FreeBSD Bugzilla – Attachment 250091 Details for
Bug 278463
ftp/filezilla: needs update to 3.67.0 to fix PuTTY bug leaking info on NIST-P521 based private keys [CVE-2024-31497]
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
redone ftp/libfilezilla update patch (requisite), now with pkg-plist update included
0001-ftp-libfilezilla-update-to-0.47-strip-out-shadow.h-m.patch (text/plain), 6.20 KB, created by
Matthias Andree
on 2024-04-19 19:19:28 UTC
(
hide
)
Description:
redone ftp/libfilezilla update patch (requisite), now with pkg-plist update included
Filename:
MIME Type:
Creator:
Matthias Andree
Created:
2024-04-19 19:19:28 UTC
Size:
6.20 KB
patch
obsolete
>From 80a174f09335f6140c7728cc92825de721c86e7a Mon Sep 17 00:00:00 2001 >From: Matthias Andree <mandree@FreeBSD.org> >Date: Fri, 19 Apr 2024 17:44:13 +0200 >Subject: [PATCH 1/2] ftp/libfilezilla: update to 0.47, strip out shadow.h > material > >...which is a Linuxism, and is required to support impersonation, >which itself requires root privileges - probably not a good idea on a >heaviweight graphical file transfer tool. > >This was already reported from a NetBSD user here: >https://trac.filezilla-project.org/ticket/12658 >--- > ftp/libfilezilla/Makefile | 7 +- > ftp/libfilezilla/distinfo | 6 +- > .../files/patch-lib_impersonation.cpp | 73 +++++++++++++++++++ > ftp/libfilezilla/pkg-plist | 21 +++++- > 4 files changed, 98 insertions(+), 9 deletions(-) > create mode 100644 ftp/libfilezilla/files/patch-lib_impersonation.cpp > >diff --git a/ftp/libfilezilla/Makefile b/ftp/libfilezilla/Makefile >index ebe8b5c192b5..87306506b97f 100644 >--- a/ftp/libfilezilla/Makefile >+++ b/ftp/libfilezilla/Makefile >@@ -1,5 +1,5 @@ > PORTNAME= libfilezilla >-PORTVERSION= 0.31.1 >+PORTVERSION= 0.47.0 > CATEGORIES= ftp > MASTER_SITES= https://download.filezilla-project.org/${PORTNAME}/ > >@@ -10,11 +10,12 @@ WWW= https://lib.filezilla-project.org/ > LICENSE= GPLv2+ > LICENSE_FILE= ${WRKSRC}/COPYING > >-LIB_DEPENDS= libgnutls.so:security/gnutls \ >+LIB_DEPENDS= libgmp.so:math/gmp \ >+ libgnutls.so:security/gnutls \ > libnettle.so:security/nettle > > USES= compiler:c++17-lang gettext gmake iconv:wchar_t libtool \ >- localbase pathfix pkgconfig tar:bzip2 >+ localbase pathfix pkgconfig tar:xz > USE_LDCONFIG= yes > GNU_CONFIGURE= yes > INSTALL_TARGET= install-strip >diff --git a/ftp/libfilezilla/distinfo b/ftp/libfilezilla/distinfo >index 3fa7c275f8c8..b142fd53f8af 100644 >--- a/ftp/libfilezilla/distinfo >+++ b/ftp/libfilezilla/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1631623924 >-SHA256 (libfilezilla-0.31.1.tar.bz2) = 997d5887b6015f3869d375b0cbc4b4942fcb24dbe4b4346885c946cfe733166f >-SIZE (libfilezilla-0.31.1.tar.bz2) = 585070 >+TIMESTAMP = 1713540004 >+SHA256 (libfilezilla-0.47.0.tar.xz) = 618a586b613bef710a633c42bfdda61666cbb0fc8a92ad490361d0bc91c58341 >+SIZE (libfilezilla-0.47.0.tar.xz) = 551484 >diff --git a/ftp/libfilezilla/files/patch-lib_impersonation.cpp b/ftp/libfilezilla/files/patch-lib_impersonation.cpp >new file mode 100644 >index 000000000000..423e5bf90e44 >--- /dev/null >+++ b/ftp/libfilezilla/files/patch-lib_impersonation.cpp >@@ -0,0 +1,73 @@ >+FreeBSD defines crypt_r() via <unistd.h>. >+ >+--- lib/impersonation.cpp.orig 2023-06-28 13:00:47 UTC >++++ lib/impersonation.cpp >+@@ -8,8 +8,6 @@ >+ #include <tuple> >+ >+ #if FZ_UNIX >+-#include <crypt.h> >+-#include <shadow.h> >+ #endif >+ #include <grp.h> >+ #include <limits.h> >+@@ -98,43 +96,7 @@ std::optional<gid_t> get_group(native_string const& gn >+ return {}; >+ } >+ >+-#if FZ_UNIX >+-struct shadow_holder { >+- shadow_holder() = default; >+- shadow_holder(shadow_holder