Hello community,
here is the log from the commit of package tftp.1597 for openSUSE:12.1:Update
checked in at 2013-04-24 17:28:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1:Update/tftp.1597 (Old)
and /work/SRC/openSUSE:12.1:Update/.tftp.1597.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tftp.1597", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2013-04-05 00:01:41.916011506 +0200
+++ /work/SRC/openSUSE:12.1:Update/.tftp.1597.new/tftp.changes 2013-04-24
17:28:28.000000000 +0200
@@ -0,0 +1,385 @@
+-------------------------------------------------------------------
+Thu Apr 18 09:57:36 UTC 2013 - vci...@suse.com
+
+- change ownership of /srv/tftpboot to tftp:tftp, otherwise tftp
+ daemon can't write there (bnc#813226)
+
+-------------------------------------------------------------------
+Wed Jan 2 13:18:32 UTC 2013 - vci...@suse.com
+
+- tftp-hpa-0.48-macros-crash.patch:
+ prevent buffer overflow in handling of \x macro (bnc#793883)
+- tftp-hpa-0.48-macros-v6mapped.patch:
+ for \i and \x, expand v6-mapped addresses as native IPv4
+ (bnc#793883)
+- patches come from Michal Kubecek
+
+-------------------------------------------------------------------
+Mon Sep 3 12:53:06 UTC 2012 - vci...@suse.com
+
+- properly get destination address when listening on secondary
+ interface (bnc#774861)
+
+-------------------------------------------------------------------
+Tue Sep 6 13:01:31 UTC 2011 - vci...@suse.com
+
+- added missing PreReq: pwdutils
+
+-------------------------------------------------------------------
+Fri Jun 24 07:09:50 UTC 2011 - pu...@novell.com
+
+- unbreak tftp by changing to user to run as in tftpd itself,
+ not via xinetd (bnc#682340)
+
+-------------------------------------------------------------------
+Thu Jun 23 12:17:37 UTC 2011 - pu...@novell.com
+
+- update to version-5.1
+ - Add -P option to write a PID file. Patch by Ferenc Wagner.
+ - Bounce the syslog socket in standalone mode, in case the
+ syslog daemon has been restarted. Patch by Ferenc Wagner.
+ - Build fixes.
+ - Fix handling of block number wraparound after a successful
+ options negotiation.
+ - Fix a buffer overflow in option parsing.
+- fixes bnc#699714, CVE-2011-2199
+
+-------------------------------------------------------------------
+Sat Dec 11 00:00:00 UTC 2010 - ch...@computersalat.de
+
+- fix spec
+ o added missing path /srv/tftpboot in files section
+
+-------------------------------------------------------------------
+Fri Dec 3 13:51:50 UTC 2010 - pu...@novell.com
+
+- update to version 5.0
+ * Try to on platforms with getaddrinfo() without AI_ADDRCONFIG or
+ AI_CANONNAME.
+ * Implement the "rollover" option, for clients which want block
+ number to rollover to anything other than zero.
+ * Correctly disable PMTU in standalone mode.
+ * Add IPv6 support. Patch by Karsten Keil.
+ * Support systems with editline instead of readline.
+ * Support long options in the server.
+- drop tftp-hpa-0.43_readline.diff (not needed)
+- drop tftp-hpa-0.46_libedit.patch (solved in upstream)
+- build with readline support
+- clean up specfile
+
+-------------------------------------------------------------------
+Fri Oct 29 23:33:18 UTC 2010 - ch...@computersalat.de
+
+- fix pre
+ o no check before addding group/user (darix)
+- fix files
+ o provide /srv/tftpboot
+
+-------------------------------------------------------------------
+Wed Oct 13 21:05:23 UTC 2010 - ch...@computersalat.de
+
+- add group/user tftp (bnc#472283)
+- set TFTP default DIR to /srv/tftpboot (bnc#248008,507011)
+- added Conflicts atftp, cause of overlapping binaries
+
+-------------------------------------------------------------------
+Fri Oct 1 12:07:50 UTC 2010 - pu...@novell.com
+
+- add tftp-hpa-0.48-tzfix.patch (bnc#630297)
+
+-------------------------------------------------------------------
+Tue Jun 29 08:57:01 UTC 2010 - pu...@novell.com
+
+- add tftp-hpa-0.49-fortify-strcpy-crash.patch (bnc#617675)
+
+-------------------------------------------------------------------
+Mon Sep 1 14:45:15 CEST 2008 - mrueck...@suse.de
+
+- drop lineedit support again
+- fix build to include %{optflags} with using configure
+
+-------------------------------------------------------------------
+Wed Aug 27 16:20:32 CEST 2008 - o...@suse.de
+
+- do not require autoconf 2.61
+ binutils-devel is not available in 11.0 or earlier
+
+-------------------------------------------------------------------
+Wed Aug 6 16:04:07 CEST 2008 - kk...@suse.de
+
+- Update to current git version with enhanced IPv6 support included
+
+-------------------------------------------------------------------
+Fri Jul 18 17:56:28 CEST 2008 - kk...@suse.de
+
+- Update to git version 0.48 for mainline compatibility; code is
+ still the same but formatting was cleaned up
+- Implement IPv6 (fate #304343)
+
+-------------------------------------------------------------------
+Thu Feb 1 21:05:23 CET 2007 - mrueck...@suse.de
+
+- update to version 0.48:
+ - Unbreak -l -s in the server, which was broken in 0.47.
