Pyftpdlib

=================================

**Enhancements**

- 68: added full FTPS (FTP over SSL/TLS) support provided by new
TLS_FTPHandler class defined in pyftpdlib.contrib.handlers module.
- 86: pyftpdlib now reports all ls and MDTM timestamps as GMT times, as
recommended in RFC-3659. A FTPHandler.use_gmt_times attributed has
been added and can be set to False in case local times are desired
instead.
- 124: pyftpdlib now accepts command line options to configure a stand alone
anonymous FTP server when running pyftpdlib with python's -m option.
- 125: logs are now provided in a standardized format parsable by log
analyzers. FTPHandler class provides two new methods to standardize
both commands and transfers logging: log_cmd() and log_transfer().
- 127: added FTPHandler.masquerade_address_map option which allows you to
define multiple 1 to 1 mappings in case you run a FTP server with
multiple private IP addresses behind a NAT firewall with multiple
public IP addresses.
- 128: files and directories owner and group names and os.readlink are now
resolved via AbstractedFS methods instead of in format_list().
- 129, 139: added 4 new callbacks to FTPHandler class:
on_incomplete_file_sent(), on_incomplete_file_received(), on_login()
and on_logout().
- 130: added UnixAuthorizer and WindowsAuthorizer classes defined in the new
pyftpdlib.contrib.authorizers module.
- 131: pyftpdlib is now able to serve both IPv4 and IPv6 at the same time by
using a single socket.
- 133: AbstractedFS constructor now accepts two argumets: root and cmd_channel
breaking compatibility with previous version. Also, root and and cwd
attributes became properties. The previous bug consisting in resetting
the root from the ftp handler after user login has been fixed to ease
the development of subclasses.
- 134: enabled TCP_NODELAY socket option for the FTP command channels
resulting in pyftpdlib being twice faster.
- 135: Python 2.3 support has been dropped.
- 137: added new pyftpdlib.contrib.filesystems module within
UnixFilesystem class which permits the client to escape its home
directory and navigate the real filesystem.
- 138: added DTPHandler.get_elapsed_time() method which returns the transfer
elapsed time in seconds.
- 144: a "username" parameter is now passed to authorizer's
terminate_impersonation() method.
- 149: ftpserver.proto_cmds dictionary refactoring and get rid of
_CommandProperty class.

**Bug fixes**

- 120: an ActiveDTP() instance is not garbage collected in case a client
issuing PORT disconnects before establishing the data connection.
- 122: a wrong variable name was used in AbstractedFS.validpath method.
- 123: PORT command doesn't bind to correct address in case an alias is
created for the local network interface.
- 140: pathnames returned in PWD response should have double-quotes '"'
escaped.
- 143: EINVAL not properly handled causes server crash on OSX.
- 146: SIZE and MDTM commands are now rejected unless the "l" permission has
been specified for the user.
- 150: path traversal bug: it is possible to move/rename a file outside of the
user home directory.

=================================

**Enhancements**

- 103: added unix_daemon.py script.
- 108: a new ThrottledDTPHandler class has been added for limiting the speed
of downloads and uploads.

**Bug fixes**

- 100: fixed a race condition in FTPHandler constructor which could throw an
exception in case of connection bashing (DoS). (thanks Bram Neijt)
- 102: FTPServer.close_all() now removes any unfired delayed call left behind
to prevent potential memory leaks.
- 104: fixed a bug in FTPServer.handle_accept() where socket.accept() could
return None instead of a valid address causing the server to crash.
(OS X only, reported by Wentao Han)
- 104: an unhandled EPIPE exception might be thrown by asyncore.recv() when
dealing with ill-behaved clients on OS X . (reported by Wentao Han)
- 105: ECONNABORTED might be thrown by socket.accept() on FreeBSD causing the
server to crash.
- 109: an unhandled EBADF exception might be thrown when using poll() on OSX
and FreeBSD.
- 111: the license used was not MIT as stated in source files.
- 112: fixed a MDTM related test case failure occurring on 64 bit OSes.
- 113: fixed unix_ftp.py which was treating anonymous as a normal user.
- 114: MLST is now denied unless the "l" permission has been specified for the
user.
- 115: asyncore.dispatcher.close() is now called before doing any other
cleanup operation when client disconnects. This way we avoid an endless
loop which hangs the server in case an exception is raised in close()
method. (thanks Arkadiusz Wahlig)
- 116: extra carriage returns were added to files transferred in ASCII mode.
- 118: CDUP always changes to "/".
- 119: QUIT sent during a transfer caused a memory leak.

