Index: third_party/pyftpdlib/HISTORY |
=================================================================== |
--- third_party/pyftpdlib/HISTORY (revision 0) |
+++ third_party/pyftpdlib/HISTORY (revision 0) |
@@ -0,0 +1,216 @@ |
+Issue tracker at http://code.google.com/p/pyftpdlib/issues/list |
+ |
+ |
+History |
+======= |
+ |
+Version: 0.5.0 - Date: 2008-09-20 |
+--------------------------------- |
+ |
+Major enhancements: |
+ |
+ * Issue #72: pyftpdlib now provides configurable idle timeouts to disconnect |
+ client after a long time of inactivity. |
+ |
+ * Issue #73: impose a delay before replying for invalid credentials to minimize |
+ the risk of brute force password guessing. |
+ |
+ * Issue #74: it is now possible to define permission exceptions for certain |
+ directories (e.g. creating a user which does not have write permission except |
+ for one sub-directory in FTP root). |
+ |
+ * Improved bandwidth throttling capabilities of demo/throttled_ftpd.py script |
+ by having used the new CallLater class which drastically reduces the number |
+ of calls to time.time(). |
+ |
+Bugfixes: |
+ |
+ * Issue #62: some unit tests were failing on dual core machines. |
+ |
+ * Issue #71: socket handles are leaked when a data transfer is in progress and |
+ user QUITs. |
+ |
+ * Issue #75: orphaned file was left behind in case STOU failed for insufficient |
+ user permissions. |
+ |
+ * Issue #77: incorrect OOB data management on FreeBSD. |
+ |
+ |
+Version: 0.4.0 - Date: 2008-05-16 |
+--------------------------------- |
+ |
+Major enhancements: |
+ |
+ * Issue #65: assume the id of real users when using system dependent |
+ authorizers. |
+ * Issue #67: added IPv6 support. |
+ |
+Bugfixes: |
+ |
+ * Issue #64: issue when authenticating as anonymous user using user-defined |
+ authorizers. |
+ * Issue #66: WinNTAuthorizer does not determine the real user home directory. |
+ * Issue #69: DummyAuthorizer incorrectly uses class attribute instead of |
+ instance attribute for user_table dictionary. |
+ * Issue #70: wrong NOOP response code. |
+ |
+API changes since 0.3.0: |
+ |
+ * DummyAuthorizer class changes: |
+ * impersonate_user() and terminate_impersonation() methods have been |
+ added. |
+ |
+ |
+Version: 0.3.0 - Date: 2008-01-17 |
+--------------------------------- |
+ |
+Major enhancements: |
+ |
+ * Issue #48: real permissions, owner, and group for files on UNIX platforms are |
+ now provided when processing LIST. |
+ * Issue #51: added the new demo/throttled_ftpd.py script. |
+ * Issue #59: iterators are now used for calculating requests requiring long |
+ time to complete (LIST and MLSD commands). |
+ * Issue #61: extended the set of assignable user permissions. |
+ |
+RFC-related enhancements: |
+ |
+ * Issue #42: implemented FEAT command defined in RFC-2389. |
+ * Issue #52: implemented MLST and MLSD commands defined in RFC-3659. |
+ * Issue #58: implemented OPTS command define in RFC-2389. |
+ |
+Bugfixes: |
+ |
+ * Issue #41: error occurred on quit if user was not yet authenticated. |
+ * Issue #43: hidden the server identifier when returning STAT response. |
+ * Issue #44: a wrong response code was given on PORT if the data connection |
+ attempt failed. |
+ * Issue #45: a wrong response code was given on HELP if argument was incorrect. |
+ * Issue #46: a wrong response code was given on PASV if remote peer had a |
+ foreign internet address. |
+ * Issue #47: can't use FTPServer.max_cons option with Python 2.3. |
+ * Issue #48: problem when LISTing "broken" symbolic links. |
+ * Issue #49: data channel did not respect the outgoing data buffer. |
+ * Issue #53: received strings having trailing white spaces was erroneously |
+ stripped. |
+ * Issue #54: LIST/NLST/STAT outputs are now sorted by file name. |
+ * Issue #55: path traversal vulnerability in case of symlinks. |
+ * Issue #56: can't rename broken symbolic links. |
+ * Issue #57: wrong LIST/NLST behavior when processing symbolic links. |
+ * Issue #60: error occurred in case of bad formatted PORT command requests. |
+ |
+API changes since 0.2.0: |
+ |
+ * New IteratorProducer and BufferedIteratorProducer classes have been added. |
+ * DummyAuthorizer class changes: |
+ * The permissions management has been changed and the set of available |
+ permissions have been extended (see Issue #61). add_user() method |
+ now accepts "eladfm" permissions beyond the old "r" and "w". |
+ * r_perm() and w_perm() methods have been removed. |
+ * New has_perm() and get_perms() methods have been added. |
+* AbstractedFS class changes: |
+ * normalize() method has been renamed in ftpnorm(). |
