forked from pool/atftp
Marcus Meissner
003aa9ceb8
- Update to version 0.7.5 [bsc#1190522, CVE-2021-41054] * text files: mark/convert all textfiles to UTF-8 * fix some compiler warnings * fix buffer overflow in atftpd (CVE-2021-41054) * test.sh: check for root no longer necessary * tftpd.c: Only drop privs if requested or running as root + check for failure * fix invalid read of 1 byte in tftp_send_request. * Check return value of fseek(), abort if != 0 * options.c: Proper fix for the read-past-end-of-array * configure.ac: Add -std=gnu89 if gcc/clang is detected * tftpd.c: Fix memleak if thread spawning fails * atftp: Check return value of fgets, buffer might be uninitialized on NULL * Fix check for argz support (HAVE_ARGZ -> HAVE_ARGZ_H) * replace LICENSE with current version * Remove patches fixed upstream: - atftp-0.7-sorcerers_apprentice.patch - atftp-0.7-server_receive_race.patch - atftp-0.7-ack_heuristic.patch * Rebase patches: - atftp-drop_privileges_non-daemon.patch - atftp-0.7-default_dir_man.patch - atftp-0.7-default_user_man.patch OBS-URL: https://build.opensuse.org/request/show/919255 OBS-URL: https://build.opensuse.org/package/show/network/atftp?expand=0&rev=51
25 lines
814 B
Diff
25 lines
814 B
Diff
Index: atftp-0.7.5/tftpd.c
|
|
===================================================================
|
|
--- atftp-0.7.5.orig/tftpd.c
|
|
+++ atftp-0.7.5/tftpd.c
|
|
@@ -99,8 +99,8 @@ int deny_severity = LOG_NOTICE;
|
|
#endif
|
|
|
|
/* user ID and group ID when running as a daemon */
|
|
-char user_name[MAXLEN] = "nobody";
|
|
-char group_name[MAXLEN] = "nogroup";
|
|
+char user_name[MAXLEN] = "tftp";
|
|
+char group_name[MAXLEN] = "tftp";
|
|
|
|
/* For special uses, disable source port checking */
|
|
int source_port_checking = 1;
|
|
@@ -298,7 +298,7 @@ int main(int argc, char **argv)
|
|
dup2(sockfd, 0);
|
|
close(sockfd);
|
|
|
|
- /* release priviliedge */
|
|
+ /* release priviledge */
|
|
|
|
/* first see if we are or can somehow become root, if so prepare
|
|
* for drop even if not requested on command line */
|