Bring over changes from source of truth in othersrc/usr.bin/tnftp
Changes since previous version:
-This is tnftp version 20141031.
+This is tnftp version 20141104.
+
+Changes in tnftp from 20141031 to 20141104:
+
+ Portability fixes.
With thanks to lukem for the nudge
* Release as "tnftp 20141031".
* Merge NetBSD usr.bin/ftp from 20130220 to 20141026:
- Don't pay attention to special characters if they don't
come from the command line (from jmcneill).
Fixes CVE-2014-8517.
- pr/34796: Hauke Fath: ftp does not timeout on http fetches.
Sun May 5 13:51:47 UTC 2013 lukem
* Release as "tnftp 20130505"
* Implement --enable-ssl (and --with-openssl) to enable
https:// fetch support.
* Merge NetBSD ftp from 20090520 to 20130220. Changes:
- https:// support.
NetBSD problem report 47276 from NONAKA Kimihiro.
- Allow -R to restart non-existent ftp:// URIs.
- Don't assume AF_INET support is available.
FreeBSD problem report 162661.
- Parse HTTP 'Date' entries in the `C' locale rather than the
user's.
NetBSD problem report 42917 from KAMADA Ken'ichi.
- Improve error handling when parsing of URI scheme.
- Silence connection warnings to multi-homed hosts in
non-verbose mode.
- Fix compile warnings.
- In ftpvis(), prevent incomplete escape sequences at end of
dst, and ensure NUL-termination of dst.
Fix from Uwe Stuehler and Stefan Sperling, via Marc Balmer.
- When using the response to SYST to decide whether to
default to 'binary' be a lot less specific.
* Replace glob with newer copy from NetBSD that does not suffer
from DoS exhaustion attacks.
Fix in NetBSD from Maksymilian Arciemowicz. See CVE-2011-0418
Tue Jan 12 06:58:15 UTC 2010 lukem
* Release as "tnftp 20100108"
* Rename onoff() argument "bool" to "val".
Tue Jan 5 09:12:01 UTC 2010 lukem
* If ARG_MAX isn't defined, use the result from sysconf(_SC_ARG_MAX).
Fixes build when using newer glibc.
* Add libnetbsd.la to the LIBADD for libedit.
Fix provided by Adam Sampson.
Mon Jan 4 06:28:07 UTC 2010 lukem
* Distribute various files not shipped by default automake rules,
to use 'make dist' instead of 'cvs export'.
Wed Dec 30 00:12:47 UTC 2009 lukem
* Release as "tnftp 20091122"
Sun Nov 15 10:14:44 UTC 2009 lukem
* Merge NetBSD ftp from 20090520 to 20090915. Change:
- Rename internal getline() to get_line() to avoid
conflict with libc with former.
- Avoid a NULL dereference in an error message.
Sat Nov 14 09:21:19 UTC 2009 lukem
* Convert to automake & libtool.
Sat Jun 6 07:17:38 UTC 2009 lukem
* Release as "tnftp 20090606"
Fri May 22 01:11:15 UTC 2009 lukem
* configure fixes:
- Add the time.h headers to accheck_includes, for the strptime check.
- Remove the check for el_init in libedit; we're always replacing
the library and the presence of strvis() in some versions
confuses other checks.
Wed May 20 13:47:43 UTC 2009 lukem
* Release as "tnftp 20090520"
* Merge NetBSD ftp from 20070722 to 20090520. Changes:
- Only attempt to el_parse() a command unknown by the default
parser if editing is enabled.
Fixes pr 38589.
- Turn off the alarmtimer before resetting the SIGALRM handler
back to SIG_DFL.
Fixes pr 35630.
- Add epsv6 and epsv to disable extended passive mode for ipv6 or
both ipv4 and ipv6 respectively. This hack is due to our
friends a Juniper Networks who break epsv in ipv6.
Should be fixed in ScreenOS 6.2.X.
- Improve parsing of chunked transfer chunks per RFC2616:
- more stringent chunk-size parsing
- ignore optional trailing ';chunk-ext' stuff, instead of barfing
- detect EOF before final \r\n.
