Package: netkit-ftp-ssl / 0.17.34+0.2-4

Metadata

Package Version Patches format
netkit-ftp-ssl 0.17.34+0.2-4 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
010_patches_in_sarge.diff | (download)

ftp/Makefile | 2 1 + 1 - 0 !
ftp/cmds.c | 514 329 + 185 - 0 !
ftp/cmds.h | 1 1 + 0 - 0 !
ftp/cmdtab.c | 2 2 + 0 - 0 !
ftp/domacro.c | 41 33 + 8 - 0 !
ftp/ftp.1 | 17 14 + 3 - 0 !
ftp/ftp.c | 614 371 + 243 - 0 !
ftp/ftp_var.h | 7 4 + 3 - 0 !
ftp/main.c | 155 124 + 31 - 0 !
ftp/main.h | 20 20 + 0 - 0 !
ftp/netrc.5 | 4 3 + 1 - 0 !
ftp/ruserpass.c | 10 4 + 6 - 0 !
12 files changed, 906 insertions(+), 481 deletions(-)

 source patches applied to release sarge.
 Multiple patches.
020_optional_stripping.diff | (download)

ftp/Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 hard coded stripping behaviour.
 Remove explicit stripping from makefile target.
X-Closes: #437615
025_long_cmd_overflow.diff | (download)

ftp/main.c | 16 15 + 1 - 0 !
1 file changed, 15 insertions(+), 1 deletion(-)

 buffer overflow caused by long commands.
 Allocate a sufficient amount of memory to handle
 many arguments.
X-Closes: #391207, #407924
030_argv_handling.diff | (download)

ftp/main.c | 30 14 + 16 - 0 !
1 file changed, 14 insertions(+), 16 deletions(-)

 multiple flaws in ftp/main.c.
 There are several flaws in the current code of the makeargv function
 in ftp/main.c. It certainly errs, but not on the side of caution.
 .
 1. The 'count' variable is supposed to count the number of arguments on
 the command line. In fact it counts the number of arguments less one, so
 malloc is often called with an argument of zero.
 .
 2. The argument to malloc is completely wrong. Space needs to be
 reserved for a certain number of pointers; the length of the command
 line string is irrelevant.
 .
 3. The slurpstring parsing function accepts both space and tab as
 delimiters. The 'count' variable is calculated assuming spaces only.
 .
 4. It appears to me that the memory allocated for rargv is never freed,
 leading to a memory leak. I may be wrong about this, and I do not know
 the code well enough to suggest where the free should take place if it
 does not happen already. My patch does not address this.
 .
 Attempting to count parameters in advance is not the best solution in
 my opinion. It is duplicating part of the effort of slurpstring.
 My preference would have been to allocate memory for 20 pointers, as in
 the original code, then realloc() for a larger size if more than 20
 parameters are returned from slurpstring.
X-Closes: Closes #508378, #505533, #510009
035_lintian_pedantic.diff | (download)

ftp/cmds.c | 2 1 + 1 - 0 !
ftp/ftp.1 | 10 5 + 5 - 0 !
2 files changed, 6 insertions(+), 6 deletions(-)

 pedantic complaits by lintian.
 Spelling in ftp/ftp.1 and ftp/cmds.c.
 .
 Incorrect use of hyphenation in ftp/ftp.1.
040_ipv6_ftp_c.diff | (download)

ftp/ftp.c | 320 236 + 84 - 0 !
1 file changed, 236 insertions(+), 84 deletions(-)

 impose ipv6-capacities on ftp.c.
 Super structure 'struct sockaddr_storage' is replacing 'struct sockaddr_in'
 .
 For peer address strings, a first try aims at IPv4. That failing, next
 try is for IPv6, and ultimatively a host lookup follows as last resort.
 .
 Use a SIGALRM mechanism to decrease the default TCP handshake timeout
 to a value better suited for interactive use. The macro can be set
 externally to change the suggested FTP_CONNECT_TIMEOUT=10
 .
 Use a command EPSV with explicit request for IPv6 address family as soon
 as parsing concluded that the control socket is using IPv6.
 .
 Make IP_TOS conditioned on AF_INET.
041_user_address_commands.diff | (download)

