From 2d593c9f75f11a5a082b0d9b1feaac47f3b0e54761d83c4f1323036880f8f550 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Fri, 27 Sep 2024 07:51:17 +0000 Subject: [PATCH] - Delete /usr/sbin/rc* symlink & specfile housekeeping - Make atftpd.socket listen on AF_INET6 as well - Deactivate FORTIFY_SOURCE for the time being due to a glibc bug OBS-URL: https://build.opensuse.org/package/show/network/atftp?expand=0&rev=58 --- .gitattributes | 23 + .gitignore | 1 + atftp-0.7-default_dir_man.patch | 13 + atftp-0.7-default_user_man.patch | 37 ++ atftp-0.8.0.tar.gz | 3 + atftp-drop_privileges_non-daemon.patch | 24 + atftp.changes | 581 +++++++++++++++++++++++++ atftp.spec | 140 ++++++ atftpd.logrotate | 14 + atftpd.service | 22 + atftpd.socket | 8 + atftpd.sysconfig | 69 +++ 12 files changed, 935 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 atftp-0.7-default_dir_man.patch create mode 100644 atftp-0.7-default_user_man.patch create mode 100644 atftp-0.8.0.tar.gz create mode 100644 atftp-drop_privileges_non-daemon.patch create mode 100644 atftp.changes create mode 100644 atftp.spec create mode 100644 atftpd.logrotate create mode 100644 atftpd.service create mode 100644 atftpd.socket create mode 100644 atftpd.sysconfig diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/atftp-0.7-default_dir_man.patch b/atftp-0.7-default_dir_man.patch new file mode 100644 index 0000000..672972f --- /dev/null +++ b/atftp-0.7-default_dir_man.patch @@ -0,0 +1,13 @@ +Index: atftp-0.7.5/atftpd.8 +=================================================================== +--- atftp-0.7.5.orig/atftpd.8 ++++ atftp-0.7.5/atftpd.8 +@@ -211,7 +211,7 @@ Show summary of options. + .B path + This is the root directory used by the TFTP server. All requested + files from a TFTP client must reside in this directory. If not +-specified, the directory defaults to /tftpboot. Since ++specified, the directory defaults to /srv/tftpboot. Since + atftpd run as the tftp user, the permission of the directory + must be set properly to allow file reading and writing. + diff --git a/atftp-0.7-default_user_man.patch b/atftp-0.7-default_user_man.patch new file mode 100644 index 0000000..e70e686 --- /dev/null +++ b/atftp-0.7-default_user_man.patch @@ -0,0 +1,37 @@ +Index: atftp-0.7.5/atftpd.8 +=================================================================== +--- atftp-0.7.5.orig/atftpd.8 ++++ atftp-0.7.5/atftpd.8 +@@ -80,10 +80,10 @@ acknowledging the 'multicast' request by + + .TP + .B \-\-logfile +-Log to a specific file instead of only syslog. 'nobody' (or any user ++Log to a specific file instead of only syslog. 'tftp' (or any user + used to run the server) must have permissions on the given + file. Assuming the file is /var/log/atftpd.log, simply run: "touch +-/var/log/atftpd.log" and then "chown nobody.nogroup ++/var/log/atftpd.log" and then "chown tftp.tftp + /var/log/atftpd.log". When the server is run in daemon mode, + /dev/stdout or /dev/stderr can be used. Specifying a single dash as + the filename will send logs to stdout (file descriptor 1). +@@ -106,8 +106,8 @@ specialized usage. + + .TP + .B \-\-user +-By default, the server change identity to the user nobody and group +-nogroup. Specify an alternate user.group with this option. ++By default, the server change identity to the user tftp and group ++tftp. Specify an alternate user.group with this option. + + .TP + .B \-\-group +@@ -212,7 +212,7 @@ Show summary of options. + This is the root directory used by the TFTP server. All requested + files from a TFTP client must reside in this directory. If not + specified, the directory defaults to /tftpboot. Since +-atftpd run as the nobody user, the permission of the directory ++atftpd run as the tftp user, the permission of the directory + must be set properly to allow file reading and writing. + + .SH STATS diff --git a/atftp-0.8.0.tar.gz b/atftp-0.8.0.tar.gz new file mode 100644 index 0000000..8a53fa8 --- /dev/null +++ b/atftp-0.8.