blob: 9d315b05b7af2e002a2cfcc2a9ae757d4ddfe41e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
|
Issue tracker at http://code.google.com/p/pyftpdlib/issues/list
History
=======
Version: 0.5.0 - Date: 2008-09-20
---------------------------------
Major enhancements:
* Issue #72: pyftpdlib now provides configurable idle timeouts to disconnect
client after a long time of inactivity.
* Issue #73: impose a delay before replying for invalid credentials to minimize
the risk of brute force password guessing.
* Issue #74: it is now possible to define permission exceptions for certain
directories (e.g. creating a user which does not have write permission except
for one sub-directory in FTP root).
* Improved bandwidth throttling capabilities of demo/throttled_ftpd.py script
by having used the new CallLater class which drastically reduces the number
of calls to time.time().
Bugfixes:
* Issue #62: some unit tests were failing on dual core machines.
* Issue #71: socket handles are leaked when a data transfer is in progress and
user QUITs.
* Issue #75: orphaned file was left behind in case STOU failed for insufficient
user permissions.
* Issue #77: incorrect OOB data management on FreeBSD.
Version: 0.4.0 - Date: 2008-05-16
---------------------------------
Major enhancements:
* Issue #65: assume the id of real users when using system dependent
authorizers.
* Issue #67: added IPv6 support.
Bugfixes:
* Issue #64: issue when authenticating as anonymous user using user-defined
authorizers.
* Issue #66: WinNTAuthorizer does not determine the real user home directory.
* Issue #69: DummyAuthorizer incorrectly uses class attribute instead of
instance attribute for user_table dictionary.
* Issue #70: wrong NOOP response code.
API changes since 0.3.0:
* DummyAuthorizer class changes:
* impersonate_user() and terminate_impersonation() methods have been
added.
Version: 0.3.0 - Date: 2008-01-17
---------------------------------
Major enhancements:
* Issue #48: real permissions, owner, and group for files on UNIX platforms are
now provided when processing LIST.
* Issue #51: added the new demo/throttled_ftpd.py script.
* Issue #59: iterators are now used for calculating requests requiring long
time to complete (LIST and MLSD commands).
* Issue #61: extended the set of assignable user permissions.
RFC-related enhancements:
* Issue #42: implemented FEAT command defined in RFC-2389.
* Issue #52: implemented MLST and MLSD commands defined in RFC-3659.
* Issue #58: implemented OPTS command define in RFC-2389.
Bugfixes:
* Issue #41: error occurred on quit if user was not yet authenticated.
* Issue #43: hidden the server identifier when returning STAT response.
* Issue #44: a wrong response code was given on PORT if the data connection
attempt failed.
* Issue #45: a wrong response code was given on HELP if argument was incorrect.
* Issue #46: a wrong response code was given on PASV if remote peer had a
foreign internet address.
* Issue #47: can't use FTPServer.max_cons option with Python 2.3.
* Issue #48: problem when LISTing "broken" symbolic links.
* Issue #49: data channel did not respect the outgoing data buffer.
* Issue #53: received strings having trailing white spaces was erroneously
stripped.
* Issue #54: LIST/NLST/STAT outputs are now sorted by file name.
* Issue #55: path traversal vulnerability in case of symlinks.
* Issue #56: can't rename broken symbolic links.
* Issue #57: wrong LIST/NLST behavior when processing symbolic links.
* Issue #60: error occurred in case of bad formatted PORT command requests.
API changes since 0.2.0:
* New IteratorProducer and BufferedIteratorProducer classes have been added.
* DummyAuthorizer class changes:
* The permissions management has been changed and the set of available
permissions have been extended (see Issue #61). add_user() method
now accepts "eladfm" permissions beyond the old "r" and "w".
* r_perm() and w_perm() methods have been removed.
* New has_perm() and get_perms() methods have been added.
* AbstractedFS class changes:
* normalize() method has been renamed in ftpnorm().
* translate() method has been renamed in ftp2fs().
