Request 919255: Submit atftp - openSUSE Build Service

Overview

Request 919255 accepted

- Update to version 0.7.5 [bsc#1190522, CVE-2021-41054]
* text files: mark/convert all textfiles to UTF-8
* fix some compiler warnings
* fix buffer overflow in atftpd (CVE-2021-41054)
* test.sh: check for root no longer necessary
* tftpd.c: Only drop privs if requested or running as root + check for failure
* fix invalid read of 1 byte in tftp_send_request.
* Check return value of fseek(), abort if != 0
* options.c: Proper fix for the read-past-end-of-array
* configure.ac: Add -std=gnu89 if gcc/clang is detected
* tftpd.c: Fix memleak if thread spawning fails
* atftp: Check return value of fgets, buffer might be uninitialized on NULL
* Fix check for argz support (HAVE_ARGZ -> HAVE_ARGZ_H)
* replace LICENSE with current version
* Remove patches fixed upstream:
- atftp-0.7-sorcerers_apprentice.patch
- atftp-0.7-server_receive_race.patch
- atftp-0.7-ack_heuristic.patch
* Rebase patches:
- atftp-drop_privileges_non-daemon.patch
- atftp-0.7-default_dir_man.patch
- atftp-0.7-default_user_man.patch

Created by pmonrealgonzalez about 3 years ago
In state accepted
Package maintainer: ayankov

Submit atftp

Comments for request 919255 2

Pedro Monreal Gonzalez (pmonrealgonzalez) - about 3 years ago

author source maintainer

I have tested the changes related to the systemd service hardening (bsc#1181400) and they don't seem to interfere with a normal setup.

Staging Bot (staging-bot) - about 3 years ago

@pmonrealgonzalez: review reminder

Login required, please login in order to comment

Request History

pmonrealgonzalez created request about 3 years ago

- Update to version 0.7.5 [bsc#1190522, CVE-2021-41054]
* text files: mark/convert all textfiles to UTF-8
* fix some compiler warnings
* fix buffer overflow in atftpd (CVE-2021-41054)
* test.sh: check for root no longer necessary
* tftpd.c: Only drop privs if requested or running as root + check for failure
* fix invalid read of 1 byte in tftp_send_request.
* Check return value of fseek(), abort if != 0
* options.c: Proper fix for the read-past-end-of-array
* configure.ac: Add -std=gnu89 if gcc/clang is detected
* tftpd.c: Fix memleak if thread spawning fails
* atftp: Check return value of fgets, buffer might be uninitialized on NULL
* Fix check for argz support (HAVE_ARGZ -> HAVE_ARGZ_H)
* replace LICENSE with current version
* Remove patches fixed upstream:
- atftp-0.7-sorcerers_apprentice.patch
- atftp-0.7-server_receive_race.patch
- atftp-0.7-ack_heuristic.patch
* Rebase patches:
- atftp-drop_privileges_non-daemon.patch
- atftp-0.7-default_dir_man.patch
- atftp-0.7-default_user_man.patch

msmeissn accepted request about 3 years ago

ok

openSUSE Build Service is sponsored by