packages: krb5-appl/kftpd.inetd (NEW), krb5-appl/kftpd.pamd (NEW), krb5-app...
qboosh
qboosh at pld-linux.org
Sun Nov 6 15:56:12 CET 2011
Author: qboosh Date: Sun Nov 6 14:56:12 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- split from krb5.spec since 1.8; not build-tested
---- Files affected:
packages/krb5-appl:
kftpd.inetd (NONE -> 1.1) (NEW), kftpd.pamd (NONE -> 1.1) (NEW), klogin.pamd (NONE -> 1.1) (NEW), klogind.inetd (NONE -> 1.1) (NEW), krb5-appl.spec (NONE -> 1.1) (NEW), krb5-ftp-glob.patch (NONE -> 1.1) (NEW), krb5-ftp_fdleak.patch (NONE -> 1.1) (NEW), krb5-ftp_glob_runique.patch (NONE -> 1.1) (NEW), krb5-io.patch (NONE -> 1.1) (NEW), krb5-login-lpass.patch (NONE -> 1.1) (NEW), krb5-manpages.patch (NONE -> 1.1) (NEW), krb5-netkit-rsh.patch (NONE -> 1.1) (NEW), krb5-pam.patch (NONE -> 1.1) (NEW), krb5-passive.patch (NONE -> 1.1) (NEW), krb5-paths.patch (NONE -> 1.1) (NEW), krb5-rcp-markus.patch (NONE -> 1.1) (NEW), krb5-rcp-sendlarge.patch (NONE -> 1.1) (NEW), krb5-rlogind-environ.patch (NONE -> 1.1) (NEW), krb5-selinux-label.patch (NONE -> 1.1) (NEW), krb5-size.patch (NONE -> 1.1) (NEW), krb5-telnet-environ.patch (NONE -> 1.1) (NEW), krb5-tests.patch (NONE -> 1.1) (NEW), krb5-trunk-ftp_mget_case.patch (NONE -> 1.1) (NEW), kshell.inetd (NONE -> 1.1) (NEW), kshell.pamd (NONE -> 1.1) (NEW), ktelnetd.inetd (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/krb5-appl/kftpd.inetd
diff -u /dev/null packages/krb5-appl/kftpd.inetd:1.1
--- /dev/null Sun Nov 6 15:56:12 2011
+++ packages/krb5-appl/kftpd.inetd Sun Nov 6 15:56:06 2011
@@ -0,0 +1,9 @@
+SERVICE_NAME=kftpd
+SOCK_TYPE=stream
+PROTOCOL=tcp
+PORT=21
+FLAGS=nowait
+USER=root
+SERVER=tcpd
+DAEMON=/usr/sbin/kftpd
+DAEMONARGS="-a -l"
================================================================
Index: packages/krb5-appl/kftpd.pamd
diff -u /dev/null packages/krb5-appl/kftpd.pamd:1.1
--- /dev/null Sun Nov 6 15:56:12 2011
+++ packages/krb5-appl/kftpd.pamd Sun Nov 6 15:56:06 2011
@@ -0,0 +1,12 @@
+#%PAM-1.0
+auth required pam_listfile.so item=user sense=deny file=/etc/ftpd/ftpusers onerr=succeed
+auth include system-auth
+account required pam_nologin.so
+account include system-auth
+# pam_selinux.so close should be the first session rule
+# session required pam_selinux.so close
+session include system-auth
+session required pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+# session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
================================================================
Index: packages/krb5-appl/klogin.pamd
diff -u /dev/null packages/krb5-appl/klogin.pamd:1.1
--- /dev/null Sun Nov 6 15:56:12 2011
+++ packages/krb5-appl/klogin.pamd Sun Nov 6 15:56:06 2011
@@ -0,0 +1,19 @@
+#%PAM-1.0
+auth required pam_listfile.so item=user sense=deny file=/etc/security/blacklist.klogin onerr=succeed
+auth required pam_securetty.so
+auth include system-auth
+account required pam_shells.so
+account required pam_nologin.so
+account required pam_access.so
+account include system-auth
+password include system-auth
+# pam_selinux.so close should be the first session rule
+# session required pam_selinux.so close
+session include system-auth
+session required pam_loginuid.so
+session optional pam_console.so
+session optional pam_mail.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+#session required pam_selinux.so open
