Hello community, here is the log from the commit of package atftp for openSUSE:Factory checked in at 2019-05-03 22:35:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/atftp (Old) and /work/SRC/openSUSE:Factory/.atftp.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "atftp" Fri May 3 22:35:38 2019 rev:35 rq:698121 version:0.7.2 Changes: -------- --- /work/SRC/openSUSE:Factory/atftp/atftp.changes 2017-11-29 10:49:40.447149547 +0100 +++ /work/SRC/openSUSE:Factory/.atftp.new.5148/atftp.changes 2019-05-03 22:35:40.153361367 +0200 @@ -1,0 +2,54 @@ +Fri Apr 26 09:37:19 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> + +- Removed old initscript conditionals and atftpd.init file + +------------------------------------------------------------------- +Wed Apr 24 14:57:32 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> + +- Update to version 0.7.2 [bsc#1133114, CVE-2019-11365][bsc#1133145, CVE-2019-11366] + * atftpd.c: Fixed a potential DoS bug (introduced by the IPv6 patch) + * Fix Debian Bug deb#613582 and deb#258998 atftpd: does not reply properly when there's more than 1 interface + * Fix Debian Bug deb#622840 atftpd: Forgets port if both --port and --bind-address are used + * Fix Debian Bug deb#606969 atftp exits with no error after a get when disk is full + * Fix Debian Bug deb#575831 atftp: error return value when tftp put file + * Fix missing default port from Ubuntu bug lp#972834 + * Merged patches to improve debugging and warning messages + * Merged patch from Gentoo distribution: + add support for proprietary password extension necessary for + transferring files to linksys routers (atftp client) + * Added patch from Gentoo bug #322601: client fails for filenames containing spaces + * Listening Address configuration fixed + * Added Patch "Blksize option can be smaller than SEGSIZE" + * Fix Debian Bug deb#609813 Apply patch listen on requested port when in daemon mode. + * Fix Debian Bug deb#598474 Fixed use of sendto() over a connected datagram socket on FreeBSD + * Fix Debian Bug deb#580473 Apply IPv6 support patch by Ben Hutchings. + Add AC_GNU_SOURCE to configure.ac to address FTBFS. + * Fix Debian Bug deb#536295 Updated config.sub .guess. + * Fix Debian Bug deb#535604 Make sure we have the --daemon option before starting atftpd + * Fix Debian Bug deb#514521 Crash fix + * Fix Debian Bug deb#484739 Added support for logging to stdout. + * Fix Debian Bug deb#484932 inetd.conf: change udp to udp4 + * Fix Debian Bug deb#436310 Fixed the FTBFS. + * Fix Debian Bug deb#420900 Use CLOCKS_PER_SEC instead of CLK_TCK. Fixed a FTBFS. + * Fix Debian Bug deb#271816 Random segfaults fixed + * Fix Debian Bug deb#291829 Segfault fixed on AMD64. + * Fix Debian Bug deb#290062 Copyright fixed. + * Fix Debian Bug deb#275052 Data corruption bug in multicast mode fixed. + * New Project home: https://sourceforge.net/projects/atftp/ +- Removed patches fixed upstream: + * atftp-0.7.dif + * atftp-CLK_TCK.diff + * atftp-0.7_compiler_warnings.patch + * atftp-0.7_thread_crash.patch + * atftp-0.7_sol_ip.patch + * atftp-0.7_bug-213384_OPT_NUMBER.patch + * atftpd-0.7_unprotected_assignments_crash.patch + * atftpd-0.7_circumvent_tftp_size_restrictions.patch +- Rebased patches: + * atftp-0.7-ack_heuristic.patch + * atftp-0.7-default_user_man.patch + * atftp-0.7-server_receive_race.patch + * atftp-0.7-sorcerers_apprentice.patch + * atftp-drop_privileges_non-daemon.patch + +------------------------------------------------------------------- Old: ---- atftp-0.7.dif atftp-0.7.tar.bz2 atftp-0.7_bug-213384_OPT_NUMBER.patch atftp-0.7_compiler_warnings.patch atftp-0.7_sol_ip.patch atftp-0.7_thread_crash.patch atftp-CLK_TCK.diff atftpd-0.7_circumvent_tftp_size_restrictions.patch atftpd-0.7_unprotected_assignments_crash.patch atftpd.init New: ---- atftp-0.7.