proftp-docs — List for documentation maintainers

[Proftpd-docs] CVS: www.proftpd.org ROADMAP,1.102,1.103

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv19120

Modified Files:
	ROADMAP 
Log Message:

More roadmap items for the 1.3.4 development cycle.


Index: ROADMAP
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/ROADMAP,v
retrieving revision 1.102
retrieving revision 1.103
diff -C2 -r1.102 -r1.103
*** ROADMAP	22 Feb 2010 23:54:37 -0000	1.102
--- ROADMAP	23 Feb 2010 00:05:21 -0000	1.103
***************
*** 9,12 ****
--- 9,15 ----
          Add mod_tar
          Add memcache support
+         Add 'core.shutdown' event
+         Support prepared SQL statements
+         Use separate tables for auth, command, config, hook handlers
          Bug#3079 - Support modules written in C++
   

[Proftpd-docs] CVS: www.proftpd.org ROADMAP,1.101,1.102

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv17554

Modified Files:
	ROADMAP 
Log Message:

Updating the roadmap.


Index: ROADMAP
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/ROADMAP,v
retrieving revision 1.101
retrieving revision 1.102
diff -C2 -r1.101 -r1.102
*** ROADMAP	1 Oct 2009 16:21:18 -0000	1.101
--- ROADMAP	22 Feb 2010 23:54:37 -0000	1.102
***************
*** 5,22 ****
  C = Committed
  
! 1.3.3
!      C  Add mod_exec
!      C  Add mod_sftp et al
!      C  Add mod_shaper
!      C  Bug#2013 - Track RFC2228 sessions in scoreboard
!      C  Bug#2067 - Allow/Deny Filters should be supported in the <Limit> context
!      C  Bug#2368 - Allow contrib modules to extend mod_sql's SQLAuthTypes
!      C  Bug#2715 - Use session.notes table, rather than config tree, for storing
!                    some data
!      C  Bug#3086 - mod_quotatab write locking is ineffective
!         Bug#3214 - ftpwho/ftptop truncate UTF8 strings due to byte, versus
!                    character, lengths 
!         Bug#3290 - Change default mod_sql connection policy to open database
!                    connection on authentication
   
  TBD
--- 5,13 ----
  C = Committed
  
! 1.3.4
!         Add mod_deflate
!         Add mod_tar
!         Add memcache support
!         Bug#3079 - Support modules written in C++
   
  TBD
***************
*** 26,29 ****
                     parameters
          Bug#2871 - Remove ftpshut and the /etc/shutmsg file
-         Bug#3079 - Support modules written in C++
          Bug#3289 - Support the HOST command
--- 17,19 ----

[Proftpd-docs] CVS: www.proftpd.org/docs/howto Limit.html,1.2,1.3

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv1048

Modified Files:
	Limit.html 
Log Message:

Update website copy of Limit howto from source CVS.


Index: Limit.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Limit.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -r1.2 -r1.3
*** Limit.html	5 Jan 2010 17:03:05 -0000	1.2
--- Limit.html	17 Feb 2010 16:08:21 -0000	1.3
***************
*** 187,191 ****
  <pre>
    &lt;Directory /path/to/dir&gt;
!     &lt;Limit LIST NLST MLSD MLST&gt;
        DenyAll
      &lt;/Limit&gt;
--- 187,191 ----
  <pre>
    &lt;Directory /path/to/dir&gt;
!     &lt;Limit LIST NLST MLSD MLST STAT&gt;
        DenyAll
      &lt;/Limit&gt;
***************
*** 196,199 ****
--- 196,201 ----
  <code>LIST</code>, <code>MLSD</code>, <code>MLST</code>, and <code>NLST</code>),
  we have effectively blocked the client from seeing anything in the directory.
+ Not many clients use the <code>STAT</code> command, but it also needs to
+ be limited, as it can return information about files in a directory as well.
  
  <p>

[Proftpd-docs] CVS: www.proftpd.org index.epl, 1.105, 1.106 md5_pgp.epl, 1.50, 1.51

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv20334

Modified Files:
	index.epl md5_pgp.epl 
Log Message:

Updating website for release of 1.3.2d, 1.3.3rc4.


Index: index.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/index.epl,v
retrieving revision 1.105
retrieving revision 1.106
diff -C2 -r1.105 -r1.106
*** index.epl	10 Dec 2009 21:26:36 -0000	1.105
--- index.epl	13 Feb 2010 01:21:55 -0000	1.106
***************
*** 4,7 ****
--- 4,20 ----
  #include "header.epl"
  
+ <h1>1.3.2d, 1.3.3rc4 released</h1>
+ [<i>12/Feb/2010</i>]
+ <p>The ProFTPD Project team is pleased to release 1.3.2d to the community.
+ This is a maintenance release, containing fixes for bugs found in the 1.3.2
+ in the 1.3.2 release.  The <a href="docs/RELEASE_NOTES-1.3.2d">RELEASE_NOTES</a>
+ and <a href="docs/NEWS-1.3.2d">NEWS</a> files contain the full details.</p>
+ 
+ <p>We are also glad to release 1.3.3rc4 to the community.  This is the 
+ fourth release candidate of the 1.3.3 development cycle, and contains fixes
+ mod_tls and mod_sftp build errors, memory leaks, and segfaults.  The
+ <a href="docs/RELEASE_NOTES-1.3.3rc4">RELEASE_NOTES</a>
+ and <a href="docs/NEWS-1.3.3rc4">NEWS</a> files contain the full details.</p>
+ 
  <h1>1.3.2c, 1.3.3rc3 released</h1>
  [<i>10/Dec/2009</i>]
***************
*** 87,95 ****
  <a href="docs/NEWS-1.3.2rc1">NEWS</a> files for the full details.</p>
  
- <h1>1.3.1 released</h1>
- [<i>05/Oct/2007</i>]
- <p>The ProFTPD Project team is delighted to release 1.3.1 to the community.
- Please read the <a href="docs/RELEASE_NOTES-1.3.1">RELEASE_NOTES</a> and
- <a href="docs/NEWS-1.3.1">NEWS</a> files for the full details.</p>
- 
  #include "footer.epl"
--- 100,102 ----

Index: md5_pgp.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/md5_pgp.epl,v
retrieving revision 1.50
retrieving revision 1.51
diff -C2 -r1.50 -r1.51
*** md5_pgp.epl	10 Dec 2009 21:26:36 -0000	1.50
--- md5_pgp.epl	13 Feb 2010 01:21:55 -0000	1.51
***************
*** 9,16 ****
  
  <pre>
! 559fd3fb6959d42ddd66b333a03b0c49 <a href="ftp://ftp.proftpd.org/distrib/sources/proftpd-1.3.2b.tar.bz2">proftpd-1.3.2c.tar.bz2</a>
! c24d6f02aa084dc8b86d73f55c09c4c1 <a href="ftp://ftp.proftpd.org/distrib/sources/proftpd-1.3.2b.tar.gz">proftpd-1.3.2c.tar.gz</a>
! aeee432165e7b1393e35d24c3899794f <a href="ftp://ftp.proftpd.org/distrib/sources/proftpd-1.3.3rc3.tar.bz2">proftpd-1.3.3rc3.tar.bz2</a>
! 3899f38e011e0d62ac602abc573dbde9 <a href="ftp://ftp.proftpd.org/distrib/sources/proftpd-1.3.3rc3.tar.gz">proftpd-1.3.3rc3.tar.gz</a>
  </pre>
  
--- 9,16 ----
  
  <pre>
! 0941935e30199a3f22f7225fe76bc489 <a href="ftp://ftp.proftpd.org/distrib/sources/proftpd-1.3.2d.tar.bz2">proftpd-1.3.2d.tar.bz2</a>
! 50baf4f067379b527922c03ddf9d2d61 <a href="ftp://ftp.proftpd.org/distrib/sources/proftpd-1.3.2d.tar.gz">proftpd-1.3.2d.tar.gz</a>
! 926a56ee6f12be6d5e94cb189d9fac50 <a href="ftp://ftp.proftpd.org/distrib/sources/proftpd-1.3.3rc4.tar.bz2">proftpd-1.3.3rc4.tar.bz2</a>
! 73a7062239d6b3f0c437bdadd2b10add <a href="ftp://ftp.proftpd.org/distrib/sources/proftpd-1.3.3rc4.tar.gz">proftpd-1.3.3rc4.tar.gz</a>
  </pre>
  
***************
*** 18,61 ****
  
  <pre>
! <strong>proftpd-1.3.2c.tar.bz2.asc</strong>
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.4.9 (GNU/Linux)
  
! iEYEABECAAYFAkshQC8ACgkQt46JP6URl2ojagCgqjnyHrcGWT6q3bIyeSOal/jt
! jakAni03/VOtpkPPzoASAzhq/w2AeJUl
! =eaC/
  -----END PGP SIGNATURE-----
  </pre>
  
  <pre>
! <strong>proftpd-1.3.2c.tar.gz.asc</strong>
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.4.9 (GNU/Linux)
  
! iEYEABECAAYFAkshQDcACgkQt46JP6URl2qWigCbBDdgFtK3h/WvC09EjMF3a66i
! 5/kAoLKRuhEA7OKHfy7URmNDworuBDDm
! =fRRP
  -----END PGP SIGNATURE-----
  </pre>
  
  <pre>
! <strong>proftpd-1.3.3rc3.tar.bz2.asc</strong>
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.4.9 (GNU/Linux)
  
! iEYEABECAAYFAkshVMsACgkQt46JP6URl2qD0QCeKqbWF9XXidDtAQ3rPcmkUYJB
! TkAAoNgk1qLefqg0Xim6wYUDjAgAsS8x
! =gAUe
  -----END PGP SIGNATURE-----
  </pre>
  
  <pre>
! <strong>proftpd-1.3.3rc3.tar.gz.asc</strong>
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.4.9 (GNU/Linux)
  
! iEYEABECAAYFAkshVNAACgkQt46JP6URl2pu+gCgq3CSh3+FiznW4EIlYLwOT1fU
! 3d8AoKAlIunlTwlG30UwoFvanAVS3N/M
! =d+R1
  -----END PGP SIGNATURE-----
  </pre>
--- 18,61 ----
  
  <pre>
! <strong>proftpd-1.3.2d.tar.bz2.asc</strong>
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.4.9 (GNU/Linux)
  
! iEYEABECAAYFAkt1+VAACgkQt46JP6URl2oOcQCeOFS7vOdQbvQKctWDRdqj9o3r
! 5o4AoKFEE/C/XjLg16ZBnwKkvqD2nUZr
! =4Hn9
  -----END PGP SIGNATURE-----
  </pre>
  
  <pre>
! <strong>proftpd-1.3.2d.tar.gz.asc</strong>
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.4.9 (GNU/Linux)
  
! iEYEABECAAYFAkt1+VgACgkQt46JP6URl2p62ACfSCrYaXGu3On3Y3K3jlDlPIav
! 6bYAn1EtyJp0oxxuoD33JkGge33huX25
! =RrWx
  -----END PGP SIGNATURE-----
  </pre>
  
  <pre>
! <strong>proftpd-1.3.3rc4.tar.bz2.asc</strong>
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.4.9 (GNU/Linux)
  
! iEYEABECAAYFAkt1/YoACgkQt46JP6URl2riEwCfTBGRX0VBFDE7kwrrEDVZX7Wz
! BlQAn1cL4MJJXJySsVvN41xw9HA4W8cE
! =MxYg
  -----END PGP SIGNATURE-----
  </pre>
  
  <pre>
! <strong>proftpd-1.3.3rc4.tar.gz.asc</strong>
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.4.9 (GNU/Linux)
  
! iEYEABECAAYFAkt1/Y8ACgkQt46JP6URl2q8uwCeJar3kWH2GeFzrUiVj5/Ie8vS
! 4MUAn1ZOdQ/tcdRh5qZ4FUZDs0F/5tjs
! =bqAn
  -----END PGP SIGNATURE-----
  </pre>

[Proftpd-docs] CVS: www.proftpd.org/include header.epl,1.39,1.40

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/include
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv20334/include

Modified Files:
	header.epl 
Log Message:

Updating website for release of 1.3.2d, 1.3.3rc4.


