summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2001-04-30 07:33:39 +0000
committerkris <kris@FreeBSD.org>2001-04-30 07:33:39 +0000
commit6b9d2c117ba2e4c82a0aef9e3356a8d5609e63e0 (patch)
tree628619502c72dbc8ca971469bd14648e3294b1e8
parent283e0a01938e8e6ae11aa9f9ed7bba97bef69b01 (diff)
downloadFreeBSD-ports-6b9d2c117ba2e4c82a0aef9e3356a8d5609e63e0.zip
FreeBSD-ports-6b9d2c117ba2e4c82a0aef9e3356a8d5609e63e0.tar.gz
Upgrade to gftp 2.0.8 and mark FORBIDDEN. gftp 2.0.8 was a security update
to fix a remotely exploitable format string vulnerability, but in the course of trying to make the new version actually build I discovered that it also has local tempfile vulnerabilities, among other problems.
-rw-r--r--ftp/gftp/Makefile4
-rw-r--r--ftp/gftp/distinfo2
-rw-r--r--ftp/gftp/files/patch-ac11
-rw-r--r--ftp/gftp/files/patch-ad20
-rw-r--r--ftp/gftp/files/patch-ae11
-rw-r--r--ftp/gftp/files/patch-af11
6 files changed, 57 insertions, 2 deletions
diff --git a/ftp/gftp/Makefile b/ftp/gftp/Makefile
index 4de93c2..d20db25 100644
--- a/ftp/gftp/Makefile
+++ b/ftp/gftp/Makefile
@@ -6,7 +6,7 @@
#
PORTNAME= gftp
-PORTVERSION= 2.0.7b
+PORTVERSION= 2.0.8
CATEGORIES= ftp
MASTER_SITES= http://gftp.seul.org/ \
ftp://gftp.seul.org/pub/gftp/
@@ -20,6 +20,8 @@ GNU_CONFIGURE= yes
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
LIBS="-L${LOCALBASE}/lib"
+FORBIDDEN= "Insecure temporary files up the wazoo"
+
MAN1= gftp.1
.include <bsd.port.pre.mk>
diff --git a/ftp/gftp/distinfo b/ftp/gftp/distinfo
index a990b54..12bceeb 100644
--- a/ftp/gftp/distinfo
+++ b/ftp/gftp/distinfo
@@ -1 +1 @@
-MD5 (gftp-2.0.7b.tar.gz) = 235162253d09281182ad6b9212141078
+MD5 (gftp-2.0.8.tar.gz) = a53217845e217162c11254fc936c1714
diff --git a/ftp/gftp/files/patch-ac b/ftp/gftp/files/patch-ac
new file mode 100644
index 0000000..1ae968b
--- /dev/null
+++ b/ftp/gftp/files/patch-ac
@@ -0,0 +1,11 @@
+--- src/text/Makefile.in.orig Mon Apr 30 00:11:48 2001
++++ src/text/Makefile.in Mon Apr 30 00:13:22 2001
+@@ -99,7 +99,7 @@
+ bin_PROGRAMS = gftp-text
+ gftp_text_SOURCES = gftp-text.c
+ INCLUDES = @GLIB_CFLAGS@ -DSHARE_DIR=\"$(datadir)/gftp\" -DLOCALE_DIR=\"$(localedir)\"
+-LDADD = @INTLLIBS@ @GLIB_LIBS@ @EXTRA_LIBS@ ../../lib/libgftp.a
++LDADD = -lintl @INTLLIBS@ @GLIB_LIBS@ @EXTRA_LIBS@ ../../lib/libgftp.a
+ noinst_HEADERS = gftp-text.h
+ localedir = $(prefix)/share/locale
+ mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
diff --git a/ftp/gftp/files/patch-ad b/ftp/gftp/files/patch-ad
new file mode 100644
index 0000000..516e9d9
--- /dev/null
+++ b/ftp/gftp/files/patch-ad
@@ -0,0 +1,20 @@
+--- lib/cache.c.orig Sat Mar 3 17:42:43 2001
++++ lib/cache.c Mon Apr 30 00:16:57 2001
+@@ -42,7 +42,7 @@
+ }
+ g_free (tempstr);
+
+- srand (time (NULL));
++ srandomdev();
+ tempstr = NULL;
+ cachefile = NULL;
+ do
+@@ -54,7 +54,7 @@
+ g_free (cachefile);
+
+ cachefile = g_strdup_printf ("cache%ld",
+- 1 + (long) (99999999.0 * rand () /
++ 1 + (long) (99999999.0 * random () /
+ (RAND_MAX + 1.0)));
+ tempstr = g_strdup_printf ("%s/%s", cachedir, cachefile);
+ }
diff --git a/ftp/gftp/files/patch-ae b/ftp/gftp/files/patch-ae
new file mode 100644
index 0000000..9d6c3c7
--- /dev/null
+++ b/ftp/gftp/files/patch-ae
@@ -0,0 +1,11 @@
+--- src/gtk/gftp-gtk.h.orig Tue Mar 20 17:46:01 2001
++++ src/gtk/gftp-gtk.h Mon Apr 30 00:18:12 2001
+@@ -197,7 +197,7 @@
+ void ftp_log ( gftp_logging_level level,
+ void *ptr,
+ const char *string,
+- ... );
++ ... ) __attribute__((format(printf, 3, 4)));
+
+ void refresh ( gftp_window_data * wdata );
+
diff --git a/ftp/gftp/files/patch-af b/ftp/gftp/files/patch-af
new file mode 100644
index 0000000..d9c3766
--- /dev/null
+++ b/ftp/gftp/files/patch-af
@@ -0,0 +1,11 @@
+--- ./src/text/gftp-text.h.orig Fri Feb 23 10:59:57 2001
++++ ./src/text/gftp-text.h Mon Apr 30 00:19:21 2001
+@@ -43,7 +43,7 @@
+ /* gftp-text.h */
+ void gftp_text_log ( gftp_logging_level level,
+ void *ptr,
+- const char *string, ... );
++ const char *string, ... ) __attribute__((format(printf, 3, 4)));
+ int gftp_text_open ( gftp_request * request,
+ char *command,
+ gpointer *data );
OpenPOWER on IntegriCloud