[pkgsrc/trunk]: pkgsrc/security/msf Add patch to address msfweb "refang" secu...

[adrianp <adrianp%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e316fb33cd58
branches:  trunk
changeset: 497747:e316fb33cd58
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Wed Aug 03 20:37:44 2005 +0000

description:
Add patch to address msfweb "refang" security update
Bump to nb2
make pkglint happy

diffstat:

 security/msf/Makefile         |  10 +++++-----
 security/msf/distinfo         |   9 +++++----
 security/msf/patches/patch-aa |  24 ++++++++++++++++++++++++
 3 files changed, 34 insertions(+), 9 deletions(-)

diffs (73 lines):

diff -r 5d6df5ee0ce8 -r e316fb33cd58 security/msf/Makefile
--- a/security/msf/Makefile     Wed Aug 03 19:44:35 2005 +0000
+++ b/security/msf/Makefile     Wed Aug 03 20:37:44 2005 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.6 2005/07/16 01:19:19 jlam Exp $
+# $NetBSD: Makefile,v 1.7 2005/08/03 20:37:44 adrianp Exp $
 #
 
 DISTNAME=      framework-2.4
-PKGREVISION=   1
 PKGNAME=       msf-2.4
+PKGREVISION=   2
 CATEGORIES=    security
 MASTER_SITES=  http://www.metasploit.com/tools/
 
@@ -11,12 +11,12 @@
 HOMEPAGE=      http://www.metasploit.com/
 COMMENT=       Platform for developing, testing, and using exploit code
 
+DEPENDS+=      p5-Net-SSLeay>=1.23:../../security/p5-Net-SSLeay
+DEPENDS+=      p5-Term-ReadLine>=1.14:../../devel/p5-Term-ReadLine
+
 DIST_SUBDIR=   ${PKGNAME}
 LICENSE=       inlineegg-license
 
-DEPENDS+=      p5-Net-SSLeay>=1.23:../../security/p5-Net-SSLeay
-DEPENDS+=      p5-Term-ReadLine>=1.14:../../devel/p5-Term-ReadLine
-
 MSFDIR?=       ${PREFIX}/share/msf
 MSFDOC?=       ${PREFIX}/share/doc/msf
 MESSAGE_SUBST+= MSFDIR=${MSFDIR}
diff -r 5d6df5ee0ce8 -r e316fb33cd58 security/msf/distinfo
--- a/security/msf/distinfo     Wed Aug 03 19:44:35 2005 +0000
+++ b/security/msf/distinfo     Wed Aug 03 20:37:44 2005 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.5 2005/07/02 12:12:33 adrianp Exp $
+$NetBSD: distinfo,v 1.6 2005/08/03 20:37:44 adrianp Exp $
 
-SHA1 (msf-2.4nb1/framework-2.4.tar.gz) = b09ec49e259d812805301dc9152175903e46beb3
-RMD160 (msf-2.4nb1/framework-2.4.tar.gz) = c2791c46d6c7b8ac9490acfb81f88f5be7105855
-Size (msf-2.4nb1/framework-2.4.tar.gz) = 2607730 bytes
+SHA1 (msf-2.4nb2/framework-2.4.tar.gz) = b09ec49e259d812805301dc9152175903e46beb3
+RMD160 (msf-2.4nb2/framework-2.4.tar.gz) = c2791c46d6c7b8ac9490acfb81f88f5be7105855
+Size (msf-2.4nb2/framework-2.4.tar.gz) = 2607730 bytes
+SHA1 (patch-aa) = 318c8136c22d95195ecd40071d36ae22af0807bb
diff -r 5d6df5ee0ce8 -r e316fb33cd58 security/msf/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/msf/patches/patch-aa     Wed Aug 03 20:37:44 2005 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-aa,v 1.1 2005/08/03 20:37:44 adrianp Exp $
+
+--- msfweb.orig        2005-08-03 21:12:33.000000000 +0100
++++ msfweb     2005-08-03 21:04:52.000000000 +0100
+@@ -616,7 +616,18 @@
+     my $res = {};
+     
+     foreach (keys(%{$state})) {
+-        if (m/^OPT\_(.*)/ && defined($state->{$_})) { $res->{$1} = $state->{$_} }
++        if (m/^OPT\_(.*)/ && defined($state->{$_})) {
++                      my $name = $1;
++                      
++                      # Block all options starting with underscore (thanks Dino!)
++                      if ($name !~ /^_/) {
++                              $res->{$name} = $state->{$_};
++                      }
++                      else {
++                              # XXX - report a possible "refang" attack?
++                              next;
++                      }
++              }
+     }
+     return $res;
+ }