*Bumped PORTREVISION *Added combined patch-contrib-mod_sql.c Addresses distributor bugs #2828 & #2869 - mod_sql botches WHERE clauses and Support variables in SQL WHERE directives. *Added include/proftpd/mod_sql.h to pkg-plist
Please hold off on committing this. I found another problem and a new patch set is forthcoming. Beech (Maintainer)
Please commit these patches: diff -ruN --exclude=CVS /usr/ports/ftp/proftpd.orig/Makefile /usr/ports/ftp/proftpd/Makefile --- /usr/ports/ftp/proftpd.orig/Makefile Mon Jan 1 03:44:05 2007 +++ /usr/ports/ftp/proftpd/Makefile Mon Jan 1 22:15:59 2007 @@ -7,7 +7,7 @@ PORTNAME= proftpd DISTVERSION= 1.3.1rc1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= ftp MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ \ ftp://ftp.fastorama.com/mirrors/ftp.proftpd.org/distrib/source/ \ @@ -58,7 +58,7 @@ RADIUS "Include mod_radius" off \ QUOTATAB_RADIUS "include mod_quotatab_radius" off \ BAN "include mod_ban (Requires CTRLS)" off \ - NLS "Use nls-builds mod_lang" off + NLS "Use nls (builds mod_lang)" off MODULES?= LIBDIRS?= diff -ruN --exclude=CVS /usr/ports/ftp/proftpd.orig/files/patch-contrib-mod_sql.c /usr/ports/ftp/proftpd/files/patch-contrib-mod_sql.c --- /usr/ports/ftp/proftpd.orig/files/patch-contrib-mod_sql.c Wed Dec 31 14:00:00 1969 +++ /usr/ports/ftp/proftpd/files/patch-contrib-mod_sql.c Mon Jan 1 17:25:54 2007 @@ -0,0 +1,249 @@ +--- contrib/mod_sql.c.orig Mon Dec 11 13:40:18 2006 ++++ contrib/mod_sql.c Mon Jan 1 17:16:57 2007 +@@ -104,8 +104,11 @@ + + module sql_module; + +-static char *_sql_where(cmd_rec *, int, ...); + #define SQL_MAX_STMT_LEN 4096 ++ ++static char *sql_prepare_where(int, cmd_rec *, int, ...); ++#define SQL_PREPARE_WHERE_FL_NO_TAGS 0x00001 ++ + static char *resolve_long_tag(cmd_rec *, char *); + static int resolve_numeric_tag(cmd_rec *, char *); + static char *resolve_short_tag(cmd_rec *, char); +@@ -752,10 +755,10 @@ + return mr ? (char *) mr->data : NULL; + } + +-static char *_sql_where(cmd_rec *cmd, int cnt, ...) { ++static char *sql_prepare_where(int flags, cmd_rec *cmd, int cnt, ...) { + int i, flag; + int curr_avail; +- char *buf = "", *res, *tchar, *curr, *tmp; ++ char *buf = "", *res, *tchar; + va_list dummy; + + res = pcalloc(cmd->tmp_pool, SQL_MAX_STMT_LEN); +@@ -774,31 +777,53 @@ + } + va_end(dummy); + +- /* Process variables in WHERE clauses, except any "%{num}" references. */ +- curr = res; +- curr_avail = SQL_MAX_STMT_LEN; +- for (tmp = buf; *tmp; ) { +- char *str; +- modret_t *mr; ++ if (!(flags & SQL_PREPARE_WHERE_FL_NO_TAGS)) { ++ char *curr, *tmp; + +- if (*tmp == '%') { +- char *tag = NULL; ++ /* Process variables in WHERE clauses, except any "%{num}" references. */ ++ curr = res; ++ curr_avail = SQL_MAX_STMT_LEN; ++ ++ for (tmp = buf; *tmp; ) { ++ char *str; ++ modret_t *mr; + +- if (*(++tmp) == '{') { +- char *query; ++ if (*tmp == '%') { ++ char *tag = NULL; + +- if (*tmp != '\0') +- query = ++tmp; ++ if (*(++tmp) == '{') { ++ char *query; + +- while (*tmp && *tmp != '}') +- tmp++; ++ if (*tmp != '\0') ++ query = ++tmp; ++ ++ while (*tmp && *tmp != '}') ++ tmp++; ++ ++ tag = pstrndup(cmd->tmp_pool, query, (tmp - query)); ++ if (tag) { ++ str = resolve_long_tag(cmd, tag); ++ if (!str) ++ str = pstrdup(cmd->tmp_pool, ""); ++ ++ mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 2, "default", ++ str), "sql_escapestring"); ++ if (check_response(mr) < 0) ++ return NULL; ++ ++ sstrcat(curr, mr->data, curr_avail); ++ curr += strlen(mr->data); ++ curr_avail -= strlen(mr->data); + +- tag = pstrndup(cmd->tmp_pool, query, (tmp - query)); +- if (tag) { +- str = resolve_long_tag(cmd, tag); +- if (!str) +- str = pstrdup(cmd->tmp_pool, ""); ++ if (*tmp != '\0') ++ tmp++; ++ ++ } else { ++ return NULL; ++ } + ++ } else { ++ str = resolve_short_tag(cmd, *tmp); + mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 2, "default", + str), "sql_escapestring"); + if (check_response(mr) < 0) +@@ -810,32 +835,18 @@ + + if (*tmp != '\0') + tmp++; +- +- } else { +- return NULL; + } + + } else { +- str = resolve_short_tag(cmd, *tmp); +- mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 2, "default", +- str), "sql_escapestring"); +- if (check_response(mr) < 0) +- return NULL; +- +- sstrcat(curr, mr->data, curr_avail); +- curr += strlen(mr->data); +- curr_avail -= strlen(mr->data); +- +- if (*tmp != '\0') +- tmp++; ++ *curr++ = *tmp++; ++ curr_avail--; + } +- +- } else { +- *curr++ = *tmp++; +- curr_avail--; + } ++ *curr++ = '\0'; ++ ++ } else { ++ res = buf; + } +- *curr++ = '\0'; + + return res; + } +@@ -1212,7 +1223,7 @@ + } + + if (!cmap.usercustom) { +- where = _sql_where(cmd, 2, usrwhere, cmap.userwhere); ++ where = sql_prepare_where(0, cmd, 2, usrwhere, cmap.userwhere); + + mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 5, "default", + cmap.usrtable, cmap.usrfields, where, "1"), "sql_select"); +@@ -1438,7 +1449,7 @@ + return NULL; + } + +- where = _sql_where(cmd, 2, grpwhere, cmap.groupwhere); ++ where = sql_prepare_where(0, cmd, 2, grpwhere, cmap.groupwhere); + + mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 5, "default", + cmap.grptable, cmap.grpfield, where, "1"), "sql_select"); +@@ -1456,7 +1467,7 @@ + + grpwhere = pstrcat(cmd->tmp_pool, cmap.grpfield, " = '", groupname, "'", + NULL); +- where = _sql_where(cmd, 2, grpwhere, cmap.groupwhere); ++ where = sql_prepare_where(0, cmd, 2, grpwhere, cmap.groupwhere); + + mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 4, "default", + cmap.grptable, cmap.grpfields, where), "sql_select"); +@@ -1530,7 +1541,7 @@ + + usrwhere = pstrcat(cmd->tmp_pool, cmap.usrfield, " = '", _sql_realuser(cmd), + "'", NULL); +- where = _sql_where(cmd, 2, usrwhere, cmap.userwhere); ++ where = sql_prepare_where(0, cmd, 2, usrwhere, cmap.userwhere); + + mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 4, "default", cmap.usrtable, + query, where), "sql_update"); +@@ -1606,7 +1617,8 @@ + cmap.grpmembersfield, " = '", username, "'", NULL); + } + +- where = _sql_where(cmd, 2, grpwhere, cmap.groupwhere); ++ where = sql_prepare_where(SQL_PREPARE_WHERE_FL_NO_TAGS, cmd, 2, grpwhere, ++ sql_prepare_where(0, cmd, 1, cmap.groupwhere)); + + mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 4, "default", + cmap.grptable, cmap.grpfields, where), "sql_select"); +@@ -1746,7 +1758,7 @@ + static char *resolve_short_tag(cmd_rec *cmd, char tag) { + char arg[256] = {'\0'}, *argp; + +- switch(tag) { ++ switch (tag) { + case 'A': { + char *pass; + +@@ -2915,7 +2927,7 @@ + /* single select or not? */ + if (SQL_FASTUSERS) { + /* retrieve our list of passwds */ +- where = _sql_where(cmd, 1, cmap.userwhere); ++ where = sql_prepare_where(0, cmd, 1, cmap.userwhere); + + mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 