+#session optional pam_keyinit.so force revoke
+session optional pam_ck_connector.so
================================================================
Index: packages/krb5-appl/klogind.inetd
diff -u /dev/null packages/krb5-appl/klogind.inetd:1.1
--- /dev/null Sun Nov 6 15:56:12 2011
+++ packages/krb5-appl/klogind.inetd Sun Nov 6 15:56:06 2011
@@ -0,0 +1,10 @@
+SERVICE_NAME=klogin
+SOCK_TYPE=stream
+PROTOCOL=tcp
+FLAGS=nowait
+USER=root
+SERVER=tcpd
+DAEMON=/usr/sbin/klogind
+DAEMONARGS="-5"
+# for encrypted sessions use the following
+#DAEMONARGS="-e -c -5"
================================================================
Index: packages/krb5-appl/krb5-appl.spec
diff -u /dev/null packages/krb5-appl/krb5-appl.spec:1.1
--- /dev/null Sun Nov 6 15:56:13 2011
+++ packages/krb5-appl/krb5-appl.spec Sun Nov 6 15:56:06 2011
@@ -0,0 +1,414 @@
+# $Revision$, $Date$
+#
+# Conditional build:
+%bcond_with selinux # build with selinux support
+%bcond_without tests # don't perform make check
+#
+%define krb5_ver 1.9.1
+Summary: Kerberos V5 Applications
+Summary(pl.UTF-8): Aplikacje systemu Kerberos V5
+Name: krb5-appl
+Version: 1.0.2
+Release: 0.1
+License: MIT
+Group: Networking
+Source0: http://web.mit.edu/kerberos/dist/krb5-appl/1.0/%{name}-%{version}-signed.tar
+# Source0-md5: 60b2579e65c58c8677d492a50a1398e3
+Source1: klogind.inetd
+Source2: kftpd.inetd
+Source3: ktelnetd.inetd
+Source4: kshell.inetd
+Source5: kftpd.pamd
+Source6: klogin.pamd
+Source7: kshell.pamd
+Patch0: krb5-manpages.patch
+Patch1: krb5-netkit-rsh.patch
+Patch2: krb5-rlogind-environ.patch
+Patch3: krb5-passive.patch
+Patch4: krb5-size.patch
+Patch5: krb5-ftp-glob.patch
+Patch6: krb5-paths.patch
+Patch7: krb5-io.patch
+Patch8: krb5-login-lpass.patch
+Patch9: krb5-rcp-markus.patch
+Patch10: krb5-rcp-sendlarge.patch
+Patch11: krb5-telnet-environ.patch
+Patch12: krb5-tests.patch
+Patch13: krb5-ftp_fdleak.patch
+Patch14: krb5-ftp_glob_runique.patch
+Patch15: krb5-pam.patch
+Patch16: krb5-selinux-label.patch
+Patch17: krb5-trunk-ftp_mget_case.patch
+URL: http://web.mit.edu/kerberos/www/
+BuildRequires: autoconf
+BuildRequires: bison
+BuildRequires: krb5-devel >= %{krb5_ver}
+BuildRequires: ncurses-devel
+BuildRequires: pam-devel
+%{?with_selinux:BuildRequires: libselinux-devel}
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define _localstatedir /var/lib/kerberos
+# doesn't handle %{__cc} with spaces properly
+%undefine with_ccache
+# mungles cflags
+%undefine configure_cache
+
+%description
+This package contains Kerberized versions of telnet, rlogin, rsh, rcp,
+and ftp clients and daemons, as well as a terminal login program which
+can obtain Kerberos credentials when presented with the user's
+password.
+
+These programs are no longer in wide use, having been supplanted in
+many environments by OpenSSH, but there is still some interest in
+their continued maintenance. These programs were included in the main
+Kerberos 5 distribution through release 1.7, but are now packaged
+separately.
+
+%description -l pl.UTF-8
+Ten pakiet zawiera skerberyzowane wersje klientów i demonów usług
+telnet, rlogin, rsh, rcp i ftp, a także terminalowy program login,
+wszystkie potrafiące uzyskać dane uwierzytelniające Kerberosa w
+przypadku przekazania wraz z hasłem użytkownika.
