Accepting request 895431 from home:susnux:branches:network

Update to version 0.7.4

OBS-URL: https://build.opensuse.org/request/show/895431
OBS-URL: https://build.opensuse.org/package/show/network/atftp?expand=0&rev=48

atftp-0.7.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1ad080674e9f974217b3a703e7356c6c8446dc5e7b2014d0d06e1bfaa11b5041
-size 248038

atftp-0.7.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d3c9cd0d971dfc786d7a5f4055c35d4e66aafc8102ac03473ef225bdf7edb26a
+size 249699

atftp-CVE-2020-6097.patch

@@ -1,100 +0,0 @@
-From 96409ef3b9ca061f9527cfaafa778105cf15d994 Mon Sep 17 00:00:00 2001
-From: Peter Kaestle <peter.kaestle@nokia.com>
-Date: Wed, 14 Oct 2020 14:02:41 +0200
-Subject: [PATCH] Fix for DoS issue CVE-2020-6097
-
-"sockaddr_print_addr" of tftpd can be triggered remotely to call
-assert(), which will crash the tftpd daemon.  See:
-https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
-
-"sockaddr_print_addr" originaly had two features:
-1) returning pointer to string of the incoming ip address
-2) checking whether ss_family of the connection is supported
-
-To fix the issue, a separate function "sockaddr_family_supported" is
-used to take care of 2) and "sockaddr_print_addr" returns an error
-message string for unsupported cases when using 1) insert of calling
-assert().
----
- tftp_def.c    | 11 ++++++++++-
- tftp_def.h    |  1 +
- tftpd.c       |  5 +++++
- tftpd_mtftp.c |  5 +++++
- 4 files changed, 21 insertions(+), 1 deletion(-)
-
-diff --git a/tftp_def.c b/tftp_def.c
-index d457c2a..428a930 100644
---- a/tftp_def.c
-+++ b/tftp_def.c
-@@ -180,6 +180,15 @@ int Gethostbyname(char *addr, struct hostent *host)
-      return OK;
- }
- 
-+int
-+sockaddr_family_supported(const struct sockaddr_storage *ss)
-+{
-+     if (ss->ss_family == AF_INET || ss->ss_family == AF_INET6)
-+          return 1;
-+     else
-+          return 0;
-+}
-+
- char *
- sockaddr_print_addr(const struct sockaddr_storage *ss, char *buf, size_t len)
- {
-@@ -189,7 +198,7 @@ sockaddr_print_addr(const struct sockaddr_storage *ss, char *buf, size_t len)
-      else if (ss->ss_family == AF_INET6)
-           addr = &((const struct sockaddr_in6 *)ss)->sin6_addr;
-      else
--          assert(!"sockaddr_print: unsupported address family");
-+          return "sockaddr_print: unsupported address family";
-      return (char *)inet_ntop(ss->ss_family, addr, buf, len);
- }
- 
-diff --git a/tftp_def.h b/tftp_def.h
-index 0841746..458e310 100644
---- a/tftp_def.h
-+++ b/tftp_def.h
-@@ -54,6 +54,7 @@ int print_eng(double value, char *string, int size, char *format);
- inline char *Strncpy(char *to, const char *from, size_t size);
- int Gethostbyname(char *addr, struct hostent *host);
- 
-+int sockaddr_family_supported(const struct sockaddr_storage *ss);
- char *sockaddr_print_addr(const struct sockaddr_storage *, char *, size_t);
- #define SOCKADDR_PRINT_ADDR_LEN INET6_ADDRSTRLEN
- uint16_t sockaddr_get_port(const struct sockaddr_storage *);
-diff --git a/tftpd.c b/tftpd.c
-index 0b6f6a5..a7561a5 100644
---- a/tftpd.c
-+++ b/tftpd.c
-@@ -644,6 +644,11 @@ void *tftpd_receive_request(void *arg)
-      }
- 
- #ifdef HAVE_WRAP
-+     if (!abort && !sockaddr_family_supported(&data->client_info->client))
-+     {
-+          logger(LOG_ERR, "Connection from unsupported network address family refused");
-+          abort = 1;
-+     }
-      if (!abort)
-      {
-           /* Verify the client has access. We don't look for the name but
-diff --git a/tftpd_mtftp.c b/tftpd_mtftp.c
-index d420d10..0032905 100644
---- a/tftpd_mtftp.c
-+++ b/tftpd_mtftp.c
-@@ -393,6 +393,11 @@ void *tftpd_mtftp_server(void *arg)
-                                         &data_size, data->data_buffer);
- 
- #ifdef HAVE_WRAP
-+               if (!sockaddr_family_supported(&sa))
-+               {
-+                    logger(LOG_ERR, "mtftp: Connection from unsupported network address family refused");
-+                    continue;
-+               }
-                /* Verify the client has access. We don't look for the name but
-                   rely only on the IP address for that. */
-                sockaddr_print_addr(&sa, addr_str, sizeof(addr_str));
--- 
-2.28.0
-

atftp.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue May 25 23:26:52 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
+
+- Update to version 0.7.4
+  * fix compile, missing include
+  * fix compile, add missing defines
+  * link against libpthread for atftp
+  * fixed atftp fails to write to /proc/self/fd/1
+  * Fix for DoS issue CVE-2020-6097
+  * remove inline keyword from definitions
+  * remove extern inlines
+  * sys/cdefs usage
+- Drop fixed atftp-CVE-2020-6097.patch
+
 -------------------------------------------------------------------
 Thu Jan 21 08:30:09 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
 

atftp.spec

@@ -23,7 +23,7 @@
 %endif
 
 Name:           atftp
-Version:        0.7.2
+Version:        0.7.4
 Release:        0
 Summary:        Advanced TFTP Server and Client
 License:        GPL-2.0-or-later
@@ -44,8 +44,6 @@ Patch4:         atftp-0.7-default_user_man.patch
 # PATCH-FIX-SUSE update default directory in man (bnc#507011)
 Patch5:         atftp-0.7-default_dir_man.patch
 Patch6:         atftp-drop_privileges_non-daemon.patch
-# PATCH-FIX-UPSTREAM bsc#1176437 CVE-2020-6097 Fix for DoS issue
-Patch7:         atftp-CVE-2020-6097.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  pcre-devel
@@ -77,7 +75,6 @@ boot of hundreds of machines simultaneously.
 %patch4
 %patch5
 %patch6 -p1
-%patch7 -p1
 
 %build
 autoreconf -fi
@@ -86,7 +83,7 @@ CFLAGS="%optflags -fgnu89-inline"
 make %{?_smp_mflags}
 
 %install
-make DESTDIR=%{buildroot} install %{?_smp_mflags}
+%make_install
 # SuSE rc
 install -D -m 0644 %{SOURCE5} %{buildroot}/%{_unitdir}/atftpd.service
 install -D -m 0644 %{SOURCE6} %{buildroot}/%{_unitdir}/atftpd.socket