+- additional changes from 0.47:
+ - Add -L option to the server to run standalone without
+ detaching from the shell.
+ - Parallel make fix.
+
+-------------------------------------------------------------------
+Tue Jan 9 11:37:58 CET 2007 - mrueck...@suse.de
+
+- update to version 0.46:
+ - Minor portability improvements.
+- additional change from 0.45:
+ Add -l (literal) option to the client, to override the special
+ treatment of the colon (:) character as a hostname separator.
+- replaced tftp-hpa-0.43_syntax.diff with tftp-hpa-0.46_colon_check.patch:
+ restore a behavior which was broken with 0.35
+- merged tftp-hpa-0.43_signdness.patch with
+ tftp-hpa-0.43_bcopy_secfix.patch. new patch:
+ tftp-hpa-0.46_bcopy_secfix.patch.
+- added tftp-hpa-0.46_libedit.patch:
+ Build against libedit to enable lineediting support.
+
+-------------------------------------------------------------------
+Thu Dec 7 04:09:55 CET 2006 - mrueck...@suse.de
+
+- update to version 0.44:
+ - Allow the client to specify a range of local port numbers, just
+ like the server can.
+ - Fix sending SIGHUP to update the regular expression table.
+
+-------------------------------------------------------------------
+Fri Oct 20 19:04:32 CEST 2006 - mrueck...@suse.de
+
+- update to version 0.43:
+ - Fix double-free error on ^c in client.
+ - Try to deal with clients that send TFTP requests to broadcasts
+ (apparently some recent Sun boxes do this instead of using the
+ address told by DHCP. Bad Sun! Bad Sun!)
+ - Portability fixes.
+- removed first chunk from tftp-hpa-0.40.diff and renamed it to
+ tftp-hpa-0.43_include_sys_params.patch. the first chunk was
+ fixed upstream.
+- patches rediffed and renamed:
+ tftp-bcopy-secfix.diff -> tftp-hpa-0.43_bcopy_secfix.patch
+ tftp-hpa-0.40.readline.diff -> tftp-hpa-0.43_readline.diff
+ tftp-hpa-0.40-syntax.diff -> tftp-hpa-0.43_syntax.diff
+- added tftp-hpa-0.43_signdness.patch:
+ fixed signedness warnings which where mostlikely caused by the
+ bcopy fixes.
+
+-------------------------------------------------------------------
+Tue Mar 14 08:24:26 CET 2006 - mrueck...@suse.de
+
+- update to version 0.42:
+ o Try to disable path MTU discovery for TFTP connections (it's
+ useless anyway.) (0.42)
+ o Add a hack to allow the admin to specify a range of local port
+ numbers to use. (0.42)
+ o Fix local IP number handling on systems which present
+ IP_RECVDSTADDR in recvmsg(). (0.42)
+ o Fix bug by which patterns of the form \U\1 weren't converted
+ correctly. (0.41)
+
+-------------------------------------------------------------------
+Tue Mar 14 08:21:56 CET 2006 - mrueck...@suse.de
+
+- removed tftp-hpa-0.40.make.diff
+- removed autoreconf -fi. it caused the builderrors
+- minimized the build/install sections
+
+-------------------------------------------------------------------
+Wed Jan 25 21:42:09 CET 2006 - m...@suse.de
+
+- converted neededforbuild to BuildRequires
+
++++ 188 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.1:Update/.tftp.1597.new/tftp.changes
New:
----
tftp-get_dst_address.patch
tftp-hpa-0.43_include_sys_params.patch
tftp-hpa-0.43_old-autoconf.diff
tftp-hpa-0.46_colon_check.patch
tftp-hpa-0.48-tzfix.patch
tftp-hpa-0.49-fortify-strcpy-crash.patch
tftp-hpa-5.1.tar.bz2
tftp-hpa-5.2-macros-crash.patch
tftp-hpa-5.2-macros-v6mapped.patch
tftp.changes
tftp.spec
tftp.xinetd
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tftp.spec ++++++
#
# spec file for package tftp
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: tftp
Version: 5.1
Release: 0
Summary: Trivial File Transfer Protocol (TFTP)
License: BSD-3-Clause
Group: Productivity/Networking/Ftp/Clients
Url: http://www.kernel.org/pub/software/network/tftp/
Source:
http://www.kernel.org/pub/software/network/tftp/tftp-hpa-%{version}.tar.bz2
Source1: tftp.xinetd
