From cd5be971134be6946e8670ce9fc2d32367a211d5 Mon Sep 17 00:00:00 2001 From: wenyuzifang Date: Thu, 14 Aug 2025 15:00:48 +0800 Subject: [PATCH 1/2] Update code from upstream --- ftp.spec | 31 ++++- netkit-ftp-0.17-acct_ovl.patch | 13 ++ netkit-ftp-0.17-case.patch | 16 +++ netkit-ftp-0.17-chkmalloc.patch | 33 +++++ netkit-ftp-0.17-commands-leaks.patch | 13 ++ netkit-ftp-0.17-data.patch | 24 ++++ netkit-ftp-0.17-linelen-segfault.patch | 23 ++++ netkit-ftp-0.17-longint.patch | 135 ++++++++++++++++++++ netkit-ftp-0.17-remove-nested-include.patch | 18 +++ netkit-ftp-0.17-runique_mget.patch | 13 ++ netkit-ftp-0.17-segv.patch | 82 ++++++++++++ netkit-ftp-0.17-sigseg.patch | 16 +++ netkit-ftp-0.17-size.patch | 12 ++ netkit-ftp-0.17-volatile.patch | 39 ++++++ netkit-ftp-0.17-vsftp165083.patch | 47 +++++++ 15 files changed, 512 insertions(+), 3 deletions(-) create mode 100644 netkit-ftp-0.17-acct_ovl.patch create mode 100644 netkit-ftp-0.17-case.patch create mode 100644 netkit-ftp-0.17-chkmalloc.patch create mode 100644 netkit-ftp-0.17-commands-leaks.patch create mode 100644 netkit-ftp-0.17-data.patch create mode 100644 netkit-ftp-0.17-linelen-segfault.patch create mode 100644 netkit-ftp-0.17-longint.patch create mode 100644 netkit-ftp-0.17-remove-nested-include.patch create mode 100644 netkit-ftp-0.17-runique_mget.patch create mode 100644 netkit-ftp-0.17-segv.patch create mode 100644 netkit-ftp-0.17-sigseg.patch create mode 100644 netkit-ftp-0.17-size.patch create mode 100644 netkit-ftp-0.17-volatile.patch create mode 100644 netkit-ftp-0.17-vsftp165083.patch diff --git a/ftp.spec b/ftp.spec index 0adb339..a17f166 100644 --- a/ftp.spec +++ b/ftp.spec @@ -1,13 +1,14 @@ -%define anolis_release 3 +%define anolis_release 4 Summary: The standard UNIX FTP (File Transfer Protocol) client Name: ftp -Version: 0.17 +Version: 0.17 Release: %{anolis_release}%{dist} License: BSD with advertising URL: http://ftp.linux.org.uk/pub/linux/Networking/netkit Source0: http://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-ftp-%{version}.tar.gz +Source: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-ftp-0.17.tar.gz Patch0001: 0001-PATCH-netkit-ftp-0.17-pre20000412.pasv-security.patch Patch0002: 0002-PATCH-netkit-ftp-0.17-acct.patch @@ -45,6 +46,20 @@ Patch0033: 0033-PATCH-netkit-ftp-0.17-getlogin.patch Patch0034: 0034-PATCH-netkit-ftp-0.17-token.patch Patch0035: 0035-PATCH-netkit-ftp-0.17-linelen-segfault.patch Patch0036: 0036-PATCH-netkit-ftp-0.17-out-of-memory.patch +Patch37: netkit-ftp-0.17-vsftp165083.patch +Patch38: netkit-ftp-0.17-longint.patch +Patch39: netkit-ftp-0.17-data.patch +Patch40: netkit-ftp-0.17-segv.patch +Patch41: netkit-ftp-0.17-chkmalloc.patch +Patch42: netkit-ftp-0.17-commands-leaks.patch +Patch43: netkit-ftp-0.17-runique_mget.patch +Patch44: netkit-ftp-0.17-volatile.patch +Patch45: netkit-ftp-0.17-sigseg.patch +Patch46: netkit-ftp-0.17-case.patch +Patch47: netkit-ftp-0.17-size.patch +Patch48: netkit-ftp-0.17-linelen-segfault.patch +Patch49: netkit-ftp-0.17-remove-nested-include.patch +Patch50: netkit-ftp-0.17-acct_ovl.patch BuildRequires: glibc-devel, readline-devel, ncurses-devel BuildRequires: perl-interpreter, gcc @@ -136,4 +151,14 @@ make INSTALLROOT=${RPM_BUILD_ROOT} install - Optimize spec file * Wed Apr 13 2022 Zhongling He - 0.17-1 -- Init package from upstream v0.17 +- Init package