Menu
▾
▴
wzdftpd-announce — Announcements in wzdftpd development
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(2) |
Jun
(1) |
Jul
|
Aug
|
Sep
(1) |
Oct
(2) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(1) |
Feb
(3) |
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(1) |
Sep
(1) |
Oct
(2) |
Nov
|
Dec
(1) |
| 2005 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
(1) |
May
(1) |
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2006 |
Jan
(1) |
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
(1) |
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
|
From: pollux <po...@wz...> - 2007-10-28 13:28:16
|
wzdftpd 0.8.3 has been released. This release fixes a security problem (CVE-2007-5300): k1tk4t has discovered a vulnerability in wzdftpd, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. The vulnerability is caused due to an off-by-one error within the "do_login_loop()" function in libwzd-core/wzd_login.c. This can be exploited to cause a stack-based buffer overflow with a zero byte by sending an overly long string to the affected server (over 4095 bytes). The vulnerability is confirmed in version 0.8.2. Other versions may also be affected. Solution: Upgrade to 0.8.3 Other fixes in the release: * Misc problems with TLS (GnuTLS/OpenSSL compatibility) * Some memory leaks with OpenSSL * Better use of PASV range=20 You can download the source code from SourceForge as follows: URL: http://downloads.sourceforge.net/wzdftpd/wzdftpd-0.8.3.tar.gz MD5: 6114c32fc91786d9485fbc10c6306082 SHA1: f47e19b5d9df2b15d27aa73e663bc4da0b9d4a1f |
|
From: pollux <po...@wz...> - 2007-07-09 15:16:25
|
Finally, 0.8.2:
New features
* SQLite backend has been added
* Brand new Windows installer
* Extra SITE HELP documentation added for various commands
* SQL backends can connect to SQL servers using TLS encryption
Bugfixes
* Lots of spelling errors and ambiguities have been corrected in server responses
* Event triggers now work correctly on Windows when specifying full paths for the scripts
* First entry in a directory list is now correctly sent to the client
* MLST/MLSD command was missing the PERM= field
* Can now set the passive port range to just one port without the server crashing
* syslog output now works correctly
* Users can no longer CWD into a directory they don't have list/read permissions for
* Cookies code is now thread-safe, fixing some stability issues
* Dozens of other bugfixes and stability improvements
* Server will no longer randomly crash when using the "site shutdown" command
/P
|
|
From: pollux <po...@wz...> - 2006-12-10 16:54:44
|
The most important change is the migration to cmake (although it is NOT mandatory, autoconf is still supported). Some bugs were fixed to avoid problems with data connection on timeout, or when a file is overwritten by a smaller one. Added support for BNC (using IDNT), and events WIPE and PREWIPE. Get it now on sourceforge Packages and installer will be uploaded when ready. /P Attachment #1: diffstat Attachment #2: changelog since 0.8.0 |
|
From: pollux <po...@wz...> - 2006-09-23 18:07:06
|
New events have been added (WIPE, PREMKDIR), and the scripts are now able to deny a transfer. Users and groups management has been rewritten and enhanced. SQL backends support auto-reconnection if interrupted. Many bugs were fixed, particularly for MLSD and SITE vars commands. Documentation has been removed from package, and is now located on the wiki Get it now on sourceforge Packages and installer will be uploaded when ready. /P Attachment #1: diffstat Attachment #2: changelog since 0.7.0 |
|
From: pollux <po...@wz...> - 2006-05-30 15:51:10
|
This is a bugfix-only release (new features are added to the development branch, not the stable branch). Allow MySQL backend to auto-reconnect to server, show vfs entries in MLSD, and fix some bugs when changing ip/password/name for users or groups. Get it now on sourceforge. Packages and installer will be uploaded when ready. Attachment #1: diffstat Attachment #2: changelog since 0.7.1 /P |
|
From: pollux <po...@wz...> - 2006-03-24 14:45:13
|
Here we are, yet another release. Not a lot of changes, mainly a consolidation of the existing features, and a removal of the deprecated/dead code. Enable IPv6 and MLSD by default, add new options to reject users at connection time. There were improvements in the Zeroconf support, events, custom commands, unit tests, and several bugs were fixed. Lots of deprecated or unsafe code was removed, including the support for the previous config file format and for old backends. /P Attachment #1: diffstat Attachment #2: changelog since 0.6.0 |
|
From: pollux <po...@wz...> - 2006-01-16 14:44:23
|
This is a bugfixes-only release (except a small update of the zeroconf module). Several problems with syslog, SFV module, custom commands and TLS support were fixed, and debug events are no more logged. Some options have been added to disable MySQL/PostgreSQL support during configure. Get it now on sourceforge. Packages and installer will be uploaded when ready. Attachment #1: diffstat Attachment #2: changelog since 0.6.0 /P |
|
From: pollux <po...@wz...> - 2005-12-27 20:40:08
|