Index: header.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/include/header.epl,v
retrieving revision 1.39
retrieving revision 1.40
diff -C2 -r1.39 -r1.40
*** header.epl	10 Dec 2009 21:26:36 -0000	1.39
--- header.epl	13 Feb 2010 01:21:55 -0000	1.40
***************
*** 18,38 ****
  <div id="menu">
    <h1>Current Versions</h1>
!   Stable: <strong>1.3.2c</strong>
    <div class="indent">
!     <span class="nowrap">[ <a href="/docs/RELEASE_NOTES-1.3.2c">RELEASE_NOTES</a> ]</span>
    </div>
    <div class="indent">
!     <span class="nowrap">[ <a href="/docs/NEWS-1.3.2c">NEWS</a> ]</span>
!     <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.2c.tar.gz">gz</a> ]</span>
!     <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.2c.tar.bz2">bz2</a> ]</span>
    </div>
!   Release Candidate: <strong>1.3.3rc3</strong>
    <div class="indent">
!     <span class="nowrap">[ <a href="/docs/RELEASE_NOTES-1.3.3rc3">RELEASE_NOTES</a> ]</span>
    </div>
    <div class="indent">
!     <span class="nowrap">[ <a href="/docs/NEWS-1.3.3rc3">NEWS</a> ]</span>
!     <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3rc3.tar.gz">gz</a> ]</span>
!     <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3rc3.tar.bz2">bz2</a> ]</span>
    </div>
  
--- 18,38 ----
  <div id="menu">
    <h1>Current Versions</h1>
!   Stable: <strong>1.3.2d</strong>
    <div class="indent">
!     <span class="nowrap">[ <a href="/docs/RELEASE_NOTES-1.3.2d">RELEASE_NOTES</a> ]</span>
    </div>
    <div class="indent">
!     <span class="nowrap">[ <a href="/docs/NEWS-1.3.2d">NEWS</a> ]</span>
!     <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.2d.tar.gz">gz</a> ]</span>
!     <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.2d.tar.bz2">bz2</a> ]</span>
    </div>
!   Release Candidate: <strong>1.3.3rc4</strong>
    <div class="indent">
!     <span class="nowrap">[ <a href="/docs/RELEASE_NOTES-1.3.3rc4">RELEASE_NOTES</a> ]</span>
    </div>
    <div class="indent">
!     <span class="nowrap">[ <a href="/docs/NEWS-1.3.3rc4">NEWS</a> ]</span>
!     <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3rc4.tar.gz">gz</a> ]</span>
!     <span class="nowrap">[ <a href="ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3rc4.tar.bz2">bz2</a> ]</span>
    </div>
  

[Proftpd-docs] CVS: www.proftpd.org/docs NEWS-1.3.2d, NONE, 1.1 NEWS-1.3.3rc4, NONE, 1.1 RELEASE_NOTES-1.3.2d, NONE, 1.1 RELEASE_NOTES-1.3.3rc4, NONE, 1.1

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv19146/docs

Added Files:
	NEWS-1.3.2d NEWS-1.3.3rc4 RELEASE_NOTES-1.3.2d 
	RELEASE_NOTES-1.3.3rc4 
Log Message:

Adding the NEWS and RELEASE_NOTES files for the 1.3.2d and 1.3.3rc4 releases.


--- NEW FILE ---
$Id: NEWS-1.3.2d,v 1.1 2010/02/13 01:15:51 castaglia Exp $

-----------------------------------------------------------------------------
  More details on the bugs listed below can be found by using the bug number
  indicated in the following URL:

    http://bugs.proftpd.org/show_bug.cgi?id=N

  where `N' is the bug number.
-----------------------------------------------------------------------------

1.3.2d - Released 12-Feb-2010
--------------------------------
- Bug 3358 - mod_tls doesn't compile with pre-0.9.7 openssl.
- Bug 3370 - Lack of PID protection in ScoreboardFile.
- Bug 3372 - ProFTPD crashes when retrying a failed login with mod_radius
  being used.
- Bug 3381 - RADIUS authentication broken on 64-bit platforms.
- Bug 3387 - SIGHUP will eventually cause certain modules (as DSO modules) to
[...2013 lines suppressed...]
- sendfile() deprecates politely on Linux 2.0.x.
- AuthPAMAuthoritative now defaults to False.  This should clear up any
  confusion on using PAM with AuthUserFile and friends.
- Removed Bandwidth from the documentation.
- Fixed a rare segfault in mod_auth.
- Logging has changed slightly to be more informative and more consistent.
    All messages that get logged are now preceded with
    <virtualhost> (remote host[remote ip]).
- mod_ldap for authentication against LDAP directories is now in place.
- ftpwho/ftpcount -- a grammatical error corrected, and they now build
    as seperate binaries.
- Fixed the 'no names, just UIDs' bug.
- Added genuser.pl to facilitate AuthUserFile entry creation.
- Umask now takes an optional second argument, specifying a directory umask.
- Work around FreeBSD's broken setpassent(), and a new option to override
    this in fixed versions of FreeBSD's libc (--enable-force-setpassent).
- Generate RPMs for both inetd and standalone versions of ProFTPD.
- Added AuthUsingAlias to allow for more fine-grain control of anonymous
    logins.
- Added support for 'TYPE L 8' and 'TYPE L 7' per RFC 959.

--- NEW FILE ---
$Id: NEWS-1.3.3rc4,v 1.1 2010/02/13 01:15:51 castaglia Exp $

-----------------------------------------------------------------------------
  More details on the bugs listed below can be found by using the bug number
  indicated in the following URL:

    http://bugs.proftpd.org/show_bug.cgi?id=N

  where `N' is the bug number.
-----------------------------------------------------------------------------

1.3.3rc4 - Released 12-Feb-2010
--------------------------------
- Bug 3355 - mod_ban should support BanEngine in <VirtualHost> config sections.
- Bug 3358 - mod_tls doesn't compile with pre-0.9.7 openssl.
- Bug 3357 - mod_sftp fails to compile on AIX.
- Bug 3356 - Build timestamp using date(1) can fail depending on environment.
- Bug 3359 - mod_tls_shmcache segfaults during syntax check.
- Bug 3362 - Regression in handling of MaxLoginAttempts in 1.3.3rc1.
[...2199 lines suppressed...]
- sendfile() deprecates politely on Linux 2.0.x.
- AuthPAMAuthoritative now defaults to False.  This should clear up any
  confusion on using PAM with AuthUserFile and friends.
- Removed Bandwidth from the documentation.
- Fixed a rare segfault in mod_auth.
- Logging has changed slightly to be more informative and more consistent.
    All messages that get logged are now preceded with
    <virtualhost> (remote host[remote ip]).
- mod_ldap for authentication against LDAP directories is now in place.
- ftpwho/ftpcount -- a grammatical error corrected, and they now build
    as seperate binaries.
- Fixed the 'no names, just UIDs' bug.
- Added genuser.pl to facilitate AuthUserFile entry creation.
- Umask now takes an optional second argument, specifying a directory umask.
- Work around FreeBSD's broken setpassent(), and a new option to override
    this in fixed versions of FreeBSD's libc (--enable-force-setpassent).
- Generate RPMs for both inetd and standalone versions of ProFTPD.
- Added AuthUsingAlias to allow for more fine-grain control of anonymous
    logins.
- Added support for 'TYPE L 8' and 'TYPE L 7' per RFC 959.

--- NEW FILE ---
                    1.3.2 Release Notes
                  ------------------------

This file contains a description of the major changes to ProFTPD for the
1.3.2 release cycle, from the 1.3.2rc1 release to the 1.3.2 maintenance
releases.  More information on these changes can be found in the NEWS and
ChangeLog files.

1.3.2d (maintenance)
---------------------

  + Fixed mod_tls compilation when using OpenSSL versions older than 0.9.7.
  + Fixed SSL/TLS (broken due to bad backport)
  + Fixed RADIUS authentication on 64-bit platforms.

1.3.2c (maintenance)
---------------------

  + Added Taiwan translation.

  + Added a workaround in mod_tls to deal with the vulnerability found in
    SSL/TLS protocol during renegotiation (CVE-2009-3555).  Good
    descriptions of this vulnerability can be found here:
  
      http://extendedsubset.com/?p=8 
      http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

    The workaround implemented in mod_tls (Bug#3324) is one of the suggested
    mitigation approaches: the server now refuses all client-initiated
    SSL/TLS session renegotiations.


1.3.2b (maintenance)
---------------------

  + Bug and regression fixes.


1.3.2a (maintenance)
---------------------

  + Added French, Bulgarian, Korean translations.

  + Various bug and regression fixes.


1.3.2 (stable)
---------------

  + Security fixes

    Fixed encoding-dependent SQL injection vulnerability in mod_sql_mysql
    and mod_sql_postgres modules.


1.3.2rc4
---------

  + Fixed %f logging, HiddenStore and UserOwner not working (Bug#3137).

  + Added Russian translation.

  + New documentation:

      doc/howto/Compiling.html
      doc/howto/Rewrite.html
      doc/howto/Sendfile.html


1.3.2rc3
---------

  + Fixed character set/encoding support on FreeBSD.

  + Fixed mod_sql authentication regression (Bug#2922)

  + Start of a regression testsuite.  Currently have basic unit tests for
    most FTP commands, and a few of the configuration directives.  See
    the Testing howto for more information.

  + Fixed variable substitution in user/group names in SQL queries.

  + Lowered the default TimeoutLinger value from 180 secs to 30 secs,
    for better interoperability.  Many FTP clients have a timeout of
    60 secs, waiting for a response from the server, before the client
    closes the control connection.  ProFTPD's lingering closes should
    thus not be longer than 60 secs, to avoid hitting those clients'
    timeout limit.

  + Fixed several issues related to aborting of downloads.

  + New documentation:

      doc/howto/Testing.html
      doc/howto/Translations.html


1.3.2rc2
---------

  + Added Chinese translation.

  + Fixed handling of SSL/TLS session shutdowns on data connections.  This
    issue was causing problems for users of recent FileZilla versions which
    insisted on proper SSL/TLS session shutdowns.

  + Fixed file descriptor leak when using syslog logging.

  + Fixed syslog logging on Mac OSX platforms.

  + Attempted to address the following message in system log files:

      warning: `proftpd' uses 32-bit capabilities (legacy support in use)

    by having mod_cap use the libcap version numbers provided by newer
    Linux kernels.  See doc/modules/mod_cap.html for more details.

  + Added new `prxs' tool, for compiling and installing third-party
    modules without needing the proftpd source code.  See
    doc/howto/DSO.html for more information.

  + Added sendfile support for Mac OSX 10.5.


1.3.2rc1
---------

  + Added pkgconfig file

    As part of the process of installing proftpd from source, a proftpd.pc
    file, suitable for use by the common `pkg-config' tool, is provided.
    This proftpd.pc file is installed into the <install-dir>/lib/pkgconfig/
    directory.

    See http://pkgconfig.freedesktop.org/ for more details.

  + IPv6 support is enabled by default.  To disable at build time, use:

      ./configure --disable-ipv6 ...

    And to disable IPv6 support at runtime, use:

      UseIPv6 off

    in your proftpd.conf

  + Changed command-line behavior:

      The -vv command-line option currently shows only the static modules,
      e.g.:

        - ProFTPD Version: 1.3.0 (stable)
        -   Scoreboard Version: 01040002
        -   Built: mar gen 2 10:57:47 CET 2007
        -     Module: mod_core.c
        -     Module: mod_xfer.c
        -     Module: mod_auth_unix.c
        -     Module: mod_auth_file.c
        ...

      Now, the -vv command-line option will show all modules, static *and*
      shared:

        ProFTPD Version: 1.3.0 (stable)
        Scoreboard Version: 01040002
        Built: Thu Jun 14 14:13:37 UTC 2007

        Loaded modules:
          mod_ifsession.c
          mod_tls/2.1.1
          mod_cap/1.0
          ...

       Note that the output format has changed slightly (no leading " - ").
       The -l command-line option can be used to list just the static
       modules.

       Also note that order of the module listed via -vv shows the order
       in which the core proftpd engine calls each module, i.e. the modules
       are listed in module order.

  + New configuration directives:

      AuthPAMOptions

        Some PAM modules need the PAM_TTY item to be set; the mod_auth_pam
        module now sets the PAM_TTY item, unless the following configuration
        is used:

          AuthPAMOptions NoTTY

        This configuration should not be necessary, and is only supported
        as a safeguard.

      MaxTransferPerHost

        This directive configures a limit on the maximum number of
        simultaneous data transfers (uploads/downloads) for a given
        host.

      MaxTransfersPerUser

        This directive configures a limit on the maximum number of
        simultaneous data transfers (uploads/downloads) for a given
        user name, regardless of the number of clients using that user name.

      TLSVerifyOrder

        This directive is part of the support for the Online Certificate
        Status Protocol (OCSP) in the mod_tls module.  See
        doc/contrib/mod_tls.html#TLSVerifyOrder for details.

      TransferPriority

        This directive can be used to change the process priority while
        the session process is handling a data transfer.  Using this
        directive, data transfers can be given lower/higher priorities
        than other processes on the system, depending on the site needs.

      UseEncoding

        The mod_lang module can how support encodings other than just
        UTF8 for the control connection FTP commands and responses.  See
        doc/modules/mod_lang.html#UseEncoding for additional information.

  + New contrib scripts:

      Added contrib/ftpmail, a Perl script which reads a TransferLog FIFO and
      sends automatic email notifications whenever uploads occur.  See
      doc/contrib/ftpmail.html for more details.