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ atftp.spec ++++++ --- /var/tmp/diff_new_pack.PA3YV1/_old 2019-05-03 22:35:40.649362573 +0200 +++ /var/tmp/diff_new_pack.PA3YV1/_new 2019-05-03 22:35:40.653362582 +0200 @@ -1,7 +1,7 @@ # # spec file for package atftp # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -23,39 +23,29 @@ %endif %define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services -%define pkg_version 0.7 Name: atftp -Version: 0.7.0 +Version: 0.7.2 Release: 0 Summary: Advanced TFTP Server and Client -License: GPL-2.0+ +License: GPL-2.0-or-later Group: System/Daemons -Url: ftp://ftp.mamalinux.com/pub/atftp/ -Source: %{name}-%{pkg_version}.tar.bz2 -Source1: atftpd.init +URL: https://sourceforge.net/projects/atftp/ +Source: %{name}-%{version}.tar.gz Source2: atftpd.sysconfig Source3: atftpd.logrotate Source4: atftp.fw Source5: atftpd.service Source6: atftpd.socket -Patch1: atftp-0.7.dif -Patch2: atftp-CLK_TCK.diff -Patch3: atftp-0.7_compiler_warnings.patch -Patch4: atftp-0.7_thread_crash.patch -Patch5: atftp-0.7_sol_ip.patch -Patch6: atftp-0.7_bug-213384_OPT_NUMBER.patch -Patch7: atftpd-0.7_unprotected_assignments_crash.patch -Patch8: atftpd-0.7_circumvent_tftp_size_restrictions.patch # PATCH-FIX-SUSE sorcerer's apprentice syndrom (bnc#727843) -Patch9: atftp-0.7-sorcerers_apprentice.patch +Patch1: atftp-0.7-sorcerers_apprentice.patch # PATCH-FIX-SUSE server receive thread race (bnc#599856) -Patch10: atftp-0.7-server_receive_race.patch +Patch2: atftp-0.7-server_receive_race.patch # PATCH-FIX-SUSE drop one duplicated ACK each round (bnc#774376) -Patch12: atftp-0.7-ack_heuristic.patch -Patch13: atftp-0.7-default_user_man.patch +Patch3: atftp-0.7-ack_heuristic.patch +Patch4: atftp-0.7-default_user_man.patch # PATCH-FIX-SUSE update default directory in man (bnc#507011) -Patch14: atftp-0.7-default_dir_man.patch -Patch15: atftp-drop_privileges_non-daemon.patch +Patch5: atftp-0.7-default_dir_man.patch +Patch6: atftp-drop_privileges_non-daemon.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: pcre-devel @@ -68,12 +58,8 @@ Provides: tftp(client) Provides: tftp(server) BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if 0%{?suse_version} >= 1210 BuildRequires: systemd-rpm-macros %{?systemd_requires} -%else -Requires(pre): %insserv_prereq -%endif %description atftp stands for Advanced Trivial File Transfer Protocol. It is called @@ -85,21 +71,13 @@ boot of hundreds of machines simultaneously. %prep -%setup -q -n %{name}-%{pkg_version} +%setup -q -n %{name}-%{version} %patch1 %patch2 %patch3 %patch4 %patch5 -%patch6 -%patch7 -%patch8 -%patch9 -%patch10 -%patch12 -%patch13 -%patch14 -%patch15 -p1 +%patch6 -p1 %build autoreconf -fi @@ -110,14 +88,9 @@ %install make DESTDIR=%{buildroot} install %{?_smp_mflags} # SuSE rc -%if 0%{?suse_version} >= 1210 install -D -m 0644 %{SOURCE5} %{buildroot}/%{_unitdir}/atftpd.service install -D -m 0644 %{SOURCE6} %{buildroot}/%{_unitdir}/atftpd.socket ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcatftpd -%else -install -D -m 0755 %{SOURCE1} %{buildroot}%{_initddir}/atftpd -ln -s -f ../..%{_initddir}/atftpd %{buildroot}%{_sbindir}/rcatftpd -%endif install -D -m 0644 %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.atftpd install -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} mkdir -p %{buildroot}/%{_fwdefdir} @@ -138,44 +111,28 @@ sed -i -e "s@^\(ATFTPD_OPTIONS=\"--daemon \"\)@#\1@" %{_sysconfdir}/sysconfig/atftpd sed -i -e "s@^\(ATFTPD_DIRECTORY=\"/tftpboot\"\)@#\1@" %{_sysconfdir}/sysconfig/atftpd fi -%if 0%{?suse_version} >= 1210 %service_add_pre atftpd.service atftpd.socket -%endif %preun -%if 0%{?suse_version} >= 1210 %service_del_preun atftpd.service atftpd.socket -%else -%stop_on_removal atftpd -%endif %post -%if 0%{?suse_version} >= 1210 %service_add_post atftpd.service atftpd.socket -%endif %{fillup_only -n atftpd} %postun -%if 0%{?suse_version} >= 1210 %service_del_postun atftpd.service atftpd.socket -%else -%restart_on_update atftpd -%insserv_cleanup -%endif %files %defattr(-,root,root) -%doc BUGS FAQ LICENSE README README.MCAST README.PCRE TODO +%license LICENSE +%doc BUGS FAQ README README.MCAST README.PCRE TODO %{_bindir}/atftp %{_sbindir}/atftpd %{_sbindir}/in.tftpd %{_sbindir}/rcatftpd -%if 0%{?suse_version} >= 1210 %{_unitdir}/atftpd.service %{_unitdir}/atftpd.socket -%else -%{_initddir}/atftpd -%endif %config %{_sysconfdir}/logrotate.d/%{name} %{_fillupdir}/sysconfig.atftpd %{_mandir}/man1/atftp.1.gz ++++++ atftp-0.7-ack_heuristic.patch ++++++ --- /var/tmp/diff_new_pack.PA3YV1/_old 2019-05-03 22:35:40.665362611 +0200 +++ /var/tmp/diff_new_pack.PA3YV1/_new 2019-05-03 22:35:40.669362621 +0200 @@ -2,15 +2,15 @@ =================================================================== --- tftpd_file.c.orig +++ tftpd_file.c -@@ -402,7 +402,6 @@ int tftpd_send_file(struct thread_data * +@@ -406,7 +406,6 @@ int tftpd_send_file(struct thread_data * int timeout_state = state; int result; long block_number = 0; - long last_requested_block = -1; long last_block = -1; - int block_loops = 0; int data_size; -@@ -430,6 +429,11 @@ int tftpd_send_file(struct thread_data * + struct sockaddr_storage *sa = &data->client_info->client; +@@ -434,6 +433,11 @@ int tftpd_send_file(struct thread_data * long prev_file_pos = 0; int temp = 0; @@ -22,8 +22,8 @@ /* look for mode option */ if (strcasecmp(data->tftp_options[OPT_MODE].value, "netascii") == 0) { -@@ -786,8 +790,8 @@ int tftpd_send_file(struct thread_data * - ntohs(client_info->client.sin_port)); +@@ -819,8 +823,8 @@ int tftpd_send_file(struct thread_data * + &client_info->client)); sa = &client_info->client; - /* rewind the last_requested_block counter */ @@ -33,117 +33,111 @@ state = S_SEND_OACK; break; -@@ -856,6 +860,7 @@ int tftpd_send_file(struct thread_data * +@@ -895,6 +899,7 @@ int tftpd_send_file(struct thread_data * "source port mismatch, check bypassed"); } } + /* The ACK is from the current client */ number_of_timeout = 0; - block_number = (block_loops * 65536) + ntohs(tftphdr->th_block); -@@ -864,28 +869,88 @@ int tftpd_send_file(struct thread_data * - logger(LOG_DEBUG, "received ACK <block: %d>", block_number); - } + if (multicast) +@@ -908,24 +913,82 @@ int tftpd_send_file(struct thread_data * + logger(LOG_DEBUG, "received ACK <block: %ld>", + block_number); -- /* if turned on, check whether the block request isn't already fulfilled */ +- /* if turned on, check whether the block request isn't already fulfilled */ - if (tftpd_prevent_sas) { -- /* multicast, block numbers could contain gaps */ -- if (multicast) { -- if (last_requested_block >= block_number) +- /* multicast, block numbers could contain gaps */ +- if (multicast) { +- if (last_requested_block >= block_number) { + /* Now check the ACK number and possibly ignore the request */ + + /* multicast, block numbers could contain gaps */ + if (multicast) { -+ /* if turned on, check whether the block request isn't already fulfilled */ -+ if (tftpd_prevent_sas) { -+ if (prev_sent_block >= block_number) - { - if (data->trace) -- logger(LOG_DEBUG, "received duplicated ACK <block: %d >= %d>", last_requested_block, block_number); -+ logger(LOG_DEBUG, "received duplicated ACK <block: %d >= %d>", prev_sent_block, block_number); - break; - } - else -- last_requested_block = block_number; -- /* unicast, blocks should be requested one after another */ -- } else { -- if (last_requested_block + 1 != block_number && last_requested_block != -1) -+ prev_sent_block = block_number; -+ } -+ /* don't prevent thes SAS */ -+ /* use a heuristic suggested by Vladimir Nadvornik */ -+ else { -+ /* here comes the ACK again */ -+ if (prev_sent_block == block_number) -+ { -+ /* drop if number of ACKs == times of previous block sending */ -+ if (++prev_ack_count == prev_sent_count) { -+ logger(LOG_DEBUG, "ACK count (%d) == previous block transmission count -> dropping ACK", prev_ack_count); -+ break; -+ } -+ /* else resend the block */ -+ logger(LOG_DEBUG, "resending block %d", block_number + 1); -+ } -+ /* received ACK to sent block -> move on to next block */ -+ else if (prev_sent_block < block_number) { -+ prev_sent_block = block_number; -+ prev_sent_count = curr_sent_count; -+ curr_sent_count = 0; -+ prev_ack_count = 1; -+ } -+ /* block with low number -> ignore it completely */ -+ else { -+ logger(LOG_DEBUG, "ignoring ACK %d", block_number); -+ break; -+ } -+ } -+ /* unicast, blocks should be requested one after another */ -+ } else { -+ /* if turned on, check whether the block request isn't already fulfilled */ -+ if (tftpd_prevent_sas) { -+ if (prev_sent_block + 1 != block_number) - { -+ logger(LOG_WARNING, "timeout: retrying..."); - if (data->trace) -- logger(LOG_DEBUG, "received out of order ACK <block: %d != %d>", last_requested_block + 1, block_number); -+ logger(LOG_DEBUG, "received out of order ACK <block: %d != %d>", prev_sent_block + 1, block_number); -+ break; -+ } -+ else { -+ prev_sent_block = block_number; -+ } -+ /* don't prevent thes SAS */ -+ /* use a heuristic suggested by Vladimir Nadvornik */ -+ } else { -+ /* here comes the ACK again */ -+ if (prev_sent_block == block_number) -+ { -+ /* drop if number of ACKs == times of previous block sending */ -+ if (++prev_ack_count == prev_sent_count) { -+ logger(LOG_DEBUG, "ACK count (%d) == previous block transmission count -> dropping ACK", prev_ack_count); -+ break; -+ } -+ /* else resend the block */ -+ logger(LOG_DEBUG, "resending block %d", block_number + 1); -+ } -+ /* received ACK to sent block -> move on to next block */ -+ else if (prev_sent_block < block_number) { -+ prev_sent_block = block_number; -+ prev_sent_count = curr_sent_count; -+ curr_sent_count = 0; -+ prev_ack_count = 1; -+ } -+ /* nor previous nor current block number -> ignore it completely */ -+ else { -+ logger(LOG_DEBUG, "ignoring ACK %d", block_number); - break; - } -- else -- last_requested_block = block_number; - } ++ /* if turned on, check whether the block request isn't already fulfilled */ ++ if (tftpd_prevent_sas) { ++ if (prev_sent_block >= block_number) { + if (data->trace) +- logger(LOG_DEBUG, "received duplicated ACK <block: %d >= %d>", last_requested_block, block_number); ++ logger(LOG_DEBUG, "received duplicated ACK <block: %d >= %d>", prev_sent_block, block_number); + break; + } else +- last_requested_block = block_number; +- /* unicast, blocks should be requested one after another */ +- } else { +- if (last_requested_block + 1 != block_number && last_requested_block != -1) { ++ prev_sent_block = block_number; ++ } ++ /* don't prevent thes SAS */ ++ /* use a heuristic suggested by Vladimir Nadvornik */ ++ else { ++ /* here comes the ACK again */ ++ if (prev_sent_block == block_number) { ++ /* drop if number of ACKs == times of previous block sending */ ++ if (++prev_ack_count == prev_sent_count) { ++ logger(LOG_DEBUG, "ACK count (%d) == previous block transmission count -> dropping ACK", prev_ack_count); ++ break; ++ } ++ /* else resend the block */ ++ logger(LOG_DEBUG, "resending block %d", block_number + 1); ++ } ++ /* received ACK to sent block -> move on to next block */ ++ else if (prev_sent_block < block_number) { ++ prev_sent_block = block_number; ++ prev_sent_count = curr_sent_count; ++ curr_sent_count = 0; ++ prev_ack_count = 1; ++ } ++ /* block with low number -> ignore it completely */ ++ else { ++ logger(LOG_DEBUG, "ignoring ACK %d", block_number); ++ break; ++ } ++ } ++ /* unicast, blocks should be requested one after another */ ++ } else { ++ /* if turned on, check whether the block request isn't already fulfilled */ ++ if (tftpd_prevent_sas) { ++ if (prev_sent_block + 1 != block_number) { ++ logger(LOG_WARNING, "timeout: retrying..."); + if (data->trace) +- logger(LOG_DEBUG, "received out of order ACK <block: %d != %d>", last_requested_block + 1, block_number); ++ logger(LOG_DEBUG, "received out of order ACK <block: %d != %d>", prev_sent_block + 1, block_number); + break; +- } else +- last_requested_block = block_number; ++ } else { ++ prev_sent_block = block_number; ++ } ++ /* don't prevent thes SAS */ ++ /* use a heuristic suggested by Vladimir Nadvornik */ ++ } else { ++ /* here comes the ACK again */ ++ if (prev_sent_block == block_number) { ++ /* drop if number of ACKs == times of previous block sending */ ++ if (++prev_ack_count == prev_sent_count) { ++ logger(LOG_DEBUG, "ACK count (%d) == previous block transmission count -> dropping ACK", prev_ack_count); ++ break; ++ } ++ /* else resend the block */ ++ logger(LOG_DEBUG, "resending block %d", block_number + 1); ++ } ++ /* received ACK to sent block -> move on to next block */ ++ else if (prev_sent_block < block_number) { ++ prev_sent_block = block_number; ++ prev_sent_count = curr_sent_count; ++ curr_sent_count = 0; ++ prev_ack_count = 1; ++ } ++ /* nor previous nor current block number -> ignore it completely */ ++ else { ++ logger(LOG_DEBUG, "ignoring ACK %d", block_number); ++ break; ++ } + } } -@@ -898,6 +963,8 @@ int tftpd_send_file(struct thread_data * +@@ -934,6 +997,8 @@ int tftpd_send_file(struct thread_data * state = S_END; break; } @@ -152,7 +146,7 @@ state = S_SEND_DATA; break; case GET_ERROR: -@@ -989,7 +1056,7 @@ int tftpd_send_file(struct thread_data * +@@ -1028,7 +1093,7 @@ int tftpd_send_file(struct thread_data * state = S_SEND_OACK; fseek(fp, 0, SEEK_SET); /* reset the last block received counter */ ++++++ atftp-0.7-default_user_man.patch ++++++ --- /var/tmp/diff_new_pack.PA3YV1/_old 2019-05-03 22:35:40.677362640 +0200 +++ /var/tmp/diff_new_pack.PA3YV1/_new 2019-05-03 22:35:40.677362640 +0200 @@ -12,10 +12,10 @@ file. Assuming the file is /var/log/atftpd.log, simply run: "touch -/var/log/atftpd.log" and then "chown nobody.nogroup +/var/log/atftpd.log" and then "chown tftp.tftp - /var/log/atftpd.log". When the server is ran in daemon mode, - /dev/stdout or /dev/stderr can be used. - -@@ -105,8 +105,8 @@ specialized usage. + /var/log/atftpd.log". When the server is run in daemon mode, + /dev/stdout or /dev/stderr can be used. Specifying a single dash as + the filename will send logs to stdout (file descriptor 1). +@@ -106,8 +106,8 @@ specialized usage. .TP .B \-\-user <user[.group]> @@ -26,7 +26,7 @@ .TP .B \-\-group <group> -@@ -211,7 +211,7 @@ Show summary of options. +@@ -212,7 +212,7 @@ Show summary of options. This is the root directory used by the TFTP server. All requested files from a TFTP client must reside in this directory. If not specified, the directory defaults to /tftpboot. Since ++++++ atftp-0.7-server_receive_race.patch ++++++ --- /var/tmp/diff_new_pack.PA3YV1/_old 2019-05-03 22:35:40.681362650 +0200 +++ /var/tmp/diff_new_pack.PA3YV1/_new 2019-05-03 22:35:40.681362650 +0200 @@ -2,16 +2,16 @@ =================================================================== --- tftpd_file.c.orig +++ tftpd_file.c -@@ -114,7 +114,7 @@ int tftpd_receive_file(struct thread_dat - struct sockaddr_in *sa = &data->client_info->client; - struct sockaddr_in from; +@@ -115,7 +115,7 @@ int tftpd_receive_file(struct thread_dat + struct sockaddr_storage from; + char addr_str[SOCKADDR_PRINT_ADDR_LEN]; struct tftphdr *tftphdr = (struct tftphdr *)data->data_buffer; - FILE *fp; + FILE *fp = NULL; char filename[MAXLEN]; char string[MAXLEN]; int timeout = data->timeout; -@@ -144,18 +144,6 @@ int tftpd_receive_file(struct thread_dat +@@ -145,18 +145,6 @@ int tftpd_receive_file(struct thread_dat return ERR; } @@ -30,7 +30,7 @@ /* tsize option */ if (((result = opt_get_tsize(data->tftp_options)) > -1) && !convert) { -@@ -172,7 +160,6 @@ int tftpd_receive_file(struct thread_dat +@@ -173,7 +161,6 @@ int tftpd_receive_file(struct thread_dat if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", EOPTNEG, tftp_errmsg[EOPTNEG]); @@ -38,7 +38,7 @@ return ERR; } timeout = result; -@@ -189,7 +176,6 @@ int tftpd_receive_file(struct thread_dat +@@ -190,7 +177,6 @@ int tftpd_receive_file(struct thread_dat if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", EOPTNEG, tftp_errmsg[EOPTNEG]); @@ -46,7 +46,7 @@ return ERR; } -@@ -199,7 +185,6 @@ int tftpd_receive_file(struct thread_dat +@@ -200,7 +186,6 @@ int tftpd_receive_file(struct thread_dat if (data->data_buffer == NULL) { logger(LOG_ERR, "memory allocation failure"); @@ -54,7 +54,7 @@ return ERR; } tftphdr = (struct tftphdr *)data->data_buffer; -@@ -210,7 +195,6 @@ int