The "Ho-ho-ho" release Major update: config file changed, multiple IPv4 and IPv6 binds, zeroconf support, multiples fixes in GnuTLS, cookies, permissions, and server replies. IPv6 code was also greatly improved. This version will *not* bring new killer features, it will prepare the architecture of the server to be ready for major updates in the next versions. The code is being cleaned up, and some errors of conception have been fixed (painfully !). The size of changelog and diffstat files can give you an idea of the amount of work done. Changes: * OpenSSL vs GnuTLS: gnutls problems should be fixed now, so it can fully replace openssl * UTF-8 is now enabled by default * Misc problems in commands: RETR, MKDIR, EPRT, SITE PERMS, READD * A timestamp is added to log entries * New option to disable ident lookups in server * New option to disable SSL (even if compiled in) * Zeroconf support (experimental) /P Attachment #1: diffstat Attachment #2: changelog since 0.5.0 |
|
From: pollux <po...@wz...> - 2005-07-09 13:53:42
|
Better error logging, new log system based on channels. Important changes on MySQL backend (all tables renamed), see UPGRADING file for instructions. Problems fixed: GnuTLS errors, uid problems in MySQL backend, thread-safe problems, crontab. Work will now be focused on reorganizing files and directories. The new features we obtained by converting the project to subversion will allow us to rename files and directories without losing the history. /P Attachment #1: diffstat Attachment #2: changelog since 0.5.3 -- In /dev/null no one can here you scream ! // Pollux <po...@wz...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2005-05-19 18:57:29
|
New backend using PostgreSQL to store users. A new site command (SECTIONS) was added to list sections, and several bugs were fixed in the MySQL backend. UTF-8 support was also improved. Current priority is now the migration to subversion, meaning that the CVS repository will be read-only in a first step, and removed after. /P Attachment #1: diffstat Attachment #2: changelog since 0.5.2 -- In /dev/null no one can here you scream ! // Pollux <po...@wz...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2005-04-18 09:44:49
|
Fixed several problems with mkdir, cwd and custom site commands. Windows installer was also improved, and icons were added. /P Attachment #1: diffstat Attachment #2: changelog since 0.5.1 -- In /dev/null no one can here you scream ! // Pollux <po...@wz...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2005-03-08 14:33:48
|
Fixed problems with configuration (pasv_ip, site_cmd not working, max_ul and max_dl not saved for groups). A memory leak has been fixed after client log out. chown, chgrp and chmod has been added to perl and tcl modules, as well as a log for perl. An incompatibility between OpenSSL and GnuTLS is also probably solved. Some unit tests have also been added to the project. /P Attachment #1: diffstat Attachment #2: changelog since 0.5.0 -- In /dev/null no one can here you scream ! // Pollux <po...@wz...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2005-02-21 20:31:53
|
Finally, 0.5.0 is out, and with many changes: * no more shared memory ! (and associated error messages ), * the mysql backend is fully working, * no more limitations on numbers of users/groups, * big efforts made on security, * new authentication library to unify methods: crypt, md5, pam, SSL certif= icates, etc, * new library to send commands from other programs, * perl backend in development, * new memory model with hash tables to get faster access to data and impro= ve speed, * many new commands: site vars, vars_user, vars_group, killpath, etc, * GnuTLS support, * new commands: SSCN, CPSV, HELP (secure FXP), * new events: file delection, * and many, many bugfixes. Attachment #1: diffstat Attachment #2: changelog since 0.4.0 /P --=20 In /dev/null no one can here you scream ! // Pollux <po...@wz...> \\=20 // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ //=20 |
|
From: pollux <po...@cp...> - 2004-12-07 10:22:14
|
Fixed problems with symbolic links, permissions (delete) and LIST command. Some new variables for server for passive range and speed limits; changing max speed for users/groups/server is now applied immediatly. The 'perms' field is now effective for users, allowing a finer control on authorized commands. A new wiki have also been installed to manage documentation: http://www.wzdftpd.net/twiki/bin/view/WzdftpdDocs/WzdftpdDocumentation Attachment #1: diffstat Attachment #2: changelog since 0.4.3 /P -- In /dev/null no one can here you scream ! // Pollux <po...@cp...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2004-10-28 12:33:29
|
Things are getting better, but several problems were identified, some of them could crash the server of corrupt data. NB: ids for fixed bugs are relative to the bug tracker: http://www.wzdftpd.net/mantis/ A new wiki have also been installed to manage documentation: http://www.wzdftpd.net/twiki/bin/view/WzdftpdDocs/WzdftpdDocumentation Attachment #1: diffstat Attachment #2: changelog since 0.4.2 /P -- In /dev/null no one can here you scream ! // Pollux <po...@cp...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@cp...> - 2004-10-05 07:59:59
|
Again, bugfixes. Problems were detected and fixed on permissions, gadmins, groups, and paths on windows. NB: ids for fixed bugs are relative to the bug tracker here: http://www.wzdftpd.net/mantis/ Attachment #1: diffstat Attachment #2: changelog since 0.4.1 /P -- In /dev/null no one can here you scream ! // Pollux <po...@cp...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2004-09-16 15:47:41