Patch0: tftp-hpa-0.43_include_sys_params.patch
Patch1: tftp-hpa-0.46_colon_check.patch
Patch4: tftp-hpa-0.49-fortify-strcpy-crash.patch
Patch5: tftp-hpa-0.48-tzfix.patch
# PATCH-FIX-UPSTREAM fix macros handling (bnc#793883)
Patch7: tftp-hpa-5.2-macros-crash.patch
Patch8: tftp-hpa-5.2-macros-v6mapped.patch
Patch42: tftp-hpa-0.43_old-autoconf.diff
PreReq: pwdutils
BuildRequires: automake
BuildRequires: pwdutils
BuildRequires: tcpd-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} > 1110
BuildRequires: binutils-devel
%endif
Requires: inet-daemon
Requires: netcfg
Conflicts: atftp
%description
The Trivial File Transfer Protocol (TFTP) is normally used only for
booting diskless workstations and for getting or saving network
component configuration files.
%prep
%setup -n %{name}-hpa-%{version}
%patch0
%patch1
%patch4 -p1
%patch5 -p1
%patch7 -p1
%patch8 -p1
%if 0%{?suse_version} < 1030
%patch42
%endif
%build
autoreconf -fi
%configure \
--enable-largefile \
--with-tcpwrappers \
--with-remap \
--without-editline \
--with-ipv6
make
%install
%makeinstall INSTALLROOT=%{buildroot} MANDIR="%{_mandir}"
install -D -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/xinetd.d/tftp
install -d -m 0750 %{buildroot}/srv/tftpboot
%pre
# This group/user is shared with atftp, so please
# keep this in sync with atftp.spec
# add group
%{_sbindir}/groupadd -r tftp 2>/dev/null || :
# add user
%{_sbindir}/useradd -c "TFTP account" -d /srv/tftpboot -G tftp -g tftp \
-r -s /bin/false tftp 2>/dev/null || :
%clean
rm -rf %{buildroot};
%files
%defattr(-,root,root)
%doc README README.security tftpd/sample.rules
%{_bindir}/tftp
%{_sbindir}/in.tftpd
%{_mandir}/man1/tftp.1.gz
%{_mandir}/man8/in.tftpd.8.gz
%{_mandir}/man8/tftpd.8.gz
%config(noreplace) %{_sysconfdir}/xinetd.d/tftp
%dir %attr(0750,tftp,tftp) /srv/tftpboot
%changelog
++++++ tftp-get_dst_address.patch ++++++
Index: tftp-hpa-git-0.48/tftpd/recvfrom.c
===================================================================
--- tftp-hpa-git-0.48.orig/tftpd/recvfrom.c 2008-07-31 12:46:57.000000000
+0200
+++ tftp-hpa-git-0.48/tftpd/recvfrom.c 2012-08-21 21:23:29.729823813 +0200
@@ -81,6 +81,14 @@ static int address_is_local(const union
if (sockfd < 0)
goto err;
+
+ /* check if we can bind to that address */
+ if (bind(sockfd, &addr->sa, SOCKLEN(addr)) == 0) {
+ /* success -> stop the testing */
+ rv = 1;
+ goto err;
+ }
+
if (connect(sockfd, &addr->sa, SOCKLEN(addr)))
goto err;
@@ -88,6 +96,10 @@ static int address_is_local(const union
if (getsockname(sockfd, (struct sockaddr *)&sa, &addrlen))
goto err;
+ /* if the request came via a secondary address,
+ * the following tests fail, because connect
+ * binds to the primary address for datagram sockets
+ */
if (addr->sa.sa_family == AF_INET)
rv = sa.si.sin_addr.s_addr == addr->si.sin_addr.s_addr;
#ifdef HAVE_IPV6
@@ -142,16 +154,13 @@ myrecvfrom(int s, void *buf, int len, un
/* Try to enable getting the return address */
#ifdef IP_RECVDSTADDR
- if (from->sa_family == AF_INET)
setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR, &on, sizeof(on));
#endif
#ifdef IP_PKTINFO
- if (from->sa_family == AF_INET)
setsockopt(s, IPPROTO_IP, IP_PKTINFO, &on, sizeof(on));
#endif
#ifdef HAVE_IPV6
#ifdef IPV6_RECVPKTINFO
- if (from->sa_family == AF_INET6)
setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on, sizeof(on));
#endif
#endif
@@ -160,6 +169,7 @@ myrecvfrom(int s, void *buf, int len, un
msg.msg_controllen = sizeof(control_un);
msg.msg_flags = 0;
+ /* note: from is not initialized when receiving first request */
msg.msg_name = from;
msg.msg_namelen = *fromlen;
iov.iov_base = buf;
++++++ tftp-hpa-0.43_include_sys_params.patch ++++++
Index: tftp/main.c
===================================================================
--- tftp/main.c.orig
+++ tftp/main.c
@@ -39,6 +39,7 @@
* TFTP User Program -- Command Interface.