from upstream v0.17* Thu Aug 14 2025 wenyuzifang - 0.17-4 +- Apply patch to prevent client hang during faulty server transfers +- Apply patch to prevent crashes and improve stability when the server closes the connection unexpectedly +- Apply patch to prevent crashes from failed memory allocation and ensure stability +- Apply patch to fix a memory leak and improve resource management +- Prevent crashes, ensure correct behavior during directory listings +- Apply patch to prevent crashes from null pointer fclose calls and improve error handling robustness +- Apply patch to fix incorrect filename handling during mget when name translation is disabled +- Apply patch to prevent buffer overflow, ensure memory safety, and enhance security +- Apply patch to improve compilation reliability, code maintainability, and portability +- Apply patch to prevent buffer overflow and ensure safe string handling in the account command diff --git a/netkit-ftp-0.17-acct_ovl.patch b/netkit-ftp-0.17-acct_ovl.patch new file mode 100644 index 0000000..ebff49c --- /dev/null +++ b/netkit-ftp-0.17-acct_ovl.patch @@ -0,0 +1,13 @@ +diff -up netkit-ftp-0.17/ftp/cmds.c.acct_ovl netkit-ftp-0.17/ftp/cmds.c +--- netkit-ftp-0.17/ftp/cmds.c.acct_ovl 2011-09-09 15:36:36.087956561 +0200 ++++ netkit-ftp-0.17/ftp/cmds.c 2011-09-09 15:41:16.457495370 +0200 +@@ -1837,8 +1837,7 @@ account(int argc, char *argv[]) + while (argc > 1) { + --argc; + ++argv; +- strncat(buf, *argv, sizeof(buf)-strlen(buf)); +- buf[sizeof(buf)-1] = 0; ++ strncat(buf, *argv, sizeof(buf)-strlen(buf)-1); + } + ap = buf; + } diff --git a/netkit-ftp-0.17-case.patch b/netkit-ftp-0.17-case.patch new file mode 100644 index 0000000..a6eb166 --- /dev/null +++ b/netkit-ftp-0.17-case.patch @@ -0,0 +1,16 @@ +diff -up netkit-ftp-0.17/ftp/cmds.c.case netkit-ftp-0.17/ftp/cmds.c +--- netkit-ftp-0.17/ftp/cmds.c.case 2008-04-23 14:52:59.000000000 +0200 ++++ netkit-ftp-0.17/ftp/cmds.c 2008-04-23 14:58:07.000000000 +0200 +@@ -831,8 +831,11 @@ mget(int argc, char **argv) + tp++; + tp2++; + } ++ tp = tmpbuf; ++ } ++ else { ++ tp = cp; + } +- tp = tmpbuf; + } + if (ntflag) { + tp = dotrans(tp); diff --git a/netkit-ftp-0.17-chkmalloc.patch b/netkit-ftp-0.17-chkmalloc.patch new file mode 100644 index 0000000..f9a1210 --- /dev/null +++ b/netkit-ftp-0.17-chkmalloc.patch @@ -0,0 +1,33 @@ +diff -up netkit-ftp-0.17/ftp/ruserpass.c.chkmalloc netkit-ftp-0.17/ftp/ruserpass.c +--- netkit-ftp-0.17/ftp/ruserpass.c.chkmalloc 2008-12-01 11:54:15.000000000 +0100 ++++ netkit-ftp-0.17/ftp/ruserpass.c 2008-12-01 11:56:06.000000000 +0100 +@@ -137,7 +137,8 @@ next: + if (token()) { + if (*aname == 0) { + *aname = malloc((unsigned) strlen(tokval) + 1); +- (void) strcpy(*aname, tokval); ++ if (*aname != NULL) ++ (void) strcpy(*aname, tokval); + } else { + if (strcmp(*aname, tokval)) + goto next; +@@ -158,7 +159,8 @@ next: + } + if (token() && *apass == 0) { + *apass = malloc((unsigned) strlen(tokval) + 1); +- (void) strcpy(*apass, tokval); ++ if (*apass != NULL) ++ (void) strcpy(*apass, tokval); + } + break; + case ACCOUNT: +@@ -170,7 +172,8 @@ next: + } + if (token() && *aacct == 0) { + *aacct = malloc((unsigned) strlen(tokval) + 1); +- (void) strcpy(*aacct, tokval); ++ if (*aacct != NULL) ++ (void) strcpy(*aacct, tokval); + } + break; + case MACDEF: diff --git a/netkit-ftp-0.17-commands-leaks.patch