From abaa75b10f899ada8dd05b23cc03205064394bc6 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Fri, 22 Jan 2021 20:28:19 +0000
Subject: gentoo resync : 22.01.2021

---
 net-ftp/atftp/Manifest                             |  4 +
 net-ftp/atftp/atftp-0.7.2-r2.ebuild                | 68 ++++++++++++++++
 net-ftp/atftp/atftp-0.7.2-r3.ebuild                | 69 ++++++++++++++++
 .../atftp/files/atftp-0.7.2-cve-2020-6097.patch    | 92 ++++++++++++++++++++++
 net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch  | 38 +++++++++
 5 files changed, 271 insertions(+)
 create mode 100644 net-ftp/atftp/atftp-0.7.2-r2.ebuild
 create mode 100644 net-ftp/atftp/atftp-0.7.2-r3.ebuild
 create mode 100644 net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch
 create mode 100644 net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch

(limited to 'net-ftp/atftp')

diff --git a/net-ftp/atftp/Manifest b/net-ftp/atftp/Manifest
index ea1a3b29812f..49855c910e4c 100644
--- a/net-ftp/atftp/Manifest
+++ b/net-ftp/atftp/Manifest
@@ -1,8 +1,12 @@
 AUX atftp-0.7.2-CFLAGS.patch 611 BLAKE2B a897ae1d9f03387283826c5b9795028b9190ca5a55e9db795d6a3753c7ce45ccd75a8d37eb2de228bd1b8fc57472fb3f662860c0f1efdc5a0ceab2d1a178c1dc SHA512 b020e761af2b73193e0bc3ef0e11e293babdfaedeac5429f3ad89079d686ce9c69737a4f74e147a023a92a2424241d61f17574feaadc39a5b6bd361245886c8a
+AUX atftp-0.7.2-cve-2020-6097.patch 3433 BLAKE2B 3ea6ac0bf80a8750535b1184d7b9d8e6023d5678ebf1150fce02b268a4e44ba08f4350d1c7ee4e3bb9dc5676d3b0c75db4e95fb637c9cbcb5f074fb0d9ec28e4 SHA512 0677ffc38f1e94036596ab58f356c351d53b4440cbb37b96f265fe335d1595003ff3e773cb1b5ab5af3be31a4a93af30188fe1ea88cd9cb5a7cb65e385932bd5
+AUX atftp-0.7.2-fewer_seeks.patch 1398 BLAKE2B 6ac60c1953a1849700fd7e00cce78c2481667846aad6966f6df570d1cc29b69524edd8a9763dbafdfaee219a27666a6b8d8857350521813338729c0dfe553a11 SHA512 f83f98419487d4caa861ec16fe3250e4421a0cb9366a3aca3bb6dbda1141ec19cb0318aa5d00740672d99a73b28353a220138e86d30a370d902dcd606a5da40c
 AUX atftp.confd 105 BLAKE2B 6672479bce2240d4c34c70853227a769fa45c06e4b5c04f7d5aebdbceb0987316a9ec906182cacf5337fce5190aeac3bfc4cda0be72b8d48e99a5b2cbc2eca0e SHA512 cdbd63df16c2cee7491209de8ec44e05e10beccc6286cf7cb1c5dc7731c616d41bc94ce4d6c020b4ac8bb77b27956e9ee36d9b5703dcd3477e8b14927d154b91
 AUX atftp.init 438 BLAKE2B 1783431801dbf04353bde6c3766c7d0acdd06b8ec853c8fba5cf1bbfe6c7020b55305f44992e3921a63654f290a28c28373dd94f925188c72105c8a3dd047dca SHA512 b64f78658d2da17a4fe4237835c0a6a0cc59d0b7278e8f6f49673ffd8a97a9473e4773b43bcc70d312043ee4324d8105c50f0cfcf6055c0755ce598c9d7e5a23
 AUX atftp.service 233 BLAKE2B 4c9a1a8041ffc4cdf71a24800494f340121beb9bde9760fa090b9e515ef0b2aa7dd73173543c75fde465dbf9cc229b04acc9e72c296fa27cace2063128de06c6 SHA512 533372c4863e39d6139ddc491c2b2b2051f1094a90d9854879f28bae7975c8dc997696318794cd1136f9cc542a8f418ad8361b87dd6b3455445d8528d2cc993a
 AUX atftp.service.conf 45 BLAKE2B dd52bd3ef0d72f28d2e317282026d354b6023f8b51634d0374623c782afacae1284f5385967dfa91026553845f9283be59b4c7d96031da85261067b7be6544f7 SHA512 661befb6873eee6c0ed25fd5cb156e3d7c4ef801d2f58cda8df0f0c5fd851c7eb28089a9399529164c61505963e9d10143df2195d57ff66f85ad0e2750fbbd57
