html#SyslogLevel"><code>SyslogLevel</code></a> directives.
+
 <p><a name="LogFiles"></a>
-<b><code>Log Files</code></b><br>
+<b>Log Files</b><br>
 There are three main types of logs that a <code>proftpd</code> daemon can
-generate: <code>TransferLog</code>s, a <code>SystemLog</code>, and
-<code>ExtendedLog</code>s.
+generate: <code>TransferLog</code>, <code>SystemLog</code>, and
+<code>ExtendedLog</code>.
 
 <p><a name="TransferLog"></a>
-A <a href="http://www.proftpd.org/docs/directives/linked/config_ref_TransferLog.html"><code>TransferLog</code></a> is the most common log kept, recording file
-transfers.  Its format is described in the <code>xferlog(5)</code> man page,
-also available <a href="http://www.castaglia.org/proftpd/doc/xferlog.html">here</a>
+A <a href="../modules/mod_core.html#TransferLog"><code>TransferLog</code></a>
+is the most common log kept, recording file transfers.  Its format is described
+in the <code>xferlog(5)</code> man page,
+also available <a href="http://www.castaglia.org/proftpd/doc/xferlog.html">here</a>.
 
 <p><a name="SystemLog"</a>
-If the site administrator wants to have <code>proftpd</code> log its
-messages to a file rather than going through <code>syslogd</code>, the
-<a href="http://www.proftpd.org/docs/directives/linked/config_ref_SystemLog.html"><code>SystemLog</code></a> configuration directive is the one to use.  There
-is only one such file kept for the entire daemon.  See the <a href="http://www.proftpd.org/docs/directives/linked/config_ref_ServerLog.html"><code>ServerLog</code></a> directive for keeping a similar log on a per-vhost basis.
+If the site administrator wants to have <code>proftpd</code> log its messages
+to a file rather than going through <code>syslogd</code>, the
+<a href="../modules/mod_log.html#SystemLog"><code>SystemLog</code></a>
+configuration directive is the one to use.  There is only one such file kept
+for the entire daemon.  See the
+<a href="../modules/mod_log.html#ServerLog"><code>ServerLog</code></a>
+directive for keeping a similar log on a per-vhost basis.  Note that the
+<a href="../modules/mod_core.html#DebugLevel"><code>DebugLevel</code></a>
+directive only applies to <code>SystemLog</code> files; it does not materially
+affect the syslog-based logging messages.
 
 <p><a name="ExtendedLog"></a>
-The <a href="http://www.proftpd.org/docs/directives/linked/config_ref_ExtendedLog.html">ExtendedLog</a> directive is used to create log files of a very
-flexible and configurable format, and to have granular control over what is
-logged, and when.  The format of an <code>ExtendedLog</code> is described
-using the <a href="http://www.proftpd.org/docs/directives/linked/config_ref_LogFormat.html">LogFormat</a> directive.  Multiple <code>ExtendedLogs</code> can
-be configured, each with a different format.
+The <a href="../modules/mod_log.html#ExtendedLog"><code>ExtendedLog</code></a>
+directive is used to create log files of a very flexible and configurable
+format, and to have granular control over what is logged, and when.  The format
+of an <code>ExtendedLog</code> is described using the
+<a href="../modules/mod_log.html#LogFormat">LogFormat</a> directive.
+Multiple <code>ExtendedLogs</code> can be configured, each with a different
+<code>LogFormat</code>.
 
 <!-- Add note/chunk about FTP response codes, from RFC959, for ExtendedLog? -->
 
+<p><a name="SyslogVSFileLog">
+<b>Use of syslog versus file logging</b><br>
+Most sites will choose to have <code>proftpd</code> log via syslog (which is
+the default) or to a file (via the <code>SystemLog</code> directive).  In
+either case, there is the question of logging <i>verbosity</i>, <i>i.e.</i>
+which messages to log.  This verbosity is determined by the
+<a href="../modules/mod_core.html#SyslogLevel"><code>SyslogLevel</code></a>
+directive.  ProFTPD will log everything by default, meaning that the default
+<code>SyslogLevel</code> is effectively <code>debug</code>.  If, however, you
+have your <code>proftpd</code> configured to log via syslog, then you
+<i>should</i> also check your <code>/etc/syslog.conf</code> file, to see what
+additional filtering of log messages is being applied by syslog.  For example,
+if <code>/etc/syslog.conf</code> contained something like:
+<pre>
+  # Log anything (except mail) of level info or higher.
+  *.info;mail.none;authpriv.none;cron.none                /var/log/messages
+</pre>
+then ProFTPD's log messages below the <code>info</code> level would be filtered
+out <b>by syslog</b>.  When you are using syslog logging, the
+<code>SyslogLevel</code> configuration directive applies only to the proftpd
+logging, and does not control the additional syslog filtering.
+
+<p>
+For finer-grained control of the <code>debug</code> level log messages, ProFTPD
+internally implements different levels for its <code>debug</code> log messages.
+Currently ProFTPD has level 1 through level 10 <code>debug</code> messages.
+The <a href="../modules/mod_core.html#DebugLevel"><code>DebugLevel</code></a>
+directive is used control the verbosity/filtering of these messages.  Since
+these different debug levels are purely a ProFTPD convention, the
+<code>DebugLevel</code> directive has no effect on syslog logging.  Also, if
+your <code>SyslogLevel</code> configuration uses a level higher than
+<code>debug</code>, then the <code>DebugLevel</code> configuration will have
+no effect &mdash; your <code>debug</code> level messages are already filtered
+out by the <code>SyslogLevel</code> filtering.
+
+<p>
+The last point to mention is that the
+<a href="../modules/mod_core.html#SyslogFacility"><code>SyslogFacility</code></a> directive only applies to syslog logging; it has no effect on file logging.
+
 <p><a name="LogAnalysis"></a>
 <b>Log Analysis</b><br>
 There are a variety of log analyzers available; these are just a few:
@@ -144,12 +197,12 @@
   my $syslog_facility = 'daemon';
   my $syslog_level = 'info';
 
-  open(FIFO, "< $fifo") or die "$program: unable to open $fifo: $!\n";
+  open(FIFO, "&lt; $fifo") or die "$program: unable to open $fifo: $!\n";
 
   setlogsock 'unix';
 
   openlog($program, 'pid', $syslog_facility);
-  syslog($syslog_level, $_) while (<FIFO>);
+  syslog($syslog_level, $_) while (&lt;FIFO&gt;);
   closelog();
 
   close(FIFO);
@@ -171,11 +224,28 @@
 FIFO-based log readers are a very powerful tool, but they should not be
 used where a simpler solution like off-line post-processing is available.
 
+<p>
+<b>Note</b>: In ProFTPD 1.3.3, the code was changed to use nonblocking
+<code>open(2)</code> system calls when opening log files.  This was done to
+prevent a <code>proftpd</code> process from blocking indefinitely
+(<i>i.e.</i> "hanging") if the log file was a FIFO, and there was no FIFO
+reader process running when the log file was opened.  However, some sites
+<i>do</i> want this blocking open behavior, as their FIFO reader processes
+may be temporarily busy.  To get the pre-1.3.3 blocking behavior, you will
+need to compile proftpd using the <code>--disable-nonblocking-log-open</code>
+configure option.
+
 <p><a name="SQLLogging"></a>
 <b>SQL Logging</b><br>
 The <code>mod_sql</code> module also enables some powerful and complex
 logging capabilities...
 
+<p><a name="TraceLogging"></a>
+<b>Trace Logging</b><br>
+ProFTPD also supports a much more verbose form of logging called "trace
+logging".  This form of logging is covered in greater detail
+<a href="Tracing.html">here</a>.
+
 <p><a name="PidFile"></a>
 <b>Pid File</b><br>
 On startup, <code>proftpd</code> saves the process ID of the parent daemon
@@ -194,6 +264,35 @@
 scoreboard file is determined by the
 <a href="http://www.proftpd.org/docs/directives/linked/config_ref_ScoreboardFile.html"><code>ScoreboardFile</code></a> directive.
 
+<p><a name="FAQ"></a>
+<b>Frequently Asked Questions</b><br>
+
+<p>
+<font color=red>Question</font>: How can I direct the <code>TransferLog</code>
+logging to syslog?<br>
+<font color=blue>Answer</font>: It is not currently possible to configure
+proftpd to log <code>TransferLog</code> data to syslog.  <b>However</b>, you
+<i>can</i> configure an <code>ExtendedLog</code> which logs to syslog, and
+which uses a <code>LogFormat</code> to log the data you wish.  For example:
+<pre>
+  LogFormat xfer "%h %l %u %t\"%r\" %s %b"
+  ExtendedLog syslog:notice xfer
+</pre>
+tells proftpd to log that <code>LogFormat</code> via syslog at the "notice"
+syslog level.
+
+<p>
+<font color=red>Question</font>: I have <code>SystemLog</code> in my
+<code>proftpd.conf</code>, and when I use the <code>SyslogLevel</code> directive
+to try to filter the messages which <code>proftpd</code> logs to my
+<code>SystemLog</code>, it doesn't work.  Why not?<br>
+<font color=blue>Answer</font>: When ProFTPD is configured to log everything
+to a file via the <code>SystemLog</code> directive, it will do just that:
+log <i>everything</i>, without any filtering, regardless of any
+<code>SyslogLevel</code> directive.  <b>However</b>, this changed in
+ProFTPD 1.3.4rc1: in that release, the <code>SyslogLevel</code> directive was
+made to apply to file-based logging as well.
+
 <p>
 <hr>
 Last Updated: <i>$Date$</i><br>

[Proftpd-docs] www.proftpd.org/docs/modules mod_core.html, 1.1, 1.2 mod_log.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/modules
In directory vz-cvs-3.sog:/tmp/cvs-serv20452

Modified Files:
	mod_core.html mod_log.html 
Log Message:

Updating website copies of mod_core, mod_log docs.


Index: mod_log.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/modules/mod_log.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- mod_log.html	9 Nov 2011 23:52:12 -0000	1.1
+++ mod_log.html	19 Mar 2012 18:27:45 -0000	1.2
@@ -196,6 +196,13 @@
 character, use "%%".
 
 <p>
+The default <code>LogFormat</code> is:
+<pre>
+  "%h %l %u %t \"%r\" %s %b"
+</pre>
+which produces log entries in the <a href="http://www.w3.org/Daemon/User/Config/Logging.html#common-logfile-format">Common Log Format</a>.
+
+<p>
 The following meta sequences/variables are available and are replaced as
 indicated when logging.
 
@@ -333,7 +340,7 @@
 
   <tr>
     <td>&nbsp;<code>%s</code>&nbsp;</td>
-    <td>Numeric FTP response code (status)</td>
+    <td>Numeric FTP response code (status); see <a href="http://www.faqs.org/rfcs/rfc959.html">RFC 959</a> Section 4.2.1</td>
   </tr>
 
   <tr>

Index: mod_core.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/modules/mod_core.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- mod_core.html	9 Nov 2011 23:52:11 -0000	1.1
+++ mod_core.html	19 Mar 2012 18:27:45 -0000	1.2
@@ -19,15 +19,28 @@
 
 <h2>Directives</h2>
 <ul>
+  <li><a href="#AllowFilter">AllowFilter</a>
+  <li><a href="#DebugLevel">DebugLevel</a>
+  <li><a href="#DenyFilter">DenyFilter</a>
   <li><a href="#GroupOwner">GroupOwner</a>
+  <li><a href="#HideGroup">HideGroup</a>
+  <li><a href="#HideNoAccess">HideNoAccess</a>
+  <li><a href="#HideUser">HideUser</a>
   <li><a href="#Include">Include</a>
   <li><a href="#MaxCommandRate">MaxCommandRate</a>
+  <li><a href="#MaxInstances">MaxInstances</a>
   <li><a href="#PassivePorts">PassivePorts</a>
   <li><a href="#PathAllowFilter">PathAllowFilter</a>
   <li><a href="#PathDenyFilter">PathDenyFilter</a>
   <li><a href="#ProcessTitles">ProcessTitles</a>
   <li><a href="#Protocols">Protocols</a>
+  <li><a href="#ScoreboardFile">ScoreboardFile</a>
+  <li><a href="#ScoreboardMutex">ScoreboardMutex</a>
+  <li><a href="#ServerIdent">ServerIdent</a>
+  <li><a href="#SyslogFacility">SyslogFacility</a>
+  <li><a href="#SyslogLevel">SyslogLevel</a>
   <li><a href="#TCPBacklog">TCPBacklog</a>
+  <li><a href="#TimeoutIdle">TimeoutIdle</a>
   <li><a href="#TimeoutLinger">TimeoutLinger</a>
   <li><a href="#Trace">Trace</a>
   <li><a href="#TraceLog">TraceLog</a>
@@ -36,6 +49,118 @@
 </ul>
 
 <hr>
+<h2><a name="AllowFilter">AllowFilter</a></h2>
+<strong>Syntax:</strong> AllowFilter <em>pattern [flags]</em><br>
+<strong>Default:</strong> None<br>
+<strong>Context:</strong> &quot;server config&quot;, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code>, <code>&lt;Anonymous&gt;</code>,
+<code>&lt;Directory&gt;</code>, .ftpaccess<br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 1.2.0pre7 and later
+
+<p>
+The <code>AllowFilter</code> allows the configuration of a regular expression
+<em>pattern</em> that must be matched for all command arguments sent to
+ProFTPD.  It is extremely useful in controlling what characters may be sent in
+a command to ProFTPD, preventing some possible types of attacks against ProFTPD.
+
+<p>
+The regular expression <em>pattern</em> is applied against the arguments to the
+command sent by the client, so care must be taken when creating a proper regex.
+Commands that fail the regex match result in a "Forbidden command" error being
+returned to the client. If the <em>pattern</em> contains whitespace, it
+<b>must</b> be enclosed in quotes.
+
+<p>
+The optional <em>flags</em> parameter, if present, modifies how the
+given<em>pattern</em> will be evaludated.  The supported flags are:
+<ul>
+  <li><b>nocase|NC</b> (<b>n</b>o <b>c</b>ase)<br>
+      This makes the <em>pattern</em> case-insensitive, <i>i.e.</i> there is
+      no difference between 'A-Z' and 'a-z' when <em>pattern</em> is matched
+      against the path
+  </li>
+</ul>
+
+<p>
+The example below allows commands which contain alphanumeric characters and
+whitespace:
+<pre>
+  AllowFilter "^[a-zA-Z0-9 ,]*$"
+</pre>
+
+<p>
+The <a href="../howto/Filters.html">Filters</a> howto covers filtering in
+greater detail.
+
+<p>
+See also: <a href="#DenyFilter"><code>DenyFilter</code></a>, <a href="#PathAllowFilter"><code>PathAllowFilter</code></a>, <a href="#PathDenyFilter"><code>PathDenyFilter</code></a>
+
+<p>
+<hr>
+<h2><a name="DebugLevel">DebugLevel</a></h2>
+<strong>Syntax:</strong> DebugLevel <em>level</em><br>
+<strong>Default:</strong> DebugLevel 0<br>
+<strong>Context:</strong> &quot;server config&quot;, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code><br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 1.2.8rc1 and later
+
+<p>
+The <code>DebugLevel</code> directive configures the debugging level the
+server will use when logging.  The <em>level</em> parameter must be between 0
+and 10.  This directive will take precedence over any
+<code>-d</code>/<code>--debug</code> command-line debugging option used.
+
+<p>
+The <a href="../howto/Logging.html">Logging</a> howto covers logging in
+greater detail.
+
+<p>
+<hr>
+<h2><a name="DenyFilter">DenyFilter</a></h2>
+<strong>Syntax:</strong> DenyFilter <em>pattern [flags]</em><br>
+<strong>Default:</strong> None<br>
+<strong>Context:</strong> &quot;server config&quot;, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code>, <code>&lt;Anonymous&gt;</code>,<code>&lt;Directory&gt;</code>, .ftpaccess<br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 1.2.0pre7 and later
+
+<p>
+The <code>DenyFilter</code> directive, like the <code>AllowFilter</code>
+directive, specifies a regular expression <em>pattern</em> which must not
+match any of the command arguments.  If the <em>pattern</em> does match, a
+"Forbidden command" error is returned to the client.  This can be especially
+useful for forbidding certain command argument combinations from ever reaching
+ProFTPD.
+
+<p>
+Note that the <code>PASV</code> SFTP command <b>cannot</b> be blocked using
+this directive.
+
+<p>
+The optional <em>flags</em> parameter, if present, modifies how the
+given<em>pattern</em> will be evaludated.  The supported flags are:
+<ul>
+  <li><b>nocase|NC</b> (<b>n</b>o <b>c</b>ase)<br>
+      This makes the <em>pattern</em> case-insensitive, <i>i.e.</i> there is
+      no difference between 'A-Z' and 'a-z' when <em>pattern</em> is matched
+      against the path
+  </li>
+</ul>
+
+<p>
+For example, to reject commands which contain the percent (<code>%</code>)
+character, you could use:
+<pre>
+  DenyFilter "%"
+</pre>
+
+<p>
+The <a href="../howto/Filters.html">Filters</a> howto covers filtering in
+greater detail.
+
+<p>
+See also: <a href="#AllowFilter"><code>AllowFilter</code></a>, <a href="#PathAllowFilter"><code>PathAllowFilter</code></a>, <a href="#PathDenyFilter"><code>PathDenyFilter</code></a>
+
+<hr>
 <h2><a name="GroupOwner">GroupOwner</a></h2>
 <strong>Syntax:</strong> GroupOwner <em>group-name|"~"</em><br>
 <strong>Default:</strong> None<br>
@@ -74,6 +199,113 @@
 See also: <a href="#UserOwner"><code>UserOwner</code></a>
 
