Hello community,
here is the log from the commit of package atftp for openSUSE:Factory checked in at 2019-05-03 22:35:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/atftp (Old)
and /work/SRC/openSUSE:Factory/.atftp.new.5148 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "atftp"
Fri May 3 22:35:38 2019 rev:35 rq:698121 version:0.7.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/atftp/atftp.changes 2017-11-29 10:49:40.447149547 +0100
+++ /work/SRC/openSUSE:Factory/.atftp.new.5148/atftp.changes 2019-05-03 22:35:40.153361367 +0200
@@ -1,0 +2,54 @@
+Fri Apr 26 09:37:19 UTC 2019 - Pedro Monreal Gonzalez
+
+- Removed old initscript conditionals and atftpd.init file
+
+-------------------------------------------------------------------
+Wed Apr 24 14:57:32 UTC 2019 - Pedro Monreal Gonzalez
+
+- Update to version 0.7.2 [bsc#1133114, CVE-2019-11365][bsc#1133145, CVE-2019-11366]
+ * atftpd.c: Fixed a potential DoS bug (introduced by the IPv6 patch)
+ * Fix Debian Bug deb#613582 and deb#258998 atftpd: does not reply properly when there's more than 1 interface
+ * Fix Debian Bug deb#622840 atftpd: Forgets port if both --port and --bind-address are used
+ * Fix Debian Bug deb#606969 atftp exits with no error after a get when disk is full
+ * Fix Debian Bug deb#575831 atftp: error return value when tftp put file
+ * Fix missing default port from Ubuntu bug lp#972834
+ * Merged patches to improve debugging and warning messages
+ * Merged patch from Gentoo distribution:
+ add support for proprietary password extension necessary for
+ transferring files to linksys routers (atftp client)
+ * Added patch from Gentoo bug #322601: client fails for filenames containing spaces
+ * Listening Address configuration fixed
+ * Added Patch "Blksize option can be smaller than SEGSIZE"
+ * Fix Debian Bug deb#609813 Apply patch listen on requested port when in daemon mode.
+ * Fix Debian Bug deb#598474 Fixed use of sendto() over a connected datagram socket on FreeBSD
+ * Fix Debian Bug deb#580473 Apply IPv6 support patch by Ben Hutchings.
+ Add AC_GNU_SOURCE to configure.ac to address FTBFS.
+ * Fix Debian Bug deb#536295 Updated config.sub .guess.
+ * Fix Debian Bug deb#535604 Make sure we have the --daemon option before starting atftpd
+ * Fix Debian Bug deb#514521 Crash fix
+ * Fix Debian Bug deb#484739 Added support for logging to stdout.
+ * Fix Debian Bug deb#484932 inetd.conf: change udp to udp4
+ * Fix Debian Bug deb#436310 Fixed the FTBFS.
+ * Fix Debian Bug deb#420900 Use CLOCKS_PER_SEC instead of CLK_TCK. Fixed a FTBFS.
+ * Fix Debian Bug deb#271816 Random segfaults fixed
+ * Fix Debian Bug deb#291829 Segfault fixed on AMD64.
+ * Fix Debian Bug deb#290062 Copyright fixed.
+ * Fix Debian Bug deb#275052 Data corruption bug in multicast mode fixed.
+ * New Project home: https://sourceforge.net/projects/atftp/
+- Removed patches fixed upstream:
+ * atftp-0.7.dif
+ * atftp-CLK_TCK.diff
+ * atftp-0.7_compiler_warnings.patch
+ * atftp-0.7_thread_crash.patch
+ * atftp-0.7_sol_ip.patch
+ * atftp-0.7_bug-213384_OPT_NUMBER.patch
+ * atftpd-0.7_unprotected_assignments_crash.patch
+ * atftpd-0.7_circumvent_tftp_size_restrictions.patch
+- Rebased patches:
+ * atftp-0.7-ack_heuristic.patch
+ * atftp-0.7-default_user_man.patch
+ * atftp-0.7-server_receive_race.patch
+ * atftp-0.7-sorcerers_apprentice.patch
+ * atftp-drop_privileges_non-daemon.patch
+
+-------------------------------------------------------------------
Old:
----
atftp-0.7.dif
atftp-0.7.tar.bz2
atftp-0.7_bug-213384_OPT_NUMBER.patch
atftp-0.7_compiler_warnings.patch
atftp-0.7_sol_ip.patch
atftp-0.7_thread_crash.patch
atftp-CLK_TCK.diff
atftpd-0.7_circumvent_tftp_size_restrictions.patch
atftpd-0.7_unprotected_assignments_crash.patch
atftpd.init
New:
----
atftp-0.7.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ atftp.spec ++++++
--- /var/tmp/diff_new_pack.PA3YV1/_old 2019-05-03 22:35:40.649362573 +0200
+++ /var/tmp/diff_new_pack.PA3YV1/_new 2019-05-03 22:35:40.653362582 +0200
@@ -1,7 +1,7 @@
#
# spec file for package atftp
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -23,39 +23,29 @@
%endif
%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
-%define pkg_version 0.7
Name: atftp
-Version: 0.7.0
+Version: 0.7.2
Release: 0
Summary: Advanced TFTP Server and Client
-License: GPL-2.0+
+License: GPL-2.0-or-later
Group: System/Daemons