  + Enhanced configuration directives:

      BanOnEvent ClientConnectRate

        Clients can now be banned if they connect too frequently; see
        doc/contrib/mod_ban.html#BanOnEvent

      LogFormat %f

        The %f LogFormat variable is now properly substituted for the
        RNFR, RNTO, SITE CHGRP, and SITE CHMOD commands.

      TimeoutIdle, TimeoutNoTransfer, TimeoutStalled

        These directives can now be used within <Anonymous> sections to
        specify different timeouts for anonymous sessions.

      TLSOptions EnableDiags

        The EnableDiags option configures mod_tls to be *much* more verbose,
        and to print diagnostics about the SSL/TLS protocol to the TLSLog.
        See doc/contrib/mod_tls.html#TLSOptions

      TLSRequired !data, ctrl+!data, auth+!data

        The various combinations for requiring SSL/TLS protection on
        control and data connections have increased.  More details can be
        found here: doc/contrib/mod_tls.html#TLSRequired

  + Deprecated configuration directives

      AnonymousGroup

        This directive is NOT recommended, and relies on a "special
        dynamic configuration" which is very confusing to users.  It will
        be removed in the 1.3.3 ProFTPD release cycle.

      UseUTF8

        This directive has been replaced by the UseEncoding directive.

  + New translations

      The FTP response messages used by proftpd have been translated into
      Italian.  To use translations, compile proftpd using:

        ./configure --enable-nls ...

      This builds the mod_lang module, in addition to installing the
      translated message catalogs for proftpd's use.  See
      doc/modules/mod_lang.html for more information.

  + New modules:

      mod_dynmasq

        Useful for sites using dynamic DNS and other similar services.
        This module automatically refreshes the IP address of the daemon,
        so that the correct address is communicated to clients i.e. via
        the MasqueradeAddress directive.  See the module documentation at:

          doc/contrib/mod_dynmasq.html

      mod_facts

        Implements the MLSD and MLST commands, as per RFC3659.  Also provides
        the MFF and MFMT commands from:

          http://www.ietf.org/internet-drafts/draft-somers-ftp-mfxx-03.txt
 
        Module documentation is available for mod_facts at:

          doc/modules/mod_facts.html

        This module is compiled in by default.

      mod_ident

        The RFC1413 "identification protocol" lookup was separated out of
        the main proftpd code and into this mod_ident module.  With this
        change, you can now choose to build proftpd without this support
        using:

          ./configure --disable-ident ..

        You can also choose to build mod_ident as a shared module, loadable
        as needed:

          ./configure --enable-dso --with-shared=mod_ident ...

        Module documentation is available for mod_ident at:

          doc/modules/mod_ident.html

        This module is compiled in by default.

      mod_sql_odbc

        This module is a mod_sql backend module which supports ODBC
        drivers.  See doc/contrib/mod_sql_odbc.html for more information.

      mod_sql_sqlite

        This module is a mod_sql backend module which uses SQLite as its
        backend database.  See doc/contrib/mod_sql_sqlite.html for details.

      mod_unique_id

        Generates a unique ID for every FTP session.  This ID can be
        written to log files and stored in databases, for tracking all of
        the activity associated with a particular FTP session.  See:

          doc/contrib/mod_unique_id.html

  + New documentation:

      doc/howto/ConfigurationTricks.html

  + Updated documentation:

      doc/howto/TLS.html

        Added instructions on how to use OpenSSL in FIPS mode; see
        doc/howto/TLS.html#TLSFIPS


Last Updated: $Date: 2010/02/13 01:15:51 $

--- NEW FILE ---
                    1.3.3 Release Notes
                  ------------------------

This file contains a description of the major changes to ProFTPD for the
1.3.3 release cycle, from the 1.3.3rc1 release to the 1.3.3 maintenance
releases.  More information on these changes can be found in the NEWS and
ChangeLog files.

1.3.3rc4
---------

  + Fixed mod_tls compilation using OpenSSL installations older than 0.9.7.
  + Fixed mod_sftp compilation on AIX.
  + Fixed RADIUS authentication on 64-bit platforms
  + Fixed memory leak in SCP downloads.

  + New configuration directives

    SQLPasswordUserSalt

      The SQLPasswordUserSalt directive can be used to configure per-user
      salt data to be added to the encrypted password for a user.  The salt
      can be the user name, or it can be the result of a SQL query.  More
      information can be found in
      doc/contrib/mod_sql_passwd.html#SQLPasswordUserSalt.


1.3.3rc3
---------

  + Added Taiwan translation.

  + Added support in mod_sftp for the following SFTP extensions:

      check-file
      copy-file
      vendor-id
      version-select
      pos...@op...
      fst...@op...
      st...@op...

  + Added a workaround in mod_tls to deal with the vulnerability found in
    SSL/TLS protocol during renegotiation (CVE-2009-3555).  Good
    descriptions of this vulnerability can be found here:

      http://extendedsubset.com/?p=8
      http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

    The workaround implemented in mod_tls (Bug#3324) is one of the suggested
    mitigation approaches: the server now refuses all client-initiated
    SSL/TLS session renegotiations.

  + Updated to the bundled libtool to 2.2.4 (plus patch) to deal with a
    libtool vulnerability (CVE-2009-3736).

  + Added support for SHA256 and SHA512 passwords to the mod_sql_passwd
    module.

  + New configuration directives

    SFTPExtensions

      The SFTPExtensions directive can be used to selectively enable/disable
      mod_sftp's support for specific SFTP extensions.  See
      doc/contrib/mod_sftp.html#SFTPExtensions for more details.

  + Changed configuration directives

    CapabilitiesSet

      The CAP_FOWNER capability can now be explicitly requested when
      using the mod_cap module:

        <IfModule mod_cap.c>
          CapabilitiesSet +CAP_FOWNER
        </IfModule>

      For operations allowed on files, this capability overrides the
      restriction that the file owner ID must match the process user ID.


1.3.3rc2
---------

  + When handling .ftpaccess files, proftpd was merging them into the
    main configuration such that the .ftpaccess files configurations would
    override the main configuration.  This was never the intended behavior,
    and has been fixed (Bug#3279).

    However, this does mean that sites which use .ftpaccess files may see
    a change in the behavior of their proftpd.

  + Changed scoreboard format (Bug#3286), need for "ServerType inetd"
    server to manually delete their old ScoreboardFiles.  Otherwise they
    will see "error opening scoreboard: bad version (too old)" errors.

  + Changed SQL connection policy (Bug#3290).  Important for clients which
    connect but don't authenticate (e.g. mod_ban, mod_dnsbl, mod_wrap2_sql,
    etc which will reject connected clients prior to authentication); saves
    on unnecessary database connections in such cases.  For sites which
    require the old behavior, there is a new "PERCONNECTION" connection
    policy.

    NOTE: If you are using mod_sql for logging purposes only, e.g. you have
    the following in your mod_sql config:

      SQLEngine log

    then this connection policy change may affect you.  If the database
    connection is opened after a chroot has occurred (via DefaultRoot or
    <Anonymous> login), the database connection may fail.  And since now
    the connection is delayed until first use, and the first use for logging
    may occur after the chroot, the logging may fail.  For such sites, then,
    you will need to use the "PERCONNECTION" connection policy explicitly.

  + Support for "implicit" FTPS.  To enable this, use:

      TLSOptions UseImplicitSSL

    WARNING: Using this setting will cause mod_tls to handle ALL connections
    to the vhost as implicit FTPS connections.  It is NOT possible to support
    both plain FTP (or explicit FTPS) clients AND implicit FTPS clients on the
    same address/port.  Therefore this setting should ONLY ever be used in
    order to support braindead/broken FTPS clients, and then only for as long
    as it takes to fix/replace those broken clients.

    Note that "implicit" FTPS was explicitly DROPPED from the RFC which
    defines FTP over SSL/TLS; the only clients which use this feature are
    outdated clients based on older, now-invalidated versions of the
    specification.  Please update your FTPS clients to one which uses
    explicit FTPS as soon as possible.

  + Re-enable turning off the Nagle algorithm; this drastically helps speed
    up transfers of multiple small files.

  + New modules

    mod_sql_passwd
      This module supports MD5 and SHA1 passwords, encoding using base64 or
      hex, from SQL tables.  See doc/contrib/mod_sql_passwd.html for details.

  + New configuration directives

    AuthUnixOptions

      In Bug#1896, support for checking some AIX-specific functions for
      whether a login should be accepted was added; this happens only on AIX
      server, of course.

      However, some AIX admins like to configure "rlogin=false", yet still
      want to allow FTP logins.  To enable this specific behavior, a new
      AuthUnixOptions directive was added, with a setting which is only
      honored on AIX:

        AuthUnixOptions aixNoRLogin

      If this setting is used on any other server, it is silently ignored.
      Bug#3300 has the full details.

  + Changed configuration directives

    ExtendedLog

      You can now disable logging in an <Anonymous> section to an ExtendedLog
      which was opened outside of the <Anonymous> section, i.e.:

        ExtendedLog /path/to/ext.log ALL

        <Anonymous /path/to/anon>
          ...
          ExtendedLog /path/to/anon-ext.log ALL

          # Disable the logging to the higher-level ExtendedLog by
          # configuring again here, but changing the command class to 'NONE'
          ExtendedLog /path/to/ext.log NONE
          ...
        </Anonymous>

    HiddenStores

      The HiddenStores directive can now be used to customize and change
      the prefix which is prepended to the HiddenStore files.  The default
      prefix is ".in.", but if you wish to use a different prefix for any
      reason, you can use something like:

        HiddenStores foo

      This will cause the prefix to be ".foo.".

    SQLOptions

      When the connection to the database is lost, mod_sql now will try
      only once to automatically reconnect (if such reconnect functionality
      is supported by the database, e.g. MySQL or Postgres).  To disable this
      reconnect behavior, there is a new "noReconnect" SQLOptions setting:

        SQLOptions noReconnect

      See Bug#3270 for the full details of this behavior change.  It should
      be transparent for most sites.


1.3.3rc1
---------

  + Added French, Bulgarian, Korean translations.

  + RPM 4.2 or later is required by the proftpd.spec file provided in the
    distribution.

  + If the --localstatedir configure option is used, proftpd's build system
    used to automatically append "/proftpd" to the configured path.  This
    behavior has been fixed; proftpd's build system will now use the
    configured --localstatedir path as is.

    Note that this may cause issues if you have an existing build script
    for compling proftpd; the expected locations of files under the
    --localstatedir path will change.

  + New command-line options:

    The -S, --serveraddr command-line option has been added.  This option
    can be used to specify the IP address of the host machine.  By
    default, proftpd attempts to resolve the host IP address by using DNS
    resolution of the hostname.  However, in cases where DNS is not
    configured for the host machine, this approach does not work.

    To specify the desired IP address, use -S when starting proftpd, e.g.:

      /usr/local/sbin/proftpd -S 1.2.3.4 ...

    And if you want proftpd to listen on all interfaces, you can specify
    a wildcard socket using an IP address of 0.0.0.0:

      /usr/local/sbin/proftpd -S 0.0.0.0 ...

  + New modules:

    mod_exec

      This module enables execution of external scripts based on actions/events
      during a session.  See doc/contrib/mod_exec.html for details.

    mod_sftp

      This module implements the SSH2, SFTP, and SCP protocols.  See
      doc/contrib/mod_sftp.html for more information.

    mod_sftp_pam

      This module uses PAM to provide a 'keyboard-interactive' SSH2
      authentication method for mod_sftp.  More information can be found in
      the documentation for mod_sftp_pam, in doc/contrib/mod_sftp_pam.html.

    mod_sftp_sql

      This module uses SQL (via mod_sql) for looking up authorized SSH2 
      public keys for user and hostbased authentication.  More information
      is available in doc/contrib/mod_sftp_sql.html.

    mod_shaper

      This module can be used to provide data transfer rate "shaping"
      across the entire server.  See the documentation at
      doc/contrib/mod_shaper.html.

    mod_tls_shmcache

      This module provides an external SSL session cache using shared
      memory; see the TLSSessionCache configuration directive.  More
      information on this module can be found in
      doc/contrib/mod_tls_shmcache.html.

  + New configuration directives:

    RewriteHome

      The RewriteHome directive can be used to support rewriting the
      home directory for a user, based on regular expression rules.
      One such use case is where some portion of the home directory is
      retrieved e.g. from an LDAP directory, but you need to apply some
      custom prefix to the LDAP attribute.

