| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 010_patches_in_sarge.diff | Source patches applied to release Sarge. Multiple patches. | Herbert Xu <herbert@debian.org> | no | 2003-06-29 | ||
| 025_long_cmd_overflow.diff | Buffer overflow caused by long commands. Allocate a sufficient amount of memory to handle many arguments. Description interpreted from #407924 diff -u netkit-ftp-0.17/ftp/main.c netkit-ftp-0.17/ftp/main.c |
Steve Kemp <skx@debian.org> | no | 2008-03-26 | ||
| 030_argv_handling.diff | Multiple flaws in ftp/main.c. There are several flaws in the current code of the makeargv function in ftp/main.c. It certainly errs, but not on the side of caution. . 1. The 'count' variable is supposed to count the number of arguments on the command line. In fact it counts the number of arguments less one, so malloc is often called with an argument of zero. . 2. The argument to malloc is completely wrong. Space needs to be reserved for a certain number of pointers; the length of the command line string is irrelevant. . 3. The slurpstring parsing function accepts both space and tab as delimiters. The 'count' variable is calculated assuming spaces only. . 4. It appears to me that the memory allocated for rargv is never freed, leading to a memory leak. I may be wrong about this, and I do not know the code well enough to suggest where the free should take place if it does not happen already. My patch does not address this. . Attempting to count parameters in advance is not the best solution in my opinion. It is duplicating part of the effort of slurpstring. My preference would have been to allocate memory for 20 pointers, as in the original code, then realloc() for a larger size if more than 20 parameters are returned from slurpstring. Description collected from #508378 diff -u netkit-ftp-0.17/ftp/main.c netkit-ftp-0.17/ftp/main.c |
Mark Calderbank <m.calderbank@iname.com> | no | 2009-09-14 | ||
| 035_lintian_pedantic.diff | Pedantic complaits by lintian. Spelling in ftp/ftp.1 and ftp/cmds.c. . Incorrect use of hyphenation in ftp/ftp.1. |
Mats Erik Andersson <debian@gisladisker.se> | no | 2010-02-27 | ||
| 040_ipv6_ftp_c.diff | Impose IPv6-capacities on ftp.c. Super structure 'struct sockaddr_storage' is replacing 'struct sockaddr_in' . For peer address strings, a first try aims at IPv4. That failing, next try is for IPv6, and ultimatively a host lookup follows as last resort. . Use a SIGALRM mechanism to decrease the default TCP handshake timeout to a value better suited for interactive use. The macro can be set externally to change the suggested FTP_CONNECT_TIMEOUT=10 . Use a command EPSV with explicit request for IPv6 address family as soon as parsing concluded that the control socket is using IPv6. . Make IP_TOS conditioned on AF_INET. |
Mats Erik Andersson <debian@gisladisker.se> | no | 2011-06-17 | ||
| 041_user_address_commands.diff | Improve user interface with address family selection. Implement command line options for selecting IPv4 or IPv6. . Implement runtime command 'ipany', 'ipv4', and 'ipv6'. These allow repeatedly new selection of addressing mode. diff -Nru netkit-ftp-0.17.debian/ftp/cmds.c netkit-ftp-0.17/ftp/cmds.c |
Mats Erik Andersson <debian@gisladisker.se> | no | 2011-04-19 | ||
| 043_tune_non_autologin.diff | Only use implicit SYST with auto-login. Not every server, nor every ftp-proxy server, is able to reply to a SYST command before the user has logged in. . Do not execute 'dosyst()' in a situation where the user has asked for overriding auto-login. In other words, execute both of 'dologin()' and 'dosyst()', or execute none of them, depending on AUTOLOGIN. |
Mats Erik Andersson | not-needed | debian | 2011-05-23 | |
| 050_support_gnu_hurd.diff | Support GNU/Hurd Add fall-back macro definitions for PATH_MAX, MAXPATHLEN, and MAXHOSTNAMELEN, all of which are not specified by POSIX, hence are legally missing for GNU/Hurd. . Replace a few uses of these macros by "sizeof()", in order to improve robustness of their value. Since PATH_MAX and MAXPATHLEN are implicitly assumed to be equal. |
