From 40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 28 Apr 2021 20:21:43 +0100 Subject: gentoo resync : 28.04.2021 --- net-ftp/atftp/Manifest | 7 +- net-ftp/atftp/atftp-0.7.2-r2.ebuild | 68 ---------------- net-ftp/atftp/atftp-0.7.2-r3.ebuild | 69 ---------------- net-ftp/atftp/atftp-0.7.4.ebuild | 2 +- .../atftp/files/atftp-0.7.2-cve-2020-6097.patch | 92 ---------------------- net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch | 38 --------- 6 files changed, 2 insertions(+), 274 deletions(-) delete mode 100644 net-ftp/atftp/atftp-0.7.2-r2.ebuild delete mode 100644 net-ftp/atftp/atftp-0.7.2-r3.ebuild delete mode 100644 net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch delete mode 100644 net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch (limited to 'net-ftp/atftp') diff --git a/net-ftp/atftp/Manifest b/net-ftp/atftp/Manifest index 9b0bde18ea61..982cd80bb6ca 100644 --- a/net-ftp/atftp/Manifest +++ b/net-ftp/atftp/Manifest @@ -1,13 +1,8 @@ AUX atftp-0.7.2-CFLAGS.patch 611 BLAKE2B a897ae1d9f03387283826c5b9795028b9190ca5a55e9db795d6a3753c7ce45ccd75a8d37eb2de228bd1b8fc57472fb3f662860c0f1efdc5a0ceab2d1a178c1dc SHA512 b020e761af2b73193e0bc3ef0e11e293babdfaedeac5429f3ad89079d686ce9c69737a4f74e147a023a92a2424241d61f17574feaadc39a5b6bd361245886c8a -AUX atftp-0.7.2-cve-2020-6097.patch 3433 BLAKE2B 3ea6ac0bf80a8750535b1184d7b9d8e6023d5678ebf1150fce02b268a4e44ba08f4350d1c7ee4e3bb9dc5676d3b0c75db4e95fb637c9cbcb5f074fb0d9ec28e4 SHA512 0677ffc38f1e94036596ab58f356c351d53b4440cbb37b96f265fe335d1595003ff3e773cb1b5ab5af3be31a4a93af30188fe1ea88cd9cb5a7cb65e385932bd5 -AUX atftp-0.7.2-fewer_seeks.patch 1398 BLAKE2B 6ac60c1953a1849700fd7e00cce78c2481667846aad6966f6df570d1cc29b69524edd8a9763dbafdfaee219a27666a6b8d8857350521813338729c0dfe553a11 SHA512 f83f98419487d4caa861ec16fe3250e4421a0cb9366a3aca3bb6dbda1141ec19cb0318aa5d00740672d99a73b28353a220138e86d30a370d902dcd606a5da40c AUX atftp.confd 105 BLAKE2B 6672479bce2240d4c34c70853227a769fa45c06e4b5c04f7d5aebdbceb0987316a9ec906182cacf5337fce5190aeac3bfc4cda0be72b8d48e99a5b2cbc2eca0e SHA512 cdbd63df16c2cee7491209de8ec44e05e10beccc6286cf7cb1c5dc7731c616d41bc94ce4d6c020b4ac8bb77b27956e9ee36d9b5703dcd3477e8b14927d154b91 AUX atftp.init 438 BLAKE2B 1783431801dbf04353bde6c3766c7d0acdd06b8ec853c8fba5cf1bbfe6c7020b55305f44992e3921a63654f290a28c28373dd94f925188c72105c8a3dd047dca SHA512 b64f78658d2da17a4fe4237835c0a6a0cc59d0b7278e8f6f49673ffd8a97a9473e4773b43bcc70d312043ee4324d8105c50f0cfcf6055c0755ce598c9d7e5a23 AUX atftp.service 233 BLAKE2B 4c9a1a8041ffc4cdf71a24800494f340121beb9bde9760fa090b9e515ef0b2aa7dd73173543c75fde465dbf9cc229b04acc9e72c296fa27cace2063128de06c6 SHA512 533372c4863e39d6139ddc491c2b2b2051f1094a90d9854879f28bae7975c8dc997696318794cd1136f9cc542a8f418ad8361b87dd6b3455445d8528d2cc993a AUX atftp.service.conf 45 BLAKE2B dd52bd3ef0d72f28d2e317282026d354b6023f8b51634d0374623c782afacae1284f5385967dfa91026553845f9283be59b4c7d96031da85261067b7be6544f7 SHA512 661befb6873eee6c0ed25fd5cb156e3d7c4ef801d2f58cda8df0f0c5fd851c7eb28089a9399529164c61505963e9d10143df2195d57ff66f85ad0e2750fbbd57 -DIST atftp-0.7.2.tar.gz 248038 BLAKE2B 3ca44624bf989009c2ebd0ae97927b0784e3c617a79a1bd00212a72a185302cf84f51c8bcda2012981d67cfed4d241b70f8719e78155207608f07a2227e6c437 SHA512 d602bb69451175a36e619abcff412ab1f6d0e7baf8c3f9a2b32081530fbc5816157404b80d42a8b6caa89cc83675b5cbeefcd57a5d98b8f5b43c6254b20ef28b DIST atftp-0.7.4.tar.gz 249699 BLAKE2B 8aa30df1cc92982b0e718cd9bcc68cf397e29f6abb795cf9fdfd0b9942d9a7dd16beafb24d69d7339f9ab4cbda16404eadf40096a8dfdb684fbc7ec1c7f81c9f