Hello community, here is the log from the commit of package uftpd for openSUSE:Factory checked in at 2019-06-01 09:51:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/uftpd (Old) and /work/SRC/openSUSE:Factory/.uftpd.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "uftpd" Sat Jun 1 09:51:53 2019 rev:5 rq:706243 version:2.8 Changes: -------- --- /work/SRC/openSUSE:Factory/uftpd/uftpd.changes 2019-03-04 09:24:43.176554076 +0100 +++ /work/SRC/openSUSE:Factory/.uftpd.new.5148/uftpd.changes 2019-06-01 09:51:55.111274741 +0200 @@ -1,0 +2,14 @@ +Tue May 28 17:44:15 UTC 2019 - Martin Hauke <[email protected]> + +- Update to version 2.8 + Changes: + * The FTP command processor now always converts all inbound + commands to uppercase to handle clients sending commands in + lowercase + * Any arguments to the FTP LIST command are now ignored + * Improved user feedback on bad FTP root error message + Fixes + * Fix #18: KDE Dolphin, FTP client interop problems. + * Fix off-by-one regression introduced in v2.5 + +------------------------------------------------------------------- Old: ---- uftpd-2.7.tar.gz New: ---- uftpd-2.8.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ uftpd.spec ++++++ --- /var/tmp/diff_new_pack.5uAhHY/_old 2019-06-01 09:51:55.599274574 +0200 +++ /var/tmp/diff_new_pack.5uAhHY/_new 2019-06-01 09:51:55.599274574 +0200 @@ -18,7 +18,7 @@ Name: uftpd -Version: 2.7 +Version: 2.8 Release: 0 Summary: A combined TFTP/FTP server License: ISC ++++++ uftpd-2.7.tar.gz -> uftpd-2.8.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.7/ChangeLog.md new/uftpd-2.8/ChangeLog.md --- old/uftpd-2.7/ChangeLog.md 2019-03-03 15:52:00.000000000 +0100 +++ new/uftpd-2.8/ChangeLog.md 2019-05-28 06:22:26.000000000 +0200 @@ -4,6 +4,19 @@ All notable changes to the project are documented in this file. +[v2.8][] - 2019-05-28 +--------------------- + +### Changes +- The FTP command processor now always converts all inbound commands + to uppercase to handle clients sending commands in lowercase +- Any arguments to the FTP `LIST` command are now ignored +- Improved user feedback on bad FTP root error message + +### Fixes +- Fix #18: KDE Dolphin, FTP client interop problems. + + [v2.7][] - 2019-03-03 --------------------- @@ -392,7 +405,8 @@ Lines must end in the old `\r\n` format, rather than UNIX `\n`. -[UNRELEASED]: https://github.com/troglobit/uftpd/compare/v2.7...HEAD +[UNRELEASED]: https://github.com/troglobit/uftpd/compare/v2.8...HEAD +[v2.8]: https://github.com/troglobit/uftpd/compare/v2.7...v2.8 [v2.7]: https://github.com/troglobit/uftpd/compare/v2.6...v2.7 [v2.6]: https://github.com/troglobit/uftpd/compare/v2.5...v2.6 [v2.5]: https://github.com/troglobit/uftpd/compare/v2.4...v2.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.7/configure.ac new/uftpd-2.8/configure.ac --- old/uftpd-2.7/configure.ac 2019-03-03 15:52:00.000000000 +0100 +++ new/uftpd-2.8/configure.ac 2019-05-28 06:22:26.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT([uftpd], [2.7], [https://github.com/troglobit/uftpd/issues],, [http://troglobit.com/uftpd.html]) +AC_INIT([uftpd], [2.8], [https://github.com/troglobit/uftpd/issues],, [http://troglobit.com/uftpd.html]) AM_INIT_AUTOMAKE([1.11 foreign no-dist-gzip dist-xz]) AM_SILENT_RULES([yes]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.7/debian/changelog new/uftpd-2.8/debian/changelog --- old/uftpd-2.7/debian/changelog 2019-03-03 15:52:00.000000000 +0100 +++ new/uftpd-2.8/debian/changelog 2019-05-28 06:22:26.000000000 +0200 @@ -1,3 +1,12 @@ +uftpd (2.8) unstable; urgency=medium + + * Fix off-by-one regression introduced in v2.5 + * Convert all commands from user to uppercase for processing + * Skip any and *all* FTP LIST options + * Enable users group writable FTP root in /etc/inetd.conf + + -- Joachim Nilsson <[email protected]> Tue, 28 May 2019 06:22:18 +0200 + uftpd (2.7) unstable; urgency=medium * Bug fix release diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.7/debian/postinst new/uftpd-2.8/debian/postinst --- old/uftpd-2.7/debian/postinst 2019-03-03 15:52:00.000000000 +0100 +++ new/uftpd-2.8/debian/postinst 2019-05-28 06:22:26.000000000 +0200 @@ -6,8 +6,8 @@ # Source debconf