From df4b7c5f72e9c7b192e54bddbecdc9bb43cd316f Mon Sep 17 00:00:00 2001 From: adrianp Date: Wed, 3 Aug 2005 20:37:44 +0000 Subject: Add patch to address msfweb "refang" security update Bump to nb2 make pkglint happy --- security/msf/Makefile | 10 +++++----- security/msf/distinfo | 9 +++++---- security/msf/patches/patch-aa | 24 ++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 9 deletions(-) create mode 100644 security/msf/patches/patch-aa (limited to 'security') diff --git a/security/msf/Makefile b/security/msf/Makefile index 86cd9b3f5ac..9b21267cda4 100644 --- a/security/msf/Makefile +++ b/security/msf/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.6 2005/07/16 01:19:19 jlam Exp $ +# $NetBSD: Makefile,v 1.7 2005/08/03 20:37:44 adrianp Exp $ # DISTNAME= framework-2.4 -PKGREVISION= 1 PKGNAME= msf-2.4 +PKGREVISION= 2 CATEGORIES= security MASTER_SITES= http://www.metasploit.com/tools/ @@ -11,12 +11,12 @@ MAINTAINER= adrianp@NetBSD.org HOMEPAGE= http://www.metasploit.com/ COMMENT= Platform for developing, testing, and using exploit code -DIST_SUBDIR= ${PKGNAME} -LICENSE= inlineegg-license - DEPENDS+= p5-Net-SSLeay>=1.23:../../security/p5-Net-SSLeay DEPENDS+= p5-Term-ReadLine>=1.14:../../devel/p5-Term-ReadLine +DIST_SUBDIR= ${PKGNAME} +LICENSE= inlineegg-license + MSFDIR?= ${PREFIX}/share/msf MSFDOC?= ${PREFIX}/share/doc/msf MESSAGE_SUBST+= MSFDIR=${MSFDIR} diff --git a/security/msf/distinfo b/security/msf/distinfo index 19c721fe6e4..8f2044ed682 100644 --- a/security/msf/distinfo +++ b/security/msf/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.5 2005/07/02 12:12:33 adrianp Exp $ +$NetBSD: distinfo,v 1.6 2005/08/03 20:37:44 adrianp Exp $ -SHA1 (msf-2.4nb1/framework-2.4.tar.gz) = b09ec49e259d812805301dc9152175903e46beb3 -RMD160 (msf-2.4nb1/framework-2.4.tar.gz) = c2791c46d6c7b8ac9490acfb81f88f5be7105855 -Size (msf-2.4nb1/framework-2.4.tar.gz) = 2607730 bytes +SHA1 (msf-2.4nb2/framework-2.4.tar.gz) = b09ec49e259d812805301dc9152175903e46beb3 +RMD160 (msf-2.4nb2/framework-2.4.tar.gz) = c2791c46d6c7b8ac9490acfb81f88f5be7105855 +Size (msf-2.4nb2/framework-2.4.tar.gz) = 2607730 bytes +SHA1 (patch-aa) = 318c8136c22d95195ecd40071d36ae22af0807bb diff --git a/security/msf/patches/patch-aa b/security/msf/patches/patch-aa new file mode 100644 index 00000000000..6cbb6ee7cd7 --- /dev/null +++ b/security/msf/patches/patch-aa @@ -0,0 +1,24 @@ +$NetBSD: patch-aa,v 1.1 2005/08/03 20:37:44 adrianp Exp $ + +--- msfweb.orig 2005-08-03 21:12:33.000000000 +0100 ++++ msfweb 2005-08-03 21:04:52.000000000 +0100 +@@ -616,7 +616,18 @@ + my $res = {}; + + foreach (keys(%{$state})) { +- if (m/^OPT\_(.*)/ && defined($state->{$_})) { $res->{$1} = $state->{$_} } ++ if (m/^OPT\_(.*)/ && defined($state->{$_})) { ++ my $name = $1; ++ ++ # Block all options starting with underscore (thanks Dino!) ++ if ($name !~ /^_/) { ++ $res->{$name} = $state->{$_}; ++ } ++ else { ++ # XXX - report a possible "refang" attack? ++ next; ++ } ++ } + } + return $res; + } -- cgit v1.2.3