-Url: ftp://ftp.mamalinux.com/pub/atftp/
-Source: %{name}-%{pkg_version}.tar.bz2
-Source1: atftpd.init
+URL: https://sourceforge.net/projects/atftp/
+Source: %{name}-%{version}.tar.gz
Source2: atftpd.sysconfig
Source3: atftpd.logrotate
Source4: atftp.fw
Source5: atftpd.service
Source6: atftpd.socket
-Patch1: atftp-0.7.dif
-Patch2: atftp-CLK_TCK.diff
-Patch3: atftp-0.7_compiler_warnings.patch
-Patch4: atftp-0.7_thread_crash.patch
-Patch5: atftp-0.7_sol_ip.patch
-Patch6: atftp-0.7_bug-213384_OPT_NUMBER.patch
-Patch7: atftpd-0.7_unprotected_assignments_crash.patch
-Patch8: atftpd-0.7_circumvent_tftp_size_restrictions.patch
# PATCH-FIX-SUSE sorcerer's apprentice syndrom (bnc#727843)
-Patch9: atftp-0.7-sorcerers_apprentice.patch
+Patch1: atftp-0.7-sorcerers_apprentice.patch
# PATCH-FIX-SUSE server receive thread race (bnc#599856)
-Patch10: atftp-0.7-server_receive_race.patch
+Patch2: atftp-0.7-server_receive_race.patch
# PATCH-FIX-SUSE drop one duplicated ACK each round (bnc#774376)
-Patch12: atftp-0.7-ack_heuristic.patch
-Patch13: atftp-0.7-default_user_man.patch
+Patch3: atftp-0.7-ack_heuristic.patch
+Patch4: atftp-0.7-default_user_man.patch
# PATCH-FIX-SUSE update default directory in man (bnc#507011)
-Patch14: atftp-0.7-default_dir_man.patch
-Patch15: atftp-drop_privileges_non-daemon.patch
+Patch5: atftp-0.7-default_dir_man.patch
+Patch6: atftp-drop_privileges_non-daemon.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: pcre-devel
@@ -68,12 +58,8 @@
Provides: tftp(client)
Provides: tftp(server)
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%if 0%{?suse_version} >= 1210
BuildRequires: systemd-rpm-macros
%{?systemd_requires}
-%else
-Requires(pre): %insserv_prereq
-%endif
%description
atftp stands for Advanced Trivial File Transfer Protocol. It is called
@@ -85,21 +71,13 @@
boot of hundreds of machines simultaneously.
%prep
-%setup -q -n %{name}-%{pkg_version}
+%setup -q -n %{name}-%{version}
%patch1
%patch2
%patch3
%patch4
%patch5
-%patch6
-%patch7
-%patch8
-%patch9
-%patch10
-%patch12
-%patch13
-%patch14
-%patch15 -p1
+%patch6 -p1
%build
autoreconf -fi
@@ -110,14 +88,9 @@
%install
make DESTDIR=%{buildroot} install %{?_smp_mflags}
# SuSE rc
-%if 0%{?suse_version} >= 1210
install -D -m 0644 %{SOURCE5} %{buildroot}/%{_unitdir}/atftpd.service
install -D -m 0644 %{SOURCE6} %{buildroot}/%{_unitdir}/atftpd.socket
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcatftpd
-%else
-install -D -m 0755 %{SOURCE1} %{buildroot}%{_initddir}/atftpd
-ln -s -f ../..%{_initddir}/atftpd %{buildroot}%{_sbindir}/rcatftpd
-%endif
install -D -m 0644 %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.atftpd
install -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
mkdir -p %{buildroot}/%{_fwdefdir}
@@ -138,44 +111,28 @@
sed -i -e "s@^\(ATFTPD_OPTIONS=\"--daemon \"\)@#\1@" %{_sysconfdir}/sysconfig/atftpd
sed -i -e "s@^\(ATFTPD_DIRECTORY=\"/tftpboot\"\)@#\1@" %{_sysconfdir}/sysconfig/atftpd
fi
-%if 0%{?suse_version} >= 1210
%service_add_pre atftpd.service atftpd.socket
-%endif
%preun
-%if 0%{?suse_version} >= 1210
%service_del_preun atftpd.service atftpd.socket
-%else
-%stop_on_removal atftpd
-%endif
%post
-%if 0%{?suse_version} >= 1210
%service_add_post atftpd.service atftpd.socket
-%endif
%{fillup_only -n atftpd}
%postun
-%if 0%{?suse_version} >= 1210
%service_del_postun atftpd.service atftpd.socket
-%else
-%restart_on_update atftpd
-%insserv_cleanup
-%endif
%files
%defattr(-,root,root)
-%doc BUGS FAQ LICENSE README README.MCAST README.PCRE TODO
+%license LICENSE
+%doc BUGS FAQ README README.MCAST README.PCRE TODO
%{_bindir}/atftp
%{_sbindir}/atftpd
%{_sbindir}/in.tftpd
%{_sbindir}/rcatftpd
-%if 0%{?suse_version} >= 1210
%{_unitdir}/atftpd.service
%{_unitdir}/atftpd.socket
-%else
-%{_initddir}/atftpd
-%endif
%config %{_sysconfdir}/logrotate.d/%{name}
%{_fillupdir}/sysconfig.atftpd
%{_mandir}/man1/atftp.1.gz
++++++ atftp-0.7-ack_heuristic.patch ++++++
--- /var/tmp/diff_new_pack.PA3YV1/_old 2019-05-03 22:35:40.665362611 +0200
+++ /var/tmp/diff_new_pack.PA3YV1/_new 2019-05-03 22:35:40.669362621 +0200
@@ -2,15 +2,15 @@
===================================================================
--- tftpd_file.c.orig
+++ tftpd_file.c
-@@ -402,7 +402,6 @@ int tftpd_send_file(struct thread_data *
+@@ -406,7 +406,6 @@ int tftpd_send_file(struct thread_data *
int timeout_state = state;
int result;
long block_number = 0;
