- SECURITY: fix two boundary errors in fsplib code when processing

overly long directory or file names (CVE-2007-3961 & CVE-2007-3962
from Gentoo CVS via FreeBSD
- regen patches while here

net/gftp/Makefile

@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.13 2007/07/13 08:09:44 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.14 2007/11/06 12:14:18 ajacoutot Exp $
 
 COMMENT=	multithreaded gtk2 file transfer client
 
 DISTNAME=	gftp-2.0.18
-PKGNAME=	${DISTNAME}p7
+PKGNAME=	${DISTNAME}p8
 CATEGORIES=	net
 
 HOMEPAGE=	http://gftp.seul.org/

net/gftp/patches/patch-lib_fsplib_fsplib_c

@@ -1,6 +1,6 @@
-$OpenBSD: patch-lib_fsplib_fsplib_c,v 1.1.1.1 2005/11/02 20:19:29 alek Exp $
---- lib/fsplib/fsplib.c.orig	Mon Oct 17 17:14:01 2005
-+++ lib/fsplib/fsplib.c	Mon Oct 17 17:14:59 2005
+$OpenBSD: patch-lib_fsplib_fsplib_c,v 1.2 2007/11/06 12:14:18 ajacoutot Exp $
+--- lib/fsplib/fsplib.c.orig	Wed Jan 19 03:03:45 2005
++++ lib/fsplib/fsplib.c	Tue Nov  6 13:07:12 2007
 @@ -27,6 +27,14 @@ use of this software.
  #include "fsplib.h"
  #include "lock.h"
@@ -16,3 +16,48 @@ $OpenBSD: patch-lib_fsplib_fsplib_c,v 1.1.1.1 2005/11/02 20:19:29 alek Exp $
  /* ************ Internal functions **************** */ 
  
  /* builds filename in packet output buffer, appends password if needed */
+@@ -612,7 +620,7 @@ int fsp_readdir_r(FSP_DIR *dir,struct dirent *entry, s
+     entry->d_reclen = fentry.reclen;
+     strncpy(entry->d_name,fentry.name,MAXNAMLEN);
+ 
+-    if (fentry.namlen > MAXNAMLEN)
++    if (fentry.namlen >= MAXNAMLEN)
+     {
+ 	entry->d_name[MAXNAMLEN + 1 ] = '\0';
+ #ifdef HAVE_NAMLEN
+@@ -680,9 +688,19 @@ int fsp_readdir_native(FSP_DIR *dir,FSP_RDENTRY *entry
+        /* skip file date and file size */
+        dir->dirpos += 9;
+        /* read file name */
+-       entry->name[255 + 1] = '\0';
++       entry->name[255] = '\0';
+        strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN);
++       /* check for ASCIIZ encoded filename */
++       if (memchr(dir->data + dir->dirpos,0,dir->datasize - dir->dirpos) != NULL)
++       {
+        namelen = strlen( (char *) dir->data+dir->dirpos);
++       }
++       else
++       {
++            /* \0 terminator not found at end of filename */
++            *result = NULL;
++            return 0;
++       }
+        /* skip over file name */
+        dir->dirpos += namelen +1;
+ 
+@@ -709,12 +727,12 @@ int fsp_readdir_native(FSP_DIR *dir,FSP_RDENTRY *entry
+ 
+ struct dirent * fsp_readdir(FSP_DIR *dirp)
+ {
+-    static struct dirent entry;
++    static dirent_workaround entry;
+     struct dirent *result;
+     
+     
+     if (dirp == NULL) return NULL;
+-    if ( fsp_readdir_r(dirp,&entry,&result) )
++    if ( fsp_readdir_r(dirp,&entry.dirent,&result) )
+         return NULL;
+     else
+         return result;

net/gftp/patches/patch-lib_fsplib_fsplib_h

@@ -0,0 +1,25 @@
+$OpenBSD: patch-lib_fsplib_fsplib_h,v 1.1 2007/11/06 12:14:18 ajacoutot Exp $
+--- lib/fsplib/fsplib.h.orig	Tue Nov  6 13:07:24 2007
++++ lib/fsplib/fsplib.h	Tue Nov  6 13:08:21 2007
+@@ -1,6 +1,7 @@
+ #ifndef _FSPLIB_H
+ #define _FSPLIB_H 1
+ #include <time.h>
++#include <stddef.h>
+ /* The FSP v2 protocol support library - public interface */
+ 
+ /*
+@@ -137,6 +138,13 @@ typedef struct FSP_FILE {
+ 		      int bufpos;                /* position in buffer */
+ 		      unsigned int pos;          /* position of next packet */
+ } FSP_FILE;
++
++
++typedef union dirent_workaround {
++      struct dirent dirent;
++      char fill[offsetof (struct dirent, d_name) + MAXNAMLEN + 1];
++} dirent_workaround;
++ 
+ 
+ /* function prototypes */
+ 