      To enable this feature, first you need to add the following to your
      proftpd.conf:

        RewriteHome on

      Next, you need to configure the mod_rewrite rules for rewriting your home
      directory; this feature depends on mod_rewrite for the rewriting.
      The pseudo-command used by mod_rewrite for rewriting home directories is
      "REWRITE_HOME".  Thus would you use:

        <IfModule mod_rewrite.c>
          RewriteEngine on
          RewrlteLog /path/to/rewrite.log

          RewriteCondition %m REWRITE_HOME
          RewriteRule (.*) /my/new/prefix$1
        </IfModule>

    ScoreboardScrub

      The ScoreboardScrub directive can be used to turn on/off proftpd's
      periodic "scrubbing" of its ScoreboardFile, where the ScoreboardFile
      is scanned for entries of dead sessions:

        ScoreboardScrub on|off|secs

      Note that if scoreboard scrubbing is turned off, the ScoreboardFile
      can still be scrubbed on demand, either by using mod_ctrls_admin's
      "ftpdctl scoreboard scrub" action, or by using the new ftpscrub
      command-line utility.

    TLSControlsACLs

      With the addition of support for external session caches, the
      mod_tls module now supports some ftpdctl actions for interacting
      with those session caches.  The TLSControlsACLs directive can be
      used to configure ACLs for the ftpdctl actions supported by mod_tls,
      and is analogous to other ACLs directives for other modules which
      support ftpdctl actions.

    TLSPKCS12File

      The TLSPKCS12File directive of the mod_tls module is used to
      configure mod_tls to use the certificate and private key contained
      in the indicated PKCS#12 file.  Some sites already use PKCS#12 files
      for containing their other certificates, and thus find it useful to
      have PKCS#12 support in mod_tls.

    TLSSessionCache

      The TLSSessionCache directive configures an external SSL session
      cache, which can be used for storing and shared SSL sessions across
      multiple processes.  An external SSL session cache is an optional
      facility which speeds up parallel FTPS session connections.

      See doc/contrib/mod_tls.html#TLSSessionCache for more information.

  + Changed configuration directives:

    AllowOverride

      This directive no longer supports the optional user/group/class
      parameters.  If you wish to have per-user/group/class conditional
      use of the AllowOverride directive, you will need to use the
      mod_ifsession module.  For example, instead of:

        AllowOverride off user !admin

      you will need to use:

        <IfUser admin>
          AllowOverride on
        </IfUser>

        <IfUser !admin>
          AllowOverride off
        </IfUser>

      Note that the "!admin" section is necessary.  If you set
      "AllowOverride off" unconditionally, then use a mod_ifsession context,
      you would end up with two AllowOverride settings, and the code might not
      be able to distinguish properly which setting to use.  Thus you need to
      make both the "on" and "off" cases conditional, and mutually exclusive.

      Configurations which use the user/group/class conditional parameters
      to AllowOverride will now generate configuration errors.

    BanOnEvent

      The BanOnEvent directive of the mod_ban module now supports
      TimeoutLogin events.

    <VirtualHost>

      You can now specify an IP address of "0.0.0.0" in a <VirtualHost>
      definition.

    IdentLookups

      The default IdentLookups value is now 'off'.  The RFC1413 IDENT lookup
      adds latency to the login process, so much so that it is a FAQ to
      configure "IdentLookups off".  In addition, the IDENT protocol is not
      secure; it can easily be spoofed using man-in-the-middle attacks.  Sites
      that require IDENT lookups must now explicitly configure
      "IdentLookups on".

      Note that in order to use IdentLookups, you must compile proftpd with
      the mod_ident module.  If you use the --disable-ident configure
      option, then proftpd will not recognize the IdentLookups directive.
      Thus in your proftpd.conf, you should use something like:

        <IfModule mod_ident.c>
          IdentLookups on
        </IfModule>

      if you want to use RFC1413 lookups.

    LogFormat, SQLNamedQuery

      There is a new variable, %{protocol}, which describes the protocol
      that the client is using.  This variable can have values of "ftp",
      "ftps", "ssh2", "sftp", and "scp".

      Note that for SSH2 connections, the value will be "ssh2" until SFTP or
      SCP channels are opened; this means that during login, the %{protocol}
      value will be "ssh2".

      There is also a new %w variable which is only valid for RNTO commands.
      The %w value will be the original name of the file being renamed
      (mnemonic: "whence" a renamed file comes).

    RewriteCondition, RewriteRule

      Use of environment variables in mod_rewrite rules is now supported
      via the "%{ENV:var}" syntax.

    SQLGroupInfo

      The SQLGroupInfo now supports custom queries for retrieve group
      information.  Note that instead of a single custom query, several
      different queries are needed; different lookups are called for
      depending on the situation and configuration of mod_sql (e.g.
      using the 'groupset' or 'groupsetfast' SQLAuthenticate parameters).

      See doc/contrib/mod_sql.html#SQLGroupInfo and
      doc/howto/SQL.html#SQLUsersetfast for more details.

    SQLUserInfo

      The support for custom SQLUserInfo queries has been extended to
      support custom queries to be used when the 'userset' or 'usersetfast'
      SQLAuthenticate parameters are used.

      For more information, see doc/contrib/mod_sql.html#SQLUserInfo and 
      doc/howto/SQL.html#SQLUsersetfast.

    TLSOptions

      The NoSessionReuseRequired option has been added.  As of
      ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
      that reuse the SSL session of the control connection, as a security
      measure.  Unfortunately, there are some clients (e.g. curl) which
      do not reuse SSL sessions.

      To relax the requirement that the SSL session from the control
      connection be reused for data connections, use the following in the
      proftpd.conf:

        <IfModule mod_tls.c>
          ...
          TLSOptions NoSessionReuseRequired
          ...
        </IfModule>

    TLSRequired

      The TLSRequired directive can now be used in <Directory> sections and
      in .ftpaccess files.  When used in these configuration contexts, only
      the TLSRequired values that require SSL/TLS protection on data transfers
      are honored.  With this, it is now possible to mark specific files or
      directories as requiring SSL/TLS protection to be accessed via data
      transfer.

    TransferLog

      The "service-name" field of the TransferLog usually contains just
      "ftp".  In order to support TransferLogs for SFTP and SCP transfers,
      the service-name field of the TransferLog format may now show
      "sftp" or "scp".  It may also show "ftps" instead of "ftp", if the
      data transfer occurred while the client is using FTP over SSL/TLS.

      NOTE: This change, while correct, may cause issues for log parsers.

  + Deprecated configuration directives:

    AnonymousGroup

      Support for this directive has been removed.

  + Developer Notes

    If you are a module developer, then you will want to know of the following
    API/internals changes:

      * The original USER value sent by the client is no longer stored in
        the config tree.  That is, the following no longer works:

          user = get_param_ptr(main_server->conf, C_USER, FALSE);

        Instead, the original USER value is stashes in the session.notes
        table.  Thus the above line of code can be replaced with:

          user = pr_table_get(session.notes, "mod_auth.orig-user", NULL);

        A similar change occurred for the anonymous "password" sent, but
        this will probably not apply to most modules.

 
Last Updated: $Date: 2010/02/13 01:15:51 $

[Proftpd-docs] CVS: www.proftpd.org wwwmirror.epl,1.114,1.115

[John M. <jw...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv12447

Modified Files:
	wwwmirror.epl 
Log Message:
update

Index: wwwmirror.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/wwwmirror.epl,v
retrieving revision 1.114
retrieving revision 1.115
diff -C2 -r1.114 -r1.115
*** wwwmirror.epl	5 Nov 2009 15:30:42 -0000	1.114
--- wwwmirror.epl	13 Jan 2010 22:15:48 -0000	1.115
***************
*** 27,31 ****
  	<a href="http://www.am.proftpd.org/">am</a>
  	<a href="http://www.ar.proftpd.org/">ar</a>
- 	<a href="http://www.at.proftpd.org/">at</a>
  	<a href="http://www.be.proftpd.org/">be</a>
  	<a href="http://www.bg.proftpd.org/">bg</a>
--- 27,30 ----
***************
*** 107,121 ****
  			</p>
  	<p>
- 		<a href="http://www2.at.proftpd.org">http://www2.at.proftpd.org/</a>
-         <br />
- 		<a href="http://proftpd.gds.tuwien.ac.at/">http://proftpd.gds.tuwien.ac.at/</a>
- 		<br />
- 
- 		Location: Austria					(Vienna Univ. of Technology, Austria)
- 				<br />
- 
- 					Maintained by: Rudi (Rudolf Ladner)<br />
- 			</p>
- 	<p>
  		<a href="http://www2.am.proftpd.org">http://www2.am.proftpd.org/</a>
          <br />
--- 106,109 ----

[Proftpd-docs] CVS: www.proftpd.org download.epl,1.114,1.115

[John M. <jw...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv11737

Modified Files:
	download.epl 
Log Message:
update

Index: download.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/download.epl,v
retrieving revision 1.114
retrieving revision 1.115
diff -C2 -r1.114 -r1.115
*** download.epl	8 Jan 2010 15:10:12 -0000	1.114
--- download.epl	13 Jan 2010 22:08:43 -0000	1.115
***************
*** 177,180 ****
--- 177,191 ----
  			</p>
  	<p>
+ 		<a href="ftp://ftp24.us.proftpd.org">ftp://ftp24.us.proftpd.org/</a>
+         <br />
+ 		<a href="ftp://ftp.sourwood.net/pub/ProFTPD/">ftp://ftp.sourwood.net/pub/ProFTPD/</a>
+ 		<br />
+ 
+ 		Location: United States					(Danvers, Massachusetts  USA)
+ 				<br />
+ 
+ 					Maintained by: Matt Mozur<br />
+ 			</p>
+ 	<p>
  		<a href="ftp://ftp25.us.proftpd.org">ftp://ftp25.us.proftpd.org/</a>
          <br />

[Proftpd-docs] CVS: www.proftpd.org download.epl,1.113,1.114

[John M. <jw...@us...>]

Update of /cvsroot/pdd/www.proftpd.org
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv663

Modified Files:
	download.epl 
Log Message:
update


Index: download.epl
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/download.epl,v
retrieving revision 1.113
retrieving revision 1.114
diff -C2 -r1.113 -r1.114
*** download.epl	5 Nov 2009 15:30:42 -0000	1.113
--- download.epl	8 Jan 2010 15:10:12 -0000	1.114
***************
*** 27,31 ****
  	<a href="ftp://ftp.ie.proftpd.org/">ie</a>
  	<a href="ftp://ftp.it.proftpd.org/">it</a>
- 	<a href="ftp://ftp.jp.proftpd.org/">jp</a>
  	<a href="ftp://ftp.lv.proftpd.org/">lv</a>
  	<a href="ftp://ftp.nl.proftpd.org/">nl</a>
--- 27,30 ----
***************
*** 178,192 ****
  			</p>
  	<p>
- 		<a href="ftp://ftp3.jp.proftpd.org">ftp://ftp3.jp.proftpd.org/</a>
-         <br />
- 		<a href="ftp://proftpd.get7.biz/proftpd/">ftp://proftpd.get7.biz/proftpd/</a>
- 		<br />
- 
- 		Location: Japan					(Tokyo,Japan)
- 				<br />
- 
- 					Maintained by: Motohiro Sunouchi<br />
- 			</p>
- 	<p>
  		<a href="ftp://ftp25.us.proftpd.org">ftp://ftp25.us.proftpd.org/</a>
          <br />
--- 177,180 ----
***************
*** 386,400 ****
  					Maintained by: Ireneusz Weglewski<br />
  			</p>
- 	<p>
- 		<a href="ftp://ftp2.pl.proftpd.org">ftp://ftp2.pl.proftpd.org/</a>
-         <br />
- 		<a href="ftp://ftp.tpnet.pl/pub/linux/proftpd/ ; rsync://ftp.tpnet.pl/pub/linux/proftpd/">ftp://ftp.tpnet.pl/pub/linux/proftpd/ ; rsync://ftp.tpnet.pl/pub/linux/proftpd/</a>
- 		<br />
- 
- 		Location: Poland					(Poland, Warsaw)
- 				<br />
- 
- 					Maintained by: Ireneusz Weglewski<br />
- 			</p>
  
  #include "footer.epl"
--- 374,377 ----

[Proftpd-docs] CVS: www.proftpd.org/docs/howto Umask.html,1.1,1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv32576

Modified Files:
	Umask.html 
Log Message:

Updated Umask howto on website.


Index: Umask.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Umask.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** Umask.html	17 Aug 2007 00:11:26 -0000	1.1
--- Umask.html	5 Jan 2010 17:06:09 -0000	1.2
***************
*** 81,84 ****
--- 81,101 ----
  configuration directive.
  