const&) = delete; >+- shadow_holder(shadow_holder &&) = default; >+- >+- shadow_holder& operator=(shadow_holder const&) = delete; >+- shadow_holder& operator=(shadow_holder &&) = default; >+- >+- ~shadow_holder() noexcept = default; >+- >+- struct spwd* shadow_{}; >+- >+- struct spwd shadow_buffer_; >+- buffer buf_{}; >+-}; >+- >+-shadow_holder get_shadow(native_string const& username) >+-{ >+- shadow_holder ret; >+- >+- size_t s = 1024; >+- int res{}; >+- do { >+- s *= 2; >+- ret.buf_.get(s); >+- res = getspnam_r(username.c_str(), &ret.shadow_buffer_, reinterpret_cast<char*>(ret.buf_.get(s)), s, &ret.shadow_); >+- } while (res == ERANGE); >+- >+- if (res) { >+- ret.shadow_ = nullptr; >+- } >+- >+- return ret; >+ } >+-#endif >+-} >+ >+ class impersonation_token_impl final >+ { >+@@ -191,14 +153,7 @@ bool check_auth(native_string const& username, native_ >+ bool check_auth(native_string const& username, native_string const& password) >+ { >+ #if FZ_UNIX >+- auto shadow = get_shadow(username); >+- if (shadow.shadow_) { >+- struct crypt_data data{}; >+- char* encrypted = crypt_r(password.c_str(), shadow.shadow_->sp_pwdp, &data); >+- if (encrypted && !strcmp(encrypted, shadow.shadow_->sp_pwdp)) { >+- return true; >+- } >+- } >++ return false; // FreeBSD does not have shadow.h support >+ #elif FZ_MAC >+ bool ret{}; >+ >diff --git a/ftp/libfilezilla/pkg-plist b/ftp/libfilezilla/pkg-plist >index de1b9e0cde5d..0aba8a734d84 100644 >--- a/ftp/libfilezilla/pkg-plist >+++ b/ftp/libfilezilla/pkg-plist >@@ -1,4 +1,10 @@ >+include/libfilezilla/aio/aio.hpp >+include/libfilezilla/aio/reader.hpp >+include/libfilezilla/aio/writer.hpp >+include/libfilezilla/aio/xml_writer.hpp > include/libfilezilla/apply.hpp >+include/libfilezilla/ascii_layer.hpp >+include/libfilezilla/basic_tls_params.hpp > include/libfilezilla/buffer.hpp > include/libfilezilla/encode.hpp > include/libfilezilla/encryption.hpp >@@ -7,12 +13,19 @@ include/libfilezilla/event_handler.hpp > include/libfilezilla/event_loop.hpp > include/libfilezilla/file.hpp > include/libfilezilla/format.hpp >+include/libfilezilla/forward_like.hpp >+include/libfilezilla/fsresult.hpp > include/libfilezilla/glue/unix.hpp >-include/libfilezilla/glue/windows.hpp > include/libfilezilla/glue/wx.hpp > include/libfilezilla/glue/wxinvoker.hpp > include/libfilezilla/hash.hpp > include/libfilezilla/hostname_lookup.hpp >+include/libfilezilla/http/client.hpp >+include/libfilezilla/http/client_request.hpp >+include/libfilezilla/http/client_response.hpp >+include/libfilezilla/http/digest.hpp >+include/libfilezilla/http/headers.hpp >+include/libfilezilla/impersonation.hpp > include/libfilezilla/invoker.hpp > include/libfilezilla/iputils.hpp > include/libfilezilla/json.hpp >@@ -39,16 +52,18 @@ include/libfilezilla/thread_pool.hpp > include/libfilezilla/time.hpp > include/libfilezilla/tls_info.hpp > include/libfilezilla/tls_layer.hpp >+include/libfilezilla/tls_params.hpp > include/libfilezilla/tls_system_trust_store.hpp > include/libfilezilla/translate.hpp > include/libfilezilla/uri.hpp > include/libfilezilla/util.hpp > include/libfilezilla/version.hpp > include/libfilezilla/visibility_helper.hpp >+include/libfilezilla/xml.hpp > lib/libfilezilla.a > lib/libfilezilla.so >-lib/libfilezilla.so.16 >-lib/libfilezilla.so.16.1.0 >+lib/libfilezilla.so.43 >+lib/libfilezilla.so.43.0.0 > libdata/pkgconfig/libfilezilla.pc > share/locale/an/LC_MESSAGES/libfilezilla.mo > share/locale/ar/LC_MESSAGES/libfilezilla.mo >-- >2.44.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=250091">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 278463
:
250088
|
250089
| 250091 |
250092