b/netkit-ftp-0.17-commands-leaks.patch new file mode 100644 index 0000000..a2bd264 --- /dev/null +++ b/netkit-ftp-0.17-commands-leaks.patch @@ -0,0 +1,13 @@ +diff -up netkit-ftp-0.17/ftp/cmds.c.orig netkit-ftp-0.17/ftp/cmds.c +--- netkit-ftp-0.17/ftp/cmds.c.orig 2011-09-05 14:41:34.000000000 +0200 ++++ netkit-ftp-0.17/ftp/cmds.c 2011-09-05 14:44:44.000000000 +0200 +@@ -499,6 +499,9 @@ usage: + } + sendrequest(cmd, argv[1], argv[2], + argv[1] != oldargv1 || argv[2] != oldargv2); ++ if (argv[1] != oldargv1) { ++ free(argv[1]); ++ } + } + + void mabort(int); diff --git a/netkit-ftp-0.17-data.patch b/netkit-ftp-0.17-data.patch new file mode 100644 index 0000000..43157f8 --- /dev/null +++ b/netkit-ftp-0.17-data.patch @@ -0,0 +1,24 @@ +--- netkit-ftp-0.17/ftp/ftp.c.data 2005-12-02 15:31:27.000000000 +0100 ++++ netkit-ftp-0.17/ftp/ftp.c 2005-12-02 15:35:46.000000000 +0100 +@@ -1223,6 +1223,7 @@ + static int + initconn(void) + { ++ int rc; + u_char *p, *a; + int result, tmpno = 0; + socklen_t len; +@@ -1240,6 +1241,13 @@ + } + #endif + if (passivemode) { ++ if (data >= 0){ ++ rc = close (data); ++ data = -1; ++ if (rc == -1){ ++ perror ("ftp: close"); ++ } ++ } + data_addr = hisctladdr; + data = socket(data_addr.su_family, SOCK_STREAM, 0); + if (data < 0) { diff --git a/netkit-ftp-0.17-linelen-segfault.patch b/netkit-ftp-0.17-linelen-segfault.patch new file mode 100644 index 0000000..a16db58 --- /dev/null +++ b/netkit-ftp-0.17-linelen-segfault.patch @@ -0,0 +1,23 @@ +diff -up netkit-ftp-0.17/ftp/ftp.c.orig netkit-ftp-0.17/ftp/ftp.c +diff -up netkit-ftp-0.17/ftp/ftp_var.h.orig netkit-ftp-0.17/ftp/ftp_var.h +diff -up netkit-ftp-0.17/ftp/main.c.orig netkit-ftp-0.17/ftp/main.c +--- netkit-ftp-0.17/ftp/main.c.orig 2018-09-03 16:49:16.459000000 +0200 ++++ netkit-ftp-0.17/ftp/main.c 2018-09-03 17:00:14.853452345 +0200 +@@ -399,7 +399,7 @@ int slrflag; + char ** + makeargv(int *pargc, char **parg) + { +- static char *rargv[20]; ++ static char *rargv[LINELEN]; + int rargc = 0; + char **argp; + +@@ -407,7 +407,7 @@ makeargv(int *pargc, char **parg) + stringbase = line; /* scan from first of buffer */ + argbase = argbuf; /* store from first of buffer */ + slrflag = 0; +- while ((*argp++ = slurpstring())!=NULL) ++ while ((rargc < LINELEN) && (*argp++ = slurpstring())!=NULL) + rargc++; + + *pargc = rargc; diff --git a/netkit-ftp-0.17-longint.patch b/netkit-ftp-0.17-longint.patch new file mode 100644 index 0000000..c7b9f91 --- /dev/null +++ b/netkit-ftp-0.17-longint.patch @@ -0,0 +1,135 @@ +--- netkit-ftp-0.17/ftp/ftp.c.rasold 2005-08-22 14:22:50.000000000 +0200 ++++ netkit-ftp-0.17/ftp/ftp.c 2005-08-22 14:23:02.000000000 +0200 +@@ -139,7 +139,7 @@ + static char *gunique(char *); + static void proxtrans(const char *cmd, char *local, char *remote); + static int initconn(void); +-static void ptransfer(const char *direction, long bytes, ++static void ptransfer(const char *direction, long long bytes, + const struct timeval *t0, + const struct timeval *t1); + static void tvsub(struct timeval *tdiff, +@@ -579,7 +579,7 @@ + int (*volatile closefunc)(FILE *); + void (*volatile oldintr)(int); + void (*volatile oldintp)(int); +- volatile long bytes = 0, hashbytes = HASHBYTES; ++ volatile long long bytes = 0, hashbytes = HASHBYTES; + char buf[BUFSIZ], *bufp; + const char *volatile lmode; + +@@ -713,14 +713,14 @@ + if ((d = write(fileno(dout), bufp, c)) <= 