From owner-svn-ports-branches@freebsd.org Thu Nov 29 06:17:12 2018 Return-Path: Delivered-To: svn-ports-branches@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C1881152945; Thu, 29 Nov 2018 06:17:12 +0000 (UTC) (envelope-from olivier@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BB2F775C4C; Thu, 29 Nov 2018 06:17:11 +0000 (UTC) (envelope-from olivier@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9B98315A6B; Thu, 29 Nov 2018 06:17:11 +0000 (UTC) (envelope-from olivier@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAT6HBUJ009289; Thu, 29 Nov 2018 06:17:11 GMT (envelope-from olivier@FreeBSD.org) Received: (from olivier@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAT6HAdM009281; Thu, 29 Nov 2018 06:17:10 GMT (envelope-from olivier@FreeBSD.org) Message-Id: <201811290617.wAT6HAdM009281@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: olivier set sender to olivier@FreeBSD.org using -f From: Olivier Cochard Date: Thu, 29 Nov 2018 06:17:10 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r486154 - in branches/2018Q4/www/shellinabox: . files X-SVN-Group: ports-branches X-SVN-Commit-Author: olivier X-SVN-Commit-Paths: in branches/2018Q4/www/shellinabox: . files X-SVN-Commit-Revision: 486154 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: BB2F775C4C X-Spamd-Result: default: False [1.52 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.51)[0.509,0]; NEURAL_SPAM_MEDIUM(0.42)[0.421,0]; NEURAL_SPAM_LONG(0.59)[0.594,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Nov 2018 06:17:12 -0000 Author: olivier Date: Thu Nov 29 06:17:09 2018 New Revision: 486154 URL: https://svnweb.freebsd.org/changeset/ports/486154 Log: MFH: r484647 r484756 r484876 Fixes: - build with OpenSSL 1.1 - broken multipart/form-data (CVE-2018-16789) - Interpret aixterm high-intensity color escape codes All these patches came from the project pull requests list. Reported by: pkg-fallout Security: CVE-2018-16789 Update WWW - While I'm here, remove no-op GH_ACCOUNT (the default) Approved by: portmgr (blanket) Be stricter when matching URLs. Submitted by: gahr Obtained from: https://github.com/shellinabox/shellinabox/pull/448/ Approved by: portmgr (blanket) Added: branches/2018Q4/www/shellinabox/files/patch-configure.ac - copied unchanged from r484647, head/www/shellinabox/files/patch-configure.ac branches/2018Q4/www/shellinabox/files/patch-libhttp_ssl.c - copied unchanged from r484647, head/www/shellinabox/files/patch-libhttp_ssl.c branches/2018Q4/www/shellinabox/files/patch-libhttp_ssl.h - copied unchanged from r484647, head/www/shellinabox/files/patch-libhttp_ssl.h branches/2018Q4/www/shellinabox/files/patch-libhttp_url.c - copied unchanged from r484647, head/www/shellinabox/files/patch-libhttp_url.c branches/2018Q4/www/shellinabox/files/patch-shellinabox_launcher.c - copied unchanged from r484647, head/www/shellinabox/files/patch-shellinabox_launcher.c branches/2018Q4/www/shellinabox/files/patch-shellinabox_vt100.jspp - copied, changed from r484647, head/www/shellinabox/files/patch-shellinabox_vt100.jspp Modified: branches/2018Q4/www/shellinabox/Makefile branches/2018Q4/www/shellinabox/pkg-descr Directory Properties: branches/2018Q4/ (props changed) Modified: branches/2018Q4/www/shellinabox/Makefile ============================================================================== --- branches/2018Q4/www/shellinabox/Makefile Thu Nov 29 01:58:49 2018 (r486153) +++ branches/2018Q4/www/shellinabox/Makefile Thu Nov 29 06:17:09 2018 (r486154) @@ -4,6 +4,7 @@ PORTNAME= shellinabox PORTVERSION= 2.20 DISTVERSIONPREFIX= v +PORTREVISION= 2 CATEGORIES= www MAINTAINER= olivier@FreeBSD.org @@ -11,15 +12,14 @@ COMMENT= Publish command line shell through AJAX inter LICENSE= GPLv2 -USE_GITHUB= yes -GH_ACCOUNT= shellinabox +USES= autoreconf libtool OPTIONS_DEFINE= CORES NOLOGIN CORES_DESC= Patch shellinaboxd to enable core dumps NOLOGIN_DESC= Login through ssh (not through login) -USES= autoreconf libtool GNU_CONFIGURE= yes +USE_GITHUB= yes USE_RC_SUBR= shellinaboxd USERS?