SLFO-pool/tftp
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main tftp revision 3c707b4ac5ad9ccd253aadda40d9edf1

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-04 01:21:51 +02:00
commit ec2ce6445a
15 changed files with 1016 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

33
tftp-config_h.patch Normal file
View File

@ -0,0 +1,33 @@
--- tftp-hpa-5.2.orig/MCONFIG.in
+++ tftp-hpa-5.2/MCONFIG.in
@@ -51,7 +51,7 @@ INSTALL_DATA = @INSTALL_DATA@
# Compiler and compiler flags
CC = @CC@
-CFLAGS = @CFLAGS@ -I$(SRCROOT)
+CFLAGS = @CFLAGS@ -I$(SRCROOT) -include config.h
# Link flags
LDFLAGS = @LDFLAGS@
--- tftp-hpa-5.2.orig/tftp/Makefile
+++ tftp-hpa-5.2/tftp/Makefile
@@ -9,7 +9,7 @@ OBJS = tftp.$(O) main.$(O)
all: tftp$(X) tftp.1
tftp$(X): $(OBJS)
- $(CC) $(LDFLAGS) $^ $(TFTP_LIBS) -o $@
+ $(CC) $(CFLAGS) $(LDFLAGS) $^ $(TFTP_LIBS) -o $@
$(OBJS): ../common/tftpsubs.h
--- tftp-hpa-5.2.orig/tftpd/Makefile
+++ tftp-hpa-5.2/tftpd/Makefile
@@ -9,7 +9,7 @@ OBJS = tftpd.$(O) recvfrom.$(O) misc.$(O
all: tftpd$(X) tftpd.8
tftpd$(X): $(OBJS)
- $(CC) $(LDFLAGS) $^ $(TFTPD_LIBS) -o $@
+ $(CC) $(CFLAGS) $(LDFLAGS) $^ $(TFTPD_LIBS) -o $@
$(OBJS): ../common/tftpsubs.h

16
tftp-hpa-0.43_include_sys_params.patch Normal file
View File

@ -0,0 +1,16 @@
---
tftp/main.c | 1 +
1 file changed, 1 insertion(+)
Index: tftp-hpa-5.2/tftp/main.c
===================================================================
--- tftp-hpa-5.2.orig/tftp/main.c
+++ tftp-hpa-5.2/tftp/main.c
@@ -39,6 +39,7 @@
* TFTP User Program -- Command Interface.
*/
#include <sys/file.h>
+#include <sys/param.h>
#include <ctype.h>
#ifdef WITH_READLINE
#include <readline/readline.h>

33
tftp-hpa-0.46_colon_check.patch Normal file
View File

@ -0,0 +1,33 @@
---
tftp/main.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
Index: tftp-hpa-5.2/tftp/main.c
===================================================================
--- tftp-hpa-5.2.orig/tftp/main.c
+++ tftp-hpa-5.2/tftp/main.c
@@ -308,7 +308,7 @@ int main(int argc, char *argv[])
bsd_signal(SIGINT, intr);
- if (peerargc) {
+ if (peerargc > 1) {
/* Set peer */
if (sigsetjmp(toplevel, 1) != 0)
exit(EX_NOHOST);
@@ -634,11 +634,14 @@ void get(int argc, char *argv[])
return;
}
if (!connected) {
- for (n = 1; n < argc; n++)
+ for (n = 1; n < argc; n++) {
if (literal || strchr(argv[n], ':') == 0) {
getusage(argv[0]);
return;
}
+ if (argc == 3)
+ break;
+ }
}
for (n = 1; n < argc; n++) {
src = strchr(argv[n], ':');

46
tftp-hpa-0.48-macros-crash.patch Normal file
View File

@ -0,0 +1,46 @@
---
tftpd/tftpd.c | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
Index: tftp-hpa-5.2/tftpd/tftpd.c
===================================================================
--- tftp-hpa-5.2.orig/tftpd/tftpd.c
+++ tftp-hpa-5.2/tftpd/tftpd.c
@@ -1377,24 +1377,24 @@ static int rewrite_macros(char macro, ch
return strlen(p);
case 'x':
- if (output) {
- if (from.sa.sa_family == AF_INET) {
+ if (from.sa.sa_family == AF_INET) {
+ if (output)
sprintf(output, "%08lX",
(unsigned long)ntohl(from.si.sin_addr.s_addr));
- l = 8;
+ l = 8;
#ifdef HAVE_IPV6
- } else {
- unsigned char *c = (unsigned char *)SOCKADDR_P(&from);
- p = tb;
- for (l = 0; l < 16; l++) {
- sprintf(p, "%02X", *c);
- c++;
- p += 2;
- }
+ } else {
+ unsigned char *c = (unsigned char *)SOCKADDR_P(&from);
+ p = tb;
+ for (l = 0; l < 16; l++) {
+ sprintf(p, "%02X", *c);
+ c++;
+ p += 2;
+ }
+ if (output)
strcpy(output, tb);
- l = strlen(tb);
+ l = strlen(tb);
#endif
- }
}
return l;

