Bug 186885 - ftp/filezilla hasn't been updated in a year, contains vulnerabilities
Summary: ftp/filezilla hasn't been updated in a year, contains vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Bryan Drewery
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-19 04:30 UTC by Matthew Rezny
Modified: 2014-04-21 03:20 UTC (History)
0 users

See Also:


Attachments
file.diff (874 bytes, patch)
2014-02-19 04:30 UTC, Matthew Rezny
no flags Details | Diff
ftp_filezilla_patch.txt (4.62 KB, text/plain; charset="UTF-8")
2014-04-14 05:55 UTC, Matthew Rezny
no flags Details
ftp_filezilla_patch.txt (5.53 KB, text/plain; charset="UTF-8")
2014-04-15 00:26 UTC, Matthew Rezny
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Rezny freebsd_committer 2014-02-19 04:30:00 UTC
The FileZilla port has not been updated in a year. The version we have in ports contains vulnerabilities. Copied from the release notes:

3.7.3 (2013-08-07)
Fixed vulnerabilities:

    Merge further fixes from PuTTY to address CVE-2013-4206, CVE-2013-4207, CVE-2013-4208

3.7.2 (2013-08-06)
Fixed vulnerabilities:

    Apply a fix for a security vulnerability in PuTTY as used in FileZilla to handle SFTP. See CVE-2013-4852 for reference.

Fortunately, this port uses no patches and the current version builds clean. Thus, updating should only be a matter of changing the version.

I noticed the port has NO_STAGE set so maybe it would be good to stagify this port while it's getting updated.

How-To-Repeat: CVE-2013-4206, CVE-2013-4207, CVE-2013-4208, CVE-2013-4852
Comment 1 Edwin Groothuis freebsd_committer 2014-02-19 04:30:28 UTC
Responsible Changed
From-To: freebsd-ports-bugs->jsa

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Matthew Rezny freebsd_committer 2014-04-14 05:55:40 UTC
Almost two months have gone by with no action on this PR. In the meantime, 
upstream has released a new version, 3.8.0. I have updated the patch to this 
new version. In addition to the version bump, I updated the plist to take into 
account new translations, additional icons, and man pages which had previously 
not been included. While at it, I removed NO_STAGE as it appears the port 
needs no additional handling to work with staging.
Comment 3 Matthew Rezny freebsd_committer 2014-04-15 00:26:33 UTC
Checking closer, I noticed a few updates to be made to this port's Makefile to 
keep up with current infrastructure. Format of USES and LIB_DEPENDS have been 
updated to quiet warnings. It appears gcrypt might not be a real dep, but I 
didn't remove that just in case there is some usage I am overlooking.
Comment 4 Bryan Drewery freebsd_committer 2014-04-15 17:55:02 UTC
Responsible Changed
From-To: jsa->freebsd-ports-bugs

maintainer timeout
Comment 5 Bryan Drewery freebsd_committer 2014-04-16 16:34:12 UTC
Responsible Changed
From-To: freebsd-ports-bugs->bdrewery

I'll take it.
Comment 6 dfilter service freebsd_committer 2014-04-21 03:18:10 UTC
Author: bdrewery
Date: Mon Apr 21 02:18:06 2014
New Revision: 351664
URL: http://svnweb.freebsd.org/changeset/ports/351664
QAT: https://qat.redports.org/buildarchive/r351664/

Log:
  - Update to 3.8.0 [1]
  - Convert to staging [1]
  - Use new LIB_DEPENDS format [1]
  - Remove BSD.local.dist dirs from plist
  
  PR:		ports/186885 [1]
  Submitted by:	Matthew Rezny <matthew@reztek.cz> [1]

Modified:
  head/ftp/filezilla/Makefile
  head/ftp/filezilla/distinfo
  head/ftp/filezilla/pkg-plist

Modified: head/ftp/filezilla/Makefile
==============================================================================
--- head/ftp/filezilla/Makefile	Mon Apr 21 01:14:53 2014	(r351663)
+++ head/ftp/filezilla/Makefile	Mon Apr 21 02:18:06 2014	(r351664)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	filezilla
-PORTVERSION=	3.6.0.2
-PORTREVISION=	1
+PORTVERSION=	3.8.0
 CATEGORIES=	ftp
 MASTER_SITES=	SF/${PORTNAME}/FileZilla_Client/${PORTVERSION}
 DISTNAME=	FileZilla_${PORTVERSION}_src
@@ -15,15 +14,14 @@ LICENSE=	GPLv2
 