library. . /usr/share/debconf/confmodule -FTPENTRY="ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.ftpd" -TFTPENTRY="tftp dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.tftpd" +FTPENTRY="ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -o writable" +TFTPENTRY="tftp dgram udp wait root /usr/sbin/tcpd in.tftpd -o writable" if [ ! -f /etc/inetd.conf -a -d /etc/xinetd.d -a -x /usr/sbin/xinetd ]; then cat <<-TEXT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.7/debian/postrm new/uftpd-2.8/debian/postrm --- old/uftpd-2.7/debian/postrm 2019-03-03 15:52:00.000000000 +0100 +++ new/uftpd-2.8/debian/postrm 2019-05-28 06:22:26.000000000 +0200 @@ -4,9 +4,9 @@ if [ "$1" = "purge" ]; then if command -v update-inetd >/dev/null 2>&1; then - update-inetd --pattern '/usr/sbin/uftpd' --remove ".*ftp" - update-inetd --pattern '/usr/sbin/in.ftpd' --remove ftp - update-inetd --pattern '/usr/sbin/in.tftpd' --remove tftp + update-inetd --pattern 'uftpd' --remove ".*ftp" + update-inetd --pattern 'in.ftpd' --remove ftp + update-inetd --pattern 'in.tftpd' --remove tftp fi # Remove uftpd entries from db diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.7/debian/prerm new/uftpd-2.8/debian/prerm --- old/uftpd-2.7/debian/prerm 2019-03-03 15:52:00.000000000 +0100 +++ new/uftpd-2.8/debian/prerm 2019-05-28 06:22:26.000000000 +0200 @@ -2,7 +2,7 @@ set -e -update-inetd --pattern '/usr/sbin/in.ftpd' --multi --disable ftp -update-inetd --pattern '/usr/sbin/in.tftpd' --multi --disable tftp +update-inetd --pattern 'in.ftpd' --multi --disable ftp +update-inetd --pattern 'in.tftpd' --multi --disable tftp #DEBHELPER# diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.7/src/ftpcmd.c new/uftpd-2.8/src/ftpcmd.c --- old/uftpd-2.7/src/ftpcmd.c 2019-03-03 15:52:00.000000000 +0100 +++ new/uftpd-2.8/src/ftpcmd.c 2019-05-28 06:22:26.000000000 +0200 @@ -16,6 +16,7 @@ */ #include "uftpd.h" +#include <ctype.h> #include <arpa/ftp.h> #ifdef HAVE_SYS_TIME_H # include <sys/time.h> @@ -149,6 +150,9 @@ if (ptr) *ptr = 0; + /* Convert command to std ftp upper case, issue #18 */ + for (ptr = msg; *ptr; ++ptr) *ptr = toupper(*ptr); + DBG("Recv: %s %s", *cmd, *argument ?: ""); return 0; @@ -394,7 +398,7 @@ * entry is a file or directory. */ dir = compose_abspath(ctrl, path); - if (!dir || stat(dir, &st) || !S_ISDIR(st.st_mode)) { + if (!dir || stat(dir, &st) || !S_ISDIR(st.st_mode) || strlen(home) > strlen(dir)) { send_msg(ctrl->sd, "550 No such directory.\r\n"); return; } @@ -404,10 +408,13 @@ DBG("non-chrooted CWD, home:%s, dir:%s, len:%zd, dirlen:%zd", home, dir, len, strlen(dir)); - if (len <= strlen(dir)) - dir += len; + dir += len; } + snprintf(ctrl->cwd, sizeof(ctrl->cwd), "%s", dir); + if (ctrl->cwd[0] == 0) + snprintf(ctrl->cwd, sizeof(ctrl->cwd), "/"); + done: DBG("New CWD: '%s'", ctrl->cwd); send_msg(ctrl->sd, "250 OK\r\n"); @@ -748,12 +755,15 @@ /* Check if client sends ls arguments ... */ ptr = arg; while (*ptr) { - if (*ptr == ' ') + if (isspace(*ptr)) ptr++; - if (string_match(ptr, "-l")) - ptr += 2; - else - break; + + if (*ptr == '-') { + while (*ptr && !isspace(*ptr)) + ptr++; + } + + break; } /* Strip any "" from "<arg>" */ @@ -782,8 +792,13 @@ ctrl->file = strdup(arg ? arg : ""); ctrl->i = 0; ctrl->d_num = scandir(path, &ctrl->d, NULL, alphasort); - DBG("Reading directory %s ... %d number of entries", path, ctrl->d_num); + if (ctrl->d_num == -1) { + send_msg(ctrl->sd, "550 No such file or directory.\r\n"); + DBG("Failed reading directory '%s': %s", path, strerror(errno)); + return; + } + DBG("Reading directory %s ... %d number of entries", path, ctrl->d_num); if (ctrl->data_sd > -1) { send_msg(ctrl->sd, "125 Data connection already open; transfer starting.\r\n"); uev_io_init(ctrl->ctx, &ctrl->data_watcher, do_LIST, ctrl, ctrl->data_sd, UEV_WRITE); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.7/src/uftpd.c new/uftpd-2.8/src/uftpd.c --- old/uftpd-2.7/src/uftpd.c 2019-03-03 15:52:00.000000000 +0100 +++ new/uftpd-2.8/src/uftpd.c 2019-05-28 06:22:26.000000000 +0200 @@ -359,7 +359,7 @@ if (optind < argc) { home = realpath(argv[optind], NULL); if (!home) { - ERR(errno, "Invalid FTP root"); + ERR(errno, "Invalid FTP root %s", argv[optind]); return 1; } }
