diff --git a/0001-tftp-0.40-remap.patch b/0001-tftp-0.40-remap.patch new file mode 100644 index 0000000000000000000000000000000000000000..755a30755043fb1789620ab87254bcad857f6854 --- /dev/null +++ b/0001-tftp-0.40-remap.patch @@ -0,0 +1,19 @@ +diff -up tftp-hpa-0.49/tftpd/remap.c.zero tftp-hpa-0.49/tftpd/remap.c +--- tftp-hpa-0.49/tftpd/remap.c.zero 2008-10-20 18:08:31.000000000 -0400 ++++ tftp-hpa-0.49/tftpd/remap.c 2008-11-25 11:41:09.000000000 -0500 +@@ -286,6 +286,7 @@ struct rule *parserulefile(FILE * f) + int lineno = 0; + int err = 0; + ++ memset(this_rule, '\0', sizeof(struct rule)); + while (lineno++, fgets(line, MAXLINE, f)) { + rv = parseline(line, this_rule, lineno); + if (rv < 0) +@@ -294,6 +295,7 @@ struct rule *parserulefile(FILE * f) + *last_rule = this_rule; + last_rule = &this_rule->next; + this_rule = tfmalloc(sizeof(struct rule)); ++ memset(this_rule, '\0', sizeof(struct rule)); + } + } + diff --git a/0002-tftp-hpa-0.39-tzfix.patch b/0002-tftp-hpa-0.39-tzfix.patch new file mode 100644 index 0000000000000000000000000000000000000000..ded02efaa0bcecea5fb9c1eb15866a81ab595227 --- /dev/null +++ b/0002-tftp-hpa-0.39-tzfix.patch @@ -0,0 +1,18 @@ +diff -up tftp-hpa-0.49/tftpd/tftpd.c.tzfix tftp-hpa-0.49/tftpd/tftpd.c +--- tftp-hpa-0.49/tftpd/tftpd.c.tzfix 2008-10-20 18:08:31.000000000 -0400 ++++ tftp-hpa-0.49/tftpd/tftpd.c 2008-11-25 11:45:27.000000000 -0500 +@@ -350,6 +350,14 @@ int main(int argc, char **argv) + const char *pidfile = NULL; + u_short tp_opcode; + ++ time_t my_time = 0; ++ struct tm* p_tm; ++ char envtz[10]; ++ my_time = time(NULL); ++ p_tm = localtime(&my_time); ++ snprintf(envtz, sizeof(envtz) - 1, "UTC%+d", (p_tm->tm_gmtoff * -1)/3600); ++ setenv("TZ", envtz, 0); ++ + /* basename() is way too much of a pain from a portability standpoint */ + + p = strrchr(argv[0], '/'); diff --git a/0003-tftp-0.42-tftpboot.patch b/0003-tftp-0.42-tftpboot.patch new file mode 100644 index 0000000000000000000000000000000000000000..a0de58ddf2ea7c2fbda49d3703a208a5be14a4ba --- /dev/null +++ b/0003-tftp-0.42-tftpboot.patch @@ -0,0 +1,54 @@ +diff -up tftp-hpa-0.48/tftp-xinetd.tftpboot tftp-hpa-0.48/tftp-xinetd +--- tftp-hpa-0.48/tftp-xinetd.tftpboot 2007-01-31 00:51:05.000000000 +0100 ++++ tftp-hpa-0.48/tftp-xinetd 2008-05-20 12:05:53.000000000 +0200 +@@ -10,7 +10,7 @@ service tftp + wait = yes + user = root + server = /usr/sbin/in.tftpd +- server_args = -s /tftpboot ++ server_args = -s /var/lib/tftpboot + disable = yes + per_source = 11 + cps = 100 2 +diff -up tftp-hpa-0.48/README.security.tftpboot tftp-hpa-0.48/README.security +--- tftp-hpa-0.48/README.security.tftpboot 2008-05-29 17:36:32.000000000 +0200 ++++ tftp-hpa-0.48/README.security 2008-05-29 17:37:21.000000000 +0200 +@@ -17,10 +17,10 @@ probably the following: + + 1. Create a separate "tftpd" user and group only used for tftpd; + 2. Have all your boot files in a single directory tree (usually called +- /tftpboot). +-3. Specify "-p -u tftpd -s /tftpboot" on the tftpd command line; if ++ /var/lib/tftpboot). ++3. Specify "-p -u tftpd -s /var/lib/tftpboot" on the tftpd command line; if + you want clients to be able to create files use +- "-p -c -U 002 -u tftpd -s /tftpboot" (replace 002 with whatever ++ "-p -c -U 002 -u tftpd -s /var/lib/tftpboot" (replace 002 with whatever + umask is appropriate for your setup.) + + ======================================= +@@ -40,12 +40,12 @@ directly. Thus, if your /etc/inetd.conf + line): + + tftp dgram udp wait root /usr/sbin/tcpd +-/usr/sbin/in.tftpd -s /tftpboot -r blksize ++/usr/sbin/in.tftpd -s /var/lib/tftpboot -r blksize + + ... it's better to change