diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0df399e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/tftp-hpa-5.2.tar.bz2 diff --git a/.tftp.metadata b/.tftp.metadata new file mode 100644 index 0000000..c2ac720 --- /dev/null +++ b/.tftp.metadata @@ -0,0 +1 @@ +e7879f0bdab1fc6f226db6f6f848d58f50548de4 SOURCES/tftp-hpa-5.2.tar.bz2 diff --git a/SOURCES/tftp-0.40-remap.patch b/SOURCES/tftp-0.40-remap.patch new file mode 100644 index 0000000..755a307 --- /dev/null +++ b/SOURCES/tftp-0.40-remap.patch @@ -0,0 +1,19 @@ +diff -up tftp-hpa-0.49/tftpd/remap.c.zero tftp-hpa-0.49/tftpd/remap.c +--- tftp-hpa-0.49/tftpd/remap.c.zero 2008-10-20 18:08:31.000000000 -0400 ++++ tftp-hpa-0.49/tftpd/remap.c 2008-11-25 11:41:09.000000000 -0500 +@@ -286,6 +286,7 @@ struct rule *parserulefile(FILE * f) + int lineno = 0; + int err = 0; + ++ memset(this_rule, '\0', sizeof(struct rule)); + while (lineno++, fgets(line, MAXLINE, f)) { + rv = parseline(line, this_rule, lineno); + if (rv < 0) +@@ -294,6 +295,7 @@ struct rule *parserulefile(FILE * f) + *last_rule = this_rule; + last_rule = &this_rule->next; + this_rule = tfmalloc(sizeof(struct rule)); ++ memset(this_rule, '\0', sizeof(struct rule)); + } + } + diff --git a/SOURCES/tftp-0.42-tftpboot.patch b/SOURCES/tftp-0.42-tftpboot.patch new file mode 100644 index 0000000..a0de58d --- /dev/null +++ b/SOURCES/tftp-0.42-tftpboot.patch @@ -0,0 +1,54 @@ +diff -up tftp-hpa-0.48/tftp-xinetd.tftpboot tftp-hpa-0.48/tftp-xinetd +--- tftp-hpa-0.48/tftp-xinetd.tftpboot 2007-01-31 00:51:05.000000000 +0100 ++++ tftp-hpa-0.48/tftp-xinetd 2008-05-20 12:05:53.000000000 +0200 +@@ -10,7 +10,7 @@ service tftp + wait = yes + user = root + server = /usr/sbin/in.tftpd +- server_args = -s /tftpboot ++ server_args = -s /var/lib/tftpboot + disable = yes + per_source = 11 + cps = 100 2 +diff -up tftp-hpa-0.48/README.security.tftpboot tftp-hpa-0.48/README.security +--- tftp-hpa-0.48/README.security.tftpboot 2008-05-29 17:36:32.000000000 +0200 ++++ tftp-hpa-0.48/README.security 2008-05-29 17:37:21.000000000 +0200 +@@ -17,10 +17,10 @@ probably the following: + + 1. Create a separate "tftpd" user and group only used for tftpd; + 2. Have all your boot files in a single directory tree (usually called +- /tftpboot). +-3. Specify "-p -u tftpd -s /tftpboot" on the tftpd command line; if ++ /var/lib/tftpboot). ++3. Specify "-p -u tftpd -s /var/lib/tftpboot" on the tftpd command line; if + you want clients to be able to create files use +- "-p -c -U 002 -u tftpd -s /tftpboot" (replace 002 with whatever ++ "-p -c -U 002 -u tftpd -s /var/lib/tftpboot" (replace 002 with whatever + umask is appropriate for your setup.) + + ======================================= +@@ -40,12 +40,12 @@ directly. Thus, if your /etc/inetd.conf + line): + + tftp dgram udp wait root /usr/sbin/tcpd +-/usr/sbin/in.tftpd -s /tftpboot -r blksize ++/usr/sbin/in.tftpd -s /var/lib/tftpboot -r blksize + + ... it's better to change to ... + + tftp dgram udp wait root /usr/sbin/in.tftpd +-in.tftpd -s /tftpboot -r blksize ++in.tftpd -s /var/lib/tftpboot -r blksize + + You should make sure that you are using "wait" option in tftpd; you + also need to have tftpd spawned as root in order for chroot (-s) to +diff -up tftp-hpa-0.48/tftpd/sample.rules.tftpboot tftp-hpa-0.48/tftpd/sample.rules +--- tftp-hpa-0.48/tftpd/sample.rules.tftpboot 2008-05-29 17:38:46.000000000 +0200 ++++ tftp-hpa-0.48/tftpd/sample.rules 2008-05-29 17:38:05.000000000 +0200 +@@ -30,5 +30,5 @@ rg \\ / # Convert backslashes to slash + rg \# @ # Convert hash marks to @ signs + rg /../ /..no../ # Convert /../ to /..no../ + e ^ok/ # These are always ok +-r ^[^/] /tftpboot/\0 # Convert non-absolute files ++r ^[^/] /var/lib/tftpboot/\0 # Convert non-absolute files + a \.pvt$ # Reject requests for private files diff --git a/SOURCES/tftp-0.49-chk_retcodes.patch b/SOURCES/tftp-0.49-chk_retcodes.patch new file mode 100644 index 0000000..6d63571 --- /dev/null +++ b/SOURCES/tftp-0.49-chk_retcodes.patch @@ -0,0 +1,15 @@ +diff -up tftp-hpa-0.49/tftpd/tftpd.c.chk_retcodes tftp-hpa-0.49/tftpd/tftpd.c +--- tftp-hpa-0.49/tftpd/tftpd.c.chk_retcodes 2009-01-15 15:28:50.000000000 +0100 ++++ tftp-hpa-0.49/tftpd/tftpd.c 2009-01-15 15:31:36.000000000 +0100 +@@ -932,7 +932,10 @@ int main(int argc, char **argv) + exit(EX_OSERR); + } + #ifdef __CYGWIN__ +- chdir("/"); /* Cygwin chroot() bug workaround */ ++ if (chdir("/") < 0) { /* Cygwin chroot() bug workaround */ ++ syslog(LOG_ERR, "chroot: %m"); ++ exit(EX_OSERR); ++ } + #endif + } + #ifdef HAVE_SETREGID diff --git a/SOURCES/tftp-0.49-cmd_arg.patch b/SOURCES/tftp-0.49-cmd_arg.patch new file mode 100644 index 0000000..2b9023a --- /dev/null +++ b/SOURCES/tftp-0.49-cmd_arg.patch @@ -0,0 +1,159 @@ +diff -up tftp-hpa-0.49/config.h.cmd_arg tftp-hpa-0.49/config.h +--- tftp-hpa-0.49/config.h.cmd_arg 2010-04-19 15:29:10.567331454 +0200 ++++ tftp-hpa-0.49/config.h 2010-04-20 07:33:03.133232772 +0200 +@@ -291,6 +291,7 @@ typedef int socklen_t; + /* Prototypes for libxtra functions */ + + void *xmalloc(size_t); ++void *xrealloc(void *, size_t); + char *xstrdup(const char *); + + #ifndef HAVE_BSD_SIGNAL +diff -up tftp-hpa-0.49/configure.in.cmd_arg tftp-hpa-0.49/configure.in +--- tftp-hpa-0.49/configure.in.cmd_arg 2008-10-21 00:08:31.000000000 +0200 ++++ tftp-hpa-0.49/configure.in 2010-04-19 11:05:12.387340698 +0200 +@@ -152,6 +152,7 @@ OBJROOT=`pwd` + + XTRA=false + PA_SEARCH_LIBS_AND_ADD(xmalloc, iberty) ++PA_SEARCH_LIBS_AND_ADD(xrealloc, iberty) + PA_SEARCH_LIBS_AND_ADD(xstrdup, iberty) + PA_SEARCH_LIBS_AND_ADD(bsd_signal, bsd, bsdsignal) + PA_SEARCH_LIBS_AND_ADD(getopt_long, getopt, getopt_long) +diff -up tftp-hpa-0.49/lib/xrealloc.c.cmd_arg tftp-hpa-0.49/lib/xrealloc.c +--- tftp-hpa-0.49/lib/xrealloc.c.cmd_arg 2010-04-19 11:05:12.387340698 +0200 ++++ tftp-hpa-0.49/lib/xrealloc.c 2010-04-19 11:05:12.387340698 +0200 +@@ -0,0 +1,20 @@ ++/* ++ * xrealloc.c ++ * ++ * Simple error-checking version of realloc() ++ * ++ */ ++ ++#include "config.h" ++ ++void *xrealloc(void *ptr, size_t size) ++{ ++ void *p = realloc(ptr, size); ++ ++ if (!p) { ++ fprintf(stderr, "Out of memory!\n"); ++ exit(128); ++ } ++ ++ return p; ++} +diff -up tftp-hpa-0.49/tftp/main.c.cmd_arg tftp-hpa-0.49/tftp/main.c +--- tftp-hpa-0.49/tftp/main.c.cmd_arg 2008-10-21 00:08:31.000000000 +0200 ++++ tftp-hpa-0.49/tftp/main.c 2010-04-19 11:05:12.389329337 +0200 +@@ -89,11 +89,14 @@ int connected; + const struct modes *mode; + #ifdef WITH_READLINE + char *line = NULL; ++char *remote_pth = NULL; + #else + char line[LBUFLEN]; ++char remote_pth[LBUFLEN]; + #endif + int margc; +-char *margv[20]; ++char **margv; ++int sizeof_margv=0; + const char *prompt = "tftp> "; + sigjmp_buf toplevel; + void intr(int); +@@ -379,6 +382,10 @@ static void getmoreargs(const char *part + free(line); + line = NULL; + } ++ if (remote_pth) { ++ free(remote_pth); ++ remote_pth = NULL; ++ } + line = xmalloc(len + elen + 1); + strcpy(line, partial); + strcpy(line + len, eline); +@@ -535,6 +542,7 @@ void put(int argc, char *argv[]) + int fd; + int n, err; + char *cp, *targ; ++ long dirlen, namelen, lastlen=0; + + if (argc < 2) { + getmoreargs("send ", "(file) "); +@@ -588,9 +596,22 @@ void put(int argc, char *argv[]) + } + /* this assumes the target is a directory */ + /* on a remote unix system. hmmmm. */ +- cp = strchr(targ, '\0'); +- *cp++ = '/'; ++ dirlen = strlen(targ)+1; ++#ifdef WITH_READLINE ++ remote_pth = xmalloc(dirlen+1); ++#endif ++ strcpy(remote_pth, targ); ++ remote_pth[dirlen-1] = '/'; ++ cp = remote_pth + dirlen; + for (n = 1; n < argc - 1; n++) { ++#ifdef WITH_READLINE ++ namelen = strlen(tail(argv[n])) + 1; ++ if (namelen > lastlen) { ++ remote_pth = xrealloc(remote_pth, dirlen + namelen + 1); ++ cp = remote_pth + dirlen; ++ lastlen = namelen; ++ } ++#endif + strcpy(cp, tail(argv[n])); + fd = open(argv[n], O_RDONLY | mode->m_openflags); + if (fd < 0) { +@@ -600,9 +621,9 @@ void put(int argc, char *argv[]) + } + if (verbose) + printf("putting %s to %s:%s [%s]\n", +- argv[n], hostname, targ, mode->m_mode); ++ argv[n], hostname, remote_pth, mode->m_mode); + sa_set_port(&peeraddr, port); +- tftp_sendfile(fd, targ, mode->m_mode); ++ tftp_sendfile(fd, remote_pth, mode->m_mode); + } + } + +@@ -801,6 +822,10 @@ static void command(void) + free(line); + line = NULL; + } ++ if (remote_pth) { ++ free(remote_pth); ++ remote_pth = NULL; ++ } + line = readline(prompt); + if (!line) + exit(0); /* EOF */ +@@ -872,7 +897,13 @@ struct cmd *getcmd(char *name) + static void makeargv(void) + { + char *cp; +- char **argp = margv; ++ char **argp; ++ ++ if (!sizeof_margv) { ++ sizeof_margv = 20; ++ margv = xmalloc(sizeof_margv * sizeof(char *)); ++ } ++ argp = margv; + + margc = 0; + for (cp = line; *cp;) { +@@ -882,6 +913,11 @@ static void makeargv(void) + break; + *argp++ = cp; + margc += 1; ++ if (margc == sizeof_margv) { ++ sizeof_margv += 20; ++ margv = xrealloc(margv, sizeof_margv * sizeof(char *)); ++ argp = margv + margc; ++ } + while (*cp != '\0' && !isspace(*cp)) + cp++; + if (*cp == '\0') diff --git a/SOURCES/tftp-doc.patch b/SOURCES/tftp-doc.patch new file mode 100644 index 0000000..f1cb511 --- /dev/null +++ b/SOURCES/tftp-doc.patch @@ -0,0 +1,45 @@ +--- tftp-hpa-5.2/tftp/main.c 2013-04-19 09:34:09.737410319 +0200 ++++ tftp-hpa-5.2/tftp/main.c 2013-04-19 09:42:53.559946374 +0200 +@@ -195,9 +195,11 @@ + { + fprintf(stderr, + #ifdef HAVE_IPV6 +- "Usage: %s [-4][-6][-v][-l][-m mode] [host [port]] [-c command]\n", ++ "Usage: %s [-4][-6][-v][-V][-l][-m mode] [-R port:port] " ++ "[host [port]] [-c command]\n", + #else +- "Usage: %s [-v][-l][-m mode] [host [port]] [-c command]\n", ++ "Usage: %s [-v][-V][-l][-m mode] [-R port:port] " ++ "[host [port]] [-c command]\n", + #endif + program); + exit(errcode); +--- tftp-hpa-5.2/tftpd/tftpd.8.in 2012-11-20 09:43:46.000000000 +0100 ++++ tftp-hpa-5.2/tftpd/tftpd.8.in 2013-04-19 09:44:37.399057279 +0200 +@@ -155,7 +155,7 @@ + .B utimeout + option is negotiated. The default is 1000000 (1 second.) + .TP +-\fB\-\-mapfile\fP \fIremap-file\fP, \fB\-m\fP \fIremap-file\fP ++\fB\-\-map\-file\fP \fIremap-file\fP, \fB\-m\fP \fIremap-file\fP + Specify the use of filename remapping. The + .I remap-file + is a file containing the remapping rules. See the section on filename +@@ -243,7 +243,7 @@ option, but crash with an error if they + accepted by the server. + .SH "FILENAME REMAPPING" + The +-.B \-\-mapfile ++.B \-\-map\-file + option specifies a file which contains filename remapping rules. Each + non-comment line (comments begin with hash marks, + .BR # ) +@@ -395,7 +395,7 @@ flag is used to set up a chroot() enviro + once a connection has been set up. + .PP + Finally, the filename remapping +-.RB ( \-\-mapfile ++.RB ( \-\-map\-file + flag) support can be used to provide a limited amount of additional + access control. + .SH "CONFORMING TO" diff --git a/SOURCES/tftp-enhanced-logging.patch b/SOURCES/tftp-enhanced-logging.patch new file mode 100644 index 0000000..dce9ef9 --- /dev/null +++ b/SOURCES/tftp-enhanced-logging.patch @@ -0,0 +1,84 @@ +--- a/tftpd/tftpd.c 2016-03-02 11:32:30.710775130 +0100 ++++ b/tftpd/tftpd.c 2016-03-02 11:36:24.086541019 +0100 +@@ -1056,14 +1056,14 @@ int main(int argc, char **argv) + + static char *rewrite_access(char *, int, const char **); + static int validate_access(char *, int, const struct formats *, const char **); +-static void tftp_sendfile(const struct formats *, struct tftphdr *, int); ++static void tftp_sendfile(const struct formats *, struct tftphdr *, int, char *); + static void tftp_recvfile(const struct formats *, struct tftphdr *, int); + + struct formats { + const char *f_mode; + char *(*f_rewrite) (char *, int, const char **); + int (*f_validate) (char *, int, const struct formats *, const char **); +- void (*f_send) (const struct formats *, struct tftphdr *, int); ++ void (*f_send) (const struct formats *, struct tftphdr *, int, char *); + void (*f_recv) (const struct formats *, struct tftphdr *, int); + int f_convert; + }; +@@ -1129,6 +1129,9 @@ int tftp(struct tftphdr *tp, int size) + nak(EACCESS, errmsgptr); /* File denied by mapping rule */ + exit(0); + } ++ ecode = ++ (*pf->f_validate) (filename, tp_opcode, pf, &errmsgptr); ++ + if (verbosity >= 1) { + tmp_p = (char *)inet_ntop(from.sa.sa_family, SOCKADDR_P(&from), + tmpbuf, INET6_ADDRSTRLEN); +@@ -1147,9 +1150,14 @@ int tftp(struct tftphdr *tp, int size) + tp_opcode == WRQ ? "WRQ" : "RRQ", + tmp_p, origfilename, + filename); ++ ++ if (ecode == 1) { ++ syslog(LOG_NOTICE, "Client %s File not found %s\n", ++ tmp_p,filename); ++ } ++ + } +- ecode = +- (*pf->f_validate) (filename, tp_opcode, pf, &errmsgptr); ++ + if (ecode) { + nak(ecode, errmsgptr); + exit(0); +@@ -1172,12 +1180,12 @@ int tftp(struct tftphdr *tp, int size) + if (tp_opcode == WRQ) + (*pf->f_recv) (pf, (struct tftphdr *)ackbuf, ap - ackbuf); + else +- (*pf->f_send) (pf, (struct tftphdr *)ackbuf, ap - ackbuf); ++ (*pf->f_send) (pf, (struct tftphdr *)ackbuf, ap - ackbuf, origfilename); + } else { + if (tp_opcode == WRQ) + (*pf->f_recv) (pf, NULL, 0); + else +- (*pf->f_send) (pf, NULL, 0); ++ (*pf->f_send) (pf, NULL, 0, origfilename); + } + exit(0); /* Request completed */ + } +@@ -1557,7 +1565,7 @@ static int validate_access(char *filenam + /* + * Send the requested file. + */ +-static void tftp_sendfile(const struct formats *pf, struct tftphdr *oap, int oacklen) ++static void tftp_sendfile(const struct formats *pf, struct tftphdr *oap, int oacklen, char *filename) + { + struct tftphdr *dp; + struct tftphdr *ap; /* ack packet */ +@@ -1648,6 +1656,13 @@ static void tftp_sendfile(const struct f + if (!++block) + block = rollover_val; + } while (size == segsize); ++ tmp_p = (char *)inet_ntop(from.sa.sa_family, SOCKADDR_P(&from), ++ tmpbuf, INET6_ADDRSTRLEN); ++ if (!tmp_p) { ++ tmp_p = tmpbuf; ++ strcpy(tmpbuf, "???"); ++ } ++ syslog(LOG_NOTICE, "Client %s finished %s",tmp_p,filename); + abort: + (void)fclose(file); + } diff --git a/SOURCES/tftp-hpa-0.39-tzfix.patch b/SOURCES/tftp-hpa-0.39-tzfix.patch new file mode 100644 index 0000000..ded02ef --- /dev/null +++ b/SOURCES/tftp-hpa-0.39-tzfix.patch @@ -0,0 +1,18 @@ +diff -up tftp-hpa-0.49/tftpd/tftpd.c.tzfix tftp-hpa-0.49/tftpd/tftpd.c +--- tftp-hpa-0.49/tftpd/tftpd.c.tzfix 2008-10-20 18:08:31.000000000 -0400 ++++ tftp-hpa-0.49/tftpd/tftpd.c 2008-11-25 11:45:27.000000000 -0500 +@@ -350,6 +350,14 @@ int main(int argc, char **argv) + const char *pidfile = NULL; + u_short tp_opcode; + ++ time_t my_time = 0; ++ struct tm* p_tm; ++ char envtz[10]; ++ my_time = time(NULL); ++ p_tm = localtime(&my_time); ++ snprintf(envtz, sizeof(envtz) - 1, "UTC%+d", (p_tm->tm_gmtoff * -1)/3600); ++ setenv("TZ", envtz, 0); ++ + /* basename() is way too much of a pain from a portability standpoint */ + + p = strrchr(argv[0], '/'); diff --git a/SOURCES/tftp-hpa-0.49-fortify-strcpy-crash.patch b/SOURCES/tftp-hpa-0.49-fortify-strcpy-crash.patch new file mode 100644 index 0000000..e9b70d4 --- /dev/null +++ b/SOURCES/tftp-hpa-0.49-fortify-strcpy-crash.patch @@ -0,0 +1,26 @@ +diff -urN tftp-hpa-0.49.orig/tftp/tftp.c tftp-hpa-0.49/tftp/tftp.c +--- tftp-hpa-0.49.orig/tftp/tftp.c 2008-10-20 18:08:31.000000000 -0400 ++++ tftp-hpa-0.49/tftp/tftp.c 2009-08-05 09:47:18.072585848 -0400 +@@ -279,15 +279,16 @@ + struct tftphdr *tp, const char *mode) + { + char *cp; ++ size_t len; + + tp->th_opcode = htons((u_short) request); + cp = (char *)&(tp->th_stuff); +- strcpy(cp, name); +- cp += strlen(name); +- *cp++ = '\0'; +- strcpy(cp, mode); +- cp += strlen(mode); +- *cp++ = '\0'; ++ len = strlen(name) + 1; ++ memcpy(cp, name, len); ++ cp += len; ++ len = strlen(mode) + 1; ++ memcpy(cp, mode, len); ++ cp += len; + return (cp - (char *)tp); + } + diff --git a/SOURCES/tftp-hpa-0.49-stats.patch b/SOURCES/tftp-hpa-0.49-stats.patch new file mode 100644 index 0000000..b6c9d05 --- /dev/null +++ b/SOURCES/tftp-hpa-0.49-stats.patch @@ -0,0 +1,14 @@ +diff -up tftp-hpa-0.49/tftp/tftp.c.stats tftp-hpa-0.49/tftp/tftp.c +--- tftp-hpa-0.49/tftp/tftp.c.stats 2011-01-03 15:38:34.217918067 +0100 ++++ tftp-hpa-0.49/tftp/tftp.c 2011-01-03 15:38:37.498917014 +0100 +@@ -400,8 +400,8 @@ static void printstats(const char *direc + { + double delta; + +- delta = (tstop.tv_sec + (tstop.tv_usec / 100000.0)) - +- (tstart.tv_sec + (tstart.tv_usec / 100000.0)); ++ delta = (tstop.tv_sec + (tstop.tv_usec / 1000000.0)) - ++ (tstart.tv_sec + (tstart.tv_usec / 1000000.0)); + if (verbose) { + printf("%s %lu bytes in %.1f seconds", direction, amount, delta); + printf(" [%.0f bit/s]", (amount * 8.) / delta); diff --git a/SOURCES/tftp-hpa-5.2-pktinfo.patch b/SOURCES/tftp-hpa-5.2-pktinfo.patch new file mode 100644 index 0000000..d1fa75c --- /dev/null +++ b/SOURCES/tftp-hpa-5.2-pktinfo.patch @@ -0,0 +1,23 @@ +diff -up tftp-hpa-5.2/tftpd/recvfrom.c.test tftp-hpa-5.2/tftpd/recvfrom.c +--- tftp-hpa-5.2/tftpd/recvfrom.c.test 2011-12-11 23:13:52.000000000 +0100 ++++ tftp-hpa-5.2/tftpd/recvfrom.c 2012-01-04 10:05:17.852042256 +0100 +@@ -149,16 +149,16 @@ myrecvfrom(int s, void *buf, int len, un + + /* Try to enable getting the return address */ + #ifdef IP_RECVDSTADDR +- if (from->sa_family == AF_INET) ++ if (from->sa_family == AF_INET || !from->sa_family) + setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR, &on, sizeof(on)); + #endif + #ifdef IP_PKTINFO +- if (from->sa_family == AF_INET) ++ if (from->sa_family == AF_INET || !from->sa_family) + setsockopt(s, IPPROTO_IP, IP_PKTINFO, &on, sizeof(on)); + #endif + #ifdef HAVE_IPV6 + #ifdef IPV6_RECVPKTINFO +- if (from->sa_family == AF_INET6) ++ if (from->sa_family == AF_INET6 || !from->sa_family) + setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on, sizeof(on)); + #endif + #endif diff --git a/SOURCES/tftp-rewrite-macro.patch b/SOURCES/tftp-rewrite-macro.patch new file mode 100644 index 0000000..98b0874 --- /dev/null +++ b/SOURCES/tftp-rewrite-macro.patch @@ -0,0 +1,44 @@ +Resolves: #1485943 + +--- a/tftpd/tftpd.c 2017-08-28 09:12:11.681299000 +0200 ++++ b/tftpd/tftpd.c 2017-08-28 13:30:03.109312000 +0200 +@@ -1388,24 +1388,25 @@ + return strlen(p); + + case 'x': +- if (output) { +- if (from.sa.sa_family == AF_INET) { ++ if (from.sa.sa_family == AF_INET) { ++ if (output) { + sprintf(output, "%08lX", + (unsigned long)ntohl(from.si.sin_addr.s_addr)); +- l = 8; ++ } ++ l = 8; + #ifdef HAVE_IPV6 +- } else { +- unsigned char *c = (unsigned char *)SOCKADDR_P(&from); +- p = tb; +- for (l = 0; l < 16; l++) { +- sprintf(p, "%02X", *c); +- c++; +- p += 2; +- } ++ } else { ++ unsigned char *c = (unsigned char *)SOCKADDR_P(&from); ++ p = tb; ++ for (l = 0; l < 16; l++) { ++ sprintf(p, "%02X", *c); ++ c++; ++ p += 2; ++ } ++ if (output) + strcpy(output, tb); +- l = strlen(tb); ++ l = strlen(tb); + #endif +- } + } + return l; + + diff --git a/SOURCES/tftp.service b/SOURCES/tftp.service new file mode 100644 index 0000000..c26ad3b --- /dev/null +++ b/SOURCES/tftp.service @@ -0,0 +1,11 @@ +[Unit] +Description=Tftp Server +Requires=tftp.socket +Documentation=man:in.tftpd + +[Service] +ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot +StandardInput=socket + +[Install] +Also=tftp.socket diff --git a/SOURCES/tftp.socket b/SOURCES/tftp.socket new file mode 100644 index 0000000..8764c1d --- /dev/null +++ b/SOURCES/tftp.socket @@ -0,0 +1,8 @@ +[Unit] +Description=Tftp Server Activation Socket + +[Socket] +ListenDatagram=69 + +[Install] +WantedBy=sockets.target diff --git a/SPECS/tftp.spec b/SPECS/tftp.spec new file mode 100644 index 0000000..7f15983 --- /dev/null +++ b/SPECS/tftp.spec @@ -0,0 +1,463 @@ +%global systemctl_bin /usr/bin/systemctl +%global _hardened_build 1 + +Summary: The client for the Trivial File Transfer Protocol (TFTP) +Name: tftp +Version: 5.2 +Release: 25%{?dist} +License: BSD +Group: Applications/Internet +URL: http://www.kernel.org/pub/software/network/tftp/ +Source0: http://www.kernel.org/pub/software/network/tftp/tftp-hpa/tftp-hpa-%{version}.tar.bz2 +Source1: tftp.socket +Source2: tftp.service + +Patch0: tftp-0.40-remap.patch +Patch2: tftp-hpa-0.39-tzfix.patch +Patch3: tftp-0.42-tftpboot.patch +Patch4: tftp-0.49-chk_retcodes.patch +Patch5: tftp-hpa-0.49-fortify-strcpy-crash.patch +Patch6: tftp-0.49-cmd_arg.patch +Patch7: tftp-hpa-0.49-stats.patch +Patch8: tftp-hpa-5.2-pktinfo.patch +Patch9: tftp-doc.patch +Patch10: tftp-enhanced-logging.patch +Patch11: tftp-rewrite-macro.patch + +BuildRequires: readline-devel autoconf systemd-units + +%description +The Trivial File Transfer Protocol (TFTP) is normally used only for +booting diskless workstations. The tftp package provides the user +interface for TFTP, which allows users to transfer files to and from a +remote machine. This program and TFTP provide very little security, +and should not be enabled unless it is expressly needed. + +%package server +Group: System Environment/Daemons +Summary: The server for the Trivial File Transfer Protocol (TFTP) +Requires: systemd-units +Requires(post): systemd-units +Requires(postun): systemd-units + +%description server +The Trivial File Transfer Protocol (TFTP) is normally used only for +booting diskless workstations. The tftp-server package provides the +server for TFTP, which allows users to transfer files to and from a +remote machine. TFTP provides very little security, and should not be +enabled unless it is expressly needed. The TFTP server is run by using +systemd socket activation, and is disabled by default. + +%prep +%setup -q -n tftp-hpa-%{version} +%patch0 -p1 -b .zero +%patch2 -p1 -b .tzfix +%patch3 -p1 -b .tftpboot +%patch4 -p1 -b .chk_retcodes +%patch5 -p1 -b .fortify-strcpy-crash +%patch6 -p1 -b .cmd_arg +%patch7 -p1 -b .stats +%patch8 -p1 -b .pktinfo +%patch9 -p1 -b .doc +%patch10 -p1 -b .logging +%patch11 -p1 -b .rewrite-macro + +%build +autoreconf +%configure +make %{?_smp_mflags} + +%install +rm -rf ${RPM_BUILD_ROOT} +mkdir -p ${RPM_BUILD_ROOT}%{_bindir} +mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{1,8} +mkdir -p ${RPM_BUILD_ROOT}%{_sbindir} +mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/lib/tftpboot +mkdir -p ${RPM_BUILD_ROOT}%{_unitdir} + +make INSTALLROOT=${RPM_BUILD_ROOT} SBINDIR=%{_sbindir} MANDIR=%{_mandir} INSTALL='install -p' install + +install -p -m 644 %SOURCE1 ${RPM_BUILD_ROOT}%{_unitdir} +install -p -m 644 %SOURCE2 ${RPM_BUILD_ROOT}%{_unitdir} + +%post server +%systemd_post tftp.socket + +%preun server +%systemd_preun tftp.socket + +%postun server +%systemd_postun_with_restart tftp.socket + + +%clean +rm -rf ${RPM_BUILD_ROOT} + +%files +%doc README README.security CHANGES +%{_bindir}/tftp +%{_mandir}/man1/* + +%files server +%doc README README.security CHANGES +%dir %{_localstatedir}/lib/tftpboot +%{_sbindir}/in.tftpd +%{_mandir}/man8/* +%{_unitdir}/* + +%changelog +* Wed Apr 20 2022 Lukáš Zaoral - 5.2-25 +- Fix inconsistent --map-file option spelling in manual (rhbz#2066853) +- Fix memory corruption in tftpd when filename remapping with macro \x + is used (rhbz#2066862) + +* Fri Feb 09 2018 Igor Gnatenko - 5.2-24 +- Escape macros in %%changelog + +* Mon Dec 4 2017 Jan Synáček - 5.2-23 +- remove build dependency on tcp_wrappers (#1518793) + +* Thu Aug 03 2017 Fedora Release Engineering - 5.2-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 5.2-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 5.2-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 12 2017 Igor Gnatenko - 5.2-19 +- Rebuild for readline 7.x + +* Thu Mar 3 2016 Jan Synáček - 5.2-18 +- enhance in.tftpd logging capabilities + +* Fri Feb 05 2016 Fedora Release Engineering - 5.2-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jun 19 2015 Fedora Release Engineering - 5.2-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Aug 18 2014 Fedora Release Engineering - 5.2-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 5.2-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Feb 24 2014 Jan Synáček - 5.2-13 +- add documentation reference to the service file + +* Wed Feb 19 2014 Jan Synáček - 5.2-12 +- start socket as well when starting the service + +* Thu Feb 13 2014 Jan Synáček - 5.2-11 +- don't depend on xinetd anymore (#1059641) + +* Sun Aug 04 2013 Fedora Release Engineering - 5.2-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Apr 23 2013 Jan Synáček - 5.2-9 +- harden the package (#955197) + +* Fri Apr 19 2013 Jan Synáček - 5.2-8 +- documentation fixes + +* Fri Feb 15 2013 Fedora Release Engineering - 5.