= shellinabox Copied: branches/2018Q4/www/shellinabox/files/patch-configure.ac (from r484647, head/www/shellinabox/files/patch-configure.ac) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q4/www/shellinabox/files/patch-configure.ac Thu Nov 29 06:17:09 2018 (r486154, copy of r484647, head/www/shellinabox/files/patch-configure.ac) @@ -0,0 +1,20 @@ +--- configure.ac.orig 2016-11-09 19:40:33 UTC ++++ configure.ac +@@ -138,6 +138,17 @@ AC_ARG_ENABLE(runtime-loading, + these libraries into the binary, thus making them a + hard dependency, then disable runtime-loading.]) + ++dnl This changes the order of the top ciphersuites ++AC_ARG_ENABLE(prefer-chacha, ++ [ --enable-prefer-chacha Prefer ChaCha20-Poly1305 ciphersuites over ++ AES256-GCM. For processors without AES-NI or ++ similar capabilities, ChaCha20-Poly1305 is 3 times ++ faster than AES, with an equivalent strength.]) ++if test "x$enable_prefer_chacha" == xyes; then ++ AC_DEFINE(SHELLINABOX_USE_CHACHA_FIRST, 1, ++ Set if you want to prefer Chacha20-Poly1305 over AES-GCM) ++fi ++ + dnl This is feature is not suported in some standard C libs. So users can use + dnl this switch to avoid compile and runtime problems. Note that utmp must + dnl disabled on systems with musl libc. Copied: branches/2018Q4/www/shellinabox/files/patch-libhttp_ssl.c (from r484647, head/www/shellinabox/files/patch-libhttp_ssl.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q4/www/shellinabox/files/patch-libhttp_ssl.c Thu Nov 29 06:17:09 2018 (r486154, copy of r484647, head/www/shellinabox/files/patch-libhttp_ssl.c) @@ -0,0 +1,200 @@ +--- libhttp/ssl.c.orig 2016-11-09 19:40:33 UTC ++++ libhttp/ssl.c +@@ -117,6 +117,9 @@ SSL_CTX * (*SSL_CTX_new)(SSL_METHOD *); + int (*SSL_CTX_set_cipher_list)(SSL_CTX *, const char *); + void (*SSL_CTX_set_info_callback)(SSL_CTX *, + void (*)(const SSL *, int, int)); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++unsigned long (*SSL_CTX_set_options)(SSL_CTX *, unsigned long); ++#endif + int (*SSL_CTX_use_PrivateKey_file)(SSL_CTX *, const char *, int); + int (*SSL_CTX_use_PrivateKey_ASN1)(int, SSL_CTX *, + const unsigned char *, long); +@@ -130,7 +133,9 @@ void * (*SSL_get_ex_data)(const SSL *, int); + BIO * (*SSL_get_rbio)(const SSL *); + const char * (*SSL_get_servername)(const SSL *, int); + BIO * (*SSL_get_wbio)(const SSL *); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + int (*SSL_library_init)(void); ++#endif + SSL * (*SSL_new)(SSL_CTX *); + int (*SSL_read)(SSL *, void *, int); + SSL_CTX * (*SSL_set_SSL_CTX)(SSL *, SSL_CTX *); +@@ -139,10 +144,16 @@ void (*SSL_set_bio)(SSL *, BIO *, BIO *); + int (*SSL_set_ex_data)(SSL *, int, void *); + int (*SSL_shutdown)(SSL *); + int (*SSL_write)(SSL *, const void *, int); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + SSL_METHOD * (*SSLv23_server_method)(void); ++#else ++SSL_METHOD * (*TLS_server_method)(void); ++#endif + X509 * (*d2i_X509)(X509 **px, const unsigned char **in, int len); + void (*X509_free)(X509 *a); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + