pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/misc/jitterbug Add security fix for CAN-2004-0028 base...
details: https://anonhg.NetBSD.org/pkgsrc/rev/a8f13bf25493
branches: trunk
changeset: 467983:a8f13bf25493
user: wennmach <wennmach%pkgsrc.org@localhost>
date: Mon Feb 09 09:17:50 2004 +0000
description:
Add security fix for CAN-2004-0028 based on the patches provided
by the Debian project.
diffstat:
misc/jitterbug/Makefile | 3 +-
misc/jitterbug/distinfo | 6 +-
misc/jitterbug/patches/patch-ab | 143 +++++++++++++++++++++++++++++++++
misc/jitterbug/patches/patch-ac | 173 ++++++++++++++++++++++++++++++++++++++++
misc/jitterbug/patches/patch-ad | 56 ++++++++++++
misc/jitterbug/patches/patch-ae | 18 ++++
6 files changed, 397 insertions(+), 2 deletions(-)
diffs (truncated from 432 to 300 lines):
diff -r 389c0dbe7883 -r a8f13bf25493 misc/jitterbug/Makefile
--- a/misc/jitterbug/Makefile Mon Feb 09 08:24:38 2004 +0000
+++ b/misc/jitterbug/Makefile Mon Feb 09 09:17:50 2004 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.23 2004/01/20 12:21:02 agc Exp $
+# $NetBSD: Makefile,v 1.24 2004/02/09 09:17:50 wennmach Exp $
DISTNAME= jitterbug-1.6.2
+PKGREVISION= 1
CATEGORIES= misc
MASTER_SITES= ftp://jitterbug.samba.org/pub/jitterbug/
diff -r 389c0dbe7883 -r a8f13bf25493 misc/jitterbug/distinfo
--- a/misc/jitterbug/distinfo Mon Feb 09 08:24:38 2004 +0000
+++ b/misc/jitterbug/distinfo Mon Feb 09 09:17:50 2004 +0000
@@ -1,5 +1,9 @@
-$NetBSD: distinfo,v 1.2 2001/04/20 13:52:13 agc Exp $
+$NetBSD: distinfo,v 1.3 2004/02/09 09:17:50 wennmach Exp $
SHA1 (jitterbug-1.6.2.tar.gz) = c9c25ee892883560a829f832efbd028b8531651f
Size (jitterbug-1.6.2.tar.gz) = 98728 bytes
SHA1 (patch-aa) = 9573d1a2f78aef1bd381082080902c50b40bb067
+SHA1 (patch-ab) = 68cb6975b9a330e8889c2812c03e279679ffa754
+SHA1 (patch-ac) = 019e3e86768cd9d680467747676bd8f034553718
+SHA1 (patch-ad) = 87e86b56734deb0210c453ec77ba1f7b1973a79e
+SHA1 (patch-ae) = d9d4013efa79a860f08ec34dd1dadceeb23ac408
diff -r 389c0dbe7883 -r a8f13bf25493 misc/jitterbug/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/jitterbug/patches/patch-ab Mon Feb 09 09:17:50 2004 +0000
@@ -0,0 +1,143 @@
+$NetBSD: patch-ab,v 1.1 2004/02/09 09:17:50 wennmach Exp $
+
+Security patches for jitterbug (taken from Debian GNU/Linux).