- Use the service name to getaddrinfo() (along with the host
name), so that features such as DNS Service Discovery have a
better chance of working.
Display the service name in various status & error messages.
- Don't getservbyname() the :port component of a URL; RFC 3986
says it's just an unsigned number, not a service name.
- Fix numerous WARNS=4 issues (-Wcast-qual -Wsign-compare).
- Fix -Wshadow issues
- Update copyrights
- Remove clause 3 and 4 from TNF licenses
- Rename HAVE_STRUCT_SOCKADDR_SA_LEN to
HAVE_STRUCT_SOCKADDR_IN_SIN_LEN to accurately reflect the
structure member being used.
- Use AF_INET instead of AF_UNSPEC as the default family if
!defined(INET6).
* configure improvements:
- Style tweaks.
- Use AC_LANG_PROGRAM() instead of AC_LANG_SOURCE()
- Add a check for strptime() requiring separators between
conversions, and use our replacement one if it does.
Sat Dec 20 15:28:24 UTC 2008 lukem
* configure improvements:
- Move IPv6 check from tnftp.h to configure.ac (as per tnftpd).
- Rework option descriptions.
- Highlight when tests are for a specific option.
- Move configuration results to the end of the file.
- Display $prefix in configure results.
Fri Aug 15 03:03:36 UTC 2008 lukem
* Add a "Configuration results" display at the end of configure.
Cosmetic tweaks.
Fri Feb 29 09:45:56 UTC 2008 lukem
* Support @EXEEXT@ for Cygwin (etc).
* Release as "tnftp 20141031".
* Merge NetBSD usr.bin/ftp from 20130220 to 20141026:
- Don't pay attention to special characters if they don't
come from the command line (from jmcneill).
Fixes CVE-2014-8517.
- pr/34796: Hauke Fath: ftp does not timeout on http fetches.
Sun May 5 13:51:47 UTC 2013 lukem
* Release as "tnftp 20130505"
* Implement --enable-ssl (and --with-openssl) to enable
https:// fetch support.
* Merge NetBSD ftp from 20090520 to 20130220. Changes:
- https:// support.
NetBSD problem report 47276 from NONAKA Kimihiro.
- Allow -R to restart non-existent ftp:// URIs.
- Don't assume AF_INET support is available.
FreeBSD problem report 162661.
- Parse HTTP 'Date' entries in the `C' locale rather than the
user's.
NetBSD problem report 42917 from KAMADA Ken'ichi.
- Improve error handling when parsing of URI scheme.
- Silence connection warnings to multi-homed hosts in
non-verbose mode.
- Fix compile warnings.
- In ftpvis(), prevent incomplete escape sequences at end of
dst, and ensure NUL-termination of dst.
Fix from Uwe Stuehler and Stefan Sperling, via Marc Balmer.
- When using the response to SYST to decide whether to
default to 'binary' be a lot less specific.
* Replace glob with newer copy from NetBSD that does not suffer
from DoS exhaustion attacks.
Fix in NetBSD from Maksymilian Arciemowicz. See CVE-2011-0418
Tue Jan 12 06:58:15 UTC 2010 lukem
* Release as "tnftp 20100108"
* Rename onoff() argument "bool" to "val".
Tue Jan 5 09:12:01 UTC 2010 lukem
* If ARG_MAX isn't defined, use the result from sysconf(_SC_ARG_MAX).
Fixes build when using newer glibc.
* Add libnetbsd.la to the LIBADD for libedit.
Fix provided by Adam Sampson.
Mon Jan 4 06:28:07 UTC 2010 lukem
* Distribute various files not shipped by default automake rules,
to use 'make dist' instead of 'cvs export'.
Wed Dec 30 00:12:47 UTC 2009 lukem
* Release as "tnftp 20091122"
Sun Nov 15 10:14:44 UTC 2009 lukem
* Merge NetBSD ftp from 20090520 to 20090915. Change:
- Rename internal getline() to get_line() to avoid
conflict with libc with former.
- Avoid a NULL dereference in an error message.
Sat Nov 14 09:21:19 UTC 2009 lukem
* Convert to automake & libtool.