 <hr>
+<h2><a name="HideGroup">HideGroup</a></h2>
+<strong>Syntax:</strong> HideGroup <em>group-name</em><br>
+<strong>Default:</strong> None<br>
+<strong>Context:</strong> <code>&lt;Anonymous&gt;</code>, <code>&lt;Directory&gt;</code><br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 0.99.0 and later
+
+<p>
+The <code>HideGroup</code> directive configures a <code>&lt;Directory&gt;</code>
+or <code>&lt;Anonymous&gt;</code> section to hide all directory entries owned
+by the specified <em>group-name</em>.  The <em>group-name</em> can also be
+<code>~</code> (tilde), which is evaluated as the <em>group-name</em> of
+the primary group of the logged-in user.  This can be combined with a prefix
+<code>!</code> (exclamation point) character, <i>e.g.</i> "!~", to mean
+"any group that is not the primary group of the logged-in-user".
+
+<p>
+Normally, hidden directories and files cannot be seen via <code>LIST</code> or
+<code>NLST</code> commands but can be operated on via other FTP commands
+(<code>CWD</code>, <code>DELE</code>, <code>RETR</code>, <i>etc</i>).  This
+behavior can be modified via the <code>IgnoreHidden</code> directive.
+
+<p>
+Examples:
+<pre>
+  &lt;Directory <i>path</i>&gt;
+    # Hide all files belonging to group 'wheel'
+    HideGroup wheel
+
+    # Hide all files belonging to the primary group of the logged-in user
+    HideGroup ~
+
+    # Hide all files that are NOT owned by the primary group of the logged-in
+    # user
+    HideGroup !~
+  &lt;/Directory&gt;
+</pre>
+
+<p>
+See also: <a href="#HideUser"><code>HideUser</code></a>, <a href="#HideNoAccess"><code>HideNoAccess</code></a>, <a href="#IgnoreHidden"><code>IgnoreHidden</code></a>
+
+<hr>
+<h2><a name="HideNoAccess">HideNoAccess</a></h2>
+<strong>Syntax:</strong> HideNoAccess <em>on|off</em><br>
+<strong>Default:</strong> None<br>
+<strong>Context:</strong> <code>&lt;Anonymous&gt;</code>, <code>&lt;Directory&gt;</code><br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 0.99.0 and later
+
+<p>
+The <code>HideNoAccess</code> directive configures a
+<code>&lt;Directory&gt;</code> or <code>&lt;Anonymous&gt;</code> section to
+hide all directory entries in a directory listing (<i>e.g.</i> via the
+<code>LIST</code> or <code>NLST</code> FTP commands) to which the current
+logged-in, authenticated user has no access.  Normal Unix-style permissions
+<b>always</b> apply, so that although a user may not be able to see a directory
+entry that has "HideNoAccess on" applied, they will receive a normal
+"Permission denied" error message when attempting to blindly manipulate the
+file system object.  The directory or file can be made completely invisible to
+all FTP commands by applying <code>IgnoreHidden</code> in conjunction with
+<code>HideNoAccess</code>.
+
+<p>
+See also: <a href="#HideGroup"><code>HideGroup</code></a>, <a href="#HideUser"><code>HideUser</code></a>, <a href="#IgnoreHidden"><code>IgnoreHidden</code></a>
+
+<hr>
+<h2><a name="HideUser">HideUser</a></h2>
+<strong>Syntax:</strong> HideUser <em>user-name</em><br>
+<strong>Default:</strong> None<br>
+<strong>Context:</strong> <code>&lt;Anonymous&gt;</code>, <code>&lt;Directory&gt;</code><br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 0.99.0 and later
+
+<p>
+The <code>HideUser</code> directive configures a <code>&lt;Directory&gt;</code>
+or <code>&lt;Anonymous&gt;</code> section to hide all directory entries owned
+by the specified <em>user-name</em>.  The <em>user-name</em> can also be
+<code>~</code> (tilde), which is evaluated as the <em>user-name</em> of
+the logged-in user.  This can be combined with a prefix <code>!</code>
+(exclamation point) character, <i>e.g.</i> "!~", to mean "any user that is not
+the logged-in-user".
+
+<p>
+Normally, hidden directories and files cannot be seen via <code>LIST</code> or
+<code>NLST</code> commands but can be operated on via other FTP commands
+(<code>CWD</code>, <code>DELE</code>, <code>RETR</code>, <i>etc</i>).  This
+behavior can be modified via the <code>IgnoreHidden</code> directive.
+
+<p>
+Examples:
+<pre>
+  &lt;Directory <i>path</i>&gt;
+    # Hide all files belonging to user 'root'
+    HideUser root
+
+    # Hide all files belonging to the logged-in user
+    HideUser ~
+
+    # Hide all files that are NOT owned by the logged-in user
+    HideUser !~
+  &lt;/Directory&gt;
+</pre>
+
+<p>
+See also: <a href="#HideGroup"><code>HideGroup</code></a>, <a href="#HideNoAccess"><code>HideNoAccess</code></a>, <a href="#IgnoreHidden"><code>IgnoreHidden</code></a>
+
+<hr>
 <h2><a name="Include">Include</a></h2>
 <strong>Syntax:</strong> Include <em>path|pattern</em><br>
 <strong>Default:</strong> None<br>
@@ -87,9 +319,10 @@
 
 <p>
 Shell-style (<code>fnmatch(3)</code>) wildcard characters can be used to
-include several files at once, in alphabetical order.  In addition, if
-<code>Include</code> points to a directory, rather than a file, then
-<code>proftpd</code> will read all files in that directory.  <b>Note</b>
+include several files at once, in alphabetical order.  (If no matches for
+the pattern are found, the <code>Include</code> directive is silently ignored.)
+In addition, if <code>Include</code> points to a directory, rather than a file,
+then <code>proftpd</code> will read all files in that directory.  <b>Note</b>
 that including entire directories is <b>not</b> recommended, as it is easy to
 accidentally leave temporary files in a directory that can cause
 <code>proftpd</code> to fail.
@@ -132,6 +365,33 @@
 
 <p>
 <hr>
+<h2><a name="MaxInstances">MaxInstances</a></h2>
+<strong>Syntax:</strong> MaxInstances <em>count</em><br>
+<strong>Default:</strong> None<br>
+<strong>Context:</strong> server config<br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 1.1.6p11 and later
+
+<p>
+The <code>MaxInstances</code> directive configures the maximum number of child
+(session) processes that may be spawned by the <code>proftpd</code> daemon
+process when running with "ServerType standalone" configured.  The directive
+has no effect when <code>proftpd</code> is configured with "ServerType inetd".
+
+<p>
+Each <code>proftpd</code> child process represents a single client connection,
+and thus this directive also controls the maximum number of simultaneous
+connections allowed.  Additional connections beyond the configured limit are
+logged, and silently disconnected.  The <code>MaxInstances</code> directive
+can be used to prevent undesirable denial-of-service attacks (<i>e.g.</i>
+by repeatedly connecting to the FTP control port, a malicious client could try
+to cause <code>proftpd</code> to repeatedly fork new processes, creating a
+"fork-bomb").   By default, no limit is placed on the number of child
+processes that may run at one time; it is <b>highly recommended</b> that a
+maximum number, suitable to your sites traffic, be configured.
+
+<p>
+<hr>
 <h2><a name="PassivePorts">PassivePorts</a></h2>
 <strong>Syntax:</strong> PassivePorts <em>min max</em><br>
 <strong>Default:</strong> None<br>
@@ -180,7 +440,7 @@
 <h2><a name="PathAllowFilter">PathAllowFilter</a></h2>
 <strong>Syntax:</strong> PathAllowFilter <em>pattern [flags]</em><br>
 <strong>Default:</strong> None<br>
-<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;, <code>&lt;Anonymous&gt;</code>, <code>&lt;Directory&gt;</code>, .ftpaccess<br>
+<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code>, <code>&lt;Anonymous&gt;</code>, <code>&lt;Directory&gt;</code>, .ftpaccess<br>
 <strong>Module:</strong> mod_core<br>
 <strong>Compatibility:</strong> 1.1.7 and later
 
@@ -204,7 +464,7 @@
 </pre>
 
 <p>
-The optional <em>flags</em> paramete, if present, modifies how the given
+The optional <em>flags</em> parameter, if present, modifies how the given
 <em>pattern</em> will be evaludated.  The supported flags are:
 <ul>
   <li><b>nocase|NC</b> (<b>n</b>o <b>c</b>ase)<br>
@@ -219,14 +479,14 @@
 greater detail.
 
 <p>
-See also: <a href="#PathDenyFilter"><code>PathDenyFilter</code</a>
+See also: <a href="#PathDenyFilter"><code>PathDenyFilter</code></a>
 
 <p>
 <hr>
 <h2><a name="PathDenyFilter">PathDenyFilter</a></h2>
 <strong>Syntax:</strong> PathDenyFilter <em>pattern [flags]</em><br>
 <strong>Default:</strong> None<br>
-<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;, <code>&lt;Anonymous&gt;</code>, <code>&lt;Directory&gt;</code>, .ftpaccess<br>
+<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code>, <code>&lt;Anonymous&gt;</code>, <code>&lt;Directory&gt;</code>, .ftpaccess<br>
 <strong>Module:</strong> mod_core<br>
 <strong>Compatibility:</strong> 1.1.7 and later
 
@@ -245,7 +505,7 @@
 </pre>
 
 <p>
-The optional <em>flags</em> paramete, if present, modifies how the given
+The optional <em>flags</em> parameter, if present, modifies how the given
 <em>pattern</em> will be evaludated.  The supported flags are:
 <ul>
   <li><b>nocase|NC</b> (<b>n</b>o <b>c</b>ase)<br>
@@ -260,14 +520,14 @@
 greater detail.
 
 <p>
-See also: <a href="#PathAllowFilter"><code>PathAllowFilter</code</a>
+See also: <a href="#PathAllowFilter"><code>PathAllowFilter</code></a>
 
 <p>
 <hr>
 <h2><a name="ProcessTitles">ProcessTitles</a></h2>
 <strong>Syntax:</strong> ProcessTitles <em>terse|verbose</em><br>
 <strong>Default:</strong> ProcessTitles verbose<br>
-<strong>Context:</strong> server config
+<strong>Context:</strong> server config<br>
 <strong>Module:</strong> mod_core<br>
 <strong>Compatibility:</strong> 1.3.4rc2 and later
 
@@ -340,6 +600,227 @@
 
 <p>
 <hr>
+<h2><a name="ScoreboardFile">ScoreboardFile</a></h2>
+<strong>Syntax:</strong> ScoreboardFile <em>path|"none"</em><br>
+<strong>Default:</strong> ScoreboardFile /usr/local/var/proftpd.scoreboard</br>
+<strong>Context:</strong> server config<br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 1.2.7rc1 and later
+
+<p>
+The <code>ScoreboardFile</code> directive sets the path to the file where the
+daemon will store its run-time "scoreboard" session information.  This file is
+necessary for support features such as
+<a href="mod_auth.html#MaxClients"><code>MaxClients</code></a> to work properly,
+as well as other utilities (such as <a href="../utils/ftpwho.html">ftpwho</a>,
+<a href="../utils/ftptop.html">ftptop</a>, and
+<a href="../utils/ftpcount.html">ftpcount</a>).  <b>Note</b> that the directory
+containing the scoreboard <b>cannot</b> be world-writable.
+
+<p>
+For performance reasons, it is <b>strongly recommended</b> that the
+<code>ScoreboardFile</code> path <i>not</i> be located on a networked
+filesystem, but rather be located on a local physical disk.
+
+<p>
+In order to <i>disable</i> scoreboarding (which can increase performance,
+at the cost of functionality), any of the following can be used:
+<pre>
+  ScoreboardFile /dev/null
+  ScoreboardFile none
+  ScoreboardFile off
+</pre>
+Please read the
+<a href="../howto/Scoreboard.html#ScoreboardDisabling">Scoreboard</a> howto
+before disabling scoreboarding.
+
+<p>
+<hr>
+<h2><a name="ScoreboardMutex">ScoreboardMutex</a></h2>
+<strong>Syntax:</strong> ScoreboardMutex <em>path</em><br>
+<strong>Default:</strong> ScoreboardMutex /usr/local/var/proftpd.scoreboard.lck</br>
+<strong>Context:</strong> server config<br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 1.3.4rc1 and later
+
+<p>
+The <code>ScoreboardMutex</code> directive sets the path to a "mutex" file
+which is used for scoreboard locking/synchronization; this mutex is used to
+increase the daemon's performance under load.
+
+<p>
+For performance reasons, it is <b>strongly recommended</b> that the
+<code>ScoreboardMutex</code> path <i>not</i> be located on a networked
+filesystem, but rather be located on a local physical disk.  It is best if
+the <code>ScoreboardMutex</code> be located in the same directory as the
+<a href="#ScoreboardFile"><code>ScoreboardFile</code></a>.
+
+<p>
+<hr>
+<h2><a name="ServerIdent">ServerIdent</a></h2>
+<strong>Syntax:</strong> ServerIdent <em>off|on "identification string"</em><br>
+<strong>Default:</strong> ServerIdent on "ProFTPD [version] Server (server name) [hostname]"<br>
+<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code><br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 1.2.0pre2 and later
+
+<p>
+The <code>ServerIdent</code> directive sets the default message displayed when
+a new client connects.  Setting this to <em>off</em> displays:
+<pre>
+  [<i>hostname</i>] FTP server ready.
+</pre>
+If set to <em>on</em>, the directive can take an optional string argument,
+which will be displayed instead of the default text.  Sites desiring to give
+out minimal information will probably want a setting like:
+<pre>
+  ServerIdent on "FTP Server ready."
+</pre>
+which won't even reveal the hostname.
+
+<p>
+An example of a custom identification string might be:
+<pre>
+  ServerIdent on "Welcome to ftp.linux.co.uk"
+</pre>
+
+<p>
+<hr>
+<h2><a name="SyslogFacility">SyslogFacility</a></h2>
+<strong>Syntax:</strong> SyslogFacility <em>facility</em><br>
+<strong>Default:</strong> SyslogFacility daemon<br>
+<strong>Context:</strong> server config<br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 1.1.6 and later
+
+<p>
+By default, ProFTPD logs its activity via the Unix syslog mechanism, which
+allows for several different general classifications of logging messages,
+known as "facilities."  Normally, all authentication related messages are
+logged with the <code>AUTHPRIV</code> (or <code>AUTH</code>) facility
+(since these messages are intended to be secure, and never seen by unwanted
+eyes), while normal operational messages are logged with the
+<code>DAEMON</code> facility.  The <code>SyslogFacility</code> directive
+allows <b>all</b> logging messages to be directed to a different facility than
+the default.
+
+<p>
+When this directive is used, <b>all</b> logging is done with the specified
+<em>facility</em>, both authentication (secure) and otherwise. The
+<em>facility</em> argument must be one of the following:
+<ul>
+  <li><code>AUTH</code> (or <code>AUTHPRIV</code>)
+  <li><code>CRON</code>
+  <li><code>DAEMON</code>
+  <li><code>FTP</code>
+  <li><code>KERN</code>
+  <li><code>LPR</code>
+  <li><code>MAIL</code>
+  <li><code>NEWS</code>
+  <li><code>USER</code>
+  <li><code>UUCP</code>
+  <li><code>LOCAL0</code>
+  <li><code>LOCAL1</code>
+  <li><code>LOCAL2</code>
+  <li><code>LOCAL3</code>
+  <li><code>LOCAL4</code>
+  <li><code>LOCAL5</code>
+  <li><code>LOCAL6</code>
+  <li><code>LOCAL7</code>
+</ul>
+For more information on syslog facilities, see the <code>syslog.conf</code>
+man page.
+
+<p>
+The <a href="../howto/Logging.html">Logging</a> howto covers logging in
+greater detail.
+
+<p>
+See also: <a href="#SyslogLevel"><code>SyslogLevel</code></a>,
+<a href="mod_log.html#SystemLog"><code>SystemLog</code></a>
+
+<p>
+<hr>
+<h2><a name="SyslogLevel">SyslogLevel</a></h2>
+<strong>Syntax:</strong> SyslogLevel <em>level</em><br>
+<strong>Default:</strong> SyslogLevel debug<br>
+<strong>Context:</strong> server config<br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 1.2.0rc2 and later
+
+<p>
+The <code>SyslogLevel</code> directive adjusts the verbosity of the messages
+recorded via the default Unix syslog logging. The following <em>levels</em>
+are available, in order of decreasing significance:
+
+<p>
+<table border=1>
+  <tr>
+    <td><b>Level</b></td>
+    <td><b>Description</b></td>
+  </tr>
+
+  <tr>
+    <td><code>emerg</code></td>
+    <td>Emergencies (<i>e.g.</i> the system is unusable)</td>
+  </tr>
+
+  <tr>
+    <td><code>alert</code></td>
+    <td>Action must be taken immediately</td>
+  </tr>
+
+  <tr>
+    <td><code>crit</code></td>
+    <td>Critical conditions</td>
+  </tr>
+
+  <tr>
+    <td><code>error</code></td>
+    <td>Error conditions</td>
+  </tr>
+
+  <tr>
+    <td><code>warn</code></td>
+    <td>Warning conditions</td>
+  </tr>
+
+  <tr>
+    <td><code>notice</code></td>
+    <td>Normal but significant conditions</td>
+  </tr>
+
+  <tr>
+    <td><code>info</code></td>
+    <td>Informational</td>
+  </tr>
+
+  <tr>
+    <td><code>debug</code></td>
+    <td>Debug-level messages</td>
+  </tr>
+</table>
+
+<p>
+When a particular <em>level</em> is specified, messages from all other levels
+of higher significance will be reported as well.  For example, when:
+<pre>
+  SyslogLevel info
+</pre>
+is configured, then messages with log levels of <code>notice</code> and
+<code>warn</code> will also be logged.  Using a level of at least
+<code>crit</code> is recommended.
+
+<p>
+The <a href="../howto/Logging.html">Logging</a> howto covers logging in
+greater detail.
+
+<p>
+See also: <a href="#SyslogFacility"><code>SyslogFacility</code></a>,
+<a href="mod_log.html#SystemLog"><code>SystemLog</code></a>
+
+<p>
+<hr>
 <h2><a name="TCPBacklog">TCPBacklog</a></h2>
 <strong>Syntax:</strong> TCPBacklog <em>backlog-size</em><br>
 <strong>Default:</strong> 5<br>
@@ -391,8 +872,37 @@
 