70
tftp-hpa-0.48-macros-v6mapped.patch Normal file
View File

@ -0,0 +1,70 @@
---
tftpd/tftpd.c | 33 +++++++++++++++++++++++++++++----
1 file changed, 29 insertions(+), 4 deletions(-)
Index: tftp-hpa-5.2/tftpd/tftpd.c
===================================================================
--- tftp-hpa-5.2.orig/tftpd/tftpd.c
+++ tftp-hpa-5.2/tftpd/tftpd.c
@@ -1353,6 +1353,21 @@ static void do_opt(const char *opt, cons
#ifdef WITH_REGEX
+#ifdef HAVE_IPV6
+static inline int is_v6_mapped(const union sock_addr* pa)
+{
+ const char v6_mapped[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0xFF, 0xFF };
+
+ if (from.sa.sa_family != AF_INET6)
+ return 0;
+ if (memcmp(&pa->s6.sin6_addr.s6_addr, v6_mapped, sizeof(v6_mapped)))
+ return 0;
+
+ return 1;
+}
+#endif
+
/*
* This is called by the remap engine when it encounters macros such
* as \i. It should write the output in "output" if non-NULL, and
@@ -1364,10 +1379,20 @@ static int rewrite_macros(char macro, ch
{
char *p, tb[INET6_ADDRSTRLEN];
int l=0;
+ const union sock_addr *pfrom = &from;
+
+#ifdef HAVE_IPV6
+ union sock_addr ipv4_from;
+ if (is_v6_mapped(&from)) {
+ ipv4_from.si.sin_family = AF_INET;
+ memcpy(&ipv4_from.si.sin_addr, from.s6.sin6_addr.s6_addr + 12, 4);
+ pfrom = &ipv4_from;
+ }
+#endif
switch (macro) {
case 'i':
- p = (char *)inet_ntop(from.sa.sa_family, SOCKADDR_P(&from),
+ p = (char *)inet_ntop(pfrom->sa.sa_family, SOCKADDR_P(pfrom),
tb, INET6_ADDRSTRLEN);
if (output && p)
strcpy(output, p);
@@ -1377,14 +1402,14 @@ static int rewrite_macros(char macro, ch
return strlen(p);
case 'x':
- if (from.sa.sa_family == AF_INET) {
+ if (pfrom->sa.sa_family == AF_INET) {
if (output)
sprintf(output, "%08lX",
- (unsigned long)ntohl(from.si.sin_addr.s_addr));
+ (unsigned long)ntohl(pfrom->si.sin_addr.s_addr));
l = 8;
#ifdef HAVE_IPV6
} else {
- unsigned char *c = (unsigned char *)SOCKADDR_P(&from);
+ unsigned char *c = (unsigned char *)SOCKADDR_P(pfrom);
p = tb;
for (l = 0; l < 16; l++) {
sprintf(p, "%02X", *c);

19
tftp-hpa-0.48-tzfix.patch Normal file
View File

@ -0,0 +1,19 @@
Index: tftp-hpa-5.1/tftpd/tftpd.c
===================================================================
--- tftp-hpa-5.1.orig/tftpd/tftpd.c
+++ tftp-hpa-5.1/tftpd/tftpd.c
@@ -384,6 +384,14 @@ int main(int argc, char **argv)
const char *pidfile = NULL;
u_short tp_opcode;
+ time_t my_time = 0;
+ struct tm* p_tm;
+ char envtz[10];
+ my_time = time(NULL);
+ p_tm = localtime(&my_time);
+ snprintf(envtz, sizeof(envtz) - 1, "UTC%+d", (p_tm->tm_gmtoff * -1)/3600);
+ setenv("TZ", envtz, 0);
+
/* basename() is way too much of a pain from a portability standpoint */
p = strrchr(argv[0], '/');

