uftpd v2.15

Changes

• CI status badge now to points to GitHub Actions, no more Travis-CI
• Silence some developer debug messages
• Always skip . and .. in FTP listings
• Internal refactoring and code cleanup

Fixes

• Fix mdoc warning, found by lintian
• Fix regression introduced in v2.14, server directory name shown in FTP
  listings instead of ., e.g. MLST . showed the directory name
• Fix #36: for real this time, now also with a test case to verify
• Fix #38: duplicate entries in FTP listings, regression in v2.14.
  Caused by (initially unintentional) removal of sorted listings, where
  directories prior to v2.14 were listed first. This change, albeit an
  accident, actually helped clean up the code base and speed up replies

Packages for Debian 10, and compatible Ubuntu releases, available at https://deb.troglobit.com/

uftpd v2.14

Changes

• Add support for -o pasv_addr=ADDR command line argument to override
• Add support for -p PIDFILE command line argument
  the address passed to the client in passive mode, useful for some
  types of NAT setup
• Add support for new libite (-lite) library header namespace
• Restored .tar.gz release archives
• Replaced Travis-CI with GitHub Actions

Fixes

• Issue #36: MLST command without any argument blocks
• Fix memory leak in MLST/MLSD, only affects no-MMU systems where the
  kernel cannot free memory of processes on exit

Packages for Debian 10, and compatible Ubuntu releases, available at https://deb.troglobit.com/

uftpd v2.13

Changes

• Unit test framework in place, with regression test for issue #31

Fixes

• Issue #31: Socket leak in daemon accept() handling causing "Too many open files". Effectively causing denial of service
• Minor memory leak fixed, only allocated once at startup. Affects only non-MMU systems

Packages for Debian 10, and compatible Ubuntu releases, available at https://deb.troglobit.com/

uftpd v2.12

Changes

• Use common log message format and log level when user enters an
  invalid path. This unfortunately affects changes introduced in
  v2.11 to increase logging at default log level.

Fixes

• Issue #30: When entering an invalid directory with the FTP command CWD,
  a NULL ptr was deref. in a DBG() message even though the log level is
  set to a value lower than LOG_DEBUG. This caused uftpd to crash
  and cause denial of service. Depending on the init/inetd system used
  this could be permanent.

Packages for Debian 10, and compatible Ubuntu releases, available at https://deb.troglobit.com/

uftpd v2.11

Changes

• Increased logging at default log level. Now users logging in,
  downloading, uploading, directory creation/removal is logged by
  default. Start with -l error to silence uftpd again

Fixes

• Fix buffer overflow in FTP PORT parser, reported by Aaron Esau
• Fix TFTP/FTP directory traversal regression , reported by Aaron Esau
• Fix potential DOS through non-busy loop and segfault, by Aaron Esau
• Fix potential segfault through empty FTP password, by Aaron Esau
• Fix potential segfault through FTP PORT command, by Aaron Esau

Files

uftpd v2.10

Changes

• Issue #25: Add support for TFTP write support (WRQ)
• Slightly improved debug messages.

Fixes

• Minor fix to TFTP error codes, only use standardized codes, and code 0 + custom error message for everything else

Files

The attached .deb files are built for Ubuntu 18.04 LTS, but may work with other Debian/Ubuntu based distros that use the same glibc version. Remember, you also need libuEv and libite installed. See the file README.md in the tarball for more information.

uftpd v2.9

Changes

• Reduced log level for "Invalid path" and "Failed realpath()" syslog messages. Only relevant when debugging. For use on the Internet it will otherwise cause an excessive amount of logs due to GXHLGSL.txt
• Debian packaging fixes and updates:
  • Reverts -o writable, due to fixing issue #22
  • Fixes failing dpkg -P uftpd due to bug in postrm script

Fixes

• Issue #21: Check for pkg-config before lookging for deps.
• Issue #22: Check FTP root security after having dropped privs. This means no longer having to run with -o writable by default
• Issue #23: FTP command CWD / does not work, affects all clients. This is a regression introduced in v2.8 while fixing #18

uftpd v2.8

Changes

• The FTP command processor now always converts all inbound commands to uppercase to handle clients sending commands in lowercase
• Any arguments to the FTP LIST command are now ignored
• Improved user feedback on bad FTP root error message
• Enable users group writable FTP root in /etc/inetd.conf (.deb)

Fixes

• Fix #18: KDE Dolphin, FTP client interop problems.
• Fix off-by-one regression introduced in v2.5

uftpd v2.7

Changes

• Documentation updates, commands added in v2.5 and writable opt
• Require libuEv v2.2, or later

Fixes

• Issue #17: Issues with relative FTP root when running unpriviliged

uftpd v2.6

Bug fix release.

Fixes

• Issue #16: 100% CPU when client session exits
• Add missing include file for gettimeofday()
• Flush stdout logging when running in the foreground