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:df2aa089c7670f9eab40e5598e5d2cb6a582dc5182926ea50b4d690e4e37f316 +size 133417 diff --git a/atftp-drop_privileges_non-daemon.patch b/atftp-drop_privileges_non-daemon.patch new file mode 100644 index 0000000..ffdbee2 --- /dev/null +++ b/atftp-drop_privileges_non-daemon.patch @@ -0,0 +1,24 @@ +Index: atftp-0.7.5/tftpd.c +=================================================================== +--- atftp-0.7.5.orig/tftpd.c ++++ atftp-0.7.5/tftpd.c +@@ -99,8 +99,8 @@ int deny_severity = LOG_NOTICE; + #endif + + /* user ID and group ID when running as a daemon */ +-char user_name[MAXLEN] = "nobody"; +-char group_name[MAXLEN] = "nogroup"; ++char user_name[MAXLEN] = "tftp"; ++char group_name[MAXLEN] = "tftp"; + + /* For special uses, disable source port checking */ + int source_port_checking = 1; +@@ -298,7 +298,7 @@ int main(int argc, char **argv) + dup2(sockfd, 0); + close(sockfd); + +- /* release priviliedge */ ++ /* release priviledge */ + + /* first see if we are or can somehow become root, if so prepare + * for drop even if not requested on command line */ diff --git a/atftp.changes b/atftp.changes new file mode 100644 index 0000000..a2b8a04 --- /dev/null +++ b/atftp.changes @@ -0,0 +1,581 @@ +------------------------------------------------------------------- +Tue Sep 24 18:33:26 UTC 2024 - Jan Engelhardt + +- Delete /usr/sbin/rc* symlink & specfile housekeeping +- Make atftpd.socket listen on AF_INET6 as well +- Deactivate FORTIFY_SOURCE for the time being due to a glibc bug + +------------------------------------------------------------------- +Wed Sep 14 11:02:03 UTC 2022 - David Anes + +- Update to version 0.8.0 + * test.sh: add MTFTP tests + * Fix MTFTP support for atftp + * Fix multicast download. + * Fix algorithm in case of packet loss in the last window. + * Improve the robustness of the atftp-client in case of package loss or duplication + * Implement PCRE tests. + * Improve upstream test script. Include tests for windowsize option. + * Fix/update minor issues in upstream + * Fix the 'windowsize' option for write requests + * FAQ INSTALL README.CVS README.PCRE: cosmetic and spelling fixes + * *.h: cosmetic and spelling fixes + * configure.ac: more fixes, also for libpcre2 detection + * Port to maintained PCRE2 API + * Changelog: update the recent changes + * autoconf: modify autogen.sh + * atftp.1: add more examples for options + * Add a simple congestion control + * Do some cosmetic changes + * Add windowsize option as described in RFC7440 + +------------------------------------------------------------------- +Thu Sep 1 06:13:32 UTC 2022 - Stefan Schubert + +- Migration to /usr/etc: Saving user changed configuration files + in /etc and restoring them while an RPM update. + +------------------------------------------------------------------- +Tue Jun 28 14:08:19 UTC 2022 - Stefan Schubert + +- Moved logrotate files from user specific directory /etc/logrotate.d + to vendor specific directory /usr/etc/logrotate.d. + +------------------------------------------------------------------- +Wed Sep 15 13:17:41 UTC 2021 - Pedro Monreal + +- Update to version 0.7.5 [bsc#1190522, CVE-2021-41054] + * text files: mark/convert all textfiles to UTF-8 + * fix some compiler warnings + * fix buffer overflow in atftpd (CVE-2021-41054) + * test.sh: check for root no longer necessary + * tftpd.c: Only drop privs if requested or running as root + check for failure + * fix invalid read of 1 byte in tftp_send_request. + * Check return value of fseek(), abort if != 0 + * options.c: Proper fix for the read-past-end-of-array + * configure.ac: Add -std=gnu89 if gcc/clang is detected + * tftpd.c: Fix memleak if thread spawning fails + * atftp: Check return value of fgets, buffer might be uninitialized on NULL + * Fix check for argz support (HAVE_ARGZ -> HAVE_ARGZ_H) + * replace LICENSE with current version + * Remove patches fixed upstream: + - atftp-0.7-sorcerers_apprentice.patch + - atftp-0.7-server_receive_race.patch + - atftp-0.7-ack_heuristic.patch + * Rebase patches: + - atftp-drop_privileges_non-daemon.patch + - atftp-0.7-default_dir_man.patch + - atftp-0.7-default_user_man.patch + +------------------------------------------------------------------- +Tue Sep 14 09:57:25 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * atftpd.service + +------------------------------------------------------------------- +Tue May 25 23:26:52 UTC 2021 - Ferdinand Thiessen + +- Update to version 0.7.4 + * fix compile, missing include + * fix compile, add missing defines + * link against libpthread for atftp + * fixed atftp fails to write to /proc/self/fd/1 + * Fix for DoS issue CVE-2020-6097 + * remove inline keyword from definitions + * remove extern inlines + * sys/cdefs usage +- Drop fixed atftp-CVE-2020-6097.patch + +------------------------------------------------------------------- +Thu Jan 21 08:30:09 UTC 2021 - Thorsten Kukuk + +- Use system wide tftp user/group, don't create them again + +------------------------------------------------------------------- +Wed Oct 21 18:19:51 UTC 2020 - Pedro Monreal + +- Security fix: [bsc#1176437, CVE-2020-6097] + * A specially crafted sequence of RRQ-Multicast requests can + trigger an assert() call resulting denial-of-service. +- Add atftp-CVE-2020-6097.patch + +------------------------------------------------------------------- +Sat Apr 25 13:16:41 UTC 2020 - chris@computersalat.de + +- fix logrotate + * change command to '/sbin/service atftpd restart' since there is no + init script and we are using systemd +- fix service file + * atftpd does not create logfile when there is none, hence we create + in ExecStartPre +- Update sysconfig file + * add ATFTPD_LOGFILE if we want to use our own logfile + * add comment to ATFTPD_BIND_ADDRESSES that it is obsolete since + systemd (binds to 0.0.0.0) + +------------------------------------------------------------------- +Fri Jul 5 11:45:37 UTC 2019 - matthias.gerstner@suse.com + +- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by + firewalld, see [1]. + + [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html + +------------------------------------------------------------------- +Fri Apr 26 09:37:19 UTC 2019 - Pedro Monreal Gonzalez + +- Removed old initscript conditionals and atftpd.init file + +------------------------------------------------------------------- +Wed Apr 24 14:57:32 UTC 2019 - Pedro Monreal Gonzalez + +- Update to version 0.7.2 [bsc#1133114, CVE-2019-11365][bsc#1133145, CVE-2019-11366] + * atftpd.c: Fixed a potential DoS bug (introduced by the IPv6 patch) + * Fix Debian Bug deb#613582 and deb#258998 atftpd: does not reply properly when there's more than 1 interface + * Fix Debian Bug deb#622840 atftpd: Forgets port if both --port and --bind-address are used + * Fix Debian Bug deb#606969 atftp exits with no error after a get when disk is full + * Fix Debian Bug deb#575831 atftp: error return value when tftp put file + * Fix missing default port from Ubuntu bug lp#972834 + * Merged patches to improve debugging and warning messages + * Merged patch from Gentoo distribution: + add support for proprietary password extension necessary for + transferring files to linksys routers (atftp client) + * Added patch from Gentoo bug #322601: client fails for filenames containing spaces + * Listening Address configuration fixed + * Added Patch "Blksize option can be smaller than SEGSIZE" + * Fix Debian Bug deb#609813 Apply patch listen on requested port when in daemon mode. + * Fix Debian Bug deb#598474 Fixed use of sendto() over a connected datagram socket on FreeBSD + * Fix Debian Bug deb#580473 Apply IPv6 support patch by Ben Hutchings. + Add AC_GNU_SOURCE to configure.ac to address FTBFS. + * Fix Debian Bug deb#536295 Updated config.sub .guess. + * Fix Debian Bug deb#535604 Make sure we have the --daemon option before starting atftpd + * Fix Debian Bug deb#514521 Crash fix + * Fix Debian Bug deb#484739 Added support for logging to stdout. + * Fix Debian Bug deb#484932 inetd.conf: change udp to udp4 + * Fix Debian Bug deb#436310 Fixed the FTBFS. + * Fix Debian Bug deb#420900 Use CLOCKS_PER_SEC instead of CLK_TCK. Fixed a FTBFS. + * Fix Debian Bug deb#271816 Random segfaults fixed + * Fix Debian Bug deb#291829 Segfault fixed on AMD64. + * Fix Debian Bug deb#290062 Copyright fixed. + * Fix Debian Bug deb#275052 Data corruption bug in multicast mode fixed. + * New Project home: https://sourceforge.net/projects/atftp/ +- Removed patches fixed upstream: + * atftp-0.7.dif + * atftp-CLK_TCK.diff + * atftp-0.7_compiler_warnings.patch + * atftp-0.7_thread_crash.patch + * atftp-0.7_sol_ip.patch + * atftp-0.7_bug-213384_OPT_NUMBER.patch + * atftpd-0.7_unprotected_assignments_crash.patch + * atftpd-0.7_circumvent_tftp_size_restrictions.patch +- Rebased patches: + * atftp-0.7-ack_heuristic.patch + * atftp-0.7-default_user_man.patch + * atftp-0.7-server_receive_race.patch + * atftp-0.7-sorcerers_apprentice.patch + * atftp-drop_privileges_non-daemon.patch + +------------------------------------------------------------------- +Thu Nov 23 13:38:03 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Fri Sep 8 13:01:24 UTC 2017 - pmonrealgonzalez@suse.com + +- Changed permissions of /srv/tftpboot to be readable [bsc#940608] + +------------------------------------------------------------------- +Tue Dec 6 12:39:32 UTC 2016 - vcizek@suse.com + +- honor --user and --group options in non-daemon mode (bsc#1013565) + * add atftp-drop_privileges_non-daemon.patch + +------------------------------------------------------------------- +Mon Jun 15 13:19:22 UTC 2015 - mpluskal@suse.com + +- Use ATFTPD_BIND_ADDRESSES in init script (boo#921219) +- Move autoreconf back to %buils as it causes issues with quilt + +------------------------------------------------------------------- +Mon Jun 8 07:39:43 UTC 2015 - schwab@suse.de + +- Force gnu89 inline semantics + +------------------------------------------------------------------- +Tue May 26 08:19:21 UTC 2015 - mpluskal@suse.com + +- Move autoreconf to %prep section as it better fits there + +------------------------------------------------------------------- +Sun May 24 21:24:18 UTC 2015 - mpluskal@suse.com + +- Fix atftpd.socket (boo#932161) + +------------------------------------------------------------------- +Wed Mar 18 15:23:17 UTC 2015 - mpluskal@suse.com + +- Do not install service and socket file as executable + * change to 0644 +- Cleanup spec file with spec-cleaner + +------------------------------------------------------------------- +Mon Feb 16 13:06:57 UTC 2015 - p.drouand@gmail.com + +- Add systemd support for openSUSE >= 12.1 + +------------------------------------------------------------------- +Tue Nov 12 20:41:45 UTC 2013 - chris@computersalat.de + +- rebase patches (p0) +- rename atftpd.init.d to atftpd.init +- fix spec + * remove ghost /var/run/atftp (created by init) + +------------------------------------------------------------------- +Thu Feb 7 13:05:52 UTC 2013 - vcizek@suse.com + +- create capabilites provided by both tftp and atftp + (bnc#801481 or bnc#725378) + +------------------------------------------------------------------- +Thu Jan 3 13:28:02 UTC 2013 - vcizek@suse.com + +- change ownership of /srv/tftpboot, because atftpd running as + tftp:tftp can't write to that directory +- create pid directory on service start +- manpage changes: + * substitute /tftpboot with /srv/tftpboot + * default user is now tftp:tftp + * added patches: + atftp-0.7-default_user_man.patch + atftp-0.7-default_dir_man.patch + +------------------------------------------------------------------- +Mon Oct 8 08:49:53 UTC 2012 - vcizek@suse.com + +- use Vladimir Nadvornik's heuristic for packet retransmission + by default (see bnc#774376) + The RFC1350 compliant behaviour stays optional. + (added atftp-0.7-ack_heuristic.patch) +- merged the two sorcerer's apprentice syndrome patches to one + (removed atftp-0.7-prevent-sas.patch) + +------------------------------------------------------------------- +Tue Sep 11 13:01:20 UTC 2012 - vcizek@suse.com + +- added rules for SuSEfirewall2 (bnc#729793) + +------------------------------------------------------------------- +Tue Sep 11 12:47:04 UTC 2012 - vcizek@suse.com + +- use the "su" logrotate directive (bnc#677335) + +------------------------------------------------------------------- +Wed Sep 5 14:10:03 UTC 2012 - vcizek@suse.com + +- prevent the sorcerer's apprentice syndrome situation only when + explicitly specified by the user (bnc#774376) + (added a new command line option --prevent-sas to turn it on) + +------------------------------------------------------------------- +Wed Jan 11 15:27:36 UTC 2012 - vcizek@suse.com + +- fix a race condition where two server threads pick up a single + client, which causes the transported file being overwritten + (bnc#599856) + +------------------------------------------------------------------- +Mon Jan 2 17:28:19 UTC 2012 - vcizek@suse.cz + +- added autoconf as