27
tftp-hpa-0.49-fortify-strcpy-crash.patch Normal file
View File

@ -0,0 +1,27 @@
Index: tftp-hpa-git-0.48/tftp/tftp.c
===================================================================
--- tftp-hpa-git-0.48.orig/tftp/tftp.c 2008-07-31 12:46:57.000000000 +0200
+++ tftp-hpa-git-0.48/tftp/tftp.c 2010-06-29 12:14:48.000000000 +0200
@@ -279,15 +279,16 @@ makerequest(int request, const char *nam
struct tftphdr *tp, const char *mode)
{
char *cp;
+ size_t len;
tp->th_opcode = htons((u_short) request);
cp = (char *)&(tp->th_stuff);
- strcpy(cp, name);
- cp += strlen(name);
- *cp++ = '\0';
- strcpy(cp, mode);
- cp += strlen(mode);
- *cp++ = '\0';
+ len = strlen(name) + 1;
+ memcpy(cp, name, len);
+ cp += len;
+ len = strlen(mode) + 1;
+ memcpy(cp, mode, len);
+ cp += len;
return (cp - (char *)tp);
}

BIN
tftp-hpa-5.2.tar.bz2 (Stored with Git LFS) Normal file
View File

Binary file not shown.

63
tftp-multi-addresses.patch Normal file
View File

@ -0,0 +1,63 @@
Index: tftp-hpa-5.2/tftpd/recvfrom.c
===================================================================
--- tftp-hpa-5.2.orig/tftpd/recvfrom.c 2015-04-30 11:04:45.994568260 +0200
+++ tftp-hpa-5.2/tftpd/recvfrom.c 2015-05-14 16:02:28.104576816 +0200
@@ -148,17 +148,17 @@ myrecvfrom(int s, void *buf, int len, un
#endif
/* Try to enable getting the return address */
+ /* Before the first packet we don't know the address family of the
+ * connection, so we set both ipv4 and ipv6 socket options
+ */
#ifdef IP_RECVDSTADDR
- if (from->sa_family == AF_INET)
setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR, &on, sizeof(on));
#endif
#ifdef IP_PKTINFO
- if (from->sa_family == AF_INET)
setsockopt(s, IPPROTO_IP, IP_PKTINFO, &on, sizeof(on));
#endif
#ifdef HAVE_IPV6
#ifdef IPV6_RECVPKTINFO
- if (from->sa_family == AF_INET6)
setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on, sizeof(on));
#endif
#endif
@@ -190,7 +190,7 @@ myrecvfrom(int s, void *buf, int len, un
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr != NULL;
cmptr = CMSG_NXTHDR(&msg, cmptr)) {
- if (from->sa_family == AF_INET) {
+ if (cmptr->cmsg_level == IPPROTO_IP) {
myaddr->sa.sa_family = AF_INET;
#ifdef IP_RECVDSTADDR
if (cmptr->cmsg_level == IPPROTO_IP &&
@@ -209,15 +209,26 @@ myrecvfrom(int s, void *buf, int len, un
sizeof(struct in_addr));
}
#endif
+ if (from->sa_family == AF_INET6) {
+ from->sa_family = AF_INET;
+ /* Unmap the ipv4 address from ipv6.
+ * The ipv6 mapped address is in format:
+ * 10 0x0 bytes, 2 0xff bytes, 4 bytes of the ipv4 address
+ * so we cut out the first 12 bytes of the ipv6 and
+ * interpret the rest as the ipv4
+ */
+ ((struct sockaddr_in *)from)->sin_addr = *((struct in_addr *)(((struct sockaddr_in6 *)from)->sin6_addr.s6_addr+12));
+ }
}
#ifdef HAVE_IPV6
- else if (from->sa_family == AF_INET6) {
+ else if (cmptr->cmsg_level == IPPROTO_IPV6) {
myaddr->sa.sa_family = AF_INET6;
#ifdef IP6_RECVDSTADDR
if (cmptr->cmsg_level == IPPROTO_IPV6 &&
- cmptr->cmsg_type == IPV6_RECVDSTADDR )
+ cmptr->cmsg_type == IPV6_RECVDSTADDR ) {
memcpy(&myaddr->s6.sin6_addr, CMSG_DATA(cmptr),
sizeof(struct in6_addr));
+ }
#endif
#ifdef HAVE_STRUCT_IN6_PKTINFO