+See http://www.debian.org/security/2004/dsa-420
+
+--- jitterbug.c.orig Wed Nov 11 13:30:17 1998
++++ jitterbug.c Wed Jan 14 17:34:04 2004
+@@ -57,7 +57,7 @@
+ static int case_sensitive;
+ static int messagetype = MTYPE_ALL;
+ static int numquotelines;
+-static int addsignature;
++static int addsignature = 1;
+ static int fullheaders;
+
+ /* these are the user preferences -- reflect changes in dump_globals() */
+@@ -118,7 +118,7 @@
+ }
+
+
+- if (getuid() == 0) return 0;
++ if (strchr(fname, '/') && geteuid() == 0) return 0;
+
+ data = load_file(fname, NULL, 0);
+ if (!data) {
+@@ -727,6 +727,11 @@
+ }
+ }
+
++/* return true when the text doesn't have a trailing newline */
++static unsigned nolastnl(char *txt)
++{ return *txt && '\n'!=strchr(txt,'\0')[-1];
++}
++
+
+ /* free up an info structure loaded by get_info */
+ static void free_info(struct message_info *info)
+@@ -971,6 +976,7 @@
+ FILE *f;
+ char *name = cgi_variable("auditid");
+ char *source = cgi_variable("sources");
++ char *p;
+ char buf[1000];
+ int len;
+ struct message_info info = zero_info;
+@@ -989,6 +995,14 @@
+
+ sprintf(buf,"%s %s %s", lp_autopatch(), source, name);
+
++ p = buf;
++
++ while (*p) {
++ if (!isalnum(*p) && !strchr(";_|=+ &^#@!(){}[].",*p))
++ fatal("invalid character in expression");
++ p++;
++ }
++
+ printf("<hr>\n");
+
+ f = popen(buf,"r");
+@@ -1012,6 +1026,7 @@
+ {
+ FILE *f;
+ char *name = cgi_variable("decodeview");
++ char *p;
+ char buf[1000];
+ int len;
+ struct message_info info = zero_info;
+@@ -1028,6 +1043,13 @@
+
+ sprintf(buf,"%s %s", lp_decoder(), name);
+
++ p = buf;
++ while (*p) {
++ if (!isalnum(*p) && !strchr(";_|=+ &^#@!(){}[].",*p))
++ fatal("invalid character in expression");
++ p++;
++ }
++
+ printf("<hr>\n");
+
+ f = popen(buf,"r");
+@@ -1271,8 +1293,13 @@
+ }
+
+ smtp_write_data(fd, body);
+- if (sig)
++ if(nolastnl(body))
++ smtp_write(fd, "\n");
++ if (sig) {
+ smtp_write_data(fd, sig);
++ if(nolastnl(sig))
++ smtp_write(fd, "\n");
++ }
+ if (smtp_end_mail(fd) == -1)
+ fatal(smtp_error());
+ }
+@@ -1392,8 +1419,13 @@
+ if (cc && *cc)
+ fprintf(f,"CC: %s\n", cc);
+ fprintf(f,"\n%s", body);
+- if (addsignature && signature)
++ if(nolastnl(body))
++ fprintf(f, "\n");
++ if (addsignature && signature) {
+ fprintf(f,"%s", signature);
++ if(nolastnl(signature))
++ fprintf(f, "\n");
++ }
+ fclose(f);
+ close(fd);
+
+@@ -2179,6 +2211,7 @@
+ int len;
+ char buf[1000];
+ char *decode = cgi_variable("decode");
++ char *p;
+
+ if (guest && !lp_guest_download()) {
+ fatal("guest download has been disabled\n");
+@@ -2199,6 +2232,13 @@
+ if (decode) {
+ sprintf(buf,"%s %s", lp_decoder(), fname);
+
++ p = buf;
++ while (*p) {
++ if (!isalnum(*p) && !strchr(";_|=+ &^#@!(){}[].",*p))
++ fatal("invalid character in expression");
++ p++;
++ }
++
+ f = popen(buf,"r");
+ } else {
+ f = fopen(fname,"r");
+@@ -2208,7 +2248,7 @@
+ fatal("unable to open file");
+ }
+
+- printf("Content-Type: application/octet-stream\n");
++ printf("Content-Type: message/rfc822\n");
+ if (gzip_encoding || lp_gzip_download()) {
+ printf("\n");
+ cgi_start_gzip();
diff -r 389c0dbe7883 -r a8f13bf25493 misc/jitterbug/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/jitterbug/patches/patch-ac Mon Feb 09 09:17:50 2004 +0000
@@ -0,0 +1,173 @@
+$NetBSD: patch-ac,v 1.1 2004/02/09 09:17:50 wennmach Exp $
+
+Security patches for jitterbug (taken from Debian GNU/Linux).