to ... + + tftp dgram udp wait root /usr/sbin/in.tftpd +-in.tftpd -s /tftpboot -r blksize ++in.tftpd -s /var/lib/tftpboot -r blksize + + You should make sure that you are using "wait" option in tftpd; you + also need to have tftpd spawned as root in order for chroot (-s) to +diff -up tftp-hpa-0.48/tftpd/sample.rules.tftpboot tftp-hpa-0.48/tftpd/sample.rules +--- tftp-hpa-0.48/tftpd/sample.rules.tftpboot 2008-05-29 17:38:46.000000000 +0200 ++++ tftp-hpa-0.48/tftpd/sample.rules 2008-05-29 17:38:05.000000000 +0200 +@@ -30,5 +30,5 @@ rg \\ / # Convert backslashes to slash + rg \# @ # Convert hash marks to @ signs + rg /../ /..no../ # Convert /../ to /..no../ + e ^ok/ # These are always ok +-r ^[^/] /tftpboot/\0 # Convert non-absolute files ++r ^[^/] /var/lib/tftpboot/\0 # Convert non-absolute files + a \.pvt$ # Reject requests for private files diff --git a/0004-tftp-0.49-chk_retcodes.patch b/0004-tftp-0.49-chk_retcodes.patch new file mode 100644 index 0000000000000000000000000000000000000000..6d63571d9a1899483016819480d265b539b1bcdb --- /dev/null +++ b/0004-tftp-0.49-chk_retcodes.patch @@ -0,0 +1,15 @@ +diff -up tftp-hpa-0.49/tftpd/tftpd.c.chk_retcodes tftp-hpa-0.49/tftpd/tftpd.c +--- tftp-hpa-0.49/tftpd/tftpd.c.chk_retcodes 2009-01-15 15:28:50.000000000 +0100 ++++ tftp-hpa-0.49/tftpd/tftpd.c 2009-01-15 15:31:36.000000000 +0100 +@@ -932,7 +932,10 @@ int main(int argc, char **argv) + exit(EX_OSERR); + } + #ifdef __CYGWIN__ +- chdir("/"); /* Cygwin chroot() bug workaround */ ++ if (chdir("/") < 0) { /* Cygwin chroot() bug workaround */ ++ syslog(LOG_ERR, "chroot: %m"); ++ exit(EX_OSERR); ++ } + #endif + } + #ifdef HAVE_SETREGID diff --git a/0005-tftp-hpa-0.49-fortify-strcpy-crash.patch b/0005-tftp-hpa-0.49-fortify-strcpy-crash.patch new file mode 100644 index 0000000000000000000000000000000000000000..e9b70d471392bd07a12103c229f2833ee0440c9d --- /dev/null +++ b/0005-tftp-hpa-0.49-fortify-strcpy-crash.patch @@ -0,0 +1,26 @@ +diff -urN tftp-hpa-0.49.orig/tftp/tftp.c tftp-hpa-0.49/tftp/tftp.c +--- tftp-hpa-0.49.orig/tftp/tftp.c 2008-10-20 18:08:31.000000000 -0400 ++++ tftp-hpa-0.49/tftp/tftp.c 2009-08-05 09:47:18.072585848 -0400 +@@ -279,15 +279,16 @@ + struct tftphdr *tp, const char *mode) + { + char *cp; ++ size_t len; + + tp->th_opcode = htons((u_short) request); + cp = (char *)&(tp->th_stuff); +- strcpy(cp, name); +- cp += strlen(name); +- *cp++ = '\0'; +- strcpy(cp, mode); +- cp += strlen(mode); +- *cp++ = '\0'; ++ len = strlen(name) + 1; ++ memcpy(cp, name, len); ++ cp += len; ++ len = strlen(mode) + 1; ++ memcpy(cp, mode, len); ++ cp += len; + return (cp - (char *)tp); + } + diff --git a/0006-tftp-0.49-cmd_arg.patch b/0006-tftp-0.49-cmd_arg.patch new file mode 100644 index 0000000000000000000000000000000000000000..2b9023a500b4417f75d42dfd48baa2c265124301 --- /dev/null +++ b/0006-tftp-0.49-cmd_arg.patch @@ -0,0 +1,159 @@ +diff -up tftp-hpa-0.49/config.h.cmd_arg tftp-hpa-0.49/config.h +--- tftp-hpa-0.49/config.h.cmd_arg 2010-04-19 15:29:10.567331454 +0200 ++++ tftp-hpa-0.49/config.h 2010-04-20 07:33:03.133232772 +0200 +@@ -291,6 +291,7 @@ typedef int socklen_t; + /* Prototypes for libxtra functions */ + + void *xmalloc(size_t); ++void *xrealloc(void *, size_t); + char *xstrdup(const char *); + + #ifndef HAVE_BSD_SIGNAL +diff -up tftp-hpa-0.49/configure.in.cmd_arg tftp-hpa-0.49/configure.in +--- tftp-hpa-0.49/configure.in.cmd_arg 2008-10-21 00:08:31.000000000 +0200 ++++ tftp-hpa-0.49/configure.in 2010-04-19 11:05:12.387340698 +0200 +@@ -152,6 +152,7 @@ OBJROOT=`pwd` + + XTRA=false + PA_SEARCH_LIBS_AND_ADD(xmalloc, iberty) ++PA_SEARCH_LIBS_AND_ADD(xrealloc, iberty) + PA_SEARCH_LIBS_AND_ADD(xstrdup, iberty) + PA_SEARCH_LIBS_AND_ADD(bsd_signal, bsd, bsdsignal) + PA_SEARCH_LIBS_AND_ADD(getopt_long, getopt, getopt_long) +diff -up tftp-hpa-0.49/lib/xrealloc.c.cmd_arg tftp-hpa-0.49/lib/xrealloc.c +--- tftp-hpa-0.49/lib/xrealloc.c.cmd_arg 2010-04-19 11:05:12.387340698 +0200 ++++ tftp-hpa-0.49/lib/xrealloc.c 2010-04-19 11:05:12.387340698 +0200 +@@ -0,0 +1,20 @@ ++/* ++ * xrealloc.c ++ * ++ * Simple error-checking version of realloc() ++ * ++ */ ++ ++#include "config.h" ++ ++void *xrealloc(void *ptr, size_t size) ++{ ++ void *p = realloc(ptr, size); ++ ++ if (!p) { ++ fprintf(stderr, "Out of memory!\n"); ++ exit(128); ++ } ++ ++ return p; ++} +diff -up tftp-hpa-0.49/tftp/main.c.cmd_arg tftp-hpa-0.49/tftp/main.c +--- tftp-hpa-0.49/tftp/main.c.cmd_arg 2008-10-21 00:08:31.000000000 +0200 ++++ tftp-hpa-0.49/tftp/main.c 2010-04-19 11:05:12.389329337 +0200 +@@ -89,11 +89,14 @@ int connected; + const struct modes *mode; + #ifdef WITH_READLINE + char *line = NULL; ++char *remote_pth = NULL; + #else + char line[LBUFLEN]; ++char remote_pth[LBUFLEN]; + #endif + int margc; +-char *margv[20]; ++char **margv; ++int sizeof_margv=0; + const char *prompt = "tftp> "; + sigjmp_buf toplevel; + void intr(int); +@@ -379,6 +382,10 @@ static void getmoreargs(const char *part + free(line); + line = NULL; + } ++ if (remote_pth) { ++ free(remote_pth); ++ remote_pth = NULL; ++ } + line = xmalloc(len + elen + 1); + strcpy(line, partial); + strcpy(line + len, eline); +@@ -535,6 +542,7 @@ void put(int argc, char *argv[]) + int fd; + int n, err; + char *cp, *targ; ++ long dirlen, namelen, lastlen=0; + + if (argc < 2) { + getmoreargs("send ", "(file) "); +@@ -588,9 +596,22 @@ void put(int argc, char *argv[]) + } + /* this assumes the target is a directory */ + /* on a remote unix system. hmmmm. */ +- cp = strchr(targ, '\0'); +- *cp++ = '/'; ++ dirlen = strlen(targ)+1; ++#ifdef WITH_READLINE ++ remote_pth = xmalloc(dirlen+1); ++#endif ++ strcpy(remote_pth, targ); ++ remote_pth[dirlen-1] = '/'; ++ cp = remote_pth + dirlen; + for (n = 1; n < argc - 1; n++) { ++#ifdef WITH_READLINE ++ namelen = strlen(tail(argv[n])) + 1; ++ if (namelen > lastlen) { ++ remote_pth = xrealloc(remote_pth, dirlen + namelen + 1); ++ cp = remote_pth + dirlen; ++ lastlen = namelen; ++ } ++#endif + strcpy(cp, tail(argv[n])); + fd = open(argv[n], O_RDONLY | mode->m_openflags); + if (fd < 0) { +@@ -600,9 +621,9 @@ void put(int argc, char *argv[]) + } + if (verbose) + printf("putting %s to %s:%s [%s]\n", +- argv[n], hostname, targ, mode->m_mode); ++ argv[n], hostname, remote_pth, mode->m_mode); + sa_set_port(&peeraddr, port); +- tftp_sendfile(fd, targ, mode->m_mode); ++ tftp_sendfile(fd, remote_pth, mode->m_mode); + } + } + +@@ -801,6 +822,10 @@ static void command(void) + free(line); + line = NULL; + } ++ if (remote_pth) { ++ free(remote_pth); ++ remote_pth = NULL; ++ } + line = readline(prompt); + if (!line) + exit(0); /* EOF */ +@@ -872,7 +897,13 @@ struct cmd *getcmd(char *name) + static void makeargv(void) + { + char *cp; +- char **argp = margv; ++ char **argp; ++ ++ if (!sizeof_margv) { ++ sizeof_margv = 20; ++ margv = xmalloc(sizeof_margv * sizeof(char *)); ++ } ++ argp = margv; + + margc = 0; + for (cp = line; *cp;) { +@@ -882,6 +913,11 @@ static void makeargv(void) + break; + *argp++ = cp; + margc += 1; ++ if (margc == sizeof_margv) { ++ sizeof_margv += 20; ++ margv = xrealloc(margv, sizeof_margv * sizeof(char *)); ++ argp = margv + margc; ++ } + while (*cp != '\0' && !isspace(*cp)) + cp++; + if (*cp == '\0') diff --git a/0007-tftp-hpa-0.49-stats.patch b/0007-tftp-hpa-0.49-stats.patch