| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| fix-version.patch | Fix version string. | Andreas B. Mundt <andi@debian.org> | yes | 2022-09-07 | ||
| listen-IPv6.patch | Enable listening on IPv6 | Kasparek Tomas <kasparek@fit.vutbr.cz> | no | 2024-05-29 | ||
| initialize-buffer.patch | Fix uninitialized buffer data. atftp autopkgtest fails to run when running against glibc 2.39. After investigation, it appears to be due to the "to" variable in tftpd_receive_request() to contain uninitialized values, as a consequence of removing the initialization in #613582. When using glibc 2.39, the values on the stack from which the "to" variable is allocated seems to have different values. The issue also seems to have been triggered by #1070683 and the listen-IPv6.patch. |
Aurelien Jarno <aurel32@debian.org> | no | 2024-06-21 | ||
| fortify-lto.patch | Fix fortify abort when LTO is enabled Usually the Strncpy call in tftp_send_error cannot be inlined, but if LTO is enabled GCC will inline it all the way to a strncpy call. This call is subject to fortification checks and will always fail because `th_msg` has zero size. . Fix by using memcpy instead. memcpy has weaker fortification rules for structure members so it won't abort. . See: https://sourceware.org/pipermail/libc-alpha/2012-April/028823.html And: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52944 |
James Cowgill <jcowgill@debian.org> | no |