tftpd_receive_file(struct thread_dat +@@ -211,7 +196,6 @@ int tftpd_receive_file(struct thread_dat if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", ENOSPACE, tftp_errmsg[ENOSPACE]); @@ -62,7 +62,7 @@ return ERR; } opt_set_blksize(result, data->tftp_options); -@@ -343,6 +327,20 @@ int tftpd_receive_file(struct thread_dat +@@ -346,6 +330,20 @@ int tftpd_receive_file(struct thread_dat } break; case S_DATA_RECEIVED: @@ -81,9 +81,9 @@ + } + /* We need to seek to the right place in the file */ - block_number = ntohs(tftphdr->th_block); - if (data->trace) -@@ -370,13 +368,13 @@ int tftpd_receive_file(struct thread_dat + block_number = tftp_rollover_blocknumber( + ntohs(tftphdr->th_block), prev_block_number, 0); +@@ -374,13 +372,13 @@ int tftpd_receive_file(struct thread_dat state = S_SEND_ACK; break; case S_END: ++++++ atftp-0.7-sorcerers_apprentice.patch ++++++ --- /var/tmp/diff_new_pack.PA3YV1/_old 2019-05-03 22:35:40.685362659 +0200 +++ /var/tmp/diff_new_pack.PA3YV1/_new 2019-05-03 22:35:40.689362669 +0200 @@ -10,7 +10,7 @@ /* * Find a hole in the file bitmap. -@@ -605,6 +606,7 @@ int tftp_send_file(struct client_data *d +@@ -629,6 +631,7 @@ int tftp_send_file(struct client_data *d int timeout_state = state; /* what state should we go on when timeout */ int result; long block_number = 0; @@ -18,22 +18,20 @@ long last_block = -1; int data_size; /* size of data received */ int sockfd = data->sockfd; /* just to simplify calls */ -@@ -765,6 +767,20 @@ int tftp_send_file(struct client_data *d - connected = 1; +@@ -791,6 +794,18 @@ int tftp_send_file(struct client_data *d } - block_number = ntohs(tftphdr->th_block); + block_number = tftp_rollover_blocknumber( + ntohs(tftphdr->th_block), prev_block_number, 0); + -+ /* if turned on, check whether the block request isn't already fulfilled */ ++ /* if turned on, check whether the block request isn't already fulfilled */ + if (tftp_prevent_sas) { -+ if (last_requested_block >= block_number) -+ { -+ if (data->trace) -+ fprintf(stderr, "received duplicated ACK <block: %ld >= %ld>\n", -+ last_requested_block, block_number); -+ break; -+ } -+ else -+ last_requested_block = block_number; ++ if (last_requested_block >= block_number) { ++ if (data->trace) ++ fprintf(stderr, "received duplicated ACK <block: %ld >= %ld>\n", ++ last_requested_block, block_number); ++ break; ++ } else ++ last_requested_block = block_number; + } + if (data->trace) @@ -51,17 +49,17 @@ #ifdef HAVE_PCRE extern tftpd_pcre_self_t *pcre_top; -@@ -403,6 +404,7 @@ int tftpd_send_file(struct thread_data * +@@ -407,6 +408,7 @@ int tftpd_send_file(struct thread_data * int timeout_state = state; int result; long block_number = 0; + long last_requested_block = -1; long last_block = -1; - int block_loops = 0; int data_size; -@@ -785,6 +787,10 @@ int tftpd_send_file(struct thread_data * - inet_ntoa(client_info->client.sin_addr), - ntohs(client_info->client.sin_port)); + struct sockaddr_storage *sa = &data->client_info->client; +@@ -818,6 +820,10 @@ int tftpd_send_file(struct thread_data * + sockaddr_get_port( + &client_info->client)); sa = &client_info->client; + + /* rewind the last_requested_block counter */ @@ -70,40 +68,36 @@ state = S_SEND_OACK; break; } -@@ -859,6 +865,32 @@ int tftpd_send_file(struct thread_data * - { - logger(LOG_DEBUG, "received ACK <block: %d>", block_number); - } +@@ -903,6 +909,28 @@ int tftpd_send_file(struct thread_data * + if (data->trace) + logger(LOG_DEBUG, "received ACK <block: %ld>", + block_number); + -+ /* if turned on, check whether the block request isn't already fulfilled */ ++ /* if turned on, check whether the block request isn't already fulfilled */ + if (tftpd_prevent_sas) { -+ /* multicast, block numbers could contain gaps */ -+ if (multicast) { -+ if (last_requested_block >= block_number) -+ { -+ if (data->trace) -+ logger(LOG_DEBUG, "received duplicated ACK <block: %d >= %d>", last_requested_block, block_number); -+ break; -+ } -+ else -+ last_requested_block = block_number; -+ /* unicast, blocks should be requested