517
tftp.changes Normal file
View File

@ -0,0 +1,517 @@
-------------------------------------------------------------------
Wed Dec 7 16:28:52 UTC 2022 - Marcus Meissner <meissner@suse.com>
- source url -> https
-------------------------------------------------------------------
Wed Nov 24 14:39:22 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* tftp.service
-------------------------------------------------------------------
Wed Jul 28 14:56:33 UTC 2021 - Dirk Müller <dmueller@suse.com>
- correct source url to new location
-------------------------------------------------------------------
Fri Jul 2 18:52:01 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Use systemd-sysusers external package
-------------------------------------------------------------------
Tue Oct 13 11:00:10 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Do not suppress errors from useradd.
- Replace some old specfile constructs. To that end, patches were
refreshed: tftp-hpa-0.43_include_sys_params.patch,
tftp-hpa-0.46_colon_check.patch, tftp-hpa-0.48-macros-crash.patch,
tftp-hpa-0.48-macros-v6mapped.patch.
-------------------------------------------------------------------
Tue Sep 1 15:15:15 UTC 2020 - olaf@aepfle.de
- Remove bogus comment about directory assumptions
in.tftpd assumes nothing, exactly one directory must be specified
when option -s is used
- Reorder command line options
Optional admin options come before the final directory option
-------------------------------------------------------------------
Wed Jan 8 08:36:25 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
- Pass fcommon to cflags wrt bsc#1160297
-------------------------------------------------------------------
Mon Oct 14 16:52:20 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Add tftp.socket requirement to the service unit section [bsc#1153625]
-------------------------------------------------------------------
Thu Jul 11 05:55:20 UTC 2019 - antoine.belvire@opensuse.org
- Remove SuSEfirewall2 service, since SuSEfirewall2 has been
replaced by firewalld (which already provides a tftp service).
-------------------------------------------------------------------
Fri Apr 26 10:39:23 UTC 2019 - mvetter@suse.com
- bsc#1130588: Require shadow instead of old pwdutils
-------------------------------------------------------------------
Tue Jul 10 11:51:31 CEST 2018 - kukuk@suse.de
- Don't require systemd explicit, spec file can handle both cases
correct and in containers we don't have systemd.
-------------------------------------------------------------------
Thu Nov 23 13:39:09 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Fri Sep 8 13:26:47 UTC 2017 - pmonrealgonzalez@suse.com
- Changed permissions of /srv/tftpboot to be readable [bsc#940608]
-------------------------------------------------------------------
Fri Jun 16 08:54:54 UTC 2017 - jhura@suse.com
- Removed xinetd service
-------------------------------------------------------------------
Mon Nov 2 12:36:26 UTC 2015 - vcizek@suse.com
- add a sysconfig file to allow passing parameters to the service
(requested in bsc#951591)
* added tftp.sysconfig
-------------------------------------------------------------------
Fri Sep 18 13:23:21 UTC 2015 - vcizek@suse.com
- respond from the destination address taken from the first udp
message's ancillary data (bnc#928283)
* added tftp-multi-addresses.patch
-------------------------------------------------------------------
Fri Sep 18 13:22:12 UTC 2015 - vcizek@suse.com
- tftp-hpa-0.48-macros-crash.patch:
prevent buffer overflow in handling of \x macro (bnc#793883)
- tftp-hpa-0.48-macros-v6mapped.patch:
for \i and \x, expand v6-mapped addresses as native IPv4
(bnc#793883)
- patches come from Michal Kubecek
-------------------------------------------------------------------
Tue Mar 25 23:35:16 UTC 2014 - crrodriguez@opensuse.org
- drop tftp-hpa-0.43_old-autoconf.diff not needed for any
product still in active maintenance.
- Use correct systemd macros in %pre, %post..
- config.h must be included *everywhere* (tftp-config_h.patch)
- tftp.service:
* This service needs to be started after network.target
* Use PrivateDevices=yes
-------------------------------------------------------------------
Thu Apr 18 09:57:36 UTC 2013 - vcizek@suse.com
- change ownership of /srv/tftpboot to tftp:tftp, otherwise tftp
daemon can't write there (bnc#813226)
-------------------------------------------------------------------