0) + break; + if (hash) { +- while (bytes >= hashbytes) { +- (void) putchar('#'); +- hashbytes += HASHBYTES; +- } +- (void) fflush(stdout); +- } ++ while (bytes >= hashbytes) { /* <-- 'long long' signed overflow is */ ++ (void) putchar('#'); /* possible. In this case, we can */ ++ hashbytes += HASHBYTES; /* 'cycle' there for very long time. */ ++ } /* Search 'hasbytes' in file down, */ ++ (void) fflush(stdout); /* there are similar parts. */ ++ } /* */ + if (tick && (bytes >= hashbytes)) { +- printf("\rBytes transferred: %ld", bytes); ++ printf("\rBytes transferred: %lld", bytes); + (void) fflush(stdout); + while (bytes >= hashbytes) + hashbytes += TICKBYTES; +@@ -733,7 +733,7 @@ + (void) fflush(stdout); + } + if (tick) { +- (void) printf("\rBytes transferred: %ld\n", bytes); ++ (void) printf("\rBytes transferred: %lld\n", bytes); + (void) fflush(stdout); + } + if (c < 0) +@@ -755,7 +755,7 @@ + hashbytes += HASHBYTES; + } + if (tick && (bytes >= hashbytes)) { +- (void) printf("\rBytes transferred: %ld", ++ (void) printf("\rBytes transferred: %lld", + bytes); + (void) fflush(stdout); + while (bytes >= hashbytes) +@@ -780,7 +780,7 @@ + (void) fflush(stdout); + } + if (tick) { +- (void) printf("\rBytes transferred: %ld\n", bytes); ++ (void) printf("\rBytes transferred: %lld\n", bytes); + (void) fflush(stdout); + } + if (ferror(fin)) +@@ -853,9 +853,9 @@ + void (*volatile oldintp)(int); + void (*volatile oldintr)(int); + volatile int is_retr, tcrflag, bare_lfs = 0; +- static unsigned bufsize; ++ static unsigned bufsize=0; + static char *buf; +- volatile long bytes = 0, hashbytes = HASHBYTES; ++ volatile long long bytes = 0, hashbytes = HASHBYTES; + register int c, d; + struct timeval start, stop; + struct stat st; +@@ -1031,7 +1031,7 @@ + (void) fflush(stdout); + } + if (tick && (bytes >= hashbytes) && is_retr) { +- (void) printf("\rBytes transferred: %ld", ++ (void) printf("\rBytes transferred: %lld", + bytes); + (void) fflush(stdout); + while (bytes >= hashbytes) +@@ -1045,7 +1045,7 @@ + (void) fflush(stdout); + } + if (tick && is_retr) { +- (void) printf("\rBytes transferred: %ld\n", bytes); ++ (void) printf("\rBytes transferred: %lld\n", bytes); + (void) fflush(stdout); + } + if (c < 0) { +@@ -1095,7 +1095,7 @@ + hashbytes += HASHBYTES; + } + if (tick && (bytes >= hashbytes) && is_retr) { +- printf("\rBytes transferred: %ld", ++ printf("\rBytes transferred: %lld", + bytes); + fflush(stdout); + while (bytes >= hashbytes) +@@ -1126,7 +1126,7 @@ + (void) fflush(stdout); + } + if (tick && is_retr) { +- (void) printf("\rBytes transferred: %ld\n", bytes); ++ (void) printf("\rBytes transferred: %lld\n", bytes); + (void) fflush(stdout); + } + if (bare_lfs) { +@@ -1540,7 +1540,7 @@ + } + + static void +-ptransfer(const char *direction, long bytes, ++ptransfer(const char *direction, long long bytes, + const struct timeval *t0, + const struct timeval *t1) + { +@@ -1552,7 +1552,7 @@ + s = td.tv_sec + (td.tv_usec / 1000000.); + #define nz(x) ((x) == 0 ? 