ftp/cmds.c | 36 36 + 0 - 0 !
ftp/cmds.h | 3 3 + 0 - 0 !
ftp/cmdtab.c | 6 6 + 0 - 0 !
ftp/ftp.1 | 14 12 + 2 - 0 !
ftp/ftp.c | 2 1 + 1 - 0 !
ftp/ftp_var.h | 1 1 + 0 - 0 !
ftp/main.c | 13 12 + 1 - 0 !
7 files changed, 71 insertions(+), 4 deletions(-)

 improve user interface with address family selection.
 Implement command line options for selecting IPv4 or IPv6.
 .
 Implement runtime command 'ipany', 'ipv4', and 'ipv6'.
 These allow repeatedly new selection of addressing mode.
043_tune_non_autologin.diff | (download)

ftp/cmds.c | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 only use implicit syst with auto-login.
 Not every server, nor every ftp-proxy server, is able
 to reply to a SYST command before the user has logged in.
 .
 Do not execute 'dosyst()' in a situation where the user
 has asked for overriding auto-login. In other words,
 execute both of 'dologin()' and 'dosyst()', or execute
 none of them, depending on AUTOLOGIN.
Bug-Debian: http://bugs.debian.org/611284
050_support_gnu_hurd.diff | (download)

ftp/cmds.c | 10 5 + 5 - 0 !
ftp/ftp_var.h | 18 18 + 0 - 0 !
2 files changed, 23 insertions(+), 5 deletions(-)

 support gnu/hurd
 Add fall-back macro definitions for PATH_MAX,
 MAXPATHLEN, and MAXHOSTNAMELEN, all of which are
 not specified by POSIX, hence are legally missing
 for GNU/Hurd.
 .
 Replace a few uses of these macros by "sizeof()",
 in order to improve robustness of their value.
 Since PATH_MAX and MAXPATHLEN are implicitly
 assumed to be equal.
052_no_termcap_linking.diff | (download)

configure | 114 57 + 57 - 0 !
ftp/Makefile | 2 1 + 1 - 0 !
2 files changed, 58 insertions(+), 58 deletions(-)

 remove explicit termcap linking.
 Present day libreadline includes all needed
 linking with libtinfo, so no explicit linking
 either with libncurses or libtermcap is needed.
060_full_offset_range.diff | (download)

ftp/ftp.c | 11 6 + 5 - 0 !
1 file changed, 6 insertions(+), 5 deletions(-)

 use full offset range.
 On 32-bit systems, the coding of offset values
 as `off_t', i.e., of 64 bit length, was incomplete.
 Replacing fseek() with fseeko() achieves the intended
 offset ranges.
Bug-Debian: http://bugs.debian.org/671873
070_hash_increments.diff | (download)

ftp/cmds.c | 39 34 + 5 - 0 !
ftp/cmds.h | 2 1 + 1 - 0 !
ftp/cmdtab.c | 2 1 + 1 - 0 !
ftp/ftp.1 | 16 11 + 5 - 0 !
ftp/ftp.c | 41 27 + 14 - 0 !
ftp/ftp_var.h | 1 1 + 0 - 0 !
6 files changed, 75 insertions(+), 26 deletions(-)

 changeable increment between hash markings.
 Modify the source of the command "hash" to take an optional
 argument specifying the block size to be used when generating
 hash markings during transmission. The toggle action is taken
 only when no argument is present.
 .
 Also allow conventional shorthand notation like "32k", "5M",
 and "2G" for simplified arithmetic!
 .
 The related command "tick" is changed to use an increment
 of ten times the step used by "hash".  This fits the previous
 sizes of 10240 and 1024, respectively, in legacy code.
 .
 In the report summary, adaptively print transfer rate in
 either kB/s or MB/s.
 .
 A very old printing issue, present in the original source,
 is a missing CRLF after the very last "tick" counter, causing
 the final byte counter to be displayed by status string "226"
 without any separating character.
Bug-Debian: http://bugs.debian.org/731670
 http://bugs.debian.org/754065
500_ssl.diff | (download)