Thu Feb 7 13:07:03 UTC 2013 - vcizek@suse.com
- create capabilites provided by both tftp and atftp
(bnc#801481 or bnc#725378)
-------------------------------------------------------------------
Wed Dec 5 19:54:20 UTC 2012 - dimstar@opensuse.org
- Add systemd socket activation units.
- Change inet-daemon to be recommended only, as we can now also
activate by means of systemd sockets.
-------------------------------------------------------------------
Tue Sep 4 13:09:09 UTC 2012 - vcizek@suse.com
- update to 5.2
- fixes a breakage with recent Linux kernel versions when a
single interface has multiple IP addresses (bnc#774861)
-------------------------------------------------------------------
Tue Dec 20 20:30:25 UTC 2011 - coolo@suse.com
- add autoconf as buildrequire to avoid implicit dependency
-------------------------------------------------------------------
Fri Nov 11 14:51:55 UTC 2011 - vcizek@suse.com
- added rules for SuSEfirewall2 (bnc#729793)
thanks to Lukas Ocilka
-------------------------------------------------------------------
Tue Sep 6 13:01:31 UTC 2011 - vcizek@suse.com
- added missing PreReq: pwdutils
-------------------------------------------------------------------
Fri Jun 24 07:09:50 UTC 2011 - puzel@novell.com
- unbreak tftp by changing to user to run as in tftpd itself,
not via xinetd (bnc#682340)
-------------------------------------------------------------------
Thu Jun 23 12:17:37 UTC 2011 - puzel@novell.com
- update to version-5.1
- Add -P option to write a PID file. Patch by Ferenc Wagner.
- Bounce the syslog socket in standalone mode, in case the
syslog daemon has been restarted. Patch by Ferenc Wagner.
- Build fixes.
- Fix handling of block number wraparound after a successful
options negotiation.
- Fix a buffer overflow in option parsing.
- fixes bnc#699714, CVE-2011-2199
-------------------------------------------------------------------
Sat Dec 11 00:00:00 UTC 2010 - chris@computersalat.de
- fix spec
o added missing path /srv/tftpboot in files section
-------------------------------------------------------------------
Fri Dec 3 13:51:50 UTC 2010 - puzel@novell.com
- update to version 5.0
* Try to on platforms with getaddrinfo() without AI_ADDRCONFIG or
AI_CANONNAME.
* Implement the "rollover" option, for clients which want block
number to rollover to anything other than zero.
* Correctly disable PMTU in standalone mode.
* Add IPv6 support. Patch by Karsten Keil.
* Support systems with editline instead of readline.
* Support long options in the server.
- drop tftp-hpa-0.43_readline.diff (not needed)
- drop tftp-hpa-0.46_libedit.patch (solved in upstream)
- build with readline support
- clean up specfile
-------------------------------------------------------------------
Fri Oct 29 23:33:18 UTC 2010 - chris@computersalat.de
- fix pre
o no check before addding group/user (darix)
- fix files
o provide /srv/tftpboot
-------------------------------------------------------------------
Wed Oct 13 21:05:23 UTC 2010 - chris@computersalat.de
- add group/user tftp (bnc#472283)
- set TFTP default DIR to /srv/tftpboot (bnc#248008,507011)
- added Conflicts atftp, cause of overlapping binaries
-------------------------------------------------------------------
Fri Oct 1 12:07:50 UTC 2010 - puzel@novell.com
- add tftp-hpa-0.48-tzfix.patch (bnc#630297)
-------------------------------------------------------------------
Tue Jun 29 08:57:01 UTC 2010 - puzel@novell.com
- add tftp-hpa-0.49-fortify-strcpy-crash.patch (bnc#617675)
-------------------------------------------------------------------
Mon Sep 1 14:45:15 CEST 2008 - mrueckert@suse.de
- drop lineedit support again
- fix build to include %{optflags} with using configure
-------------------------------------------------------------------
Wed Aug 27 16:20:32 CEST 2008 - olh@suse.de
- do not require autoconf 2.61
binutils-devel is not available in 11.0 or earlier
-------------------------------------------------------------------
Wed Aug 6 16:04:07 CEST 2008 - kkeil@suse.de
- Update to current git version with enhanced IPv6 support included
-------------------------------------------------------------------
Fri Jul 18 17:56:28 CEST 2008 - kkeil@suse.de
- Update to git version 0.48 for mainline compatibility; code is
still the same but formatting was cleaned up
- Implement IPv6 (fate #304343)
-------------------------------------------------------------------
