Debian Patches

Status for netkit-ftp-ssl/0.17.34+really0.17-2

Patch Description Author Forwarded Bugs Origin Last update
010_patches_in_sarge.diff Source patches applied to release Sarge. Multiple patches. Herbert Xu <herbert@debian.org> no 2003-06-29
025_long_cmd_overflow.diff Buffer overflow caused by long commands. Allocate a sufficient amount of memory to handle
many arguments.
Description interpreted from #407924
diff -u netkit-ftp-0.17/ftp/main.c netkit-ftp-0.17/ftp/main.c
Steve Kemp <skx@debian.org> no 2008-03-26
030_argv_handling.diff Multiple flaws in ftp/main.c. There are several flaws in the current code of the makeargv function
in ftp/main.c. It certainly errs, but not on the side of caution.
.
1. The 'count' variable is supposed to count the number of arguments on
the command line. In fact it counts the number of arguments less one, so
malloc is often called with an argument of zero.
.
2. The argument to malloc is completely wrong. Space needs to be
reserved for a certain number of pointers; the length of the command
line string is irrelevant.
.
3. The slurpstring parsing function accepts both space and tab as
delimiters. The 'count' variable is calculated assuming spaces only.
.
4. It appears to me that the memory allocated for rargv is never freed,
leading to a memory leak. I may be wrong about this, and I do not know
the code well enough to suggest where the free should take place if it
does not happen already. My patch does not address this.
.
Attempting to count parameters in advance is not the best solution in
my opinion. It is duplicating part of the effort of slurpstring.
My preference would have been to allocate memory for 20 pointers, as in
the original code, then realloc() for a larger size if more than 20
parameters are returned from slurpstring.
Description collected from #508378
diff -u netkit-ftp-0.17/ftp/main.c netkit-ftp-0.17/ftp/main.c
Mark Calderbank <m.calderbank@iname.com> no 2009-09-14
035_lintian_pedantic.diff Pedantic complaits by lintian. Spelling in ftp/ftp.1 and ftp/cmds.c.
.
Incorrect use of hyphenation in ftp/ftp.1.
Mats Erik Andersson <debian@gisladisker.se> no 2010-02-27
040_ipv6_ftp_c.diff Impose IPv6-capacities on ftp.c. Super structure 'struct sockaddr_storage' is replacing 'struct sockaddr_in'
.
For peer address strings, a first try aims at IPv4. That failing, next
try is for IPv6, and ultimatively a host lookup follows as last resort.
.
Use a SIGALRM mechanism to decrease the default TCP handshake timeout
to a value better suited for interactive use. The macro can be set
externally to change the suggested FTP_CONNECT_TIMEOUT=10
.
Use a command EPSV with explicit request for IPv6 address family as soon
as parsing concluded that the control socket is using IPv6.
.
Make IP_TOS conditioned on AF_INET.
Mats Erik Andersson <debian@gisladisker.se> no 2011-06-17
041_user_address_commands.diff Improve user interface with address family selection. Implement command line options for selecting IPv4 or IPv6.
.
Implement runtime command 'ipany', 'ipv4', and 'ipv6'.
These allow repeatedly new selection of addressing mode.