Sat Jun 6 07:17:38 UTC 2009 lukem
* Release as "tnftp 20090606"
Fri May 22 01:11:15 UTC 2009 lukem
* configure fixes:
- Add the time.h headers to accheck_includes, for the strptime check.
- Remove the check for el_init in libedit; we're always replacing
the library and the presence of strvis() in some versions
confuses other checks.
Wed May 20 13:47:43 UTC 2009 lukem
* Release as "tnftp 20090520"
* Merge NetBSD ftp from 20070722 to 20090520. Changes:
- Only attempt to el_parse() a command unknown by the default
parser if editing is enabled.
Fixes pr 38589.
- Turn off the alarmtimer before resetting the SIGALRM handler
back to SIG_DFL.
Fixes pr 35630.
- Add epsv6 and epsv to disable extended passive mode for ipv6 or
both ipv4 and ipv6 respectively. This hack is due to our
friends a Juniper Networks who break epsv in ipv6.
Should be fixed in ScreenOS 6.2.X.
- Improve parsing of chunked transfer chunks per RFC2616:
- more stringent chunk-size parsing
- ignore optional trailing ';chunk-ext' stuff, instead of barfing
- detect EOF before final \r\n.
- Use the service name to getaddrinfo() (along with the host
name), so that features such as DNS Service Discovery have a
better chance of working.
Display the service name in various status & error messages.
- Don't getservbyname() the :port component of a URL; RFC 3986
says it's just an unsigned number, not a service name.
- Fix numerous WARNS=4 issues (-Wcast-qual -Wsign-compare).
- Fix -Wshadow issues
- Update copyrights
- Remove clause 3 and 4 from TNF licenses
- Rename HAVE_STRUCT_SOCKADDR_SA_LEN to
HAVE_STRUCT_SOCKADDR_IN_SIN_LEN to accurately reflect the
structure member being used.
- Use AF_INET instead of AF_UNSPEC as the default family if
!defined(INET6).
* configure improvements:
- Style tweaks.
- Use AC_LANG_PROGRAM() instead of AC_LANG_SOURCE()
- Add a check for strptime() requiring separators between
conversions, and use our replacement one if it does.
Sat Dec 20 15:28:24 UTC 2008 lukem
* configure improvements:
- Move IPv6 check from tnftp.h to configure.ac (as per tnftpd).
- Rework option descriptions.
- Highlight when tests are for a specific option.
- Move configuration results to the end of the file.
- Display $prefix in configure results.
Fri Aug 15 03:03:36 UTC 2008 lukem
* Add a "Configuration results" display at the end of configure.
Cosmetic tweaks.
Fri Feb 29 09:45:56 UTC 2008 lukem
* Support @EXEEXT@ for Cygwin (etc).
* Release as "tnftp 20141031".
* Merge NetBSD usr.bin/ftp from 20130220 to 20141026:
- Don't pay attention to special characters if they don't
come from the command line (from jmcneill).
Fixes CVE-2014-8517.
- pr/34796: Hauke Fath: ftp does not timeout on http fetches.
Sun May 5 13:51:47 UTC 2013 lukem
* Release as "tnftp 20130505"
* Implement --enable-ssl (and --with-openssl) to enable
https:// fetch support.
* Merge NetBSD ftp from 20090520 to 20130220. Changes:
- https:// support.
NetBSD problem report 47276 from NONAKA Kimihiro.
- Allow -R to restart non-existent ftp:// URIs.
- Don't assume AF_INET support is available.
FreeBSD problem report 162661.
- Parse HTTP 'Date' entries in the `C' locale rather than the
user's.
NetBSD problem report 42917 from KAMADA Ken'ichi.
- Improve error handling when parsing of URI scheme.
- Silence connection warnings to multi-homed hosts in
non-verbose mode.
- Fix compile warnings.
- In ftpvis(), prevent incomplete escape sequences at end of
dst, and ensure NUL-termination of dst.
Fix from Uwe Stuehler and Stefan Sperling, via Marc Balmer.
- When using the response to SYST to decide whether to
default to 'binary' be a lot less specific.
* Replace glob with newer copy from NetBSD that does not suffer
from DoS exhaustion attacks.