Thu Feb 1 21:05:23 CET 2007 - mrueckert@suse.de
- update to version 0.48:
- Unbreak -l -s in the server, which was broken in 0.47.
- additional changes from 0.47:
- Add -L option to the server to run standalone without
detaching from the shell.
- Parallel make fix.
-------------------------------------------------------------------
Tue Jan 9 11:37:58 CET 2007 - mrueckert@suse.de
- update to version 0.46:
- Minor portability improvements.
- additional change from 0.45:
Add -l (literal) option to the client, to override the special
treatment of the colon (:) character as a hostname separator.
- replaced tftp-hpa-0.43_syntax.diff with tftp-hpa-0.46_colon_check.patch:
restore a behavior which was broken with 0.35
- merged tftp-hpa-0.43_signdness.patch with
tftp-hpa-0.43_bcopy_secfix.patch. new patch:
tftp-hpa-0.46_bcopy_secfix.patch.
- added tftp-hpa-0.46_libedit.patch:
Build against libedit to enable lineediting support.
-------------------------------------------------------------------
Thu Dec 7 04:09:55 CET 2006 - mrueckert@suse.de
- update to version 0.44:
- Allow the client to specify a range of local port numbers, just
like the server can.
- Fix sending SIGHUP to update the regular expression table.
-------------------------------------------------------------------
Fri Oct 20 19:04:32 CEST 2006 - mrueckert@suse.de
- update to version 0.43:
- Fix double-free error on ^c in client.
- Try to deal with clients that send TFTP requests to broadcasts
(apparently some recent Sun boxes do this instead of using the
address told by DHCP. Bad Sun! Bad Sun!)
- Portability fixes.
- removed first chunk from tftp-hpa-0.40.diff and renamed it to
tftp-hpa-0.43_include_sys_params.patch. the first chunk was
fixed upstream.
- patches rediffed and renamed:
tftp-bcopy-secfix.diff -> tftp-hpa-0.43_bcopy_secfix.patch
tftp-hpa-0.40.readline.diff -> tftp-hpa-0.43_readline.diff
tftp-hpa-0.40-syntax.diff -> tftp-hpa-0.43_syntax.diff
- added tftp-hpa-0.43_signdness.patch:
fixed signedness warnings which where mostlikely caused by the
bcopy fixes.
-------------------------------------------------------------------
Tue Mar 14 08:24:26 CET 2006 - mrueckert@suse.de
- update to version 0.42:
o Try to disable path MTU discovery for TFTP connections (it's
useless anyway.) (0.42)
o Add a hack to allow the admin to specify a range of local port
numbers to use. (0.42)
o Fix local IP number handling on systems which present
IP_RECVDSTADDR in recvmsg(). (0.42)
o Fix bug by which patterns of the form \U\1 weren't converted
correctly. (0.41)
-------------------------------------------------------------------
Tue Mar 14 08:21:56 CET 2006 - mrueckert@suse.de
- removed tftp-hpa-0.40.make.diff
- removed autoreconf -fi. it caused the builderrors
- minimized the build/install sections
-------------------------------------------------------------------
Wed Jan 25 21:42:09 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Thu Jun 23 13:40:18 CEST 2005 - mrueckert@suse.de
- Do not install xinetd config with executable flag.
- Added tcpd-devel so we can build with libwrap
- Do not let the build process delete aconfig.h at the wrong time.
-------------------------------------------------------------------
Tue Feb 8 16:49:11 CET 2005 - mmj@suse.de
- Update to tftp-hpa-0.40 including:
o Fix timeout bug
o Support perl style \U...\E and \L...\E, as well as allow
matching rules to be inverted (execute if rule *doesn't* match.)
o Fix bug which would cause "r" remapping rules to be incorrectly
rejected.
-------------------------------------------------------------------
Wed Oct 27 19:34:06 CEST 2004 - mmj@suse.de
- Fix security hole with possibly overflowing bcopy [#47676]
-------------------------------------------------------------------
Fri Sep 3 17:13:25 CEST 2004 - mmj@suse.de
- Update to tftp-hpa-0.38 including portability fixes
-------------------------------------------------------------------
Thu Aug 12 10:59:25 CEST 2004 - mmj@suse.de
- Update to tftp-hpa-0.37 which fixes a pathology where a client
sending ACKs for the wrong packet can prevent proper retransmission.
-------------------------------------------------------------------
Mon Feb 9 11:53:41 CET 2004 - mmj@suse.de
- Update to tftp-hpa-0.36 which is a portability release
-------------------------------------------------------------------
Fri Jan 9 23:20:25 CET 2004 - mmj@suse.de
- Update to tftp-hpa-0.35:
o Add an option to control the maximum value of blksize