BuildRequires + +------------------------------------------------------------------- +Thu Dec 1 11:20:12 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Wed Nov 9 15:13:18 UTC 2011 - vcizek@suse.com + +- licence in spdx format + +------------------------------------------------------------------- +Thu Nov 3 16:56:46 UTC 2011 - vcizek@suse.com + +- fixed the "Sorcerer's Apprentice Syndrome" bug + (bnc#727843) + +------------------------------------------------------------------- +Sat Sep 17 13:28:52 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile +- Use %_smp_mflags for parallel build + +------------------------------------------------------------------- +Tue Sep 6 11:55:01 UTC 2011 - vcizek@suse.com + +- added missing PreReq: pwdutils (bnc#683140) + +------------------------------------------------------------------- +Fri Oct 29 23:18:57 UTC 2010 - chris@computersalat.de + +- cleanup spec + o RPM_BUILD_ROOT vs buildroot +- fix pre + o no check before addding group/user (darix) +- fix files + o provide /srv/tftpboot +- modify sysconfig + o provide defaults (darix) + +------------------------------------------------------------------- +Wed Oct 13 21:28:56 UTC 2010 - chris@computersalat.de + +- modified init/sysconfig file + o set defaults in init file +- added default group/user tftp:tftp (bnc#472282) +- added /srv/tftpboot as default ATFTPD_DIRECTORY (bnc#248008,507011) +- added logrotate script + o --logfile /var/log/atftpd/atftp.log +- added missing README.MCAST, README.PCRE +- some rpmlint stuff + o fixed missing-dependency-to-logrotate + o fixed init non-remote_fs-dependency + o fixed init no-reload-entry + o fixed non-conffile-in-etc + +------------------------------------------------------------------- +Wed Sep 22 06:39:40 UTC 2010 - cristian.rodriguez@opensuse.org + +- add missing pcre-devel to build Requires (bnc#537425) + +------------------------------------------------------------------- +Fri Sep 12 16:27:04 CEST 2008 - mrueckert@suse.de + +- add atftpd-0.7_circumvent_tftp_size_restrictions.patch: + allow block counts higher than 65536 (Fate#303031) +- replace network with remote_fs in the init script dependencies + +------------------------------------------------------------------- +Fri Aug 22 15:14:00 CEST 2008 - ro@suse.de + +- change fillup_and_insserv to fillup_only (not active by default) + +------------------------------------------------------------------- +Thu Apr 3 15:57:09 CEST 2008 - mrueckert@suse.de + +- added atftpd-0.7_unprotected_assignments_crash.patch: (bnc#291884) + under high load atftpd dies as data access wasnt always protected + with a mutex. + +------------------------------------------------------------------- +Thu Jun 21 15:37:53 CEST 2007 - adrian@suse.de + +- fix changelog entry order + +------------------------------------------------------------------- +Mon Jan 22 18:33:44 CET 2007 - mrueckert@suse.de + +- added atftp-0.7_bug-213384_OPT_NUMBER.patch: + "atftpd incorrectly sends OACK (option acknowledge) packets" + (#213384,#80441) + +------------------------------------------------------------------- +Mon Jul 31 16:16:43 CEST 2006 - mrueckert@suse.de + +- added /var/run/atftpd/ (0755,nobody,nogroup): + at ftp can finally create pid files + the default pid file for a single instance will be + /var/run/atftpd/pid +- added support to run multiple instances of atftpd bound to specific + IP addresses: + * new sysconfig variable ATFTPD_BIND_ADDRESSES: whitespace + seperated list of ip addresses. + * each instance has its own pid file /var/run/atftpd/$ip.pid + +------------------------------------------------------------------- +Sat Jul 1 04:54:51 CEST 2006 - mrueckert@suse.de + +- bump the version number to 0.7.0: + This fix is needed because 0.7 < 0.7cvs. Replaced %{version} + with %{pkg_version} everywhere. %{pkg_version} holds the original + value of 0.7. + +------------------------------------------------------------------- +Thu Mar 30 18:32:19 CEST 2006 - mrueckert@suse.de + +- added atftp-0.7_compiler_warnings.patch: + o missing include of pthread.h + o make the the 1st parameter of tftp_mtftp_missed_packet + unsigned int to fix a differ in signedness warning + o configure overwrote the CFLAGS from the environment. + o