diff --git a/atftp-0.7.2.tar.gz b/atftp-0.7.2.tar.gz deleted file mode 100644 index a3105f0..0000000 --- a/atftp-0.7.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1ad080674e9f974217b3a703e7356c6c8446dc5e7b2014d0d06e1bfaa11b5041 -size 248038 diff --git a/atftp-0.7.4.tar.gz b/atftp-0.7.4.tar.gz new file mode 100644 index 0000000..ae1d461 --- /dev/null +++ b/atftp-0.7.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d3c9cd0d971dfc786d7a5f4055c35d4e66aafc8102ac03473ef225bdf7edb26a +size 249699 diff --git a/atftp-CVE-2020-6097.patch b/atftp-CVE-2020-6097.patch deleted file mode 100644 index 5aae2fc..0000000 --- a/atftp-CVE-2020-6097.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 96409ef3b9ca061f9527cfaafa778105cf15d994 Mon Sep 17 00:00:00 2001 -From: Peter Kaestle -Date: Wed, 14 Oct 2020 14:02:41 +0200 -Subject: [PATCH] Fix for DoS issue CVE-2020-6097 - -"sockaddr_print_addr" of tftpd can be triggered remotely to call -assert(), which will crash the tftpd daemon. See: -https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029 - -"sockaddr_print_addr" originaly had two features: -1) returning pointer to string of the incoming ip address -2) checking whether ss_family of the connection is supported - -To fix the issue, a separate function "sockaddr_family_supported" is -used to take care of 2) and "sockaddr_print_addr" returns an error -message string for unsupported cases when using 1) insert of calling -assert(). ---- - tftp_def.c | 11 ++++++++++- - tftp_def.h | 1 + - tftpd.c | 5 +++++ - tftpd_mtftp.c | 5 +++++ - 4 files changed, 21 insertions(+), 1 deletion(-) - -diff --git a/tftp_def.c b/tftp_def.c -index d457c2a..428a930 100644 ---- a/tftp_def.c -+++ b/tftp_def.c -@@ -180,6 +180,15 @@ int Gethostbyname(char *addr, struct hostent *host) - return OK; - } - -+int -+sockaddr_family_supported(const struct sockaddr_storage *ss) -+{ -+ if (ss->ss_family == AF_INET || ss->ss_family == AF_INET6) -+ return 1; -+ else -+ return 0; -+} -+ - char * - sockaddr_print_addr(const struct sockaddr_storage *ss, char *buf, size_t len) - { -@@ -189,7 +198,7 @@ sockaddr_print_addr(const struct sockaddr_storage *ss, char *buf, size_t len) - else if (ss->ss_family == AF_INET6) - addr = &((const struct sockaddr_in6 *)ss)->sin6_addr; - else -- assert(!"sockaddr_print: unsupported address family"); -+ return "sockaddr_print: unsupported address family"; - return (char *)inet_ntop(ss->ss_family, addr, buf, len); - } - -diff --git a/tftp_def.h b/tftp_def.h -index 0841746..458e310 100644 ---- a/tftp_def.h -+++ b/tftp_def.h -@@ -54,6 +54,7 @@ int print_eng(double value, char *string, int size, char *format); - inline char *Strncpy(char *to, const char *from, size_t size); - int Gethostbyname(char *addr, struct hostent *host); - -+int sockaddr_family_supported(const struct sockaddr_storage *ss); - char *sockaddr_print_addr(const struct sockaddr_storage *, char *, size_t); - #define SOCKADDR_PRINT_ADDR_LEN INET6_ADDRSTRLEN - uint16_t sockaddr_get_port(const struct sockaddr_storage *); -diff --git a/tftpd.c b/tftpd.c -index 0b6f6a5..a7561a5 100644 ---- a/tftpd.c -+++ b/tftpd.c -@@ -644,6 +644,11 @@ void *tftpd_receive_request(void *arg) - } - - #ifdef HAVE_WRAP -+ if (!abort && !sockaddr_family_supported(&data->client_info->client)) -+ { -+ logger(LOG_ERR, "Connection from unsupported network address family refused"); -+ abort = 1; -+ } - if (!abort) - { - /* Verify the client has access. We don't look for the name but -diff --git a/tftpd_mtftp.c b/tftpd_mtftp.c -index d420d10..0032905 100644 ---- a/tftpd_mtftp.c -+++ b/tftpd_mtftp.c -@@ -393,6 +393,11 @@ void *tftpd_mtftp_server(void *arg) - &data_size, data->data_buffer); - - #ifdef HAVE_WRAP -+ if (!sockaddr_family_supported(&sa)) -+ { -+ logger(LOG_ERR, "mtftp: Connection from unsupported network address family refused"); -+ continue; -+ } - /* Verify the client has access. We don't look for the name but - rely only on the IP address for that. */ - sockaddr_print_addr(&sa, addr_str, sizeof(addr_str)); --- -2.28.0 - diff --git a/atftp.changes b/atftp.changes index 3cb5c56..ba5c83a 100644 --- a/atftp.changes +++ b/atftp.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Tue May 25 23:26:52 UTC 2021 - Ferdinand Thiessen + +- Update to version 0.7.4 + * fix compile, missing include + * fix compile, add missing defines + * link against libpthread for atftp + * fixed atftp fails to write to /proc/self/fd/1 + * Fix for DoS issue CVE-2020-6097 + * remove inline keyword from definitions + * remove extern inlines + * sys/cdefs usage +- Drop fixed atftp-CVE-2020-6097.patch + ------------------------------------------------------------------- Thu Jan 21 08:30:09 UTC 2021 - Thorsten Kukuk diff --git a/atftp.spec b/atftp.spec index 706ad9b..7229b91 100644 --- a/atftp.spec +++ b/atftp.spec @@ -23,7 +23,7 @@ %endif Name: atftp -Version: 0.7.2 +Version: 0.7.4 Release: 0 Summary: Advanced TFTP Server and Client License: GPL-2.0-or-later @@ -44,8 +44,6 @@ Patch4: atftp-0.7-default_user_man.patch # PATCH-FIX-SUSE update default directory in man (bnc#507011) Patch5: atftp-0.7-default_dir_man.patch Patch6: atftp-drop_privileges_non-daemon.patch -# PATCH-FIX-UPSTREAM bsc#1176437 CVE-2020-6097 Fix for DoS issue -Patch7: atftp-CVE-2020-6097.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: pcre-devel @@ -77,7 +75,6 @@ boot of hundreds of machines simultaneously. %patch4 %patch5 %patch6 -p1 -%patch7 -p1 %build autoreconf -fi @@ -86,7 +83,7 @@ CFLAGS="%optflags -fgnu89-inline" make %{?_smp_mflags} %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +%make_install # SuSE rc install -D -m 0644 %{SOURCE5} %{buildroot}/%{_unitdir}/atftpd.service install -D -m 0644 %{SOURCE6} %{buildroot}/%{_unitdir}/atftpd.socket