FreeBSD Bugzilla – Attachment 250088 Details for
Bug 278463
ftp/filezilla: needs update to 3.67.0 to fix PuTTY bug leaking info on NIST-P521 based private keys [CVE-2024-31497]
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
libfilezilla update as requisite to next patch that updates filezilla
0001-ftp-libfilezilla-update-to-0.47-strip-out-shadow.h-m.patch (text/plain), 4.11 KB, created by
Matthias Andree
on 2024-04-19 16:42:30 UTC
(
hide
)
Description:
libfilezilla update as requisite to next patch that updates filezilla
Filename:
MIME Type:
Creator:
Matthias Andree
Created:
2024-04-19 16:42:30 UTC
Size:
4.11 KB
patch
obsolete
>From ef2c2db8725cf06e3d9e2944b2ebf5040b380a48 Mon Sep 17 00:00:00 2001 >From: Matthias Andree <mandree@FreeBSD.org> >Date: Fri, 19 Apr 2024 17:44:13 +0200 >Subject: [PATCH 1/2] ftp/libfilezilla: update to 0.47, strip out shadow.h > material > >...which is a Linuxism, and is required to support impersonation, >which itself requires root privileges - probably not a good idea on a >heaviweight graphical file transfer tool. > >This was already reported from a NetBSD user here: >https://trac.filezilla-project.org/ticket/12658 >--- > ftp/libfilezilla/Makefile | 7 +- > ftp/libfilezilla/distinfo | 6 +- > .../files/patch-lib_impersonation.cpp | 73 +++++++++++++++++++ > 3 files changed, 80 insertions(+), 6 deletions(-) > create mode 100644 ftp/libfilezilla/files/patch-lib_impersonation.cpp > >diff --git a/ftp/libfilezilla/Makefile b/ftp/libfilezilla/Makefile >index ebe8b5c192b5..87306506b97f 100644 >--- a/ftp/libfilezilla/Makefile >+++ b/ftp/libfilezilla/Makefile >@@ -1,5 +1,5 @@ > PORTNAME= libfilezilla >-PORTVERSION= 0.31.1 >+PORTVERSION= 0.47.0 > CATEGORIES= ftp > MASTER_SITES= https://download.filezilla-project.org/${PORTNAME}/ > >@@ -10,11 +10,12 @@ WWW= https://lib.filezilla-project.org/ > LICENSE= GPLv2+ > LICENSE_FILE= ${WRKSRC}/COPYING > >-LIB_DEPENDS= libgnutls.so:security/gnutls \ >+LIB_DEPENDS= libgmp.so:math/gmp \ >+ libgnutls.so:security/gnutls \ > libnettle.so:security/nettle > > USES= compiler:c++17-lang gettext gmake iconv:wchar_t libtool \ >- localbase pathfix pkgconfig tar:bzip2 >+ localbase pathfix pkgconfig tar:xz > USE_LDCONFIG= yes > GNU_CONFIGURE= yes > INSTALL_TARGET= install-strip >diff --git a/ftp/libfilezilla/distinfo b/ftp/libfilezilla/distinfo >index 3fa7c275f8c8..b142fd53f8af 100644 >--- a/ftp/libfilezilla/distinfo >+++ b/ftp/libfilezilla/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1631623924 >-SHA256 (libfilezilla-0.31.1.tar.bz2) = 997d5887b6015f3869d375b0cbc4b4942fcb24dbe4b4346885c946cfe733166f >-SIZE (libfilezilla-0.31.1.tar.bz2) = 585070 >+TIMESTAMP = 1713540004 >+SHA256 (libfilezilla-0.47.0.tar.xz) = 618a586b613bef710a633c42bfdda61666cbb0fc8a92ad490361d0bc91c58341 >+SIZE (libfilezilla-0.47.0.tar.xz) = 551484 >diff --git a/ftp/libfilezilla/files/patch-lib_impersonation.cpp b/ftp/libfilezilla/files/patch-lib_impersonation.cpp >new file mode 100644 >index 000000000000..423e5bf90e44 >--- /dev/null >+++ b/ftp/libfilezilla/files/patch-lib_impersonation.cpp >@@ -0,0 +1,73 @@ >+FreeBSD defines crypt_r() via <unistd.h>. >+ >+--- lib/impersonation.cpp.orig 2023-06-28 13:00:47 UTC >++++ lib/impersonation.cpp >+@@ -8,8 +8,6 @@ >+ #include <tuple> >+ >+ #if FZ_UNIX >+-#include <crypt.h> >+-#include <shadow.h> >+ #endif >+ #include <grp.h> >+ #include <limits.h> >+@@ -98,43 +96,7 @@ std::optional<gid_t> get_group(native_string const& gn >+ return {}; >+ } >+ >+-#if FZ_UNIX >+-struct shadow_holder { >+- shadow_holder() = default; >+- shadow_holder(shadow_holder const&) = delete; >+- shadow_holder(shadow_holder &&) = default; >+- >+- shadow_holder& operator=(shadow_holder const&) = delete; >+- shadow_holder& operator=(shadow_holder &&) = default; >+- >+- ~shadow_holder() noexcept = default; >+- >+- struct spwd* shadow_{}; >+- >+- struct spwd shadow_buffer_; >+- buffer buf_{}; >+-}; >+- >+-shadow_holder get_shadow(native_string const& username) >+-{ >+- shadow_holder ret; >+- >+- size_t s = 1024; >+- int res{}; >+- do { >+- s *= 2; >+- ret.buf_.get(s); >+- res = getspnam_r(username.c_str(), &ret.shadow_buffer_, reinterpret_cast<char*>(ret.buf_.get(s)), s, &ret.shadow_); >+- } while (res == ERANGE); >+- >+- if (res) { >+- ret.shadow_ = nullptr; >+- } >+- >+- return ret; >+ } >+-#endif >+-} >+ >+ class impersonation_token_impl final >+ { >+@@ -191,14 +153,7 @@ bool check_auth(native_string const& username, native_ >+ bool check_auth(native_string const& username, native_string const& password) >+ { >+ #if FZ_UNIX >+- auto shadow = get_shadow(username); >+- if (shadow.shadow_) { >+- struct crypt_data data{}; >+- char* encrypted = crypt_r(password.c_str(), shadow.shadow_->sp_pwdp, &data); >+- if (encrypted && !strcmp(encrypted, shadow.shadow_->sp_pwdp)) { >+- return true; >+- } >+- } >++ return false; // FreeBSD does not have shadow.h support >+ #elif FZ_MAC >+ bool ret{}; >+ >-- >2.44.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=250088">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 278463
:
250088
|
250089
|
250091
|
250092