new file mode 100644 index 0000000000000000000000000000000000000000..b6c9d05c985be02d7394d1c7ca2a8ada99e7b9bf --- /dev/null +++ b/0007-tftp-hpa-0.49-stats.patch @@ -0,0 +1,14 @@ +diff -up tftp-hpa-0.49/tftp/tftp.c.stats tftp-hpa-0.49/tftp/tftp.c +--- tftp-hpa-0.49/tftp/tftp.c.stats 2011-01-03 15:38:34.217918067 +0100 ++++ tftp-hpa-0.49/tftp/tftp.c 2011-01-03 15:38:37.498917014 +0100 +@@ -400,8 +400,8 @@ static void printstats(const char *direc + { + double delta; + +- delta = (tstop.tv_sec + (tstop.tv_usec / 100000.0)) - +- (tstart.tv_sec + (tstart.tv_usec / 100000.0)); ++ delta = (tstop.tv_sec + (tstop.tv_usec / 1000000.0)) - ++ (tstart.tv_sec + (tstart.tv_usec / 1000000.0)); + if (verbose) { + printf("%s %lu bytes in %.1f seconds", direction, amount, delta); + printf(" [%.0f bit/s]", (amount * 8.) / delta); diff --git a/0008-tftp-hpa-5.2-pktinfo.patch b/0008-tftp-hpa-5.2-pktinfo.patch new file mode 100644 index 0000000000000000000000000000000000000000..d1fa75c3fb19d608cabc07a11036c0cdda2c9585 --- /dev/null +++ b/0008-tftp-hpa-5.2-pktinfo.patch @@ -0,0 +1,23 @@ +diff -up tftp-hpa-5.2/tftpd/recvfrom.c.test tftp-hpa-5.2/tftpd/recvfrom.c +--- tftp-hpa-5.2/tftpd/recvfrom.c.test 2011-12-11 23:13:52.000000000 +0100 ++++ tftp-hpa-5.2/tftpd/recvfrom.c 2012-01-04 10:05:17.852042256 +0100 +@@ -149,16 +149,16 @@ myrecvfrom(int s, void *buf, int len, un + + /* Try to enable getting the return address */ + #ifdef IP_RECVDSTADDR +- if (from->sa_family == AF_INET) ++ if (from->sa_family == AF_INET || !from->sa_family) + setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR, &on, sizeof(on)); + #endif + #ifdef IP_PKTINFO +- if (from->sa_family == AF_INET) ++ if (from->sa_family == AF_INET || !from->sa_family) + setsockopt(s, IPPROTO_IP, IP_PKTINFO, &on, sizeof(on)); + #endif + #ifdef HAVE_IPV6 + #ifdef IPV6_RECVPKTINFO +- if (from->sa_family == AF_INET6) ++ if (from->sa_family == AF_INET6 || !from->sa_family) + setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on, sizeof(on)); + #endif + #endif diff --git a/0009-tftp-doc.patch b/0009-tftp-doc.patch new file mode 100644 index 0000000000000000000000000000000000000000..f1cb51191dcfd2b178b87ac9b7ebfebcf797b61b --- /dev/null +++ b/0009-tftp-doc.patch @@ -0,0 +1,45 @@ +--- tftp-hpa-5.2/tftp/main.c 2013-04-19 09:34:09.737410319 +0200 ++++ tftp-hpa-5.2/tftp/main.c 2013-04-19 09:42:53.559946374 +0200 +@@ -195,9 +195,11 @@ + { + fprintf(stderr, + #ifdef HAVE_IPV6 +- "Usage: %s [-4][-6][-v][-l][-m mode] [host [port]] [-c command]\n", ++ "Usage: %s [-4][-6][-v][-V][-l][-m mode] [-R port:port] " ++ "[host [port]] [-c command]\n", + #else +- "Usage: %s [-v][-l][-m mode] [host [port]] [-c command]\n", ++ "Usage: %s [-v][-V][-l][-m mode] [-R port:port] " ++ "[host [port]] [-c command]\n", + #endif + program); + exit(errcode); +--- tftp-hpa-5.2/tftpd/tftpd.8.in 2012-11-20 09:43:46.000000000 +0100 ++++ tftp-hpa-5.2/tftpd/tftpd.8.in 2013-04-19 09:44:37.399057279 +0200 +@@ -155,7 +155,7 @@ + .B utimeout + option is negotiated. The default is 1000000 (1 second.) + .TP +-\fB\-\-mapfile\fP \fIremap-file\fP, \fB\-m\fP \fIremap-file\fP ++\fB\-\-map\-file\fP \fIremap-file\fP, \fB\-m\fP \fIremap-file\fP + Specify the use of filename remapping. The + .I remap-file + is a file containing the remapping rules. See the section on filename +@@ -243,7 +243,7 @@ option, but crash with an error if they + accepted by the server. + .SH "FILENAME REMAPPING" + The +-.B \-\-mapfile ++.B \-\-map\-file + option specifies a file which contains filename remapping rules. Each + non-comment line (comments begin with hash marks, + .BR # ) +@@ -395,7 +395,7 @@ flag is used to set up a chroot() enviro + once a connection has been set up. + .PP + Finally, the filename remapping +-.RB ( \-\-mapfile ++.RB ( \-\-map\-file + flag) support can be used to provide a limited amount of additional + access control. + .SH "CONFORMING TO" diff --git a/0010-tftp-enhanced-logging.patch b/0010-tftp-enhanced-logging.patch new file mode 100644 index 0000000000000000000000000000000000000000..dce9ef9eedc01c9288b53e8cb3490b296e0e7029 --- /dev/null +++ b/0010-tftp-enhanced-logging.patch @@ -0,0 +1,84 @@ +--- a/tftpd/tftpd.c 2016-03-02 11:32:30.710775130 +0100 ++++ b/tftpd/tftpd.c 2016-03-02 11:36:24.086541019 +0100 +@@ -1056,14 +1056,14 @@ int main(int argc, char **argv) + + static char *rewrite_access(char *, int, const char **); + static int validate_access(char *, int, const struct formats *, const char **); +-static void tftp_sendfile(const struct formats *, struct tftphdr *, int); ++static void tftp_sendfile(const struct formats *, struct tftphdr *, int, char *); + static void tftp_recvfile(const struct formats *, struct tftphdr *, int); + + struct formats { + const char *f_mode; + char *(*f_rewrite) (char *, int, const char **); + int (*f_validate) (char *, int, const struct formats *, const char **); +- void (*f_send) (const struct formats *, struct tftphdr *, int); ++ void (*f_send) (const struct formats *, struct tftphdr *, int, char *); + void (*f_recv) (const struct formats *, struct tftphdr *, int); + int f_convert; + }; +@@ -1129,6 +1129,9 @@ int tftp(struct tftphdr *tp, int size) + nak(EACCESS, errmsgptr); /* File denied by mapping rule */ + exit(0); + } ++ ecode = ++ (*pf->f_validate) (filename, tp_opcode, pf, &errmsgptr); ++ + if (verbosity >= 1) { + tmp_p = (char *)inet_ntop(from.sa.sa_family, SOCKADDR_P(&from), + tmpbuf, INET6_ADDRSTRLEN); +@@ -1147,9 +1150,14 @@ int tftp(struct tftphdr *tp, int size) + tp_opcode == WRQ ? "WRQ" : "RRQ", + tmp_p, origfilename, + filename); ++ ++ if (ecode == 1) { ++ syslog(LOG_NOTICE, "Client %s File not found %s\n", ++ tmp_p,filename); ++ } ++ + } +- ecode = +- (*pf->f_validate) (filename, tp_opcode, pf, &errmsgptr); ++ + if (ecode) { + nak(ecode, errmsgptr); + exit(0); +@@ -1172,12 +1180,12 @@ int tftp(struct tftphdr *tp, int size) + if (tp_opcode == WRQ) + (*pf->f_recv) (pf, (struct tftphdr *)ackbuf, ap - ackbuf); + else +- (*pf->f_send) (pf, (struct tftphdr *)ackbuf, ap - ackbuf); ++ (*pf->f_send) (pf, (struct tftphdr *)ackbuf, ap - ackbuf, origfilename); + } else { + if (tp_opcode == WRQ) + (*pf->f_recv) (pf, NULL, 0); + else +- (*pf->f_send) (pf, NULL, 0); ++ (*pf->f_send) (pf, NULL, 0, origfilename); + } + exit(0); /* Request completed */ + } +@@ -1557,7 +1565,7 @@ static int validate_access(char *filenam + /* + * Send the requested file. + */ +-static void tftp_sendfile(const struct formats *pf, struct tftphdr *oap, int oacklen) ++static void tftp_sendfile(const struct formats *pf, struct tftphdr *oap, int oacklen, char *filename) + { + struct tftphdr *dp; + struct tftphdr *ap; /* ack packet */ +@@ -1648,6 +1656,13 @@ static void tftp_sendfile(const struct f + if (!