void (*x_sk_zero)(void *st); ++#endif + void * (*x_SSL_COMP_get_compression_methods)(void); + #endif + +@@ -208,7 +219,7 @@ static int maybeLoadCrypto(void) { + // The feature is currently disabled. + const char* path_libcrypto = NULL; // getenv ("SHELLINABOX_LIBCRYPTO_SO"); + if (path_libcrypto == NULL) +- path_libcrypto = "libcrypto.so"; ++ path_libcrypto = DEFAULT_LIBCRYPTO_SO; + + if (!crypto++) { + #ifdef RTLD_NOLOAD +@@ -267,8 +278,8 @@ static void loadSSL(void) { + // The feature is currently disabled. + const char* path_libssl = NULL; // = getenv ("SHELLINABOX_LIBSSL_SO"); + if (path_libssl == NULL) +- path_libssl = "libssl.so"; +- check(!SSL_library_init); ++ path_libssl = DEFAULT_LIBSSL_SO; ++ check(!SSL_CTX_new); + struct { + union { + void *avoid_gcc_warning_about_type_punning; +@@ -299,6 +310,9 @@ static void loadSSL(void) { + { { &SSL_CTX_new }, "SSL_CTX_new" }, + { { &SSL_CTX_set_cipher_list }, "SSL_CTX_set_cipher_list" }, + { { &SSL_CTX_set_info_callback }, "SSL_CTX_set_info_callback" }, ++#if OPENSSL_VERSION_NUMBER > 0x10100000L ++ { { &SSL_CTX_set_options }, "SSL_CTX_set_options" }, ++#endif + { { &SSL_CTX_use_PrivateKey_file }, "SSL_CTX_use_PrivateKey_file" }, + { { &SSL_CTX_use_PrivateKey_ASN1 }, "SSL_CTX_use_PrivateKey_ASN1" }, + { { &SSL_CTX_use_certificate_file },"SSL_CTX_use_certificate_file"}, +@@ -312,7 +326,9 @@ static void loadSSL(void) { + { { &SSL_get_servername }, "SSL_get_servername" }, + #endif + { { &SSL_get_wbio }, "SSL_get_wbio" }, ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + { { &SSL_library_init }, "SSL_library_init" }, ++#endif + { { &SSL_new }, "SSL_new" }, + { { &SSL_read }, "SSL_read" }, + #ifdef HAVE_TLSEXT +@@ -323,10 +339,16 @@ static void loadSSL(void) { + { { &SSL_set_ex_data }, "SSL_set_ex_data" }, + { { &SSL_shutdown }, "SSL_shutdown" }, + { { &SSL_write }, "SSL_write" }, ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + { { &SSLv23_server_method }, "SSLv23_server_method" }, ++#else ++ { { &TLS_server_method }, "TLS_server_method" }, ++#endif + { { &d2i_X509 }, "d2i_X509" }, + { { &X509_free }, "X509_free" }, ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + { { &x_sk_zero }, "sk_zero" } ++#endif + }; + for (unsigned i = 0; i < sizeof(symbols)/sizeof(symbols[0]); i++) { + if (!(*symbols[i].var = loadSymbol(path_libssl, symbols[i].fn))) { +@@ -343,7 +365,9 @@ static void loadSSL(void) { + // ends + + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + SSL_library_init(); ++#endif + dcheck(!ERR_peek_error()); + debug("[ssl] Loaded SSL suppport..."); + } +@@ -351,8 +375,12 @@ static void loadSSL(void) { + + int serverSupportsSSL(void) { + #if defined(HAVE_OPENSSL) && !defined(HAVE_DLOPEN) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + return SSL_library_init(); + #else ++ return 1; ++#endif ++#else + #if defined(HAVE_OPENSSL) + // We want to call loadSSL() exactly once. For single-threaded applications, + // this is straight-forward. For threaded applications, we need to call +@@ -372,8 +400,12 @@ int serverSupportsSSL(void) { + loadSSL(); + } + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + return !!SSL_library_init; + #else ++ return 1; ++#endif ++#else + return 0; + #endif + #endif +@@ -623,7 +655,11 @@ static void sslInfoCallback(const SSL *sslHndl, int ty + static SSL_CTX *sslMakeContext(void) { + + SSL_CTX *context; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + check(context = SSL_CTX_new(SSLv23_server_method())); ++#else ++ check(context = SSL_CTX_new(TLS_server_method())); ++#endif + + long options = SSL_OP_ALL; + options |= SSL_OP_NO_SSLv2; +@@ -641,6 +677,7 @@ static SSL_CTX *sslMakeContext(void) { + // Set default SSL options. + SSL_CTX_set_options(context, options); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + // Workaround for SSL_OP_NO_COMPRESSION with older OpenSSL versions. + #ifdef HAVE_DLOPEN + if (SSL_COMP_get_compression_methods) { +@@ -649,6 +686,7 @@ static SSL_CTX *sslMakeContext(void) { + #elif OPENSSL_VERSION_NUMBER >= 0x00908000L + sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); + #endif ++#endif + + // For Perfect Forward Secrecy (PFS) support we need to enable some additional + // SSL options, provide eliptic curve key object for handshake and add chipers +@@ -657,21 +695,39 @@ static SSL_CTX *sslMakeContext(void) { + SSL_CTX_set_options(context, SSL_OP_SINGLE_ECDH_USE); + SSL_CTX_set_options(context, SSL_OP_CIPHER_SERVER_PREFERENCE); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L /* openssl 1.1 does this automatically */ + EC_KEY *ecKey; + check(ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + SSL_CTX_set_tmp_ecdh(context, ecKey); + EC_KEY_free(ecKey); ++#endif + + debug("[ssl] Support for PFS enabled..."); + #endif + + check(SSL_CTX_set_cipher_list(context, ++#ifdef SHELLINABOX_USE_CHACHA_FIRST ++ "ECDHE-ECDSA-CHACHA20-POLY1305:" ++ "ECDHE-RSA-CHACHA20-POLY1305:" ++ "ECDHE-ECDSA-AES256-GCM-SHA384:" + "ECDHE-RSA-AES256-GCM-SHA384:" ++#else ++ "ECDHE-ECDSA-AES256-GCM-SHA384:" ++ "ECDHE-RSA-AES256-GCM-SHA384:" ++ "ECDHE-ECDSA-CHACHA20-POLY1305:" ++ "ECDHE-RSA-CHACHA20-POLY1305:" ++#endif ++ "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256:" ++ "ECDHE-ECDSA-AES256-SHA384:" + "ECDHE-RSA-AES256-SHA384:" ++ "ECDHE-ECDSA-AES128-SHA256:" + "ECDHE-RSA-AES128-SHA256:" ++ "ECDHE-ECDSA-AES256-SHA:" + "ECDHE-RSA-AES256-SHA:" ++ "ECDHE-ECDSA-AES128-SHA:" + "ECDHE-RSA-AES128-SHA:" ++ "ECDHE-ECDSA-DES-CBC3-SHA:" + "ECDHE-RSA-DES-CBC3-SHA:" + "HIGH:MEDIUM:!RC4:!aNULL:!MD5")); + Copied: branches/2018Q4/www/shellinabox/files/patch-libhttp_ssl.h (from r484647, head/www/shellinabox/files/patch-libhttp_ssl.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q4/www/shellinabox/files/patch-libhttp_ssl.h Thu Nov 29 06:17:09 2018 (r486154, copy of r484647, head/www/shellinabox/files/patch-libhttp_ssl.h) @@ -0,0 +1,102 @@ +--- libhttp/ssl.h.orig 2016-11-09 19:40:33 UTC ++++ libhttp/ssl.h +@@ -57,6 +57,7 @@ + #include + #include + #include ++#include + #else + #undef HAVE_OPENSSL + typedef struct BIO BIO; +@@ -77,6 +78,17 @@ typedef struct X509 X509; + #endif + + #if defined(HAVE_DLOPEN) ++#if !defined(DEFAULT_LIBCRYPTO_SO) || !defined(DEFAULT_LIBSSL_SO) ++#undef DEFAULT_LIBCRYPTO_SO ++#undef DEFAULT_LIBSSL_SO ++#ifdef SHLIB_VERSION_NUMBER ++#define DEFAULT_LIBCRYPTO_SO "libcrypto.so." SHLIB_VERSION_NUMBER ++#define DEFAULT_LIBSSL_SO "libssl.so." SHLIB_VERSION_NUMBER ++#else ++#define DEFAULT_LIBCRYPTO_SO "libcrypto.so" ++#define DEFAULT_LIBSSL_SO "libssl.so" ++#endif ++#endif + extern long (*x_BIO_ctrl)(BIO *, int, long, void *); + extern BIO_METHOD *(*x_BIO_f_buffer)(void); + extern void (*x_BIO_free_all)(BIO *); +@@ -99,6 +111,9 @@ extern SSL_CTX*(*x_SSL_CTX_new)(SSL_METHOD *); + extern int (*x_SSL_CTX_set_cipher_list)(SSL_CTX *, const char *); + extern void (*x_SSL_CTX_set_info_callback)(SSL_CTX *, + void (*)(const SSL *, int, int)); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++extern unsigned long (*x_SSL_CTX_set_options)(SSL_CTX *, unsigned long); ++#endif + extern int (*x_SSL_CTX_use_PrivateKey_file)(SSL_CTX *, const char *, int); + extern int (*x_SSL_CTX_use_PrivateKey_ASN1)(int, SSL_CTX *, + const unsigned char *, long); +@@ -112,7 +127,9 @@ extern void *(*x_SSL_get_ex_data)(const SSL *, int); + extern BIO *(*x_SSL_get_rbio)(const SSL *); + extern const char *(*x_SSL_get_servername)(const SSL *, int); + extern BIO *(*x_SSL_get_wbio)(const SSL *); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + extern int (*x_SSL_library_init)(void); ++#endif + extern SSL *(*x_SSL_new)(SSL_CTX *); + extern int (*x_SSL_read)(SSL *, void *, int); + extern SSL_CTX*(*x_SSL_set_SSL_CTX)(SSL *, SSL_CTX *); +@@ -121,10 +138,16 @@ extern void (*x_SSL_set_bio)(SSL *, BIO *, BIO *); + extern int (*x_SSL_set_ex_data)(SSL *, int, void *); + extern int (*x_SSL_shutdown)(SSL *); + extern int (*x_SSL_write)(SSL *, const void *, int); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + extern SSL_METHOD *(*x_SSLv23_server_method)(void); ++#else ++extern SSL_METHOD *(*x_TLS_server_method)(void); ++#endif + extern X509 * (*x_d2i_X509)(X509 **px, const unsigned char **in, int len); + extern void (*x_X509_free)(X509 *a); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + extern void (*x_sk_zero)(void *st); ++#endif + extern void *(*x_SSL_COMP_get_compression_methods)(void); + + #define BIO_ctrl x_BIO_ctrl +@@ -146,6 +169,9 @@ extern void *(*x_SSL_COMP_get_compression_methods)(v + #define SSL_CTX_new x_SSL_CTX_new + #define SSL_CTX_set_cipher_list x_SSL_CTX_set_cipher_list + #define SSL_CTX_set_info_callback x_SSL_CTX_set_info_callback ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#define SSL_CTX_set_options x_SSL_CTX_set_options ++#endif + #define SSL_CTX_use_PrivateKey_file x_SSL_CTX_use_PrivateKey_file + #define SSL_CTX_use_PrivateKey_ASN1 x_SSL_CTX_use_PrivateKey_ASN1 + #define SSL_CTX_use_certificate_file x_SSL_CTX_use_certificate_file +@@ -157,7 +183,9 @@ extern void *(*x_SSL_COMP_get_compression_methods)(v + #define SSL_get_rbio x_SSL_get_rbio + #define SSL_get_servername x_SSL_get_servername + #define SSL_get_wbio x_SSL_get_wbio ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #define SSL_library_init x_SSL_library_init ++#endif + #define SSL_new x_SSL_new + #define SSL_read x_SSL_read + #define SSL_set_SSL_CTX x_SSL_set_SSL_CTX +@@ -166,10 +194,16 @@ extern void *(*x_SSL_COMP_get_compression_methods)(v + #define SSL_set_ex_data x_SSL_set_ex_data + #define SSL_shutdown x_SSL_shutdown + #define SSL_write x_SSL_write ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #define SSLv23_server_method x_SSLv23_server_method ++#else ++#define TLS_server_method x_TLS_server_method ++#endif + #define d2i_X509 x_d2i_X509 + #define X509_free x_X509_free ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #define sk_zero x_sk_zero ++#endif + #define SSL_COMP_get_compression_methods x_SSL_COMP_get_compression_methods + + #undef BIO_set_buffer_read_data Copied: branches/2018Q4/www/shellinabox/files/patch-libhttp_url.c (from r484647, head/www/shellinabox/files/patch-libhttp_url.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q4/www/shellinabox/files/patch-libhttp_url.c Thu Nov 29 06:17:09 2018 (r486154, copy of r484647, head/www/shellinabox/files/patch-libhttp_url.c) @@ -0,0 +1,12 @@ +--- libhttp/url.c.orig 2016-11-09 19:40:33 UTC ++++ libhttp/url.c +@@ -312,6 +312,9 @@ static void urlParsePostBody(struct URL *url, + } + } + } ++ } else { ++ warn("[http] broken multipart/form-data!"); ++ break; + } + } + if (lastPart) { Copied: branches/2018Q4/www/shellinabox/files/patch-shellinabox_launcher.c (from r484647, head/www/shellinabox/files/patch-shellinabox_launcher.