 <p>
 <hr>
+<h2><a name="TimeoutIdle">TimeoutIdle</a></h2>
+<strong>Syntax:</strong> TimeoutIdle <em>seconds</em><br>
+<strong>Default:</strong> 600 seconds<br>
+<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code>, <code>&lt;Anonymous&gt;</code><br>
+<strong>Module:</strong> mod_core<br>
+<strong>Compatibility:</strong> 0.99.0 and later
+
+<p>
+The <code>TimeoutIdle</code> directive configures the maximum number of
+<em>seconds</em> that <code>proftpd</code> will allow clients to stay connected
+without receiving any data on either the control or data connection.  If data
+are received on either connection, the idle timer is reset.  Setting
+<code>TimeoutIdle</code> to zero disables the idle timer completely, meaning
+that clients can stay connected forever, without sending data.  <b>Note</b>:
+this is generally a <b>very bad idea</b>, as a "hung" TCP connection which is
+never properly disconnected (<i>e.g.</i> the remote network may have become
+disconnected from the Internet, <i>etc</i>) will cause a session process to
+never exit, until manually killed.  This session process will thus linger, using
+up one of the <a href="#MaxInstances"><code>MaxInstances</code></a> as well as
+any of the other configured limits.  The maximum allowed <em>seconds</em> value
+is 65535 (108 minutes).
+
+<p>
+See also: <a href="mod_auth.html#TimeoutLogin"><code>TimeoutLogin</code></a>,
+<a href="mod_xfer.html#TimeoutNoTransfer"><code>TimeoutNoTransfer</code></a>,
+<a href="mod_xfer.html#TimeoutStalled"><code>TimeoutStalled</code></a>.
+
+<p>
+<hr>
 <h2><a name="TimeoutLinger">TimeoutLinger</a></h2>
-<strong>Syntax:</strong> TimeoutLinger <em>secs</em><br>
+<strong>Syntax:</strong> TimeoutLinger <em>seconds</em><br>
 <strong>Default:</strong> 30<br>
 <strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code><br>
 <strong>Module:</strong> mod_core<br>
@@ -409,7 +919,8 @@
 <p>
 If the client aborts a transfer and there is a long delay, this lingering close
 is the most likely culprit.  So if you encounter this delay, set
-<code>TimeoutLinger</code> to a low number to remove the delay.
+<code>TimeoutLinger</code> to a low number to remove the delay.  The maximum
+allowed <em>seconds</em> is 65535 (108 minutes).
 
 <p>
 For the curious, here are the full details: some FTP clients will close their
@@ -545,7 +1056,7 @@
 <p>
 <hr>
 <h2><a name="Installation">Installation</a></h2>
-The <code>mod_core</code>module is <b>always</b> installed.
+The <code>mod_core</code> module is <b>always</b> installed.
 
 <p>
 <hr><br>
@@ -556,7 +1067,7 @@
 <br><hr>
 
 <font size=2><b><i>
-&copy; Copyright 2000-2011 The ProFTPD Project<br>
+&copy; Copyright 2000-2012 The ProFTPD Project<br>
  All Rights Reserved<br>
 </i></b></font>
 

[Proftpd-docs] www.proftpd.org index.epl,1.120,1.121

[John M. <jw...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory vz-cvs-3.sog:/tmp/cvs-serv25793

Modified Files:
	index.epl 
Log Message:
six months seems like a reasonable cutoff for news


Index: index.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/index.epl,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -d -r1.120 -r1.121
--- index.epl	11 Nov 2011 17:45:06 -0000	1.120
+++ index.epl	10 Feb 2012 16:00:30 -0000	1.121
@@ -34,165 +34,4 @@
 release candidate of the 1.3.4 development cycle, containing multiple minor
 bugfixes and updates.  The <a href="docs/RELEASE_NOTES-1.3.4rc3">RELEASE_NOTES</a> and <a href="docs/NEWS-1.3.4rc3">NEWS</a> files contain the full details.</p>
 
-<h1>1.3.3e, 1.3.4rc2 released</h1>
-[<i>01/Apr/2011</i>]
-<p>The ProFTPD Project team is happy to release 1.3.3e to the community.
-This is a maintenance release, containing backported fixes for bugs found
-in the 1.3.3 release.  The <a href="docs/RELEASE_NOTES-1.3.3e">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.3e">NEWS</a> files contain the full details.</p>
-
-<p>We are also pleased to release 1.3.4rc2 to the community.  This is the
-second release candidate of the 1.3.4 development cycle, and contains
-numerous new features, including the <code>mod_memcache</code> and
-<code>mod_tls_memcache</code> modules, Memcache support, PCRE support, and
-many <code>mod_sftp</code> bugfixes.  The
-<a href="docs/RELEASE_NOTES-1.3.4rc2">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.4rc2">NEWS</a> files contain the full details.</p>
-
-<h1>Update to the ProFTPD Compromise Report</h1>
-[<i>16/Feb/2011</i>]
-<p>By analyzing log files recovered from the compromised server, we can confirm
-that the primary FTP site was compromised earlier than originally announced.</p>
-
-<p>In addition to the previously reported period from 2010-Nov-28 to 2010-Dec-02,
-ftp.proftpd.org and the ProFTPD mirror network distributed files with malicious
-content on 2010-Nov-16 between about 08:00 UTC and 13:00 UTC.</p>
-
-<p>In the weeks since, we've made several changes to restore and improve the
-security of our software distribution sites. We've rebuilt the compromised
-server from scratch, and implemented automated daily signature checks for
-current releases on ftp.proftpd.org and all official mirrors.</p>
-
-<p>We'd like to thank everyone who offered and provided assistance, especially
-those who reported suspicious files downloaded during the earlier time
-window.</p>
-
-<h1>1.3.3d, 1.3.4rc1 released</h1>
-[<i>17/Dec/2010</i>]
-<p>The ProFTPD Project team is happy to release 1.3.3d to the community.
-This is a maintenance release, containing backported fixes for bugs found
-in the 1.3.3 release.  The <a href="docs/RELEASE_NOTES-1.3.3d">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.3d">NEWS</a> files contain the full details.</p>
-
-<p>We are also pleased to release 1.3.4rc1 to the community.  This is the
-first release candidate of the 1.3.4 development cycle, and contains
-numerous new features, including the <code>mod_deflate</code>,
-<code>mod_qos</code>, and <code>mod_ifversion</code> modules and
-many <code>mod_sftp</code> bugfixes.  The
-<a href="docs/RELEASE_NOTES-1.3.4rc1">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.4rc1">NEWS</a> files contain the full details.</p>
-
-<h1>ftp.proftpd.org compromised</h1>
-[<i>01/Dec/2010</i>]
-<p>The ProFTPD Project team is sorry to announce that the Project's main FTP
-server, as well as all of the mirror servers, have carried compromised
-versions of the ProFTPD 1.3.3c source code, from the November 28 2010 to
-December 2 2010.  All users who run versions of ProFTPD which have been
-downloaded and compiled in this time window are strongly advised to check their
-systems for security compromises and install unmodified versions of ProFTPD.
-
-<p>To verify the integrity of your source files, use the PGP signatures which
-can be found <a href="md5_pgp.html">here</a> as well as on the FTP servers.
-
-<p>The source code in <a href="cvs.html">CVS</a> was <b>not</b> affected.
-
-<h1>1.3.3c released</h1>
-[<i>29/Oct/2010</i>]
-<p>The ProFTPD Project team has released 1.3.3c to the community.
-This is an <b>important security release</b>, containing fixes for a Telnet
-IAC handling vulnerability and a directory traversal vulnerability in the
-mod_site_misc module.  The <a href="docs/RELEASE_NOTES-1.3.3c">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.3c">NEWS</a> files contain the full details.</p>
-
-<h1>1.3.3b released</h1>
-[<i>09/Sep/2010</i>]
-<p>The ProFTPD Project team is happy to release 1.3.3b to the community.
-This is a maintenance release, containing backported fixes for bugs found
-in the 1.3.3 release.  The <a href="docs/RELEASE_NOTES-1.3.3b">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.3b">NEWS</a> files contain the full details.</p>
-
-<h1>1.3.3a released</h1>
-[<i>01/Jul/2010</i>]
-<p>The ProFTPD Project team is happy to release 1.3.3a to the community.
-This is a maintenance release, containing backported fixes for bugs found
-in the 1.3.3 release.  The <a href="docs/RELEASE_NOTES-1.3.3a">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.3a">NEWS</a> files contain the full details.</p>
-
-<h1>1.3.2e, 1.3.3 released</h1>
-[<i>24/Feb/2010</i>]
-<p>The ProFTPD Project team is pleased to release 1.3.2e to the community.
-This is a maintenance release, containing fixes for bugs found in the 1.3.2
-in the 1.3.2 release.  The <a href="docs/RELEASE_NOTES-1.3.2e">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.2e">NEWS</a> files contain the full details.</p>
-Note that this will be the last maintenance release from the 1.3.2 branch.
-
-<p>We are also happy to release 1.3.3 to the community.  This is the stable
-release of the 1.3.3 branch, and contains minor additional fixes.  The
-<a href="docs/RELEASE_NOTES-1.3.3">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.3">NEWS</a> files contain the full details.</p>
-
-<h1>1.3.2d, 1.3.3rc4 released</h1>
-[<i>12/Feb/2010</i>]
-<p>The ProFTPD Project team is pleased to release 1.3.2d to the community.
-This is a maintenance release, containing fixes for bugs found in the 1.3.2
-in the 1.3.2 release.  The <a href="docs/RELEASE_NOTES-1.3.2d">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.2d">NEWS</a> files contain the full details.</p>
-
-<p>We are also glad to release 1.3.3rc4 to the community.  This is the 
-fourth release candidate of the 1.3.3 development cycle, and contains fixes
-for mod_tls and mod_sftp build errors, memory leaks, and segfaults.  The
-<a href="docs/RELEASE_NOTES-1.3.3rc4">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.3rc4">NEWS</a> files contain the full details.</p>
-
-<h1>1.3.2c, 1.3.3rc3 released</h1>
-[<i>10/Dec/2009</i>]
-<p>The ProFTPD Project team is happy to release 1.3.2c to the community.
-This is a maintenance release, containing backported fixes for bugs found
-in the 1.3.2 release.  The <a href="docs/RELEASE_NOTES-1.3.2c">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.2c">NEWS</a> files contain the full details.</p>
-
-<p>We are also pleased to release 1.3.3rc3 to the community.  This is the
-third release candidate of the 1.3.3 development cycle, and contains
-new SFTP features, a fix for the SSL/TLS renegotiation vulnerability
-(CVE-2009-355), and an updated version of libtool.  The
-<a href="docs/RELEASE_NOTES-1.3.3rc3">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.3rc3">NEWS</a> files contain the full details.</p>
-
-<h1>1.3.2b, 1.3.3rc2 released</h1>
-[<i>20/Oct/2009</i>]
-<p>The ProFTPD Project team is happy to release 1.3.2b to the community.
-This is a maintenance release, containing backported fixes for bugs found
-in the 1.3.2 release.  The <a href="docs/RELEASE_NOTES-1.3.2b">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.2b">NEWS</a> files contain the full details.</p>
-
-<p>We are also pleased to release 1.3.3rc2 to the community.  This is the
-second release candidate of the 1.3.3 development cycle, and contains
-numerous new features, including many SSH/SFTP fixes, a new
-<code>mod_sql_passwd</code> module, support for "implicit" FTPS, and better
-handling of lost database connections.  As always, the
-<a href="docs/RELEASE_NOTES-1.3.3rc2">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.3rc2">NEWS</a> files contain the full details.</p>
-
-<h1>1.3.2a, 1.3.3rc1 released</h1>
-[<i>30/Jun/2009</i>]
-<p>The ProFTPD Project team is happy to release 1.3.2a to the community.
-This is a maintenance release, containing backported fixes for bugs found
-in the 1.3.2 release.  The <a href="docs/RELEASE_NOTES-1.3.2a">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.2a">NEWS</a> files contain the full details.</p>
-
-<p>We are also pleased to release 1.3.3rc1 to the community.  This is the
-first release candidate of the 1.3.3 development cycle, and contains
-numerous new features, including the <code>mod_exec</code>,
-<code>mod_shaper</code>, and <code>mod_tls_shmcache</code> modules and
-SSH2, SFTP, and SCP support (via the <code>mod_sftp</code> module).
-The <a href="docs/RELEASE_NOTES-1.3.3rc1">RELEASE_NOTES</a>
-and <a href="docs/NEWS-1.3.3rc1">NEWS</a> files contain the full details.</p>
-
-<h1>1.3.2 released</h1>
-[<i>5/Feb/2009</i>]
-<p>The ProFTPD Project team is happy to release 1.3.2 to the community.
-This is a bugfix release, including a SQL injection vulnerability fix.
-The <a href="docs/RELEASE_NOTES-1.3.2">RELEASE_NOTES</a> and
-<a href="docs/NEWS-1.3.2">NEWS</a> files contain the full details.</p>
-
 #include "footer.epl"

[Proftpd-docs] www.proftpd.org/docs/contrib mod_sql.html,1.5,1.6

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/contrib
In directory vz-cvs-3.sog:/tmp/cvs-serv22198

Modified Files:
	mod_sql.html 
Log Message:

Updating mod_sql.html doc on website.


Index: mod_sql.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/contrib/mod_sql.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- mod_sql.html	9 Nov 2011 23:58:49 -0000	1.5
+++ mod_sql.html	26 Jan 2012 17:56:36 -0000	1.6
@@ -695,6 +695,13 @@
 </pre>
 
 <p>
+<b>Note</b> that if custom group <code>SQLNamedQuery</code> are configured,
+those custom queries will be used <i>as is</i>; any configured
+<code>SQLGroupWhereClause</code> will <b>not</b> be appended.  Custom queries
+can be of any format/syntax, and thus simply appending a
+<code>SQLGroupWhereClause</code> to a custom query may be syntactically invalid.
+
+<p>
 As of ProFTPD 1.3.1rc2, the configured <code>SQLGroupWhereClause</code>
 parameter can use the same set of variables as supported by the
 <a href="#SQLNamedQuery"><code>SQLNamedQuery</code></a> directive.
@@ -1363,6 +1370,13 @@
 </pre>
 
 <p>
+<b>Note</b> that if custom user <code>SQLNamedQuery</code> are configured,
+those custom queries will be used <i>as is</i>; any configured
+<code>SQLUserWhereClause</code> will <b>not</b> be appended.  Custom queries
+can be of any format/syntax, and thus simply appending a
+<code>SQLUserWhereClause</code> to a custom query may be syntactically invalid.
+
+<p>
 As of ProFTPD 1.3.1rc2, the configured <code>SQLUserWhereClause</code>
 parameter can use the same set of variables as supported by the
 <a href="#SQLNamedQuery"><code>SQLNamedQuery</code></a> directive.
@@ -1408,7 +1422,7 @@
 <br><hr>
 
 <font size=2><b><i>
-&copy; Copyright 2000-2011 The ProFTPD Project<br>
+&copy; Copyright 2000-2012 The ProFTPD Project<br>
  All Rights Reserved<br>
 </i></b></font>
 

[Proftpd-docs] www.proftpd.org/docs/howto Globbing.html,1.2,1.3

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory vz-cvs-3.sog:/tmp/cvs-serv3383

Modified Files:
	Globbing.html 
Log Message:

Updating the Globbing howto on the website.


Index: Globbing.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Globbing.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- Globbing.html	5 Jan 2010 17:02:36 -0000	1.2
+++ Globbing.html	21 Nov 2011 22:24:50 -0000	1.3
@@ -112,18 +112,18 @@
 that it will not handle the expression.
 
 <p>
-There is a similar limit on the maximum number of matches for a glob
-expression.  By default, this limit is 100000 (the hardcoded default in
-the GNU library <code>glob(3)</code> implementation).  In the
+There is a similar limit on the maximum number of files that will be checked
+for a glob expression.  By default, this limit is 100000 (the hardcoded default
+in the GNU library <code>glob(3)</code> implementation).  In the
 <code>1.3.3rc1</code> ProFTPD release, a way of altering this limit was
 added: <code>PR_TUNABLE_GLOBBING_MAX_MATCHES</code>.  For sites which really
-do require a higher number of matches for their glob expressions, the
-following <code>configure</code> command can be used:
+do require a higher number of files to be matched for their glob expressions,
+the following <code>configure</code> command can be used:
 <pre>
   ./configure CFLAGS="-DPR_TUNABLE_GLOBBING_MAX_MATCHES=200000UL" ...
 </pre>
-A globbing expression that matches more than this limit will have the
-number of matches silently truncated to the limit (or just below).
+A globbing expression that needs to examine more files than this limit will
+have the number of matches silently truncated to the limit (or just below).
 