- long last_requested_block = -1;
long last_block = -1;
- int block_loops = 0;
int data_size;
-@@ -430,6 +429,11 @@ int tftpd_send_file(struct thread_data *
+ struct sockaddr_storage *sa = &data->client_info->client;
+@@ -434,6 +433,11 @@ int tftpd_send_file(struct thread_data *
long prev_file_pos = 0;
int temp = 0;
@@ -22,8 +22,8 @@
/* look for mode option */
if (strcasecmp(data->tftp_options[OPT_MODE].value, "netascii") == 0)
{
-@@ -786,8 +790,8 @@ int tftpd_send_file(struct thread_data *
- ntohs(client_info->client.sin_port));
+@@ -819,8 +823,8 @@ int tftpd_send_file(struct thread_data *
+ &client_info->client));
sa = &client_info->client;
- /* rewind the last_requested_block counter */
@@ -33,117 +33,111 @@
state = S_SEND_OACK;
break;
-@@ -856,6 +860,7 @@ int tftpd_send_file(struct thread_data *
+@@ -895,6 +899,7 @@ int tftpd_send_file(struct thread_data *
"source port mismatch, check bypassed");
}
}
+
/* The ACK is from the current client */
number_of_timeout = 0;
- block_number = (block_loops * 65536) + ntohs(tftphdr->th_block);
-@@ -864,28 +869,88 @@ int tftpd_send_file(struct thread_data *
- logger(LOG_DEBUG, "received ACK ", block_number);
- }
+ if (multicast)
+@@ -908,24 +913,82 @@ int tftpd_send_file(struct thread_data *
+ logger(LOG_DEBUG, "received ACK ",
+ block_number);
-- /* if turned on, check whether the block request isn't already fulfilled */
+- /* if turned on, check whether the block request isn't already fulfilled */
- if (tftpd_prevent_sas) {
-- /* multicast, block numbers could contain gaps */
-- if (multicast) {
-- if (last_requested_block >= block_number)
+- /* multicast, block numbers could contain gaps */
+- if (multicast) {
+- if (last_requested_block >= block_number) {
+ /* Now check the ACK number and possibly ignore the request */
+
+ /* multicast, block numbers could contain gaps */
+ if (multicast) {
-+ /* if turned on, check whether the block request isn't already fulfilled */
-+ if (tftpd_prevent_sas) {
-+ if (prev_sent_block >= block_number)
- {
- if (data->trace)
-- logger(LOG_DEBUG, "received duplicated ACK = %d>", last_requested_block, block_number);
-+ logger(LOG_DEBUG, "received duplicated ACK = %d>", prev_sent_block, block_number);
- break;
- }
- else
-- last_requested_block = block_number;
-- /* unicast, blocks should be requested one after another */
-- } else {
-- if (last_requested_block + 1 != block_number && last_requested_block != -1)
-+ prev_sent_block = block_number;
-+ }
-+ /* don't prevent thes SAS */
-+ /* use a heuristic suggested by Vladimir Nadvornik */
-+ else {
-+ /* here comes the ACK again */
-+ if (prev_sent_block == block_number)
-+ {
-+ /* drop if number of ACKs == times of previous block sending */
-+ if (++prev_ack_count == prev_sent_count) {
-+ logger(LOG_DEBUG, "ACK count (%d) == previous block transmission count -> dropping ACK", prev_ack_count);
-+ break;
-+ }
-+ /* else resend the block */
-+ logger(LOG_DEBUG, "resending block %d", block_number + 1);
-+ }
-+ /* received ACK to sent block -> move on to next block */
-+ else if (prev_sent_block < block_number) {
-+ prev_sent_block = block_number;
-+ prev_sent_count = curr_sent_count;
-+ curr_sent_count = 0;
-+ prev_ack_count = 1;
-+ }
-+ /* block with low number -> ignore it completely */
-+ else {
-+ logger(LOG_DEBUG, "ignoring ACK %d", block_number);
-+ break;
-+ }
-+ }
-+ /* unicast, blocks should be requested one after another */
-+ } else {
-+ /* if turned on, check whether the block request isn't already fulfilled */
-+ if (tftpd_prevent_sas) {
-+ if (prev_sent_block + 1 != block_number)
- {
-+ logger(LOG_WARNING, "timeout: retrying...");
- if (data->trace)
-- logger(LOG_DEBUG, "received out of order ACK ", last_requested_block + 1, block_number);
-+ logger(LOG_DEBUG, "received out of order ACK ", prev_sent_block + 1, block_number);
-+ break;
-+ }
-+ else {
-+ prev_sent_block = block_number;
-+ }
-+ /* don't prevent thes SAS */
-+ /* use a heuristic suggested by Vladimir Nadvornik */
-+ } else {
-+ /* here comes the ACK again */
-+ if (prev_sent_block == block_number)
-+ {
-+ /* drop if number of ACKs == times of previous block sending */
-+ if (++prev_ack_count == prev_sent_count) {
-+ logger(LOG_DEBUG, "ACK count (%d) == previous block transmission count -> dropping ACK", prev_ack_count);
-+ break;
-+ }
-+ /* else resend the block */
