From e98c28f24745d55f5dae53c7374ec76e30de3496 Mon Sep 17 00:00:00 2001 From: sf Date: Wed, 11 Dec 2002 18:20:04 +0000 Subject: o unbreak manpage. - pod2man is required to build manpage. o set LANG=C for sed. - This case [:print:] does not work correctly without LANG=C. o Fix directory traversal bug in FTP. References: http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719482&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344 Patches obtained from: Red Hat Linux --- ftp/wget+ipv6/Makefile | 5 +++-- ftp/wget+ipv6/files/patch-src_fnmatch_c | 21 +++++++++++++++++ ftp/wget+ipv6/files/patch-src_ftp_c | 40 +++++++++++++++++++++++++++++++++ 3 files changed, 64 insertions(+), 2 deletions(-) create mode 100644 ftp/wget+ipv6/files/patch-src_fnmatch_c create mode 100644 ftp/wget+ipv6/files/patch-src_ftp_c (limited to 'ftp/wget+ipv6') diff --git a/ftp/wget+ipv6/Makefile b/ftp/wget+ipv6/Makefile index 2a88a48ed098..38cb9c8fa74f 100644 --- a/ftp/wget+ipv6/Makefile +++ b/ftp/wget+ipv6/Makefile @@ -7,7 +7,7 @@ PORTNAME= wget PORTVERSION= 1.7 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= ftp www ipv6 MASTER_SITES= ${MASTER_SITE_GNU} \ ftp://ftp.dl.ac.uk/ccp14/ftp-mirror/wget/pub/unix/util/wget/ \ @@ -30,6 +30,7 @@ LIB_DEPENDS= intl.4:${PORTSDIR}/devel/gettext USE_OPENSSL= yes CONFIGURE_ARGS= --with-ssl=${OPENSSLBASE} .endif +USE_PERL5_BUILD= yes USE_GMAKE= yes USE_REINPLACE= yes GNU_CONFIGURE= yes @@ -49,7 +50,7 @@ post-patch: ${MV} po/zh_TW.po po/zh_TW.po.utf-8; \ ${LOCALBASE}/bin/iconv -f UTF-8 -t BIG5 po/zh_TW.po.utf-8 |\ ${SED} -e 's,utf-8,big5,' |\ - ${SED} -Ee 's,([^[:print:]])\\,\1\\\\,g' |\ + ${ENV} LANG=C ${SED} -Ee 's,([^[:print:]])\\,\1\\\\,g' |\ ${SED} -Ee 's,\\\\([nt"]),\\\1,g' \ > po/zh_TW.po) diff --git a/ftp/wget+ipv6/files/patch-src_fnmatch_c b/ftp/wget+ipv6/files/patch-src_fnmatch_c new file mode 100644 index 000000000000..5da55bc4f562 --- /dev/null +++ b/ftp/wget+ipv6/files/patch-src_fnmatch_c @@ -0,0 +1,21 @@ +$OpenBSD: patch-src_fnmatch_c,v 1.1 2002/12/10 18:37:24 brad Exp $ +--- src/fnmatch.c.orig Tue Dec 10 13:06:09 2002 ++++ src/fnmatch.c Tue Dec 10 13:07:23 2002 +@@ -188,6 +188,17 @@ fnmatch (const char *pattern, const char + return (FNM_NOMATCH); + } + ++/* Return non-zero if S has a leading '/' or contains '../' */ ++int ++has_invalid_name (const char *s) ++{ ++ if (*s == '/') ++ return 1; ++ if (strstr(s, "../") != 0) ++ return 1; ++ return 0; ++} ++ + /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or + `]'). */ + int diff --git a/ftp/wget+ipv6/files/patch-src_ftp_c b/ftp/wget+ipv6/files/patch-src_ftp_c new file mode 100644 index 000000000000..3da2f4186d7e --- /dev/null +++ b/ftp/wget+ipv6/files/patch-src_ftp_c @@ -0,0 +1,40 @@ +$OpenBSD: patch-src_ftp_c,v 1.1 2002/12/10 18:37:24 brad Exp $ +--- src/ftp.c.orig Tue Dec 10 13:08:00 2002 ++++ src/ftp.c Tue Dec 10 13:16:22 2002 +@@ -1637,6 +1637,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc + { + struct fileinfo *orig, *start; + uerr_t res; ++ struct fileinfo *f; + + con->cmd |= LEAVE_PENDING; + +@@ -1648,8 +1649,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc + opt.accepts and opt.rejects. */ + if (opt.accepts || opt.rejects) + { +- struct fileinfo *f = orig; +- ++ f = orig; + while (f) + { + if (f->type != FT_DIRECTORY && !acceptable (f->name)) +@@ -1661,6 +1661,18 @@ ftp_retrieve_glob (struct urlinfo *u, cc + f = f->next; + } + } ++ /* Remove all files with possible harmful names */ ++ f = orig; ++ while (f) ++ { ++ if (has_invalid_name(f->name)) ++ { ++ logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name); ++ f = delelement (f, &start); ++ } ++ else ++ f = f->next; ++ } + /* Now weed out the files that do not match our globbing pattern. + If we are dealing with a globbing pattern, that is. */ + if (*u->file && (action == GLOBALL || action == GETONE)) -- cgit