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q4/www/shellinabox/files/patch-shellinabox_launcher.c Thu Nov 29 06:17:09 2018 (r486154, copy of r484647, head/www/shellinabox/files/patch-shellinabox_launcher.c) @@ -0,0 +1,13 @@ +--- shellinabox/launcher.c.orig 2016-11-09 19:40:33 UTC ++++ shellinabox/launcher.c +@@ -993,8 +993,8 @@ static pam_handle_t *internalLogin(struct Service *ser + if (service->authUser == 2 /* SSH */) { + // If connecting to a remote host, include that hostname + hostname = strrchr(service->cmdline, '@'); +- if (!hostname || !strcmp(++hostname, "localhost")) { +- hostname = NULL; ++ if (hostname) { ++ hostname++; + } + } + struct utsname uts; Copied and modified: branches/2018Q4/www/shellinabox/files/patch-shellinabox_vt100.jspp (from r484647, head/www/shellinabox/files/patch-shellinabox_vt100.jspp) ============================================================================== --- head/www/shellinabox/files/patch-shellinabox_vt100.jspp Sat Nov 10 22:45:31 2018 (r484647, copy source) +++ branches/2018Q4/www/shellinabox/files/patch-shellinabox_vt100.jspp Thu Nov 29 06:17:09 2018 (r486154) @@ -1,24 +1,22 @@ ---- shellinabox/vt100.jspp.orig 2016-11-09 19:40:33 UTC +--- shellinabox/vt100.jspp.orig 2018-11-13 14:31:22 UTC +++ shellinabox/vt100.jspp -@@ -3937,13 +3937,21 @@ VT100.prototype.csim = function() { - break; - default: - if (this.par[i] >= 30 && this.par[i] <= 37) { -+ // set foreground color, colors 0-7 (ansi) - var fg = this.par[i] - 30; - this.attr = ((this.attr & ~0x0F) | fg) & ~(ATTR_DEF_FG); - this.attrFg = false; - } else if (this.par[i] >= 40 && this.par[i] <= 47) { -+ // set background color, colors 0-7 (ansi) - var bg = this.par[i] - 40; - this.attr = ((this.attr & ~0xF0) | (bg << 4)) & ~(ATTR_DEF_BG); - this.attrBg = false; -+ } else if (this.par[i] >= 90 && this.par[i] <= 97) { -+ // set foreground color, colors 8-15 (aixterm high-intensity) -+ this.attrFg = this.par[i] - 82; -+ } else if (this.par[i] >= 100 && this.par[i] <= 107) { -+ // set background color, colors 8-15 (aixterm high-intensity) -+ this.attrBg = this.par[i] - 92; - } - break; - } +@@ -118,7 +118,8 @@ function VT100(container) { + '(?::[1-9][0-9]*)?' + + + // Path. +- '(?:/(?:(?![/ \u00A0]|[,.)}"\u0027!]+[ \u00A0]|[,.)}"\u0027!]+$).)*)*|' + ++ '(?:/(?:(?![/ \u00A0]|[,.)}"\u0027!]+[ \u00A0]|[,.)}"\u0027!]+$)' + ++ '[-a-zA-Z0-9@:%_\+.~#?&//=])*)*|' + + + (linkifyURLs <= 1 ? '' : + // Also support URLs without a protocol (assume "http"). +@@ -149,7 +150,8 @@ function VT100(container) { + '(?::[1-9][0-9]{0,4})?' + + + // Path. +- '(?:/(?:(?![/ \u00A0]|[,.)}"\u0027!]+[ \u00A0]|[,.)}"\u0027!]+$).)*)*|') + ++ '(?:/(?:(?![/ \u00A0]|[,.)}"\u0027!]+[ \u00A0]|[,.)}"\u0027!]+$)' + ++ '[-a-zA-Z0-9@:%_\+.~#?&//=])*)*|') + + + // In addition, support e-mail address. Optionally, recognize "mailto:" + '(?:mailto:)' + (linkifyURLs <= 1 ? '' : '?') + Modified: branches/2018Q4/www/shellinabox/pkg-descr ============================================================================== --- branches/2018Q4/www/shellinabox/pkg-descr Thu Nov 29 01:58:49 2018 (r486153) +++ branches/2018Q4/www/shellinabox/pkg-descr Thu Nov 29 06:17:09 2018 (r486154) @@ -1,4 +1,4 @@ Shell In A Box is a web server that can export arbitary command line tools to a web based terminal emulator. -WWW: http://code.google.com/p/shellinabox/ +WWW: https://github.com/shellinabox/shellinabox