-+ logger(LOG_DEBUG, "resending block %d", block_number + 1);
-+ }
-+ /* received ACK to sent block -> move on to next block */
-+ else if (prev_sent_block < block_number) {
-+ prev_sent_block = block_number;
-+ prev_sent_count = curr_sent_count;
-+ curr_sent_count = 0;
-+ prev_ack_count = 1;
-+ }
-+ /* nor previous nor current block number -> ignore it completely */
-+ else {
-+ logger(LOG_DEBUG, "ignoring ACK %d", block_number);
- break;
- }
-- else
-- last_requested_block = block_number;
- }
++ /* if turned on, check whether the block request isn't already fulfilled */
++ if (tftpd_prevent_sas) {
++ if (prev_sent_block >= block_number) {
+ if (data->trace)
+- logger(LOG_DEBUG, "received duplicated ACK = %d>", last_requested_block, block_number);
++ logger(LOG_DEBUG, "received duplicated ACK = %d>", prev_sent_block, block_number);
+ break;
+ } else
+- last_requested_block = block_number;
+- /* unicast, blocks should be requested one after another */
+- } else {
+- if (last_requested_block + 1 != block_number && last_requested_block != -1) {
++ prev_sent_block = block_number;
++ }
++ /* don't prevent thes SAS */
++ /* use a heuristic suggested by Vladimir Nadvornik */
++ else {
++ /* here comes the ACK again */
++ if (prev_sent_block == block_number) {
++ /* drop if number of ACKs == times of previous block sending */
++ if (++prev_ack_count == prev_sent_count) {
++ logger(LOG_DEBUG, "ACK count (%d) == previous block transmission count -> dropping ACK", prev_ack_count);
++ break;
++ }
++ /* else resend the block */
++ logger(LOG_DEBUG, "resending block %d", block_number + 1);
++ }
++ /* received ACK to sent block -> move on to next block */
++ else if (prev_sent_block < block_number) {
++ prev_sent_block = block_number;
++ prev_sent_count = curr_sent_count;
++ curr_sent_count = 0;
++ prev_ack_count = 1;
++ }
++ /* block with low number -> ignore it completely */
++ else {
++ logger(LOG_DEBUG, "ignoring ACK %d", block_number);
++ break;
++ }
++ }
++ /* unicast, blocks should be requested one after another */
++ } else {
++ /* if turned on, check whether the block request isn't already fulfilled */
++ if (tftpd_prevent_sas) {
++ if (prev_sent_block + 1 != block_number) {
++ logger(LOG_WARNING, "timeout: retrying...");
+ if (data->trace)
+- logger(LOG_DEBUG, "received out of order ACK ", last_requested_block + 1, block_number);
++ logger(LOG_DEBUG, "received out of order ACK ", prev_sent_block + 1, block_number);
+ break;
+- } else
+- last_requested_block = block_number;
++ } else {
++ prev_sent_block = block_number;
++ }
++ /* don't prevent thes SAS */
++ /* use a heuristic suggested by Vladimir Nadvornik */
++ } else {
++ /* here comes the ACK again */
++ if (prev_sent_block == block_number) {
++ /* drop if number of ACKs == times of previous block sending */
++ if (++prev_ack_count == prev_sent_count) {
++ logger(LOG_DEBUG, "ACK count (%d) == previous block transmission count -> dropping ACK", prev_ack_count);
++ break;
++ }
++ /* else resend the block */
++ logger(LOG_DEBUG, "resending block %d", block_number + 1);
++ }
++ /* received ACK to sent block -> move on to next block */
++ else if (prev_sent_block < block_number) {
++ prev_sent_block = block_number;
++ prev_sent_count = curr_sent_count;
++ curr_sent_count = 0;
++ prev_ack_count = 1;
++ }
++ /* nor previous nor current block number -> ignore it completely */
++ else {
++ logger(LOG_DEBUG, "ignoring ACK %d", block_number);
++ break;
++ }
+ }
}
-@@ -898,6 +963,8 @@ int tftpd_send_file(struct thread_data *
+@@ -934,6 +997,8 @@ int tftpd_send_file(struct thread_data *
state = S_END;
break;
}
@@ -152,7 +146,7 @@
state = S_SEND_DATA;
break;
case GET_ERROR:
-@@ -989,7 +1056,7 @@ int tftpd_send_file(struct thread_data *
+@@ -1028,7 +1093,7 @@ int tftpd_send_file(struct thread_data *
state = S_SEND_OACK;
fseek(fp, 0, SEEK_SET);
/* reset the last block received counter */
++++++ atftp-0.7-default_user_man.patch ++++++
--- /var/tmp/diff_new_pack.PA3YV1/_old 2019-05-03 22:35:40.677362640 +0200
+++ /var/tmp/diff_new_pack.PA3YV1/_new 2019-05-03 22:35:40.677362640 +0200
@@ -12,10 +12,10 @@
file. Assuming the file is /var/log/atftpd.log, simply run: "touch
-/var/log/atftpd.log" and then "chown nobody.nogroup
+/var/log/atftpd.log" and then "chown tftp.tftp
- /var/log/atftpd.log". When the server is ran in daemon mode,
- /dev/stdout or /dev/stderr can be used.