 <p>
 <hr>

[Proftpd-docs] www.proftpd.org download.epl,1.125,1.126

[John M. <jw...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory vz-cvs-3.sog:/tmp/cvs-serv30118

Modified Files:
	download.epl 
Log Message:
update

Index: download.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/download.epl,v
retrieving revision 1.125
retrieving revision 1.126
diff -u -d -r1.125 -r1.126
--- download.epl	6 Jun 2011 16:15:16 -0000	1.125
+++ download.epl	12 Nov 2011 14:51:50 -0000	1.126
@@ -32,9 +32,6 @@
     	<a href="ftp://ftp.ch.proftpd.org/">ch</a>
    	
 
-    	<a href="ftp://ftp.cz.proftpd.org/">cz</a>
-   	
-
     	<a href="ftp://ftp.de.proftpd.org/">de</a>
    	
 
@@ -44,9 +41,6 @@
     	<a href="ftp://ftp.hk.proftpd.org/">hk</a>
    	
 
-    	<a href="ftp://ftp.ie.proftpd.org/">ie</a>
-   	
-
     	<a href="ftp://ftp.it.proftpd.org/">it</a>
    	
 
@@ -56,15 +50,9 @@
     	<a href="ftp://ftp.nl.proftpd.org/">nl</a>
    	
 
-    	<a href="ftp://ftp.no.proftpd.org/">no</a>
-   	
-
     	<a href="ftp://ftp.pl.proftpd.org/">pl</a>
    	
 
-    	<a href="ftp://ftp.se.proftpd.org/">se</a>
-   	
-
     	<a href="ftp://ftp.tr.proftpd.org/">tr</a>
    	
 
@@ -140,28 +128,6 @@
     
 
 		<p>
-			<a href="ftp://ftp5.no.proftpd.org">ftp://ftp5.no.proftpd.org/</a>
-            <br />
-			<a href="ftp://ftp.tomt.net/pub/software/proftpd/">ftp://ftp.tomt.net/pub/software/proftpd/</a>
-			<br />
-			Location: (Norway) 
-			<br />
-			Maintained by: Andre Tomt<br />
-		</p>
-    
-
-		<p>
-			<a href="ftp://ftp0.ie.proftpd.org">ftp://ftp0.ie.proftpd.org/</a>
-            <br />
-			<a href="ftp://ftp.esat.net/mirrors/ftp.proftpd.org/">ftp://ftp.esat.net/mirrors/ftp.proftpd.org/</a>
-			<br />
-			Location: (Ireland) (Dublin, Ireland)
-			<br />
-			Maintained by: Dave Burke<br />
-		</p>
-    
-
-		<p>
 			<a href="ftp://ftp5.fr.proftpd.org">ftp://ftp5.fr.proftpd.org/</a>
             <br />
 			<a href="ftp://ftp.crihan.fr/mirrors/ftp.proftpd.org/">ftp://ftp.crihan.fr/mirrors/ftp.proftpd.org/</a>
@@ -283,17 +249,6 @@
     
 
 		<p>
-			<a href="ftp://ftp3.cz.proftpd.org">ftp://ftp3.cz.proftpd.org/</a>
-            <br />
-			<a href="ftp://proftpd.kn.vutbr.cz/pub/proftpd">ftp://proftpd.kn.vutbr.cz/pub/proftpd</a>
-			<br />
-			Location: (Czech republic) (ftp://mirror.kn.vutbr.cz/pub/ftp.proftpd.org)
-			<br />
-			Maintained by: Zdenek Bill<br />
-		</p>
-    
-
-		<p>
 			<a href="ftp://ftp7.nl.proftpd.org">ftp://ftp7.nl.proftpd.org/</a>
             <br />
 			<a href="ftp://proftpd.mirrors.webazilla.nl/">ftp://proftpd.mirrors.webazilla.nl/</a>
@@ -305,17 +260,6 @@
     
 
 		<p>
-			<a href="ftp://ftp9.pl.proftpd.org">ftp://ftp9.pl.proftpd.org/</a>
-            <br />
-			<a href="ftp://ftp.piotrkosoft.net/pub/mirrors/ftp.proftpd.org/">ftp://ftp.piotrkosoft.net/pub/mirrors/ftp.proftpd.org/</a>
-			<br />
-			Location: (Poland) (Poland)
-			<br />
-			Maintained by: Piotr Maluty<br />
-		</p>
-    
-
-		<p>
 			<a href="ftp://ftp35.us.proftpd.org">ftp://ftp35.us.proftpd.org/</a>
             <br />
 			<a href="ftp://proftpd.mirrors.tds.net/pub/ProFTPD">ftp://proftpd.mirrors.tds.net/pub/ProFTPD</a>
@@ -349,17 +293,6 @@
     
 
 		<p>
-			<a href="ftp://ftp1.se.proftpd.org">ftp://ftp1.se.proftpd.org/</a>
-            <br />
-			<a href="ftp://mirror2.dataphone.se/pub/ProFTPD">ftp://mirror2.dataphone.se/pub/ProFTPD</a>
-			<br />
-			Location: (Sweden) (Sweden)
-			<br />
-			Maintained by: Mirror Staff<br />
-		</p>
-    
-
-		<p>
 			<a href="ftp://ftp1.uk.proftpd.org">ftp://ftp1.uk.proftpd.org/</a>
             <br />
 			<a href="ftp://proftpd.maytech.net/">ftp://proftpd.maytech.net/</a>

[Proftpd-docs] www.proftpd.org/include header.epl,1.50,1.51

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/include
In directory vz-cvs-3.sog:/tmp/cvs-serv5857/include

Modified Files:
	header.epl 
Log Message:

Updating website for 1.3.4a release.


Index: header.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/include/header.epl,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -d -r1.50 -r1.51
--- header.epl	9 Nov 2011 23:39:20 -0000	1.50
+++ header.epl	11 Nov 2011 17:45:06 -0000	1.51
@@ -17,14 +17,14 @@
 
 <div id="menu">
   <h1>Current Versions</h1>
-  Stable: <strong>1.3.4</strong>
+  Stable: <strong>1.3.4a</strong>
   <div class="indent">
-    <span class="nowrap">[ <a href="/docs/RELEASE_NOTES-1.3.4">RELEASE_NOTES</a> ]</span>
+    <span class="nowrap">[ <a href="/docs/RELEASE_NOTES-1.3.4a">RELEASE_NOTES</a> ]</span>
   </div>
   <div class="indent">
-    <span class="nowrap">[ <a href="/docs/NEWS-1.3.4">NEWS</a> ]</span>
-    <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4.tar.gz">gz</a> ]</span>
-    <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4.tar.bz2">bz2</a> ]</span>
+    <span class="nowrap">[ <a href="/docs/NEWS-1.3.4a">NEWS</a> ]</span>
+    <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4a.tar.gz">gz</a> ]</span>
+    <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4a.tar.bz2">bz2</a> ]</span>
   </div>
   Release Candidate: <strong>None</strong>
 

[Proftpd-docs] www.proftpd.org md5_pgp.epl, 1.61, 1.62 index.epl, 1.119, 1.120

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory vz-cvs-3.sog:/tmp/cvs-serv5857

Modified Files:
	md5_pgp.epl index.epl 
Log Message:

Updating website for 1.3.4a release.


Index: md5_pgp.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/md5_pgp.epl,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -d -r1.61 -r1.62
--- md5_pgp.epl	9 Nov 2011 23:39:19 -0000	1.61
+++ md5_pgp.epl	11 Nov 2011 17:45:06 -0000	1.62
@@ -10,8 +10,8 @@
 <pre>
 88c0ac5a505b31b107196cf234fccced <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3g.tar.bz2">proftpd-1.3.3g.tar.bz2</a>
 8d7cb79cecfd81acec755c6130a8ddd5 <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3g.tar.gz">proftpd-1.3.3g.tar.gz</a>
-7734142c7fa7212ab9f188a617a4be87 <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4.tar.bz2">proftpd-1.3.4.tar.bz2</a>
-467956bdf962fca6fa732ef9442883f0 <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4.tar.gz">proftpd-1.3.4.tar.gz</a>
+4e3235dc1ef95d36e59721d70c5c489c <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4a.tar.bz2">proftpd-1.3.4a.tar.bz2</a>
+4cf3892cfeb25f50514bdda935bcf2ff <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4a.tar.gz">proftpd-1.3.4a.tar.gz</a>
 </pre>
 
 <h2>PGP Signatures</h2>
@@ -39,24 +39,24 @@
 </pre>
 
 <pre>
-<strong>proftpd-1.3.4.tar.bz2.asc</strong>
+<strong>proftpd-1.3.4a.tar.bz2.asc</strong>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
-iEYEABECAAYFAk67AzUACgkQt46JP6URl2oolACg2z9MXxOpcmmuZn0603esv4fU
-KAgAoP0jRpe7A+0rCj6qFSWS9vPFwXmy
-=/79P
+iEYEABECAAYFAk69XIsACgkQt46JP6URl2pLAgCgzD+d385MBFzJs0ymBcKFR29H
+A3UAoLk/UBvGpHw0Ia1v5Sm2kYnNGEOM
+=jN9k
 -----END PGP SIGNATURE-----
 </pre>
 
 <pre>
-<strong>proftpd-1.3.4.tar.gz.asc</strong>
+<strong>proftpd-1.3.4a.tar.gz.asc</strong>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
-iEYEABECAAYFAk67AykACgkQt46JP6URl2rEyQCdGvBes80HzBAhLTPnZCRmwYfa
-L+UAoKu5NHTv+OIU6QevNODgOxomQVjv
-=89Ee
+iEYEABECAAYFAk69XJEACgkQt46JP6URl2qLAwCfQkBXdlCPyxguKHKo0Pgerw/7
+8+8AoI47NX5AVkAtaavJt+PQu6ur78Ch
+=nm1H
 -----END PGP SIGNATURE-----
 </pre>
 

Index: index.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/index.epl,v
retrieving revision 1.119
retrieving revision 1.120
diff -u -d -r1.119 -r1.120
--- index.epl	9 Nov 2011 23:39:19 -0000	1.119
+++ index.epl	11 Nov 2011 17:45:06 -0000	1.120
@@ -3,6 +3,13 @@
 
 #include "header.epl"
 
+<h1>1.3.4a released</h1>
+[<i>11/Nov/2011</i>]
+<p>The ProFTPD Project team is ready to release 1.3.4a to the community.
+This is a maintenance release, containing build fixes for the RPM package
+and several modules.  The <a href="docs/RELEASE_NOTES-1.3.4a">RELEASE_NOTES</a>
+and <a href="docs/NEWS-1.3.4a">NEWS</a> files contain the full details.
+
 <h1>1.3.3g, 1.3.4 released</h1>
 [<i>09/Nov/2011</i>]
 <p>The ProFTPD Project team is pleased to release 1.3.3g to the community.

[Proftpd-docs] www.proftpd.org/docs/howto DisplayFiles.html, 1.2, 1.3 ListOptions.html, 1.2, 1.3 Rewrite.html, 1.2, 1.3 Scoreboard.html, 1.2, 1.3 Sendfile.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory vz-cvs-3.sog:/tmp/cvs-serv32384

Modified Files:
	DisplayFiles.html ListOptions.html Rewrite.html 
	Scoreboard.html Sendfile.html 
Log Message:

Updating howtos for website.


Index: Sendfile.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Sendfile.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- Sendfile.html	9 Feb 2009 16:34:59 -0000	1.1
+++ Sendfile.html	10 Nov 2011 23:06:37 -0000	1.2
@@ -104,6 +104,11 @@
 "UseSendfile off" in your <code>proftpd.conf</code>.
 
 <p>
+Bugs in certain network cards have been reported on Linux, where the use
+of <code>sendfile(2)</code> triggers TCP checksum offloading bugs on these
+cards when using IPv6.
+
+<p>
 <a href="http://bugs.proftpd.org/show_bug.cgi?id=3081">Bug 3081</a> also
 demonstrates an interesting <code>sendfile(2)</code> issue.  It is a special
 case where the FTP client and server are on the same machine, 
@@ -113,10 +118,11 @@
 "hang".  The fix for this situation is relatively simple: "Don't do that."
 
 <p>
-Finally, if your Unix kernel and your filesystems work together to support
+If your Unix kernel and your filesystems work together to support
 the use of <code>sendfile(2)</code> properly, you may run into one last
 potential issue with ProFTPD's <code>ftptop</code> and <code>ftpwho</code>
-utilities when <code>sendfile(2)</code> is used.  These utilities rely on
+utilities when <code>sendfile(2)</code> is used (at least for versions of
+<code>proftpd</code> prior to 1.3.4rc1).  These utilities rely on
 data in ProFTPD's <a href="Scoreboard.html"><code>ScoreboardFile</code></a>
 for providing their information, including transfer rates.  The progress
 of a file being downloaded is tracked in the <code>ScoreboardFile</code>
@@ -133,10 +139,11 @@
 <code>ftptop</code> and <code>ftpwho</code>, however.
 
 <p>
-<b>Future Plans</b><br>
-Apache supports disabling the use of <code>sendfile(2)</code> at run-time
-on a <i>per <code>&lt;Directory&gt;</code></i> basis.  It would be great
-if ProFTPD supported the same, so that sites could do the following:
+In <code>proftpd-1.3.4rc1</code> and later, the <code>UseSendfile</code>
+directive changed.  Now you can use <code>UseSendfile</code> in
+<code>&lt;Directory&gt;</code> sections and <code>.ftpaccess</code> files.
+This allows sites to disable use of <code>sendfile(2)</code> just for specific
+directories/filesystems where it might be a problem, <i>e.g.</i>:
 <pre>
   &lt;Directory /path/to/nfs/files&gt;
     UseSendfile off
@@ -144,6 +151,21 @@
 </pre>
 
 <p>
+Instead of the usual <em>on/off</em> parameters, the <code>UseSendfile</code>
+directive can also take a byte length, or a file size percentage, as parameters.
+These parameters can be used so that <code>sendfile(2)</code> is used for
+more optimal downloads <b>while still letting <code>ftptop</code> and
+<code>ftpwho</code> display download progress rates</b>.  To use this, the
+best way to use specify a file size percentage such as 10% or 25%; this means
+that <code>sendfile(2)</code> will be used for each 10% or 25% percent of
+the size of the file being downloaded:
+<pre>
+  &lt;Directory /&gt;
+    UseSendfile 10%
+  &lt;/Directory&gt;
+</pre>
+
+<p>
 <hr>
 <i>$Date$</i><br>
 

Index: Rewrite.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Rewrite.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- Rewrite.html	27 May 2009 23:15:47 -0000	1.2
+++ Rewrite.html	10 Nov 2011 23:06:37 -0000	1.3
@@ -141,6 +141,30 @@
 For more variables like <code>%P</code>, see the <a href="../contrib/mod_rewrite.html#RewriteCondition"><code>RewriteCondition</code></a> and <a href="../contrib/mod_rewrite.html#RewriteRule"><code>RewriteRule</code></a> descriptions.
 
 <p>
+<b>Replacing Backslashes With Slashes</b><br>
+Some sites have FTP clients which seem to send <code>CWD</code> and
+<code>RETR</code>/<code>STOR</code> commands which use Windows-style
+backslashes, <i>e.g.</i> "path\to\file".  And ideally, these sites would like
+to work seamlessly with such clients, without having to get the clients to
+change.  Can <code>mod_rewrite</code> be used to change those backslashes
+into more Unix-friendly regular slashes?  Absolutely.
+
+The following <code>mod_rewrite</code> configuration should do the trick:
+<pre>
+  &lt;IfModule mod_rewrite.c&gt;
+    RewriteEngine on
+
+    # Use the replaceall internal RewriteMap
+    RewriteMap replace int:replaceall
+
+    RewriteRule (.*) "${replace:!$1!\\\\!/}"'
+  &lt;/IfModule&gt;
+</pre>
+Yes, you will need the four consecutive backslashes there, in order to make it
+past proftpd's config file parser (which thinks backslashes are escape
+sequences) as well as the regular expression compiler.
+
+<p>
 <b>Modifying User Names</b><br>
 Is there a way that I can transparently change the login name that the FTP
 client sends, from one set of known login names to the new set of names

Index: Scoreboard.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Scoreboard.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- Scoreboard.html	21 Oct 2009 16:46:43 -0000	1.2
+++ Scoreboard.html	10 Nov 2011 23:06:37 -0000	1.3
@@ -13,12 +13,14 @@
 <hr>
 
 <p>
-<b>What is the Scoreboard</b><br>
+<b>What is the Scoreboard?</b><br>
 The <code>ScoreboardFile</code> is used by <code>proftpd</code> for tracking
 information for each current FTP session.  It is necessary for things like
 <code>MaxClients</code>, <code>MaxClientsPerUser</code>, <i>etc</i>.
-The utility programs (<code>ftpwho</code>, <code>ftpcount</code>,
-<code>ftptop</code>) read the scoreboard and display its information.
+The utility programs (<a href="../utils/ftpwho.html"><code>ftpwho</code></a>,
+<a href="../utils/ftpcount.html"><code>ftpcount</code></a>,
+<a href="../utils/ftptop.html"><code>ftptop</code></a>) read the scoreboard and
+display its information.
 
 <p>
 Here's how <code>proftpd</code> handles its scoreboard: There is a default
@@ -47,6 +49,50 @@
 to see if the daemon ran into problems using that defined location.
 
