aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorache <ache@FreeBSD.org>2003-09-24 00:58:10 +0800
committerache <ache@FreeBSD.org>2003-09-24 00:58:10 +0800
commitf8a4ee8c10aae79df5207d8b0c1ed5e258d10bc0 (patch)
treebb43bbedecd3660777df7cd6ac8f5736d18f5fff
parent2be69f7a325363cadbcbd2d025684652a61503e6 (diff)
downloadfreebsd-ports-gnome-f8a4ee8c10aae79df5207d8b0c1ed5e258d10bc0.tar.gz
freebsd-ports-gnome-f8a4ee8c10aae79df5207d8b0c1ed5e258d10bc0.tar.zst
freebsd-ports-gnome-f8a4ee8c10aae79df5207d8b0c1ed5e258d10bc0.zip
Integrate official DOS-attack prevention patch
Add -- to tar args to stop hacking with "-"-started files in ftpconversions Approved by: security-officer ('--' fix), portmgr
-rw-r--r--ftp/wu-ftpd/Makefile4
-rw-r--r--ftp/wu-ftpd/distinfo2
-rw-r--r--ftp/wu-ftpd/files/patch-ag40
-rw-r--r--ftp/wu-ftpd/files/patch-as11
4 files changed, 26 insertions, 31 deletions
diff --git a/ftp/wu-ftpd/Makefile b/ftp/wu-ftpd/Makefile
index 2698183fe8af..ab085a896174 100644
--- a/ftp/wu-ftpd/Makefile
+++ b/ftp/wu-ftpd/Makefile
@@ -9,9 +9,11 @@
PORTNAME= wu-ftpd
PORTVERSION= 2.6.2
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= ftp
MASTER_SITES= ftp://ftp.wu-ftpd.org/pub/wu-ftpd/
+PATCH_SITES= ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/
+PATCHFILES= connect-dos.patch realpath.patch
MAINTAINER= ache@FreeBSD.org
COMMENT= A replacement ftp server for Un*x systems
diff --git a/ftp/wu-ftpd/distinfo b/ftp/wu-ftpd/distinfo
index 943113cf49e9..fdf721983ee4 100644
--- a/ftp/wu-ftpd/distinfo
+++ b/ftp/wu-ftpd/distinfo
@@ -1 +1,3 @@
MD5 (wu-ftpd-2.6.2.tar.gz) = b3c271f02aadf663b8811d1bff9da3f6
+MD5 (connect-dos.patch) = 28baacb281dfb8f784b68a7db88f12cb
+MD5 (realpath.patch) = ec7f87e527efdb5bcc0d2edcb29800c4
diff --git a/ftp/wu-ftpd/files/patch-ag b/ftp/wu-ftpd/files/patch-ag
index dabfbce24f9e..70ab437b0783 100644
--- a/ftp/wu-ftpd/files/patch-ag
+++ b/ftp/wu-ftpd/files/patch-ag
@@ -1,19 +1,21 @@
-*** doc/examples/ftpconversions.orig Wed Jan 25 22:11:02 1995
---- doc/examples/ftpconversions Wed Jan 25 22:11:49 1995
-***************
-*** 1,7 ****
-! :.Z: : :/bin/compress -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS
- : : :.Z:/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS
- :.gz: : :/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:GUNZIP
- : : :.gz:/bin/gzip -9 -c %s:T_REG:O_COMPRESS:GZIP
- : : :.tar:/bin/tar -c -f - %s:T_REG|T_DIR:O_TAR:TAR
- : : :.tar.Z:/bin/tar -c -Z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS
-! : : :.tar.gz:/bin/tar -c -z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP
---- 1,7 ----
-! :.Z: : :/bin/gzip -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS
- : : :.Z:/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS
- :.gz: : :/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:GUNZIP
- : : :.gz:/bin/gzip -9 -c %s:T_REG:O_COMPRESS:GZIP
- : : :.tar:/bin/tar -c -f - %s:T_REG|T_DIR:O_TAR:TAR
- : : :.tar.Z:/bin/tar -c -Z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS
-! : : :.tar.gz:/bin/tar -c -z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP
+--- doc/examples/ftpconversions.orig Thu Mar 4 07:39:21 1999
++++ doc/examples/ftpconversions Tue Sep 23 17:27:47 2003
+@@ -1,9 +1,9 @@
+- :.Z: : :/bin/compress -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS
+- : : :.Z:/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS
+- :.gz: : :/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:GUNZIP
+- : : :.gz:/bin/gzip -9 -c %s:T_REG:O_COMPRESS:GZIP
+- : : :.tar:/bin/tar -c -f - %s:T_REG|T_DIR:O_TAR:TAR
+- : : :.tar.Z:/bin/tar -c -Z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS
+- : : :.tar.gz:/bin/tar -c -z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP
+- : : :.crc:/bin/cksum %s:T_REG::CKSUM
+- : : :.md5:/bin/md5sum %s:T_REG::MD5SUM
++ :.Z: : :/usr/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS
++ : : :.Z:/usr/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS
++ :.gz: : :/usr/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:GUNZIP
++ : : :.gz:/usr/bin/gzip -9 -c %s:T_REG:O_COMPRESS:GZIP
++ : : :.tar:/usr/bin/tar -c -f - -- %s:T_REG|T_DIR:O_TAR:TAR
++ : : :.tar.Z:/usr/bin/tar -c -Z -f - -- %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS
++ : : :.tar.gz:/usr/bin/tar -c -z -f - -- %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP
++ : : :.crc:/usr/bin/cksum %s:T_REG::CKSUM
++ : : :.md5:/sbin/md5 %s:T_REG::MD5SUM
diff --git a/ftp/wu-ftpd/files/patch-as b/ftp/wu-ftpd/files/patch-as
deleted file mode 100644
index 2f4570616c2b..000000000000
--- a/ftp/wu-ftpd/files/patch-as
+++ /dev/null
@@ -1,11 +0,0 @@
---- src/realpath.c.orig Mon Jul 28 16:18:15 2003
-+++ src/realpath.c Mon Jul 28 16:18:44 2003
-@@ -299,7 +299,7 @@
- rootd = 0;
-
- if (*wbuf) {
-- if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) {
-+ if (strlen(resolved) + strlen(wbuf) + !rootd + 1 > MAXPATHLEN) {
- errno = ENAMETOOLONG;
- goto err1;
- }