Integrate official DOS-attack prevention patch

Add -- to tar args to stop hacking with "-"-started files in ftpconversions Approved by: security-officer ('--' fix), portmgr
author: ache <ache@FreeBSD.org> 2003-09-23 16:58:10 +0000
committer: ache <ache@FreeBSD.org> 2003-09-23 16:58:10 +0000
commit: f8a4ee8c10aae79df5207d8b0c1ed5e258d10bc0 (patch)
tree: bb43bbedecd3660777df7cd6ac8f5736d18f5fff /ftp
parent: 2be69f7a325363cadbcbd2d025684652a61503e6 (diff)
download: FreeBSD-ports-f8a4ee8c10aae79df5207d8b0c1ed5e258d10bc0.zip
FreeBSD-ports-f8a4ee8c10aae79df5207d8b0c1ed5e258d10bc0.tar.gz
4 files changed, 26 insertions, 31 deletions
diff --git a/ftp/wu-ftpd/Makefile b/ftp/wu-ftpd/Makefile
index 2698183..ab085a8 100644
--- a/ftp/wu-ftpd/Makefile
+++ b/ftp/wu-ftpd/Makefile
@@ -9,9 +9,11 @@
 
 PORTNAME=	wu-ftpd
 PORTVERSION=    2.6.2
-PORTREVISION=   2
+PORTREVISION=   3
 CATEGORIES=	ftp
 MASTER_SITES=	ftp://ftp.wu-ftpd.org/pub/wu-ftpd/
+PATCH_SITES=    ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/
+PATCHFILES=     connect-dos.patch realpath.patch
 
 MAINTAINER=	ache@FreeBSD.org
 COMMENT=	A replacement ftp server for Un*x systems
diff --git a/ftp/wu-ftpd/distinfo b/ftp/wu-ftpd/distinfo
index 943113c..fdf7219 100644
--- a/ftp/wu-ftpd/distinfo
+++ b/ftp/wu-ftpd/distinfo
@@ -1 +1,3 @@
 MD5 (wu-ftpd-2.6.2.tar.gz) = b3c271f02aadf663b8811d1bff9da3f6
+MD5 (connect-dos.patch) = 28baacb281dfb8f784b68a7db88f12cb
+MD5 (realpath.patch) = ec7f87e527efdb5bcc0d2edcb29800c4
diff --git a/ftp/wu-ftpd/files/patch-ag b/ftp/wu-ftpd/files/patch-ag
index dabfbce..70ab437 100644
--- a/ftp/wu-ftpd/files/patch-ag
+++ b/ftp/wu-ftpd/files/patch-ag
@@ -1,19 +1,21 @@
-*** doc/examples/ftpconversions.orig	Wed Jan 25 22:11:02 1995
---- doc/examples/ftpconversions	Wed Jan 25 22:11:49 1995
-***************
-*** 1,7 ****
-!  :.Z:  :  :/bin/compress -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS
-   :   : :.Z:/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS
-   :.gz: :  :/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:GUNZIP
-   :   : :.gz:/bin/gzip -9 -c %s:T_REG:O_COMPRESS:GZIP
-   :   : :.tar:/bin/tar -c -f - %s:T_REG|T_DIR:O_TAR:TAR
-   :   : :.tar.Z:/bin/tar -c -Z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS
-!  :   : :.tar.gz:/bin/tar -c -z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP
---- 1,7 ----
-!  :.Z:  :  :/bin/gzip -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS
-   :   : :.Z:/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS
-   :.gz: :  :/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:GUNZIP
-   :   : :.gz:/bin/gzip -9 -c %s:T_REG:O_COMPRESS:GZIP
-   :   : :.tar:/bin/tar -c -f - %s:T_REG|T_DIR:O_TAR:TAR
-   :   : :.tar.Z:/bin/tar -c -Z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS
-!  :   : :.tar.gz:/bin/tar -c -z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP
+--- doc/examples/ftpconversions.orig	Thu Mar  4 07:39:21 1999
++++ doc/examples/ftpconversions	Tue Sep 23 17:27:47 2003
+@@ -1,9 +1,9 @@
+- :.Z:  :  :/bin/compress -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS
+- :   : :.Z:/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS
+- :.gz: :  :/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:GUNZIP
+- :   : :.gz:/bin/gzip -9 -c %s:T_REG:O_COMPRESS:GZIP
+- :   : :.tar:/bin/tar -c -f - %s:T_REG|T_DIR:O_TAR:TAR
+- :   : :.tar.Z:/bin/tar -c -Z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS
+- :   : :.tar.gz:/bin/tar -c -z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP
+- :   : :.crc:/bin/cksum %s:T_REG::CKSUM
+- :   : :.md5:/bin/md5sum %s:T_REG::MD5SUM
++ :.Z:  :  :/usr/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS
++ :   : :.Z:/usr/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS
++ :.gz: :  :/usr/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:GUNZIP
++ :   : :.gz:/usr/bin/gzip -9 -c %s:T_REG:O_COMPRESS:GZIP
++ :   : :.tar:/usr/bin/tar -c -f - -- %s:T_REG|T_DIR:O_TAR:TAR
++ :   : :.tar.Z:/usr/bin/tar -c -Z -f - -- %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS
++ :   : :.tar.gz:/usr/bin/tar -c -z -f - -- %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP
++ :   : :.crc:/usr/bin/cksum %s:T_REG::CKSUM
++ :   : :.md5:/sbin/md5 %s:T_REG::MD5SUM
diff --git a/ftp/wu-ftpd/files/patch-as b/ftp/wu-ftpd/files/patch-as
deleted file mode 100644
index 2f45706..0000000
--- a/ftp/wu-ftpd/files/patch-as
+++ /dev/null
@@ -1,11 +0,0 @@
---- src/realpath.c.orig	Mon Jul 28 16:18:15 2003
-+++ src/realpath.c	Mon Jul 28 16:18:44 2003
-@@ -299,7 +299,7 @@
- 	rootd = 0;
- 
-     if (*wbuf) {
--	if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) {
-+	if (strlen(resolved) + strlen(wbuf) + !rootd + 1 > MAXPATHLEN) {
- 	    errno = ENAMETOOLONG;
- 	    goto err1;
- 	}
author	ache <ache@FreeBSD.org>	2003-09-23 16:58:10 +0000
committer	ache <ache@FreeBSD.org>	2003-09-23 16:58:10 +0000
commit	f8a4ee8c10aae79df5207d8b0c1ed5e258d10bc0 (patch)
tree	bb43bbedecd3660777df7cd6ac8f5736d18f5fff /ftp
parent	2be69f7a325363cadbcbd2d025684652a61503e6 (diff)
download	FreeBSD-ports-f8a4ee8c10aae79df5207d8b0c1ed5e258d10bc0.zip FreeBSD-ports-f8a4ee8c10aae79df5207d8b0c1ed5e258d10bc0.tar.gz