 <p>
+In proftpd-1.3.4rc1, a new <code>ScoreboardMutex</code> directive was added.
+This file is used as a mutex for starting/ending sessions, for improving
+performance under load; see <a href="http://bugs.proftpd.org/show_bug.cgi?id=3208">Bug#3208</a> for the technical details.  The default path (usually
+<code>var/proftpd/proftpd.scoreboard.lck</code>) for
+<code>ScoreboardMutex</code> should suffice.  If you need to explicitly
+configure a different <code>ScoreboardMutex</code> file, make absolutely
+sure that you <b>do not place the file on a networked filesystem</b>.  Your
+performance will suffer greatly if you do.
+
+<p>
+<b>What's in the Scoreboard?</b><br>
+What types of information about each session is tracked in the scoreboard?
+What else is recorded in the scoreboard?
+
+<p>
+The <code>ScoreboardFile</code> records the following information about
+the parent/daemon <code>proftpd</code> process:
+<ul>
+  <li>scoreboard file format identifier
+  <li>daemon PID
+  <li>daemon uptime
+  <li>daemon version
+</ul>
+and for each session, the <code>ScoreboardFile</code> records:
+<ul>
+  <li>session PID
+  <li>session protocol (<i>e.g.</i> "ftp", "ftps", "sftp")
+  <li>session UID
+  <li>session GID
+  <li>session user name
+  <li>session server IP address/port
+  <li>session virtual host name
+  <li>session client IP address, DNS name
+  <li>session <a href="Classes.html">class</a>
+  <li>time since session started
+</ul>
+and some other data related to data transfers.  The data transfer-related fields
+include the filename being transferred (may be relative or absolute, depending
+on what the client sent), the transfer command (<i>e.g.</i> <code>RETR</code>
+for downloads, <code>STOR</code> for uploads, <i>etc</i>), the amount of
+data transferred so far, and percentage of transfer completed (for downloads
+only).
+
+<p>
 <b>Scrubbing the Scoreboard</b><br>
 There is a bad habit among system administrators of using
 <code>`kill -9'</code> to kill a misbehaving process.  Any process that is

Index: DisplayFiles.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/DisplayFiles.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- DisplayFiles.html	24 Feb 2010 18:55:58 -0000	1.2
+++ DisplayFiles.html	10 Nov 2011 23:06:36 -0000	1.3
@@ -36,13 +36,6 @@
 
   <p>
   <li>
-    <dt><code>DisplayGoAway</code>
-    <dd>Displayed to a client when it cannot connect because the maximum
-        number of connections from its <code>Class</code> has been reached</dd>
-  </li>
-
-  <p>
-  <li>
     <dt><code>DisplayFileTransfer</code>
     <dd>Displayed to the client whenever a file is successfully transfer,
         either uploaded or downloaded</dd>
@@ -233,6 +226,20 @@
   </tr>
 </table>
 
+<p><a name="FAQ"></a>
+<b>Frequently Asked Questions</b><br>
+
+<p><a name="DisplayPathsWithSpaces">
+<font color=red>Question</font>: I configured path which contains spaces for
+<code>DisplayLogin</code>, and it doesn't work.  Why not?<br>
+<font color=blue>Answer</font>: If using paths/files which contains spaces,
+make sure that you enclose the path in quotation marks, <i>e.g.</i>:
+<pre>
+  DisplayLogin "/path/to/display login.txt"
+</pre>
+Otherwise, the configuration file parser will treat the space-separated
+portions of the path as separate directive parameters.
+
 <p>
 <hr>
 <i>$Date$</i><br>

Index: ListOptions.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/ListOptions.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- ListOptions.html	5 Jan 2010 17:03:51 -0000	1.2
+++ ListOptions.html	10 Nov 2011 23:06:37 -0000	1.3
@@ -30,6 +30,8 @@
       <dd>Force printing of non-printable filename characters as \<i>xxx</i>, where <i>xxx</i> is the octal value of the character</dd>
   <li><dt>-C</dt>
       <dd>List entries by columns</dd>
+  <li><dt>-c<dt>
+      <dd>Sort by file status change time when <code>-t</code> is also used</dd>
   <li><dt>-d</dt>
       <dd>List directory entries instead of directory contents</dd>
   <li><dt>-F</dt>
@@ -49,7 +51,9 @@
   <li><dt>-S</dt>
       <dd>Sort by file size</dd>
   <li><dt>-t</dt>
-      <dd>Sort by modification time</dd>
+      <dd>Sort by file modification time</dd>
+  <li><dt>-u<dt>
+      <dd>Sort by file access time when <code>-t</code> is also used</dd>
 </ul>
 
 <p>

[Proftpd-docs] www.proftpd.org/docs NEWS-1.3.3g, NONE, 1.1 NEWS-1.3.4, NONE, 1.1 RELEASE_NOTES-1.3.3g, NONE, 1.1 RELEASE_NOTES-1.3.4, NONE, 1.1

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs
In directory vz-cvs-3.sog:/tmp/cvs-serv23872/docs

Added Files:
	NEWS-1.3.3g NEWS-1.3.4 RELEASE_NOTES-1.3.3g 
	RELEASE_NOTES-1.3.4 
Log Message:

Updating website with info for 1.3.4, 1.3.3g releases.


--- NEW FILE: RELEASE_NOTES-1.3.4 ---
                    1.3.4 Release Notes
                  ------------------------

This file contains a description of the major changes to ProFTPD for the
1.3.4 release cycle, from the 1.3.4rc1 release to the 1.3.4 maintenance
releases.  More information on these changes can be found in the NEWS and
ChangeLog files.

1.3.4rc4
---------

  + New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation
    for details.
  + Improved configure script for cross-compiling.
  + Reworked the proftpd.spec RPM file
  + Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD.
  + New "IgnoreSFTPSetTimes" SFTPOption added; see the SFTPOptions
    documentation for details.

1.3.4rc3
---------

  + The mod_ldap configuration directives have changed to a simplified
    version; please read the "Changes" section in README.LDAP for details.

  + Support for using RADIUS for authentication SSH2 logins, and for
    supporting the NAS-IPv6-Address RADIUS attribute.

  + Automatically disable sendfile support on AIX systems.

  + <Limit WRITE> now prevents renaming/moving a file out of the limited
    directory.

  + ExtendedLog entries now written for data transfers which time out.

1.3.4rc2
---------

  + Display messages work properly again.

  + Fixes plaintext command injection vulnerability in FTPS implementation
    (i.e. mod_tls).  See http://bugs.proftpd.org/show_bug.cgi?id=3624 for
    details.

  + Fixes CVE-2011-1137 (badly formed SSH messages cause DoS).  See
    http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.

  + Performance improvements, especially during server startup/restarts.

  + New --enable-memcache configure option

    ProFTPD now provides an API for modules for using memcached servers for
    caching information among different proftpd server and/or across
    sessions.  For more information, see the mod_memcache documentation
    in doc/modules/mod_memcache.html.

  + New --enable-pcre configure option

    The C library support for POSIX regular expressions is vulnerable to
    some pathological regex patterns; the glibc library in particular
    can be made to burn CPU with such patterns.  Sites which wish to avoid
    such buggy C library implementations can instead use PCRE for regular
    expression support in ProFTPD, by using the --enable-pcre configure
    option.
   
  + New modules

    mod_tls_memcache

      The mod_tls_memcache module uses the new mod_memcache/memcached support
      in ProFTPD to use memcached servers for caching SSL session information.
      This can be useful, especially when clusters of proftpd servers are
      in used, or for preserving SSL session caches across proftpd restarts.
      See doc/contrib/mod_tls_memcache.html for more details on this module.

  + New configuration directives:

    MaxCommandRate 

      Some clients send FTP commands too quickly.  The new MaxCommandRate
      directive is used to detect and to throttle such malicious clients;
      it also generates an event that can be used by the mod_ban module
      for banning these clients.  See doc/modules/mod_core.html#MaxCommandRate.

    ProcessTitles

      By default, proftpd changes the process title for session processes
      to include the authenticated user name and the FTP command being
      handled, including the paths to files being downloaded.  The new
      ProcessTitles directive can be used to modify proftpd's behavior with
      regard to this session process title changing. See
      doc/modules/mod_core.html#ProcessTitles for more info.

    SQLNamedConnectInfo

      Some sites wish to have mod_sql connections to multiple different
      databases simultaneously, e.g. one connection for retrieving user
      data and a separate connection for logging.  To support such sites,
      the new SQLNamedConnectInfo directive can be used to create "named
      connection".  These "named connections" can then be used in a
      SQLNamedQuery, i.e. you can specify the named connection that a
      SQLNamedQuery is to use when it is expected.  More information can
      found at doc/contrib/mod_sql.html#SQLNamedConnectInfo.

    TraceOptions

      The TraceLog can provide very detailed information, especially when
      diagnosing an issue.  To aid in such diagnoses, the new TraceOptions
      directive can be used to add more information to the TraceLog,
      such as client/server IP addresses (if available), and timestamps
      with millisecond granularity.  The documentation at
      doc/modules/mod_core.html#TraceOptions has the details.

  + The following utilities are now installed under $prefix/bin/ by the
    'make install' target: ftpasswd, ftpmail, ftpquota

  + Changed configuration directives:

    BanOnEvent

      The mod_ban module's BanOnEvent directive now supports a few more
      events, namely 'MaxCommandRate' and 'UnhandledCommand'.  These events
      can be used to ban clients which send commands too quickly, or which
      send too many unhandled/unknown commands.

    ExtendedLog

      For some LogFormat variables (e.g. %E, %I, %O) it is useful to log
      them when then session exits.  The mod_sql module has had the ability
      to log at session exit for quite some time.  The ExtendedLog directive
      can how log at session exit as well, using the new "EXIT" command class.

    LogFormat

      The LogFormat directive now supports a couple of new variables:

        %E variable, for end-of-session reason
        %H variable, for IP address of server handling session

      These are listed in the LogFormat docs; see
      doc/modules/mod_log.html#LogFormat. 

    PathAllowFilter, PathDenyFilter

      The PathAllowFilter and PathDenyFilter directives now support an
      optional flags parameter, which can be used to specify e.g.
      case-insensitive evaluation of the configured regular expression.
      For example:

        PathDenyFilter .jpg$ [NC]

      See doc/modules/mod_core.html#PathAllowFilter for more details.

    SFTPOptions

      The mod_sftp module's SFTPOptions directive supports a new
      'IgnoreSFTPSetPerms' option.  This option is similar to the existing
      'IgnoreSFTPUploadPerms'; it causes mod_sftp to silently ignore the SFTP
      client's attempts to change file permissions.  See
      doc/contrib/mod_sftp.html#SFTPOptions.

    SFTPPAMOptions

      The SFTPPAMOptions directive for the mod_sftp_pam module now supports
      a 'NoInfoMsgs' option, which disables the sending of informational
      messages from the PAM library to the connecting SSH client.  This
      option can be used to make mod_sftp_pam behavior like OpenSSH with
      regard to PAM support.

    SQLNamedQuery

      The SQLNamedQuery directive now supports an optional "named connection"
      name, for supporting multiple database connections.  See the
      doc/contrib/mod_sql.html#SQLNamedConnectInfo docs for more information.

    TLSSessionCache

      The TLSSessionCache directive from the mod_tls module can now be
      used to explicitly configure the session cache timeout when OpenSSL's
      internal session caching mechanism (used by default) is being used.
      See doc/contrib/mod_tls.html#TLSSessionCache for details.

    Trace
 
      The Trace directive can now to be used to specify a range of trace
      channel log levels, rather than simply specifying the maximum log
      level for a channel.  For example, to see only messages from log
      levels 5 to 8, you would do:

        Trace DEFAULT:5-8

      This is documented in the Trace directive documentation, at
      doc/modules/mod_core.html#Trace.

  + New documentation:

    doc/howto/ConnectionACLs.html

    doc/utils/ftpasswd.html
    doc/utils/ftpcount.html
    doc/utils/ftpdctl.html
    doc/utils/ftpquota.html
    doc/utils/ftpscrub.html
    doc/utils/ftptop.html
    doc/utils/ftpwho.html

  + Developer/API Changes

    The following functions have been removed, as they are not used anywhere
    and should not be being used:

      pr_response_send_ml()
      pr_response_send_ml_start()
      pr_response_send_ml_end()

    The following function has been renamed/moved:

      end_login() is now pr_session_end()

    A related new function, pr_session_disconnect() is added.  This new
    function allows the caller to specify a reason code indicating why
    the session is ending, as well as support for an optional string
    for more details about the reason for ending the session.

1.3.4rc1
---------

  + Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
  + Fixed directory traversal bug in mod_site_misc (CVE-2010-3867)
  + Fixed sql_prepare_where() buffer overflow (Bug#3536)
  + Added Japanese translation
  + Many mod_sftp bugfixes
  + Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later
  + Fixed handling of utmp/utmpx format changes on FreeBSD
  + Automatic detection of MySQL, Postgres library and header file locations
  + Added support for SMTP authentication in ftpmail script
  + Updated fnmatch implementation, using glibc-2.9 version.
  + Overhauled mod_ldap configuration directives, making mod_ldap easier
    to configure. Previous configurations must be updated. See README.LDAP
    for details.

  + New modules:

    mod_copy

      This module provides the SITE CPFR and SITE CPTO commands, for
      allowing a client to copy files from one location to another on the
      server, without requiring downloads/uploads.  See
      doc/contrib/mod_copy.html for details.

    mod_deflate

      This module provides support for MODE Z, which uses compression to
      reduce the number of bytes required for data transfers and directory
      lists.  See doc/contrib/mod_deflate.html for more information.

      Depending on the data being transferred, clients can see quite
      a difference in the speed; see:

        http://www.smartftp.com/support/kb/file.php?f=192

      for some performance numbers.

    mod_ifversion

      This module allows for version-specific configuration sections of
      the proftpd config file.  It is useful for using the same proftpd
      config across multiple servers where different proftpd versions may
      be in use.  See doc/contrib/mod_ifversion.html for examples.

    mod_qos

      This module allows administrators to set networking-specific
      "Quality of Service" (QoS) bits on the packets used by the server.
      More information can be found in doc/contrib/mod_qos.html

  + New configuration directives:

    Protocols

      This directive can be used to specify which protocols can be used
      by a connecting client.  It is designed to work with mod_ifsession,
      so that it can be set on a per-user/group/class basis.  See
      doc/modules/mod_core.html#Protocols for details.

    ScoreboardMutex

      This directive is used to explicitly configure the patch to a
      "mutex" file used for scoreboard locking; this file is used to
      increase proftpd's performance under load.  See:

        http://bugs.proftpd.org/show_bug.cgi?id=3208

      for more information.

    SFTPClientAlive

      This directive is used to enable a protocol-level "keep alive"
      check for mod_sftp SSH connections.  More details can be found
      in doc/contrib/mod_sftp.html#SFTPClientAlive.

    WrapOptions

      The mod_wrap2 module has additional behaviors such as checking the
      allow/deny rules at client connect time (versus after login),
      and checking the allow/deny rules using all of a client's DNS names.
      The WrapOptions directive is used to configure these behaviors;
      see doc/contrib/mod_wrap2.html#WrapOptions for more information.

  + Changed configuration directives:

    BanOnEvent

      The BanOnEvent directive of the mod_ban module now supports
      LoginRate events; see doc/contrib/mod_ban.html#BanOnEvent.  This
      lets mod_ban reject clients which are logging in too quickly.

    ListOptions

      The mod_ls module now supports the -c and -u options for the LIST
      command.  The ListOptions directive handles these options as well.
      See the ls(1) man page for more details on these options.

      In addition, the NoErrorIfAbsent ListOption can be used to configure
      whether mod_ls returns a 226 response code, rather than the default
      450 response code, for a LIST/NLST command for a path which does not
      exist.  Some clients are sensitive to this use case.

    LogFormat

      The LogFormat directive now supports two additional variables:
      %I for logging the total number of bytes read from the network,
      and %O for logging the total number of bytes written to the network.
      Note that these values do NOT include any bytes for the TCP packet
      overhead.  The mod_sql module's SQLLog directive also supports these
      variables.

      These variables can be used to get a better idea of network traffic
      per session/client, as well as for comparing the relative network
      traffic of e.g. FTPS versus SFTP.
 
    SFTPOptions

      The mod_sftp module did not interoperate well with old ssh.com or
      with Tectia SSH clients.  Support for these clients was added to
      mod_sftp via the OldProtocolCompat SFTPOption (Bug#3480).  See
      doc/contrib/mod_sftp.html#SFTPOptions for more information.

    TLSOptions

      When verifying a client's certificate, the mod_tls module could
      be configured to check the iPAddress and/or dNSName portions of the
      SubjectAltName section of the client certificate, via the TLSOptions
      directive.  A new CommonNamedRequired TLSOptions is now supported,
      which tells mod_tls to check the CommonName (CN) section of the
      client certificate.  See doc/contrib/mod_tls.html#TLSOptions for
      details.

    UseSendfile

      The UseSendfile directive can now be used in <Directory> sections and
      .ftpaccess files.  This means that sendfile(2) support can be disabled
      on filesystems which do not support it, while still be used on other
      parts of the filesystem which can support it.

      The UseSendfile directive can now also configure how many bytes of
      a file to send via sendfile(2) at a time; this can be either in number
      of bytes, or in percentage of the file size.  The advantage of this
      is that now the ScoreboardFile (and ftptop/ftpwho) can show download
      progress rates when UseSendfile is enabled.

      See doc/howto/Sendfile.html for the full details.

  + Deprecated configuration directives:

    DisplayGoAway

      Support for this directive has been removed.