-
-@@ -105,8 +105,8 @@ specialized usage.
+ /var/log/atftpd.log". When the server is run in daemon mode,
+ /dev/stdout or /dev/stderr can be used. Specifying a single dash as
+ the filename will send logs to stdout (file descriptor 1).
+@@ -106,8 +106,8 @@ specialized usage.
.TP
.B \-\-user
@@ -26,7 +26,7 @@
.TP
.B \-\-group <group>
-@@ -211,7 +211,7 @@ Show summary of options.
+@@ -212,7 +212,7 @@ Show summary of options.
This is the root directory used by the TFTP server. All requested
files from a TFTP client must reside in this directory. If not
specified, the directory defaults to /tftpboot. Since
++++++ atftp-0.7-server_receive_race.patch ++++++
--- /var/tmp/diff_new_pack.PA3YV1/_old 2019-05-03 22:35:40.681362650 +0200
+++ /var/tmp/diff_new_pack.PA3YV1/_new 2019-05-03 22:35:40.681362650 +0200
@@ -2,16 +2,16 @@
===================================================================
--- tftpd_file.c.orig
+++ tftpd_file.c
-@@ -114,7 +114,7 @@ int tftpd_receive_file(struct thread_dat
- struct sockaddr_in *sa = &data->client_info->client;
- struct sockaddr_in from;
+@@ -115,7 +115,7 @@ int tftpd_receive_file(struct thread_dat
+ struct sockaddr_storage from;
+ char addr_str[SOCKADDR_PRINT_ADDR_LEN];
struct tftphdr *tftphdr = (struct tftphdr *)data->data_buffer;
- FILE *fp;
+ FILE *fp = NULL;
char filename[MAXLEN];
char string[MAXLEN];
int timeout = data->timeout;
-@@ -144,18 +144,6 @@ int tftpd_receive_file(struct thread_dat
+@@ -145,18 +145,6 @@ int tftpd_receive_file(struct thread_dat
return ERR;
}
@@ -30,7 +30,7 @@
/* tsize option */
if (((result = opt_get_tsize(data->tftp_options)) > -1) && !convert)
{
-@@ -172,7 +160,6 @@ int tftpd_receive_file(struct thread_dat
+@@ -173,7 +161,6 @@ int tftpd_receive_file(struct thread_dat
if (data->trace)
logger(LOG_DEBUG, "sent ERROR ", EOPTNEG,
tftp_errmsg[EOPTNEG]);
@@ -38,7 +38,7 @@
return ERR;
}
timeout = result;
-@@ -189,7 +176,6 @@ int tftpd_receive_file(struct thread_dat
+@@ -190,7 +177,6 @@ int tftpd_receive_file(struct thread_dat
if (data->trace)
logger(LOG_DEBUG, "sent ERROR ", EOPTNEG,
tftp_errmsg[EOPTNEG]);
@@ -46,7 +46,7 @@
return ERR;
}
-@@ -199,7 +185,6 @@ int tftpd_receive_file(struct thread_dat
+@@ -200,7 +186,6 @@ int tftpd_receive_file(struct thread_dat
if (data->data_buffer == NULL)
{
logger(LOG_ERR, "memory allocation failure");
@@ -54,7 +54,7 @@
return ERR;
}
tftphdr = (struct tftphdr *)data->data_buffer;
-@@ -210,7 +195,6 @@ int tftpd_receive_file(struct thread_dat
+@@ -211,7 +196,6 @@ int tftpd_receive_file(struct thread_dat
if (data->trace)
logger(LOG_DEBUG, "sent ERROR ", ENOSPACE,
tftp_errmsg[ENOSPACE]);
@@ -62,7 +62,7 @@
return ERR;
}
opt_set_blksize(result, data->tftp_options);
-@@ -343,6 +327,20 @@ int tftpd_receive_file(struct thread_dat
+@@ -346,6 +330,20 @@ int tftpd_receive_file(struct thread_dat
}
break;
case S_DATA_RECEIVED:
@@ -81,9 +81,9 @@
+ }
+
/* We need to seek to the right place in the file */
- block_number = ntohs(tftphdr->th_block);
- if (data->trace)
-@@ -370,13 +368,13 @@ int tftpd_receive_file(struct thread_dat
+ block_number = tftp_rollover_blocknumber(
+ ntohs(tftphdr->th_block), prev_block_number, 0);
+@@ -374,13 +372,13 @@ int tftpd_receive_file(struct thread_dat
state = S_SEND_ACK;
break;
case S_END:
++++++ atftp-0.7-sorcerers_apprentice.patch ++++++
--- /var/tmp/diff_new_pack.PA3YV1/_old 2019-05-03 22:35:40.685362659 +0200
+++ /var/tmp/diff_new_pack.PA3YV1/_new 2019-05-03 22:35:40.689362669 +0200
@@ -10,7 +10,7 @@
/*
* Find a hole in the file bitmap.
