Initial packaging. Closes: #1063829

debian/control

@@ -0,0 +1,35 @@
+Source: tftp-proxy
+Maintainer: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+Homepage: https://github.com/openfibernet/tftp-proxy
+Standards-Version: 4.6.2
+Vcs-Browser: https://git.in-ulm.de/cbiedl/tftp-proxy
+Vcs-Git: https://git.in-ulm.de/cbiedl/tftp-proxy.git
+Testsuite: autopkgtest-pkg-go
+Build-Depends: debhelper-compat (= 13),
+    dh-golang,
+    golang-github-pin-tftp-dev,
+    golang-go,
+    scdoc,
+Priority: optional
+Rules-Requires-Root: no
+Section: utils
+XS-Go-Import-Path: github.com/openfibernet/tftp-proxy
+
+Package: tftp-proxy
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends},
+Built-Using:
+    ${misc:Built-Using},
+Static-Built-Using:
+    ${misc:Static-Built-Using},
+Description: TFTP server that request files not found from an HTTP backend
+ This program is basically a minimalistic TFTP server. As an extra
+ however, it will forward request that cannot be served to an
+ configurable HTTP backend.
+ .
+ This is useful in a network where the actual TFTP server is relatively
+ far away: Due to the simple design of TFTP, already 40ms of latency
+ result in a very poor performance, tftp-proxy can shortcut that to
+ network speed.
+ .
+ Additionally, the requests may be directed to a caching HTTP server.

debian/copyright

@@ -0,0 +1,23 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: tftp-proxy
+Source: https://github.com/openfibernet/tftp-proxy
+
+Files: *
+Copyright: 2019-2020 Arnoud Vermeer <avermeer@tucows.com>
+License: Apache-2.0
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache version 2.0 license
+ can be found in "/usr/share/common-licenses/Apache-2.0".

debian/patches/1707293949.v1.0.0-3-g8164e8f.adding-filepath-clean-to-address-directory-traversal-2.patch

@@ -0,0 +1,43 @@
+Subject: Adding filepath.Clean to address directory traversal #2
+Origin: https://github.com/openfibernet/tftp-proxy/pull/3
+Upstream-Author: Arnoud Vermeer <avermeer@tucows.com>
+Date: Wed Feb 7 09:19:09 2024 +0100
+
+--- a/main.go
++++ b/main.go
+@@ -4,10 +4,10 @@
+ 	"flag"
+ 	"fmt"
+ 	"io"
+-	"io/ioutil"
+ 	"net/http"
+ 	"os"
+ 	"path"
++	"path/filepath"
+ 	"time"
+ 
+ 	"github.com/pin/tftp"
+@@ -18,9 +18,10 @@
+ 
+ // readHandler is called when client starts file download from server
+ func readHandler(filename string, rf io.ReaderFrom) error {
++	file_path := filepath.Clean(path.Join(dir, filename))
+ 
+-	if _, err := os.Stat(path.Join(dir, filename)); err == nil {
+-		file, err := os.Open(path.Join(dir, filename))
++	if _, err := os.Stat(file_path); err == nil {
++		file, err := os.Open(file_path)
+ 		if err != nil {
+ 			fmt.Fprintf(os.Stderr, "%v\n", err)
+ 			return err
+@@ -50,8 +51,8 @@
+ 		defer resp.Body.Close()
+ 
+ 		if resp.StatusCode != 200 {
+-			io.Copy(ioutil.Discard, resp.Body)
+-			return fmt.Errorf("Received status code: %d", resp.StatusCode)
++			io.Copy(io.Discard, resp.Body)
++			return fmt.Errorf("received status code: %d", resp.StatusCode)
+ 		}
+ 
+ 		rf.(tftp.OutgoingTransfer).SetSize(resp.ContentLength)