*/
#include <sys/file.h>
+#include <sys/param.h>
#include <ctype.h>
#ifdef WITH_READLINE
#include <readline/readline.h>
++++++ tftp-hpa-0.43_old-autoconf.diff ++++++
openSuSE 10.3 shipped with autoconf 2.61
openSuSE 10.1 shipped with autoconf 2.60
openSuSE 9.1 shipped with autoconf 2.59
---
configure.in | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- configure.in.orig
+++ configure.in
@@ -2,11 +2,10 @@ dnl
dnl autoconf input file to generate MCONFIG
dnl
-AC_PREREQ(2.61)
+AC_PREREQ(2.42)
AC_INIT(MCONFIG.in)
AC_PREFIX_DEFAULT(/usr)
-AC_USE_SYSTEM_EXTENSIONS
AC_ISC_POSIX
AC_PROG_CC
++++++ tftp-hpa-0.46_colon_check.patch ++++++
Index: tftp/main.c
===================================================================
--- tftp/main.c.orig
+++ tftp/main.c
@@ -308,7 +308,7 @@ int main(int argc, char *argv[])
bsd_signal(SIGINT, intr);
- if (peerargc) {
+ if (peerargc > 1) {
/* Set peer */
if (sigsetjmp(toplevel, 1) != 0)
exit(EX_NOHOST);
@@ -634,11 +634,14 @@ void get(int argc, char *argv[])
return;
}
if (!connected) {
- for (n = 1; n < argc; n++)
+ for (n = 1; n < argc; n++) {
if (literal || strchr(argv[n], ':') == 0) {
getusage(argv[0]);
return;
}
+ if (argc == 3)
+ break;
+ }
}
for (n = 1; n < argc; n++) {
src = strchr(argv[n], ':');
++++++ tftp-hpa-0.48-tzfix.patch ++++++
Index: tftp-hpa-5.1/tftpd/tftpd.c
===================================================================
--- tftp-hpa-5.1.orig/tftpd/tftpd.c
+++ tftp-hpa-5.1/tftpd/tftpd.c
@@ -384,6 +384,14 @@ int main(int argc, char **argv)
const char *pidfile = NULL;
u_short tp_opcode;
+ time_t my_time = 0;
+ struct tm* p_tm;
+ char envtz[10];
+ my_time = time(NULL);
+ p_tm = localtime(&my_time);
+ snprintf(envtz, sizeof(envtz) - 1, "UTC%+d", (p_tm->tm_gmtoff * -1)/3600);
+ setenv("TZ", envtz, 0);
+
/* basename() is way too much of a pain from a portability standpoint */
p = strrchr(argv[0], '/');
++++++ tftp-hpa-0.49-fortify-strcpy-crash.patch ++++++
Index: tftp-hpa-git-0.48/tftp/tftp.c
===================================================================
--- tftp-hpa-git-0.48.orig/tftp/tftp.c 2008-07-31 12:46:57.000000000 +0200
+++ tftp-hpa-git-0.48/tftp/tftp.c 2010-06-29 12:14:48.000000000 +0200
@@ -279,15 +279,16 @@ makerequest(int request, const char *nam
struct tftphdr *tp, const char *mode)
{
char *cp;
+ size_t len;
tp->th_opcode = htons((u_short) request);
cp = (char *)&(tp->th_stuff);
- strcpy(cp, name);
- cp += strlen(name);
- *cp++ = '\0';
- strcpy(cp, mode);
- cp += strlen(mode);
- *cp++ = '\0';
+ len = strlen(name) + 1;
+ memcpy(cp, name, len);
+ cp += len;
+ len = strlen(mode) + 1;
+ memcpy(cp, mode, len);
+ cp += len;
return (cp - (char *)tp);
}
++++++ tftp-hpa-5.2-macros-crash.patch ++++++
diff --git a/tftpd/tftpd.c b/tftpd/tftpd.c
index 1873e70..94d4e2d 100644
--- a/tftpd/tftpd.c
+++ b/tftpd/tftpd.c
@@ -1369,24 +1369,24 @@ static int rewrite_macros(char macro, char *output)
return strlen(p);
case 'x':
