PKGBASE= shellinabox
SIB_VER= v2.20
DISTNAME= ${PKGBASE}-${SIB_VER}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_GITHUB:=shellinabox/}
GITHUB_TAG= ${SIB_VER}
MAINTAINER= ast@NetBSD.org
-HOMEPAGE= https://code.google.com/archive/p/shellinabox/
+HOMEPAGE= https://github.com/shellinabox/shellinabox
COMMENT= JavaScript/CSS web server instrumentation for terminal emulation
LICENSE= gnu-gpl-v2
PKG_USERS_VARS= SIB_GROUP
RCD_SCRIPTS+= shellinaboxd
-RCD_SCRIPT_SRC.shellinaboxd = ${WRKSRC}/shellinaboxd.in
+RCD_SCRIPT_SRC.shellinaboxd= ${WRKSRC}/shellinaboxd.in
SUBST_CLASSES+= sib
SUBST_STAGE.sib= pre-configure
Size (shellinabox-v2.20.tar.gz) = 745920 bytes
SHA1 (patch-configure-ptsname_r) = 40c44f37afb09b99b40ee5b4faf470d95add10b7
SHA1 (patch-configure-shell-syntax) = f6341418e5cc7538935c4c8ee8b2fa812512d579
+SHA1 (patch-libhttp-url-broken-multipart-form-data) = 6bf678d939880bd029548aa85246aacb188fce5a
SHA1 (patch-service-ssh-rm-rsa-options) = 7e085d515d63dfd4fa3c3975a93a8e0434795e73
--- /dev/null
+$NetBSD$
+
+Merge https://github.com/shellinabox/shellinabox/pull/446/commits
+commit 7f47efe for CVE-2018-16789: fix for broken multipart/form-data
+to mitigate DoS attack.
+
+--- libhttp/url.c.orig 2019-04-07 08:39:04.352921385 +0200
++++ libhttp/url.c 2019-04-07 08:42:30.746080956 +0200
+@@ -312,6 +312,9 @@
+ }
+ }
+ }
++ } else {
++ warn("[http] broken multipart/form-data!");
++ break;
+ }
+ }
+ if (lastPart) {
pkgsrc-wip -- http://pkgsrc.org/wip/ / pkgsrc-wip.git / commitdiff