debian/patches/really-fix-directory-traversal.patch

@@ -0,0 +1,16 @@
+Subject: Really fix directory traversal
+Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+Forwarded: https://github.com/openfibernet/tftp-proxy/pull/3
+Date: 2024-02-08
+
+--- a/main.go
++++ b/main.go
+@@ -18,7 +18,7 @@
+ 
+ // readHandler is called when client starts file download from server
+ func readHandler(filename string, rf io.ReaderFrom) error {
+-	file_path := filepath.Clean(path.Join(dir, filename))
++	file_path := path.Join(dir, filepath.Clean(path.Join("/", filename)))
+ 
+ 	if _, err := os.Stat(file_path); err == nil {
+ 		file, err := os.Open(file_path)

debian/patches/series

@@ -0,0 +1,2 @@
+1707293949.v1.0.0-3-g8164e8f.adding-filepath-clean-to-address-directory-traversal-2.patch
+really-fix-directory-traversal.patch

debian/rules

@@ -0,0 +1,11 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@ --buildsystem=golang --with=golang
+
+override_dh_auto_install:
+	dh_auto_install -- --no-source
+
+override_dh_installman:
+	scdoc <debian/tftp-proxy.scd >debian/tftp-proxy.8
+	dh_installman

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

debian/tftp-proxy.default

@@ -0,0 +1,12 @@
+
+# Default options for tftp-proxy
+
+# The local file system. Defaults to /var/lib/tftpboot
+dir='/var/lib/tftpboot'
+
+# The upstream HTTP server to pull from, with an optional path.
+# Mandatory.
+url=http://development.example.com/tftp
+
+# An optional HTTP proxy
+# http_proxy=http://127.0.0.1:3128/

debian/tftp-proxy.manpages

@@ -0,0 +1,2 @@
+
+debian/tftp-proxy.8

debian/tftp-proxy.scd

@@ -0,0 +1,65 @@
+tftp-proxy(8)
+
+# NAME
+
+tftp-proxy - TFTP server that request files not found from an HTTP backend
+
+
+# SYNOPSIS
+
+```
+tftp-proxy -url=http://example.com -dir=/var/lib/tftpboot
+```
+
+# DESCRIPTION
+
+This program is a simple TFTP server that additionally requests a file
+not found locally from a configured HTTP backend.
+
+
+# OPTIONS
+
+*-dir*=<directory>
+	The directory to serve files from.
+	Default: /var/lib/tftpboot
+
+*-url*=<address>
+	The address of the HTTP server to connect to. Mandatory.
+
+
+# ENVIRONMENT VARIABLES
+
+The _http_proxy_ environment variable is respected when fetching files
+from the HTTP server. This might come handy as tftp-proxy does not
+write any files.
+
+
+# COPYRIGHT&LICENSE
+
+Copyright (C) 2019-2020 Arnoud Vermeer <avermeer@tucows.com>
+
+License (Apache-2.0):
+
+```
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+On Debian systems, the complete text of the Apache version 2.0 license
+can be found in "/usr/share/common-licenses/Apache-2.0".
+```
+
+
+# AUTHOR
+
+This manpage is based on the usage output of tftp-proxy and
+documentation. It was written for the Debian project by Christoph Biedl
+<debian.axhn@manchmal.in-ulm.de> but may be used by others.

debian/tftp-proxy.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=tftp-proxy
+Documentation=man:tftp-proxy(8)
+
+[Service]
+EnvironmentFile=/etc/default/tftp-proxy
+ExecStart=/usr/bin/tftp-proxy -url=${url} -dir=${dir}
+
+[Install]
+WantedBy=multi-user.target

debian/watch

@@ -0,0 +1,5 @@
+
+version=4
+opts="searchmode=plain,filenamemangle=s/$/.tar.gz/" \
+    https://api.github.com/repos/openfibernet/@PACKAGE@/releases \
+        https://api.github.com/repos/openfibernet/@PACKAGE@/tarball/v([0-9][.0-9]*)