diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2021-01-22 20:28:19 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2021-01-22 20:28:19 +0000 |
commit | abaa75b10f899ada8dd05b23cc03205064394bc6 (patch) | |
tree | eca3dd248b73b92013cba00a0fcc1edf2696e19a /net-ftp/atftp | |
parent | 24fd814c326e282c4321965c31f341dad77e270d (diff) |
gentoo resync : 22.01.2021
Diffstat (limited to 'net-ftp/atftp')
-rw-r--r-- | net-ftp/atftp/Manifest | 4 | ||||
-rw-r--r-- | net-ftp/atftp/atftp-0.7.2-r2.ebuild | 68 | ||||
-rw-r--r-- | net-ftp/atftp/atftp-0.7.2-r3.ebuild | 69 | ||||
-rw-r--r-- | net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch | 92 | ||||
-rw-r--r-- | net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch | 38 |
5 files changed, 271 insertions, 0 deletions
diff --git a/net-ftp/atftp/Manifest b/net-ftp/atftp/Manifest index ea1a3b29812f..49855c910e4c 100644 --- a/net-ftp/atftp/Manifest +++ b/net-ftp/atftp/Manifest @@ -1,8 +1,12 @@ AUX atftp-0.7.2-CFLAGS.patch 611 BLAKE2B a897ae1d9f03387283826c5b9795028b9190ca5a55e9db795d6a3753c7ce45ccd75a8d37eb2de228bd1b8fc57472fb3f662860c0f1efdc5a0ceab2d1a178c1dc SHA512 b020e761af2b73193e0bc3ef0e11e293babdfaedeac5429f3ad89079d686ce9c69737a4f74e147a023a92a2424241d61f17574feaadc39a5b6bd361245886c8a +AUX atftp-0.7.2-cve-2020-6097.patch 3433 BLAKE2B 3ea6ac0bf80a8750535b1184d7b9d8e6023d5678ebf1150fce02b268a4e44ba08f4350d1c7ee4e3bb9dc5676d3b0c75db4e95fb637c9cbcb5f074fb0d9ec28e4 SHA512 0677ffc38f1e94036596ab58f356c351d53b4440cbb37b96f265fe335d1595003ff3e773cb1b5ab5af3be31a4a93af30188fe1ea88cd9cb5a7cb65e385932bd5 +AUX atftp-0.7.2-fewer_seeks.patch 1398 BLAKE2B 6ac60c1953a1849700fd7e00cce78c2481667846aad6966f6df570d1cc29b69524edd8a9763dbafdfaee219a27666a6b8d8857350521813338729c0dfe553a11 SHA512 f83f98419487d4caa861ec16fe3250e4421a0cb9366a3aca3bb6dbda1141ec19cb0318aa5d00740672d99a73b28353a220138e86d30a370d902dcd606a5da40c AUX atftp.confd 105 BLAKE2B 6672479bce2240d4c34c70853227a769fa45c06e4b5c04f7d5aebdbceb0987316a9ec906182cacf5337fce5190aeac3bfc4cda0be72b8d48e99a5b2cbc2eca0e SHA512 cdbd63df16c2cee7491209de8ec44e05e10beccc6286cf7cb1c5dc7731c616d41bc94ce4d6c020b4ac8bb77b27956e9ee36d9b5703dcd3477e8b14927d154b91 AUX atftp.init 438 BLAKE2B 1783431801dbf04353bde6c3766c7d0acdd06b8ec853c8fba5cf1bbfe6c7020b55305f44992e3921a63654f290a28c28373dd94f925188c72105c8a3dd047dca SHA512 b64f78658d2da17a4fe4237835c0a6a0cc59d0b7278e8f6f49673ffd8a97a9473e4773b43bcc70d312043ee4324d8105c50f0cfcf6055c0755ce598c9d7e5a23 AUX atftp.service 233 BLAKE2B 4c9a1a8041ffc4cdf71a24800494f340121beb9bde9760fa090b9e515ef0b2aa7dd73173543c75fde465dbf9cc229b04acc9e72c296fa27cace2063128de06c6 SHA512 533372c4863e39d6139ddc491c2b2b2051f1094a90d9854879f28bae7975c8dc997696318794cd1136f9cc542a8f418ad8361b87dd6b3455445d8528d2cc993a AUX atftp.service.conf 45 BLAKE2B dd52bd3ef0d72f28d2e317282026d354b6023f8b51634d0374623c782afacae1284f5385967dfa91026553845f9283be59b4c7d96031da85261067b7be6544f7 SHA512 661befb6873eee6c0ed25fd5cb156e3d7c4ef801d2f58cda8df0f0c5fd851c7eb28089a9399529164c61505963e9d10143df2195d57ff66f85ad0e2750fbbd57 DIST atftp-0.7.2.tar.gz 248038 BLAKE2B 3ca44624bf989009c2ebd0ae97927b0784e3c617a79a1bd00212a72a185302cf84f51c8bcda2012981d67cfed4d241b70f8719e78155207608f07a2227e6c437 SHA512 