fixed logging of threadids +- added atftp-0.7_thread_crash.patch: + fixes http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=271816 +- added atftp-0.7_sol_ip.patch: + only use the SOL_IP if it is defined +- updated atftp-0.7.dif: + o really always run through the whole bitmap to find old holes. + (bug #148779, #65660) + +------------------------------------------------------------------- +Wed Jan 25 21:34:30 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Tue Dec 20 11:56:43 CET 2005 - ro@suse.de + +- define CLK_TCK if not already done + +------------------------------------------------------------------- +Thu Mar 3 19:12:15 CET 2005 - nashif@suse.de + +- Applied patch from #65660: transfer breaks down if packets get + dropped + +------------------------------------------------------------------- +Thu Mar 3 19:06:48 CET 2005 - nashif@suse.de + +- According to #65660 memory allocation issue not present anymore + +------------------------------------------------------------------- +Sun Feb 13 21:46:53 CET 2005 - nashif@suse.de + +- fixed segfault on x86_64 + +------------------------------------------------------------------- +Tue Nov 16 06:44:58 CET 2004 - ro@suse.de + +- merge old changelog entries (after checking all fixes are here) +- removed also destdir.patch (included upstream) + +------------------------------------------------------------------- +Fri Nov 12 19:17:31 CET 2004 - jhargado@suse.de + +- Added a patch to fix a problem where if a client requests a file + that doesn't exist, sometimes the daemon would exit without warning. + The .7 version of atftp is needed in SLRS to allow HA functionality. + This package is only included in the SLRS distribution. + +------------------------------------------------------------------- +Sat Sep 11 17:21:40 CEST 2004 - kukuk@suse.de +- Adjust to new glibc __THROW define + +------------------------------------------------------------------- +Mon Apr 12 03:05:46 CEST 2004 - nashif@suse.de + +- update to 0.7 final + - when called in batch mode, return right exit code if + operation fails. + +------------------------------------------------------------------- +Tue Mar 9 15:23:01 CET 2004 - ms@suse.de + +- include timeout patch: + We finally got a network trace with + the ACKs included. When the client fails the checksum, it stops acking + the server. This was occurring anywhere from the middle to the end of the + 730MB download. It boils down to slower systems are taking to long to + write the network data to the disk and in the meanwhile the tftp timeout + value is incrementing and when it reaches 5 tftp timeouts, the clients + gives up!! Dan added code to reset the timeout counter when the client + received another good packet. With this fix, the clients, even slow + clients never failed. We think adding more memory to the slower clients + made the problem worse because it took longer to write the memory cache + out to the disk and caused more timeouts. While trying to cause more + timeouts on the clients (we paused the client in the middle of the + download), we noticed the server code has the same timeout scheme so Dan + also added this code to reset the timeout counter when good packets were + received. These fixes look solid, even under error conditions. + +------------------------------------------------------------------- +Mon Mar 1 05:33:58 CET 2004 - nashif@suse.de + +- Update to 0.7 cvs + +------------------------------------------------------------------- +Thu Feb 19 10:50:20 CET 2004 - kukuk@suse.de + +- Cleanup neededforbuild + +------------------------------------------------------------------- +Wed Feb 4 17:54:51 CET 2004 - ms@suse.de + +- according to Anas Nashif the current version + 0.6.2 includes the fix for bug (#27341). buffer overflow when a long + filename is sent to the server + +------------------------------------------------------------------- +Wed Feb 4 15:26:43 CET 2004 - ms@suse.de + +- include version 0.6.2 to SLES8 includes important multicast + fixes related to project Point-of-Sale (#34074) + +------------------------------------------------------------------- +Sat Jan 10 21:11:12 CET 2004 - adrian@suse.de + +- build as user + +------------------------------------------------------------------- +Fri