diff -Nru netkit-ftp-0.17.debian/ftp/cmds.c netkit-ftp-0.17/ftp/cmds.c
Mats Erik Andersson <debian@gisladisker.se> no 2011-04-19
043_tune_non_autologin.diff Only use implicit SYST with auto-login. Not every server, nor every ftp-proxy server, is able
to reply to a SYST command before the user has logged in.
.
Do not execute 'dosyst()' in a situation where the user
has asked for overriding auto-login. In other words,
execute both of 'dologin()' and 'dosyst()', or execute
none of them, depending on AUTOLOGIN.
Mats Erik Andersson not-needed debian 2011-05-23
050_support_gnu_hurd.diff Support GNU/Hurd Add fall-back macro definitions for PATH_MAX,
MAXPATHLEN, and MAXHOSTNAMELEN, all of which are
not specified by POSIX, hence are legally missing
for GNU/Hurd.
.
Replace a few uses of these macros by "sizeof()",
in order to improve robustness of their value.
Since PATH_MAX and MAXPATHLEN are implicitly
assumed to be equal.
Mats Erik Andersson <debian@gisladisker.se> no 2012-03-28
060_full_offset_range.diff Use full offset range. On 32-bit systems, the coding of offset values
as `off_t', i.e., of 64 bit length, was incomplete.
Replacing fseek() with fseeko() achieves the intended
offset ranges.
Mats Erik Andersson, Martin Hicks not-needed debian 2012-05-23
070_hash_increments.diff Changeable increment between hash markings. Modify the source of the command "hash" to take an optional
argument specifying the block size to be used when generating
hash markings during transmission. The toggle action is taken
only when no argument is present.
.
Also allow conventional shorthand notation like "32k", "5M",
and "2G" for simplified arithmetic!
.
The related command "tick" is changed to use an increment
of ten times the step used by "hash". This fits the previous
sizes of 10240 and 1024, respectively, in legacy code.
.
In the report summary, adaptively print transfer rate in
either kB/s or MB/s.
.
A very old printing issue, present in the original source,
is a missing CRLF after the very last "tick" counter, causing
the final byte counter to be displayed by status string "226"
without any separating character.
http://bugs.debian.org/754065
Mats Erik Andersson <debian@gisladisker.se> not-needed debian 2014-07-18
500_ssl.diff Base SSL patch The original ssl patch, lightly modified to apply to debian's
netkit-ftp 0.17
Tim Hudson <tjh@cryptsoft.com> not-needed ftp://ftp.uni-mainz.de/pub/software/security/ssl/SSL-MZapps/netkit-ftp-0.17+ssl-0.2.diff.gz 2014-12-22
510_fix_ssl_auth_response.diff Fix AUTH SSL response handling Accept COMPLETE (234) as well as CONTINUE (334)
See Debian bug #168762 for full details.
James Manning <jmm@sublogic.com> no debian 2010-04-07
520_check_ssl_new.diff Check return code of ssl_NEW() Origin unknown, comes from netkit-ftp-ssl 0.17.12+0.2-6 or earlier no 2010-04-07
530_move_interrupt_handler.diff Install interrupt handler before initializing SSL Origin unknown, comes from netkit-ftp-ssl 0.17.12+0.2-6 or earlier no 2010-04-07
540_tls.diff support TLS authentication and (optional) data connection encryption Netkit-ftp-ssl now supports TLS authentication and (optional) data
connection encryption according to
http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-16.txt .
.
The default is to fall back to insecure authentication if AUTH TLS is not
supported by the server to match the current behaviour of the AUTH SSL code.
.
If you specify "-z secure", then encryption of both the control and the data
connection are required.
Andreas Oberritter <obi@saftware.de> no http://www.saftware.de/patches/ftp_tls.diff 2010-04-06
550_doc_fixes.diff Man page improvements Document SSL options in synopsis, and fix groff errors.
For groff error report (only), see #250587.
Ian Beckwith <ianb@debian.org>, Christoph Martin <christoph.martin@uni-mainz.de> no debian 2014-12-23
560_hurd.diff Definitions needed by Hurd port There is no PATH_MAX, MAXPATHLEN or MAXHOSTNAMELEN in GNU/Hurd, so
this package does not compile from source.
.
The "right" fix for this would be to modify the program so that no
PATH_MAX is assumed (doing dynamic allocation of the required space),
but for now this patch should be enough:
Santiago Vila <sanvila@unex.es> no debian 2010-04-07
570_fix_warnings.diff fix various warnings some trivial, some (like the sprintf fix) are actual bugs Ian Beckwith <ianb@debian.org> no 2010-04-07