 DIST atftp-0.7.2.tar.gz 248038 BLAKE2B 3ca44624bf989009c2ebd0ae97927b0784e3c617a79a1bd00212a72a185302cf84f51c8bcda2012981d67cfed4d241b70f8719e78155207608f07a2227e6c437 SHA512 d602bb69451175a36e619abcff412ab1f6d0e7baf8c3f9a2b32081530fbc5816157404b80d42a8b6caa89cc83675b5cbeefcd57a5d98b8f5b43c6254b20ef28b
 EBUILD atftp-0.7.2-r1.ebuild 1454 BLAKE2B 1dd9278366a7bbc136e6f7fcf584a7f52076de01a53cdf2b65e486bd1582c75211cca6e7380ddc8978f3760a369be5b580dfcac99c4d5672e9a86a8478ff8450 SHA512 a7f27b1c0087aceb9f8c4e9e645cc932b9d69faecc0a7d51529f8395017a2a8ea8a25f9a882f2d128fbd0cb4a51b53cc351b2310b12ae207e543047bc32801c0
+EBUILD atftp-0.7.2-r2.ebuild 1499 BLAKE2B e1fedac27e5d2b097d706c3ee99d03df03ad27ad61c4297c83d222f3a5b4c69b1d3b6ee4966622db073d2e18ccde24ebe4e16508bac156e88027d34086faa45b SHA512 de134e6a16c57f253af44b1a53e5c1f849943e52683f06d4945d042cd4c4f1bcd776379fcae0176149395617efe6f2b5ef9d587ccb2f7ab35cf683bde2164a03
+EBUILD atftp-0.7.2-r3.ebuild 1537 BLAKE2B 1e56e24731a2f43d58b6a819c8f561c2669240fc87553d1d187047f0d27303a785828b7d0c976d5eb32d76c2c76c7277158d77369e71d66c0f3ea5315bc81d3c SHA512 0208bfc439df1b605bbdb8aeb5d91fea46c45196cb5417340f636f1c149e606ab06f2eb75c8dd57ee5bdb7b44336ff44eeec7cac282ce0c9622cfd2ad7dc3897
 MISC metadata.xml 418 BLAKE2B 882119fa041eaa33650c5e3efaa440e3ed25056f05dda4667a150a8646f32f620b3479821b0e6c3220541afd811f35b6060127aa58b98e7604fc498536e8c724 SHA512 cff57d66fe14a48905bd9280e15f794a66df58f83fff73290db3dc7a8d2196c5ffba05693d9e8909e3bf710bb05b72e00001747bd9d92379a7cdfc0dbaba57cb
diff --git a/net-ftp/atftp/atftp-0.7.2-r2.ebuild b/net-ftp/atftp/atftp-0.7.2-r2.ebuild
new file mode 100644
index 000000000000..28a0da5d668f
--- /dev/null
+++ b/net-ftp/atftp/atftp-0.7.2-r2.ebuild
@@ -0,0 +1,68 @@
+# Copyright 2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit autotools flag-o-matic systemd
+
+DESCRIPTION="Advanced TFTP implementation client/server"
+HOMEPAGE="https://sourceforge.net/projects/atftp/"
+SRC_URI="mirror://sourceforge/atftp/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="selinux tcpd readline pcre"
+
+DEPEND="tcpd? ( sys-apps/tcp-wrappers )
+	readline? ( sys-libs/readline:0= )
+	pcre? ( dev-libs/libpcre )"
+RDEPEND="${DEPEND}
+	!net-ftp/tftp-hpa
+	!net-ftp/uftpd
+	selinux? ( sec-policy/selinux-tftp )"
+BDEPEND=""
+
+PATCHES=(
+	"${FILESDIR}/${P}-CFLAGS.patch"
+	"${FILESDIR}/${P}-cve-2020-6097.patch"
+)
+
+src_prepare() {
+	append-cppflags -D_REENTRANT -DRATE_CONTROL
+	# fix #561720 by restoring pre-GCC5 inline semantics
+	append-cflags -std=gnu89
+
+	default
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		$(use_enable tcpd libwrap) \
+		$(use_enable readline libreadline) \
+		$(use_enable pcre libpcre) \
+		--enable-mtftp
+}
+
+src_test() {
+	cd "${S}"/test || die
+	# Try to run the tests
+	./test.sh || die
+}
+
+src_install() {
+	default
+
+	newinitd "${FILESDIR}"/atftp.init atftp
+	newconfd "${FILESDIR}"/atftp.confd atftp
+
+	systemd_dounit "${FILESDIR}"/atftp.service
