From 6b9d2c117ba2e4c82a0aef9e3356a8d5609e63e0 Mon Sep 17 00:00:00 2001 From: kris Date: Mon, 30 Apr 2001 07:33:39 +0000 Subject: Upgrade to gftp 2.0.8 and mark FORBIDDEN. gftp 2.0.8 was a security update to fix a remotely exploitable format string vulnerability, but in the course of trying to make the new version actually build I discovered that it also has local tempfile vulnerabilities, among other problems. --- ftp/gftp/Makefile | 4 +++- ftp/gftp/distinfo | 2 +- ftp/gftp/files/patch-ac | 11 +++++++++++ ftp/gftp/files/patch-ad | 20 ++++++++++++++++++++ ftp/gftp/files/patch-ae | 11 +++++++++++ ftp/gftp/files/patch-af | 11 +++++++++++ 6 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 ftp/gftp/files/patch-ac create mode 100644 ftp/gftp/files/patch-ad create mode 100644 ftp/gftp/files/patch-ae create mode 100644 ftp/gftp/files/patch-af diff --git a/ftp/gftp/Makefile b/ftp/gftp/Makefile index 4de93c232079..d20db25068bb 100644 --- a/ftp/gftp/Makefile +++ b/ftp/gftp/Makefile @@ -6,7 +6,7 @@ # PORTNAME= gftp -PORTVERSION= 2.0.7b +PORTVERSION= 2.0.8 CATEGORIES= ftp MASTER_SITES= http://gftp.seul.org/ \ ftp://gftp.seul.org/pub/gftp/ @@ -20,6 +20,8 @@ GNU_CONFIGURE= yes CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ LIBS="-L${LOCALBASE}/lib" +FORBIDDEN= "Insecure temporary files up the wazoo" + MAN1= gftp.1 .include diff --git a/ftp/gftp/distinfo b/ftp/gftp/distinfo index a990b547a20e..12bceebdff59 100644 --- a/ftp/gftp/distinfo +++ b/ftp/gftp/distinfo @@ -1 +1 @@ -MD5 (gftp-2.0.7b.tar.gz) = 235162253d09281182ad6b9212141078 +MD5 (gftp-2.0.8.tar.gz) = a53217845e217162c11254fc936c1714 diff --git a/ftp/gftp/files/patch-ac b/ftp/gftp/files/patch-ac new file mode 100644 index 000000000000..1ae968b5648b --- /dev/null +++ b/ftp/gftp/files/patch-ac @@ -0,0 +1,11 @@ +--- src/text/Makefile.in.orig Mon Apr 30 00:11:48 2001 ++++ src/text/Makefile.in Mon Apr 30 00:13:22 2001 +@@ -99,7 +99,7 @@ + bin_PROGRAMS = gftp-text + gftp_text_SOURCES = gftp-text.c + INCLUDES = @GLIB_CFLAGS@ -DSHARE_DIR=\"$(datadir)/gftp\" -DLOCALE_DIR=\"$(localedir)\" +-LDADD = @INTLLIBS@ @GLIB_LIBS@ @EXTRA_LIBS@ ../../lib/libgftp.a ++LDADD = -lintl @INTLLIBS@ @GLIB_LIBS@ @EXTRA_LIBS@ ../../lib/libgftp.a + noinst_HEADERS = gftp-text.h + localedir = $(prefix)/share/locale + mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs diff --git a/ftp/gftp/files/patch-ad b/ftp/gftp/files/patch-ad new file mode 100644 index 000000000000..516e9d9f7a46 --- /dev/null +++ b/ftp/gftp/files/patch-ad @@ -0,0 +1,20 @@ +--- lib/cache.c.orig Sat Mar 3 17:42:43 2001 ++++ lib/cache.c Mon Apr 30 00:16:57 2001 +@@ -42,7 +42,7 @@ + } + g_free (tempstr); + +- srand (time (NULL)); ++ srandomdev(); + tempstr = NULL; + cachefile = NULL; + do +@@ -54,7 +54,7 @@ + g_free (cachefile); + + cachefile = g_strdup_printf ("cache%ld", +- 1 + (long) (99999999.0 * rand () / ++ 1 + (long) (99999999.0 * random () / + (RAND_MAX + 1.0))); + tempstr = g_strdup_printf ("%s/%s", cachedir, cachefile); + } diff --git a/ftp/gftp/files/patch-ae b/ftp/gftp/files/patch-ae new file mode 100644 index 000000000000..9d6c3c735fc2 --- /dev/null +++ b/ftp/gftp/files/patch-ae @@ -0,0 +1,11 @@ +--- src/gtk/gftp-gtk.h.orig Tue Mar 20 17:46:01 2001 ++++ src/gtk/gftp-gtk.h Mon Apr 30 00:18:12 2001 +@@ -197,7 +197,7 @@ + void ftp_log ( gftp_logging_level level, + void *ptr, + const char *string, +- ... ); ++ ... ) __attribute__((format(printf, 3, 4))); + + void refresh ( gftp_window_data * wdata ); + diff --git a/ftp/gftp/files/patch-af b/ftp/gftp/files/patch-af new file mode 100644 index 000000000000..d9c376646a48 --- /dev/null +++ b/ftp/gftp/files/patch-af @@ -0,0 +1,11 @@ +--- ./src/text/gftp-text.h.orig Fri Feb 23 10:59:57 2001 ++++ ./src/text/gftp-text.h Mon Apr 30 00:19:21 2001 +@@ -43,7 +43,7 @@ + /* gftp-text.h */ + void gftp_text_log ( gftp_logging_level level, + void *ptr, +- const char *string, ... ); ++ const char *string, ... ) __attribute__((format(printf, 3, 4))); + int gftp_text_open ( gftp_request * request, + char *command, + gpointer *data ); -- cgit