From 58ca2806f3504fbc6fb341a28d0adfa9503f72a9 Mon Sep 17 00:00:00 2001
From: Chris Piazza <cpiazza@FreeBSD.org>
Date: Mon, 30 Aug 1999 19:14:07 +0000
Subject: Add a PATCH_FILE to close a security hole in wu-ftpd.

Quoted from wu-ftpd group's accouncement:

    Due to insufficient bounds checking on directory name lengths which can
    be supplied by users, it is possible to overwrite the static memory
    space of the wu-ftpd daemon while it is executing under certain
    configurations.  By having the ability to create directories and
    supplying carefully designed directory names to the wu-ftpd, users may
    gain privileged access.

PR:		13475
Submitted by:	jack@germanium.xtalwind.net
---
 ftp/wu-ftpd+ipv6/Makefile | 3 +++
 ftp/wu-ftpd+ipv6/distinfo | 1 +
 ftp/wu-ftpd/Makefile      | 3 +++
 ftp/wu-ftpd/distinfo      | 1 +
 4 files changed, 8 insertions(+)

diff --git a/ftp/wu-ftpd+ipv6/Makefile b/ftp/wu-ftpd+ipv6/Makefile
index 20940b692a64..7ca3f872b7d3 100644
--- a/ftp/wu-ftpd+ipv6/Makefile
+++ b/ftp/wu-ftpd+ipv6/Makefile
@@ -12,6 +12,9 @@ DISTNAME=       wu-ftpd-2.5.0
 CATEGORIES=	ftp
 MASTER_SITES=   ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd/
 
+PATCH_SITES=	ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/
+PATCHFILES=	mapped.path.overrun.patch
+
 MAINTAINER=     ache@FreeBSD.org
 
 Y2K=		http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html#QA35
diff --git a/ftp/wu-ftpd+ipv6/distinfo b/ftp/wu-ftpd+ipv6/distinfo
index 213f7f23a0d8..0a187286a77d 100644
--- a/ftp/wu-ftpd+ipv6/distinfo
+++ b/ftp/wu-ftpd+ipv6/distinfo
@@ -1 +1,2 @@
 MD5 (wu-ftpd-2.5.0.tar.gz) = 98f9c8490e0d1ca2c3c57e60e65803b7
+MD5 (mapped.path.overrun.patch) = b01b65652eb3816f0ab11971ac52424d
diff --git a/ftp/wu-ftpd/Makefile b/ftp/wu-ftpd/Makefile
index 20940b692a64..7ca3f872b7d3 100644
--- a/ftp/wu-ftpd/Makefile
+++ b/ftp/wu-ftpd/Makefile
@@ -12,6 +12,9 @@ DISTNAME=       wu-ftpd-2.5.0
 CATEGORIES=	ftp
 MASTER_SITES=   ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd/
 
+PATCH_SITES=	ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/
+PATCHFILES=	mapped.path.overrun.patch
+
 MAINTAINER=     ache@FreeBSD.org
 
 Y2K=		http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html#QA35
diff --git a/ftp/wu-ftpd/distinfo b/ftp/wu-ftpd/distinfo
index 213f7f23a0d8..0a187286a77d 100644
--- a/ftp/wu-ftpd/distinfo
+++ b/ftp/wu-ftpd/distinfo
@@ -1 +1,2 @@
 MD5 (wu-ftpd-2.5.0.tar.gz) = 98f9c8490e0d1ca2c3c57e60e65803b7
+MD5 (mapped.path.overrun.patch) = b01b65652eb3816f0ab11971ac52424d
-- 
cgit v1.2.3