580_ssl_fflush.diff use SSL-specific macros to wrap fflush and putc Origin unknown, first appeared in netkit-ftp-ssl 0.17.12+0.2
somewhere between -1 and -6
Author unknown, probably Christoph Martin <christoph.martin@uni-mainz.de>
no 2014-12-23
590_fix_ssl_without_autologin.diff Fix SSL without autologin (-n) Initialize SSL even when -n is used.
Also enforce -z secure when logging in with USER command.
Ian Beckwith <ianb@debian.org> no debian 2014-12-23
600_fix_passive_mode.diff Fix passive mode when SSL is enabled Origin/Author unknown. From netkit-telnet-ssl 0.17.9+0.2-3:
* fix broken passive mode while SSL is enabled (thanks to Stefan Esser
<sesser@php.net>)
no 2014-12-23
610_usage.diff Include SSL options in ftp -h output Ian Beckwith <ianb@debian.org> no 2014-12-23
620_enforce_ssl_in_user_cmd.diff Enforce -z secure when logging in with USER command Ian Beckwith <ianb@debian.org> no 2010-04-06
630_fix_-z_segfault.diff Fix segfault when -z is given with no following args Alexander Gitter <qwertz1230@googlemail.com> no debian 2010-04-06
650_broken_ssl_connection.diff Let repeated connections use SSL. Only the first connection could use SSL authorization,
the next could not since the context was insufficiently
reinitialized.
.
Similarly, commands to server resulting in continuation text
are broken, like "rhelp" and "rstatus".
of invalid connection context.
Mats Erik Andersson <debian@gisladisker.se> no debian 2014-12-31
660_hashes_and_ticks.diff Consistency of hashes and ticks. Encrypted retrieval of binary files did not implement variable
size for hash marking. Also restrict hashes to RETR commands.
Support for the tick counter was missing altogether!
Mats Erik Andersson <debian@gisladisker.se> no 2015-11-24
670_capture_ssl_error.diff Broken detection of SSL errors. During read of binary data, with active encryption, the detection
of failed calls with SSL_read() is incomplete. In addition, the
external variable 'errno' needs manual setting to EIO for proper
reporting.
.
Important problem analysis of code was contributed by Raphael Astier.
The issue was identified while investigating report #801948.
Mats Erik Andersson <debian@gisladisker.se> no 2015-11-24
700_prefer_tls.diff Better contemporary abilities. Probe AUTH TLS as first authentication, then fall back
to AUTH SSL. Still, only protection level P is accepted.
.
Implement the claimed SSL option 'cipher=list'.
.
Add a new command line argument 'cacert=file', thus making sense
of SSL verification mode. Invoke a verification callback when
running in verify mode, thereby making additional details known
about the server's certificate chain, but only in verbose mode.
.
Include information about the encryption in use when executing
the internal status command. This includes identifiers of subject
and issuer as stated in the server's certificate.
.
Replace cluttered error messages produced by the SSL library.
.
Report SSL cipher and encrypted data when in verbose mode.
.
Update the manual page.
.
The source file sslapp.c is synchronized with that of linux-ftpd-ssl.
.
Mats Erik Andersson <debian@gisladisker.se> no 2017-02-07
use-cmake-as-buildsystem.patch Use cmake as build system Christoph Biedl <debian.axhn@manchmal.in-ulm.de> no debian 2019-02-24
use-cmake-as-buildsystem-debian-extras.patch Adjust install paths and file names for Debian Christoph Biedl <debian.axhn@manchmal.in-ulm.de> not-needed 2019-02-24
use-cmake-as-buildsystem-ssl-extras.patch Add SSL support Christoph Biedl <debian.axhn@manchmal.in-ulm.de> not-needed 2019-02-24
0001-ftp-ssl-shutdown-the-session-properly.patch [PATCH 1/2] ftp-ssl: shutdown the session properly
If the SSL session is not shutdown properly, the following SSL_free will
free all SSL related structs including the session making it impossible
to be reused in a later connection.
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> no 2017-11-11
0002-ftp-ssl-use-get-set-session-instead-of-copy-id.patch [PATCH 2/2] ftp-ssl: use get+set session instead of copy id
This does mostly the same thing but may be more obvious, maybe not.
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> no 2017-11-11
710_fix_ftbfs_gcc10.diff =================================================================== no

All known versions for source package 'netkit-ftp-ssl'

Links