1 : (x)) + bs = bytes / nz(s); +- printf("%ld bytes %s in %.3g secs (%.2g Kbytes/sec)\n", ++ printf("%lld bytes %s in %.3g secs (%.2g Kbytes/sec)\n", + bytes, direction, s, bs / 1024.0); + } + } diff --git a/netkit-ftp-0.17-remove-nested-include.patch b/netkit-ftp-0.17-remove-nested-include.patch new file mode 100644 index 0000000..97cf136 --- /dev/null +++ b/netkit-ftp-0.17-remove-nested-include.patch @@ -0,0 +1,18 @@ +--- netkit-ftp-0.17/ftp/ftp.c 2012-07-20 07:55:48.545151322 +0200 ++++ netkit-ftp-0.17-new/ftp/ftp.c 2012-07-20 08:05:07.941468914 +0200 +@@ -74,6 +74,7 @@ char ftp_rcsid[] = + #include + #include + #include ++#include + + #include + #include +@@ -820,7 +821,6 @@ sendrequest(const char *cmd, char *local + /* It can be later removed. */ + if (old_code_l == 150 && code == 150 && cpend == 1 + && sunique == 1 && cin != NULL && fileno (cin) >= 0 ) { +- #include + struct pollfd fds_events_l [2] ; + int rc; + diff --git a/netkit-ftp-0.17-runique_mget.patch b/netkit-ftp-0.17-runique_mget.patch new file mode 100644 index 0000000..8ba1152 --- /dev/null +++ b/netkit-ftp-0.17-runique_mget.patch @@ -0,0 +1,13 @@ +--- netkit-ftp-0.17/ftp/ftp.c.runique_mget 2004-12-07 12:05:49.360133092 +0100 ++++ netkit-ftp-0.17/ftp/ftp.c 2004-12-07 12:06:48.480883902 +0100 +@@ -923,7 +923,9 @@ + return; + } + } +- else if (runique && (local = gunique(local)) == NULL) { ++ else if (runique && (strcmp(cmd, "NLST") != 0) && ++ (local = gunique(local)) == NULL) ++ { + (void) signal(SIGINT, oldintr); + code = -1; + return; diff --git a/netkit-ftp-0.17-segv.patch b/netkit-ftp-0.17-segv.patch new file mode 100644 index 0000000..12d5960 --- /dev/null +++ b/netkit-ftp-0.17-segv.patch @@ -0,0 +1,82 @@ +--- netkit-ftp-0.17/ftp/ftp.c.segv 2004-06-14 11:04:38.000000000 -0400 ++++ netkit-ftp-0.17/ftp/ftp.c 2004-06-14 11:06:46.000000000 -0400 +@@ -472,6 +472,8 @@ + return (0); + } + lostpeer(0); ++ fclose(cout); ++ cout = NULL; + if (verbose) { + printf("421 Service not available, remote server has closed connection\n"); + (void) fflush(stdout); +@@ -529,7 +531,14 @@ + cpend = 0; + (void) signal(SIGINT,oldintr); + if (code == 421 || originalcode == 421) ++ { + lostpeer(0); ++ if(cout) ++ { ++ fclose(cout); ++ cout = NULL; ++ } ++ } + if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN) + (*oldintr)(SIGINT); + return (n - '0'); +@@ -1790,6 +1799,11 @@ + if (ptabflg) + code = -1; + lostpeer(0); ++ if(cout != NULL) ++ { ++ fclose(cout); ++ cout = NULL; ++ } + } + (void) getreply(0); + (void) getreply(0); +@@ -1815,6 +1829,11 @@ + perror("reset"); + code = -1; + lostpeer(0); ++ if(cout != NULL) ++ { ++ fclose(cout); ++ cout = NULL; ++ } + } + else if (nfnd) { + (void) getreply(0); +@@ -1897,6 +1916,11 @@ + if (ptabflg) + code = -1; + lostpeer(0); ++ if(cout != NULL) ++ { ++ fclose(cout); ++ cout = NULL; ++ } + } + if (din && FD_ISSET(fileno(din), &mask)) { + while (read(fileno(din), buf, BUFSIZ) > 0) +--- netkit-ftp-0.17/ftp/main.c.segv 2004-06-14 11:03:18.000000000 -0400 ++++ netkit-ftp-0.17/ftp/main.c 2004-06-14 11:03:42.000000000 -0400 +@@ -235,8 +235,6 @@ + if (connected) { + if (cout != NULL) { + shutdown(fileno(cout), 1+1); +- fclose(cout); +- cout = NULL; + } + if (data >= 0) { + shutdown(data, 1+1); +@@ -249,8 +247,6 @@ + if (connected) { + if (cout != NULL) { + shutdown(fileno(cout), 1+1); +- fclose(cout); +- cout = NULL; + } + connected = 0; + } diff --git a/netkit-ftp-0.17-sigseg.patch b/netkit-ftp-0.17-sigseg.patch new file mode 100644 index 0000000..0972eb1 --- /dev/null +++ b/netkit-ftp-0.17-sigseg.patch @@ -0,0 +1,16 @@ +--- netkit-ftp-0.17-orig/ftp/ftp.c 2007-08-06 23:32:49.000000000 +0200 ++++ netkit-ftp-0.17/ftp/ftp.c 2007-08-06 23:31:06.000000000 +0200 +@@ -483,8 +483,10 @@ getreply(int expecteof) + return (0); + } + lostpeer(0); +- fclose(cout); +- cout = NULL; ++ if (cout) { ++ fclose(cout); ++ cout = NULL; ++ } + if (verbose) { + printf("421 Service not available, remote server has closed connection\n"); + (void) fflush(stdout); + diff --git a/netkit-ftp-0.17-size.patch b/netkit-ftp-0.17-size.patch new file mode 100644 index 0000000..22e0806 --- /dev/null +++ b/netkit-ftp-0.17-size.patch @@ -0,0 +1,12 @@ +diff -up netkit-ftp-0.17/ftp/cmds.c.size netkit-ftp-0.17/ftp/cmds.c +--- netkit-ftp-0.17/ftp/cmds.c.size 2007-10-10 14:17:18.000000000 +0200 ++++ netkit-ftp-0.17/ftp/cmds.c 2007-10-10 14:17:18.000000000 +0200 +@@ -1650,6 +1650,8 @@ quote1(const char *initial, int argc, ch + register int i, len; + char buf[BUFSIZ]; /* must be >= sizeof(line) */ + ++ if (strncmp(argv[1],"size",4) == 0) ++ changetype(TYPE_I, 1); + (void) strcpy(buf, initial); + if (argc > 1) { + len = strlen(buf); diff --git a/netkit-ftp-0.17-volatile.patch b/netkit-ftp-0.17-volatile.patch new file mode 100644 index 0000000..e7a3431 --- /dev/null +++ b/netkit-ftp-0.17-volatile.patch @@ -0,0 +1,39 @@ +--- netkit-ftp-0.17/configure.volatile 2004-06-14 12:08:26.000000000 -0400 ++++ netkit-ftp-0.17/configure 2004-06-14 12:52:41.000000000 -0400 +@@ -193,8 +193,8 @@ + cat <__conftest.c + #include + #include +-int count=0; +-void handle(int foo) { count++; } ++volatile int count=0; ++void handle(int foo) { count++; write(1,"X",1);} + int main() { + int pid=getpid(); + signal(SIGINT, handle); +@@ -209,20 +209,20 @@ + if ( + $CC $CFLAGS __conftest.c -o __conftest || exit 1 + ./__conftest || exit 1 +- ) >/dev/null 2>&1; then ++ ); then + echo 'yes' + else + if ( + $CC $CFLAGS -D__USE_BSD_SIGNAL __conftest.c -o __conftest || exit 1 + ./__conftest || exit 1 +- ) >/dev/null 2>&1; then ++ ); then + echo '-D__USE_BSD_SIGNAL' + CFLAGS="$CFLAGS -D__USE_BSD_SIGNAL" + else + echo 'no' +- echo 'This package needs BSD signal semantics to run.' +- rm -f __conftest* +- exit ++ echo '***WARNING***: This package needs BSD signal semantics to run.' ++ echo '***WARNING***: Assuming its just ia64 buildroot breakage.' ++ CFLAGS="$CFLAGS -D__USE_BSD_SIGNAL" + fi + fi + rm -f __conftest* diff --git a/netkit-ftp-0.17-vsftp165083.patch b/netkit-ftp-0.17-vsftp165083.patch new file mode 100644 index 0000000..8dcd905 --- /dev/null +++ b/netkit-ftp-0.17-vsftp165083.patch @@ -0,0 +1,47 @@ +--- netkit-ftp-0.17/ftp/ftp.c.vsftp 2005-08-29 16:07:35.000000000 +0200 ++++ netkit-ftp-0.17/ftp/ftp.c 2005-08-30 10:58:10.000000000 +0200 +@@ -582,6 +582,7 @@ + volatile long long bytes = 0, hashbytes = HASHBYTES; + char buf[BUFSIZ], *bufp; + const char *volatile lmode; ++ int old_code_l; + + if (verbose && printnames) { + if (local && *local != '-') +@@ -799,7 +800,35 @@ + (void) fclose(dout); + /* closes data as well, so discard it */ + data = -1; +- (void) getreply(0); ++ old_code_l = code; ++ (void) getreply(0); ++ ++ /* Following "if" will avoid a bug #165083 in ftp-server */ ++ /* It can be later removed. */ ++ if (old_code_l == 150 && code == 150 && cpend == 1 ++ && sunique == 1 && cin != NULL && fileno (cin) >= 0 ) { ++ #include ++ struct pollfd fds_events_l [2] ; ++ int rc; ++ ++ fds_events_l [0] .fd = fileno (cin); ++ fds_events_l [0] .events = POLLIN | POLLERR | POLLHUP; ++ ++ rc = poll (fds_events_l, 1, 5000); ++ switch (rc) { ++ case 1: ++ (void) getreply (0); ++ break; ++ case 0: ++ fprintf (stderr, "ftp: no answer from ftp-server " ++ "(more than 5 sec).