Last Updated: $Date: 2011/11/09 23:39:20 $

--- NEW FILE: NEWS-1.3.4 ---
$Id: NEWS-1.3.4,v 1.1 2011/11/09 23:39:20 castaglia Exp $

-----------------------------------------------------------------------------
  More details on the bugs listed below can be found by using the bug number
  indicated in the following URL:

    http://bugs.proftpd.org/show_bug.cgi?id=N

  where `N' is the bug number.
-----------------------------------------------------------------------------

1.3.4 - Released 09-Nov-2011
--------------------------------
- Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD.
- Bug 3669 - mod_sql_mysql.so: undefined symbol: make_scrambled_password with
  MySQL 5.5 on Fedora.
- Bug 3192 - PQescapeStringConn() needs a better check.
- Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks.
  To disable this countermeasure, which may cause interoperability issues
[...2538 lines suppressed...]
- sendfile() deprecates politely on Linux 2.0.x.
- AuthPAMAuthoritative now defaults to False.  This should clear up any
  confusion on using PAM with AuthUserFile and friends.
- Removed Bandwidth from the documentation.
- Fixed a rare segfault in mod_auth.
- Logging has changed slightly to be more informative and more consistent.
    All messages that get logged are now preceded with
    <virtualhost> (remote host[remote ip]).
- mod_ldap for authentication against LDAP directories is now in place.
- ftpwho/ftpcount -- a grammatical error corrected, and they now build
    as seperate binaries.
- Fixed the 'no names, just UIDs' bug.
- Added genuser.pl to facilitate AuthUserFile entry creation.
- Umask now takes an optional second argument, specifying a directory umask.
- Work around FreeBSD's broken setpassent(), and a new option to override
    this in fixed versions of FreeBSD's libc (--enable-force-setpassent).
- Generate RPMs for both inetd and standalone versions of ProFTPD.
- Added AuthUsingAlias to allow for more fine-grain control of anonymous
    logins.
- Added support for 'TYPE L 8' and 'TYPE L 7' per RFC 959.

--- NEW FILE: RELEASE_NOTES-1.3.3g ---
                    1.3.3 Release Notes
                  ------------------------

This file contains a description of the major changes to ProFTPD for the
1.3.3 release cycle, from the 1.3.3rc1 release to the 1.3.3 maintenance
releases.  More information on these changes can be found in the NEWS and
ChangeLog files.

1.3.3g
---------

  + New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation
    for details.
  + Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD.

1.3.3f
---------

  + Fixes segfault if mod_sql_mysql and "SQLAuthenticate groupsetfast"
    configuration used.
  + Fixes mod_wrap syslog level (regression from Bug#3317).
  + Fixes mod_ifsession segfault if regular expression patterns used in
    a <VirtualHost> section.

1.3.3e
---------

  + Display messages work properly again.
  + Fixes plaintext command injection vulnerability in FTPS implementation
    (i.e. mod_tls).  See http://bugs.proftpd.org/show_bug.cgi?id=3624 for
    details.
  + Fixes CVE-2011-1137 (badly formed SSH messages cause DoS).  See
    http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.
  + Performance improvements, especially during server startup/restarts.

1.3.3d
---------

  + Fixed sql_prepare_where() buffer overflow (Bug#3536)
  + Fixed CPU spike when handling .ftpaccess files.
  + Fixed handling of SFTP uploads when compression is used.

1.3.3c
---------

  + Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
  + Fixed directory traversal bug in mod_site_misc
  + Fixed SQLite authentications using "SQLAuthType Backend"

1.3.3b
---------

  + Fixed SFTP directory listing bug
  + Avoid corrupting utmpx databases on FreeBSD
  + Avoid null pointer dereferences during data transfers
  + Fixed "AuthAliasOnly on" anonymous logins

1.3.3a
---------

  + Added Japanese translation
  + Many mod_sftp bugfixes
  + Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later
  + Fixed handling of utmp/utmpx format changes on FreeBSD

1.3.3
---------

  + Fixed mod_ban whitelisting using mod_ifsession.
  + Fixed per-user/group/class "HideFiles none" configurations.

1.3.3rc4
---------

  + Fixed mod_tls compilation using OpenSSL installations older than 0.9.7.
  + Fixed mod_sftp compilation on AIX.
  + Fixed RADIUS authentication on 64-bit platforms
  + Fixed memory leak in SCP downloads.

  + New configuration directives

    SQLPasswordUserSalt

      The SQLPasswordUserSalt directive can be used to configure per-user
      salt data to be added to the encrypted password for a user.  The salt
      can be the user name, or it can be the result of a SQL query.  More
      information can be found in
      doc/contrib/mod_sql_passwd.html#SQLPasswordUserSalt.

1.3.3rc3
---------

  + Added Taiwan translation.

  + Added support in mod_sftp for the following SFTP extensions:

      check-file
      copy-file
      vendor-id
      version-select
      pos...@op...
      fst...@op...
      st...@op...

  + Added a workaround in mod_tls to deal with the vulnerability found in
    SSL/TLS protocol during renegotiation (CVE-2009-3555).  Good
    descriptions of this vulnerability can be found here:

      http://extendedsubset.com/?p=8
      http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

    The workaround implemented in mod_tls (Bug#3324) is one of the suggested
    mitigation approaches: the server now refuses all client-initiated
    SSL/TLS session renegotiations.

  + Updated to the bundled libtool to 2.2.4 (plus patch) to deal with a
    libtool vulnerability (CVE-2009-3736).

  + Added support for SHA256 and SHA512 passwords to the mod_sql_passwd
    module.

  + New configuration directives

    SFTPExtensions

      The SFTPExtensions directive can be used to selectively enable/disable
      mod_sftp's support for specific SFTP extensions.  See
      doc/contrib/mod_sftp.html#SFTPExtensions for more details.

  + Changed configuration directives

    CapabilitiesSet

      The CAP_FOWNER capability can now be explicitly requested when
      using the mod_cap module:

        <IfModule mod_cap.c>
          CapabilitiesSet +CAP_FOWNER
        </IfModule>

      For operations allowed on files, this capability overrides the
      restriction that the file owner ID must match the process user ID.

1.3.3rc2
---------

  + When handling .ftpaccess files, proftpd was merging them into the
    main configuration such that the .ftpaccess files configurations would
    override the main configuration.  This was never the intended behavior,
    and has been fixed (Bug#3279).

    However, this does mean that sites which use .ftpaccess files may see
    a change in the behavior of their proftpd.

  + Changed scoreboard format (Bug#3286), need for "ServerType inetd"
    server to manually delete their old ScoreboardFiles.  Otherwise they
    will see "error opening scoreboard: bad version (too old)" errors.

  + Changed SQL connection policy (Bug#3290).  Important for clients which
    connect but don't authenticate (e.g. mod_ban, mod_dnsbl, mod_wrap2_sql,
    etc which will reject connected clients prior to authentication); saves
    on unnecessary database connections in such cases.  For sites which
    require the old behavior, there is a new "PERCONNECTION" connection
    policy.

    NOTE: If you are using mod_sql for logging purposes only, e.g. you have
    the following in your mod_sql config:

      SQLEngine log

    then this connection policy change may affect you.  If the database
    connection is opened after a chroot has occurred (via DefaultRoot or
    <Anonymous> login), the database connection may fail.  And since now
    the connection is delayed until first use, and the first use for logging
    may occur after the chroot, the logging may fail.  For such sites, then,
    you will need to use the "PERCONNECTION" connection policy explicitly.

  + Support for "implicit" FTPS.  To enable this, use:

      TLSOptions UseImplicitSSL

    WARNING: Using this setting will cause mod_tls to handle ALL connections
    to the vhost as implicit FTPS connections.  It is NOT possible to support
    both plain FTP (or explicit FTPS) clients AND implicit FTPS clients on the
    same address/port.  Therefore this setting should ONLY ever be used in
    order to support braindead/broken FTPS clients, and then only for as long
    as it takes to fix/replace those broken clients.

    Note that "implicit" FTPS was explicitly DROPPED from the RFC which
    defines FTP over SSL/TLS; the only clients which use this feature are
    outdated clients based on older, now-invalidated versions of the
    specification.  Please update your FTPS clients to one which uses
    explicit FTPS as soon as possible.

  + Re-enable turning off the Nagle algorithm; this drastically helps speed
    up transfers of multiple small files.

  + New modules

    mod_sql_passwd
      This module supports MD5 and SHA1 passwords, encoding using base64 or
      hex, from SQL tables.  See doc/contrib/mod_sql_passwd.html for details.

  + New configuration directives

    AuthUnixOptions

      In Bug#1896, support for checking some AIX-specific functions for
      whether a login should be accepted was added; this happens only on AIX
      server, of course.

      However, some AIX admins like to configure "rlogin=false", yet still
      want to allow FTP logins.  To enable this specific behavior, a new
      AuthUnixOptions directive was added, with a setting which is only
      honored on AIX:

        AuthUnixOptions aixNoRLogin

      If this setting is used on any other server, it is silently ignored.
      Bug#3300 has the full details.

  + Changed configuration directives

    ExtendedLog

      You can now disable logging in an <Anonymous> section to an ExtendedLog
      which was opened outside of the <Anonymous> section, i.e.:

        ExtendedLog /path/to/ext.log ALL

        <Anonymous /path/to/anon>
          ...
          ExtendedLog /path/to/anon-ext.log ALL

          # Disable the logging to the higher-level ExtendedLog by
          # configuring again here, but changing the command class to 'NONE'
          ExtendedLog /path/to/ext.log NONE
          ...
        </Anonymous>

    HiddenStores

      The HiddenStores directive can now be used to customize and change
      the prefix which is prepended to the HiddenStore files.  The default
      prefix is ".in.", but if you wish to use a different prefix for any
      reason, you can use something like:

        HiddenStores foo

      This will cause the prefix to be ".foo.".

    SQLOptions

      When the connection to the database is lost, mod_sql now will try
      only once to automatically reconnect (if such reconnect functionality
      is supported by the database, e.g. MySQL or Postgres).  To disable this
      reconnect behavior, there is a new "noReconnect" SQLOptions setting:

        SQLOptions noReconnect

      See Bug#3270 for the full details of this behavior change.  It should
      be transparent for most sites.

1.3.3rc1
---------

  + Added French, Bulgarian, Korean translations.

  + RPM 4.2 or later is required by the proftpd.spec file provided in the
    distribution.

  + If the --localstatedir configure option is used, proftpd's build system
    used to automatically append "/proftpd" to the configured path.  This
    behavior has been fixed; proftpd's build system will now use the
    configured --localstatedir path as is.

    Note that this may cause issues if you have an existing build script
    for compling proftpd; the expected locations of files under the
    --localstatedir path will change.

  + New command-line options:

    The -S, --serveraddr command-line option has been added.  This option
    can be used to specify the IP address of the host machine.  By
    default, proftpd attempts to resolve the host IP address by using DNS
    resolution of the hostname.  However, in cases where DNS is not
    configured for the host machine, this approach does not work.

    To specify the desired IP address, use -S when starting proftpd, e.g.:

      /usr/local/sbin/proftpd -S 1.2.3.4 ...

    And if you want proftpd to listen on all interfaces, you can specify
    a wildcard socket using an IP address of 0.0.0.0:

      /usr/local/sbin/proftpd -S 0.0.0.0 ...

  + New modules:

    mod_exec

      This module enables execution of external scripts based on actions/events
      during a session.  See doc/contrib/mod_exec.html for details.

    mod_sftp

      This module implements the SSH2, SFTP, and SCP protocols.  See
      doc/contrib/mod_sftp.html for more information.

    mod_sftp_pam

      This module uses PAM to provide a 'keyboard-interactive' SSH2
      authentication method for mod_sftp.  More information can be found in
      the documentation for mod_sftp_pam, in doc/contrib/mod_sftp_pam.html.

    mod_sftp_sql

      This module uses SQL (via mod_sql) for looking up authorized SSH2 
      public keys for user and hostbased authentication.  More information
      is available in doc/contrib/mod_sftp_sql.html.

    mod_shaper

      This module can be used to provide data transfer rate "shaping"
      across the entire server.  See the documentation at
      doc/contrib/mod_shaper.html.

    mod_tls_shmcache

      This module provides an external SSL session cache using shared
      memory; see the TLSSessionCache configuration directive.  More
      information on this module can be found in
      doc/contrib/mod_tls_shmcache.html.

  + New configuration directives:

    RewriteHome

      The RewriteHome directive can be used to support rewriting the
      home directory for a user, based on regular expression rules.
      One such use case is where some portion of the home directory is
      retrieved e.g. from an LDAP directory, but you need to apply some
      custom prefix to the LDAP attribute.

      To enable this feature, first you need to add the following to your
      proftpd.conf:

        RewriteHome on

      Next, you need to configure the mod_rewrite rules for rewriting your home
      directory; this feature depends on mod_rewrite for the rewriting.
      The pseudo-command used by mod_rewrite for rewriting home directories is
      "REWRITE_HOME".  Thus would you use:

        <IfModule mod_rewrite.c>
          RewriteEngine on
          RewrlteLog /path/to/rewrite.log

          RewriteCondition %m REWRITE_HOME
          RewriteRule (.*) /my/new/prefix$1
        </IfModule>

    ScoreboardScrub

      The ScoreboardScrub directive can be used to turn on/off proftpd's
      periodic "scrubbing" of its ScoreboardFile, where the ScoreboardFile
      is scanned for entries of dead sessions:

        ScoreboardScrub on|off|secs

      Note that if scoreboard scrubbing is turned off, the ScoreboardFile
      can still be scrubbed on demand, either by using mod_ctrls_admin's
      "ftpdctl scoreboard scrub" action, or by using the new ftpscrub
      command-line utility.

    TLSControlsACLs

      With the addition of support for external session caches, the
      mod_tls module now supports some ftpdctl actions for interacting
      with those session caches.  The TLSControlsACLs directive can be
      used to configure ACLs for the ftpdctl actions supported by mod_tls,
      and is analogous to other ACLs directives for other modules which
      support ftpdctl actions.

    TLSPKCS12File

      The TLSPKCS12File directive of the mod_tls module is used to
      configure mod_tls to use the certificate and private key contained
      in the indicated PKCS#12 file.  Some sites already use PKCS#12 files
      for containing their other certificates, and thus find it useful to
      have PKCS#12 support in mod_tls.

    TLSSessionCache

      The TLSSessionCache directive configures an external SSL session
      cache, which can be used for storing and shared SSL sessions across
      multiple processes.  An external SSL session cache is an optional
      facility which speeds up parallel FTPS session connections.

      See doc/contrib/mod_tls.html#TLSSessionCache for more information.

  + Changed configuration directives:

    AllowOverride

      This directive no longer supports the optional user/group/class
      parameters.  If you wish to have per-user/group/class conditional
      use of the AllowOverride directive, you will need to use the
      mod_ifsession module.  For example, instead of:

        AllowOverride off user !admin

      you will need to use:

        <IfUser admin>
          AllowOverride on
        </IfUser>

        <IfUser !admin>
          AllowOverride off
        </IfUser>

      Note that the "!admin" section is necessary.  If you set
      "AllowOverride off" unconditionally, then use a mod_ifsession context,
      you would end up with two AllowOverride settings, and the code might not
      be able to distinguish properly which setting to use.  Thus you need to
      make both the "on" and "off" cases conditional, and mutually exclusive.

      Configurations which use the user/group/class conditional parameters
      to AllowOverride will now generate configuration errors.

    BanOnEvent

      The BanOnEvent directive of the mod_ban module now supports
      TimeoutLogin events.

    <VirtualHost>

      You can now specify an IP address of "0.0.0.0" in a <VirtualHost>
      definition.

    IdentLookups

      The default IdentLookups value is now 'off'.  The RFC1413 IDENT lookup
      adds latency to the login process, so much so that it is a FAQ to
      configure "IdentLookups off".  In addition, the IDENT protocol is not
      secure; it can easily be spoofed using man-in-the-middle attacks.  Sites
      that require IDENT lookups must now explicitly configure
      "IdentLookups on".

      Note that in order to use IdentLookups, you must compile proftpd with
      the mod_ident module.  If you use the --disable-ident configure
      option, then proftpd will not recognize the IdentLookups directive.
      Thus in your proftpd.conf, you should use something like:

        <IfModule mod_ident.c>
          IdentLookups on
        </IfModule>

      if you want to use RFC1413 lookups.

    LogFormat, SQLNamedQuery

      There is a new variable, %{protocol}, which describes the protocol
      that the client is using.  This variable can have values of "ftp",
      "ftps", "ssh2", "sftp", and "scp".

      Note that for SSH2 connections, the value will be "ssh2" until SFTP or
      SCP channels are opened; this means that during login, the %{protocol}
      value will be "ssh2".

      There is also a new %w variable which is only valid for RNTO commands.
      The %w value will be the original name of the file being renamed
      (mnemonic: "whence" a renamed file comes).

    RewriteCondition, RewriteRule

      Use of environment variables in mod_rewrite rules is now supported
      via the "%{ENV:var}" syntax.

    SQLGroupInfo

      The SQLGroupInfo now supports custom queries for retrieve group
      information.  Note that instead of a single custom query, several
      different queries are needed; different lookups are called for
      depending on the situation and configuration of mod_sql (e.g.
      using the 'groupset' or 'groupsetfast' SQLAuthenticate parameters).

      See doc/contrib/mod_sql.html#SQLGroupInfo and
      doc/howto/SQL.html#SQLUsersetfast for more details.

    SQLUserInfo

      The support for custom SQLUserInfo queries has been extended to
      support custom queries to be used when the 'userset' or 'usersetfast'
      SQLAuthenticate parameters are used.

      For more information, see doc/contrib/mod_sql.html#SQLUserInfo and 
      doc/howto/SQL.html#SQLUsersetfast.

    TLSOptions

      The NoSessionReuseRequired option has been added.  As of
      ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
      that reuse the SSL session of the control connection, as a security
      measure.  Unfortunately, there are some clients (e.g. curl) which
      do not reuse SSL sessions.