++block) + block = rollover_val; + } while (size == segsize); ++ tmp_p = (char *)inet_ntop(from.sa.sa_family, SOCKADDR_P(&from), ++ tmpbuf, INET6_ADDRSTRLEN); ++ if (!tmp_p) { ++ tmp_p = tmpbuf; ++ strcpy(tmpbuf, "???"); ++ } ++ syslog(LOG_NOTICE, "Client %s finished %s",tmp_p,filename); + abort: + (void)fclose(file); + } diff --git a/0011-tftp-hpa-5.2-gcc10.patch b/0011-tftp-hpa-5.2-gcc10.patch new file mode 100644 index 0000000000000000000000000000000000000000..0ff4a418cc555c71f234714f1044986890926e74 --- /dev/null +++ b/0011-tftp-hpa-5.2-gcc10.patch @@ -0,0 +1,12 @@ +diff -up tftp-hpa-5.2/tftp/tftp.c.gcc10 tftp-hpa-5.2/tftp/tftp.c +--- tftp-hpa-5.2/tftp/tftp.c.gcc10 2020-05-04 00:56:28.787896509 +0200 ++++ tftp-hpa-5.2/tftp/tftp.c 2020-05-04 00:58:42.502901005 +0200 +@@ -48,7 +48,7 @@ extern int maxtimeout; + #define PKTSIZE SEGSIZE+4 + char ackbuf[PKTSIZE]; + int timeout; +-sigjmp_buf toplevel; ++extern sigjmp_buf toplevel; + sigjmp_buf timeoutbuf; + + static void nak(int, const char *); diff --git a/0012-tftp-off-by-one.patch b/0012-tftp-off-by-one.patch new file mode 100644 index 0000000000000000000000000000000000000000..98b08743e936b319094417bd35fa60f0d4a9737e --- /dev/null +++ b/0012-tftp-off-by-one.patch @@ -0,0 +1,44 @@ +Resolves: #1485943 + +--- a/tftpd/tftpd.c 2017-08-28 09:12:11.681299000 +0200 ++++ b/tftpd/tftpd.c 2017-08-28 13:30:03.109312000 +0200 +@@ -1388,24 +1388,25 @@ + return strlen(p); + + case 'x': +- if (output) { +- if (from.sa.sa_family == AF_INET) { ++ if (from.sa.sa_family == AF_INET) { ++ if (output) { + sprintf(output, "%08lX", + (unsigned long)ntohl(from.si.sin_addr.s_addr)); +- l = 8; ++ } ++ l = 8; + #ifdef HAVE_IPV6 +- } else { +- unsigned char *c = (unsigned char *)SOCKADDR_P(&from); +- p = tb; +- for (l = 0; l < 16; l++) { +- sprintf(p, "%02X", *c); +- c++; +- p += 2; +- } ++ } else { ++ unsigned char *c = (unsigned char *)SOCKADDR_P(&from); ++ p = tb; ++ for (l = 0; l < 16; l++) { ++ sprintf(p, "%02X", *c); ++ c++; ++ p += 2; ++ } ++ if (output) + strcpy(output, tb); +- l = strlen(tb); ++ l = strlen(tb); + #endif +- } + } + return l; + + diff --git a/0013-tftp-c99.patch b/0013-tftp-c99.patch new file mode 100644 index 0000000000000000000000000000000000000000..40bb4ddd6f521ff867269d794335073a8e1f6328 --- /dev/null +++ b/0013-tftp-c99.patch @@ -0,0 +1,50 @@ +The glibc headers do not declare bsd_signal by default. Call signal +instead, which is the same function as bsd_signal in current glibc. + +This fixes implicit function declarations and avoids build issues with +future compilers. + +diff --git a/tftp/main.c b/tftp/main.c +index fcf5a25ac654954b..7e399d414ca0dd2b 100644 +--- a/tftp/main.c ++++ b/tftp/main.c +@@ -310,7 +310,7 @@ int main(int argc, char *argv[]) + sp->s_proto = (char *)"udp"; + } + +- bsd_signal(SIGINT, intr); ++ signal(SIGINT, intr); + + if (peerargc) { + /* Set peer */ +@@ -791,7 +791,7 @@ void intr(int sig) + { + (void)sig; /* Quiet unused warning */ + +- bsd_signal(SIGALRM, SIG_IGN); ++ signal(SIGALRM, SIG_IGN); + alarm(0); + siglongjmp(toplevel, -1); + } +diff --git a/tftp/tftp.c b/tftp/tftp.c +index 109848c4f9a5ad4e..d31553be5b76e305 100644 +--- a/tftp/tftp.c ++++ b/tftp/tftp.c +@@ -85,7 +85,7 @@ void tftp_sendfile(int fd, const char *name, const char *mode) + is_request = 1; /* First packet is the actual WRQ */ + amount = 0; + +- bsd_signal(SIGALRM, timer); ++ signal(SIGALRM, timer); + do { + if (is_request) { + size = makerequest(WRQ, name, dp, mode) - 4; +@@ -191,7 +191,7 @@ void tftp_recvfile(int fd, const char *name, const char *mode) + firsttrip = 1; + amount = 0; + +- bsd_signal(SIGALRM, timer); ++ signal(SIGALRM, timer); + do { + if (firsttrip) { + size = makerequest(RRQ, name, ap, mode); diff --git a/0014-Make-configure-an-order-only-prerequisite-of-aconfig.h.in.patch b/0014-Make-configure-an-order-only-prerequisite-of-aconfig.h.in.patch new file mode 100644 index 0000000000000000000000000000000000000000..5a1496ba5e95807fa8a4d7255ed2a3a3237224f6 --- /dev/null +++ b/0014-Make-configure-an-order-only-prerequisite-of-aconfig.h.in.patch @@ -0,0 +1,76 @@ +From ff819b108a14f40612ebfb15937ae4a1b632bab9 