 RUN_DEPENDS=	xdg-open:${PORTSDIR}/devel/xdg-utils
 BUILD_DEPENDS:=	${RUN_DEPENDS}
-LIB_DEPENDS=	gcrypt:${PORTSDIR}/security/libgcrypt \
-		gnutls:${PORTSDIR}/security/gnutls \
-		idn:${PORTSDIR}/dns/libidn \
-		tinyxml:${PORTSDIR}/textproc/tinyxml
+LIB_DEPENDS=	libgcrypt.so:${PORTSDIR}/security/libgcrypt \
+		libgnutls.so:${PORTSDIR}/security/gnutls \
+		libidn.so:${PORTSDIR}/dns/libidn \
+		libtinyxml.so:${PORTSDIR}/textproc/tinyxml
 
 
 INSTALLS_ICONS=	yes
-USE_BZIP2=	yes
-USES=		gmake pkgconfig
+USES=		gmake pkgconfig tar:bzip2
 USE_SQLITE=	3
 USE_WX=		2.8
 WX_CONF_ARGS=	relative
@@ -33,17 +31,13 @@ CPPFLAGS+=	-I${LOCALBASE}/include
 LDFLAGS+=	-L${LOCALBASE}/lib
 WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
 
-MAN1=		filezilla.1 fzputtygen.1 fzsftp.1
-MAN5=		fzdefaults.xml.5
-
 OPTIONS_DEFINE=	DBUS NLS
 OPTIONS_DEFAULT=DBUS NLS
 
-NO_STAGE=	yes
 .include <bsd.port.options.mk>
 
 .if ${PORT_OPTIONS:MDBUS}
-LIB_DEPENDS+=	dbus-1:${PORTSDIR}/devel/dbus
+LIB_DEPENDS+=	libdbus-1.so:${PORTSDIR}/devel/dbus
 CONFIGURE_ARGS+=	--with-dbus
 .else
 CONFIGURE_ARGS+=	--without-dbus

Modified: head/ftp/filezilla/distinfo
==============================================================================
--- head/ftp/filezilla/distinfo	Mon Apr 21 01:14:53 2014	(r351663)
+++ head/ftp/filezilla/distinfo	Mon Apr 21 02:18:06 2014	(r351664)
@@ -1,2 +1,2 @@
-SHA256 (FileZilla_3.6.0.2_src.tar.bz2) = 536a5e387f371272b5bcbf51b08a6df07508097b79f496432141c4207098c606
-SIZE (FileZilla_3.6.0.2_src.tar.bz2) = 3540542
+SHA256 (FileZilla_3.8.0_src.tar.bz2) = 8d9c1c9812f916f83676e1930933683828579b40a9fba331c4757f84a02ec308
+SIZE (FileZilla_3.8.0_src.tar.bz2) = 3749995

