rpms/htdig/FC-6 htdig-3.2-CVE-2007-6110.patch, NONE, 1.1 htdig.spec, 1.33, 1.34 htdig-3.2.0b6-sigfault.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Nov 28 11:00:44 UTC 2007
Author: atkac
Update of /cvs/dist/rpms/htdig/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv12813
Modified Files:
htdig.spec
Added Files:
htdig-3.2-CVE-2007-6110.patch
Removed Files:
htdig-3.2.0b6-sigfault.patch
Log Message:
- CVE-2007-6110
htdig-3.2-CVE-2007-6110.patch:
htsearch/Display.cc | 2 +-
libhtdig/ResultFetch.cc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE htdig-3.2-CVE-2007-6110.patch ---
--- htdig-3.2.0b6/htsearch/Display.cc
+++ htdig-3.2.0b6/htsearch/Display.cc
@@ -137,7 +137,7 @@ Display::display(int pageNumber)
// Must temporarily stash the message in a String, since
// displaySyntaxError will overwrite the static temp used in form.
- String s(form("No such sort method: `%s'", (const char*)config->Find("sort")));
+ String s("invalid sort method");
displaySyntaxError(s);
return;
--- htdig-3.2.0b6/libhtdig/ResultFetch.cc
+++ htdig-3.2.0b6/libhtdig/ResultFetch.cc
@@ -142,7 +142,7 @@ ResultFetch::fetch()
// Must temporarily stash the message in a String, since
// displaySyntaxError will overwrite the static temp used in form.
- String s(form("No such sort method: `%s'", (const char *) config->Find("sort")));
+ String s("invalid sort method");
displaySyntaxError(s);
//return;
Index: htdig.spec
===================================================================
RCS file: /cvs/dist/rpms/htdig/FC-6/htdig.spec,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- htdig.spec 6 Mar 2007 08:18:42 -0000 1.33
+++ htdig.spec 28 Nov 2007 11:00:41 -0000 1.34
@@ -5,7 +5,7 @@
Summary: ht://Dig - Web search engine
Name: htdig
Version: 3.2.0b6
-Release: 8%{?dist}
+Release: 9%{?dist}
Epoch: 3
License: GPL
Group: Applications/Internet
@@ -23,8 +23,9 @@
Patch7: htdig-3.2.0b-versioncheck.patch
Patch8: htdig-3.2.0b6-compile-fix.patch
Patch9: htdig-3.2.0b6-opts.patch
+Patch10:htdig-3.2-CVE-2007-6110.patch
BuildRequires: flex >= 2.5.4a-13
-BuildRequires: zlib-devel httpd openssl-devel
+BuildRequires: zlib-devel openssl-devel httpd
BuildRoot: %{_tmppath}/%{name}-root
%package web
@@ -75,6 +76,7 @@
%patch7 -p1 -b .versioncheck
%patch8 -p1 -b .compile-fix
%patch9 -p1 -b .opts
+%patch10 -p1 -b .CVE-2007-6110
%build
%configure \
@@ -92,7 +94,7 @@
--with-apache=/usr/sbin/httpd \
--with-zlib=/usr \
--with-ssl
-make
+make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
@@ -145,11 +147,14 @@
%endif
%changelog
+* Wed Nov 28 2007 Adam Tkac <atkac redhat com> 3:3.2.0b6-9
+- CVE-2007-6110
+
* Tue Mar 06 2007 Adam Tkac <atkac redhat com> 3:3.2.0b6-8.fc6
-- fired away sigfault patch because it causes sigfaults :) (#230931)
+- fired away segfault patch because it causes segfaults :) (#230931)
* Wed Dec 20 2006 Adam Tkac <atkac redhat com> 3:3.2.0b6-7.fc6
-- fixed htfuzzy's sigfaults (#130528)
+- fixed htfuzzy's segfaults (#130528)
* Tue Aug 8 2006 Jitka Kudrnacova <jkudrnac at redhat.com> - 3:3.2.0b6-6.4.3
- built with --with-ssl (#174162) to enable indexing ssl pages, BuildRequires openssl-devel
--- htdig-3.2.0b6-sigfault.patch DELETED ---
More information about the fedora-cvs-commits
mailing list