Mon Sep 17 00:00:00 2001 +From: Ron Lee +Date: Thu, 31 Jul 2014 16:29:43 +0930 +Subject: [PATCH] Make configure an order-only prerequisite of aconfig.h.in +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +On filesystems with subsecond resolution, like ext4, we can't trust the +timestamp of aconfig.h.in since autoheader leaves it truncated to second +resolution (apparently touch -r and cp -p can do this at the very least) +while configure has full subsecond resolution, so it can look newer even +when it was cleanly created first, leading to the build system looping +trying to recreate all of that again ... + +So in the initial stage of a clean build we can get something like this: + +$ make spotless +$ make autoconf +rm -rf MCONFIG configure config.log aconfig.h *.cache +autoconf +rm -f aconfig.h.in aconfig.h +autoheader + +$ stat configure aconfig.h.in + File: ‘configure’ +Device: 807h/2055d Inode: 9443466 Links: 1 +Access: 2014-07-31 03:27:27.599293442 +0930 +Modify: 2014-07-31 03:27:27.711290270 +0930 +Change: 2014-07-31 03:27:27.711290270 +0930 + + File: ‘aconfig.h.in’ +Device: 807h/2055d Inode: 9443467 Links: 1 +Access: 2014-07-31 03:27:27.000000000 +0930 +Modify: 2014-07-31 03:27:27.000000000 +0930 +Change: 2014-07-31 03:27:27.903284841 +0930 + +And with a parallel build, that can then leave 'make all' racing to +remove and recreate aconfig.h (and possibly more things), while it +begins to build the first targets. Which then fail horribly like +we see here: + +https://buildd.debian.org/status/fetch.php?pkg=tftp-hpa&arch=i386&ver=5.2%2B20140608-1&stamp=1406736363 + +Possibly we also need to move the actual build job into the rule for +the 'all' target, so that the build system update prerequisites are +guaranteed to be completed before it runs (as opposed to running in +parallel with them), but this change might be enough for now. + +Signed-off-by: Ron Lee +Signed-off-by: H. Peter Anvin +--- + Makefile | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index 9ff12d8..75a2042 100644 +--- a/Makefile ++++ b/Makefile +@@ -58,8 +58,12 @@ aconfig.h: MCONFIG + + # Adding "configure" to the dependencies serializes this with running + # autoconf, because there are apparently race conditions between +-# autoconf and autoheader. +-aconfig.h.in: configure.in configure aclocal.m4 ++# autoconf and autoheader. And worse than that, even when autoconf ++# cleanly returns first, autoheader will truncate the timestamp of ++# aconfig.h.in to second resolution, so on a filesystem with subsecond ++# resolution it can appear older than configure (which isn't truncated). ++# So make it an order-only prerequisite to avoid looping regenerating it. ++aconfig.h.in: configure.in aclocal.m4 | configure + rm -f aconfig.h.in aconfig.h + autoheader + +-- +2.24.1 \ No newline at end of file diff --git a/tftp-hpa-5.2.tar.bz2 b/tftp-hpa-5.2.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..7572754dbf90ef4b7960cc22f88933c1d62f3603 Binary files /dev/null and b/tftp-hpa-5.2.tar.bz2 differ diff --git a/tftp.service b/tftp.service new file mode 100644 index 0000000000000000000000000000000000000000..c26ad3bd83a6752517c2bf83e66ddfd7130b1686 --- /dev/null +++ b/tftp.service @@ -0,0 +1,11 @@ +[Unit] +Description=Tftp Server +Requires=tftp.socket +Documentation=man:in.tftpd + +[Service] +ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot +StandardInput=socket + +[Install] +Also=tftp.socket diff --git a/tftp.socket b/tftp.socket new file mode 100644 index 0000000000000000000000000000000000000000..8764c1de349cedf4f69e60b43a7d58e3e8ad06f0 --- /dev/null +++ b/tftp.socket @@ -0,0 +1,8 @@ +[Unit] +Description=Tftp Server Activation Socket + +[Socket] +ListenDatagram=69 + +[Install] +WantedBy=sockets.target diff --git a/tftp.spec b/tftp.spec new file mode 100644 index 0000000000000000000000000000000000000000..8d19399e7efe76c1d546fb2182c114c1a5ecec80 --- /dev/null +++ b/tftp.spec @@ -0,0 +1,112 @@ +%define anolis_release 1 +%global _hardened_build 1 + +Name: tftp +Version: 5.2 +Release: %{anolis_release}%{?dist} +License: BSD +URL: http://www.kernel.org/pub/software/network/tftp/ +Source0: http://www.kernel.org/pub/software/network/tftp/tftp-hpa/tftp-hpa-%{version}.tar.bz2 +Source1: tftp.socket +Source2: tftp.service +Summary: The client for the Trivial File Transfer Protocol (TFTP) + +Patch0: 0001-tftp-0.40-remap.patch +Patch2: 0002-tftp-hpa-0.39-tzfix.patch +Patch3: 0003-tftp-0.42-tftpboot.patch +Patch4: 0004-tftp-0.49-chk_retcodes.patch +Patch5: 0005-tftp-hpa-0.49-fortify-strcpy-crash.patch +Patch6: 0006-tftp-0.49-cmd_arg.patch +Patch7: 0007-tftp-hpa-0.49-stats.patch +Patch8: 0008-tftp-hpa-5.2-pktinfo.patch +Patch9: 0009-tftp-doc.patch +Patch10: 0010-tftp-enhanced-logging.patch +Patch11: 0011-tftp-hpa-5.2-gcc10.patch +Patch12: 0012-tftp-off-by-one.patch +Patch13: 0013-tftp-c99.patch +Patch14: 0014-Make-configure-an-order-only-prerequisite-of-aconfig.h.in.patch + +BuildRequires: autoconf +BuildRequires: gcc +BuildRequires: make +BuildRequires: readline-devel +BuildRequires: systemd-rpm-macros + +%description +The Trivial File Transfer Protocol (TFTP) is normally used only for +booting diskless workstations. The tftp package provides the user +interface for TFTP, which allows users to transfer files to and from a +remote machine. This program and TFTP provide very little security, +and should not be enabled unless it is expressly needed. + +%package server +Summary: The server for the Trivial File Transfer Protocol (TFTP) +Requires: systemd-units +Requires(post): systemd-units +Requires(postun): systemd-units + +%description server +The Trivial File Transfer Protocol (TFTP) is normally used only for +booting diskless workstations. The tftp-server package provides the +server for TFTP, which allows users to transfer files to and from a +remote machine. TFTP provides very little security, and should not be +enabled unless it is expressly needed. The TFTP server is run by using +systemd socket activation, and is disabled by default. + +%package doc +Summary: Documents for %{name} +BuildArch: noarch +Requires: %{name} = %{EVR} + +%description doc +Doc pages for %{name}. + +%prep +%autosetup -n %{name}-hpa-%{version} -p1 + +%build +autoreconf +%configure +%make_build + +%install +mkdir -p ${RPM_BUILD_ROOT}%{_bindir} +mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{1,8} +mkdir -p ${RPM_BUILD_ROOT}%{_sbindir} +mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/lib/tftpboot +mkdir -p ${RPM_BUILD_ROOT}%{_unitdir} + +make INSTALLROOT=${RPM_BUILD_ROOT} SBINDIR=%{_sbindir} MANDIR=%{_mandir} INSTALL='install -p' install + +install -p -m 644 %SOURCE1 ${RPM_BUILD_ROOT}%{_unitdir} +install -p -m 644 %SOURCE2 ${RPM_BUILD_ROOT}%{_unitdir} + +%generate_compatibility_deps + +%post server +%systemd_post tftp.socket + +%preun server +%systemd_preun tftp.socket + +%postun server +%systemd_postun_with_restart tftp.socket + +%files +%{_bindir}/tftp +%dir %{abidir} +%{abidir}/tftp-option.list +%{_mandir}/man1/* + +%files server +%dir %{_localstatedir}/lib/tftpboot +%{_sbindir}/in.tftpd +%{_mandir}/man8/* +%{_unitdir}/* + +%files doc +%doc README README.security CHANGES + +%changelog +* Wed Mar 15 2023 yuanhui - 5.2-1 +- Init tftp for AnolisOS 23