\n"); ++ break; ++ case -1: ++ perror("ftp: poll"); ++ break; ++ } ++ } ++ + (void) signal(SIGINT, oldintr); + if (oldintp) + (void) signal(SIGPIPE, oldintp); -- Gitee From cac138eb8c67a4daeab1509ca02047c44f63ff28 Mon Sep 17 00:00:00 2001 From: wenyuzifang Date: Thu, 14 Aug 2025 22:28:00 +0800 Subject: [PATCH 2/2] Update code from upstream --- ftp.spec | 9 ++++- netkit-ftp-0.17-fdleak.patch | 11 +++++ netkit-ftp-0.17-linelen.patch | 33 +++++++++++++++ netkit-ftp-0.17-printf.patch | 11 +++++ netkit-ftp-0.17-token.patch | 75 +++++++++++++++++++++++++++++++++++ 5 files changed, 137 insertions(+), 2 deletions(-) create mode 100644 netkit-ftp-0.17-fdleak.patch create mode 100644 netkit-ftp-0.17-linelen.patch create mode 100644 netkit-ftp-0.17-printf.patch create mode 100644 netkit-ftp-0.17-token.patch diff --git a/ftp.spec b/ftp.spec index a17f166..48f6022 100644 --- a/ftp.spec +++ b/ftp.spec @@ -1,4 +1,4 @@ -%define anolis_release 4 +%define anolis_release 5 Summary: The standard UNIX FTP (File Transfer Protocol) client Name: ftp @@ -60,6 +60,10 @@ Patch47: netkit-ftp-0.17-size.patch Patch48: netkit-ftp-0.17-linelen-segfault.patch Patch49: netkit-ftp-0.17-remove-nested-include.patch Patch50: netkit-ftp-0.17-acct_ovl.patch +Patch51: netkit-ftp-0.17-token.patch +Patch52: netkit-ftp-0.17-fdleak.patch +Patch53: netkit-ftp-0.17-linelen.patch +Patch54: netkit-ftp-0.17-printf.patch BuildRequires: glibc-devel, readline-devel, ncurses-devel BuildRequires: perl-interpreter, gcc @@ -161,4 +165,5 @@ make INSTALLROOT=${RPM_BUILD_ROOT} install - Apply patch to fix incorrect filename handling during mget when name translation is disabled - Apply patch to prevent buffer overflow, ensure memory safety, and enhance security - Apply patch to improve compilation reliability, code maintainability, and portability -- Apply patch to prevent buffer overflow and ensure safe string handling in the account command +- Apply patch to prevent buffer overflow and ensure safe string handling in the account command* Thu Aug 14 2025 wenyuzifang - 0.17-5 +- Apply patch to ensure type safety, avoid undefined behavior, and improve portability and reliability. diff --git a/netkit-ftp-0.17-fdleak.patch b/netkit-ftp-0.17-fdleak.patch new file mode 100644 index 0000000..0f995c5 --- /dev/null +++ b/netkit-ftp-0.17-fdleak.patch @@ -0,0 +1,11 @@ +diff -up netkit-ftp-0.17/ftp/cmds.c.old netkit-ftp-0.17/ftp/cmds.c +--- netkit-ftp-0.17/ftp/cmds.c.old 2007-10-17 16:28:57.000000000 +0200 ++++ netkit-ftp-0.17/ftp/cmds.c 2007-10-17 16:33:41.000000000 +0200 +@@ -764,6 +764,7 @@ usage: + + recvrequest("RETR", argv[2], argv[1], modestr, + argv[1] != oldargv1 || argv[2] != oldargv2); ++ (void) close(data), data = -1; + restart_point = 0; + return (0); + } diff --git a/netkit-ftp-0.17-linelen.patch b/netkit-ftp-0.17-linelen.patch new file mode 100644 index 0000000..2e80a3f --- /dev/null +++ b/netkit-ftp-0.17-linelen.patch @@ -0,0 +1,33 @@ +--- netkit-ftp-0.17-dist/ftp/ftp_var.h 2012-10-29 10:02:44.455342130 +0100 ++++ netkit-ftp-0.17-new/ftp/ftp_var.h 2012-10-29 10:02:31.292342775 +0100 +@@ -54,6 +54,7 @@ + #define Extern extern + #endif + ++#define LINELEN PATH_MAX+200 + + /* + * Options and other state