o unbreak manpage.

- pod2man is required to build manpage. o set LANG=C for sed. - This case [:print:] does not work correctly without LANG=C. o Fix directory traversal bug in FTP. References: http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719482&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344 Patches obtained from: Red Hat Linux
svn path=/head/; revision=71537
2002-12-11 18:20:04 +00:00 · 2002-12-11 18:20:04 +00:00 · 16ce4db90d · 2021-03-31 03:12:20 +00:00
commit 16ce4db90d
parent b312f6cae3
3 changed files with 64 additions and 2 deletions
--- a/ftp/wget+ipv6/Makefile
+++ b/ftp/wget+ipv6/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	wget
 PORTVERSION=	1.7
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	ftp www ipv6
 MASTER_SITES=	${MASTER_SITE_GNU} \
 		ftp://ftp.dl.ac.uk/ccp14/ftp-mirror/wget/pub/unix/util/wget/ \
@ -30,6 +30,7 @@ LIB_DEPENDS=	intl.4:${PORTSDIR}/devel/gettext
 USE_OPENSSL=	yes
 CONFIGURE_ARGS=	--with-ssl=${OPENSSLBASE}
 .endif
+USE_PERL5_BUILD=	yes
 USE_GMAKE=	yes
 USE_REINPLACE=	yes
 GNU_CONFIGURE=	yes
@ -49,7 +50,7 @@ post-patch:
 	${MV} po/zh_TW.po po/zh_TW.po.utf-8; \
 	${LOCALBASE}/bin/iconv -f UTF-8 -t BIG5 po/zh_TW.po.utf-8 |\
 		${SED} -e 's,utf-8,big5,' |\
-		${SED} -Ee 's,([^[:print:]])\\,\1\\\\,g' |\
+		${ENV} LANG=C ${SED} -Ee 's,([^[:print:]])\\,\1\\\\,g' |\
 		${SED} -Ee 's,\\\\([nt"]),\\\1,g' \
 		    > po/zh_TW.po)

--- a/ftp/wget+ipv6/files/patch-src_fnmatch_c
+++ b/ftp/wget+ipv6/files/patch-src_fnmatch_c
@ -0,0 +1,21 @@
+$OpenBSD: patch-src_fnmatch_c,v 1.1 2002/12/10 18:37:24 brad Exp $
+--- src/fnmatch.c.orig	Tue Dec 10 13:06:09 2002
+++ src/fnmatch.c	Tue Dec 10 13:07:23 2002
+@@ -188,6 +188,17 @@ fnmatch (const char *pattern, const char
+   return (FNM_NOMATCH);
+ }
+ 
+/* Return non-zero if S has a leading '/'  or contains '../' */
+int
+has_invalid_name (const char *s)
+{
+	if (*s == '/')
+		return 1;
+	if (strstr(s, "../") != 0)
+		return 1;
+	return 0;
+}
+
+ /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
+    `]').  */
+ int
--- a/ftp/wget+ipv6/files/patch-src_ftp_c
+++ b/ftp/wget+ipv6/files/patch-src_ftp_c
@ -0,0 +1,40 @@
+$OpenBSD: patch-src_ftp_c,v 1.1 2002/12/10 18:37:24 brad Exp $
+--- src/ftp.c.orig	Tue Dec 10 13:08:00 2002
+++ src/ftp.c	Tue Dec 10 13:16:22 2002
+@@ -1637,6 +1637,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc
+ {
+   struct fileinfo *orig, *start;
+   uerr_t res;
+  struct fileinfo *f;
+ 
+   con->cmd |= LEAVE_PENDING;
+ 
+@@ -1648,8 +1649,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc
+      opt.accepts and opt.rejects.  */
+   if (opt.accepts || opt.rejects)
+     {
+-      struct fileinfo *f = orig;
+-
+      f = orig;
+       while (f)
+ 	{
+ 	  if (f->type != FT_DIRECTORY && !acceptable (f->name))
+@@ -1661,6 +1661,18 @@ ftp_retrieve_glob (struct urlinfo *u, cc
+ 	    f = f->next;
+ 	}
+     }
+  /* Remove all files with possible harmful names */
+  f = orig;
+  while (f)
+  {
+     if (has_invalid_name(f->name))
+     {
+	logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
+	f = delelement (f, &start);
+     }
+     else
+	f = f->next;
+  }
+   /* Now weed out the files that do not match our globbing pattern.
+      If we are dealing with a globbing pattern, that is.  */
+   if (*u->file && (action == GLOBALL || action == GETONE))