+	systemd_install_serviced "${FILESDIR}"/atftp.service.conf
+
+	dodoc README* BUGS FAQ Changelog INSTALL TODO
+	dodoc "${S}"/docs/*
+
+	docinto test
+	cd "${S}"/test || die
+	dodoc load.sh mtftp.conf pcre_pattern.txt test.sh test_suite.txt
+}
diff --git a/net-ftp/atftp/atftp-0.7.2-r3.ebuild b/net-ftp/atftp/atftp-0.7.2-r3.ebuild
new file mode 100644
index 000000000000..0b2c1e633f95
--- /dev/null
+++ b/net-ftp/atftp/atftp-0.7.2-r3.ebuild
@@ -0,0 +1,69 @@
+# Copyright 2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit autotools flag-o-matic systemd
+
+DESCRIPTION="Advanced TFTP implementation client/server"
+HOMEPAGE="https://sourceforge.net/projects/atftp/"
+SRC_URI="mirror://sourceforge/atftp/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="selinux tcpd readline pcre"
+
+DEPEND="tcpd? ( sys-apps/tcp-wrappers )
+	readline? ( sys-libs/readline:0= )
+	pcre? ( dev-libs/libpcre )"
+RDEPEND="${DEPEND}
+	!net-ftp/tftp-hpa
+	!net-ftp/uftpd
+	selinux? ( sec-policy/selinux-tftp )"
+BDEPEND=""
+
+PATCHES=(
+	"${FILESDIR}/${P}-CFLAGS.patch"
+	"${FILESDIR}/${P}-cve-2020-6097.patch"
+	"${FILESDIR}/${P}-fewer_seeks.patch"
+)
+
+src_prepare() {
+	append-cppflags -D_REENTRANT -DRATE_CONTROL
+	# fix #561720 by restoring pre-GCC5 inline semantics
+	append-cflags -std=gnu89
+
+	default
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		$(use_enable tcpd libwrap) \
+		$(use_enable readline libreadline) \
+		$(use_enable pcre libpcre) \
+		--enable-mtftp
+}
+
+src_test() {
+	cd "${S}"/test || die
+	# Try to run the tests
+	./test.sh || die
+}
+
+src_install() {
+	default
+
+	newinitd "${FILESDIR}"/atftp.init atftp
+	newconfd "${FILESDIR}"/atftp.confd atftp
+
+	systemd_dounit "${FILESDIR}"/atftp.service
+	systemd_install_serviced "${FILESDIR}"/atftp.service.conf
+
+	dodoc README* BUGS FAQ Changelog INSTALL TODO
+	dodoc "${S}"/docs/*
+
+	docinto test
+	cd "${S}"/test || die
+	dodoc load.sh mtftp.conf pcre_pattern.txt test.sh test_suite.txt
+}
diff --git a/net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch b/net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch
new file mode 100644
index 000000000000..5130d0086432
--- /dev/null
+++ b/net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch
@@ -0,0 +1,92 @@
+commit 96409ef3b9ca061f9527cfaafa778105cf15d994
+Author: Peter Kaestle <peter.kaestle@nokia.com>
+Date:   Wed Oct 14 14:02:41 2020 +0200
+
+    Fix for DoS issue CVE-2020-6097
+    
+    "sockaddr_print_addr" of tftpd can be triggered remotely to call
+    assert(), which will crash the tftpd daemon.  See:
+    https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
+    
+    "sockaddr_print_addr" originaly had two features:
+    1) returning pointer to string of the incoming ip address
+    2) checking whether ss_family of the connection is supported
+    
+    To fix the issue, a separate function "sockaddr_family_supported" is
+    used to take care of 2) and "sockaddr_print_addr" returns an error
+    message string for unsupported cases when using 1) insert of calling
+    assert().