      To relax the requirement that the SSL session from the control
      connection be reused for data connections, use the following in the
      proftpd.conf:

        <IfModule mod_tls.c>
          ...
          TLSOptions NoSessionReuseRequired
          ...
        </IfModule>

    TLSRequired

      The TLSRequired directive can now be used in <Directory> sections and
      in .ftpaccess files.  When used in these configuration contexts, only
      the TLSRequired values that require SSL/TLS protection on data transfers
      are honored.  With this, it is now possible to mark specific files or
      directories as requiring SSL/TLS protection to be accessed via data
      transfer.

    TransferLog

      The "service-name" field of the TransferLog usually contains just
      "ftp".  In order to support TransferLogs for SFTP and SCP transfers,
      the service-name field of the TransferLog format may now show
      "sftp" or "scp".  It may also show "ftps" instead of "ftp", if the
      data transfer occurred while the client is using FTP over SSL/TLS.

      NOTE: This change, while correct, may cause issues for log parsers.

  + Deprecated configuration directives:

    AnonymousGroup

      Support for this directive has been removed.

  + Developer Notes

    If you are a module developer, then you will want to know of the following
    API/internals changes:

      * The original USER value sent by the client is no longer stored in
        the config tree.  That is, the following no longer works:

          user = get_param_ptr(main_server->conf, C_USER, FALSE);

        Instead, the original USER value is stashes in the session.notes
        table.  Thus the above line of code can be replaced with:

          user = pr_table_get(session.notes, "mod_auth.orig-user", NULL);

        A similar change occurred for the anonymous "password" sent, but
        this will probably not apply to most modules.

 
Last Updated: $Date: 2011/11/09 23:39:20 $

--- NEW FILE: NEWS-1.3.3g ---
$Id: NEWS-1.3.3g,v 1.1 2011/11/09 23:39:20 castaglia Exp $

-----------------------------------------------------------------------------
  More details on the bugs listed below can be found by using the bug number
  indicated in the following URL:

    http://bugs.proftpd.org/show_bug.cgi?id=N

  where `N' is the bug number.
-----------------------------------------------------------------------------

1.3.3g - Released 09-Nov-2011
--------------------------------
- Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD.
- Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks.
  To disable this countermeasure, which may cause interoperability issues
  with some clients, use the NoEmptyFragments TLSOption.
- Bug 3711 - Response pool use-after-free memory corruption error.

[...2373 lines suppressed...]
- sendfile() deprecates politely on Linux 2.0.x.
- AuthPAMAuthoritative now defaults to False.  This should clear up any
  confusion on using PAM with AuthUserFile and friends.
- Removed Bandwidth from the documentation.
- Fixed a rare segfault in mod_auth.
- Logging has changed slightly to be more informative and more consistent.
    All messages that get logged are now preceded with
    <virtualhost> (remote host[remote ip]).
- mod_ldap for authentication against LDAP directories is now in place.
- ftpwho/ftpcount -- a grammatical error corrected, and they now build
    as seperate binaries.
- Fixed the 'no names, just UIDs' bug.
- Added genuser.pl to facilitate AuthUserFile entry creation.
- Umask now takes an optional second argument, specifying a directory umask.
- Work around FreeBSD's broken setpassent(), and a new option to override
    this in fixed versions of FreeBSD's libc (--enable-force-setpassent).
- Generate RPMs for both inetd and standalone versions of ProFTPD.
- Added AuthUsingAlias to allow for more fine-grain control of anonymous
    logins.
- Added support for 'TYPE L 8' and 'TYPE L 7' per RFC 959.

[Proftpd-docs] www.proftpd.org/docs NEWS-1.3.3f, NONE, 1.1 RELEASE_NOTES-1.3.3f, NONE, 1.1

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs
In directory vz-cvs-3.sog:/tmp/cvs-serv20120/docs

Added Files:
	NEWS-1.3.3f RELEASE_NOTES-1.3.3f 
Log Message:

Updated website for 1.3.3f maint release.


--- NEW FILE: NEWS-1.3.3f ---
$Id: NEWS-1.3.3f,v 1.1 2011/09/26 16:57:03 castaglia Exp $

-----------------------------------------------------------------------------
  More details on the bugs listed below can be found by using the bug number
  indicated in the following URL:

    http://bugs.proftpd.org/show_bug.cgi?id=N

  where `N' is the bug number.
-----------------------------------------------------------------------------

1.3.3f - Released 26-Sep-2011
--------------------------------
- Bug 3639 - Avoid spinning proftpd process if read(2) returns EAGAIN.
- Bug 3642 - Segfault seen in mod_sql_mysql if "SQLAuthenticate groupsetfast"
  used.
- Bug 3644 - Disable signal handling for exiting session processes.
- Bug 3652 - TCPAccessSyslogLevel directive broken by Bug#3317.
- Bug 3658 - TLSVerifyOrder directive is broken.
[...2365 lines suppressed...]
- sendfile() deprecates politely on Linux 2.0.x.
- AuthPAMAuthoritative now defaults to False.  This should clear up any
  confusion on using PAM with AuthUserFile and friends.
- Removed Bandwidth from the documentation.
- Fixed a rare segfault in mod_auth.
- Logging has changed slightly to be more informative and more consistent.
    All messages that get logged are now preceded with
    <virtualhost> (remote host[remote ip]).
- mod_ldap for authentication against LDAP directories is now in place.
- ftpwho/ftpcount -- a grammatical error corrected, and they now build
    as seperate binaries.
- Fixed the 'no names, just UIDs' bug.
- Added genuser.pl to facilitate AuthUserFile entry creation.
- Umask now takes an optional second argument, specifying a directory umask.
- Work around FreeBSD's broken setpassent(), and a new option to override
    this in fixed versions of FreeBSD's libc (--enable-force-setpassent).
- Generate RPMs for both inetd and standalone versions of ProFTPD.
- Added AuthUsingAlias to allow for more fine-grain control of anonymous
    logins.
- Added support for 'TYPE L 8' and 'TYPE L 7' per RFC 959.

--- NEW FILE: RELEASE_NOTES-1.3.3f ---
                    1.3.3 Release Notes
                  ------------------------

This file contains a description of the major changes to ProFTPD for the
1.3.3 release cycle, from the 1.3.3rc1 release to the 1.3.3 maintenance
releases.  More information on these changes can be found in the NEWS and
ChangeLog files.

1.3.3f
---------

  + Fixes segfault if mod_sql_mysql and "SQLAuthenticate groupsetfast"
    configuration used.
  + Fixes mod_wrap syslog level (regression from Bug#3317).
  + Fixes mod_ifsession segfault if regular expression patterns used in
    a <VirtualHost> section.

1.3.3e
---------

  + Display messages work properly again.
  + Fixes plaintext command injection vulnerability in FTPS implementation
    (i.e. mod_tls).  See http://bugs.proftpd.org/show_bug.cgi?id=3624 for
    details.
  + Fixes CVE-2011-1137 (badly formed SSH messages cause DoS).  See
    http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.
  + Performance improvements, especially during server startup/restarts.

1.3.3d
---------

  + Fixed sql_prepare_where() buffer overflow (Bug#3536)
  + Fixed CPU spike when handling .ftpaccess files.
  + Fixed handling of SFTP uploads when compression is used.

1.3.3c
---------

  + Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
  + Fixed directory traversal bug in mod_site_misc
  + Fixed SQLite authentications using "SQLAuthType Backend"

1.3.3b
---------

  + Fixed SFTP directory listing bug
  + Avoid corrupting utmpx databases on FreeBSD
  + Avoid null pointer dereferences during data transfers
  + Fixed "AuthAliasOnly on" anonymous logins

1.3.3a
---------

  + Added Japanese translation
  + Many mod_sftp bugfixes
  + Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later
  + Fixed handling of utmp/utmpx format changes on FreeBSD

1.3.3
---------

  + Fixed mod_ban whitelisting using mod_ifsession.
  + Fixed per-user/group/class "HideFiles none" configurations.

1.3.3rc4
---------

  + Fixed mod_tls compilation using OpenSSL installations older than 0.9.7.
  + Fixed mod_sftp compilation on AIX.
  + Fixed RADIUS authentication on 64-bit platforms
  + Fixed memory leak in SCP downloads.

  + New configuration directives

    SQLPasswordUserSalt

      The SQLPasswordUserSalt directive can be used to configure per-user
      salt data to be added to the encrypted password for a user.  The salt
      can be the user name, or it can be the result of a SQL query.  More
      information can be found in
      doc/contrib/mod_sql_passwd.html#SQLPasswordUserSalt.


1.3.3rc3
---------

  + Added Taiwan translation.

  + Added support in mod_sftp for the following SFTP extensions:

      check-file
      copy-file
      vendor-id
      version-select
      pos...@op...
      fst...@op...
      st...@op...

  + Added a workaround in mod_tls to deal with the vulnerability found in
    SSL/TLS protocol during renegotiation (CVE-2009-3555).  Good
    descriptions of this vulnerability can be found here:

      http://extendedsubset.com/?p=8
      http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

    The workaround implemented in mod_tls (Bug#3324) is one of the suggested
    mitigation approaches: the server now refuses all client-initiated
    SSL/TLS session renegotiations.

  + Updated to the bundled libtool to 2.2.4 (plus patch) to deal with a
    libtool vulnerability (CVE-2009-3736).

  + Added support for SHA256 and SHA512 passwords to the mod_sql_passwd
    module.

  + New configuration directives

    SFTPExtensions

      The SFTPExtensions directive can be used to selectively enable/disable
      mod_sftp's support for specific SFTP extensions.  See
      doc/contrib/mod_sftp.html#SFTPExtensions for more details.

  + Changed configuration directives

    CapabilitiesSet

      The CAP_FOWNER capability can now be explicitly requested when
      using the mod_cap module:

        <IfModule mod_cap.c>
          CapabilitiesSet +CAP_FOWNER
        </IfModule>

      For operations allowed on files, this capability overrides the
      restriction that the file owner ID must match the process user ID.


1.3.3rc2
---------

  + When handling .ftpaccess files, proftpd was merging them into the
    main configuration such that the .ftpaccess files configurations would
    override the main configuration.  This was never the intended behavior,
    and has been fixed (Bug#3279).

    However, this does mean that sites which use .ftpaccess files may see
    a change in the behavior of their proftpd.

  + Changed scoreboard format (Bug#3286), need for "ServerType inetd"
    server to manually delete their old ScoreboardFiles.  Otherwise they
    will see "error opening scoreboard: bad version (too old)" errors.

  + Changed SQL connection policy (Bug#3290).  Important for clients which
    connect but don't authenticate (e.g. mod_ban, mod_dnsbl, mod_wrap2_sql,
    etc which will reject connected clients prior to authentication); saves
    on unnecessary database connections in such cases.  For sites which
    require the old behavior, there is a new "PERCONNECTION" connection
    policy.

    NOTE: If you are using mod_sql for logging purposes only, e.g. you have
    the following in your mod_sql config:

      SQLEngine log

    then this connection policy change may affect you.  If the database
    connection is opened after a chroot has occurred (via DefaultRoot or
    <Anonymous> login), the database connection may fail.  And since now
    the connection is delayed until first use, and the first use for logging
    may occur after the chroot, the logging may fail.  For such sites, then,
    you will need to use the "PERCONNECTION" connection policy explicitly.

  + Support for "implicit" FTPS.  To enable this, use:

      TLSOptions UseImplicitSSL

    WARNING: Using this setting will cause mod_tls to handle ALL connections
    to the vhost as implicit FTPS connections.  It is NOT possible to support
    both plain FTP (or explicit FTPS) clients AND implicit FTPS clients on the
    same address/port.  Therefore this setting should ONLY ever be used in
    order to support braindead/broken FTPS clients, and then only for as long
    as it takes to fix/replace those broken clients.

    Note that "implicit" FTPS was explicitly DROPPED from the RFC which
    defines FTP over SSL/TLS; the only clients which use this feature are
    outdated clients based on older, now-invalidated versions of the
    specification.  Please update your FTPS clients to one which uses
    explicit FTPS as soon as possible.

  + Re-enable turning off the Nagle algorithm; this drastically helps speed
    up transfers of multiple small files.

  + New modules

    mod_sql_passwd
      This module supports MD5 and SHA1 passwords, encoding using base64 or
      hex, from SQL tables.  See doc/contrib/mod_sql_passwd.html for details.

  + New configuration directives

    AuthUnixOptions

      In Bug#1896, support for checking some AIX-specific functions for
      whether a login should be accepted was added; this happens only on AIX
      server, of course.

      However, some AIX admins like to configure "rlogin=false", yet still
      want to allow FTP logins.  To enable this specific behavior, a new
      AuthUnixOptions directive was added, with a setting which is only
      honored on AIX:

        AuthUnixOptions aixNoRLogin

      If this setting is used on any other server, it is silently ignored.
      Bug#3300 has the full details.

  + Changed configuration directives

    ExtendedLog

      You can now disable logging in an <Anonymous> section to an ExtendedLog
      which was opened outside of the <Anonymous> section, i.e.:

        ExtendedLog /path/to/ext.log ALL

        <Anonymous /path/to/anon>
          ...
          ExtendedLog /path/to/anon-ext.log ALL

          # Disable the logging to the higher-level ExtendedLog by
          # configuring again here, but changing the command class to 'NONE'
          ExtendedLog /path/to/ext.log NONE
          ...
        </Anonymous>

    HiddenStores

      The HiddenStores directive can now be used to customize and change
      the prefix which is prepended to the HiddenStore files.  The default
      prefix is ".in.", but if you wish to use a different prefix for any
      reason, you can use something like:

        HiddenStores foo

      This will cause the prefix to be ".foo.".

    SQLOptions

      When the connection to the database is lost, mod_sql now will try
      only once to automatically reconnect (if such reconnect functionality
      is supported by the database, e.g. MySQL or Postgres).  To disable this
      reconnect behavior, there is a new "noReconnect" SQLOptions setting:

        SQLOptions noReconnect

      See Bug#3270 for the full details of this behavior change.  It should
      be transparent for most sites.


1.3.3rc1
---------

  + Added French, Bulgarian, Korean translations.

  + RPM 4.2 or later is required by the proftpd.spec file provided in the
    distribution.

  + If the --localstatedir configure option is used, proftpd's build system
    used to automatically append "/proftpd" to the configured path.  This
    behavior has been fixed; proftpd's build system will now use the
    configured --localstatedir path as is.

    Note that this may cause issues if you have an existing build script
    for compling proftpd; the expected locations of files under the
    --localstatedir path will change.

  + New command-line options:

    The -S, --serveraddr command-line option has been added.  This option
    can be used to specify the IP address of the host machine.  By
    default, proftpd attempts to resolve the host IP address by using DNS
    resolution of the hostname.  However, in cases where DNS is not
    configured for the host machine, this approach does not work.

    To specify the desired IP address, use -S when starting proftpd, e.g.:

      /usr/local/sbin/proftpd -S 1.2.3.4 ...

    And if you want proftpd to listen on all interfaces, you can specify
    a wildcard socket using an IP address of 0.0.0.0:

      /usr/local/sbin/proftpd -S 0.0.0.0 ...

  + New modules:

    mod_exec

      This module enables execution of external scripts based on actions/events
      during a session.  See doc/contrib/mod_exec.html for details.

    mod_sftp

      This module implements the SSH2, SFTP, and SCP protocols.  See
      doc/contrib/mod_sftp.html for more information.

    mod_sftp_pam

      This module uses PAM to provide a 'keyboard-interactive' SSH2
      authentication method for mod_sftp.  More information can be found in
      the documentation for mod_sftp_pam, in doc/contrib/mod_sftp_pam.html.

    mod_sftp_sql

      This module uses SQL (via mod_sql) for looking up authorized SSH2 
      public keys for user and hostbased authentication.  More information
      is available in doc/contrib/mod_sftp_sql.html.

    mod_shaper

      This module can be used to provide data transfer rate "shaping"
      across the entire server.  See the documentation at
      doc/contrib/mod_shaper.html.

    mod_tls_shmcache

      This module provides an external SSL session cache using shared
      memory; see the TLSSessionCache configuration directive.  More
      information on this module can be found in
      doc/contrib/mod_tls_shmcache.html.

  + New configuration directives:

    RewriteHome

      The RewriteHome directive can be used to support rewriting the
      home directory for a user, based on regular expression rules.
      One such use case is where some portion of the home directory is
      retrieved e.g. from an LDAP directory, but you need to apply some
      custom prefix to the LDAP attribute.

      To enable this feature, first you need to add the following to your
      proftpd.conf:

        RewriteHome on

      Next, you need to configure the mod_rewrite rules for rewriting your home
      directory; this feature depends on mod_rewrite for the rewriting.
      The pseudo-command used by mod_rewrite for rewriting home directories is
      "REWRITE_HOME".  Thus would you use:

        <IfModule mod_rewrite.c>
          RewriteEngine on
          RewrlteLog /path/to/rewrite.log

          RewriteCondition %m REWRITE_HOME
          RewriteRule (.*) /my/new/prefix$1
        </IfModule>

    ScoreboardScrub

      The ScoreboardScrub directive can be used to turn on/off proftpd's
      periodic "scrubbing" of its ScoreboardFile, where the ScoreboardFile
      is scanned for entries of dead sessions:

        ScoreboardScrub on|off|secs

      Note that if scoreboard scrubbing is turned off, the ScoreboardFile
      can still be scrubbed on demand, either by using mod_ctrls_admin's
      "ftpdctl scoreboard scrub" action, or by using the new ftpscrub
      command-line utility.

    TLSControlsACLs

      With the addition of support for external session caches, the
      mod_tls module now supports some ftpdctl actions for interacting
      with those session caches.  The TLSControlsACLs directive can be
      used to configure ACLs for the ftpdctl actions supported by mod_tls,
      and is analogous to other ACLs directives for other modules which
      support ftpdctl actions.