Fix in NetBSD from Maksymilian Arciemowicz. See CVE-2011-0418
Tue Jan 12 06:58:15 UTC 2010 lukem
* Release as "tnftp 20100108"
* Rename onoff() argument "bool" to "val".
Tue Jan 5 09:12:01 UTC 2010 lukem
* If ARG_MAX isn't defined, use the result from sysconf(_SC_ARG_MAX).
Fixes build when using newer glibc.
* Add libnetbsd.la to the LIBADD for libedit.
Fix provided by Adam Sampson.
Mon Jan 4 06:28:07 UTC 2010 lukem
* Distribute various files not shipped by default automake rules,
to use 'make dist' instead of 'cvs export'.
Wed Dec 30 00:12:47 UTC 2009 lukem
* Release as "tnftp 20091122"
Sun Nov 15 10:14:44 UTC 2009 lukem
* Merge NetBSD ftp from 20090520 to 20090915. Change:
- Rename internal getline() to get_line() to avoid
conflict with libc with former.
- Avoid a NULL dereference in an error message.
Sat Nov 14 09:21:19 UTC 2009 lukem
* Convert to automake & libtool.
Sat Jun 6 07:17:38 UTC 2009 lukem
* Release as "tnftp 20090606"
Fri May 22 01:11:15 UTC 2009 lukem
* configure fixes:
- Add the time.h headers to accheck_includes, for the strptime check.
- Remove the check for el_init in libedit; we're always replacing
the library and the presence of strvis() in some versions
confuses other checks.
Wed May 20 13:47:43 UTC 2009 lukem
* Release as "tnftp 20090520"
* Merge NetBSD ftp from 20070722 to 20090520. Changes:
- Only attempt to el_parse() a command unknown by the default
parser if editing is enabled.
Fixes pr 38589.
- Turn off the alarmtimer before resetting the SIGALRM handler
back to SIG_DFL.
Fixes pr 35630.
- Add epsv6 and epsv to disable extended passive mode for ipv6 or
both ipv4 and ipv6 respectively. This hack is due to our
friends a Juniper Networks who break epsv in ipv6.
Should be fixed in ScreenOS 6.2.X.
- Improve parsing of chunked transfer chunks per RFC2616:
- more stringent chunk-size parsing
- ignore optional trailing ';chunk-ext' stuff, instead of barfing
- detect EOF before final \r\n.
- Use the service name to getaddrinfo() (along with the host
name), so that features such as DNS Service Discovery have a
better chance of working.
Display the service name in various status & error messages.
- Don't getservbyname() the :port component of a URL; RFC 3986
says it's just an unsigned number, not a service name.
- Fix numerous WARNS=4 issues (-Wcast-qual -Wsign-compare).
- Fix -Wshadow issues
- Update copyrights
- Remove clause 3 and 4 from TNF licenses
- Rename HAVE_STRUCT_SOCKADDR_SA_LEN to
HAVE_STRUCT_SOCKADDR_IN_SIN_LEN to accurately reflect the
structure member being used.
- Use AF_INET instead of AF_UNSPEC as the default family if
!defined(INET6).
* configure improvements:
- Style tweaks.
- Use AC_LANG_PROGRAM() instead of AC_LANG_SOURCE()
- Add a check for strptime() requiring separators between
conversions, and use our replacement one if it does.
Sat Dec 20 15:28:24 UTC 2008 lukem
* configure improvements:
- Move IPv6 check from tnftp.h to configure.ac (as per tnftpd).
- Rework option descriptions.
- Highlight when tests are for a specific option.
- Move configuration results to the end of the file.
- Display $prefix in configure results.
Fri Aug 15 03:03:36 UTC 2008 lukem
* Add a "Configuration results" display at the end of configure.
Cosmetic tweaks.
Fri Feb 29 09:45:56 UTC 2008 lukem
* Support @EXEEXT@ for Cygwin (etc).