-@@ -605,6 +606,7 @@ int tftp_send_file(struct client_data *d
+@@ -629,6 +631,7 @@ int tftp_send_file(struct client_data *d
int timeout_state = state; /* what state should we go on when timeout */
int result;
long block_number = 0;
@@ -18,22 +18,20 @@
long last_block = -1;
int data_size; /* size of data received */
int sockfd = data->sockfd; /* just to simplify calls */
-@@ -765,6 +767,20 @@ int tftp_send_file(struct client_data *d
- connected = 1;
+@@ -791,6 +794,18 @@ int tftp_send_file(struct client_data *d
}
- block_number = ntohs(tftphdr->th_block);
+ block_number = tftp_rollover_blocknumber(
+ ntohs(tftphdr->th_block), prev_block_number, 0);
+
-+ /* if turned on, check whether the block request isn't already fulfilled */
++ /* if turned on, check whether the block request isn't already fulfilled */
+ if (tftp_prevent_sas) {
-+ if (last_requested_block >= block_number)
-+ {
-+ if (data->trace)
-+ fprintf(stderr, "received duplicated ACK = %ld>\n",
-+ last_requested_block, block_number);
-+ break;
-+ }
-+ else
-+ last_requested_block = block_number;
++ if (last_requested_block >= block_number) {
++ if (data->trace)
++ fprintf(stderr, "received duplicated ACK = %ld>\n",
++ last_requested_block, block_number);
++ break;
++ } else
++ last_requested_block = block_number;
+ }
+
if (data->trace)
@@ -51,17 +49,17 @@
#ifdef HAVE_PCRE
extern tftpd_pcre_self_t *pcre_top;
-@@ -403,6 +404,7 @@ int tftpd_send_file(struct thread_data *
+@@ -407,6 +408,7 @@ int tftpd_send_file(struct thread_data *
int timeout_state = state;
int result;
long block_number = 0;
+ long last_requested_block = -1;
long last_block = -1;
- int block_loops = 0;
int data_size;
-@@ -785,6 +787,10 @@ int tftpd_send_file(struct thread_data *
- inet_ntoa(client_info->client.sin_addr),
- ntohs(client_info->client.sin_port));
+ struct sockaddr_storage *sa = &data->client_info->client;
+@@ -818,6 +820,10 @@ int tftpd_send_file(struct thread_data *
+ sockaddr_get_port(
+ &client_info->client));
sa = &client_info->client;
+
+ /* rewind the last_requested_block counter */
@@ -70,40 +68,36 @@
state = S_SEND_OACK;
break;
}
-@@ -859,6 +865,32 @@ int tftpd_send_file(struct thread_data *
- {
- logger(LOG_DEBUG, "received ACK ", block_number);
- }
+@@ -903,6 +909,28 @@ int tftpd_send_file(struct thread_data *
+ if (data->trace)
+ logger(LOG_DEBUG, "received ACK ",
+ block_number);
+
-+ /* if turned on, check whether the block request isn't already fulfilled */
++ /* if turned on, check whether the block request isn't already fulfilled */
+ if (tftpd_prevent_sas) {
-+ /* multicast, block numbers could contain gaps */
-+ if (multicast) {
-+ if (last_requested_block >= block_number)
-+ {
-+ if (data->trace)
-+ logger(LOG_DEBUG, "received duplicated ACK = %d>", last_requested_block, block_number);
-+ break;
-+ }
-+ else
-+ last_requested_block = block_number;
-+ /* unicast, blocks should be requested one after another */
-+ } else {
-+ if (last_requested_block + 1 != block_number && last_requested_block != -1)
-+ {
-+ if (data->trace)
-+ logger(LOG_DEBUG, "received out of order ACK ", last_requested_block + 1, block_number);
-+ break;
-+ }
-+ else
-+ last_requested_block = block_number;
-+ }
++ /* multicast, block numbers could contain gaps */
++ if (multicast) {
++ if (last_requested_block >= block_number) {
++ if (data->trace)
++ logger(LOG_DEBUG, "received duplicated ACK = %d>", last_requested_block, block_number);
++ break;
++ } else
++ last_requested_block = block_number;
++ /* unicast, blocks should be requested one after another */
++ } else {
