Add a PATCH_FILE to close a security hole in wu-ftpd.

Quoted from wu-ftpd group's accouncement: Due to insufficient bounds checking on directory name lengths which can be supplied by users, it is possible to overwrite the static memory space of the wu-ftpd daemon while it is executing under certain configurations. By having the ability to create directories and supplying carefully designed directory names to the wu-ftpd, users may gain privileged access. PR: 13475 Submitted by: jack@germanium.xtalwind.net
svn path=/head/; revision=21133
2024-11-24 00:45:52 +00:00 · 1999-08-30 19:14:07 +00:00 · 1999-08-30 19:14:07 +00:00 · 58ca2806f3 · 2021-03-31 03:12:20 +00:00
commit 58ca2806f3
parent 0026d832e3
4 changed files with 8 additions and 0 deletions
--- a/ftp/wu-ftpd+ipv6/Makefile
+++ b/ftp/wu-ftpd+ipv6/Makefile
@ -12,6 +12,9 @@ DISTNAME=       wu-ftpd-2.5.0
 CATEGORIES=	ftp
 MASTER_SITES=   ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd/

+PATCH_SITES=	ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/
+PATCHFILES=	mapped.path.overrun.patch
+
 MAINTAINER=     ache@FreeBSD.org

 Y2K=		http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html#QA35
--- a/ftp/wu-ftpd+ipv6/distinfo
+++ b/ftp/wu-ftpd+ipv6/distinfo
@ -1 +1,2 @@
 MD5 (wu-ftpd-2.5.0.tar.gz) = 98f9c8490e0d1ca2c3c57e60e65803b7
+MD5 (mapped.path.overrun.patch) = b01b65652eb3816f0ab11971ac52424d
--- a/ftp/wu-ftpd/Makefile
+++ b/ftp/wu-ftpd/Makefile
@ -12,6 +12,9 @@ DISTNAME=       wu-ftpd-2.5.0
 CATEGORIES=	ftp
 MASTER_SITES=   ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd/

+PATCH_SITES=	ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/
+PATCHFILES=	mapped.path.overrun.patch
+
 MAINTAINER=     ache@FreeBSD.org

 Y2K=		http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html#QA35
--- a/ftp/wu-ftpd/distinfo
+++ b/ftp/wu-ftpd/distinfo
@ -1 +1,2 @@
 MD5 (wu-ftpd-2.5.0.tar.gz) = 98f9c8490e0d1ca2c3c57e60e65803b7
+MD5 (mapped.path.overrun.patch) = b01b65652eb3816f0ab11971ac52424d