MOD_FTP 3.0 STATUS: -*-text-*- Last modified at [$Date$] The current version of this file can be found at: * http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk/STATUS Consult the following STATUS files for information on related projects: * http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS * http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS Release history: [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] 0.9.1 : tagged January 2, 2008 0.9.0 : tagged, not released Contributors looking for a mission: * Just do an egrep on "TODO" or "XXX" in the source. * Review the bug database at: http://issues.apache.org/bugzilla/ * Review the "PatchAvailable" bugs in the bug database: https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&component=mod_ftp&keywords=PatchAvailable After testing, you can append a comment saying "Reviewed and tested". * Open bugs in the bug database https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&component=mod_ftp RELEASE SHOWSTOPPERS: * Several clients either trap the 'A' of ABOR in the OOB chunk, or omit some bytes of the IAC IP IAC DM urgent byte sequence. Handle these exceptions cases properly in the OOB data channel read. Pity that the client developers never bothered to learn the telnet protocol. * FTPLimit* family of directives share an FTPLimitDBFile across hosts, yet fail to scope their tracking records to the corresponding host. Revert the notes in http://svn.apache.org/viewvc?rev=602264&view=rev once corrected. * include/mod_ftp.h clearly needs refactoring of public and private interfaces to mod_ftp, and appropriate declarations for those that will remain public. Perhaps private declarations should be moved to modules/ftp/ftp_private.h and out of include/ altogether. REALLY NICE TO WRAP THESE UP: * Implement AUTH GSSAPI/ADAT commands from RFC2228 Appendix I. * Process named virtual hosts based on USER foo@hostname syntax (stripping @hostname prior to user-auth processing). * Create a parent worker, servicing root port configurations of active/passive sockets, as a unix domain socket-based allocator. It needs to be expecially strict about comparing the requested allocation to the server configurations, which are shared from the parent to this worker, and with the children. * For in-tree builds, extending config_vars.mk with our local [exp_]ftpdocsdir and installing that tree. * For in-tree builds, expanding @@FTPPort@@ / @exp_ftpdocsdir@ and installing conf/extra/ftpd.conf. CURRENT RELEASE NOTES: * EPSV and EPRT need real world testing for different routing and DMZ cases and validating a range of IPv6-enabled clients' interop. Note many IPv4-only NAT routers appear to ignore EPRT commands, even as they would fix up NAT addresses from PORT commands. CURRENT VOTES: REFERENCES: * "FILE TRANSFER PROTOCOL (FTP)", Postel, Reynolds http://www.ietf.org/rfc/rfc959.txt * "FTP Security Extensions", Horowitz, Lunt http://www.ietf.org/rfc/rfc2228.txt * "FTP Extensions for IPv6 and NATs", Allman, Ostermann, Metz http://www.ietf.org/rfc/rfc2428.txt * "Securing FTP with TLS", Ford-Hutchinson http://www.ietf.org/rfc/rfc4217.txt