+ * translate() method has been renamed in ftp2fs(). |
+ * New methods: fs2ftp(), stat(), lstat(), islink(), realpath(), lexists(), |
+ validpath(). |
+ * get_list_dir(), get_stat_dir() and format_list() methods now return an |
+ iterator object instead of a string. |
+ * format_list() method has a new "ignore_err" keyword argument. |
+* global debug() function has been removed. |
+ |
+ |
+Version: 0.2.0 - Date: 2007-09-17 |
+---------------------------------- |
+ |
+Major enhancements: |
+ |
+ * Issue #5: provided a way to configure / limit the number of maximum |
+ acceptable connections. |
+ * Issue #5: provided a way to configure / limit the maximum number of clients |
+ which may be connected from the same IP address. |
+ * Issue #36: added support for FXP site-to-site transfer to allow transfers |
+ between FTP servers. |
+ * Issue #39: added NAT/Firewall support with PASV (passive) mode connections |
+ for FTP servers behind NAT. |
+ * Issue #40: provided new FTPHandler.passive_ports attribute to control what |
+ ports to use for passive data-transfers. |
+ |
+RFC-related enhancements: |
+ |
+ * Issue #6: accept and process TYPE AN and TYPE L8 commands. |
+ * Issue #7: a new USER command can now be entered at any point to begin the |
+ login sequence again. |
+ * Issue #8: be compliant with STOU output format defined in RFC 1123. |
+ * Issue #10: HELP command arguments are now accepted. |
+ * Issue #12: 554 error response is now returned on RETR/STOR if REST fails. |
+ * Issue #15: STAT used with an argument return directory LISTing over the |
+ command channel. |
+ |
+Security enhancements: |
+ |
+ * Issue #3: stop buffering when extremely long lines are received. |
+ * Issue #11: reject data connection when a privileged port is specified on |
+ PORT command. |
+ * Issue #25: limit the number of attempts to find a unique filename for |
+ STOU command. |
+ |
+Usability enhancements: |
+ |
+ * Provided an overridable attribute to easily set number of maximum login |
+ attempts before disconnecting. |
+ * Docstrings are now provided for almost every method and function. |
+ * Issue #30: command help strings quality improved by adding command |
+ syntaxes. |
+ * Issue #31: a compact list of recognized commands is now provided on HELP. |
+ * Issue #32: we now provide a detailed error message on connection and file |
+ system errors. |
+ * Issue #38: anonymous user write access can now be optionally granted. |
+ |
+Test suite enhancements: |
+ |
+ * File creation/removal moved into setUp and tearDown methods to avoid leaving |
+ behind orphaned temporary files in the event of a test suite failure. |
+ * Issue #7: added tests for a new USER provided while already |
+ authenticated. |
+ * Issue #7: added tests for REIN while a transfer is in progress. |
+ * Issue #28: added tests for ABOR command. |
+ |
+Bugfixes: |
+ |
+ * Issue #4: socket's "reuse_address" feature was used after the socket's |
+ binding. |
+ * Issue #9: corrected path traversal vulnerability affecting file-system path |
+ translations. |
+ * Issue #14: a wrong response code was returned on CDUP. |
+ * Issue #17: reject SIZE if pathname is a directory. |
+ * Issue #18: a wrong ABOR response code type was returned. |
+ * Issue #19: watch for STOU preceded by REST which makes no sense. |
+ * Issue #20: "attempted login" counter wasn't incremented on wrong username. |
+ * Issue #21: STAT wasn't permitted if user wasn't authenticated yet. |
+ * Issue #22: corrected memory leaks occurring on KeyboardInterrupt/SIGTERM. |
+ * Issue #23: PASS wasn't rejected when user was already authenticated. |
+ * Issue #24: can't use os.strerror() on pythonCE. |
+ * Issue #24: problem occurred on Windows when using '\\' as user's home |
+ directory. |
+ * Issue #26: used select() by default instead of poll() because of an asyncore |
+ module's defect. |
+ * Issue #33: some FTPHandler class attributes wasn't resetted on REIN. |
+ * Issue #35: watch for APPE preceded by REST which makes no sense. |
+ |
+ |
+Version: 0.1.1 - Date: 2007-03-27 |
+---------------------------------- |
+ |
+ * Port selection on PASV command has been randomized to prevent a remote user |
+ to know how many data connections are in progress on the server. |
+ * Fixed bug in demo/unix_ftpd.py script (reported by Roger Erens). |
+ * Little modification to add_anonymous method of dummy_authorizer class. |
+ * ftp_server.serve_forever automatically re-use address if current system is |
+ unix. |
+ * License changed into a MIT style one. |
+ |
+ |
+Version: 0.1.0 - Date: 2007-02-26 |
+---------------------------------- |
+ |
+ * First proof of concept beta release. |