| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 001-from_hamm.diff | Patching recovered from linux-ftpd_0.17-13.diff.gz and Rainer Weikusat | Herbert Xu <herbert@debian.org> | no | 2002-02-09 | ||
| 002-from_sarge.diff | Patches taken from linux-ftpd_0.17-20sarge2.diff.gz. Difference constructed against linux-ftpd_0.17-13.diff.gz. Robert Millan <rmh@debian.org> Alberto Gonzalez Iniesta <agi@inittab.org> diff -u linux-ftpd-0.17/ftpd/ftpcmd.y linux-ftpd-0.17/ftpd/ftpcmd.y |
Herber Xu <herbert@debian.org> | no | 2006-09-25 | ||
| 003-from_etch.diff | Patches recovered from linux-ftpd_0.17-23.diff.gz. Interdiff against linux-ftpd_0.17-20sarge2.diff.gz. and Andreas Jochens. diff -u linux-ftpd-0.17/ftpd/ftpcmd.y linux-ftpd-0.17/ftpd/ftpcmd.y |
Alberto Gonzalaez Iniesta <agi@inittab> | no | 2006-11-25 | ||
| 010-ftpd_csrf.diff | Fix cross-site request forgery (CSRF) attacks. | Ian Beckwith <ianb@erislabs.net> | no | 2008-10-17 | ||
| 016-family_independence.diff | Make the TCP transport code independent of address family. Make sure to eliminate as much outdated dependency on AF_INET, even before migrating to true support for AF_INET6. . 1. Rewrite dolog() and check_host(). . 2. Eliminate inet_ntoa(), gethostbyname(), gethostbyaddr(). . 3. Introduce helper functions get_port() and set_port() in order to hide family dependency, as well as representation in network byte order. This isolates use of ntohs() and htons() to the above two functions, with a single exception. . 4. Make sure that the daemon initialization depends only on a single AF_INET used for getaddrinfo(). This will later be replaced by AF_UNSPEC. . 5. Make name and address lookup in main() independent of address family. . 6. Reconstruct passive() to inherit address family from the controlling socket, then building the listening socket in an address independent manner. . 7. Let statcmd() and passive() report on IPv6 sockets using the EPSV semantics '(|||portnum|)'. . 8. Let the parser in ftpcmd.y use getaddrinfo() with NI_NUMERICHOST when constructing the IP-address, instead of manipulating byte fields. Likewise, hide port extraction in get_port(). which is in use by the OpenBSD strand of this software. |
Mats Erik Andersson <debian@gisladisker.se> | not-needed | 2010-04-30 | ||
| 020-support_ipv6.diff | Activate support for IPv6 transport. This patch supplies working services for: . 1. Mixed IPv4 and IPv6 in inetd mode. . 2. Mixed IPv4 and IPv6 in standalone daemon mode. . 3. Selectable options '-4' and '-6' to activate a single address family. . 4. Registration in wtmp of the caller's address structure. This field in 'struct utmp' was earlier ignored, as it it an extension particular to Linux. . 5. Implementation of ABOR for use in idle state. . 6. Conversion of second time length in case a compatibility layer between 32 bits and 64 bits are in effect. . Testing was performed using xinetd and net.ipv6.bindv6only=1, on architectures i386 and amd64. which is in use by the OpenBSD strand of this software. |
Mats Erik Andersson <debian@gisladisker.se> | not-needed | 2011-04-06 | ||
| 024-failing_va_list.diff | Reinitialize variable argument list for vsyslog(). The use of vprintf(fmt, ap) leaves the second argument in an undefined state after execution. On a system using the amd64 architecture, this leads consistently to segmentation faults. The solution is to insert the required initialization before the call to vsyslog(). |
Mats Erik Andersson <debian@gisladisker.se> | no | 2010-05-09 | ||
| 026-support_glibc_bsd_and_gnu.diff | Implement changes to support GNU/Hurd and GNU/kfreebsd. Several conditionals on '__linux__' are altered to react identical to '__GLIBC__' and '__GNU__'. This should produce working code also for the Debian ports GNU/kfreebsd and GNU/Hurd. . GNU/kfreebsd uses distinct options IP_PORTRANGE and IPV6_PORTRANGE depending on address family. . Use IP_TOS only for IPv4 when compiling for non-Linux. |
Mats Erik Andersson <debian@gisladisker.se> | not-needed | 2010-05-25 | ||
| 030-manpage_typos.diff | Spelling error in manual page. | Alberto Gonzalez Iniesta <agi@inittab.org> | not-needed | 2010-07-08 | ||
| 044-support_gnu_hurd.diff | Support GNU/Hurd. Since MAXPATHLEN and MAXHOSTNAMELEN are not prescribed by POSIX, GNU/Hurd need not specify these. Thus they are now assigned the default values as used on BSD systems. |
Mats Erik Andersson <debian@gisladisker.se> | no | 2012-03-29 | ||