+ <p><a name="FAQ"></a>
+ <b>Frequently Asked Questions</b><br>
+ 
+ <p><a name="UmaskExecutePermission">
+ <font color=red>Question</font>: How can I configure <code>proftpd</code> so
+ that I can upload a file with <code>770</code> permissions?<br>
+ <font color=blue>Answer</font>: Short answer: you can't.  Too many FTP servers,
+ in the past, would allow users to upload executable files.  Hackers would
+ use this capability, and then exploit a flaw in one of the servers on that
+ machine to execute the crafted file they just uploaded.  Thus ProFTPD does
+ not allow uploading of files with execute permissions.
+ 
+ <p>
+ The workaround, as mentioned above, is to allow the client to use the
+ <code>SITE CHMOD</code> command to change the permissions on the file to
+ have the execute permissions.
+ 
  <p>
  <hr>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto Timestamps.html, 1.2, 1.3

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv32431

Modified Files:
	Timestamps.html 
Log Message:

Updated website copy of Timestamps howto.


Index: Timestamps.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Timestamps.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -r1.2 -r1.3
*** Timestamps.html	29 Sep 2009 17:11:01 -0000	1.2
--- Timestamps.html	5 Jan 2010 17:05:37 -0000	1.3
***************
*** 134,138 ****
  <p>
  If you want to set the modification time, you can use the
! <code>mod_site_misc</code> module's <a href="../contrib/mod_site_misc.html#SITE_UTIME"><code>SITE UTIME</code></a> command.
  
  <p>
--- 134,141 ----
  <p>
  If you want to set the modification time, you can use the
! <code>MFMT</code> command supported by the <code>mod_facts</code> module,
! or the <code>mod_site_misc</code> module's
! <a href="../contrib/mod_site_misc.html#SITE_UTIME"><code>SITE UTIME</code></a>
! command.
  
  <p>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto ServerType.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv32094

Modified Files:
	ServerType.html 
Log Message:

Updating website copy of ServerType howto.


Index: ServerType.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/ServerType.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** ServerType.html	17 Aug 2007 00:11:26 -0000	1.1
--- ServerType.html	5 Jan 2010 17:04:54 -0000	1.2
***************
*** 56,60 ****
  </pre>
  The <code>inetd.conf</code> man pages discuss these fields in greater detail.
! See the ProFTPD User's Guide for an <a href="http://proftpd.linux.co.uk/localsite/Userguide/linked/c1090.html#AEN1173">example</a> xinetd configuration.
  
  <p><a name="InetdIPv6"></a>
--- 56,76 ----
  </pre>
  The <code>inetd.conf</code> man pages discuss these fields in greater detail.
! 
! <p>
! An example <code>xinetd</code> configuration is:
! <pre>
!   service ftp
!   {
!         disable = no
!         flags			= REUSE
!         socket_type             = stream
!         wait                    = no
!         user                    = root
!         server                  = /usr/sbin/proftpd
!         server_args             = -c /etc/proftpd.conf
!   }
! </pre>
! The xinetd configuration is usually found in <code>/etc/xinetd.conf</code>
! or in the <code>/etc/xinetd.d/</code> directory.
  
  <p><a name="InetdIPv6"></a>
***************
*** 154,158 ****
  configuration.
  
! <p>
  <b>Switching Modes</b><br>
  Changing from one <code>ServerType</code> mode to the other is a simple
--- 170,174 ----
  configuration.
  
! <p><a name="Switching">
  <b>Switching Modes</b><br>
  Changing from one <code>ServerType</code> mode to the other is a simple
***************
*** 185,188 ****
--- 201,242 ----
  is there.
  
+ <p><a name="FAQ">
+ <b>Frequently Asked Questions</b><br>
+ 
+ <font color=red>Question</font>: I have configured:
+ <pre>
+   IdentLookups off
+   ServerIdent off
+ </pre>
+ in my <code>proftpd.conf</code>, but my logins are still slow.  Why?<br>
+ <font color=blue>Answer</font>:  Another source of slow logins can be
+ <code>xinetd</code>, or <code>tcpwrappers</code> compiled for reverse DNS
+ lookups (<i>i.e.</i> with the <code>-DPARANOID</code> option).
+ 
+ <p>
+ If you are using <code>ServerType inetd</code>, <i>and</i> you are using
+ <code>xinetd</code> to run <code>proftpd</code>, then you should check your
+ <code>/etc/xinetd.conf</code> (or <code>/etc/xinetd.d/proftpd</code> or
+ similar) file for the <code>USERID</code> parameter, <i>e.g.</i>:
+ <pre>
+   log_on_success          += DURATION USERID
+   log_on_failure          += USERID
+ </pre>
+ As per the <code>xinetd.conf</code> documentation, the use of
+ <code>USERID</code> in your configuration causes <code>xinetd</code> to do
+ an IDENTD lookup:
+ <pre>
+         USERID      logs the user id of the remote user  using
+                     the   RFC  1413  identification  protocol.
+                     This option is available only  for  multi-
+                     threaded stream services.
+ </pre>
+ Removing <code>USERID</code> from your <code>xinetd</code> configuration
+ for proftpd often suffices to fix the slow logins.
+ 
+ <p>
+ Another solution is simply to <a href="#Switching">switch</a> your
+ <code>ServerType</code> to "standalone".
+ 
  <p>
  <hr>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto ListOptions.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv31907

Modified Files:
	ListOptions.html 
Log Message:

Updating website copy of ListOptions howto.


Index: ListOptions.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/ListOptions.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** ListOptions.html	17 Aug 2007 00:11:26 -0000	1.1
--- ListOptions.html	5 Jan 2010 17:03:51 -0000	1.2
***************
*** 27,30 ****
--- 27,32 ----
    <li><dt>-a</dt>
        <dd>List all files including those whose names start with &quot;.&quot;</dd>
+   <li><dt>-B</dt>
+       <dd>Force printing of non-printable filename characters as \<i>xxx</i>, where <i>xxx</i> is the octal value of the character</dd>
    <li><dt>-C</dt>
        <dd>List entries by columns</dd>
***************
*** 95,98 ****
--- 97,108 ----
  
  <p>
+ If you are <b>not</b> using the <code>--enable-nls</code> configure option,
+ <i>and</i> you want to see non-printable characters in filenames when listing
+ directories, you should use:
+ <pre>
+   ListOptions -B
+ </pre>
+ 
+ <p>
  The following keywords are supported, in addition to &quot;strict&quot;:
  <ul>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto Limit.html,1.1,1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv31591

Modified Files:
	Limit.html 
Log Message:

Updating website copy of Limit howto.


Index: Limit.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Limit.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** Limit.html	17 Aug 2007 00:11:26 -0000	1.1
--- Limit.html	5 Jan 2010 17:03:05 -0000	1.2
***************
*** 42,46 ****
    <p>
    <li>DIRS<br>
!     <i>Covering</i>: CDUP, CWD, LIST, MDTM, NLST, PWD, RNFR, STAT, XCUP, XCWD, XPWD
  
    <p>
--- 42,46 ----
    <p>
    <li>DIRS<br>
!     <i>Covering</i>: CDUP, CWD, LIST, MDTM, MLSD, MLST, NLST, PWD, RNFR, STAT, XCUP, XCWD, XPWD
  
    <p>
***************
*** 96,100 ****
  
  <p>
! <b>Using <code>AllowUser</code></b><br>
  There is a catch to using the <code>AllowUser</code> configuration directive
  that causes confusion, primarily when a single <code>AllowUser</code>
--- 96,100 ----
  
  <p>
! <b>Using <code>AllowUser</code> and <code>DenyUser</code></b><br>
  There is a catch to using the <code>AllowUser</code> configuration directive
  that causes confusion, primarily when a single <code>AllowUser</code>
***************
*** 122,125 ****
--- 122,136 ----
    AllowUser wendy
  </pre>
+ All of this applies to the <code>DenyUser</code> directive as well.
+ 
+ <p>
+ Another important item to keep in mind is that the names used in
+ <code>&lt;Limit&gt;</code> sections, <i>e.g.</i> using <code>AllowUser</code>,
+ <code>DenyUser</code>, <code>AllowGroup</code>, and <code>DenyGroup</code>,
+ are <b>not</b> resolved to an ID and then applied; the limits are applied
+ only to the names.  Why is this important?  Consider the case where the site
+ is using virtual users, where two different user names are assigned the
+ same UID.  Different limits can be applied to each name separately. Do not
+ assume that the limits are applied to the underlying IDs.
  
  <p>
***************
*** 139,143 ****
  though it does not match Apache's interpretation.
  
! <p><a name="examples"></a>
  <b>Examples</b><br>
  Here are examples to help illustrate the use of <code>&lt;Limit&gt;</code>.
--- 150,154 ----
  though it does not match Apache's interpretation.
  
! <p><a name="Examples"></a>
  <b>Examples</b><br>
  Here are examples to help illustrate the use of <code>&lt;Limit&gt;</code>.
***************
*** 176,180 ****
  <pre>
    &lt;Directory /path/to/dir&gt;
!     &lt;Limit LIST NLST&gt;
        DenyAll
      &lt;/Limit&gt;
--- 187,191 ----
  <pre>
    &lt;Directory /path/to/dir&gt;
!     &lt;Limit LIST NLST MLSD MLST&gt;
        DenyAll
      &lt;/Limit&gt;
***************
*** 182,188 ****
  </pre>
  That's it.  By default, all commands are allowed in a directory.  By blocking
! the two FTP commands used to list a directory's contents (<i>i.e.</i>
! <code>LIST</code> and <code>NLST</code>), we have effectively blocked the
! client from seeing anything in the directory.
  
  <p>
--- 193,199 ----
  </pre>
  That's it.  By default, all commands are allowed in a directory.  By blocking
! the FTP commands used to list a directory's contents (<i>i.e.</i>
! <code>LIST</code>, <code>MLSD</code>, <code>MLST</code>, and <code>NLST</code>),
! we have effectively blocked the client from seeing anything in the directory.
  
  <p>
***************
*** 296,300 ****
  you can use the following to block active transfers:
  <pre>
!   &lt;Limit PORT&gt;
      DenyAll
    &lt;/Limit&gt;
--- 307,311 ----
  you can use the following to block active transfers:
  <pre>
!   &lt;Limit EPRT PORT&gt;
      DenyAll
    &lt;/Limit&gt;
***************
*** 302,306 ****
  Or, conversely, to block passive data transfers:
  <pre>
!   &lt;Limit PASV&gt;
      DenyAll
    &lt;/Limit&gt;
--- 313,317 ----
  Or, conversely, to block passive data transfers:
  <pre>
!   &lt;Limit EPSV PASV&gt;
      DenyAll
    &lt;/Limit&gt;
***************
*** 308,311 ****
--- 319,362 ----
  
  <p>
+ Another common question is: "How can I create a read-only account using
+ <code>&lt;Limit&gt;</code> sections"?  Here's how:
+ <pre>
+   # Assumes that the user is chrooted into their home directory
+   &lt;Directory ~<i>user</i>&gt;
+     &lt;Limit CWD PWD DIRS READ&gt;
+       AllowUser <i>user</i>
+     &lt;/Limit&gt;
+ 
+     &lt;Limit ALL&gt;
+       DenyUser <i>user</i>
+     &lt;/Limit&gt;
+   &lt;/Directory&gt;
+ </pre>
+ 
+ <p>
+ What if you want to prevent a certain directory from being deleted, but
+ you <i>do</i> want to allow sub-directories in that directory to be deletable?
+ Using two <code>&lt;Directory&gt;</code> sections with
+ <code>&lt;Limit&gt;</code> sections, you can do this, <i>e.g.</i>:
+ <pre>
+   &lt;Directory /path/to/dir&gt;
+     &lt;Limit RMD XRMD&gt;
+       DenyAll
+     &lt;/Limit&gt;
+   &lt;/Directory&gt;
+ 
+   &lt;Directory /path/to/dir/*&gt;
+     &lt;Limit RMD XRMD&gt;
+       AllowAll
+     &lt;/Limit&lt;
+   &gt;/Directory&gt;
+ </pre>
+ Note the trailing "/*" suffix in the second <code>&lt;Directory&gt;</code>
+ section; this means that the second <code>&lt;Directory&gt;</code> section
+ configuration applies to the sub-directories, but <i>not</i> to the parent
+ directory itself (which is covered by the first <code>&lt;Directory&gt;</code>
+ section).
+ 
+ <p>
  <hr>
  Last Updated: <i>$Date$</i><br>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto Globbing.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv31509

Modified Files:
	Globbing.html 
Log Message:

Updating website copy of Globbing howto.