info. +@@ -109,9 +110,9 @@ Extern int ftp_port; /* htons'd port num + + Extern sigjmp_buf toplevel; /* non-local goto stuff for cmd scanner */ + +-Extern char line[200]; /* input line buffer */ ++Extern char line[LINELEN]; /* input line buffer */ + Extern char *stringbase; /* current scan point in line buffer */ +-Extern char argbuf[200]; /* argument storage buffer */ ++Extern char argbuf[LINELEN]; /* argument storage buffer */ + Extern char *argbase; /* current storage point in arg buffer */ + Extern int cpend; /* flag: if != 0, then pending server reply */ + Extern int mflag; /* flag: if != 0, then active multi command */ +--- netkit-ftp-0.17/ftp/domacro.c 2012-10-29 10:02:44.394342130 +0100 ++++ netkit-ftp-0.17-new/ftp/domacro.c 2012-10-29 10:02:31.292342775 +0100 +@@ -53,7 +53,7 @@ domacro(int argc, char *argv[]) + register int i, j; + register char *cp1, *cp2; + int count = 2, loopflg = 0; +- char line2[200]; ++ char line2[LINELEN]; + struct cmd *c; + + if (argc < 2 && !another(&argc, &argv, "macro name")) { diff --git a/netkit-ftp-0.17-printf.patch b/netkit-ftp-0.17-printf.patch new file mode 100644 index 0000000..2d7ecc4 --- /dev/null +++ b/netkit-ftp-0.17-printf.patch @@ -0,0 +1,11 @@ +--- netkit-ftp-0.17/ftp/cmds.c.printf 2005-05-24 22:12:24.000000000 +0200 ++++ netkit-ftp-0.17/ftp/cmds.c 2005-05-24 22:12:37.000000000 +0200 +@@ -2223,7 +2223,7 @@ + printf("restart: offset not specified\n"); + else { + restart_point = atol(argv[1]); +- printf("restarting at %ld. %s\n", restart_point, ++ printf("restarting at %ld. %s\n", (long)restart_point, + "execute get, put or append to initiate transfer"); + } + } diff --git a/netkit-ftp-0.17-token.patch b/netkit-ftp-0.17-token.patch new file mode 100644 index 0000000..d888300 --- /dev/null +++ b/netkit-ftp-0.17-token.patch @@ -0,0 +1,75 @@ +diff -rup netkit-ftp-0.17/ftp/ruserpass.c netkit-ftp-0.17-new/ftp/ruserpass.c +--- netkit-ftp-0.17/ftp/ruserpass.c 2012-10-29 15:11:10.593841089 +0100 ++++ netkit-ftp-0.17-new/ftp/ruserpass.c 2012-10-29 15:13:14.379822697 +0100 +@@ -58,7 +58,8 @@ static int token(void); + #define ID 10 + #define MACH 11 + +-static char tokval[100]; ++#define MAXTOKENLEN 4096 ++static char tokval[MAXTOKENLEN]; + + static struct toktab { + const char *tokstr; +@@ -249,13 +250,16 @@ bad: + return(-1); + } + +-static ++static + int + token(void) + { + char *cp; + int c; + struct toktab *t; ++ size_t toklen = 0; ++ int showwarn = 1; ++ int quote = 0; + + if (feof(cfile)) + return (0); +@@ -266,20 +270,32 @@ token(void) + return (0); + cp = tokval; + if (c == '"') { +- while ((c = getc(cfile)) != EOF && c != '"') { +- if (c == '\\') +- c = getc(cfile); +- *cp++ = c; +- } +- } else { ++ quote = 1; ++ } ++ else { + *cp++ = c; +- while ((c = getc(cfile)) != EOF +- && c != '\n' && c != '\t' && c != ' ' && c != ',') { +- if (c == '\\') +- c = getc(cfile); +- *cp++ = c; ++ toklen++; ++ } ++ while ((c = getc(cfile)) != EOF) { ++ if (c == '"') ++ break; ++ if (c == '\\') ++ c = getc(cfile); ++ if (!quote && (c == '\n' || c == '\t' || c == ' ' || c == ',')) ++ break; ++ if (toklen >= MAXTOKENLEN) { ++ if (showwarn) { ++ fprintf(stderr, ++ "Warning: .netrc token too long, will be trunctated to %zd characters\n", ++ toklen); ++ showwarn = 0; ++ } ++ continue; + } ++ *cp++ = c; ++ toklen++; + } ++ + *cp = 0; + if (tokval[0] == 0) + return (0); -- Gitee