aboutsummaryrefslogtreecommitdiffstats
path: root/ftp/wu-ftpd
diff options
context:
space:
mode:
authorcpiazza <cpiazza@FreeBSD.org>1999-08-31 03:14:07 +0800
committercpiazza <cpiazza@FreeBSD.org>1999-08-31 03:14:07 +0800
commit5da4fc457bfe10e575b7aa2f4399f375c18cc209 (patch)
treea206a0022f6cd0a080cdae05f7877e4336ea898e /ftp/wu-ftpd
parent3ad5d8a8983bad4d18954088dd855daac516c92b (diff)
downloadfreebsd-ports-gnome-5da4fc457bfe10e575b7aa2f4399f375c18cc209.tar.gz
freebsd-ports-gnome-5da4fc457bfe10e575b7aa2f4399f375c18cc209.tar.zst
freebsd-ports-gnome-5da4fc457bfe10e575b7aa2f4399f375c18cc209.zip
Add a PATCH_FILE to close a security hole in wu-ftpd.
Quoted from wu-ftpd group's accouncement: Due to insufficient bounds checking on directory name lengths which can be supplied by users, it is possible to overwrite the static memory space of the wu-ftpd daemon while it is executing under certain configurations. By having the ability to create directories and supplying carefully designed directory names to the wu-ftpd, users may gain privileged access. PR: 13475 Submitted by: jack@germanium.xtalwind.net
Diffstat (limited to 'ftp/wu-ftpd')
-rw-r--r--ftp/wu-ftpd/Makefile3
-rw-r--r--ftp/wu-ftpd/distinfo1
2 files changed, 4 insertions, 0 deletions
diff --git a/ftp/wu-ftpd/Makefile b/ftp/wu-ftpd/Makefile
index 20940b692a64..7ca3f872b7d3 100644
--- a/ftp/wu-ftpd/Makefile
+++ b/ftp/wu-ftpd/Makefile
@@ -12,6 +12,9 @@ DISTNAME= wu-ftpd-2.5.0
CATEGORIES= ftp
MASTER_SITES= ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd/
+PATCH_SITES= ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/
+PATCHFILES= mapped.path.overrun.patch
+
MAINTAINER= ache@FreeBSD.org
Y2K= http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html#QA35
diff --git a/ftp/wu-ftpd/distinfo b/ftp/wu-ftpd/distinfo
index 213f7f23a0d8..0a187286a77d 100644
--- a/ftp/wu-ftpd/distinfo
+++ b/ftp/wu-ftpd/distinfo
@@ -1 +1,2 @@
MD5 (wu-ftpd-2.5.0.tar.gz) = 98f9c8490e0d1ca2c3c57e60e65803b7
+MD5 (mapped.path.overrun.patch) = b01b65652eb3816f0ab11971ac52424d