Index: head/ftp/wzdftpd/Makefile =================================================================== --- head/ftp/wzdftpd/Makefile (revision 143578) +++ head/ftp/wzdftpd/Makefile (revision 143579) @@ -1,118 +1,119 @@ # New ports collection makefile for: wzdftpd # Date created: 2003-10-22 # Whom: Roman Bogorodskiy # # $FreeBSD$ # PORTNAME= wzdftpd PORTVERSION= 0.5.4 +PORTREVISION= 1 CATEGORIES= ftp ipv6 MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} MAINTAINER= novel@FreeBSD.org COMMENT= Modular FTP server configurable online using SITE commands USE_RC_SUBR= yes USE_REINPLACE= yes USE_GMAKE= yes GNU_CONFIGURE= yes INSTALLS_SHLIB= yes USE_INC_LIBTOOL_VER=13 CONFIGURE_ARGS+= --without-pam --without-pgsql CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} PKGMESSAGE= ${WRKDIR}/pkg-message OPTIONS= UTF8 "Enable UTF8 support" off \ TCL "Enable TCL support" off \ SSL "Enable OpenSSL support" on \ GNUTLS "Enable gnutls support" off \ IPV6 "Enable IPv6 support" on \ PERL "Enable PERL support" off \ MYSQL "Enable MYSQL backend" off MAN1= siteconfig.1 \ siteuptime.1 \ sitewho.1 \ wzd-config.1 MAN8= wzdftpd.8 .include .if defined(WITH_UTF8) USE_ICONV= yes CONFIGURE_ARGS+= --enable-utf8 .endif .if defined(WITH_TCL) LIB_DEPENDS+= tcl84:${PORTSDIR}/lang/tcl84 CONFIGURE_ARGS+= --with-tcl='${PREFIX}/lib/tcl8.4' PLIST_SUB+= TCL="" .else CONFIGURE_ARGS+= --without-tcl PLIST_SUB+= TCL="@comment " .endif .if defined(WITH_SSL) USE_OPENSSL= yes .else CONFIGURE_ARGS+= --disable-openssl .endif .if defined(WITH_GNUTLS) LIB_DEPENDS+= gnutls.12:${PORTSDIR}/security/gnutls .else CONFIGURE_ARGS+= --disable-gnutls .endif .if defined(WITH_IPV6) CONFIGURE_ARGS+= --enable-ipv6 .endif .if !defined(WITH_PERL) CONFIGURE_ARGS+= --disable-perl PLIST_SUB+= PERL="@comment " .else USE_PERL5= yes PLIST_SUB+= PERL="" .endif .if defined(WITH_MYSQL) USE_MYSQL= yes PLIST_SUB+= MYSQL="" .else CONFIGURE_ARGS+= --without-mysql PLIST_SUB+= MYSQL="@comment " .endif PORTDOCS= AUTHORS Permissions.ReadMeFirst README TLS.ReadMeFirst ChangeLog RC_SCRIPTS_SUB= PREFIX=${PREFIX} \ RC_SUBR=${RC_SUBR} post-patch: @${REINPLACE_CMD} -e "s|@HAVE_PERL_TRUE@|#|g" ${WRKSRC}/Makefile.in .if ${OSVERSION} < 500000 @${REINPLACE_CMD} -e "s|PRIu64|\"llu\"|g" ${WRKSRC}/src/*.[cl] \ ${WRKSRC}/backends/plaintext/*.[cl] ${WRKSRC}/backends/mysql/*.[cl] .endif post-install: .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} .for i in ${PORTDOCS} @${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR} .endfor .endif @${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \ ${FILESDIR}/wzdftpd.sh > ${PREFIX}/etc/rc.d/wzdftpd.sh @${CHMOD} ${BINMODE} ${PREFIX}/etc/rc.d/wzdftpd.sh @if test ! -f ${PREFIX}/etc/wzd.cfg; then \ ${CP} ${PREFIX}/etc/wzd.cfg.sample ${PREFIX}/etc/wzd.cfg; \ fi @if test ! -f ${PREFIX}/etc/users; then \ ${CP} ${PREFIX}/etc/users.sample ${PREFIX}/etc/users; \ fi .include Property changes on: head/ftp/wzdftpd/Makefile ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.29 \ No newline at end of property +1.30 \ No newline at end of property Index: head/ftp/wzdftpd/files/patch-popen-bug =================================================================== --- head/ftp/wzdftpd/files/patch-popen-bug (nonexistent) +++ head/ftp/wzdftpd/files/patch-popen-bug (revision 143579) @@ -0,0 +1,62 @@ +--- src/wzd_mod.c.orig 2005-09-26 09:34:42.000000000 +0200 ++++ src/wzd_mod.c 2005-09-26 09:46:41.000000000 +0200 +@@ -102,6 +102,7 @@ + } protocol_handler_t; + + static int _hook_print_file(const char *filename, wzd_context_t *context); ++void _cleanup_shell_command(char * buffer, size_t length); + + static protocol_handler_t * proto_handler_list=NULL; + static unsigned int _reply_code; +@@ -378,6 +379,8 @@ + { + *(buffer+l_command++) = ' '; + (void)wzd_strncpy(buffer + l_command, buffer_args, sizeof(buffer) - l_command - 1); ++ /* SECURITY filter buffer for shell special characters ! */ ++ _cleanup_shell_command(buffer,sizeof(buffer)); + if ( (command_output = popen(buffer,"r")) == NULL ) { + out_log(LEVEL_HIGH,"Hook '%s': unable to popen\n",hook->external_command); + return 1; +@@ -438,6 +441,8 @@ + else + { + /* *(buffer+l_command++) = ' ';*/ ++ /* SECURITY filter buffer for shell special characters ! */ ++ _cleanup_shell_command(buffer,sizeof(buffer)); + if ( (command_output = popen(buffer,"r")) == NULL ) { + out_log(LEVEL_HIGH,"Hook '%s': unable to popen\n",hook->external_command); + return 1; +@@ -733,6 +738,8 @@ + } + + ++/*************** STATIC ****************/ ++ + static int _hook_print_file(const char *filename, wzd_context_t *context) + { + wzd_cache_t * fp; +@@ -765,3 +772,24 @@ + + return 0; + } ++ ++void _cleanup_shell_command(char * buffer, size_t length) ++{ ++ const char * specials = "$\\|;!`()'\"#.,:*?{}[]&<>-~"; ++ size_t i,j; ++ char * buf2; ++ ++ buf2 = wzd_malloc(length); ++ ++ for (i=0,j=0; buffer[i]!='\0' && i= length) { buf2[j]='\0'; break; } ++ buf2[j++] = '\\'; ++ } ++ buf2[j] = buffer[i]; ++ } ++ ++ wzd_strncpy(buffer,buf2,length); ++ wzd_free(buf2); ++} ++ Property changes on: head/ftp/wzdftpd/files/patch-popen-bug ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property