+See http://www.debian.org/security/2004/dsa-420
+
+--- new_message.c.orig Wed Nov 11 13:30:17 1998
++++ new_message.c Wed Jan 14 17:34:04 2004
+@@ -206,6 +206,133 @@
+ smtp_end_mail(fd);
+ }
+
++/* This function should always return success */
++static int mail_failure(char* from, char* to, char* content)
++{
++ int fd;
++ fd = smtp_start_mail(from, to, NULL, NULL, "Request failed", strlen(content));
++ if ( fd == -1 ) {
++ fprintf(stderr, "Failed to send failure\n");
++ return 0;
++ }
++ smtp_write(fd, "\n");
++ smtp_write_data(fd, content);
++ smtp_end_mail(fd);
++ return 0;
++}
++
++static int is_a_bug(char* name)
++{
++ if (*name >= '1' && *name <= '9')
++ return !is_directory(name);
++ return 0;
++}
++
++static int get_bug(char *mbuf, char* to, char *query)
++{
++ int fd;
++ char *from, *p;
++ char *subject="Jitterbug results";
++ char buf[1024];
++ unsigned int size=0;
++ char boundary[128];
++ struct stat st;
++ char *bug;
++ char* msg_id;
++ char *msg_list;
++
++ snprintf(boundary, sizeof(boundary), "jitterbug-burp-%d-%d", getpid(), time(NULL));
++
++ /* maybe check for lp_download? */
++ /* maybe add info to audit? */
++ from = lp_from_address();
++
++ while (*query && *query == ' ') query++;
++ if (!strncmp(query, "list", 4)) {
++ char** dir_l, **file_l;
++ int i, j;
++ query += 4;
++ fd = smtp_start_mail(from, to, NULL, NULL, subject, 0);
++ if ( fd == -1 )
++ return 1;
++
++ msg_id = getmailheader(mbuf, "Message-ID:", 0);
++ if ( msg_id )
++ smtp_write(fd, "References: %s\n", msg_id);
++ smtp_write(fd, "\nList for query: %s\n\n", query);
++ trim_string(query, " ", " ");
++ /* use strtok to allow multiple queries */
++ if (!*query || *query == '/' || *query == '.') {
++ query = ".";
++ dir_l = load_dir_list(query, is_directory);
++ } else {
++ dir_l = new_list();
++ add_list_item(dir_l, query);
++ }
++ for (i=0; dir_l && dir_l[i]; ++i) {
++ file_l = load_dir_list(dir_l[i], is_a_bug);
++ /* maybe add subject, from, ... */
++ for (j=0; file_l && file_l[j]; ++j)
++ smtp_write(fd, "%s/%s\n", dir_l[i], file_l[j]);
++ free_list(file_l);
++ }
++ free_list(dir_l);
++ smtp_end_mail(fd);
++ return 0;
++ } else if (!strncmp(query, "get", 3)) {
++ query += 3;
++ } else if (!strncmp(query, "search", 6)) {
++ query += 6;
++ snprintf(buf, sizeof(buf), "Not implemeted (%s)\n", query);
++ return mail_failure(from, to, buf);
++ } else {
++ snprintf(buf, sizeof(buf), "Not implemeted (%s)\n", query);
++ return mail_failure(from, to, buf);
++ }
++
++ fd = smtp_start_mail(from, to, NULL, NULL, subject, 0);
++ if ( fd == -1 )
++ return 1;
++
++ msg_id = getmailheader(mbuf, "Message-ID:", 0);
++ if ( msg_id )
++ smtp_write(fd, "References: %s\n", msg_id);
++ smtp_write(fd, "Mime-Version: 1.0\n");
++ smtp_write(fd, "Content-Type: multipart/mixed; boundary=%s\n\n", boundary);
++ msg_list = strdup(query);
++ for (query = strtok(msg_list, " \t,;"); query; query = strtok(NULL, " \t,;")) {
++ smtp_write(fd, "\n--%s\nContent-Type: text/plain; charset=us-ascii\n", boundary);
++ /* a few security checks */
++ if (*query == '/' || strchr(query, '.') || !(p=strchr(query, '/'))) {
++ smtp_write(fd, "\nNot allowed (%s)\n", query);
++ continue;
++ }
++ *p = 0;
++ if ( !is_directory(query) ) {
++ smtp_write(fd, "\nNot allowed (%s)\n", query);
++ continue;
++ }
++ *p = '/';
++ bug = load_file(query, &st, 0);
++ if ( !bug ) {
++ smtp_write(fd, "\nCannot load (%s)\n", query);
++ continue;
++ }
Home |
Main Index |
Thread Index |
Old Index