Index: Globbing.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Globbing.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** Globbing.html	17 Aug 2007 00:11:26 -0000	1.1
--- Globbing.html	5 Jan 2010 17:02:36 -0000	1.2
***************
*** 99,109 ****
  </pre>
  And, for the paranoid system administrator, a way of limiting the number
! of directories supported in a globbing expression was added in <code>1.2.8rc1</code>: <code>PR_TUNABLE_GLOBBING_MAX</code>.  By default, the maximum number
! of levels supported is 8 (this is the hardcoded default in the GNU library
! implementation of globbing).  To change this to a lower number, compile
  <code>proftpd</code> using a <code>configure</code> line that looks
  something like this:
  <pre>
!   CFLAGS="-DPR_TUNABLE_GLOBBING_MAX=3" ./configure ...
  </pre>
  A globbing expression that contains more than the maximum number of supported
--- 99,109 ----
  </pre>
  And, for the paranoid system administrator, a way of limiting the number
! of directories supported in a globbing expression was added in <code>1.2.8rc1</code>: <code>PR_TUNABLE_GLOBBING_MAX_RECURSION</code>.  By default, the maximum
! number of levels supported is 8 (this is the hardcoded default in the GNU
! library implementation of globbing).  To change this to a lower number, compile
  <code>proftpd</code> using a <code>configure</code> line that looks
  something like this:
  <pre>
!   ./configure CFLAGS="-DPR_TUNABLE_GLOBBING_MAX_RECURSION=3" ...
  </pre>
  A globbing expression that contains more than the maximum number of supported
***************
*** 113,116 ****
--- 113,130 ----
  
  <p>
+ There is a similar limit on the maximum number of matches for a glob
+ expression.  By default, this limit is 100000 (the hardcoded default in
+ the GNU library <code>glob(3)</code> implementation).  In the
+ <code>1.3.3rc1</code> ProFTPD release, a way of altering this limit was
+ added: <code>PR_TUNABLE_GLOBBING_MAX_MATCHES</code>.  For sites which really
+ do require a higher number of matches for their glob expressions, the
+ following <code>configure</code> command can be used:
+ <pre>
+   ./configure CFLAGS="-DPR_TUNABLE_GLOBBING_MAX_MATCHES=200000UL" ...
+ </pre>
+ A globbing expression that matches more than this limit will have the
+ number of matches silently truncated to the limit (or just below).
+ 
+ <p>
  <hr>
  Last Updated: <i>$Date$</i><br>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto Filters.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv31382

Modified Files:
	Filters.html 
Log Message:

Updating website copy of Filters howto.


Index: Filters.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Filters.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** Filters.html	17 Aug 2007 00:11:26 -0000	1.1
--- Filters.html	5 Jan 2010 17:01:54 -0000	1.2
***************
*** 91,94 ****
--- 91,138 ----
  
  <p>
+ <b>Examples</b><br>
+ To prevent clients from using paths which may contain non-printable characters
+ (<i>e.g.</i> CR, LF, VB, <i>etc</i>), you can use the following
+ <code>PathDenyFilter</code> pattern:
+ <pre>
+   PathDenyFilter [^[:print:]]
+ </pre>
+ Alternatively, you could use a <code>PathAllowFilter</code> which only
+ <i>allows</i> printable characters in paths:
+ <pre>
+   PathAllowFilter [[:print:]]
+ </pre>
+ And if you want to prevent spaces and tabs from appearing in paths, you
+ can use:
+ <pre>
+   PathDenyFilter [[:blank:]]
+ </pre>
+ 
+ <p>
+ In ProFTPD 1.3.3rc1 and later, you can use the <code>AllowFilter</code> and
+ <code>DenyFilter</code> configuration directives inside of
+ <code>&lt;Limit&gt;</code> sections, so that those <code>Filter</code>
+ directives only apply to the FTP commands listed in the
+ <code>&lt;Limit&gt;</code> section.  This means you can specify regular
+ expression filters for the arguments for specific commands.  For example,
+ you may want to configure a directory that only allows uploads of files with
+ specific extensions.  You <i>could</i> use <code>PathAllowFilter</code> for
+ this -- but <code>PathAllowFilter</code> also applies to the <code>MKD</code>
+ command, and you might want to allow users to create subdirectories in your
+ special directory.  Thus you only want your regular expression to apply
+ to the <code>STOR</code> command in your directory.  Below is an example
+ of how to do this using <code>AllowFilter</code>:
+ <pre>
+   &lt;Directory <i>/path/to/dir</i>&gt;
+     &lt;Limit STOR&gt;
+       Order deny, allow
+       AllowFilter \.<i>ext</i>$
+     &lt;/Limit&gt;
+   &lt;/Directory&gt;
+ </pre>
+ The key is the <code>Order</code> directive; without it, the configuration
+ will not work as you expect.
+ 
+ <p>
  <hr>
  Last Updated: <i>$Date$</i><br>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto DSO.html,1.2,1.3

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv30891

Modified Files:
	DSO.html 
Log Message:

Updating website copy of DSO howto.


Index: DSO.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/DSO.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -r1.2 -r1.3
*** DSO.html	15 Oct 2007 16:25:04 -0000	1.2
--- DSO.html	5 Jan 2010 17:01:24 -0000	1.3
***************
*** 170,176 ****
  
    INSTALL=/usr/bin/install -c
!   INSTALL_USER=user
!   INSTALL_GROUP=user
!   INSTALL_BIN=$(INSTALL) -s -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755
  
    LIBTOOL=$(SHELL) /usr/bin/libtool
--- 170,174 ----
  
    INSTALL=/usr/bin/install -c
!   INSTALL_BIN=$(INSTALL) -s -m 0755
  
    LIBTOOL=$(SHELL) /usr/bin/libtool
***************
*** 188,197 ****
  
    install: $(MODULE_NAME).la
!           $(LIBTOOL) --mode=install $(INSTALL_BIN) $(MODULE_NAME).la $(DESTDIR)$(LIBEXEC_DIR)
  
    clean:
!           $(LIBTOOL) --mode=clean $(RM) $(MODULE_NAME).la
!           $(LIBTOOL) --mode=clean $(RM) $(MODULE_NAME).lo
!           $(RM) config.*
  
    distclean:
--- 186,195 ----
  
    install: $(MODULE_NAME).la
!           if [ -f $(MODULE_NAME).la ] ; then \
!                   $(LIBTOOL) --mode=install $(INSTALL_BIN) $(MODULE_NAME).la $(DESTDIR)$(LIBEXEC_DIR) ; \
!           fi
  
    clean:
!           $(LIBTOOL) --mode=clean $(RM) $(MODULE_NAME).la $(MODULE_NAME).lo config.*
  
    distclean:
***************
*** 220,227 ****
  </pre>
  The <code>make install</code> step will install the DSO module into the
! <code>libexec/</code> directory of your ProFTPD install location.  Note that
! you may need to tweak the <code>INSTALL_USER</code> and
! <code>INSTALL_GROUP</code> variables with the necessary user/group names for
! installing the DSO module.
  
  <p>
--- 218,222 ----
  </pre>
  The <code>make install</code> step will install the DSO module into the
! <code>libexec/</code> directory of your ProFTPD install location.
  
  <p>
***************
*** 233,236 ****
--- 228,323 ----
  Then restart <code>proftpd</code>, and your custom module will be in use.
  
+ <p><a name="prxs"></a>
+ <b>Using <code>prxs</code></b><br>
+ You may find yourself wanting to compile some third-party module, for which
+ you have the source code, as a DSO module for proftpd.  But you may not have
+ the source code for proftpd, <i>e.g.</i> you might have installed proftpd
+ as a binary package.  The build system for proftpd would let you compile
+ your third-party module as a DSO module, but what do you do if you don't have
+ access to the proftpd build system?
+ 
+ <p>
+ The answer is to use the <code>prxs</code> script, which comes with proftpd.
+ The <code>prxs</code> (<b>PR</b>oFTPD E<b>X</b>tension<b>S</b>) tool will
+ compile and install third-party modules, from source code, as DSO modules
+ for your installed proftpd.
+ 
+ <p>
+ The <code>prxs</code> tool supports the following actions:
+ <pre>
+  -c, --compile          Compiles the listed <code>.c</code> source files
+                         into a proftpd DSO module.
+ 
+  -i, --install          Installs a compiled proftpd DSO module into the
+                         directory where proftpd expects to find loadable
+                         DSO modules.
+ 
+  -d, --clean            Removes any generated files, returning the build
+                         directory to a clean state.
+ </pre>
+ At least one of the above actions must be specified when using
+ <code>prxs</code>.  More than one action can be specified at the same time.
+ 
+ <p>
+ To use <code>prxs</code> all in one step, you could do:
+ <pre>
+   # prxs -c -i -d mod_custom.c
+ </pre>
+ which will do the compile, install, and clean actions in order.  Once
+ installed, update your <code>proftpd.conf</code> to make sure your module is
+ loaded:
+ <pre>
+   LoadModule mod_custom.c
+ </pre>
+ Then restart <code>proftpd</code>, and your custom module will be in use.
+ 
+ <p>
+ The following options are also supported:
+ <pre>
+  -n, --name             Tells prxs the name of the module being compiled.
+                         By default, prxs determines the module name from
+                         the list of .c files listed, expecting to see a
+                         "mod_<i>name</i>.c" file.
+ 
+  -D key                 Passes these macros through to the compilation step.
+  -D key=value           Note that the space before the key is important.
+ 
+  -I <em>includedir</em> Specify additional include file search directories.
+                         Note that the space before the directory is important.
+ 
+  -L <em>libdir</em>     Specify additional library file search directories.
+                         Note that the space before the directory is important.
+ 
+  -l <em>library</em>    Specify additional libraries for linking.
+                         Note that the space before the library name is important.
+ </pre>
+ 
+ <p>
+ Using <code>prxs</code>, the above <code>mod_custom</code> example would
+ become:
+ <pre>
+   # cd /path/to/mod_custom/dir
+   # prxs -c -i -D USE_CUSTOM -I /path/to/custom/include -L /path/to/custom/lib -l custom mod_custom.c
+ </pre>
+ That's it!  No need for a special Makefile, and no need to edit/replace any
+ variables.
+ 
+ <p>
+ The <code>prxs</code> tool uses the <code>libtool</code> command that your
+ system should support.  If you need to tell <code>prxs</code> to use a
+ different <code>libtool</code> for any reason (such as using a specially
+ installed <code>libtool</code>), you can use the <code>LIBTOOL</code>
+ environment variable to point <code>prxs</code> to the <code>libtool</code>
+ to use.  For example:
+ <pre>
+   # LIBTOOL=/path/to/custom/libtool prxs -c -i -d mod_custom.c
+ </pre>
+ 
+ <p>
+ When should you use <code>prxs</code> for compiling DSO modules, and when
+ should you use a Makefile?  In general, if the third-party module comes with
+ its own <code>configure</code> script and <code>Makefile</code>, then you
+ should use those.  Otherwise, <code>prxs</code> should suffice.
+ 
  <p>
  <hr>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto DNS.html,1.1,1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv30637

Modified Files:
	DNS.html 
Log Message:

Updating website copy of DNS howto.


Index: DNS.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/DNS.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** DNS.html	17 Aug 2007 00:11:26 -0000	1.1
--- DNS.html	5 Jan 2010 17:00:57 -0000	1.2
***************
*** 132,135 ****
--- 132,163 ----
  to re-parse its configuration and thus re-resolve all IP addresses.
  
+ <p><a name="DNSNoDNS">
+ <font color=red>Question</font>: What if I do not <i>want</i>
+ <code>proftpd</code> to use DNS to resolve the hostname to an IP address
+ because I am in an environment where there is no DNS at all?<br>
+ <font color=blue>Answer</font>: In ProFTPD 1.3.3rc1, support for a new
+ <code>-S</code> command-line option was added.  This option can be used to
+ specify the IP address of the host machine.  By default,
+ <code>proftpd</code> attempts to resolve the host IP address by using DNS
+ resolution of the hostname.  However, in cases where DNS is not configured for
+ the host machine, this approach does not work.
+ 
+ <p>
+ To specify the desired IP address, use <code>-S</code> when starting
+ <code>proftpd</code>, <i>e.g.</i>:
+ <pre>
+   /usr/local/sbin/proftpd -S 1.2.3.4 ...
+ </pre>
+ And if you want <code>proftpd</code> to listen on all interfaces, you can
+ specify a wildcard socket using an IP address of 0.0.0.0:
+ <pre>
+   /usr/local/sbin/proftpd -S 0.0.0.0 ...
+ </pre>
+ 
+ <p>
+ Note that will also mean that, in your <code>proftpd.conf</code>, any
+ <code>&lt;VirtualHost&gt;</code> sections will need to use IP addresses,
+ not DNS names.
+ 
  <p>
  <hr>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto Directory.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv30606

Modified Files:
	Directory.html 
Log Message:

Updating website copy of Directory howto.


Index: Directory.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Directory.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** Directory.html	17 Aug 2007 00:11:26 -0000	1.1
--- Directory.html	5 Jan 2010 17:00:21 -0000	1.2
***************
*** 19,26 ****
  
  <p>
! First, it is not necessary to nest <code>&lt;Directory&gt;</code>; the
! daemon will not let one do this, in fact.  The daemon will determine
! automatically the relations of <code>&lt;Directory&gt;</code> paths,
! depending on the path given and surrounding configuration context.
  
