summaryrefslogtreecommitdiff
path: root/comms
diff options
context:
space:
mode:
authorFlorent Thoumie <flz@FreeBSD.org>2005-06-01 15:35:25 +0000
committerFlorent Thoumie <flz@FreeBSD.org>2005-06-01 15:35:25 +0000
commita06daa242591a4f698027f7e7f4ac283ab6e0868 (patch)
tree016a9def8bf0124b4caf40d9e73c4b1dfbb23bdc /comms
parentAdd year-old mailman vulnerability, that seems to not have been (diff)
- Add ##user form password patch.
PR: ports/28803 Submitted by: motoyuki Approved by: maintainer timeout (3 years)
Notes
Notes: svn path=/head/; revision=136611
Diffstat (limited to 'comms')
-rw-r--r--comms/conserver/Makefile1
-rw-r--r--comms/conserver/files/patch-etc_conserver_group.c21
2 files changed, 22 insertions, 0 deletions
diff --git a/comms/conserver/Makefile b/comms/conserver/Makefile
index b279bf69e42f..30eafc861690 100644
--- a/comms/conserver/Makefile
+++ b/comms/conserver/Makefile
@@ -8,6 +8,7 @@
PORTNAME= conserver
PORTVERSION= 8.5
+PORTREVISION= 1
CATEGORIES= comms
MASTER_SITES= ftp://ftp.physics.purdue.edu/pub/pundits/ \
http://www.komquats.com/distfiles/ \
diff --git a/comms/conserver/files/patch-etc_conserver_group.c b/comms/conserver/files/patch-etc_conserver_group.c
new file mode 100644
index 000000000000..75c5821c05bf
--- /dev/null
+++ b/comms/conserver/files/patch-etc_conserver_group.c
@@ -0,0 +1,21 @@
+--- etc/conserver/group.c.orig Thu Aug 3 03:39:42 2000
++++ etc/conserver/group.c Sat Jul 7 16:10:53 2001
+@@ -228,6 +228,18 @@
+ struct passwd *pwd;
+ char *pcEPass, *pcWord;
+ {
++ if (pcEPass && '#' == pcEPass[0] && '#' == pcEPass[1] && '\0' != pcEPass[2] && (MAXLOGNAME + 1) > strlen(pcEPass)) {
++ /* If the encrypted password field from the config file
++ * looks like ##USER, look up the password for that
++ * user for the match.
++ */
++ pwd = getpwnam(pcEPass+2);
++ if ((struct passwd *) NULL == pwd) {
++ return 0;
++ }
++ pcEPass = (char *)0;
++ }
++
+ if (pcEPass && '\0' != pcEPass[0])
+ if (MD5CheckPass(pcEPass, pcWord))
+ return 1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-04 00:16:44 +0000