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Aug 22 2012 Jan Synáček - 5.2-6 +- add systemd-rpm macros +- Resolves: #850338 + +* Sat Jul 21 2012 Fedora Release Engineering - 5.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jul 19 2012 Jan Synáček - 5.2.4 +- make fedora-review-friendly + +* Wed Jul 18 2012 Jan Synáček - 5.2-4 +- update spec: fix Source0 + +* Wed May 30 2012 Jan Synáček - 5.2-4 +- use systemd instead of xinetd as a default + +* Tue May 22 2012 Jan Synáček - 5.2-3 +- provide native systemd service files +- Resolves: #737212 + +* Wed Jan 04 2012 Jiri Skala - 5.2-2 +- fixes #739534 - TFTP to an IP alias of FC15 tftp server failed + +* Wed Dec 14 2011 Jiri Skala - 5.2-1 +- updated to latest upstream - 5.2 + +* Thu Oct 06 2011 Jiri Skala - 5.1-1 +- updated to latest upstream - 5.1 + +* Mon Jun 20 2011 Jiri Skala - 0.49-9 +- fixes #714261 - CVE-2011-2199: buffer overflow when setting utimeout option + +* Wed Feb 09 2011 Fedora Release Engineering - 0.49-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 03 2011 Jiri Skala - 0.49-7 +- fixes #666746 - Packaging mistake: confusing %%doc files patched+unpatched +- fixes printing statistics using -v option + +* Fri May 28 2010 Jiri Skala - 0.49-6 +- patched handling arguments of commands (put) + +* Wed Aug 05 2009 Warren Togami - 0.49-5 +- Bug #515361 tftp FORTIFY_SOURCE strcpy crash + +* Sun Jul 26 2009 Fedora Release Engineering - 0.49-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 0.49-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Jan 15 2009 Jiri Skala - 0.49-2 +- #473487 - unchecked return values + +* Tue Nov 25 2008 Tom "spot" Callaway - 0.49-1 +- update to 0.49 + +* Wed May 21 2008 Warren Togami - 0.48-5 +- fix troubles caused by added symlink + +* Tue May 20 2008 Martin Nagy - 0.48-4 +- add symlink to /var/lib/tftpboot + +* Mon Mar 03 2008 Martin Nagy - 0.48-3 +- changed description (#234099) + +* Mon Feb 11 2008 Martin Nagy - 0.48-2 +- rebuild for gcc-4.3 + +* Tue Jan 22 2008 Martin Nagy - 0.48-1 +- upgrade to 0.48 +- remove the old sigjmp patch (fixed in upstream) +- make some changes in spec file (#226489) + +* Tue Jan 22 2008 Martin Nagy - 0.42-6 +- changed the location of tftpboot directory to /var/lib/ + +* Fri Aug 31 2007 Maros Barabas - 0.42-5 +- rebuild + +* Mon Feb 19 2007 Maros Barabas - 0.42-4 +- make some changes in spec file (review) +- Resolves #226489 + +* Mon Dec 04 2006 Maros Barabas - 0.42-3.2 +- change BuildRequires from tcp_wrappers to tcp_wrappers-devel + +* Wed Jul 12 2006 Jesse Keating - 0.42-3.1 +- rebuild + +* Mon Apr 10 2006 Radek Vokál 0.42-3 +- show localtime instead of GMT (#172274) + +* Wed Mar 22 2006 Radek Vokál 0.42-2 +- fix double free error when hitting ^C (#186201) + +* Wed Feb 22 2006 Radek Vokál 0.42-1 +- upgrade to 0.42 + +* Fri Feb 10 2006 Jesse Keating - 0.41-1.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 0.41-1.