  <p>
--- 19,34 ----
  
  <p>
! First, it is not necessary to nest <code>&lt;Directory&gt;</code> sections,
! like:
! <pre>
!   &lt;Directory /path/to/dir&gt;
!     &lt;Directory /path/to/dir/subdir&gt;
!       ...
!     &lt;/Directory&gt;
!   &lt;/Directory&gt;
! </pre>
! The daemon will not let one do this, in fact.  The daemon will determine
! automatically the relations of <code>&lt;Directory&gt;</code> paths, depending
! on the path given and surrounding configuration context.
  
  <p>
***************
*** 44,47 ****
--- 52,67 ----
  
  <p>
+ Any configuration directives in a <code>&lt;Directory&gt;</code> section
+ will apply to that directory <i>and to all of the contents of that directory
+ recursively</i>.  Thus if you use:
+ <pre>
+   &lt;Directory /path/to/dir&gt;
+     Umask 022
+   &lt;/Directory&gt;
+ </pre>
+ Then that <code>Umask</code> value will be used within the
+ "/path/to/dir/subdir/" directory as well.
+ 
+ <p>
  As noted in the documentation, use of a <code>/*</code> suffix on a path
  will change the effect of a <code>&lt;Directory&gt;</code> section
***************
*** 139,142 ****
--- 159,317 ----
  
  <p>
+ The fact that <code>&lt;Directory&gt;</code> sections can be used to
+ refer to specific <i>files</i>, in addition to directories, is not obvious.
+ However, there are some cases where it can be useful to use this feature.
+ One proftpd user used this feature in the following way: the
+ <code>DirFakeMode</code> was used to make all files look read-only (mostly
+ so that FTP mirroring tools would create a read-only mirror of the site).
+ However, a particular file on the site needed have execute permissions,
+ even in the FTP mirrored site.  A <code>&lt;Directorygt;</code> section
+ was used just for this one file, <i>e.g.</i>:
+ <pre>
+   # Make all files look read-only to clients, regardless of the actual
+   # permissions on the filesystem
+   DirFakeMode 0444
+ 
+   &lt;Anonymous /var/ftpd&gt;
+ 
+     # However, for this script, we need it to look like it is executable, too
+     &lt;Directory /var/ftpd/bin/script&gt;
+       DirFakeMode 0555
+     &lt;/Directory&gt;
+ 
+   &lt;/Anonymous&gt;
+ </pre>
+ 
+ <p><a name="FAQ"></a>
+ <b>Frequently Asked Questions</b><br>
+ 
+ <p><a name="MultipleDirectoriesSamePath">
+ <font color=red>Question</font>: What happens if I configure two <code>&lt;Directory&gt;</code> sections for the exact same path?<br>
+ <font color=blue>Answer</font>: If you use explicit paths, then the config
+ parser will choke on the duplicate <code>&lt;Directory&gt;</code> sections.
+ For example, if you tried:
+ <pre>
+   &lt;Directory /path/to/dir&gt;
+     &lt;Limit ALL&gt;
+       DenyAll
+     &lt;/Limit&gt;
+   &lt/Directory&gt;
+ 
+   &lt;Directory /path/to/dir&gt;
+     &lt;Limit ALL&gt;
+       AllowAll
+     &lt;/Limit&gt;
+ 
+     &lt;Limit WRITE&gt;
+       DenyAll
+     &lt;/Limit&gt;
+   &lt/Directory&gt;
+ </pre>
+ When starting <code>proftpd</code>, you would see something like:
+ <pre>
+  - Fatal: <Directory>: <Directory> section already configured for '/path/to/dir' on line 39 of '/etc/ftpd/proftpd.conf'
+ </pre>
+ 
+ <p>
+ But what if you have the two <code>&lt;Directory&gt;</code> sections, but
+ one of the sections uses a wildcard character which would still match the
+ same path?  For example:
+ <pre>
+   &lt;Directory /path/to/dir&gt;
+     &lt;Limit ALL&gt;
+       DenyAll
+     &lt;/Limit&gt;
+   &lt/Directory&gt;
+ 
+   &lt;Directory /path/*/dir&gt;
+     &lt;Limit ALL&gt;
+       AllowAll
+     &lt;/Limit&gt;
+ 
+     &lt;Limit WRITE&gt;
+       DenyAll
+     &lt;/Limit&gt;
+   &lt/Directory&gt;
+ </pre>
+ This time, the config parser would not choke; <code>proftpd</code> would start
+ up normally.  When it came time to look up the <code>&lt;Directory&gt;</code>
+ section to use, <i>e.g.</i> for uploading to "/path/to/dir/test.txt",
+ the matching <code>&lt;Directory&gt;</code> section <i>which appears later in
+ the config file</i> wins.  In the above example, the upload to
+ "/path/to/dir/test.txt" would be denied (because the wildcard-using
+ <code>&lt;Directory&gt;</code> section appears later, and it has a
+ <code>&lt;Limit WRITE&gt;</code> section denying writes).
+ 
+ <p>
+ However, if you simply reversed the order of the above
+ <code>&lt;Directory&gt;</code> sections and tried to upload to
+ "/path/to/subdir/test.txt", <i>e.g.</i>:
+ <pre>
+   &lt;Directory /path/*/dir&gt;
+     &lt;Limit ALL&gt;
+       AllowAll
+     &lt;/Limit&gt;
+ 
+     &lt;Limit WRITE&gt;
+       DenyAll
+     &lt;/Limit&gt;
+   &lt/Directory&gt;
+ 
+   &lt;Directory /path/to/dir&gt;
+     &lt;Limit ALL&gt;
+       DenyAll
+     &lt;/Limit&gt;
+   &lt/Directory&gt;
+ </pre>
+ the upload would succeed, since the non-wildcard-using
+ <code>&lt;Directory&gt;</code> section appeared later in the config.
+ 
+ <p><a name="PreventDirectoryRename">
+ <font color=red>Question</font>: How can I prevent a specific directory from
+ being renamed?  I am currently trying:
+ <pre>
+   &lt;Directory /dir/*&gt;
+     &lt;Limit CWD XCWD RNFR RNTO&gt;
+       AllowAll
+     &lt;/Limit&gt;
+ 
+     &lt;Limit ALL&gt;
+       DenyAll
+     &lt;/Limit&gt;
+   &lt;/Directory&gt;
+ 
+   &lt;Directory /dir/subdir&gt;
+     &lt;Limit WRITE&gt;
+       DenyAll
+     &lt;/Limit&gt;
+   &lt;/Directory&gt;
+ </pre>
+ to keep "/dir/subdir" from being renamed, but it doesn't work!<br>
+ <font color=blue>Answer</font>: The trick is to block the <code>RNFR</code>
+ command within the <code>&lt;Directory&gt;</code> section for that
+ specific directory, <i>i.e.</i>:
+ <pre>
+   &lt;Directory /dir/subdir&gt;
+     &lt;Limit RNFR WRITE&gt;
+       DenyAll
+     &lt;/Limit&gt;
+   &lt;/Directory&gt;
+ </pre>
+ 
+ <p>
+ The reason the original config did not work as expected is that
+ <code>proftpd</code>, when handling the <code>RNTO</code> command (<i>e.g.</i> "<code>RNTO subdir2</code>"), would <b>not</b> match the
+ <code>&lt;Directory /dir/subdir&gt;</code> section for the path "/dir/subdir2",
+ but instead matches the <code>&lt;Directory /dir/*&gt;</code> section.
+ 
+ <p>
+ Renaming of files via FTP is done by first sending the <code>RNFR</code>
+ command (for the old filename), then sending <code>RNFTO</code> (with the
+ new filename).  By placing <code>RNFR</code> in the
+ <code>&lt;Directory /dir/subdir&gt;</code> section's <code>&lt;Limit&gt;</code>
+ list, we make sure that the <code><i>RNFR</i></code> <i>does</i> match the
+ <code>&lt;Directory /dir/subdir&gt;</code> section, and is thus denied.
+ 
+ <p>
  <hr>
  Last Updated: <i>$Date$</i><br>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto Debugging.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv30424

Modified Files:
	Debugging.html 
Log Message:

Updating website copy of Debugging howto.


Index: Debugging.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Debugging.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** Debugging.html	17 Aug 2007 00:11:26 -0000	1.1
--- Debugging.html	5 Jan 2010 16:59:31 -0000	1.2
***************
*** 26,31 ****
--- 26,36 ----
  problems, it is good to know the version being used:
  <pre>
+   proftpd -V
    proftpd -vv
  </pre>
+ When reporting issues, please include the output from <i>both</i> of these
+ commands.
+ 
+ <p>
  It is possible that the problem you are encountering is due to some bug
  that may already be fixed in a more current version, fixed in the CVS

[Proftpd-docs] CVS: www.proftpd.org/docs/howto CreateHome.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv30227

Modified Files:
	CreateHome.html 
Log Message:

Updating website copy of CreateHome howto.


Index: CreateHome.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/CreateHome.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** CreateHome.html	17 Aug 2007 00:11:26 -0000	1.1
--- CreateHome.html	5 Jan 2010 16:58:45 -0000	1.2
***************
*** 42,46 ****
  The description for this configuration directive shows its parameters to be:
  <pre>
!   CreateHome off|on [&lt;mode&gt;] [skel &lt;path&gt;] [dirmode &lt;mode&gt;]
  </pre>
  The first parameter is a simple Boolean, enabling or disabling the
--- 42,46 ----
  The description for this configuration directive shows its parameters to be:
  <pre>
!   CreateHome off|on [&lt;mode&gt;] [skel &lt;path&gt;] [dirmode &lt;mode&gt;] [uid &lt;uid&gt;] [gid &lt;gid&gt;]
  </pre>
  The first parameter is a simple Boolean, enabling or disabling the
***************
*** 99,102 ****
--- 99,108 ----
  
  <p>
+ The <code>uid</code> and <code>gid</code> parameters can be used to set the
+ ownership of the newly created parent directories, up to be <b>not</b>
+ including the home directory.  By default, those created parent directories
+ are owned by root (UID 0 and GID 0).
+ 
+ <p>
  Here are some examples (from the documentation) to help illustrate how one
  might use the <code>CreateHome</code> configuration directive:
***************
*** 108,114 ****
    CreateHome on 711
  
!   <font color=green># Specify a mode of 711, and have the parent directories owned by a non-root UID/GID</font>
    CreateHome on 711 uid 100 gid 100
  
    <font color=green># Specify a skeleton directory</font>
    CreateHome on skel /etc/ftpd/skel
--- 114,123 ----
    CreateHome on 711
  
!   <font color=green># Specify a mode of 711, and have the parent directories owned by a specific non-root UID/GID</font>
    CreateHome on 711 uid 100 gid 100
  
+   <font color=green># Specify a mode of 711, and have the parent directories owned by the UID/GID of the logging-in user</font>
+   CreateHome on 711 uid ~ gid ~
+ 
    <font color=green># Specify a skeleton directory</font>
    CreateHome on skel /etc/ftpd/skel
***************
*** 137,140 ****
--- 146,168 ----
  desired from the FTP daemon.
  
+ <p><a name="FAQ"></a>
+ <b>FAQ</b>
+ 
+ <p>
+ <font color=red>Question</font>: Is it possible to have different permissions
+ for the <code>CreateHome</code> <em>mode</em> and <em>dirmode</em> based on the
+ group of the connecting user?<br>
+ <font color=blue>Answer</font>: Yes, if you use the <a href="http://www.proftpd.org/docs/contrib/mod_ifsession.html"><code>mod_ifsession</code></a> module.
+ For example:
+ <pre>
+   &lt;IfGroup special&gt;
+     CreateHome on 755 dirmode 755
+   &lt;/IfGroup&gt;
+ 
+   &lt;IfGroup !special&gt;
+     CreateHome on 711 dirmode 711
+   &lt;/IfGroup&gt;
+ </pre>
+ 
  <p>
  <hr>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto Controls.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv30206

Modified Files:
	Controls.html 
Log Message:

Updating website copy of Controls howto.