d602bb69451175a36e619abcff412ab1f6d0e7baf8c3f9a2b32081530fbc5816157404b80d42a8b6caa89cc83675b5cbeefcd57a5d98b8f5b43c6254b20ef28b EBUILD atftp-0.7.2-r1.ebuild 1454 BLAKE2B 1dd9278366a7bbc136e6f7fcf584a7f52076de01a53cdf2b65e486bd1582c75211cca6e7380ddc8978f3760a369be5b580dfcac99c4d5672e9a86a8478ff8450 SHA512 a7f27b1c0087aceb9f8c4e9e645cc932b9d69faecc0a7d51529f8395017a2a8ea8a25f9a882f2d128fbd0cb4a51b53cc351b2310b12ae207e543047bc32801c0 +EBUILD atftp-0.7.2-r2.ebuild 1499 BLAKE2B e1fedac27e5d2b097d706c3ee99d03df03ad27ad61c4297c83d222f3a5b4c69b1d3b6ee4966622db073d2e18ccde24ebe4e16508bac156e88027d34086faa45b SHA512 de134e6a16c57f253af44b1a53e5c1f849943e52683f06d4945d042cd4c4f1bcd776379fcae0176149395617efe6f2b5ef9d587ccb2f7ab35cf683bde2164a03 +EBUILD atftp-0.7.2-r3.ebuild 1537 BLAKE2B 1e56e24731a2f43d58b6a819c8f561c2669240fc87553d1d187047f0d27303a785828b7d0c976d5eb32d76c2c76c7277158d77369e71d66c0f3ea5315bc81d3c SHA512 0208bfc439df1b605bbdb8aeb5d91fea46c45196cb5417340f636f1c149e606ab06f2eb75c8dd57ee5bdb7b44336ff44eeec7cac282ce0c9622cfd2ad7dc3897 MISC metadata.xml 418 BLAKE2B 882119fa041eaa33650c5e3efaa440e3ed25056f05dda4667a150a8646f32f620b3479821b0e6c3220541afd811f35b6060127aa58b98e7604fc498536e8c724 SHA512 cff57d66fe14a48905bd9280e15f794a66df58f83fff73290db3dc7a8d2196c5ffba05693d9e8909e3bf710bb05b72e00001747bd9d92379a7cdfc0dbaba57cb diff --git a/net-ftp/atftp/atftp-0.7.2-r2.ebuild b/net-ftp/atftp/atftp-0.7.2-r2.ebuild new file mode 100644 index 000000000000..28a0da5d668f --- /dev/null +++ b/net-ftp/atftp/atftp-0.7.2-r2.ebuild @@ -0,0 +1,68 @@ +# Copyright 2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +inherit autotools flag-o-matic systemd + +DESCRIPTION="Advanced TFTP implementation client/server" +HOMEPAGE="https://sourceforge.net/projects/atftp/" +SRC_URI="mirror://sourceforge/atftp/${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~s390 ~sparc ~x86" +IUSE="selinux tcpd readline pcre" + +DEPEND="tcpd? ( sys-apps/tcp-wrappers ) + readline? ( sys-libs/readline:0= ) + pcre? ( dev-libs/libpcre )" +RDEPEND="${DEPEND} + !net-ftp/tftp-hpa + !net-ftp/uftpd + selinux? ( sec-policy/selinux-tftp )" +BDEPEND="" + +PATCHES=( + "${FILESDIR}/${P}-CFLAGS.patch" + "${FILESDIR}/${P}-cve-2020-6097.patch" +) + +src_prepare() { + append-cppflags -D_REENTRANT -DRATE_CONTROL + # fix #561720 by restoring pre-GCC5 inline semantics + append-cflags -std=gnu89 + + default + eautoreconf +} + +src_configure() { + econf \ + $(use_enable tcpd libwrap) \ + $(use_enable readline libreadline) \ + $(use_enable pcre libpcre) \ + --enable-mtftp +} + +src_test() { + cd "${S}"/test || die + # Try to run the tests + ./test.sh || die +} + +src_install() { + default + + newinitd "${FILESDIR}"/atftp.init atftp + newconfd "${FILESDIR}"/atftp.confd atftp + + systemd_dounit "${FILESDIR}"/atftp.service + systemd_install_serviced "${FILESDIR}"/atftp.service.conf + + dodoc README* BUGS FAQ Changelog INSTALL TODO + dodoc "${S}"/docs/* + + docinto test + cd "${S}"/test || die + dodoc load.sh mtftp.conf pcre_pattern.txt test.sh test_suite.txt +} diff --git a/net-ftp/atftp/atftp-0.7.2-r3.ebuild b/net-ftp/atftp/atftp-0.7.2-r3.ebuild new file mode 100644 index 000000000000..0b2c1e633f95 --- /dev/null +++ b/net-ftp/atftp/atftp-0.7.2-r3.ebuild @@ -0,0 +1,69 @@ +# Copyright 2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +inherit autotools flag-o-matic systemd + +DESCRIPTION="Advanced TFTP implementation client/server" +HOMEPAGE="https://sourceforge.net/projects/atftp/" +SRC_URI="mirror://sourceforge/atftp/${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~s390 ~sparc ~x86" +IUSE="selinux tcpd readline pcre" + +DEPEND="tcpd? ( sys-apps/tcp-wrappers ) + readline? ( sys-libs/readline:0= ) + pcre? ( dev-libs/libpcre )" +RDEPEND="${DEPEND} + !net-ftp/tftp-hpa + !net-ftp/uftpd + selinux? ( sec-policy/selinux-tftp )" +BDEPEND="" + +PATCHES=( + "${FILESDIR}/${P}-CFLAGS.patch" + "${FILESDIR}/${P}-cve-2020-6097.patch" + "${FILESDIR}/${P}-fewer_seeks.patch" +) + +src_prepare() { + append-cppflags -D_REENTRANT -DRATE_CONTROL + # fix #561720 by restoring pre-GCC5 inline semantics + append-cflags -std=gnu89 + + default + eautoreconf +} + +src_configure() { + econf \ + $(use_enable tcpd libwrap) \ + $(use_enable readline libreadline) \ + $(use_enable pcre libpcre) \ + --enable-mtftp +} + +src_test() { + cd "${S}"/test || die + # Try to run the tests + ./test.sh || die +} + +src_install() { + default + + newinitd "${FILESDIR}"/atftp.init atftp + newconfd "${FILESDIR}"/atftp.confd atftp + + systemd_dounit "${FILESDIR}"/atftp.service + systemd_install_serviced "${FILESDIR}"/atftp.service.conf + + dodoc README* BUGS FAQ Changelog INSTALL TODO + dodoc "${S}"/docs/* + + docinto test + cd "${S}"/test || die + dodoc load.sh mtftp.conf pcre_pattern.txt test.sh test_suite.txt +} diff --git a/net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch b/net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch new file mode 100644 index 000000000000..5130d0086432 --- /dev/null +++ b/net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch @@ -0,0 +1,92 @@ +commit 96409ef3b9ca061f9527cfaafa778105cf15d994 +Author: Peter Kaestle <peter.kaestle@nokia.com> +Date: Wed Oct 14 14:02:41 2020 +0200 + + Fix for DoS issue CVE-2020-6097 + + "sockaddr_print_addr" of tftpd can be triggered remotely to call + assert(), which will crash the tftpd daemon. See: + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029 + + "sockaddr_print_addr" originaly had two features: + 1) returning pointer to string of the incoming ip address + 2) checking whether ss_family of the connection is supported + + To fix the issue, a separate function "sockaddr_family_supported" is + used to take care of 2) and "sockaddr_print_addr" returns an error + message string for unsupported cases when using 1) insert of calling + assert(). + +diff --git a/tftp_def.c b/tftp_def.c +index d457c2a..428a930 100644 +--- a/tftp_def.c ++++ b/tftp_def.c +@@ -180,6 +180,15 @@ int Gethostbyname(char *addr, struct hostent *host) + return OK; + } + ++int ++sockaddr_family_supported(const struct sockaddr_storage *ss) ++{ ++ if (ss->ss_family == AF_INET || ss->ss_family == AF_INET6) ++ return 1; ++ else ++ return 0; ++} ++ + char * + sockaddr_print_addr(const struct sockaddr_storage *ss, char *buf, size_t len) + { +@@ -189,7 +198,7 @@ sockaddr_print_addr(const struct sockaddr_storage *ss, char *buf, size_t len) + else if (ss->ss_family == AF_INET6) + addr = &((const struct sockaddr_in6 *)ss)->sin6_addr; + else +- assert(!"sockaddr_print: unsupported address family"); ++ return "sockaddr_print: unsupported address family"; + return (char *)inet_ntop(ss->ss_family, addr, buf, len); + } + +diff --git a/tftp_def.h b/tftp_def.h +index 0841746..458e310 100644 +--- a/tftp_def.h ++++ b/tftp_def.h +@@ -54,6 +54,7 @@ int print_eng(double value, char *string, int size, char *format); + inline char *Strncpy(char *to, const char *from, size_t size); + int Gethostbyname(char *addr, struct hostent *host); + ++int sockaddr_family_supported(const struct sockaddr_storage *ss); + char *sockaddr_print_addr(const struct sockaddr_storage *, char *, size_t); + #define SOCKADDR_PRINT_ADDR_LEN INET6_ADDRSTRLEN + uint16_t sockaddr_get_port(const struct sockaddr_storage *); +diff --git a/tftpd.c b/tftpd.c +index 0b6f6a5..a7561a5 100644 +--- a/tftpd.c ++++ b/tftpd.c +@@ -644,6 +644,11 @@ void *tftpd_receive_request(void *arg) + } + + #ifdef HAVE_WRAP ++ if (!abort && !sockaddr_family_supported(&data->client_info->client)) ++ { ++ logger(LOG_ERR, "Connection from unsupported network address family refused"); ++ abort = 1; ++ } + if (!abort) + { + /* Verify the client has access. We don't look for the name but +diff --git a/tftpd_mtftp.c b/tftpd_mtftp.c +index d420d10..0032905 100644 +--- a/tftpd_mtftp.c ++++ b/tftpd_mtftp.c +@@ -393,6 +393,11 @@ void *tftpd_mtftp_server(void *arg) + &data_size, data->data_buffer); + + #ifdef HAVE_WRAP ++ if (!sockaddr_family_supported(&sa)) ++ { ++ logger(LOG_ERR, "mtftp: Connection from unsupported network address family refused"); ++ continue; ++ } + /* Verify the client has access. We don't look for the name but + rely only on the IP address for that. */ + sockaddr_print_addr(&sa, addr_str, sizeof(addr_str)); diff --git a/net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch b/net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch new file mode 100644 index 000000000000..78926b94b9f7 --- /dev/null +++ b/net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch @@ -0,0 +1,38 @@ +<F28>diff -U8 atftp-0.7.2/tftp_io.c /var/tmp/portage/net-ftp/atftp-0.7.2-r1/work/atftp-0.7.2/tftp_io.c +--- atftp-0.7.2/tftp_io.c 2019-04-14 17:38:55.000000000 -0500 ++++ /var/tmp/portage/net-ftp/atftp-0.7.2-r1/work/atftp-0.7.2/tftp_io.c 2020-03-16 12:55:22.371820662 -0500 +@@ -439,26 +439,32 @@ + } + + /* + * Write to file and do netascii conversion if needed + */ + int tftp_file_write(FILE *fp, char *data_buffer, int data_buffer_size, long block_number, int data_size, + int convert, long *prev_block_number, int *temp) + { ++ static long filepos; + int bytes_written; + int c; + char prevchar = *temp; + + if (!convert) + { + /* Simple case, just seek and write */ +- if (fseek(fp, (block_number - 1) * data_buffer_size, SEEK_SET) != 0) +- return 0; ++ long position = (block_number - 1)*data_buffer_size; ++ if (position != filepos) ++ if (fseek(fp, position, SEEK_SET) != 0) ++ return 0; ++ else ++ filepos = position; + bytes_written = fwrite(data_buffer, 1, data_size, fp); ++ filepos += bytes_written; + } + else if (block_number != *prev_block_number) + { + /* + * Same principle than for reading, but simpler since when client + * send same block twice there is no need to rewrite it to the + * file + */ |