From owner-freebsd-ports Wed Jul 25 5:50:38 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E1DE037B40A for ; Wed, 25 Jul 2001 05:50:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f6PCo1k75601; Wed, 25 Jul 2001 05:50:01 -0700 (PDT) (envelope-from gnats) Received: from mail.harmonic.co.il (jupiter.harmonic.co.il [192.116.140.62]) by hub.freebsd.org (Postfix) with ESMTP id 499A137B401 for ; Wed, 25 Jul 2001 05:47:25 -0700 (PDT) (envelope-from roman@mars.harmonic.co.il) Received: from mars.harmonic.co.il (mars.harmonic.co.il [10.40.1.8]) by mail.harmonic.co.il (Postfix) with ESMTP id 2744E84 for ; Wed, 25 Jul 2001 15:59:04 +0300 (IDT) Received: (from roman@localhost) by mars.harmonic.co.il (8.11.1/8.11.1) id f6PCqSK08864; Wed, 25 Jul 2001 15:52:28 +0300 (IDT) (envelope-from roman) Message-Id: <200107251252.f6PCqSK08864@mars.harmonic.co.il> Date: Wed, 25 Jul 2001 15:52:28 +0300 (IDT) From: roman@xpert.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: ports/29217: [MAINTAINER UPDATE] www/smb2www - security and bugfixes Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 29217 >Category: ports >Synopsis: [MAINTAINER UPDATE] www/smb2www - security and bugfixes >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Jul 25 05:50:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Roman Shterenzon >Release: FreeBSD 4.2-RELEASE i386 >Organization: >Environment: >Description: system() calls eliminated. new samba behavior fixes. >How-To-Repeat: >Fix: diff -urN /usr/ports/www/smb2www/Makefile smb2www/Makefile --- /usr/ports/www/smb2www/Makefile Sat Apr 7 08:29:19 2001 +++ smb2www/Makefile Wed Jul 25 15:47:52 2001 @@ -7,6 +7,7 @@ PORTNAME= smb2www PORTVERSION= 0.0.980804 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= http://us1.samba.org/samba/smb2www/ \ http://us2.samba.org/samba/smb2www/ \ diff -urN /usr/ports/www/smb2www/files/patch-smb2www.pm smb2www/files/patch-smb2www.pm --- /usr/ports/www/smb2www/files/patch-smb2www.pm Sat Apr 7 08:29:20 2001 +++ smb2www/files/patch-smb2www.pm Wed Jul 25 15:49:18 2001 @@ -1,6 +1,57 @@ ---- cgi-bin/smb2www.pm.orig Thu May 25 11:07:02 2000 -+++ cgi-bin/smb2www.pm Tue Jul 18 12:30:44 2000 -@@ -371,7 +371,7 @@ +--- smb2www.pm.orig Wed Jul 25 14:22:50 2001 ++++ smb2www.pm Wed Jul 25 15:49:02 2001 +@@ -26,6 +26,7 @@ + package smb2www; + use Exporter (); + ++use POSIX ":sys_wait_h"; + use MIME::Base64; + use Time::Local; # for lmtime + use strict; +@@ -289,6 +290,7 @@ + if ( $target eq "") { $target = "-" }; + $file =~ s/^(.*)\/([^\/]*)$/$1$2/ ; + if ( $user ne "" ) { $user="-U$user"; } ++ else { $user = "-Uguest"; } + if ( $pass ne "") { + if ( $user eq "" ) { + $user = "-Uguest"; +@@ -296,9 +298,14 @@ + } else { + $pass = "-N"; + } +- my @args = ("$cfg{bindir}/smbclient", "//$host/$share", "$pass", "$user", "-d +- 0", "-c", "get \"$file\" $target"); +- return system (@args); ++ my @args = ("$cfg{bindir}/smbclient", "//$host/$share", "$pass", "$user", "-d0", "-c", "get $file $target"); ++ my $pid=fork(); ++ if (!$pid) { ++ exec (@args); ++ return 1; ++ } ++ waitpid(-1, &WNOHANG); ++ return 0; + } + + # Makes a TAR of //$host/$share/$dir, using $user and $pass, to $target. +@@ -317,8 +324,14 @@ + } else { + $pass = "-N"; + } +- my @args = ("$cfg{bindir}/smbclient", "//$host/$share", "$pass", "$user", "-d0 ", "-D", "$dir", "-Tc", "$target"); +- return system (@args); ++ my @args = ("$cfg{bindir}/smbclient", "//$host/$share", "$pass", "$user", "-d0", "-D", "$dir", "-Tc", "$target"); ++ my $pid=fork(); ++ if (!$pid) { ++ exec (@args); ++ return 1; ++ } ++ waitpid(-1, &WNOHANG); ++ return 0; + } + + # Return an array with sorted dir and filelisting +@@ -371,7 +384,7 @@ sub GetSMBShr { my $share = $_[0]; my @ret = (); @@ -9,7 +60,7 @@ my @out = `$lookup`; my $line = shift @out; while ( (not $line =~ /^\s+Sharename/) and ($#out >= -1) ) { -@@ -406,13 +406,14 @@ +@@ -406,18 +419,16 @@ sub GetSMBHosts { my ($workgroup,$host) = @_; my @ret = (); @@ -19,14 +70,20 @@ my $line = shift @out; - while ((not $line =~ /^This machine has a browse list/) and ($#out >= -1) ) { -+ while ((not $line =~ /^\s+Server\s+Comment/) and ($#out >= -1) ) { ++ while ((not $line =~ /^\tServer\s+Comment$/) and ($#out >= -1) ) { $line = shift @out; } + shift @out; ++ $line = shift @out; if ($#out >= -1) { - $line = shift @out; - $line = shift @out; -@@ -437,16 +438,14 @@ +- $line = shift @out; +- $line = shift @out; +- $line = shift @out; +- $line = shift @out; + while ((not $line =~ /^$/) and ($#out >= -1)) { + if ( $line =~ /^\t([\S ]*\S) {5,}(\S[\S ]*|\S|)$/ ) { + my $rec = {}; +@@ -437,16 +448,14 @@ sub GetSMBGroups { my @ret = (); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message