Modified: head/ftp/filezilla/pkg-plist
==============================================================================
--- head/ftp/filezilla/pkg-plist	Mon Apr 21 01:14:53 2014	(r351663)
+++ head/ftp/filezilla/pkg-plist	Mon Apr 21 02:18:06 2014	(r351664)
@@ -1,16 +1,23 @@
 bin/filezilla
 bin/fzsftp
 bin/fzputtygen
+man/man1/filezilla.1.gz
+man/man1/fzputtygen.1.gz
+man/man1/fzsftp.1.gz
+man/man5/fzdefaults.xml.5.gz
+%%NLS%%share/locale/an/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/ar/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/bg_BG/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/ca/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/ca_ES@valencia/LC_MESSAGES/filezilla.mo
+%%NLS%%share/locale/co/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/cs_CZ/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/da_DK/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/de/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/el/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/es/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/et_EE/LC_MESSAGES/filezilla.mo
+%%NLS%%share/locale/eu/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/eu_ES/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/fa_IR/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/fi_FI/LC_MESSAGES/filezilla.mo
@@ -25,6 +32,7 @@ bin/fzputtygen
 %%NLS%%share/locale/it/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/ja_JP/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/ka/LC_MESSAGES/filezilla.mo
+%%NLS%%share/locale/kab/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/km_KH/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/ko_KR/LC_MESSAGES/filezilla.mo
 %%NLS%%share/locale/ku/LC_MESSAGES/filezilla.mo
@@ -86,6 +94,7 @@ share/pixmaps/filezilla.png
 %%DATADIR%%/resources/16x16/speedlimits.png
 %%DATADIR%%/resources/16x16/symlink.png
 %%DATADIR%%/resources/16x16/synchronize.png
+%%DATADIR%%/resources/16x16/throbber.gif
 %%DATADIR%%/resources/16x16/unknown.png
 %%DATADIR%%/resources/16x16/upload.png
 %%DATADIR%%/resources/16x16/uploadadd.png
@@ -538,11 +547,14 @@ share/pixmaps/filezilla.png
 %%DATADIR%%/resources/theme.xml
 %%DATADIR%%/resources/toolbar.xrc
 %%DATADIR%%/resources/up.png
+%%DATADIR%%/resources/update.xrc
 share/icons/hicolor/16x16/apps/filezilla.png
 share/icons/hicolor/32x32/apps/filezilla.png
 share/icons/hicolor/48x48/apps/filezilla.png
 share/icons/hicolor/scalable/apps/filezilla.svg
 share/applications/filezilla.desktop
+@dirrmtry share/icons/hicolor/scalable/apps
+@dirrmtry share/icons/hicolor/scalable
 @dirrmtry share/icons/hicolor/48x48/apps
 @dirrmtry share/icons/hicolor/48x48
 @dirrmtry share/icons/hicolor/32x32/apps
@@ -550,6 +562,7 @@ share/applications/filezilla.desktop
 @dirrmtry share/icons/hicolor/16x16/apps
 @dirrmtry share/icons/hicolor/16x16
 @dirrmtry share/icons/hicolor
+@dirrmtry share/icons
 @dirrm %%DATADIR%%/resources/tango/48x48
 @dirrm %%DATADIR%%/resources/tango/32x32
 @dirrm %%DATADIR%%/resources/tango/16x16
@@ -595,8 +608,6 @@ share/applications/filezilla.desktop
 @dirrmtry share/locale/ro_RO
 @dirrmtry share/locale/pl_PL/LC_MESSAGES
 @dirrmtry share/locale/pl_PL
-@dirrmtry share/locale/oc/LC_MESSAGES
-@dirrmtry share/locale/oc
 @dirrmtry share/locale/nn_NO/LC_MESSAGES
 @dirrmtry share/locale/nn_NO
 @dirrmtry share/locale/nb_NO/LC_MESSAGES
@@ -613,12 +624,12 @@ share/applications/filezilla.desktop
 @dirrmtry share/locale/ko_KR
 @dirrmtry share/locale/km_KH/LC_MESSAGES
 @dirrmtry share/locale/km_KH
+@dirrmtry share/locale/kab/LC_MESSAGES
+@dirrmtry share/locale/kab
 @dirrmtry share/locale/ja_JP/LC_MESSAGES
 @dirrmtry share/locale/ja_JP
 @dirrmtry share/locale/id_ID/LC_MESSAGES
 @dirrmtry share/locale/id_ID
-@dirrmtry share/locale/hy/LC_MESSAGES
-@dirrmtry share/locale/hy
 @dirrmtry share/locale/hu_HU/LC_MESSAGES
 @dirrmtry share/locale/hu_HU
 @dirrmtry share/locale/he_IL/LC_MESSAGES
@@ -635,7 +646,11 @@ share/applications/filezilla.desktop
 @dirrmtry share/locale/da_DK
 @dirrmtry share/locale/cs_CZ/LC_MESSAGES
 @dirrmtry share/locale/cs_CZ
+@dirrmtry share/locale/co/LC_MESSAGES
+@dirrmtry share/locale/co
 @dirrmtry share/locale/ca_ES@valencia/LC_MESSAGES
 @dirrmtry share/locale/ca_ES@valencia
 @dirrmtry share/locale/bg_BG/LC_MESSAGES
 @dirrmtry share/locale/bg_BG
+@dirrmtry share/locale/an/LC_MESSAGES
+@dirrmtry share/locale/an
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 7 Bryan Drewery freebsd_committer 2014-04-21 03:18:17 UTC
State Changed
From-To: open->closed

Committed. Thanks!