- if (output) {
- if (from.sa.sa_family == AF_INET) {
+ if (from.sa.sa_family == AF_INET) {
+ if (output)
sprintf(output, "%08lX",
(unsigned long)ntohl(from.si.sin_addr.s_addr));
- l = 8;
+ l = 8;
#ifdef HAVE_IPV6
- } else {
- unsigned char *c = (unsigned char *)SOCKADDR_P(&from);
- p = tb;
- for (l = 0; l < 16; l++) {
- sprintf(p, "%02X", *c);
- c++;
- p += 2;
- }
+ } else {
+ unsigned char *c = (unsigned char *)SOCKADDR_P(&from);
+ p = tb;
+ for (l = 0; l < 16; l++) {
+ sprintf(p, "%02X", *c);
+ c++;
+ p += 2;
+ }
+ if (output)
strcpy(output, tb);
- l = strlen(tb);
+ l = strlen(tb);
#endif
- }
}
return l;
++++++ tftp-hpa-5.2-macros-v6mapped.patch ++++++
diff --git a/tftpd/tftpd.c b/tftpd/tftpd.c
index 94d4e2d..0c2c0c7 100644
--- a/tftpd/tftpd.c
+++ b/tftpd/tftpd.c
@@ -1345,6 +1345,21 @@ static void do_opt(const char *opt, const char *val,
char **ap)
#ifdef WITH_REGEX
+#ifdef HAVE_IPV6
+static inline int is_v6_mapped(const union sock_addr* pa)
+{
+ const char v6_mapped[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0xFF, 0xFF };
+
+ if (from.sa.sa_family != AF_INET6)
+ return 0;
+ if (memcmp(&pa->s6.sin6_addr.s6_addr, v6_mapped, sizeof(v6_mapped)))
+ return 0;
+
+ return 1;
+}
+#endif
+
/*
* This is called by the remap engine when it encounters macros such
* as \i. It should write the output in "output" if non-NULL, and
@@ -1356,10 +1371,20 @@ static int rewrite_macros(char macro, char *output)
{
char *p, tb[INET6_ADDRSTRLEN];
int l=0;
+ const union sock_addr *pfrom = &from;
+
+#ifdef HAVE_IPV6
+ union sock_addr ipv4_from;
+ if (is_v6_mapped(&from)) {
+ ipv4_from.si.sin_family = AF_INET;
+ memcpy(&ipv4_from.si.sin_addr, from.s6.sin6_addr.s6_addr + 12, 4);
+ pfrom = &ipv4_from;
+ }
+#endif
switch (macro) {
case 'i':
- p = (char *)inet_ntop(from.sa.sa_family, SOCKADDR_P(&from),
+ p = (char *)inet_ntop(pfrom->sa.sa_family, SOCKADDR_P(pfrom),
tb, INET6_ADDRSTRLEN);
if (output && p)
strcpy(output, p);
@@ -1369,14 +1394,14 @@ static int rewrite_macros(char macro, char *output)
return strlen(p);
case 'x':
- if (from.sa.sa_family == AF_INET) {
+ if (pfrom->sa.sa_family == AF_INET) {
if (output)
sprintf(output, "%08lX",
- (unsigned long)ntohl(from.si.sin_addr.s_addr));
+ (unsigned long)ntohl(pfrom->si.sin_addr.s_addr));
l = 8;
#ifdef HAVE_IPV6
} else {
- unsigned char *c = (unsigned char *)SOCKADDR_P(&from);
+ unsigned char *c = (unsigned char *)SOCKADDR_P(pfrom);
p = tb;
for (l = 0; l < 16; l++) {
sprintf(p, "%02X", *c);
++++++ tftp.xinetd ++++++
# default: off
# description: tftp service is provided primarily for booting or when a \
# router need an upgrade. Most sites run this only on machines acting as \
# "boot servers".
# The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
flags = IPv6 IPv4
user = root
server = /usr/sbin/in.tftpd
server_args = -u tftp -s /srv/tftpboot
# per_source = 11
# cps = 100 2
disable = yes
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