- At least Ubuntu 8.1 sets __attribute__((warn_unused_result)) on fwrite()
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25509
which means (void)fwrite(...) will *always* generate a warning, so
set -Wno-error to bypass this in Linux.sys.mk
- Ubuntu 8.1 also jumps through hoops to ensure ARG_MAX is *undefined*, so
work around this in tnftp and libnbcompat
from archivers/pax and net/tnftp, respectively. In the past, the
pkgtools version of these packages installed into ${PKG_TOOLS_BIN},
but this was changed in:
pkgtools/pax/Makefile:1.15
pkgtools/tnftp/Makefile:1.3
+ Get rid of archivers/pax/Makefile.common and net/tnftp/Makefile.common
by merging them into their respective Makefiles. The Makefile.common
files existed solely for inclusion by the pkgtools versions of these
packages, but with the removal of those packages, these files are
now unnecessary.
+ Add full DESTDIR support to archivers/pax and net/tnftp.
+ Modify the bootstrap to build archivers/pax and net/tnftp instead of
the pkgtools versions of these packages.
Notable changes:
- Implement '-s srcaddr' to set the local IP address for all connections.
- Support '-q quittime' when waiting for server replies.
- Use IEC 60027-2 "KiB", "MiB" (etc) instead of "KB", "MB", ...
- Portability fixes, including for FreeBSD, Mac OS X, and Solaris.
Notable changes:
- Implement '-s srcaddr' to set the local IP address for all connections.
- Support '-q quittime' when waiting for server replies.
- Use IEC 60027-2 "KiB", "MiB" (etc) instead of "KB", "MB", ...
- Portability fixes, including for FreeBSD, Mac OS X, and Solaris.
Notable changes:
- Implement '-s srcaddr' to set the local IP address for all connections.
- Support '-q quittime' when waiting for server replies.
- Use IEC 60027-2 "KiB", "MiB" (etc) instead of "KB", "MB", ...
- Portability fixes, including for FreeBSD, Mac OS X, and Solaris.
Notable changes:
- Implement '-s srcaddr' to set the local IP address for all connections.
- Support '-q quittime' when waiting for server replies.
- Use IEC 60027-2 "KiB", "MiB" (etc) instead of "KB", "MB", ...
- Portability fixes, including for FreeBSD, Mac OS X, and Solaris.
Notable changes:
- Implement '-s srcaddr' to set the local IP address for all connections.
- Support '-q quittime' when waiting for server replies.
- Use IEC 60027-2 "KiB", "MiB" (etc) instead of "KB", "MB", ...
- Portability fixes, including for FreeBSD, Mac OS X, and Solaris.
Notable changes:
- Implement '-s srcaddr' to set the local IP address for all connections.
- Support '-q quittime' when waiting for server replies.
- Use IEC 60027-2 "KiB", "MiB" (etc) instead of "KB", "MB", ...
- Portability fixes, including for FreeBSD, Mac OS X, and Solaris.
older OSes
added a hack to support IRIX 5
(modifications done directly to the files instead of adding patch files to
make them being used during bootstrapping as well; approved by reed)
Security-related bug fixes:
* Convert to use getline() instead of fgets() whenever reading user input to
ensure that an overly long input line doesn't leave excess characters for
the next input operation to accidentally use as input.
* Zero out the password & account after we've finished with it.
* Consistently use getpass(3) (i.e, character echo suppressed) when reading
the account data. For some reason, historically the "login" code
suppressed echo for Account: yet the "user" command did not!
* Improve method used in fileindir() to determine if `file' is in or under
`dir': realpath(3) on non-NetBSD systems may fail if the target filename
doesn't exist, so instead use realpath(3) on the parent directory of `file'.
(The previous code was over-aggressive in preventing transfers on systems
with a realpath(3) that had different semantics to NetBSD.)
Bug fixes:
* Display the hostname in the "getaddrinfo failed" warning.
* Only print the "Trying <address>..." message if verbose and there's more
than one struct addrinfo in the getaddrinfo() result.
* formatbuf(): fix %m and %M to use the hostname, not the username.
* fetch_ftp(): preserve 'anonftp' across a disconnect() so that multiple ftp
auto-fetches on the same command line login automatically.
* Improve bounds checking.
* Update various copyright notices.
Portability fixes:
* Look for dirname(3), which may be in -lgen on IRIX, and replace it if not
found.
* Don't use non-standard: u_char, u_short, u_int, or uint.