+
+Programy te nie są już w szerokim użyciu, w większości środowisk
+zostały zastąpione przez OpenSSH, ale jest jeszcze trochę
+zainteresowanych ich utrzymywaniem. Były dołączone do dystrybucji
+głównej części Kerberosa 5 do wersji 1.7, ale obecnie są rozprowadzane
+osobno.
+
+%package -n krb5-login
+Summary: Kerberized version of login program
+Summary(pl.UTF-8): Skerberyzowana wersja programu login
+Group: Networking
+Conflicts: krb5-common < 1.8
+
+%description -n krb5-login
+login is used when signing onto a system. It can also be used to
+switch from one user to another at any time (most modern shells have
+support for this feature built into them, however). This package
+contains login.krb5 - a kerberized version of login program.
+
+%description -n krb5-login -l pl.UTF-8
+login jest używany przy logowaniu do systemu. Może być także użyty do
+przełączenia z jednego użytkownika na innego w dowolnej chwili
+(większość współczesnych powłok ma wbudowaną obsługę tego). Ten pakiet
+zawiera program login.krb5 - skerberyzowaną wersję programu login.
+
+%package -n krb5-rsh
+Summary: Clients for remote access commands (rsh, rcp)
+Summary(pl.UTF-8): Klienci zdalnego dostępu (rsh, rcp)
+Group: Applications/Networking
+Requires: krb5-common >= %{krb5_ver}
+Obsoletes: rcp
+Obsoletes: rsh
+Obsoletes: heimdal-rsh
+
+%description -n krb5-rsh
+The rsh package contains a set of programs which allow users to run
+commands on remote machines and copy files between machines (rsh and
+rcp). Both of these commands use rhosts style authentication. This
+package contains the clients needed for all of these services.
+
+%description -n krb5-rsh -l pl.UTF-8
+Ten pakiet zawiera zestaw narzędzi pozwalających na wykonywanie
+poleceń na zdalnych maszynach oraz kopiowanie plików pomiędzy
+maszynami (rsh, rcp).
+
+%package -n krb5-rlogin
+Summary: Kerberized remote login program
+Summary(pl.UTF-8): Skerberyzowany program do zdalnego logowania
+Group: Networking
+Requires: krb5-common >= %{krb5_ver}
+Provides: rlogin
+
+%description -n krb5-rlogin
+rlogin is a program that connects your terminal on the current local
+host system to the remote host system. This package contains
+kerberized version of rlogin.
+
+%description -n krb5-rlogin -l pl.UTF-8
+rlogin to program dołączający terminal systemu lokalnego do systemu na
+zdalnym hoście. Ten pakiet zawiera skerberyzowaną wersję programu
+rlogin.
+
+%package -n krb5-kshd
+Summary: Kerberized remote shell server
+Summary(pl.UTF-8): Skerberyzowany serwer zdalnego dostępu
+Group: Networking/Daemons
+Requires: krb5-common >= %{krb5_ver}
+Requires: rc-inetd >= 0.8.1
+Obsoletes: rshd
+Conflicts: heimdal-rshd
+
+%description -n krb5-kshd
+The kshd package contains kerberized remote shell server which
+provides remote execution facilities with authentication based on the
+Kerberos authentication system.
+
+%description -n krb5-kshd -l pl.UTF-8
+Ten pakiet zawiera skerberyzowaną wersję serwer zdalnego dostępu,
+który umożliwia zdalne wykonywanie poleceń w oparciu o system
+uwierzytelniania Kerberos.
+
+%package -n krb5-klogind
+Summary: Kerberized remote login server
+Summary(pl.UTF-8): Skerberyzowany serwer zdalnego logowania
+Group: Networking/Daemons
+Requires: krb5-common >= %{krb5_ver}
+Requires: rc-inetd >= 0.8.1
+Obsoletes: rlogind
+
+%description -n krb5-klogind
+Klogind is the server for the rlogin program. The server is based on
+rlogind but uses Kerberos authentication.