Mats Erik Andersson <debian@gisladisker.se> | no | 2012-03-28 | ||
| 060_full_offset_range.diff | Use full offset range. On 32-bit systems, the coding of offset values as `off_t', i.e., of 64 bit length, was incomplete. Replacing fseek() with fseeko() achieves the intended offset ranges. |
Mats Erik Andersson, Martin Hicks | not-needed | debian | 2012-05-23 | |
| 070_hash_increments.diff | Changeable increment between hash markings. Modify the source of the command "hash" to take an optional argument specifying the block size to be used when generating hash markings during transmission. The toggle action is taken only when no argument is present. . Also allow conventional shorthand notation like "32k", "5M", and "2G" for simplified arithmetic! . The related command "tick" is changed to use an increment of ten times the step used by "hash". This fits the previous sizes of 10240 and 1024, respectively, in legacy code. . In the report summary, adaptively print transfer rate in either kB/s or MB/s. . A very old printing issue, present in the original source, is a missing CRLF after the very last "tick" counter, causing the final byte counter to be displayed by status string "226" without any separating character. http://bugs.debian.org/754065 |
Mats Erik Andersson <debian@gisladisker.se> | not-needed | debian | 2014-07-18 | |
| 500_ssl.diff | Base SSL patch The original ssl patch, lightly modified to apply to debian's netkit-ftp 0.17 |
Tim Hudson <tjh@cryptsoft.com> | not-needed | ftp://ftp.uni-mainz.de/pub/software/security/ssl/SSL-MZapps/netkit-ftp-0.17+ssl-0.2.diff.gz | 2014-12-22 | |
| 510_fix_ssl_auth_response.diff | Fix AUTH SSL response handling Accept COMPLETE (234) as well as CONTINUE (334) See Debian bug #168762 for full details. |
James Manning <jmm@sublogic.com> | no | debian | 2010-04-07 | |
| 520_check_ssl_new.diff | Check return code of ssl_NEW() Origin unknown, comes from netkit-ftp-ssl 0.17.12+0.2-6 or earlier | no | 2010-04-07 | |||
| 530_move_interrupt_handler.diff | Install interrupt handler before initializing SSL Origin unknown, comes from netkit-ftp-ssl 0.17.12+0.2-6 or earlier | no | 2010-04-07 | |||
| 540_tls.diff | support TLS authentication and (optional) data connection encryption Netkit-ftp-ssl now supports TLS authentication and (optional) data connection encryption according to http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-16.txt . . The default is to fall back to insecure authentication if AUTH TLS is not supported by the server to match the current behaviour of the AUTH SSL code. . If you specify "-z secure", then encryption of both the control and the data connection are required. |
Andreas Oberritter <obi@saftware.de> | no | http://www.saftware.de/patches/ftp_tls.diff | 2010-04-06 | |
| 550_doc_fixes.diff | Man page improvements Document SSL options in synopsis, and fix groff errors. For groff error report (only), see #250587. |
Ian Beckwith <ianb@debian.org>, Christoph Martin <christoph.martin@uni-mainz.de> | no | debian | 2014-12-23 | |
| 560_hurd.diff | Definitions needed by Hurd port There is no PATH_MAX, MAXPATHLEN or MAXHOSTNAMELEN in GNU/Hurd, so this package does not compile from source. . The "right" fix for this would be to modify the program so that no PATH_MAX is assumed (doing dynamic allocation of the required space), but for now this patch should be enough: |
Santiago Vila <sanvila@unex.es> | no | debian | 2010-04-07 | |
| 570_fix_warnings.diff | fix various warnings some trivial, some (like the sprintf fix) are actual bugs | Ian Beckwith <ianb@debian.org> | no | 2010-04-07 | ||
| 580_ssl_fflush.diff | use SSL-specific macros to wrap fflush and putc Origin unknown, first appeared in netkit-ftp-ssl 0.17.12+0.2 somewhere between -1 and -6 Author unknown, probably Christoph Martin <christoph.martin@uni-mainz.de> |
no | 2014-12-23 | |||
| 590_fix_ssl_without_autologin.diff | Fix SSL without autologin (-n) Initialize SSL even when -n is used. Also enforce -z secure when logging in with USER command. |