=================================

**Enhancements**

- 79: added two new callback methods to FTPHandler class to handle
"on_file_sent" and "on_file_received" events.
- 82: added table of contents in documentation.
- 92: ASCII transfers are now 200% faster on those systems using "\r\n" as
line separator (typically Windows).
- 94: a bigger buffer size for send() and recv() has been set resulting in a
considerable speedup (about 40% faster) for both incoming and outgoing
data transfers.
- 98: added preliminary support for SITE command.
- 99: a new script implementing FTPS (FTP over TLS/SSL) has been added to the
demo directory. See:
http://code.google.com/p/pyftpdlib/source/browse/trunk/demo/tls_ftpd.py

**Bug fixes**

- 78: the idle timeout of passive data connections gets stopped in case of
rejected "site-to-site" connections.
- 80: demo/md5_ftpd.py should use hashlib module instead of the deprecated md5
module.
- 81: fixed some tests which were failing on SunOS.
- 84: fixed a very rare unhandled exception which could occur when retrieving
the first bytes of a corrupted file.
- 85: a positive MKD response is supposed to include the name of the new
directory.
- 87: SIZE should be rejected when the current TYPE is ASCII.
- 88: REST should be rejected when the current TYPE is ASCII.
- 89: "TYPE AN" was erroneously treated as synonym for "TYPE A" when "TYPE L7"
should have been used instead.
- 90: an unhandled exception can occur when using MDTM against a file modified
before year 1900.
- 91: an unhandled exception can occur in case accept() returns None instead
of a socket (it happens sometimes).
- 95: anonymous is now treated as any other case-sensitive user.

=================================

**Enhancements**

- 72: pyftpdlib now provides configurable idle timeouts to disconnect client
after a long time of inactivity.
- 73: imposed a delay before replying for invalid credentials to minimize the
risk of brute force password guessing (RFC-1123).
- 74: it is now possible to define permission exceptions for certain
directories (e.g. creating a user which does not have write permission
except for one sub-directory in FTP root).
- : Improved bandwidth throttling capabilities of demo/throttled_ftpd.py
script by having used the new CallLater class which drastically reduces
the number of time.time() calls.

**Bug fixes**

- 62: some unit tests were failing on certain dual core machines.
- 71: socket handles are leaked when a data transfer is in progress and user
QUITs.
- 75: orphaned file was left behind in case STOU failed for insufficient user
permissions.
- 77: incorrect OOB data management on FreeBSD.

=================================

**Enhancements**

- 65: It is now possible to assume the id of real users when using system
dependent authorizers.
- 67: added IPv6 support.

**Bug fixes**

- 64: Issue when authenticating as anonymous user when using UNIX and Windows
authorizers.
- 66: WinNTAuthorizer does not determine the real user home directory.
- 69: DummyAuthorizer incorrectly uses class attribute instead of instance
attribute for user_table dictionary.
- 70: a wrong NOOP response code was given.

=================================

**Enhancements**

- 42: implemented FEAT command (RFC-2389).
- 48: real permissions, owner, and group for files on UNIX platforms are now
provided when processing LIST command.
- 51: added the new demo/throttled_ftpd.py script.
- 52: implemented MLST and MLSD commands (RFC-3659).
- 58: implemented OPTS command (RFC-2389).
- 59: iterators are now used for calculating requests requiring long time to
complete (LIST and MLSD commands) drastically increasing the daemon
scalability when dealing with many connected clients.
- 61: extended the set of assignable user permissions.

**Bug fixes**

- 41: an unhandled exception occurred on QUIT if user was not yet
authenticated.
- 43: hidden the server identifier returned in STAT response.
- 44: a wrong response code was given on PORT in case of failed connection
attempt.
- 45: a wrong response code was given on HELP if the provided argument wasn't
recognized as valid command.
- 46: a wrong response code was given on PASV in case of unauthorized FXP
connection attempt.
- 47: can't use FTPServer.max_cons option on Python 2.3.
- 49: a "550 No such file or directory" was returned when LISTing a directory
containing a broken symbolic link.
- 50: DTPHandler class did not respect what specified in ac_out_buffer_size
attribute.
- 53: received strings having trailing white spaces was erroneously stripped.
- 54: LIST/NLST/STAT outputs are now sorted by file name.
- 55: path traversal vulnerability in case of symbolic links escaping user's
home directory.
- 56: can't rename broken symbolic links.
- 57: invoking LIST/NLST over a symbolic link which points to a direoctory
shouldn't list its content.
- 60: an unhandled IndexError exception error was raised in case of certain
bad formatted PORT requests.