[pkgsrc/trunk]: pkgsrc/net/IglooFTP net/IglooFTP: fix potential endless loop ...

[rillig <rillig%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5d7fba4d83b2
branches:  trunk
changeset: 430712:5d7fba4d83b2
user:      rillig <rillig%pkgsrc.org@localhost>
date:      Sun May 03 14:38:36 2020 +0000

description:
net/IglooFTP: fix potential endless loop for long passwords

diffstat:

 net/IglooFTP/Makefile                    |   4 ++--
 net/IglooFTP/distinfo                    |   3 ++-
 net/IglooFTP/patches/patch-src_console_c |  21 +++++++++++++++++++++
 3 files changed, 25 insertions(+), 3 deletions(-)

diffs (52 lines):

diff -r 80afc00634f0 -r 5d7fba4d83b2 net/IglooFTP/Makefile
--- a/net/IglooFTP/Makefile     Sun May 03 14:25:53 2020 +0000
+++ b/net/IglooFTP/Makefile     Sun May 03 14:38:36 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.20 2017/08/16 20:45:41 wiz Exp $
+# $NetBSD: Makefile,v 1.21 2020/05/03 14:38:36 rillig Exp $
 
 DISTNAME=      IglooFTP-0.6.1
-PKGREVISION=   6
+PKGREVISION=   7
 CATEGORIES=    net
 MASTER_SITES=  ${MASTER_SITE_SUNSITE:=system/network/file-transfer/}
 EXTRACT_SUFX=  .src.tar.gz
diff -r 80afc00634f0 -r 5d7fba4d83b2 net/IglooFTP/distinfo
--- a/net/IglooFTP/distinfo     Sun May 03 14:25:53 2020 +0000
+++ b/net/IglooFTP/distinfo     Sun May 03 14:38:36 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.12 2015/11/04 00:34:51 agc Exp $
+$NetBSD: distinfo,v 1.13 2020/05/03 14:38:36 rillig Exp $
 
 SHA1 (IglooFTP-0.6.1.src.tar.gz) = ab56bc6c15dc81525b8e987ae5fc15e562f92eed
 RMD160 (IglooFTP-0.6.1.src.tar.gz) = 7f0971ec857542d96a09dffc9db8a3544df38fae
@@ -11,3 +11,4 @@
 SHA1 (patch-ae) = 84cd31095b3b4772e27f7bc56daeaf77834680b6
 SHA1 (patch-af) = 916f5d0c841bc706329f64ffd13b1ca820058ba4
 SHA1 (patch-ag) = 96dfa4a0faefc3970f886947e8863ff00dd9f148
+SHA1 (patch-src_console_c) = d1692d9509c237a36b29f616dfe4141331c4f6a5
diff -r 80afc00634f0 -r 5d7fba4d83b2 net/IglooFTP/patches/patch-src_console_c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/IglooFTP/patches/patch-src_console_c  Sun May 03 14:38:36 2020 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-src_console_c,v 1.1 2020/05/03 14:38:36 rillig Exp $
+
+Not sure whether this could lead to an endless loop when someone enters a
+long password.  Anyway, using a signed character as array index is wrong.
+
+Found by GCC's -Werror=char-subscripts.
+
+Not reported upstream because this package doesn't even have a homepage
+anymore.
+
+--- src/console.c.orig 1999-04-15 16:05:13.000000000 +0000
++++ src/console.c
+@@ -177,7 +177,7 @@ local_message (char *this_message)
+ 
+   if (strstr (this_message, "PASS"))
+     {
+-      register char f;
++      size_t f;
+       for (f = 5; f < strlen (this_message); f++)
+       this_message[f] = 'x';
+     }