* New methods: fs2ftp(), stat(), lstat(), islink(), realpath(), lexists(),
validpath().
* get_list_dir(), get_stat_dir() and format_list() methods now return an
iterator object instead of a string.
* format_list() method has a new "ignore_err" keyword argument.
* global debug() function has been removed.
Version: 0.2.0 - Date: 2007-09-17
----------------------------------
Major enhancements:
* Issue #5: provided a way to configure / limit the number of maximum
acceptable connections.
* Issue #5: provided a way to configure / limit the maximum number of clients
which may be connected from the same IP address.
* Issue #36: added support for FXP site-to-site transfer to allow transfers
between FTP servers.
* Issue #39: added NAT/Firewall support with PASV (passive) mode connections
for FTP servers behind NAT.
* Issue #40: provided new FTPHandler.passive_ports attribute to control what
ports to use for passive data-transfers.
RFC-related enhancements:
* Issue #6: accept and process TYPE AN and TYPE L8 commands.
* Issue #7: a new USER command can now be entered at any point to begin the
login sequence again.
* Issue #8: be compliant with STOU output format defined in RFC 1123.
* Issue #10: HELP command arguments are now accepted.
* Issue #12: 554 error response is now returned on RETR/STOR if REST fails.
* Issue #15: STAT used with an argument return directory LISTing over the
command channel.
Security enhancements:
* Issue #3: stop buffering when extremely long lines are received.
* Issue #11: reject data connection when a privileged port is specified on
PORT command.
* Issue #25: limit the number of attempts to find a unique filename for
STOU command.
Usability enhancements:
* Provided an overridable attribute to easily set number of maximum login
attempts before disconnecting.
* Docstrings are now provided for almost every method and function.
* Issue #30: command help strings quality improved by adding command
syntaxes.
* Issue #31: a compact list of recognized commands is now provided on HELP.
* Issue #32: we now provide a detailed error message on connection and file
system errors.
* Issue #38: anonymous user write access can now be optionally granted.
Test suite enhancements:
* File creation/removal moved into setUp and tearDown methods to avoid leaving
behind orphaned temporary files in the event of a test suite failure.
* Issue #7: added tests for a new USER provided while already
authenticated.
* Issue #7: added tests for REIN while a transfer is in progress.
* Issue #28: added tests for ABOR command.
Bugfixes:
* Issue #4: socket's "reuse_address" feature was used after the socket's
binding.
* Issue #9: corrected path traversal vulnerability affecting file-system path
translations.
* Issue #14: a wrong response code was returned on CDUP.
* Issue #17: reject SIZE if pathname is a directory.
* Issue #18: a wrong ABOR response code type was returned.
* Issue #19: watch for STOU preceded by REST which makes no sense.
* Issue #20: "attempted login" counter wasn't incremented on wrong username.
* Issue #21: STAT wasn't permitted if user wasn't authenticated yet.
* Issue #22: corrected memory leaks occurring on KeyboardInterrupt/SIGTERM.
* Issue #23: PASS wasn't rejected when user was already authenticated.
* Issue #24: can't use os.strerror() on pythonCE.
* Issue #24: problem occurred on Windows when using '\\' as user's home
directory.
* Issue #26: used select() by default instead of poll() because of an asyncore
module's defect.
* Issue #33: some FTPHandler class attributes wasn't resetted on REIN.
* Issue #35: watch for APPE preceded by REST which makes no sense.
Version: 0.1.1 - Date: 2007-03-27
----------------------------------
* Port selection on PASV command has been randomized to prevent a remote user
to know how many data connections are in progress on the server.
* Fixed bug in demo/unix_ftpd.py script (reported by Roger Erens).
* Little modification to add_anonymous method of dummy_authorizer class.
* ftp_server.serve_forever automatically re-use address if current system is
unix.
* License changed into a MIT style one.
Version: 0.1.0 - Date: 2007-02-26
----------------------------------
* First proof of concept beta release.
|