SHA512 f9ff9b72b7d1d659d4ca00d990c28b9da8dea0228e66610ee2d17a3959fcd142998a7539f8ea68effdfe830d2f5e68c154a2911afb9cad52acd24a6a642d76a4 -EBUILD atftp-0.7.2-r2.ebuild 1494 BLAKE2B 1b360f602465ee0dea30a42151ec36cb3d0b918d80dad948b25ee2851f994586cbaecdc893e75d4d782a785ae1769188944581aa84b2e4087f2550b4186caee8 SHA512 4f11fd15e3b4504a973b07c70383f1e9edfd16e5a42b824eda20e63fc6bf87c96439a91c1cf68fbfcc8a914dfbb0a9bc52992b3b30e1fd1a0ccf620d89297553 -EBUILD atftp-0.7.2-r3.ebuild 1532 BLAKE2B 2fde64746a10e04536b39f70f745ca4e8d8a8c4be0ba38365be588c3ec7e247c7e08df5caf0875a3b02a93915bfc32b91943590de8d39e494972e90c760eede5 SHA512 1f65881c2b27ab97f05cdd4dab33ae41f4869b54ec661269568beea6df376076145cfecbdede0e0103f6534aa9f1c829812e84b9c13bf5f8e1f7d4d5f03d25b7 -EBUILD atftp-0.7.4.ebuild 1452 BLAKE2B 38eb6f305fbdf1b4c668c33852fe81a25e57bb9149c03edd953569b5ba064ebb85805c08b8b025de3d5ad8795ddcb53fc82e7457bf4f4818aecd0ea79f044f3b SHA512 a2dfb54ad97a0c36954d207372e01c973aa62246e39a39e0da9020e29663f618bb6ea46ce7a3786699cf150ea42c29f116d3b5a7ae69ff0b261dac0ea89bd1d7 +EBUILD atftp-0.7.4.ebuild 1447 BLAKE2B 6508f1a2d3be859cb6cfb6e44ac306811342a6522f3b305bd3714b23b8d6ba9ab601495a1742ce24e7e8fda907347e4c60e897b2ee083fb484563aeec79b0889 SHA512 5d69276f37f510e10884a67a3ee8010bfff68076e5d10550a0b689fee35672804c18cc3feae8e7397cfed4a000e474707976dd50d6924e3f7909245090c0bce0 MISC metadata.xml 448 BLAKE2B 402322d0c162daf12b319730a1a48c5000d823851140ee31a577927cf2b5e6ea3a2d25c71a7cf9b71f7bcb569685154658c544b3f35a12a148dcc8a57e348609 SHA512 2d70e060eb79a7b0c0b6683472d158fd1f87397345707ac961d87dc202ab4029de9067454e62d29654bc0df207bd542c894fc62f0f296daf6db7963be32d2165 diff --git a/net-ftp/atftp/atftp-0.7.2-r2.ebuild b/net-ftp/atftp/atftp-0.7.2-r2.ebuild deleted file mode 100644 index fec89f3f92a4..000000000000 --- a/net-ftp/atftp/atftp-0.7.2-r2.ebuild +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -inherit autotools flag-o-matic systemd - -DESCRIPTION="Advanced TFTP implementation client/server" -HOMEPAGE="https://sourceforge.net/projects/atftp/" -SRC_URI="mirror://sourceforge/atftp/${P}.tar.gz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="amd64 arm ppc ppc64 ~s390 ~sparc x86" -IUSE="selinux tcpd readline pcre" - -DEPEND="tcpd? ( sys-apps/tcp-wrappers ) - readline? ( sys-libs/readline:0= ) - pcre? ( dev-libs/libpcre )" -RDEPEND="${DEPEND} - !net-ftp/tftp-hpa - !net-ftp/uftpd - selinux? ( sec-policy/selinux-tftp )" -BDEPEND="" - -PATCHES=( - "${FILESDIR}/${P}-CFLAGS.patch" - "${FILESDIR}/${P}-cve-2020-6097.patch" -) - -src_prepare() { - append-cppflags -D_REENTRANT -DRATE_CONTROL - # fix #561720 by restoring pre-GCC5 inline semantics - append-cflags -std=gnu89 - - default - eautoreconf -} - -src_configure() { - econf \ - $(use_enable tcpd libwrap) \ - $(use_enable readline libreadline) \ - $(use_enable pcre libpcre) \ - --enable-mtftp -} - -src_test() { - cd "${S}"/test || die - # Try to run the tests - ./test.sh || die -} - -src_install() { - default - - newinitd "${FILESDIR}"/atftp.init atftp - newconfd "${FILESDIR}"/atftp.confd atftp - - systemd_dounit "${FILESDIR}"/atftp.service - systemd_install_serviced "${FILESDIR}"/atftp.service.conf - - dodoc README* BUGS FAQ Changelog INSTALL TODO - dodoc "${S}"/docs/* - - docinto test - cd "${S}"/test || die - dodoc load.sh mtftp.conf pcre_pattern.txt test.sh test_suite.txt -} diff --git a/net-ftp/atftp/atftp-0.7.2-r3.ebuild b/net-ftp/atftp/atftp-0.7.2-r3.ebuild deleted file mode 100644 index 575196956ef2..000000000000 --- a/net-ftp/atftp/atftp-0.7.2-r3.ebuild +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright 2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -inherit autotools flag-o-matic systemd - -DESCRIPTION="Advanced TFTP implementation client/server" -HOMEPAGE="https://sourceforge.net/projects/atftp/" -SRC_URI="mirror://sourceforge/atftp/${P}.tar.gz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="amd64 arm ppc ppc64 ~s390 ~sparc x86" -IUSE="selinux tcpd readline pcre" - -DEPEND="tcpd? ( sys-apps/tcp-wrappers ) - readline? ( sys-libs/readline:0= ) - pcre? ( dev-libs/libpcre )" -RDEPEND="${DEPEND} - !net-ftp/tftp-hpa - !net-ftp/uftpd - selinux? ( sec-policy/selinux-tftp )" -BDEPEND="" - -PATCHES=( - "${FILESDIR}/${P}-CFLAGS.patch" - "${FILESDIR}/${P}-cve-2020-6097.patch" - "${FILESDIR}/${P}-fewer_seeks.patch" -) - -src_prepare() { - append-cppflags -D_REENTRANT -DRATE_CONTROL - # fix #561720 by restoring pre-GCC5 inline semantics - append-cflags -std=gnu89 - - default - eautoreconf -} - -src_configure() { - econf \ - $(use_enable tcpd libwrap) \ - $(use_enable readline libreadline) \ - $(use_enable pcre libpcre) \ - --enable-mtftp -} - -src_test() { - cd "${S}"/test || die - # Try to run the tests - ./test.sh || die -} - -src_install() { - default - - newinitd "${FILESDIR}"/atftp.init atftp - newconfd "${FILESDIR}"/atftp.confd atftp - - systemd_dounit "${FILESDIR}"/atftp.service - systemd_install_serviced "${FILESDIR}"/atftp.service.conf - - dodoc README* BUGS FAQ Changelog INSTALL TODO - dodoc "${S}"/docs/* - - docinto test - cd "${S}"/test || die - dodoc load.sh mtftp.conf pcre_pattern.txt test.sh test_suite.txt -} diff --git a/net-ftp/atftp/atftp-0.7.4.ebuild b/net-ftp/atftp/atftp-0.7.4.ebuild index 1a1fe73e17ea..b467be06846f 100644 --- a/net-ftp/atftp/atftp-0.7.4.ebuild +++ b/net-ftp/atftp/atftp-0.7.4.ebuild @@ -10,7 +10,7 @@ SRC_URI="mirror://sourceforge/atftp/${P}.tar.gz" LICENSE="GPL-2+" SLOT="0" -KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~s390 ~sparc ~x86" +KEYWORDS="amd64 arm ppc ppc64 ~s390 ~sparc x86" IUSE="selinux tcpd readline pcre" DEPEND="tcpd? ( sys-apps/tcp-wrappers ) diff --git a/net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch b/net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch deleted file mode 100644 index 5130d0086432..000000000000 --- a/net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch +++ /dev/null @@ -1,92 +0,0 @@ -commit 96409ef3b9ca061f9527cfaafa778105cf15d994 -Author: Peter Kaestle -Date: Wed Oct 14 14:02:41 2020 +0200 - - Fix for DoS issue CVE-2020-6097 - - "sockaddr_print_addr" of tftpd can be triggered remotely to call - assert(), which will crash the tftpd daemon. See: - https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029 - - "sockaddr_print_addr" originaly had two features: - 1) returning pointer to string of the incoming ip address - 2) checking whether ss_family of the connection is supported - - To fix the issue, a separate function "sockaddr_family_supported" is - used to take care of 2) and "sockaddr_print_addr" returns an error - message string for unsupported cases when using 1) insert of calling - assert(). - -diff --git a/tftp_def.c b/tftp_def.c -index d457c2a..428a930 100644 ---- a/tftp_def.c -+++ b/tftp_def.c -@@ -180,6 +180,15 @@ int Gethostbyname(char *addr, struct hostent *host) - return OK; - } - -+int -+sockaddr_family_supported(const struct sockaddr_storage *ss) -+{ -+ if (ss->ss_family == AF_INET || ss->ss_family == AF_INET6) -+ return 1; -+ else -+ return 0; -+} -+ - char * - sockaddr_print_addr(const struct sockaddr_storage *ss, char *buf, size_t len) - { -@@ -189,7 +198,7 @@ sockaddr_print_addr(const struct sockaddr_storage *ss, char *buf, size_t len) - else if (ss->ss_family == AF_INET6) - addr = &((const struct sockaddr_in6 *)ss)->sin6_addr; - else -- assert(!"sockaddr_print: unsupported address family"); -+ return "sockaddr_print: unsupported address family"; - return (char *)inet_ntop(ss->ss_family, addr, buf, len); - } - -diff --git a/tftp_def.h b/tftp_def.h -index 0841746..458e310 100644 ---- a/tftp_def.h -+++ b/tftp_def.h -@@ -54,6 +54,7 @@ int print_eng(double value, char *string, int size, char *format); - inline char *Strncpy(char *to, const char *from, size_t size); - int Gethostbyname(char *addr, struct hostent *host); - -+int sockaddr_family_supported(const struct sockaddr_storage *ss); - char *sockaddr_print_addr(const struct sockaddr_storage *, char *, size_t); - #define SOCKADDR_PRINT_ADDR_LEN INET6_ADDRSTRLEN - uint16_t sockaddr_get_port(const struct sockaddr_storage *); -diff --git a/tftpd.c b/tftpd.c -index 0b6f6a5..a7561a5 100644 ---- a/tftpd.c -+++ b/tftpd.c -@@ -644,6 +644,11 @@ void *tftpd_receive_request(void *arg) - } - - #ifdef HAVE_WRAP -+ if (!abort && !sockaddr_family_supported(&data->client_info->client)) -+ { -+ logger(LOG_ERR, "Connection from unsupported network address family refused"); -+ abort = 1; -+ } - if (!abort) - { - /* Verify the client has access. We don't look for the name but -diff --git a/tftpd_mtftp.c b/tftpd_mtftp.c -index d420d10..0032905 100644 ---- a/tftpd_mtftp.c -+++ b/tftpd_mtftp.c -@@ -393,6 +393,11 @@ void *tftpd_mtftp_server(void *arg) - &data_size, data->data_buffer); - - #ifdef HAVE_WRAP -+ if (!sockaddr_family_supported(&sa)) -+ { -+ logger(LOG_ERR, "mtftp: Connection from unsupported network address family refused"); -+ continue; -+ } - /* Verify the client has access. We don't look for the name but - rely only on the IP address for that. */ - sockaddr_print_addr(&sa, addr_str, sizeof(addr_str)); diff --git a/net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch b/net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch deleted file mode 100644 index 78926b94b9f7..000000000000 --- a/net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -U8 atftp-0.7.2/tftp_io.c /var/tmp/portage/net-ftp/atftp-0.7.2-r1/work/atftp-0.7.2/tftp_io.c ---- atftp-0.7.2/tftp_io.c 2019-04-14 17:38:55.000000000 -0500 -+++ /var/tmp/portage/net-ftp/atftp-0.7.2-r1/work/atftp-0.7.2/tftp_io.c 2020-03-16 12:55:22.371820662 -0500 -@@ -439,26 +439,32 @@ - } - - /* - * Write to file and do netascii conversion if needed - */ - int tftp_file_write(FILE *fp, char *data_buffer, int data_buffer_size, long block_number, int data_size, - int convert, long *prev_block_number, int *temp) - { -+ static long filepos; - int bytes_written; - int c; - char prevchar = *temp; - - if (!convert) - { - /* Simple case, just seek and write */ -- if (fseek(fp, (block_number - 1) * data_buffer_size, SEEK_SET) != 0) -- return 0; -+ long position = (block_number - 1)*data_buffer_size; -+ if (position != filepos) -+ if (fseek(fp, position, SEEK_SET) != 0) -+ return 0; -+ else -+ filepos = position; - bytes_written = fwrite(data_buffer, 1, data_size, fp); -+ filepos += bytes_written; - } - else if (block_number != *prev_block_number) - { - /* - * Same principle than for reading, but simpler since when client - * send same block twice there is no need to rewrite it to the - * file - */ -- cgit v1.2.3