one after another */ -+ } else { -+ if (last_requested_block + 1 != block_number && last_requested_block != -1) -+ { -+ if (data->trace) -+ logger(LOG_DEBUG, "received out of order ACK <block: %d != %d>", last_requested_block + 1, block_number); -+ break; -+ } -+ else -+ last_requested_block = block_number; -+ } ++ /* multicast, block numbers could contain gaps */ ++ if (multicast) { ++ if (last_requested_block >= block_number) { ++ if (data->trace) ++ logger(LOG_DEBUG, "received duplicated ACK <block: %d >= %d>", last_requested_block, block_number); ++ break; ++ } else ++ last_requested_block = block_number; ++ /* unicast, blocks should be requested one after another */ ++ } else { ++ if (last_requested_block + 1 != block_number && last_requested_block != -1) { ++ if (data->trace) ++ logger(LOG_DEBUG, "received out of order ACK <block: %d != %d>", last_requested_block + 1, block_number); ++ break; ++ } else ++ last_requested_block = block_number; ++ } + } + - if (ntohs(tftphdr->th_block) == 65535) + if ((last_block != -1) && (block_number > last_block)) { - block_loops++; -@@ -958,6 +990,8 @@ int tftpd_send_file(struct thread_data * + state = S_END; +@@ -1001,6 +1029,8 @@ int tftpd_send_file(struct thread_data * /* nedd to send an oack to that client */ state = S_SEND_OACK; fseek(fp, 0, SEEK_SET); @@ -116,15 +110,15 @@ =================================================================== --- tftpd.c.orig +++ tftpd.c -@@ -62,6 +62,7 @@ int retry_timeout = S_TIMEOUT; +@@ -65,6 +65,7 @@ int listen_local = 0; int tftpd_daemon = 0; /* By default we are started by inetd */ int tftpd_daemon_no_fork = 0; /* For who want a false daemon mode */ +int tftpd_prevent_sas = 0; /* For who don't want the sorcerer's apprentice syndrome */ - short tftpd_port = 0; /* Port atftpd listen to */ + short tftpd_port = 69; /* Port atftpd listen to */ char tftpd_addr[MAXLEN] = ""; /* IP address atftpd binds to */ -@@ -833,6 +834,7 @@ int tftpd_cmd_line_options(int argc, cha +@@ -922,6 +923,7 @@ int tftpd_cmd_line_options(int argc, cha { "mtftp", 1, NULL, OPT_MTFTP }, { "mtftp-port", 1, NULL, OPT_MTFTP_PORT }, #endif @@ -132,7 +126,7 @@ { "no-source-port-checking", 0, NULL, OPT_PORT_CHECK }, { "mcast-switch-client", 0, NULL, OPT_MCAST_SWITCH }, { "version", 0, NULL, 'V' }, -@@ -896,6 +898,9 @@ int tftpd_cmd_line_options(int argc, cha +@@ -991,6 +993,9 @@ int tftpd_cmd_line_options(int argc, cha case 'N': tftpd_daemon_no_fork = 1; break; @@ -142,8 +136,8 @@ case 'U': tmp = strtok(optarg, "."); if (tmp != NULL) -@@ -1120,6 +1125,7 @@ void tftpd_usage(void) - " --pidfile <file> : write PID to this file\n" +@@ -1223,6 +1228,7 @@ void tftpd_usage(void) + " --listen-local : force listen on local network address\n" " --daemon : run atftpd standalone (no inetd)\n" " --no-fork : run as a daemon, don't fork\n" + " --prevent-sas : prevent Sorcerer's Apprentice Syndrome\n" @@ -154,7 +148,7 @@ =================================================================== --- tftp.c.orig +++ tftp.c -@@ -57,6 +57,7 @@ +@@ -58,6 +58,7 @@ /* defined as extern in tftp_file.c and mtftp_file.c, set by the signal handler */ int tftp_cancel = 0; @@ -162,7 +156,7 @@ /* local flags */ int interactive = 1; /* if false, we run in batch mode */ -@@ -982,6 +983,7 @@ int tftp_cmd_line_options(int argc, char +@@ -1006,6 +1007,7 @@ int tftp_cmd_line_options(int argc, char #endif { "mtftp", 1, NULL, '1'}, { "no-source-port-checking", 0, NULL, '0'}, @@ -170,7 +164,7 @@ { "verbose", 0, NULL, 'v'}, { "trace", 0, NULL, 'd'}, #if DEBUG -@@ -1086,6 +1088,9 @@ int tftp_cmd_line_options(int argc, char +@@ -1115,6 +1117,9 @@ int tftp_cmd_line_options(int argc, char case '0': data.checkport = 0; break; @@ -180,7 +174,7 @@ case 'v': snprintf(string, sizeof(string), "verbose on"); make_arg(string, &ac, &av); -@@ -1182,6 +1187,7 @@ void tftp_usage(void) +@@ -1226,6 +1231,7 @@ void tftp_usage(void) " --mtftp <\"name value\"> : set mtftp variable to value\n" #endif " --no-source-port-checking: violate RFC, see man page\n" @@ -192,7 +186,7 @@ =================================================================== --- atftpd.8.orig +++ atftpd.8 -@@ -180,6 +180,14 @@ implication. Be aware that this option v +@@ -181,6 +181,14 @@ implication. Be aware that this option v option has effect only for non-multicast transfer. .TP @@ -211,7 +205,7 @@ =================================================================== --- atftp.1.orig +++ atftp.1 -@@ -77,6 +77,14 @@ to configure client side port to use. +@@ -88,6 +88,14 @@ to configure client side port to use. See atftpd's man page. .TP ++++++ atftp-drop_privileges_non-daemon.patch ++++++ --- /var/tmp/diff_new_pack.PA3YV1/_old 2019-05-03 22:35:40.697362688 +0200 +++ /var/tmp/diff_new_pack.PA3YV1/_new 2019-05-03 22:35:40.697362688 +0200 @@ -1,8 +1,8 @@ -Index: atftp-0.7/tftpd.c +Index: atftp-0.7.2/tftpd.c =================================================================== ---- atftp-0.7.orig/tftpd.c 2016-12-06 13:41:15.955496990 +0100 -+++ atftp-0.7/tftpd.c 2016-12-06 14:55:23.573139906 +0100 -@@ -95,8 +95,8 @@ int deny_severity = LOG_NOTICE; +--- atftp-0.7.2.orig/tftpd.c ++++ atftp-0.7.2/tftpd.c +@@ -98,8 +98,8 @@ int deny_severity = LOG_NOTICE; #endif /* user ID and group ID when running as a daemon */ @@ -13,9 +13,11 @@ /* For special uses, disable source port checking */ int source_port_checking = 1; -@@ -274,33 +274,47 @@ int main(int argc, char **argv) +@@ -296,54 +296,46 @@ int main(int argc, char **argv) + */ dup2(sockfd, 0); close(sockfd); ++ } - /* release priviliedge */ - user = getpwnam(user_name); @@ -27,16 +29,6 @@ - user_name, group_name); - exit(1); - } -+ } - -- /* write our pid in the specified file before changing user*/ -- if (pidfile) -- { -- if (tftpd_pid_file(pidfile, 1) != OK) -- exit(1); -- /* to be able to remove it later */ -- chown(pidfile, user->pw_uid, group->gr_gid); -- } + /* release privilege */ + user = getpwnam(user_name); + group = getgrnam(group_name); @@ -48,9 +40,25 @@ + exit(1); + } -- setgid(group->gr_gid); -- setuid(user->pw_uid); -+ /* write our pid in the specified file before changing user*/ +- /* write our pid in the specified file before changing user*/ +- if (pidfile) +- { +- if (tftpd_pid_file(pidfile, 1) != OK) +- { +- logger(LOG_ERR, +- "atftpd: can't write our pid file: %s.", +- pidfile); +- exit(1); +- } +- /* to be able to remove it later */ +- if (chown(pidfile, user->pw_uid, group->gr_gid) != OK) { +- logger(LOG_ERR, +- "atftpd: failed to chown our pid file %s to owner %s.%s.", +- pidfile, user_name, group_name); +- exit(1); +- } +- } ++ /* write our pid in the specified file before changing user */ + if (pidfile) + { + if (tftpd_pid_file(pidfile, 1) != OK) @@ -59,21 +67,33 @@ + chown(pidfile, user->pw_uid, group->gr_gid); + } +- if (setgid(group->gr_gid) != OK) { +- logger(LOG_ERR, +- "atftpd: failed to setgid to group %d (%s).", +- group->gr_gid, group_name); +- exit(1); +- } +- if (setuid(user->pw_uid) != OK) { +- logger(LOG_ERR, +- "atftpd: failed to setuid to user %d (%s).", +- user->pw_uid, user_name); +- exit(1); +- } +- - /* Reopen log file now that we changed user, and that we've - * open and dup2 the socket. */ - open_logger("atftpd", log_file, logging_level); -+ if(setgid(group->gr_gid)) -+ { -+ logger(LOG_ERR, "atftpd: can't switch group to %s, exiting.", group_name); ++ if (setgid(group->gr_gid) != OK) { ++ logger(LOG_ERR, ++ "atftpd: failed to setgid to group %d (%s).", ++ group->gr_gid, group_name); + exit(1); -+ } -+ if (setgroups(0, NULL)) -+ { + } ++ if (setgroups(0, NULL)) { + logger(LOG_ERR, "atftpd: can't clear supplementary group list"); + exit(1); - } -+ if(setuid(user->pw_uid)) -+ { ++ } ++ if(setuid(user->pw_uid)) { + logger(LOG_ERR, "atftpd: can't switch user to %s, exiting.", user_name); + exit(1); + } @@ -82,5 +102,5 @@ + * open and dup2 the socket. */ + open_logger("atftpd", log_file, logging_level); + #if defined(SOL_IP) && defined(IP_PKTINFO) /* We need to retieve some information from incomming packets */ - if (setsockopt(0, SOL_IP, IP_PKTINFO, &one, sizeof(one)) != 0)