Ian Beckwith <ianb@debian.org> | no | debian | 2014-12-23 | |
| 600_fix_passive_mode.diff | Fix passive mode when SSL is enabled Origin/Author unknown. From netkit-telnet-ssl 0.17.9+0.2-3: * fix broken passive mode while SSL is enabled (thanks to Stefan Esser <sesser@php.net>) |
no | 2014-12-23 | |||
| 610_usage.diff | Include SSL options in ftp -h output | Ian Beckwith <ianb@debian.org> | no | 2014-12-23 | ||
| 620_enforce_ssl_in_user_cmd.diff | Enforce -z secure when logging in with USER command | Ian Beckwith <ianb@debian.org> | no | 2010-04-06 | ||
| 630_fix_-z_segfault.diff | Fix segfault when -z is given with no following args | Alexander Gitter <qwertz1230@googlemail.com> | no | debian | 2010-04-06 | |
| 650_broken_ssl_connection.diff | Let repeated connections use SSL. Only the first connection could use SSL authorization, the next could not since the context was insufficiently reinitialized. . Similarly, commands to server resulting in continuation text are broken, like "rhelp" and "rstatus". of invalid connection context. |
Mats Erik Andersson <debian@gisladisker.se> | no | debian | 2014-12-31 | |
| 660_hashes_and_ticks.diff | Consistency of hashes and ticks. Encrypted retrieval of binary files did not implement variable size for hash marking. Also restrict hashes to RETR commands. Support for the tick counter was missing altogether! |
Mats Erik Andersson <debian@gisladisker.se> | no | 2015-11-24 | ||
| 670_capture_ssl_error.diff | Broken detection of SSL errors. During read of binary data, with active encryption, the detection of failed calls with SSL_read() is incomplete. In addition, the external variable 'errno' needs manual setting to EIO for proper reporting. . Important problem analysis of code was contributed by Raphael Astier. The issue was identified while investigating report #801948. |
Mats Erik Andersson <debian@gisladisker.se> | no | 2015-11-24 | ||
| 700_prefer_tls.diff | Better contemporary abilities. Probe AUTH TLS as first authentication, then fall back to AUTH SSL. Still, only protection level P is accepted. . Implement the claimed SSL option 'cipher=list'. . Add a new command line argument 'cacert=file', thus making sense of SSL verification mode. Invoke a verification callback when running in verify mode, thereby making additional details known about the server's certificate chain, but only in verbose mode. . Include information about the encryption in use when executing the internal status command. This includes identifiers of subject and issuer as stated in the server's certificate. . Replace cluttered error messages produced by the SSL library. . Report SSL cipher and encrypted data when in verbose mode. . Update the manual page. . The source file sslapp.c is synchronized with that of linux-ftpd-ssl. . |
Mats Erik Andersson <debian@gisladisker.se> | no | 2017-02-07 | ||
| use-cmake-as-buildsystem.patch | Use cmake as build system | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | no | debian | 2019-02-24 | |
| use-cmake-as-buildsystem-debian-extras.patch | Adjust install paths and file names for Debian | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | not-needed | 2019-02-24 | ||
| use-cmake-as-buildsystem-ssl-extras.patch | Add SSL support | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | not-needed | 2019-02-24 | ||
| 0001-ftp-ssl-shutdown-the-session-properly.patch | [PATCH 1/2] ftp-ssl: shutdown the session properly If the SSL session is not shutdown properly, the following SSL_free will free all SSL related structs including the session making it impossible to be reused in a later connection. |
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | no | 2017-11-11 | ||
| 0002-ftp-ssl-use-get-set-session-instead-of-copy-id.patch | [PATCH 2/2] ftp-ssl: use get+set session instead of copy id This does mostly the same thing but may be more obvious, maybe not. |
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | no | 2017-11-11 | ||
| 710_fix_ftbfs_gcc10.diff | =================================================================== | no |