| 500-ssl.diff | Base SSL patch The original ssl patch, modified to apply to debian's linux-ftpd package. | Tim Hudson <tjh@cryptsoft.com> | not-needed | ftp://ftp.uni-mainz.de/pub/software/security/ssl/SSL-MZapps/linux-ftpd-0.17+ssl-0.3.diff.gz | 2015-06-11 | |
| 510-old_patches.diff | Patches up to linux-ftpd-ssl 0.17.18+0.3-3 Cai Qian <caiqian@gnome.org> and probably others =================================================================== |
Christoph Martin <christoph.martin@uni-mainz.de> | no | 2010-06-09 | ||
| 520-CVE-2005-3524.diff | Fix CVE-2005-3524 - a remotely exploitable buffer overflow. =================================================================== |
James Longstreet <jlongs2@uic.edu> | no | debian | ||
| 530-CVE-2007-6263.diff | Fix CVE-2007-6263 - remote denial of service =================================================================== |
Nico Golde <nion@debian.org> | no | debian | ||
| 540-docs.diff | Document SSL options in manpage, fix typo =================================================================== |
Ian Beckwith <ianb@debian.org> | no | |||
| 550-fix_warnings.diff | Fix all warnings in source =================================================================== |
Ian Beckwith <ianb@debian.org> | no | |||
| 560-set_default_key_and_cert.diff | Set default SSL key/cert file to /etc/ftpd-ssl/ftpd.pem =================================================================== |
Ian Beckwith <ianb@debian.org> | no | |||
| 570-redirect_ssl_output.diff | Missing use of SSL protected stream. The commands HELP and STAT are not directing all their output via the SSL mechanisms, instead sending data to stdout. This appears as data loss to the client, or as errors during SSL protected transmission. . Four particular problem cases are notable: * STAT * STAT path * HELP * HELP SITE |
Mats Erik Andersson <debian@gisladisker.se> | no | debian | 2015-01-06 | |
| 580-recent_libssl.diff | Make possible builds with libssl of version 1.1.0. Protected access to an opaque structure was made mandatory in version 1.1.0 of libssl. |
Mats Erik Andersson <debian@gisladisker.se> | not-needed | 2017-01-16 | ||
| 600-better_conformity.diff | Better contemporary TLS abilities. The commands PBSZ, PROT and CCC are implemented to the minimal extent needed to fulfill RFC 2228 in the sense of negotiating with a client. Thereby 'AUTH TLS' and 'AUTH SSL' are treated correctly. A client call like 'curl --ftp-ssl' is now successfully handled. 'Minimal' means in particular that the protected mode 'PROT P' is the only supported level for data exchange, once SSL handshaking is complete. . There are new SSL options, or corrected to be functional: 'debug=file', 'cipher=list', 'cacert=file', 'key=file', and 'certrequired'. The CA list collected from 'cacert=file' will be sent to the client, which is useful for advanced client software. . The option 'cert=file' reads a complete chain of certificates, which together with 'cacert=file' makes the whole spectrum of verification via 'verify=num' available. Either of 'certsok' and 'certrequired' will set SSL_VERIFY_PEER, and 'certrequired' will also set SSL_VERIFY_FAIL_IF_NO_PEER_CERT. . A temporary SSL option 'legacy' activates an ugly work around during verification, controlled by SSL_VERIFY_FAIL_IF_NO_PEER_CERT. This quirk was present in the legacy patch set, but should not be used with the new ability to read chains and CA lists. Its introduction should only be seen as a step in the transition to contemporary standards. . Include SSL_OP_NO_SSLv2 when setting library options. . Much effort has gone into sensible and helpful messages during SSL debug. . TODO: Autologin based on 'certsok' could be considered in SSL-only mode, or in secure mode. Presently the PAM code only is able to emit debug messages as to whether certsok would accept or reject the claimed username for a corresponding subject identifier. . diff -Naurp linux-ftpd-0.17.debian/ftpd/ftpcmd.y linux-ftpd-0.17/ftpd/ftpcmd.y |
Mats Erik Andersson <debian@gisladisker.se> | not-needed | 2017-01-24 | ||
| use-cmake-as-buildsystem.patch | Use cmake as build system | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | no | debian | 2019-02-24 | |
| use-cmake-as-buildsystem-debian-extras.patch | Debian-specific changes to the cmake build system | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | not-needed | 2019-02-24 |