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Nov 03 2005 Radek Vokal 0.41-1 +- upstream update (patterns fixes) + +* Tue Apr 19 2005 Radek Vokal 0.40-6 +- fix remap rules convert error + +* Wed Mar 23 2005 Radek Vokal 0.40-5 +- use tftp-xinetd from tarball (#143589) + +* Fri Mar 04 2005 Radek Vokal 0.40-4 +- gcc4 rebuilt + +* Sun Feb 27 2005 Florian La Roche +- Copyright: -> License + +* Wed Jan 12 2005 Tim Waugh 0.40-2 +- Rebuilt for new readline. + +* Mon Nov 15 2004 Radek Vokal 0.40-1 +- Update to new upstream version, fixes #139328 + +* Mon Sep 13 2004 Elliot Lee 0.39-1 +- Update to new version makes tftp work, says upstream. +- Remove malta patch + +* Mon Sep 13 2004 Elliot Lee 0.38-1 +- Update to new version fixes #131736 + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Thu Jun 03 2004 Elliot Lee 0.36-1 +- Update version + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Fri Apr 11 2003 Elliot Lee +- 0.33 +- Add /tftpboot directory (#88204) + +* Mon Feb 24 2003 Elliot Lee +- rebuilt + +* Sun Feb 23 2003 Tim Powers +- add BuildPreReq on tcp_wrappers + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Mon Nov 11 2002 Elliot Lee 0.32-1 +- Update to 0.32 + +* Wed Oct 23 2002 Elliot Lee 0.30-1 +- Fix #55789 +- Update to 0.30 + +* Thu Jun 27 2002 Elliot Lee +- Try applying HJ's patch from #65476 + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Mon Jun 17 2002 Elliot Lee +- Update to 0.29 + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Tue Dec 18 2001 Elliot Lee 0.17-15 +- Add patch4: netkit-tftp-0.17-defaultport.patch for bug #57562 +- Update to tftp-hpa-0.28 (bug #56131) +- Remove include/arpa/tftp.h to fix #57259 +- Add resource limits in tftp-xinetd (#56722) + +* Sun Jun 24 2001 Elliot Lee +- Bump release + rebuild. + +* Tue Jun 12 2001 Helge Deller (0.17-13) +- updated tftp-hpa source to tftp-hpa-0.17 +- tweaked specfile with different defines for tftp-netkit and tftp-hpa version +- use hpa's tftpd.8 man page instead of the netkits one + +* Mon May 07 2001 Helge Deller +- rebuilt in 7.1.x + +* Wed Apr 18 2001 Helge Deller +- fix tftp client's put problems (#29529) +- update to tftp-hpa-0.16 + +* Wed Apr 4 2001 Jakub Jelinek +- don't let configure to guess compiler, it can pick up egcs + +* Thu Feb 08 2001 Helge Deller +- changed "wait" in xinetd file to "yes" (hpa-tftpd forks and exits) (#26467) +- fixed hpa-tftpd to handle files greater than 32MB (#23725) +- added "-l" flag to hpa-tftpd for file-logging (#26467) +- added description for "-l" to the man-page + +* Thu Feb 08 2001 Helge Deller +- updated tftp client to 0.17 stable (#19640), +- drop dependency on xinetd for tftp client (#25051), + +* Wed Jan 17 2001 Jeff Johnson +- xinetd shouldn't wait on tftp (which forks) (#23923). + +* Sat Jan 6 2001 Jeff Johnson +- fix to permit tftp put's (#18128). +- startup as root with chroot to /tftpboot with early reversion to nobody + is preferable to starting as nobody w/o ability to chroot. +- %%post is needed by server, not client. Add %%postun for erasure as well. + +* Wed Aug 23 2000 Nalin Dahyabhai +- default to being disabled + +* Thu Aug 17 2000 Jeff Johnson +- correct group. + +* Tue Jul 25 2000 Nalin Dahyabhai +- change user from root to nobody + +* Sat Jul 22 2000 Jeff Johnson +- update to tftp-hpa-0.14 (#14003). +- add server_args (#14003). +- remove -D_BSD_SOURCE (#14003). + +* Fri Jul 21 2000 Nalin Dahyabhai +- cook up an xinetd config file for tftpd + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Sun Jun 18 2000 Jeff Johnson +- FHS packaging. +- update to 0.17. + +* Fri May 5 2000 Matt Wilson +- use _BSD_SOURCE for hpa's tftpd so we get BSD signal semantics. + +* Fri Feb 11 2000 Bill Nottingham +- fix description + +* Wed Feb 9 2000 Jeff Johnson +- compress man pages (again). + +* Wed Feb 02 2000 Cristian Gafton +- man pages are compressed +- fix description and summary + +* Tue Jan 4 2000 Bill Nottingham +- split client and server + +* Tue Dec 21 1999 Jeff Johnson +- update to 0.16. + +* Sat Aug 28 1999 Jeff Johnson +- update to 0.15. + +* Wed Apr 7 1999 Jeff Johnson +- tftpd should truncate file when overwriting (#412) + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 22) + +* Mon Mar 15 1999 Jeff Johnson +- compile for 6.0. + +* Fri Aug 7 1998 Jeff Johnson +- build root + +* Mon Apr 27 1998 Prospector System +- translations modified for de, fr, tr + +* Mon Sep 22 1997 Erik Troan +- added check for getpwnam() failure + +* Tue Jul 15 1997 Erik Troan +- initial build