4, "default", + cmap.usrtable, cmap.usrfields, where), "sql_select"); +@@ -2978,7 +2990,7 @@ + } + } else { + /* retrieve our list of passwds */ +- where = _sql_where(cmd, 1, cmap.userwhere); ++ where = sql_prepare_where(0, cmd, 1, cmap.userwhere); + + mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 4, "default", + cmap.usrtable, cmap.usrfield, where), "sql_select"); +@@ -3086,7 +3098,7 @@ + + if (SQL_FASTGROUPS) { + /* retrieve our list of groups */ +- where = _sql_where(cmd, 1, cmap.groupwhere); ++ where = sql_prepare_where(0, cmd, 1, cmap.groupwhere); + + mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 6, "default", + cmap.grptable, cmap.grpfields, where, NULL), "sql_select"); +@@ -3120,7 +3132,7 @@ + + } else { + /* retrieve our list of groups */ +- where = _sql_where(cmd, 1, cmap.groupwhere); ++ where = sql_prepare_where(0, cmd, 1, cmap.groupwhere); + + mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 6, "default", + cmap.grptable, cmap.grpfield, where, NULL, "DISTINCT"), "sql_select"); +@@ -3593,7 +3605,7 @@ + + usrwhere = pstrcat(cmd->tmp_pool, cmap.usrfield, " = '", _sql_realuser(cmd), + "'", NULL); +- where = _sql_where(cmd, 2, usrwhere, cmap.userwhere); ++ where = sql_prepare_where(0, cmd, 2, usrwhere, cmap.userwhere); + + query = pstrcat(cmd->tmp_pool, cmap.sql_fstor, ", ", + cmap.sql_fretr, ", ", cmap.sql_bstor, ", ", +@@ -3627,7 +3639,7 @@ + + usrwhere = pstrcat(cmd->tmp_pool, cmap.usrfield, " = '", _sql_realuser(cmd), + "'", NULL); +- where = _sql_where(cmd, 2, usrwhere, cmap.userwhere); ++ where = sql_prepare_where(0, cmd, 2, usrwhere, cmap.userwhere); + + query = pstrcat(cmd->tmp_pool, cmap.sql_frate, ", ", + cmap.sql_fcred, ", ", cmap.sql_brate, ", ", diff -ruN --exclude=CVS /usr/ports/ftp/proftpd.orig/pkg-plist /usr/ports/ftp/proftpd/pkg-plist --- /usr/ports/ftp/proftpd.orig/pkg-plist Mon Jan 1 03:44:05 2007 +++ /usr/ports/ftp/proftpd/pkg-plist Mon Jan 1 18:05:33 2007 @@ -29,6 +29,7 @@ include/proftpd/log.h include/proftpd/mkhome.h include/proftpd/mod_ctrls.h +include/proftpd/mod_sql.h include/proftpd/mod_wrap2.h include/proftpd/modules.h include/proftpd/netacl.h
Responsible Changed From-To: freebsd-ports-bugs->clsung I'll take it.
State Changed From-To: open->feedback The second patch got mangled due to linewrapping in your email client. Maybe you can put it somewhere for download?
The latest patch can be downloaded here: http://www.alaskaparadise.com/freebsd/patch-proftpd Beech (Maintainer) --
State Changed From-To: feedback->open Feedback received.
State Changed From-To: open->closed Committed, thanks! Note that you missed +.else +PLIST_SUB+= MYSQL="@comment " in the WITH_MYSQL section.
erwin 2007-01-07 10:45:36 UTC FreeBSD ports repository Modified files: ftp/proftpd Makefile pkg-plist Added files: ftp/proftpd/files patch-contrib-mod_sql.c Log: *Bumped PORTREVISION *Added combined patch-contrib-mod_sql.c Addresses distributor bugs #2828 & #2869 - mod_sql botches WHERE clauses and Support variables in SQL WHERE directives. *Added include/proftpd/mod_sql.h to pkg-plist PR: 107416 Submitted by: "Beech Rintoul" <beech@alaskaparadise.com> (maintainer) Revision Changes Path 1.98 +8 -4 ports/ftp/proftpd/Makefile 1.1 +268 -0 ports/ftp/proftpd/files/patch-contrib-mod_sql.c (new) 1.16 +1 -1 ports/ftp/proftpd/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"