+
+diff --git a/tftp_def.c b/tftp_def.c
+index d457c2a..428a930 100644
+--- a/tftp_def.c
++++ b/tftp_def.c
+@@ -180,6 +180,15 @@ int Gethostbyname(char *addr, struct hostent *host)
+      return OK;
+ }
+ 
++int
++sockaddr_family_supported(const struct sockaddr_storage *ss)
++{
++     if (ss->ss_family == AF_INET || ss->ss_family == AF_INET6)
++          return 1;
++     else
++          return 0;
++}
++
+ char *
+ sockaddr_print_addr(const struct sockaddr_storage *ss, char *buf, size_t len)
+ {
+@@ -189,7 +198,7 @@ sockaddr_print_addr(const struct sockaddr_storage *ss, char *buf, size_t len)
+      else if (ss->ss_family == AF_INET6)
+           addr = &((const struct sockaddr_in6 *)ss)->sin6_addr;
+      else
+-          assert(!"sockaddr_print: unsupported address family");
++          return "sockaddr_print: unsupported address family";
+      return (char *)inet_ntop(ss->ss_family, addr, buf, len);
+ }
+ 
+diff --git a/tftp_def.h b/tftp_def.h
+index 0841746..458e310 100644
+--- a/tftp_def.h
++++ b/tftp_def.h
+@@ -54,6 +54,7 @@ int print_eng(double value, char *string, int size, char *format);
+ inline char *Strncpy(char *to, const char *from, size_t size);
+ int Gethostbyname(char *addr, struct hostent *host);
+ 
++int sockaddr_family_supported(const struct sockaddr_storage *ss);
+ char *sockaddr_print_addr(const struct sockaddr_storage *, char *, size_t);
+ #define SOCKADDR_PRINT_ADDR_LEN INET6_ADDRSTRLEN
+ uint16_t sockaddr_get_port(const struct sockaddr_storage *);
+diff --git a/tftpd.c b/tftpd.c
+index 0b6f6a5..a7561a5 100644
+--- a/tftpd.c
++++ b/tftpd.c
+@@ -644,6 +644,11 @@ void *tftpd_receive_request(void *arg)
+      }
+ 
+ #ifdef HAVE_WRAP
++     if (!abort && !sockaddr_family_supported(&data->client_info->client))
++     {
++          logger(LOG_ERR, "Connection from unsupported network address family refused");
++          abort = 1;
++     }
+      if (!abort)
+      {
+           /* Verify the client has access. We don't look for the name but
+diff --git a/tftpd_mtftp.c b/tftpd_mtftp.c
+index d420d10..0032905 100644
+--- a/tftpd_mtftp.c
++++ b/tftpd_mtftp.c
+@@ -393,6 +393,11 @@ void *tftpd_mtftp_server(void *arg)
+                                         &data_size, data->data_buffer);
+ 
+ #ifdef HAVE_WRAP
++               if (!sockaddr_family_supported(&sa))
++               {
++                    logger(LOG_ERR, "mtftp: Connection from unsupported network address family refused");
++                    continue;
++               }
+                /* Verify the client has access. We don't look for the name but
+                   rely only on the IP address for that. */
+                sockaddr_print_addr(&sa, addr_str, sizeof(addr_str));
diff --git a/net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch b/net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch
new file mode 100644
index 000000000000..78926b94b9f7
--- /dev/null
+++ b/net-ftp/atftp/files/atftp-0.7.2-fewer_seeks.patch
@@ -0,0 +1,38 @@
+<F28>diff -U8 atftp-0.7.2/tftp_io.c /var/tmp/portage/net-ftp/atftp-0.7.2-r1/work/atftp-0.7.2/tftp_io.c
+--- atftp-0.7.2/tftp_io.c	2019-04-14 17:38:55.000000000 -0500
++++ /var/tmp/portage/net-ftp/atftp-0.7.2-r1/work/atftp-0.7.2/tftp_io.c	2020-03-16 12:55:22.371820662 -0500
+@@ -439,26 +439,32 @@
+ }
+ 
+ /*
+  * Write to file and do netascii conversion if needed
+  */
+ int tftp_file_write(FILE *fp, char *data_buffer, int data_buffer_size, long block_number, int data_size,
+                     int convert, long *prev_block_number, int *temp)
+ {
++     static long filepos;
+      int bytes_written;
+      int c;
+      char prevchar = *temp;
+ 
+      if (!convert)
+      {
+ 	  /* Simple case, just seek and write */
+-          if (fseek(fp, (block_number - 1) * data_buffer_size, SEEK_SET) != 0)
+-	      return 0;
++          long position = (block_number - 1)*data_buffer_size;
++          if (position != filepos)
++               if (fseek(fp, position, SEEK_SET) != 0)
++                    return 0;
++               else
++                    filepos = position;
+ 	  bytes_written = fwrite(data_buffer, 1, data_size, fp);
++          filepos += bytes_written;
+      }
+      else if (block_number != *prev_block_number)
+      {
+ 	  /* 
+ 	   * Same principle than for reading, but simpler since when client
+            * send same block twice there is no need to rewrite it to the
+            * file
+ 	   */
-- 
cgit v1.2.3