Aug 29 04:38:45 CEST 2003 - nashif@suse.de + +- Provide default tftp directory + +------------------------------------------------------------------- +Fri Aug 1 05:46:44 CEST 2003 - nashif@suse.de + +- update to 0.6.2 +- Fixes bug #27341 +- Readded conflict to tftp + +------------------------------------------------------------------- +Wed May 28 16:41:41 CEST 2003 - nashif@suse.de + +- Removed conflict to tftp +- added manpages as doc files + +------------------------------------------------------------------- +Mon May 26 13:05:04 CEST 2003 - lmuelle@suse.de + +- Remove set -e from init script; exit with rc 5 if binary is not installed + +------------------------------------------------------------------- +Wed Jan 1 17:21:33 CET 2003 - nashif@suse.de + +- Fixed bug #22614: missing metadata in sysconfig template + +------------------------------------------------------------------- +Sat Sep 14 06:23:15 CEST 2002 - nashif@suse.de + +- Added missing restart to init script + +------------------------------------------------------------------- +Fri Aug 30 17:04:36 CEST 2002 - nashif@suse.de + +- Fixed bug #18661: Removed ; from sysconfig file + +------------------------------------------------------------------- +Sat Aug 17 18:31:00 CEST 2002 - nashif@suse.de + +- Fixed bug #17793: Added PreReq +- Fixed init script output + +------------------------------------------------------------------- +Sun Jun 9 06:45:05 CEST 2002 - nashif@suse.de + +- Update to version 0.6.1.1 + +------------------------------------------------------------------- +Sat Apr 13 18:00:14 CEST 2002 - nashif@suse.de + +- Use tftp_LDADD for libraries instead of LDFLAGS + +------------------------------------------------------------------- +Sat Mar 23 04:38:43 CET 2002 - nashif@suse.de + +- Initial release (0.50) + diff --git a/atftp.spec b/atftp.spec new file mode 100644 index 0000000..4804f8d --- /dev/null +++ b/atftp.spec @@ -0,0 +1,140 @@ +# +# spec file for package atftp +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + +Name: atftp +Version: 0.8.0 +Release: 0 +Summary: Advanced TFTP Server and Client +License: GPL-2.0-or-later +Group: System/Daemons +URL: https://sourceforge.net/projects/atftp/ +Source: https://sourceforge.net/projects/atftp/files/%{name}-%{version}.tar.gz +Source2: atftpd.sysconfig +Source3: atftpd.logrotate +Source5: atftpd.service +Source6: atftpd.socket +Patch1: atftp-0.7-default_user_man.patch +# PATCH-FIX-SUSE update default directory in man (bnc#507011) +Patch2: atftp-0.7-default_dir_man.patch +Patch3: atftp-drop_privileges_non-daemon.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: pcre-devel +BuildRequires: readline-devel +BuildRequires: tcpd-devel +Requires(pre): %fillup_prereq +Requires(pre): user(tftp) group(tftp) +Recommends: logrotate +Conflicts: tftp +Provides: tftp(client) +Provides: tftp(server) +BuildRequires: systemd-rpm-macros + +%description +atftp stands for Advanced Trivial File Transfer Protocol. It is called +"advanced", in contrast to others TFTP servers, for two reasons. First, +it is intended to be fully compliant with all related RFCs. This +includes RFC1350, RFC2090, RFC2347, RFC2348, and RFC2349. Second, atftp +is intended for serving boot files to large clusters. It is +multithreaded and will eventually support multicast, allowing faster +boot of hundreds of machines simultaneously. + +%prep +%autosetup -p1 + +%build +autoreconf -fi +# https://sourceware.org/bugzilla/show_bug.cgi?id=32206 +CFLAGS="%optflags -fgnu89-inline -U_FORTIFY_SOURCE" +%configure +%make_build + +%install +%make_install +install -D -m 0644 %{SOURCE5} %{buildroot}/%{_unitdir}/atftpd.service +install -D -m 0644 %{SOURCE6} %{buildroot}/%{_unitdir}/atftpd.socket +install -D -m 0644 %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.atftpd +%if 0%{?suse_version} > 1500 +mkdir -p %{buildroot}%{_distconfdir}/logrotate.d +install -D -m 0644 %{SOURCE3} %{buildroot}%{_distconfdir}/logrotate.d/%{name} +%else +install -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +%endif +install -d -m 0755 %{buildroot}/srv/tftpboot +install -d -m 0750 %{buildroot}%{_localstatedir}/log/atftpd + +%pre +# fix sysconfig to get new defaults on Update +if [ -f %{_sysconfdir}/sysconfig/atftpd ]; then + sed -i -e "s@^\(ATFTPD_OPTIONS=\"--daemon \"\)@#\1@" %{_sysconfdir}/sysconfig/atftpd + sed -i -e "s@^\(ATFTPD_DIRECTORY=\"/tftpboot\"\)@#\1@" %{_sysconfdir}/sysconfig/atftpd +fi +%service_add_pre atftpd.service atftpd.socket +%if 0%{?suse_version} > 1500 +# Prepare for migration to /usr/etc; save any old .rpmsave +for i in logrotate.d/%{name} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done +%endif + +%preun +%service_del_preun atftpd.service atftpd.socket + +%post +%service_add_post atftpd.service atftpd.socket +%{fillup_only -n atftpd} + +%postun +%service_del_postun atftpd.service atftpd.socket + +%if 0%{?suse_version} > 1500 +%posttrans +# Migration to /usr/etc, restore just created .rpmsave +for i in logrotate.d/%{name} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif + +%files +%license LICENSE +%doc BUGS FAQ README README.MCAST README.PCRE TODO +%{_bindir}/atftp +%{_sbindir}/atftpd +%{_sbindir}/in.tftpd +%{_unitdir}/atftpd.service +%{_unitdir}/atftpd.socket +%if 0%{?suse_version} > 1500 +%{_distconfdir}/logrotate.d/%{name} +%else +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%endif +%{_fillupdir}/sysconfig.atftpd +%{_mandir}/man1/atftp.1.gz +%{_mandir}/man8/atftpd.8.gz +%{_mandir}/man8/in.tftpd.8.gz + +%dir %attr(0755,tftp,tftp) /srv/tftpboot +%dir %attr(0750,tftp,tftp) %{_localstatedir}/log/atftpd/ + +%changelog diff --git a/atftpd.logrotate b/atftpd.logrotate new file mode 100644 index 0000000..de98a0d --- /dev/null +++ b/atftpd.logrotate @@ -0,0 +1,14 @@ +/var/log/atftpd/atftp.log { + su tftp tftp + compress + dateext + maxage 365 + rotate 99 + size=+4096k + notifempty + missingok + create 640 tftp tftp + postrotate + /sbin/service atftpd restart + endscript +} diff --git a/atftpd.service b/atftpd.service new file mode 100644 index 0000000..ed0188a --- /dev/null +++ b/atftpd.service @@ -0,0 +1,22 @@ +[Unit] +Description=Advanced TFTP Server + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +EnvironmentFile=/etc/sysconfig/atftpd +# atftpd does not create logfile when there is none +ExecStartPre=-/usr/bin/su -c "/usr/bin/touch $ATFTPD_LOGFILE" -s /bin/bash $ATFTPD_USER +ExecStart=/usr/sbin/atftpd --user $ATFTPD_USER --group $ATFTPD_GROUP $ATFTPD_OPTIONS $ATFTPD_DIRECTORY +StandardInput=socket diff --git a/atftpd.socket b/atftpd.socket new file mode 100644 index 0000000..fa8b5c8 --- /dev/null +++ b/atftpd.socket @@ -0,0 +1,8 @@ +[Unit] +Description=Advanced tftp Server Activation Socket + +[Socket] +ListenDatagram=69 + +[Install] +WantedBy=sockets.target diff --git a/atftpd.sysconfig b/atftpd.sysconfig new file mode 100644 index 0000000..5f5783b --- /dev/null +++ b/atftpd.sysconfig @@ -0,0 +1,69 @@ +## Path: Network/FTP/Atftpd +## Description: ATFTP Configuration +## Type: string +## Default: "tftp" +# +# daemon user (tftp) +# +ATFTPD_USER="tftp" + +## Type: string +## Default: "tftp" +# +# daemon user (tftp) +# +ATFTPD_GROUP="tftp" + +## Type: string +## Default: "" +## +## INFO: +## logging to file, if enabled, defaults to: "/var/log/atftpd/atftp.log" +# +# atftpd logfile +# +ATFTPD_LOGFILE="/var/log/atftpd/atftp.log" + +## Type: string +## Default: "" +## +## INFO: +## "--daemon is obsolete since systemd" +## "--user, --group" can not be removed/replaced here as +## atftpd is started with them as default opts: "--user $ATFTPD_USER --group $ATFTPD_GROUP" +## and +## logging is set to syslog as default if not enabled: +## use the following to enable logging to own logfile +## "--logfile $ATFTPD_LOGFILE" +# +# atftpd options +# +ATFTPD_OPTIONS="" + +## Type: yesno +## Default: no +# +# Use inetd instead of daemon +# +ATFTPD_USE_INETD="no" + +## Type: string +## Default: "/srv/tftpboot" +## was "/tftpboot" but +## "/tftpboot" is not allowed anymore in FHS 2.2. +# +# TFTP directory must be a world readable/writable directory. +# By default /srv/tftpboot is assumed. +# +ATFTPD_DIRECTORY="/srv/tftpboot" + +## Type: string +## Default: "" +# +# Whitespace seperated list of IP addresses which ATFTPD binds to. +# One instance of the service is started on each IP address. +# By default atftpd will listen on all available IP addresses/interfaces. +# +# obsolete since systemd socket binds to 0.0.0.0 +# +ATFTPD_BIND_ADDRESSES=""