++ if (last_requested_block + 1 != block_number && last_requested_block != -1) {
++ if (data->trace)
++ logger(LOG_DEBUG, "received out of order ACK ", last_requested_block + 1, block_number);
++ break;
++ } else
++ last_requested_block = block_number;
++ }
+ }
+
- if (ntohs(tftphdr->th_block) == 65535)
+ if ((last_block != -1) && (block_number > last_block))
{
- block_loops++;
-@@ -958,6 +990,8 @@ int tftpd_send_file(struct thread_data *
+ state = S_END;
+@@ -1001,6 +1029,8 @@ int tftpd_send_file(struct thread_data *
/* nedd to send an oack to that client */
state = S_SEND_OACK;
fseek(fp, 0, SEEK_SET);
@@ -116,15 +110,15 @@
===================================================================
--- tftpd.c.orig
+++ tftpd.c
-@@ -62,6 +62,7 @@ int retry_timeout = S_TIMEOUT;
+@@ -65,6 +65,7 @@ int listen_local = 0;
int tftpd_daemon = 0; /* By default we are started by inetd */
int tftpd_daemon_no_fork = 0; /* For who want a false daemon mode */
+int tftpd_prevent_sas = 0; /* For who don't want the sorcerer's apprentice syndrome */
- short tftpd_port = 0; /* Port atftpd listen to */
+ short tftpd_port = 69; /* Port atftpd listen to */
char tftpd_addr[MAXLEN] = ""; /* IP address atftpd binds to */
-@@ -833,6 +834,7 @@ int tftpd_cmd_line_options(int argc, cha
+@@ -922,6 +923,7 @@ int tftpd_cmd_line_options(int argc, cha
{ "mtftp", 1, NULL, OPT_MTFTP },
{ "mtftp-port", 1, NULL, OPT_MTFTP_PORT },
#endif
@@ -132,7 +126,7 @@
{ "no-source-port-checking", 0, NULL, OPT_PORT_CHECK },
{ "mcast-switch-client", 0, NULL, OPT_MCAST_SWITCH },
{ "version", 0, NULL, 'V' },
-@@ -896,6 +898,9 @@ int tftpd_cmd_line_options(int argc, cha
+@@ -991,6 +993,9 @@ int tftpd_cmd_line_options(int argc, cha
case 'N':
tftpd_daemon_no_fork = 1;
break;
@@ -142,8 +136,8 @@
case 'U':
tmp = strtok(optarg, ".");
if (tmp != NULL)
-@@ -1120,6 +1125,7 @@ void tftpd_usage(void)
- " --pidfile <file> : write PID to this file\n"
+@@ -1223,6 +1228,7 @@ void tftpd_usage(void)
+ " --listen-local : force listen on local network address\n"
" --daemon : run atftpd standalone (no inetd)\n"
" --no-fork : run as a daemon, don't fork\n"
+ " --prevent-sas : prevent Sorcerer's Apprentice Syndrome\n"
@@ -154,7 +148,7 @@
===================================================================
--- tftp.c.orig
+++ tftp.c
-@@ -57,6 +57,7 @@
+@@ -58,6 +58,7 @@
/* defined as extern in tftp_file.c and mtftp_file.c, set by the signal
handler */
int tftp_cancel = 0;
@@ -162,7 +156,7 @@
/* local flags */
int interactive = 1; /* if false, we run in batch mode */
-@@ -982,6 +983,7 @@ int tftp_cmd_line_options(int argc, char
+@@ -1006,6 +1007,7 @@ int tftp_cmd_line_options(int argc, char
#endif
{ "mtftp", 1, NULL, '1'},
{ "no-source-port-checking", 0, NULL, '0'},
@@ -170,7 +164,7 @@
{ "verbose", 0, NULL, 'v'},
{ "trace", 0, NULL, 'd'},
#if DEBUG
-@@ -1086,6 +1088,9 @@ int tftp_cmd_line_options(int argc, char
+@@ -1115,6 +1117,9 @@ int tftp_cmd_line_options(int argc, char
case '0':
data.checkport = 0;
break;
@@ -180,7 +174,7 @@
case 'v':
snprintf(string, sizeof(string), "verbose on");
make_arg(string, &ac, &av);
-@@ -1182,6 +1187,7 @@ void tftp_usage(void)
+@@ -1226,6 +1231,7 @@ void tftp_usage(void)
" --mtftp <\"name value\"> : set mtftp variable to value\n"
#endif
" --no-source-port-checking: violate RFC, see man page\n"
@@ -192,7 +186,7 @@
===================================================================
--- atftpd.8.orig
+++ atftpd.8
-@@ -180,6 +180,14 @@ implication. Be aware that this option v
+@@ -181,6 +181,14 @@ implication. Be aware that this option v
option has effect only for non-multicast transfer.