ftp/Makefile | 3 3 + 0 - 0 !
ftp/cmds.c | 26 26 + 0 - 0 !
ftp/ftp.1 | 46 46 + 0 - 0 !
ftp/ftp.c | 367 345 + 22 - 0 !
ftp/ftp_var.h | 3 3 + 0 - 0 !
ftp/main.c | 133 133 + 0 - 0 !
ftp/ssl_port.h | 85 85 + 0 - 0 !
ftp/sslapp.c | 186 186 + 0 - 0 !
ftp/sslapp.h | 63 63 + 0 - 0 !
9 files changed, 890 insertions(+), 22 deletions(-)

 base ssl patch
 The original ssl patch, lightly modified to apply to debian's
 netkit-ftp 0.17
510_fix_ssl_auth_response.diff | (download)

ftp/ftp.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix auth ssl response handling
 Accept COMPLETE (234) as well as CONTINUE (334)
 See Debian bug #168762 for full details.
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=168762
520_check_ssl_new.diff | (download)

ftp/ftp.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 check return code of ssl_new()
  Origin unknown, comes from netkit-ftp-ssl 0.17.12+0.2-6 or earlier
530_move_interrupt_handler.diff | (download)

ftp/main.c | 16 8 + 8 - 0 !
1 file changed, 8 insertions(+), 8 deletions(-)

 install interrupt handler before initializing ssl
  Origin unknown, comes from netkit-ftp-ssl 0.17.12+0.2-6 or earlier
540_tls.diff | (download)

ftp/ftp.c | 16 16 + 0 - 0 !
1 file changed, 16 insertions(+)

 support tls authentication and (optional) data connection encryption
 Netkit-ftp-ssl now supports TLS authentication and (optional) data
 connection encryption according to
 http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-16.txt .
 .
 The default is to fall back to insecure authentication if AUTH TLS is not
 supported by the server to match the current behaviour of the AUTH SSL code.
 .
 If you specify "-z secure", then encryption of both the control and the data
 connection are required.
550_doc_fixes.diff | (download)

ftp/ftp.1 | 44 32 + 12 - 0 !
1 file changed, 32 insertions(+), 12 deletions(-)

 man page improvements
 Document SSL options in synopsis, and fix groff errors.
 For groff error report (only), see #250587.
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=250587
560_hurd.diff | (download)

ftp/ftp_var.h | 4 4 + 0 - 0 !
ftp/main.h | 13 13 + 0 - 0 !
2 files changed, 17 insertions(+)

 definitions needed by hurd port
 There is no PATH_MAX, MAXPATHLEN or MAXHOSTNAMELEN in GNU/Hurd, so
 this package does not compile from source.
 .
 The "right" fix for this would be to modify the program so that no
 PATH_MAX is assumed (doing dynamic allocation of the required space),
 but for now this patch should be enough:
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=218336
570_fix_warnings.diff | (download)

ftp/ftp.c | 12 10 + 2 - 0 !
ftp/main.c | 23 14 + 9 - 0 !
ftp/ssl_port.h | 1 1 + 0 - 0 !
ftp/sslapp.c | 4 2 + 2 - 0 !
ftp/sslapp.h | 1 1 + 0 - 0 !
5 files changed, 28 insertions(+), 13 deletions(-)

 fix various warnings
  some trivial, some (like the sprintf fix) are actual bugs
580_ssl_fflush.diff | (download)

ftp/ftp.c | 18 10 + 8 - 0 !
1 file changed, 10 insertions(+), 8 deletions(-)

 use ssl-specific macros to wrap fflush and putc
  Origin unknown, first appeared in netkit-ftp-ssl 0.17.12+0.2
  somewhere between -1 and -6
  Author unknown, probably Christoph Martin <christoph.martin@uni-mainz.de>
590_fix_ssl_without_autologin.diff | (download)

ftp/cmds.c | 4 4 + 0 - 0 !
ftp/ftp.c | 34 19 + 15 - 0 !
ftp/sslapp.h | 1 1 + 0 - 0 !
3 files changed, 24 insertions(+), 15 deletions(-)

 fix ssl without autologin (-n)
 Initialize SSL even when -n is used.
 Also enforce -z secure when logging in with USER command.
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450723
600_fix_passive_mode.diff | (download)

ftp/ftp.c | 31 15 + 16 - 0 !
1 file changed, 15 insertions(+), 16 deletions(-)