negotiated.
o Removed workaround for obsolete Cygwin problem.
o Don't use getopt() -- the -c option doesn't work correctly
since it depends on the ordering of arguments and options.
It is now possible to do:
tftp -m binary hostname -c get filename
This was previous possible by doing:
tftp -m binary -c get hostname:filename
... but it seemed that was counterintuitive to people.
o Somewhat improved configure scripts.
-------------------------------------------------------------------
Fri Oct 17 13:04:26 CEST 2003 - mmj@suse.de
- Don't build as root
-------------------------------------------------------------------
Wed Jul 2 13:40:38 CEST 2003 - mmj@suse.de
- Add patch from mls to fix syntax
-------------------------------------------------------------------
Tue May 13 13:01:28 CEST 2003 - mmj@suse.de
- Use %defattr
-------------------------------------------------------------------
Tue May 6 13:36:20 CEST 2003 - mmj@suse.de
- Update to 0.34 which is just a small code cleanup to fix build on
Solaris.
- Add tftpd/sample.rules (thanks to A. Schulze for noticing)
-------------------------------------------------------------------
Sat Mar 29 01:11:18 CET 2003 - mmj@suse.de
- Update to 0.33 including:
* Further improvement of error messages
* Configuration fix: readline needs termcap
* Support running the tftp client from the command line
-------------------------------------------------------------------
Fri Jan 24 11:27:38 CET 2003 - mmj@suse.de
- Add xinetd configuration file
-------------------------------------------------------------------
Thu Nov 14 12:20:56 CET 2002 - mmj@suse.de
- Update to 0.32 including better error messages
-------------------------------------------------------------------
Mon Nov 4 08:21:43 CET 2002 - mmj@suse.de
- Update to 0.31 including:
o A check to make sure xinetd (in particular) doesn't
pass an IPv6 socket.
o Fix some problems related to timeout negotiation.
o Allow the user to set the default timeout speed.
-------------------------------------------------------------------
Thu Oct 3 16:36:15 CEST 2002 - mmj@suse.de
- Update to 0.30 including;
o Better timeout algorithm
o New "utimeout" option
o Change loglevel of clientside errors to LOG_WARNING
o autoconf portability improvements
o Minor bugfixes
-------------------------------------------------------------------
Mon May 13 15:44:20 CEST 2002 - mmj@suse.de
- Update to 0.29 including:
o Posixly correctness.
o Fixed a bug which could cause a standalone server to exit with
a "recvfrom: Interrupted system call" log message if signals
arrive at a particularly inopportune moment.
o Fix a macro substitution bug
-------------------------------------------------------------------
Mon Feb 11 12:55:59 MET 2002 - mmj@suse.de
- Update to 0.28
-------------------------------------------------------------------
Tue Nov 20 14:28:48 CET 2001 - mmj@suse.de
- Update to 0.27
-------------------------------------------------------------------
Tue Oct 16 15:02:22 CEST 2001 - mmj@suse.de
- Update to 0.21
-------------------------------------------------------------------
Sat Aug 4 18:11:03 CEST 2001 - kukuk@suse.de
- Update to 0.20
-------------------------------------------------------------------
Fri Jul 27 10:56:29 CEST 2001 - kukuk@suse.de
- Update to 0.19
-------------------------------------------------------------------
Tue Jul 10 17:12:42 CEST 2001 - kukuk@suse.de
- Add tcp wrapper to neededforbuild
-------------------------------------------------------------------
Tue Jul 10 16:29:44 CEST 2001 - kukuk@suse.de
- Update to 0.17
-------------------------------------------------------------------
Thu Jun 14 07:29:37 CEST 2001 - cihlar@suse.cz
- requires inet-daemon, not inetd
-------------------------------------------------------------------
Fri Mar 30 06:22:27 CEST 2001 - kukuk@suse.de
- Update to 0.16
-------------------------------------------------------------------
Thu Mar 29 15:03:07 CEST 2001 - kukuk@suse.de
- Update to 0.15
-------------------------------------------------------------------
Tue Jan 2 15:00:22 CET 2001 - kukuk@suse.de
- Add IP_PKTINFO patch from Cord Seele (Bug #4961)
-------------------------------------------------------------------
Tue Dec 12 04:16:18 MET 2000 - draht@suse.de
- make tftpd(8) not only drop euid but all uids
-------------------------------------------------------------------
Sun Oct 8 18:39:58 CEST 2000 - kukuk@suse.de
- Split from nkitb