* Use uint32_t instead of u_int32_t.
* Don't use register.
* Helps if the definition of xconnect() matches its declaration....
* Fix some cast issues highlighted by gcc 4 on OSX.4
* Use size_t instead of int where appropriate.
* Make this compile on sparc64 (size_t != int).
* Printf field widths and size_t don't always mix well, so cast to int.
Fixes build problem for alpha.
* auto_fetch(): use an initialized volatile int to appease IRIX cc.
* Don't abuse unconstify'ing a string and writing to it, because you'll core
dump. Also remove extra const that gives pain to the irix compiler.
* Make sure we flush after we prepare when we are unbuffered otherwise the
prompt will not appear immediately.
* Terminate the arglist with a NULL instead of 0. (Shuts up gcc4.x)
* Use malloc(3) instead of alloca(3).
* Include "src/progressbar.h" for xsignal_restart() prototype.
* Ensure that fallback #define of __attribute__ is available.
Fixes build problem on HP-UX with cc.
* Pull in <poll.h> or <sys/poll.h> if they exist even if we're not using poll,
as struct pollfd might exist in those. Fixes build problem on OSX.3.
* Use NS_INADDRSZ, NS_IN6ADDRSZ and NS_INT16SZ instead of
equivalents without NS_ prefix.
* Use socklen_t instead of size_t where appropriate.
* Separate CPPFLAGS from CFLAGS.
* Use "long long" instead of "quad" in various comments & constants.
* Prefer poll over select when implementing replacement usleep().
Notable changes:
- Implement '-s srcaddr' to set the local IP address for all connections.
- Support '-q quittime' when waiting for server replies.
- Use IEC 60027-2 "KiB", "MiB" (etc) instead of "KB", "MB", ...
- Portability fixes, including for FreeBSD, Mac OS X, and Solaris.
Notable changes:
- Implement '-s srcaddr' to set the local IP address for all connections.
- Support '-q quittime' when waiting for server replies.
- Use IEC 60027-2 "KiB", "MiB" (etc) instead of "KB", "MB", ...
- Portability fixes, including for FreeBSD, Mac OS X, and Solaris.
Notable changes:
- Implement '-s srcaddr' to set the local IP address for all connections.
- Support '-q quittime' when waiting for server replies.
- Use IEC 60027-2 "KiB", "MiB" (etc) instead of "KB", "MB", ...
- Portability fixes, including for FreeBSD, Mac OS X, and Solaris.
Various changes, including:
* forbid mget of filenames that aren't in or below the local cwd.
* improve auto-fetch transfers
* improve www/proxy authentication support
* improve http response header parsing
* change UCB-licensed code from 4-clause to 3-clause
IPv6) but not the successor RFC 2553. The configure script detects this
and decides that tnftp needs to compile its own version of getaddrinfo().
This produces the error message
/usr/include/netdb.h:248: `getaddrinfo' previously defined here
because Unixware provides an implementation of getaddrinfo() in netdb.h
instead of a prototype declaration :-/. Since netdb.h cannot be omitted,
we will always get this definition and tnftp's version of getaddrinfo
will always create a conflict.
This ugly preprocessor hack works around the problem. Hints for a better
solution welcome.
(MacOSX 10.3) by adding a custom test for _POLL_EMUL_H_ which is
defined in poll.h on some MacOSX 10.3 systems.
not all 10.3 systems have poll.h, so only do the poll() test if at
least one of the header files is found.
Various changes, including:
* forbid mget of filenames that aren't in or below the local cwd.
* improve auto-fetch transfers
* improve www/proxy authentication support
* improve http response header parsing
* change UCB-licensed code from 4-clause to 3-clause
Various changes, including:
* forbid mget of filenames that aren't in or below the local cwd.
* improve auto-fetch transfers
* improve www/proxy authentication support
* improve http response header parsing
* change UCB-licensed code from 4-clause to 3-clause
Various changes, including:
* forbid mget of filenames that aren't in or below the local cwd.
* improve auto-fetch transfers
* improve www/proxy authentication support
* improve http response header parsing
* change UCB-licensed code from 4-clause to 3-clause