+
+%description -n krb5-klogind -l pl.UTF-8
+Klogind jest serwerem dla programu rlogin. Oparty jest na rlogind ale
+wykorzystuje system uwierzytelniania Kerberos.
+
+%package -n krb5-ftp
+Summary: Kerberized UNIX FTP (file transfer protocol) client
+Summary(pl.UTF-8): Skerberyzowany klient protokołu FTP
+Group: Networking
+Requires: krb5-common >= %{krb5_ver}
+Obsoletes: heimdal-ftp
+
+%description -n krb5-ftp
+The ftp package provides the standard UNIX command-line FTP client
+with kerberos authentication support. FTP is the file transfer
+protocol, which is a widely used Internet protocol for transferring
+files and for archiving files.
+
+This package contains Kerberized version of FTP client.
+
+%description -n krb5-ftp -l pl.UTF-8
+Ten pakiet dostarcza standardowego klienta FTP z wbudowaną obsługą
+kerberosa. FTP jest protokołem do przesyłania plików szeroko
+rozpowszechnionym w Internecie.
+
+Ten pakiet zawiera skerberyzowaną wersję klienta FTP.
+
+%package -n krb5-ftpd
+Summary: Kerberized UNIX FTP (file transfer protocol) server
+Summary(pl.UTF-8): Skerberyzowana wersja serwera FTP
+Group: Networking/Daemons
+Requires: krb5-common >= %{krb5_ver}
+Requires: rc-inetd >= 0.8.1
+Obsoletes: ftpd
+Conflicts: heimdal-ftpd
+
+%description -n krb5-ftpd
+FTP is the file transfer protocol, which is a widely used Internet
+protocol for transferring files and for archiving files.
+
+This package contains Kerberized version of FTP server.
+
+%description -n krb5-ftpd -l pl.UTF-8
+FTP jest protokołem transmisji plików szeroko rozpowszechnionym w
+Internecie.
+
+Ten pakiet zawiera skerberyzowaną wersję serwera FTP.
+
+%package -n krb5-telnetd
+Summary: Kerberized server for the telnet remote login
+Summary(pl.UTF-8): Skerberyzowany serwer protokołu telnet
+Group: Networking/Daemons
+Requires: krb5-common >= %{krb5_ver}
+Requires: rc-inetd >= 0.8.1
+Obsoletes: telnetd
+Obsoletes: heimdal-telnetd
+
+%description -n krb5-telnetd
+Telnet is a popular protocol for remote logins across the Internet.
+This package provides a kerberized telnet daemon which allows remote
+logins into the machine it is running on.
+
+%description -n krb5-telnetd -l pl.UTF-8
+Telnet jest popularnym protokołem zdalnego logowania. Ten pakiet
+zawiera skerberyzowany serwer pozwalający na zdalne logowanie się
+klientów na maszynę na której działa.
+
+%package -n krb5-telnet
+Summary: Kerberized client for the telnet remote login
+Summary(pl.UTF-8): Skerberyzowany klient usługi telnet
+Group: Networking
+Requires: krb5-common >= %{krb5_ver}
+Obsoletes: telnet
+Obsoletes: heimdal-telnet
+
+%description -n krb5-telnet
+Telnet is a popular protocol for remote logins across the Internet.
+This package provides kerberized command line telnet client.
+
+%description -n krb5-telnet -l pl.UTF-8
+Telnet jest popularnym protokołem zdalnego logowania. Ten pakiet
+zawiera skerberyzowanego klienta tej usługi.
+
+%prep
+%setup -q -c
+tar xf %{name}-%{version}.tar.gz
+mv %{name}-%{version}/* .
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%{?with_selinux:%patch16 -p1}
+%patch17 -p1
+
+%build
+# Get LFS support on systems that need it which aren't already 64-bit.