22
tftp.service Normal file
View File

@ -0,0 +1,22 @@
[Unit]
Description=Tftp Server
Wants=network.target
After=network.target
Requires=tftp.socket
[Service]
EnvironmentFile=/etc/sysconfig/tftp
ExecStart=/usr/sbin/in.tftpd -u $TFTP_USER -s $TFTP_OPTIONS $TFTP_DIRECTORY
StandardInput=socket
PrivateDevices=yes
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
ProtectHome=read-only
ProtectHostname=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions

9
tftp.socket Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Tftp Server Activation Socket
[Socket]
ListenDatagram=69
[Install]
WantedBy=sockets.target

110
tftp.spec Normal file
View File

@ -0,0 +1,110 @@
#
# spec file for package tftp
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: tftp
Version: 5.2
Release: 0
Summary: Trivial File Transfer Protocol (TFTP)
License: BSD-3-Clause
Group: Productivity/Networking/Ftp/Clients
URL: https://www.kernel.org/pub/software/network/tftp/
Source: https://www.kernel.org/pub/software/network/tftp/tftp-hpa/tftp-hpa-%{version}.tar.bz2
Source3: tftp.service
Source4: tftp.socket
Source5: tftp.sysconfig
Patch0: tftp-hpa-0.43_include_sys_params.patch
Patch1: tftp-hpa-0.46_colon_check.patch
Patch4: tftp-hpa-0.49-fortify-strcpy-crash.patch
Patch5: tftp-hpa-0.48-tzfix.patch
Patch6: tftp-multi-addresses.patch
Patch7: tftp-hpa-0.48-macros-crash.patch
Patch8: tftp-hpa-0.48-macros-v6mapped.patch
Patch43: tftp-config_h.patch
BuildRequires: autoconf
BuildRequires: binutils-devel
BuildRequires: pkgconfig
BuildRequires: shadow
BuildRequires: systemd-rpm-macros
BuildRequires: tcpd-devel
Requires: netcfg
Requires(pre): user(tftp)
Recommends: inet-daemon
Conflicts: atftp
Provides: tftp(client)
Provides: tftp(server)
%description
The Trivial File Transfer Protocol (TFTP) is normally used only for
booting diskless workstations and for getting or saving network
component configuration files.
%prep
%autosetup -p1 -n %{name}-hpa-%{version}
%build
autoreconf -fi
export CFLAGS="%{optflags} -fcommon"
%configure \
--enable-largefile \
--with-tcpwrappers \
--with-remap \
--with-ipv6
%make_build
%install
%make_install INSTALLROOT=%{buildroot} MANDIR="%{_mandir}"
install -d -m 0755 %{buildroot}/srv/tftpboot
# Install systemd unit / socket (As an alternativ to xinetd activation)
install -d %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE3} %{SOURCE4} %{buildroot}%{_unitdir}
install -D -m 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.tftp
ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
%pre
%service_add_pre %{name}.service %{name}.socket
%post
%service_add_post %{name}.service %{name}.socket
%{fillup_only -n tftp}
%preun
%service_del_preun %{name}.service %{name}.socket
%postun
%service_del_postun %{name}.service %{name}.socket
%files
%doc README README.security tftpd/sample.rules
%{_bindir}/tftp
%{_sbindir}/in.tftpd
%{_sbindir}/rctftp
%{_mandir}/man1/tftp.1%{?ext_man}
%{_mandir}/man8/in.tftpd.8%{?ext_man}
%{_mandir}/man8/tftpd.8%{?ext_man}
%{_unitdir}/tftp.service
%{_unitdir}/tftp.socket
%dir %attr(0755,tftp,tftp) /srv/tftpboot
%{_fillupdir}/sysconfig.tftp
%changelog

25
tftp.sysconfig Normal file
View File

@ -0,0 +1,25 @@
## Description: TFTP Configuration
## Type: string
## Default: "tftp"
#
# daemon user (tftp)
#
TFTP_USER="tftp"
## Type: string
## Default: ""
##
## INFO:
#
# tftp options
#
TFTP_OPTIONS=""
## Type: string
## Default: "/srv/tftpboot"
## was "/tftpboot" but
## "/tftpboot" is not allowed anymore in FHS 2.2.
#
# TFTP directory must be a world readable/writable directory.
#
TFTP_DIRECTORY="/srv/tftpboot"