    TLSPKCS12File

      The TLSPKCS12File directive of the mod_tls module is used to
      configure mod_tls to use the certificate and private key contained
      in the indicated PKCS#12 file.  Some sites already use PKCS#12 files
      for containing their other certificates, and thus find it useful to
      have PKCS#12 support in mod_tls.

    TLSSessionCache

      The TLSSessionCache directive configures an external SSL session
      cache, which can be used for storing and shared SSL sessions across
      multiple processes.  An external SSL session cache is an optional
      facility which speeds up parallel FTPS session connections.

      See doc/contrib/mod_tls.html#TLSSessionCache for more information.

  + Changed configuration directives:

    AllowOverride

      This directive no longer supports the optional user/group/class
      parameters.  If you wish to have per-user/group/class conditional
      use of the AllowOverride directive, you will need to use the
      mod_ifsession module.  For example, instead of:

        AllowOverride off user !admin

      you will need to use:

        <IfUser admin>
          AllowOverride on
        </IfUser>

        <IfUser !admin>
          AllowOverride off
        </IfUser>

      Note that the "!admin" section is necessary.  If you set
      "AllowOverride off" unconditionally, then use a mod_ifsession context,
      you would end up with two AllowOverride settings, and the code might not
      be able to distinguish properly which setting to use.  Thus you need to
      make both the "on" and "off" cases conditional, and mutually exclusive.

      Configurations which use the user/group/class conditional parameters
      to AllowOverride will now generate configuration errors.

    BanOnEvent

      The BanOnEvent directive of the mod_ban module now supports
      TimeoutLogin events.

    <VirtualHost>

      You can now specify an IP address of "0.0.0.0" in a <VirtualHost>
      definition.

    IdentLookups

      The default IdentLookups value is now 'off'.  The RFC1413 IDENT lookup
      adds latency to the login process, so much so that it is a FAQ to
      configure "IdentLookups off".  In addition, the IDENT protocol is not
      secure; it can easily be spoofed using man-in-the-middle attacks.  Sites
      that require IDENT lookups must now explicitly configure
      "IdentLookups on".

      Note that in order to use IdentLookups, you must compile proftpd with
      the mod_ident module.  If you use the --disable-ident configure
      option, then proftpd will not recognize the IdentLookups directive.
      Thus in your proftpd.conf, you should use something like:

        <IfModule mod_ident.c>
          IdentLookups on
        </IfModule>

      if you want to use RFC1413 lookups.

    LogFormat, SQLNamedQuery

      There is a new variable, %{protocol}, which describes the protocol
      that the client is using.  This variable can have values of "ftp",
      "ftps", "ssh2", "sftp", and "scp".

      Note that for SSH2 connections, the value will be "ssh2" until SFTP or
      SCP channels are opened; this means that during login, the %{protocol}
      value will be "ssh2".

      There is also a new %w variable which is only valid for RNTO commands.
      The %w value will be the original name of the file being renamed
      (mnemonic: "whence" a renamed file comes).

    RewriteCondition, RewriteRule

      Use of environment variables in mod_rewrite rules is now supported
      via the "%{ENV:var}" syntax.

    SQLGroupInfo

      The SQLGroupInfo now supports custom queries for retrieve group
      information.  Note that instead of a single custom query, several
      different queries are needed; different lookups are called for
      depending on the situation and configuration of mod_sql (e.g.
      using the 'groupset' or 'groupsetfast' SQLAuthenticate parameters).

      See doc/contrib/mod_sql.html#SQLGroupInfo and
      doc/howto/SQL.html#SQLUsersetfast for more details.

    SQLUserInfo

      The support for custom SQLUserInfo queries has been extended to
      support custom queries to be used when the 'userset' or 'usersetfast'
      SQLAuthenticate parameters are used.

      For more information, see doc/contrib/mod_sql.html#SQLUserInfo and 
      doc/howto/SQL.html#SQLUsersetfast.

    TLSOptions

      The NoSessionReuseRequired option has been added.  As of
      ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
      that reuse the SSL session of the control connection, as a security
      measure.  Unfortunately, there are some clients (e.g. curl) which
      do not reuse SSL sessions.

      To relax the requirement that the SSL session from the control
      connection be reused for data connections, use the following in the
      proftpd.conf:

        <IfModule mod_tls.c>
          ...
          TLSOptions NoSessionReuseRequired
          ...
        </IfModule>

    TLSRequired

      The TLSRequired directive can now be used in <Directory> sections and
      in .ftpaccess files.  When used in these configuration contexts, only
      the TLSRequired values that require SSL/TLS protection on data transfers
      are honored.  With this, it is now possible to mark specific files or
      directories as requiring SSL/TLS protection to be accessed via data
      transfer.

    TransferLog

      The "service-name" field of the TransferLog usually contains just
      "ftp".  In order to support TransferLogs for SFTP and SCP transfers,
      the service-name field of the TransferLog format may now show
      "sftp" or "scp".  It may also show "ftps" instead of "ftp", if the
      data transfer occurred while the client is using FTP over SSL/TLS.

      NOTE: This change, while correct, may cause issues for log parsers.

  + Deprecated configuration directives:

    AnonymousGroup

      Support for this directive has been removed.

  + Developer Notes

    If you are a module developer, then you will want to know of the following
    API/internals changes:

      * The original USER value sent by the client is no longer stored in
        the config tree.  That is, the following no longer works:

          user = get_param_ptr(main_server->conf, C_USER, FALSE);

        Instead, the original USER value is stashes in the session.notes
        table.  Thus the above line of code can be replaced with:

          user = pr_table_get(session.notes, "mod_auth.orig-user", NULL);

        A similar change occurred for the anonymous "password" sent, but
        this will probably not apply to most modules.

 
Last Updated: $Date: 2011/09/26 16:57:03 $

[Proftpd-docs] www.proftpd.org index.epl, 1.117, 1.118 md5_pgp.epl, 1.59, 1.60

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory vz-cvs-3.sog:/tmp/cvs-serv20120

Modified Files:
	index.epl md5_pgp.epl 
Log Message:

Updated website for 1.3.3f maint release.


Index: md5_pgp.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/md5_pgp.epl,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -d -r1.59 -r1.60
--- md5_pgp.epl	26 Sep 2011 15:48:29 -0000	1.59
+++ md5_pgp.epl	26 Sep 2011 16:57:03 -0000	1.60
@@ -8,8 +8,8 @@
 <h2>MD5 Digest Hashes</h2>
 
 <pre>
-acc49b6589bc8c9fdf1dce9000bebdbd <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3e.tar.bz2">proftpd-1.3.3e.tar.bz2</a>
-f7a40961b7b677961659632386292fb0 <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3e.tar.gz">proftpd-1.3.3e.tar.gz</a>
+e9416d2aa7ac1246af4fc8a80fd73f27 <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3f.tar.bz2">proftpd-1.3.3f.tar.bz2</a>
+02163fca554ec24441d6f1d3e5fdbdf1 <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3e.tar.gz">proftpd-1.3.3f.tar.gz</a>
 5e9b2cb1f0c7e27aa7f02e5966e9d3d5 <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4rc3.tar.bz2">proftpd-1.3.4rc3.tar.bz2</a>
 a0051d226a4128718f2e85a4132bd395 <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4rc3.tar.gz">proftpd-1.3.4rc3.tar.gz</a>
 </pre>
@@ -17,24 +17,24 @@
 <h2>PGP Signatures</h2>
 
 <pre>
-<strong>proftpd-1.3.3e.tar.bz2.asc</strong>
+<strong>proftpd-1.3.3f.tar.bz2.asc</strong>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
-iEYEABECAAYFAk2WEQAACgkQt46JP6URl2r5OACdHTIWM8JGmpzU219orEL8oJpM
-ylsAnROQN+fugMJuNsepMpSqpLUkGYub
-=47qn
+iEYEABECAAYFAk6ArM4ACgkQt46JP6URl2oWaQCfVG99FbHxG169uH0CNDQzh3ze
+UuAAoN7jBFkz3MuBxflKN/AvETbAozyl
+=VpWF
 -----END PGP SIGNATURE-----
 </pre>
 
 <pre>
-<strong>proftpd-1.3.3e.tar.gz.asc</strong>
+<strong>proftpd-1.3.3f.tar.gz.asc</strong>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
-iEYEABECAAYFAk2WEPoACgkQt46JP6URl2orlQCfVc42ZuySWHcBKom2b86zKYT0
-UIUAoL1Ceyin6jT4o8Inpu9TKoNwbihw
-=iH96
+iEYEABECAAYFAk6ArNQACgkQt46JP6URl2oOvwCfcW0o1cfVPVlwnp4PI7i3i0KZ
+4TgAoKaXKt5zI3Cc+z/pSHQEc4Z3jKI6
+=bOuv
 -----END PGP SIGNATURE-----
 </pre>
 

Index: index.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/index.epl,v
retrieving revision 1.117
retrieving revision 1.118
diff -u -d -r1.117 -r1.118
--- index.epl	26 Sep 2011 15:48:29 -0000	1.117
+++ index.epl	26 Sep 2011 16:57:02 -0000	1.118
@@ -3,12 +3,16 @@
 
 #include "header.epl"
 
-<h1>1.3.4rc3 released</h1>
+<h1>1.3.3f, 1.3.4rc3 released</h1>
 [<i>26/Sep/2011</i>]
-<p>The ProFTPD Project team is pleased to release 1.3.4rc3 to the community.
-This is the third release candidate of the 1.3.4 development cycle, containing
-multiple minor bugfixes and updates.  The <a href="docs/RELEASE_NOTES-1.3.4rc3">RELEASE_NOTES</a> and <a href="docs/NEWS-1.3.4rc3">NEWS</a> files contain the
-full details.</p>
+<p>The ProFTPD Project team is happy to release 1.3.3f to the community.
+This is a maintenance release, containing backported fixes for bugs found
+in the 1.3.3 release.  The <a href="docs/RELEASE_NOTES-1.3.3f">RELEASE_NOTES</a>
+and <a href="docs/NEWS-1.3.3f">NEWS</a> files contain the full details.</p>
+
+<p>We are also pleased to release 1.3.4rc3 to the community.  This is the third
+release candidate of the 1.3.4 development cycle, containing multiple minor
+bugfixes and updates.  The <a href="docs/RELEASE_NOTES-1.3.4rc3">RELEASE_NOTES</a> and <a href="docs/NEWS-1.3.4rc3">NEWS</a> files contain the full details.</p>
 
 <h1>1.3.3e, 1.3.4rc2 released</h1>
 [<i>01/Apr/2011</i>]

[Proftpd-docs] www.proftpd.org/include header.epl,1.47,1.48

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/include
In directory vz-cvs-3.sog:/tmp/cvs-serv10146/include

Modified Files:
	header.epl 
Log Message:

Updated website with news of 1.3.4rc3 release.


Index: header.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/include/header.epl,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -d -r1.47 -r1.48
--- header.epl	30 Jun 2011 13:43:07 -0000	1.47
+++ header.epl	26 Sep 2011 15:48:29 -0000	1.48
@@ -26,14 +26,14 @@
     <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3e.tar.gz">gz</a> ]</span>
     <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3e.tar.bz2">bz2</a> ]</span>
   </div>
-  Release Candidate: <strong>1.3.4rc2</strong>
+  Release Candidate: <strong>1.3.4rc3</strong>
   <div class="indent">
-    <span class="nowrap">[ <a href="/docs/RELEASE_NOTES-1.3.4rc2">RELEASE_NOTES</a> ]</span>
+    <span class="nowrap">[ <a href="/docs/RELEASE_NOTES-1.3.4rc3">RELEASE_NOTES</a> ]</span>
   </div>
   <div class="indent">
-    <span class="nowrap">[ <a href="/docs/NEWS-1.3.4rc2">NEWS</a> ]</span>
-    <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4rc2.tar.gz">gz</a> ]</span>
-    <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4rc2.tar.bz2">bz2</a> ]</span>
+    <span class="nowrap">[ <a href="/docs/NEWS-1.3.4rc3">NEWS</a> ]</span>
+    <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4rc3.tar.gz">gz</a> ]</span>
+    <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4rc3.tar.bz2">bz2</a> ]</span>
   </div>
 
   <h1>Mirrors and Downloads</h1>

[Proftpd-docs] CVS: www.proftpd.org download.epl,1.118,1.119

[John M. <jw...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv12253/www.proftpd.org

Modified Files:
	download.epl 
Log Message:
automated update

Index: download.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/download.epl,v
retrieving revision 1.118
retrieving revision 1.119
diff -C2 -r1.118 -r1.119
*** download.epl	18 Jan 2011 05:00:46 -0000	1.118
--- download.epl	20 Jan 2011 05:00:55 -0000	1.119
***************
*** 319,323 ****
  			<a href="ftp://ftp1.za.proftpd.org">ftp://ftp1.za.proftpd.org/</a>
              <br />
! 			<a href="ftp://ftp.is.co.za/mirror/ftp.proftpd.org">ftp://ftp.is.co.za/mirror/ftp.proftpd.org</a>
  			<br />
  			Location: (South africa) (South Africa)
--- 319,323 ----
  			<a href="ftp://ftp1.za.proftpd.org">ftp://ftp1.za.proftpd.org/</a>
              <br />
! 			<a href="ftp://ftp.is.co.za/mirror/ftp.proftpd.org/">ftp://ftp.is.co.za/mirror/ftp.proftpd.org/</a>
  			<br />
  			Location: (South africa) (South Africa)

[Proftpd-docs] CVS: www.proftpd.org download.epl,1.117,1.118

[John M. <jw...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv16969/www.proftpd.org

Modified Files:
	download.epl 
Log Message:
automated update

Index: download.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/download.epl,v
retrieving revision 1.117
retrieving revision 1.118
diff -C2 -r1.117 -r1.118
*** download.epl	22 Dec 2010 22:20:19 -0000	1.117
--- download.epl	18 Jan 2011 05:00:46 -0000	1.118
***************
*** 176,180 ****
  			<a href="ftp://ftp1.us.proftpd.org">ftp://ftp1.us.proftpd.org/</a>
              <br />
! 			<a href="ftp://ftp.ibiblio.org/pub/mirrors/proftpd/">ftp://ftp.ibiblio.org/pub/mirrors/proftpd/</a>
  			<br />
  			Location: (United States) (Chapel Hill, NC)
--- 176,180 ----
  			<a href="ftp://ftp1.us.proftpd.org">ftp://ftp1.us.proftpd.org/</a>
              <br />
! 			<a href="ftp://mirrors.ibiblio.org/proftpd/">ftp://mirrors.ibiblio.org/proftpd/</a>
  			<br />
  			Location: (United States) (Chapel Hill, NC)

[Proftpd-docs] CVS: Userguide/directives/sgml Directory,1.7,1.8

[Sven H. <ho...@us...>]

Update of /cvsroot/pdd/Userguide/directives/sgml
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv7613

Modified Files:
	Directory 
Log Message:
Note that the '~' feature is not supported within an <Anonymous> block.



Index: Directory
===================================================================
RCS file: /cvsroot/pdd/Userguide/directives/sgml/Directory,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -r1.7 -r1.8
*** Directory	29 Jan 2003 22:32:22 -0000	1.7
--- Directory	5 Jan 2011 23:26:19 -0000	1.8
***************
*** 92,96 ****
  user authenticates, at which time the '~' character is replaced with the user's 
  home directory. This allows a global &lt;Directory&gt; block which applies to 
! all user's home directories, or sub-directories thereof.
  </para>
  </refsect1>
--- 92,97 ----
  user authenticates, at which time the '~' character is replaced with the user's 
  home directory. This allows a global &lt;Directory&gt; block which applies to 
! all user's home directories, or sub-directories thereof. This feature is not
! supported within an &lt;Anonymous&gt; block.
  </para>
  </refsect1>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto ConnectionACLs.html, 1.2, 1.3

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv9914

Modified Files:
	ConnectionACLs.html 
Log Message:

Typo.


Index: ConnectionACLs.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/ConnectionACLs.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -r1.2 -r1.3
*** ConnectionACLs.html	5 Jan 2011 19:23:18 -0000	1.2
--- ConnectionACLs.html	5 Jan 2011 19:27:32 -0000	1.3
***************
*** 187,191 ****
  And if you find yourself starting to block large blocks of addresses from
  countries/regions, you should start thinking about connection ACLs in terms of
! geolocation information.  For this, the<a href="http://www.castaglia.org/proftpd/modules/mod_geoip.html"><code>mod_geoip</code></a> module for proftpd is
  quite useful.
  
--- 187,191 ----
  And if you find yourself starting to block large blocks of addresses from
  countries/regions, you should start thinking about connection ACLs in terms of
! geolocation information.  For this, the <a href="http://www.castaglia.org/proftpd/modules/mod_geoip.html"><code>mod_geoip</code></a> module for proftpd is
  quite useful.
  

[Proftpd-docs] CVS: www.proftpd.org/docs/howto ConnectionACLs.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv8788

Modified Files:
	ConnectionACLs.html 
Log Message:

Typo.


Index: ConnectionACLs.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/ConnectionACLs.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** ConnectionACLs.html	5 Jan 2011 19:14:22 -0000	1.1
--- ConnectionACLs.html	5 Jan 2011 19:23:18 -0000	1.2
***************
*** 206,210 ****
  <pre>
    Allow 1.2.3.4 5.6.7.8 9.10.11.12
! <pre>
  can also appear as:
  <pre>
--- 206,210 ----
  <pre>
    Allow 1.2.3.4 5.6.7.8 9.10.11.12
! </pre>
  can also appear as:
  <pre>