.TP
@@ -211,7 +205,7 @@
===================================================================
--- atftp.1.orig
+++ atftp.1
-@@ -77,6 +77,14 @@ to configure client side port to use.
+@@ -88,6 +88,14 @@ to configure client side port to use.
See atftpd's man page.
.TP
++++++ atftp-drop_privileges_non-daemon.patch ++++++
--- /var/tmp/diff_new_pack.PA3YV1/_old 2019-05-03 22:35:40.697362688 +0200
+++ /var/tmp/diff_new_pack.PA3YV1/_new 2019-05-03 22:35:40.697362688 +0200
@@ -1,8 +1,8 @@
-Index: atftp-0.7/tftpd.c
+Index: atftp-0.7.2/tftpd.c
===================================================================
---- atftp-0.7.orig/tftpd.c 2016-12-06 13:41:15.955496990 +0100
-+++ atftp-0.7/tftpd.c 2016-12-06 14:55:23.573139906 +0100
-@@ -95,8 +95,8 @@ int deny_severity = LOG_NOTICE;
+--- atftp-0.7.2.orig/tftpd.c
++++ atftp-0.7.2/tftpd.c
+@@ -98,8 +98,8 @@ int deny_severity = LOG_NOTICE;
#endif
/* user ID and group ID when running as a daemon */
@@ -13,9 +13,11 @@
/* For special uses, disable source port checking */
int source_port_checking = 1;
-@@ -274,33 +274,47 @@ int main(int argc, char **argv)
+@@ -296,54 +296,46 @@ int main(int argc, char **argv)
+ */
dup2(sockfd, 0);
close(sockfd);
++ }
- /* release priviliedge */
- user = getpwnam(user_name);
@@ -27,16 +29,6 @@
- user_name, group_name);
- exit(1);
- }
-+ }
-
-- /* write our pid in the specified file before changing user*/
-- if (pidfile)
-- {
-- if (tftpd_pid_file(pidfile, 1) != OK)
-- exit(1);
-- /* to be able to remove it later */
-- chown(pidfile, user->pw_uid, group->gr_gid);
-- }
+ /* release privilege */
+ user = getpwnam(user_name);
+ group = getgrnam(group_name);
@@ -48,9 +40,25 @@
+ exit(1);
+ }
-- setgid(group->gr_gid);
-- setuid(user->pw_uid);
-+ /* write our pid in the specified file before changing user*/
+- /* write our pid in the specified file before changing user*/
+- if (pidfile)
+- {
+- if (tftpd_pid_file(pidfile, 1) != OK)
+- {
+- logger(LOG_ERR,
+- "atftpd: can't write our pid file: %s.",
+- pidfile);
+- exit(1);
+- }
+- /* to be able to remove it later */
+- if (chown(pidfile, user->pw_uid, group->gr_gid) != OK) {
+- logger(LOG_ERR,
+- "atftpd: failed to chown our pid file %s to owner %s.%s.",
+- pidfile, user_name, group_name);
+- exit(1);
+- }
+- }
++ /* write our pid in the specified file before changing user */
+ if (pidfile)
+ {
+ if (tftpd_pid_file(pidfile, 1) != OK)
@@ -59,21 +67,33 @@
+ chown(pidfile, user->pw_uid, group->gr_gid);
+ }
+- if (setgid(group->gr_gid) != OK) {
+- logger(LOG_ERR,
+- "atftpd: failed to setgid to group %d (%s).",
+- group->gr_gid, group_name);
+- exit(1);
+- }
+- if (setuid(user->pw_uid) != OK) {
+- logger(LOG_ERR,
+- "atftpd: failed to setuid to user %d (%s).",
+- user->pw_uid, user_name);
+- exit(1);
+- }
+-
- /* Reopen log file now that we changed user, and that we've
- * open and dup2 the socket. */
- open_logger("atftpd", log_file, logging_level);
-+ if(setgid(group->gr_gid))
-+ {
-+ logger(LOG_ERR, "atftpd: can't switch group to %s, exiting.", group_name);
++ if (setgid(group->gr_gid) != OK) {
++ logger(LOG_ERR,
++ "atftpd: failed to setgid to group %d (%s).",
++ group->gr_gid, group_name);
+ exit(1);
-+ }
-+ if (setgroups(0, NULL))
-+ {
+ }
++ if (setgroups(0, NULL)) {
+ logger(LOG_ERR, "atftpd: can't clear supplementary group list");
+ exit(1);
- }
-+ if(setuid(user->pw_uid))
-+ {
++ }
++ if(setuid(user->pw_uid)) {
+ logger(LOG_ERR, "atftpd: can't switch user to %s, exiting.", user_name);
+ exit(1);
+ }
@@ -82,5 +102,5 @@
+ * open and dup2 the socket. */
+ open_logger("atftpd", log_file, logging_level);
+ #if defined(SOL_IP) && defined(IP_PKTINFO)
/* We need to retieve some information from incomming packets */
- if (setsockopt(0, SOL_IP, IP_PKTINFO, &one, sizeof(one)) != 0)