pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/cftp Fix local buffer overflow (with patch from me...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/754dc3dfd7de
branches:  trunk
changeset: 541015:754dc3dfd7de
user:      dillo <dillo%pkgsrc.org@localhost>
date:      Sun Apr 13 12:20:18 2008 +0000

description:
Fix local buffer overflow (with patch from mercurial repository).
Bump PKGREVISION to 2.

diffstat:

 net/cftp/Makefile         |   4 ++--
 net/cftp/distinfo         |   3 ++-
 net/cftp/patches/patch-ab |  15 +++++++++++++++
 3 files changed, 19 insertions(+), 3 deletions(-)

diffs (45 lines):

diff -r e6d9eb53884f -r 754dc3dfd7de net/cftp/Makefile
--- a/net/cftp/Makefile Sun Apr 13 11:03:33 2008 +0000
+++ b/net/cftp/Makefile Sun Apr 13 12:20:18 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.15 2008/03/11 16:22:32 jlam Exp $
+# $NetBSD: Makefile,v 1.16 2008/04/13 12:20:18 dillo Exp $
 #
 
 DISTNAME=      cftp-0.12
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    net
 MASTER_SITES=  http://ftp.giga.or.at/pub/nih/cftp/ \
                ftp://ftp.giga.or.at/pub/nih/cftp/
diff -r e6d9eb53884f -r 754dc3dfd7de net/cftp/distinfo
--- a/net/cftp/distinfo Sun Apr 13 11:03:33 2008 +0000
+++ b/net/cftp/distinfo Sun Apr 13 12:20:18 2008 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.7 2005/11/08 15:40:28 tv Exp $
+$NetBSD: distinfo,v 1.8 2008/04/13 12:20:18 dillo Exp $
 
 SHA1 (cftp-0.12.tar.gz) = ba583541be4bce2125849a677054d290140d0880
 RMD160 (cftp-0.12.tar.gz) = 9dfd1d3a03efd5d724bc0ed4c0dafbe19c47670d
 Size (cftp-0.12.tar.gz) = 182043 bytes
 SHA1 (patch-aa) = 7d691241fa45821a0e5aa56337ebccc6df21567a
+SHA1 (patch-ab) = 94841bf054059292552ed4c45e73b4c5a9624716
diff -r e6d9eb53884f -r 754dc3dfd7de net/cftp/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/cftp/patches/patch-ab Sun Apr 13 12:20:18 2008 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.1 2008/04/13 12:20:18 dillo Exp $
+
+Fix for local buffer overflow, from cftp mercurial repository (r574).
+
+--- readrc.c   Wed Jul 04 18:18:41 2007 +0200
++++ readrc.c   Sun Apr 13 14:10:51 2008 +0200
+@@ -57,7 +55,7 @@ readrc(char **userp, char **passp, char 
+     char b[8192], *p, *tok, *q, *home;
+     char *user, *pass, *host, *port, *wdir;
+ 
+-    if ((home=getenv("HOME")) == NULL)
++    if ((home=getenv("HOME")) == NULL || strlen(home) > sizeof(b)-9)
+       home = "";
+     sprintf(b, "%s/.cftprc", home);
+     



Home | Main Index | Thread Index | Old Index