+%ifarch %{ix86} s390 ppc sparc
+CFLAGS="%{rpmcflags} -D_FILE_OFFSET_BITS=64 -I%{_includedir}/ncurses"
+CPPFLAGS="-D_FILE_OFFSET_BITS=64 -I%{_includedir}/ncurses"
+%else
+CFLAGS="%{rpmcflags} -I%{_includedir}/ncurses"
+CPPFLAGS="-I%{_includedir}/ncurses"
+%endif
+
+%{__autoconf}
+%{__autoheader}
+%configure \
+ %{?with_selinux:--with-selinux}
+
+%{__make}
+
+%{?with_tests:%{__make} -j1 check SKIP_NET_TESTS=1}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+install -d $RPM_BUILD_ROOT{%{_sysconfdir},%{_localstatedir},/var/log/kerberos} \
+ $RPM_BUILD_ROOT{%{_infodir},%{_mandir}} \
+ $RPM_BUILD_ROOT/etc/{pam.d,rc.d/init.d,sysconfig/rc-inetd,shrc.d,logrotate.d}
+
+%{__make} install \
+ DESTDIR=$RPM_BUILD_ROOT
+
+install %{SOURCE1} $RPM_BUILD_ROOT/etc/sysconfig/rc-inetd/klogind
+install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/rc-inetd/ftpd
+install %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/rc-inetd/telnetd
+install %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/rc-inetd/kshd
+
+install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/kftpd
+install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/klogin
+install %{SOURCE7} $RPM_BUILD_ROOT/etc/pam.d/kshell
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post -n krb5-kshd
+%service -q rc-inetd reload
+
+%postun -n krb5-kshd
+if [ "$1" = 0 ]; then
+ %service -q rc-inetd reload
+fi
+
+%post -n krb5-klogind
+%service -q rc-inetd reload
+
+%postun -n krb5-klogind
+if [ "$1" = 0 ]; then
+ %service -q rc-inetd reload
+fi
+
+%post -n krb5-ftpd
+%service -q rc-inetd reload
+
+%postun -n krb5-ftpd
+if [ "$1" = 0 ]; then
+ %service -q rc-inetd reload
+fi
+
+%post -n krb5-telnetd
+%service -q rc-inetd reload
+
+%postun -n krb5-telnetd
+if [ "$1" = 0 ]; then
+ %service -q rc-inetd reload
+fi
+
+%files -n krb5-login
+%defattr(644,root,root,755)
+%doc NOTICE README
+%attr(755,root,root) %{_sbindir}/login.krb5
+%{_mandir}/man8/login.krb5.8*
+
+%files -n krb5-rsh
+%defattr(644,root,root,755)
+%doc NOTICE README
+%attr(755,root,root) %{_bindir}/rcp
+%attr(755,root,root) %{_bindir}/rsh
+%{_mandir}/man1/rsh.1*
+%{_mandir}/man1/rcp.1*
+
+%files -n krb5-rlogin
+%defattr(644,root,root,755)
+%doc NOTICE README
+%attr(755,root,root) %{_bindir}/rlogin
+%{_mandir}/man1/rlogin.1*
+
+%files -n krb5-kshd
+%defattr(644,root,root,755)
+%doc NOTICE README
+%attr(755,root,root) %{_sbindir}/kshd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/rc-inetd/kshd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/kshell
+%{_mandir}/man8/kshd.8*
+
+%files -n krb5-klogind
+%defattr(644,root,root,755)
+%doc NOTICE README
+%attr(755,root,root) %{_sbindir}/klogind
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/rc-inetd/klogind
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/klogin
+%{_mandir}/man8/klogind.8*
+
+%files -n krb5-ftp
+%defattr(644,root,root,755)
+%doc NOTICE README gssftp/README.gssftp
+%attr(755,root,root) %{_bindir}/ftp
+%{_mandir}/man1/ftp.1*
+
+%files -n krb5-ftpd
+%defattr(644,root,root,755)
+%doc NOTICE README gssftp/README.gssftp
+%attr(755,root,root) %{_sbindir}/ftpd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/rc-inetd/ftpd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/kftpd
+%{_mandir}/man8/ftpd.8*
+
+%files -n krb5-telnet
+%defattr(644,root,root,755)
+%doc NOTICE README
+%attr(755,root,root) %{_bindir}/telnet