|
Bugfixes ! The previous rewrite of users management has broken many things, so this release should make the server usable again. Attachment #1: diffstat Attachment #2: changelog since 0.4.0 /P -- In /dev/null no one can here you scream ! // Pollux <po...@cp...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2004-08-26 17:06:16
|
Many features / parts rewritten: * Permissions are now displayed correctly on LIST * users and groups management has been rewritten * uid/gid are now used, so must be set correctly * big speed enhancement * IP addresses does no more need prefixes (+ and -) * TCL module updated * Many new cookies * Improved events Major features: * new commands: STAT * Perl module Work in Progress (not fully working yet): * UTF-8 support * MySQL backend * config file management Bugfixes: Too many to be listed here ! (see ChangeLog) Get it now on sourceforge. Packages and installer will be uploaded when ready. Attachment #1: diffstat Attachment #2: changelog since 0.3 /P -- In /dev/null no one can here you scream ! // Pollux <po...@cp...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2004-07-01 11:35:13
|
This release does NOT brgin any new feature, it is only intended for users of the 0.3.x serie. If you want new features or up to date version, please give a look to the daily version. * misc compilation problems (SSL flags, some typos) * randomization of PASV ports to fix FXP problems with glftpd * SFV module is case-sensitive on windows * many fixes in TCL module * ditto for custom site commands * windows installer improvements Some bugs with high importance: * file handle not closed after FXP (closes #954477) * force socket close on win32 * various memory leaks Get it now on sourceforge. Packages and installer will be uploaded when ready. Attachment #1: diffstat Attachment #2: changelog since 0.3.2 /P -- In /dev/null no one can here you scream ! // Pollux <po...@wz...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2004-05-01 15:25:39
|
As usual now, some bugfixes:
* log file empty on win32 (except if forcing use_syslog = 0)
* user can now see its own home
But the big part is the addition of some new features:
* tcl: command putlog
* new command STAT to provide a fast way to list dir
* group tagline, cookie %grouptag
* do not search UTF-8 by default in configure
And finally some new cookies to access transfered files infos:
* %lastfile{name,size,speed,time}
Get it now on sourceforge.
Packages and installer will be uploaded when ready.
Attachment #1: diffstat
Attachment #2: changelog since 0.3.1
/P
--
In /dev/null no one can here you scream !
// Pollux <po...@wz...> \\
// \\
\\ Creator of wzdftpd -- http://www.wzdftpd.net //
\\ //
|
|
From: pollux <po...@wz...> - 2004-04-27 09:07:22
|
This release bring some new bugfixes: * a minor security problem where ip addresses where shown or not quite randomly on SITE WHO and associates, the only risk was to show an ip that should have been hidden; * server will give more error messages on start failure, especially on two cases: can't bind to port given in config file, and can't open pid file; * paths to log and config files have changed - this can lead to problems if you upgrade; * some other bugfixes. Attachment #1: diffstat Attachment #2: changelog since 0.3.1 /P -- In /dev/null no one can here you scream ! // Pollux <po...@wz...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2004-04-15 20:07:26
|
Many bugfixes and improvements, and some new features: * integration as a service on win32 platforms * symbolic links * new module: tcl * new backends for authentication: pam and mysql (Work in Progress) * new cookies * new SITE commands * tons of bugfixes on global behaviour, crashes, etc. Attachements: diffstat and changelog since 0.2 /P -- In /dev/null no one can here you scream ! // Pollux <po...@wz...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2004-02-18 13:14:34
|
This release fixes problems from version 0.2.2 Stability was improved for all versions (including windows), and a special effort was made to increase security. Upgrade is more than ever suggested for all users. Attachment #1: diffstat on changes Attachment #2: changelog since 0.2.2 /P -- In /dev/null no one can here you scream ! // Pollux <po...@wz...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2004-02-15 19:52:53
|
This release fixes a possible buffer overflow, that can be exploited by a malicious user to execute arbitrary code. This problem is platform independant, so all users should upgrade quickly ! Acknowledgements: thanks to the ecl-il team for reporting us the problem, and providing many usefull informations. Attachment #1: diffstat on changes Attachment #2: changelog since 0.2.1 /P -- In /dev/null no one can here you scream ! // Pollux <po...@wz...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
|
From: pollux <po...@wz...> - 2004-02-13 14:08:05
|
This release is mainly a bugfix one, for 0.2 users. Several problems on FreeBSD were fixed (some leading to server crash). An important bug causing uploaded files to be corrupted on windows was also corrected (closes: bug #885559) Upgrade strongly suggested ! Attachment #1: diffstat on changes Attachment #2: changelog since 0.2 /P -- In /dev/null no one can here you scream ! // Pollux <po...@wz...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