net/gftp/patches/patch-lib_local_c

@@ -1,7 +1,7 @@
-$OpenBSD: patch-lib_local_c,v 1.1.1.1 2005/11/02 20:19:29 alek Exp $
---- lib/local.c.orig	Tue Oct 25 10:44:00 2005
-+++ lib/local.c	Tue Oct 25 10:44:17 2005
-@@ -372,7 +372,7 @@ local_get_file_size (gftp_request * requ
+$OpenBSD: patch-lib_local_c,v 1.2 2007/11/06 12:14:18 ajacoutot Exp $
+--- lib/local.c.orig	Wed Feb  2 02:24:51 2005
++++ lib/local.c	Tue Nov  6 13:05:08 2007
+@@ -372,7 +372,7 @@ local_get_file_size (gftp_request * request, const cha
  static int
  local_chdir (gftp_request * request, const char *directory)
  {

net/gftp/patches/patch-lib_options_h

@@ -1,7 +1,7 @@
-$OpenBSD: patch-lib_options_h,v 1.1 2006/08/12 15:17:04 naddy Exp $
---- lib/options.h.orig	Thu Aug 10 21:56:17 2006
-+++ lib/options.h	Thu Aug 10 21:56:26 2006
-@@ -137,7 +137,7 @@ gftp_config_vars gftp_global_config_vars
+$OpenBSD: patch-lib_options_h,v 1.2 2007/11/06 12:14:18 ajacoutot Exp $
+--- lib/options.h.orig	Wed Jan 19 02:49:17 2005
++++ lib/options.h	Tue Nov  6 13:05:08 2007
+@@ -137,7 +137,7 @@ gftp_config_vars gftp_global_config_vars[] =
     N_("This specifies the default protocol to use"), GFTP_PORT_ALL, NULL},
  #if defined (HAVE_GETADDRINFO) && defined (HAVE_GAI_STRERROR)
    {"enable_ipv6", N_("Enable IPv6 support"), 

net/gftp/patches/patch-lib_sshv2_c

@@ -1,7 +1,7 @@
-$OpenBSD: patch-lib_sshv2_c,v 1.1.1.1 2005/11/02 20:19:29 alek Exp $
---- lib/sshv2.c.orig	Thu Oct 20 10:48:22 2005
-+++ lib/sshv2.c	Thu Oct 20 10:49:54 2005
-@@ -1867,31 +1867,13 @@ sshv2_put_file (gftp_request * request, 
+$OpenBSD: patch-lib_sshv2_c,v 1.2 2007/11/06 12:14:18 ajacoutot Exp $
+--- lib/sshv2.c.orig	Tue Jan  4 14:32:11 2005
++++ lib/sshv2.c	Tue Nov  6 13:05:08 2007
+@@ -1867,31 +1867,13 @@ sshv2_put_file (gftp_request * request, const char *fi
  }
  
  

net/gftp/patches/patch-src_text_gftp-text_c

@@ -1,7 +1,7 @@
-$OpenBSD: patch-src_text_gftp-text_c,v 1.1.1.1 2005/11/02 20:19:29 alek Exp $
---- src/text/gftp-text.c.orig	Thu Oct 20 11:39:31 2005
-+++ src/text/gftp-text.c	Thu Oct 20 11:40:18 2005
-@@ -185,7 +185,12 @@ gftp_text_ask_question (const char *ques
+$OpenBSD: patch-src_text_gftp-text_c,v 1.2 2007/11/06 12:14:18 ajacoutot Exp $
+--- src/text/gftp-text.c.orig	Tue Jan 25 02:11:00 2005
++++ src/text/gftp-text.c	Tue Nov  6 13:05:08 2007
+@@ -185,7 +185,12 @@ gftp_text_ask_question (const char *question, int echo
    else
      infd = stdin;