 fix passive mode when ssl is enabled
  Origin/Author unknown. From netkit-telnet-ssl 0.17.9+0.2-3:
  * fix broken passive mode while SSL is enabled (thanks to Stefan Esser
    <sesser@php.net>)
610_usage.diff | (download)

ftp/main.c | 38 27 + 11 - 0 !
1 file changed, 27 insertions(+), 11 deletions(-)

 include ssl options in ftp -h output
620_enforce_ssl_in_user_cmd.diff | (download)

ftp/cmds.c | 6 6 + 0 - 0 !
ftp/ftp.c | 5 4 + 1 - 0 !
ftp/sslapp.h | 2 2 + 0 - 0 !
3 files changed, 12 insertions(+), 1 deletion(-)

 enforce -z secure when logging in with user command
630_fix_ z_segfault.diff | (download)

ftp/main.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 fix segfault when -z is given with no following args
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506137
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/netkit-ftp-ssl/+bug/184626
640_use_editline.diff | (download)

configure | 30 28 + 2 - 0 !
ftp/Makefile | 5 5 + 0 - 0 !
ftp/cmds.c | 8 6 + 2 - 0 !
ftp/main.c | 8 6 + 2 - 0 !
ftp/main.h | 8 8 + 0 - 0 !
5 files changed, 53 insertions(+), 6 deletions(-)

 use editline instead of readline
 netkit-ftp-ssl links against openssl, which is incompatible with
 the GPL. Unfortunately readline is GPLed, so link to editline
 (BSD licensed) instead.
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531822
650_broken_ssl_connection.diff | (download)

ftp/cmds.c | 7 7 + 0 - 0 !
ftp/ftp.c | 3 2 + 1 - 0 !
2 files changed, 9 insertions(+), 1 deletion(-)

 let repeated connections use ssl.
 Only the first connection could use SSL authorization,
 the next could not since the context was insufficiently
 reinitialized.
 .
 Similarly, commands to server resulting in continuation text
 are broken, like "rhelp" and "rstatus".
 of invalid connection context.
Bug-Debian: http://bugs.debian.org/774184
660_hashes_and_ticks.diff | (download)

ftp/ftp.c | 9 7 + 2 - 0 !
1 file changed, 7 insertions(+), 2 deletions(-)

 consistency of hashes and ticks.
 Encrypted retrieval of binary files did not implement variable
 size for hash marking. Also restrict hashes to RETR commands.
 Support for the tick counter was missing altogether!
670_capture_ssl_error.diff | (download)

ftp/ftp.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 broken detection of ssl errors.
 During read of binary data, with active encryption, the detection
 of failed calls with SSL_read() is incomplete.  In addition, the
 external variable 'errno' needs manual setting to EIO for proper
 reporting.
 .
 Important problem analysis of code was contributed by Raphael Astier.
 The issue was identified while investigating report #801948.
700_prefer_tls.diff | (download)

ftp/cmds.c | 45 44 + 1 - 0 !
ftp/ftp.1 | 49 29 + 20 - 0 !
ftp/ftp.c | 121 105 + 16 - 0 !
ftp/main.c | 20 17 + 3 - 0 !
ftp/ssl_port.h | 1 1 + 0 - 0 !
ftp/sslapp.c | 143 128 + 15 - 0 !
ftp/sslapp.h | 1 1 + 0 - 0 !
7 files changed, 325 insertions(+), 55 deletions(-)

 better contemporary abilities.
 Probe AUTH TLS as first authentication, then fall back
 to AUTH SSL.  Still, only protection level P is accepted.
 .
 Implement the claimed SSL option 'cipher=list'.
 .
 Add a new command line argument 'cacert=file', thus making sense
 of SSL verification mode.  Invoke a verification callback when
 running in verify mode, thereby making additional details known
 about the server's certificate chain, but only in verbose mode.
 .
 Include information about the encryption in use when executing
 the internal status command.  This includes identifiers of subject
 and issuer as stated in the server's certificate.
 .
 Replace cluttered error messages produced by the SSL library.
 .
 Report SSL cipher and encrypted data when in verbose mode.
 .
 Update the manual page.
 .
 The source file sslapp.c is synchronized with that of linux-ftpd-ssl.
 .