+%{_mandir}/man1/telnet.1*
+
+%files -n krb5-telnetd
+%defattr(644,root,root,755)
+%doc NOTICE README
+%attr(755,root,root) %{_sbindir}/telnetd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/rc-inetd/telnetd
+%{_mandir}/man8/telnetd.8*
+
+%define date %(echo `LC_ALL="C" date +"%a %b %d %Y"`)
+%changelog
+* %{date} PLD Team <feedback at pld-linux.org>
+All persons listed below can be reached at <cvs_login>@pld-linux.org
+
+$Log$
+Revision 1.1 2011/11/06 14:56:06 qboosh
+- split from krb5.spec since 1.8; not build-tested
================================================================
Index: packages/krb5-appl/krb5-ftp-glob.patch
diff -u /dev/null packages/krb5-appl/krb5-ftp-glob.patch:1.1
--- /dev/null Sun Nov 6 15:56:13 2011
+++ packages/krb5-appl/krb5-ftp-glob.patch Sun Nov 6 15:56:06 2011
@@ -0,0 +1,273 @@
+--- krb5-1.3/gssftp/ftp/cmds.c
++++ krb5-1.3/gssftp/ftp/cmds.c
+@@ -99,6 +99,62 @@
+ static void quote1 (char *, int, char **);
+ static char *dotrans (char *);
+ static char *domap (char *);
++static int checkglob(const char *filename, const char *pattern);
++
++/*
++ * pipeprotect: protect against "special" local filenames by prepending
++ * "./". Special local filenames are "-" and any "filename" which begins
++ * with either "|" or "/".
++ */
++static char *pipeprotect(char *name)
++{
++ static char nu[MAXPATHLEN];
++ if ((name == NULL) ||
++ ((strcmp(name, "-") != 0) && (*name != '|') && (*name != '/'))) {
++ return name;
++ }
++ strcpy(nu, ".");
++ if (*name != '/') strcat(nu, "/");
++ if (strlen(nu) + strlen(name) >= sizeof(nu)) {
++ return NULL;
++ }
++ strcat(nu, name);
++ return nu;
++}
++
++/*
++ * Look for embedded ".." in a pathname and change it to "!!", printing
++ * a warning.
++ */
++static char *pathprotect(char *name)
++{
++ int gotdots=0, i, len;
++
++ /* Convert null terminator to trailing / to catch a trailing ".." */
++ len = strlen(name)+1;
++ name[len-1] = '/';
++
++ /*
++ * State machine loop. gotdots is < 0 if not looking at dots,
++ * 0 if we just saw a / and thus might start getting dots,
++ * and the count of dots seen so far if we have seen some.
++ */
++ for (i=0; i<len; i++) {
++ if (name[i]=='.' && gotdots>=0) gotdots++;
++ else if (name[i]=='/' && gotdots<0) gotdots=0;
++ else if (name[i]=='/' && gotdots==2) {
++ printf("Warning: embedded .. in %.*s (changing to !!)\n",
++ len-1, name);
++ name[i-1] = '!';
++ name[i-2] = '!';
++ gotdots = 0;
++ }
++ else if (name[i]=='/') gotdots = 0;
++ else gotdots = -1;
++ }
++ name[len-1] = '\0';
++ return name;
++}
+
+ /*
+ * `Another' gets another argument, and stores the new argc and argv.
+@@ -844,7 +900,15 @@
+
+ if (argc == 2) {
+ argc++;
+- argv[2] = argv[1];
++ /*
++ * Protect the user from accidentally retrieving special
++ * local names.
++ */
++ argv[2] = pipeprotect(argv[1]);
++ if (!argv[2]) {
++ code = -1;
++ return 0;
++ }
+ loc++;
+ }
+ if (argc < 2 && !another(&argc, &argv, "remote-file"))
+@@ -1016,8 +1080,19 @@
+ if (mapflag) {
+ tp = domap(tp);
+ }
+- recvrequest("RETR", tp, cp, "w",
+- tp != cp || !interactive, 1);
++
++ /* Reject embedded ".." */
++ tp = pathprotect(tp);
++
++ /* Prepend ./ to "-" or "!*" or leading "/" */
++ tp = pipeprotect(tp);
++ if (tp == NULL) {
++ /* hmm... how best to handle this? */
++ mflag = 0;
<<Diff was trimmed, longer than 597 lines>>
More information about the pld-cvs-commit
mailing list