Index: Controls.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Controls.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** Controls.html	17 Aug 2007 00:11:26 -0000	1.1
--- Controls.html	5 Jan 2010 16:58:19 -0000	1.2
***************
*** 29,33 ****
  <code>ftpdctl</code>, is distributed with ProFTPD; <code>ftpdctl</code> is a
  Controls client.  The server side of the Controls functionality is the
! <a href="http://www.castaglia.org/proftpd/modules/mod_ctrls.html"><code>mod_ctrls</code></a> module, which is compiled into a <code>proftpd</code> daemon when
  the <em>--enable-ctrls</em> configure option is used.  Note, however, that
  the Controls functionality only works for <code>proftpd</code> daemons
--- 29,33 ----
  <code>ftpdctl</code>, is distributed with ProFTPD; <code>ftpdctl</code> is a
  Controls client.  The server side of the Controls functionality is the
! <a href="http://www.proftpd.org/docs/modules/mod_ctrls.html"><code>mod_ctrls</code></a> module, which is compiled into a <code>proftpd</code> daemon when
  the <em>--enable-ctrls</em> configure option is used.  Note, however, that
  the Controls functionality only works for <code>proftpd</code> daemons
***************
*** 246,250 ****
  The <code>mod_ctrls</code> module, by itself, is rather unexciting.  Other
  modules, such as <code>mod_ctrls_admin</code>, provide more interesting
! and useful control actions:
  <ul>
    <li><code>debug</code>
--- 246,250 ----
  The <code>mod_ctrls</code> module, by itself, is rather unexciting.  Other
  modules, such as <code>mod_ctrls_admin</code>, provide more interesting
! and useful control actions, including:
  <ul>
    <li><code>debug</code>
***************
*** 256,263 ****
    <li><code>status</code>
    <li><code>stop</code>
  </ul>
  These actions provide basis administrative control over the running
  <code>proftpd</code> daemon; see the <code>mod_ctrls_admin</code>
! <a href="http://www.castaglia.org/proftpd/modules/mod_ctrls_admin.html">documentation</a> for more information.
  
  <p>
--- 256,264 ----
    <li><code>status</code>
    <li><code>stop</code>
+   <li><code>trace</code>
  </ul>
  These actions provide basis administrative control over the running
  <code>proftpd</code> daemon; see the <code>mod_ctrls_admin</code>
! <a href="http://www.proftpd.org/docs/contrib/mod_ctrls_admin.html">documentation</a> for more information.
  
  <p>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto ConfigFile.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv29698

Modified Files:
	ConfigFile.html 
Log Message:

Updating website copy of ConfigFile howto.


Index: ConfigFile.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/ConfigFile.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** ConfigFile.html	17 Aug 2007 00:11:26 -0000	1.1
--- ConfigFile.html	5 Jan 2010 16:57:16 -0000	1.2
***************
*** 110,113 ****
--- 110,121 ----
  role accounts mentioned above.
  
+ <p>
+ For every connection, <code>proftpd</code> creates a new process to handle
+ that client/connection.  Once that client has successfully authenticated,
+ then that process switches to the identity/privileges (<i>e.g.</i> UID, primary
+ and supplemental GIDs, <i>etc</i>) of the authenticated user.  Thus all
+ browsing, uploads, and downloads that clients do happen as the user as which
+ they are logged in.
+ 
  <p><a name="Login"></a>
  <b>Logging in</b><br>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto Compiling.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv29529

Modified Files:
	Compiling.html 
Log Message:

Updating website copy of Compiling howto.


Index: Compiling.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Compiling.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** Compiling.html	16 Jan 2009 21:01:19 -0000	1.1
--- Compiling.html	5 Jan 2010 16:56:41 -0000	1.2
***************
*** 145,149 ****
  state files in <code>/var/proftpd/</code>, you would use:
  <pre>
!   # ./configure --sysconfdir=/etc --localstatedir=/var
  </pre>
  
--- 145,149 ----
  state files in <code>/var/proftpd/</code>, you would use:
  <pre>
!   # ./configure --sysconfdir=/etc --localstatedir=/var/proftpd
  </pre>
  
***************
*** 176,246 ****
  itself which can be configured via compile-time options.  The list below talks
  about the more common of these feature options:
  
! <p>
! <dt><code>--disable-auth-file</code>
! <dd>The <a href="../modules/mod_auth_file.html"><code>mod_auth_file</code></a>
!   module is included in the build by default; use this option to <b>not</b>
!   include the module.
! </dd>
! 
! <p>
! <dt><code>--enable-ctrls</code>
! <dd>Enables support for the <a href="Controls.html">Controls</a> feature;
!   this is not enabled by default.
! </dd>
! 
! <p>
! <dt><code>--enable-dso</code>
! <dd>Enables support for <a href="DSO.html">DSO</a> modules (also called "shared
!   modules") by including the
!   <a href="../modules/mod_dso.html"><code>mod_dso</code></a> module in the
!   build.  This is not enabled by default.
! </dd>
! 
! <p>
! <dt><code>--enable-facl</code>
! <dd>Enables support for POSX ACLs, which is not enabled by default.
!   Note that the related <a href="../modules/mod_facl.html"><code>mod_facl</code></a> module must be added <b>separately</b> to the build, using
!   <code>--with-modules</code>.
! </dd>
! 
! <p>
! <dt><code>--disable-ident</code>
! <dd>Disables support for IDENT (<a href="http://www.faqs.org/rfcs/rfc1413.html">RFC1413</a>) lookups by not adding the
!   <a href="../modules/mod_ident.html"><code>mod_ident</code></a> module to the
!   build.  This module is added by default.
! </dd>
! 
! <p>
! <dt>--enable-nls</code>
! <dd>Enables support for different character sets and encodings, for translated
!   response messages, and for the <code>LANG</code> FTP command via the
!   <a href="../modules/mod_lang.html"><code>mod_lang</code></a> module.  This
!   is not enabled by default.
! </dd>
! 
! <p>
! <dt><code>--disable-ipv6</code>
! <dd>Disables IPv6 support, which is enabled by default.  Note that IPv6
!   support can be disabled <i>at run-time</i> using the <code>UseIPv6</code>
!   directive in your <code>proftpd.conf</code> file.
! </dd>
! 
! <p>
! <dt><code>--disable-sendfile</code>
! <dd>Disables support for the <code>sendfile(2)</code> function, which is
!   enabled by default.  Read <a href="Sendfile.html">here</a> for information
!   on when and why this is a Good Thing to do.
! </dd>
! 
! <p>
! <dt><code>--enable-devel</code>
! <dd>Enables code/behavior that is specifically used by developers and
!   maintainers; this code is disabled by default.  The uses for this option are
!   covered more fully <a href="#DeveloperOptions">below</a>; suffice to say
!   that unless you <i>really</i> know what you are doing, you should <b>not</b>
!   be using this option in your configure command.
! </dd>
  
  <p>
  There are of course other feature-specific configure options, but most of
--- 176,258 ----
  itself which can be configured via compile-time options.  The list below talks
  about the more common of these feature options:
+ <ul>
+   <li><code>--disable-auth-file</code><br>
+     The <a href="../modules/mod_auth_file.html"><code>mod_auth_file</code></a>
+     module is included in the build by default; use this option to <b>not</b>
+     include the module.
+   </li>
  
!   <p>
!   <li><code>--enable-ctrls</code><br>
!     Enables support for the <a href="Controls.html">Controls</a> feature; this
!     is not enabled by default.
!   </li>
! 
!   <p>
!   <li><code>--enable-dso</code><br>
!     Enables support for <a href="DSO.html">DSO</a> modules (also called "shared
!     modules") by including the
!     <a href="../modules/mod_dso.html"><code>mod_dso</code></a> module in the
!     build.  This is not enabled by default.
!   </li>
! 
!   <p>
!   <li><code>--enable-facl</code><br>
!     Enables support for POSX ACLs, which is not enabled by default.  Note that
!     the related <a href="../modules/mod_facl.html"><code>mod_facl</code></a>
!     module must be added <b>separately</b> to the build, using
!     <code>--with-modules</code>.
!   </li>
! 
!   <p>
!   <li><code>--disable-ident</code><br>
!     Disables support for IDENT
!     (<a href="http://www.faqs.org/rfcs/rfc1413.html">RFC1413</a>) lookups by
!     not adding the <a href="../modules/mod_ident.html"><code>mod_ident</code></a>
!      module to the build.  This module is added by default.
!   </li>
! 
!   <p>
!   <li><code>--disable-ipv6</code><br>
!     Disables IPv6 support, which is enabled by default.  Note that IPv6 support
!     can be disabled <i>at run-time</i> using the <code>UseIPv6</code> directive
!     in your <code>proftpd.conf</code> file.
!   </li>
! 
!   <p>
!   <li>--enable-nls</code><br>
!     Enables support for different character sets and encodings, for translated
!     response messages, and for the <code>LANG</code> FTP command via the
!     <a href="../modules/mod_lang.html"><code>mod_lang</code></a> module.  This
!     is not enabled by default.
!   </li>
! 
!   <p>
!   <li><code>--disable-sendfile</code><br>
!     Disables support for the <code>sendfile(2)</code> function, which is
!     enabled by default.  Read <a href="Sendfile.html">here</a> for information
!     on when and why this is a Good Thing to do.
!   </li>
  
+   <p>
+   <li><code>--enable-devel</code><br>
+     Enables code/behavior that is specifically used by developers and
+     maintainers; this code is disabled by default.  The uses for this option
+     are covered more fully <a href="#DeveloperOptions">below</a>; suffice to
+     say that unless you <i>really</i> know what you are doing, you should
+     <b>not</b> be using this option in your configure command.
+   </li>
+ 
+   <p>
+   <li>--with-lastlog</code><em>=/path/to/lastlog</em><br>
+     Enables support for lastlog logging; see the <code>lastlog(8)</code>
+     man page.  The optional <em>/path/to/lastlog</em> argument is only
+     needed if your lastlog file location is not a standard location.
+     Note that this configure option is needed in order to support the
+     <code>UseLastlog</code> configuration directive at runtime.
+     This feature is not enabled by default.
+   </li>
+ 
+ </ul>
  <p>
  There are of course other feature-specific configure options, but most of
***************
*** 501,504 ****
--- 513,524 ----
  users' passwords).  The only people who should be looking at coredump files are
  developers, and even then there are better ways of debugging issues.
+ <b>Note</b> that if the <code>coredump</code> option is used, proftpd will
+ <b>not</b> switch the UID/GID to the <code>User</code>/<code>Group</code>
+ defined in the config file, nor to that of the logged-in user.  Unix kernels
+ are notoriously picky about generating coredumps for processes that have
+ changed their effective UID/GID; they won't do it.  Thus the ID switching
+ is disabled in order to make it possible to get a coredump.  Again, it is
+ a <b>bad idea</b> to run a proftpd built with <code>coredump</code> in
+ production.
  
  <p>

[Proftpd-docs] CVS: www.proftpd.org/docs/howto Classes.html, 1.1, 1.2

[TJ S. <cas...@us...>]

Update of /cvsroot/pdd/www.proftpd.org/docs/howto
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv29467

Modified Files:
	Classes.html 
Log Message:

Updating website copy of Classes howto.


Index: Classes.html
===================================================================
RCS file: /cvsroot/pdd/www.proftpd.org/docs/howto/Classes.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** Classes.html	17 Aug 2007 00:11:26 -0000	1.1
--- Classes.html	5 Jan 2010 16:55:58 -0000	1.2
***************
*** 22,25 ****
--- 22,28 ----
  subnets/masks, and DNS hostnames.  A client that connects to the daemon
  that has matching characteristics is then labeled as belonging to that class.
+ <b>Note</b> that a connecting client can belong to only <b>one</b> class;
+ see the description below for how the winning class is selected for a session
+ from among multiple possible matches.
  
  <p>
***************
*** 76,80 ****
  When searching the list of classes for the one that matches the client,
  <code>proftpd</code> checks each class in the order in which they are defined.
! The first class definition that matches is used.
  
  <p>
--- 79,84 ----
  When searching the list of classes for the one that matches the client,
  <code>proftpd</code> checks each class in the order in which they are defined.
! The first class definition (in order of appearance in
! <code>proftpd.conf</code>) that matches is used.
  
  <p>
***************
*** 92,95 ****
--- 96,135 ----
  
  <p>
+ <b>Using <code>Satisfy</code></b><br>
+ The <code>Satisfy</code> directive, when used within a
+ <code>&lt;Class&gt;</code> section, indicates whether <i>any</i> of the
+ <code>From</code> rules in the section need to match, or whether <i>all</i> of
+ the <code>From</code> rules in the section need to match.  The default
+ <code>Satisfy</code> setting for a <code>&lt;Class&gt;</code> section is
+ "any".
+ 
+ <p>
+ To illustrate, the following class definition will never match:
+ <pre>
+   &lt;Class impossible&gt;
+     From 127.0.0.1
+     From !127.0.0.1
+     Satisfy all
+   &lt/Class&gt;
+ </pre>
+ It is impossible to both an address and <b>not</b> match that same address,
+ but that is what is demanded by the "Satisfy all" setting in the above
+ class definition.
+ 
+ <p>
+ Now, where the use of "Satisfy all" comes in handy is when you have a general
+ rule with exceptions:
+ <pre>
+   &lt;Class customers&gt;
+     From .domain.com
+     From !host1.domain.com !host2.domain.com
+     Satisfy all
+   &lt/Class&gt;
+ </pre>
+ Specifically, the use of "Satisfy all" is necessary when you have multiple
+ <i>not</i> matches (<i>i.e.</i> using the <code>!</code> prefix), <i>all</i>
+ of which need to be evaluated.
+ 
+ <p>
  <b>How are Classes Used?</b><br>
  By itself, a class does nothing.  It is merely a way to define a set of clients