rpms/htdig/FC-6 htdig-3.2-CVE-2007-6110.patch, NONE, 1.1 htdig.spec, 1.33, 1.34 htdig-3.2.0b6-sigfault.patch, 1.1, NONE

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Nov 28 11:00:44 UTC 2007 

Author: atkac

Update of /cvs/dist/rpms/htdig/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv12813

Modified Files:
	htdig.spec 
Added Files:
	htdig-3.2-CVE-2007-6110.patch 
Removed Files:
	htdig-3.2.0b6-sigfault.patch 
Log Message:
- CVE-2007-6110


htdig-3.2-CVE-2007-6110.patch:
 htsearch/Display.cc     |    2 +-
 libhtdig/ResultFetch.cc |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE htdig-3.2-CVE-2007-6110.patch ---
--- htdig-3.2.0b6/htsearch/Display.cc	
+++ htdig-3.2.0b6/htsearch/Display.cc	
@@ -137,7 +137,7 @@ Display::display(int pageNumber)
       // Must temporarily stash the message in a String, since
       // displaySyntaxError will overwrite the static temp used in form.
 
-      String s(form("No such sort method: `%s'", (const char*)config->Find("sort")));
+      String s("invalid sort method");
 
       displaySyntaxError(s);
       return;
--- htdig-3.2.0b6/libhtdig/ResultFetch.cc	
+++ htdig-3.2.0b6/libhtdig/ResultFetch.cc	
@@ -142,7 +142,7 @@ ResultFetch::fetch()
         // Must temporarily stash the message in a String, since
         // displaySyntaxError will overwrite the static temp used in form.
 
-        String s(form("No such sort method: `%s'", (const char *) config->Find("sort")));
+        String s("invalid sort method");
 
         displaySyntaxError(s);
         //return;


Index: htdig.spec
===================================================================
RCS file: /cvs/dist/rpms/htdig/FC-6/htdig.spec,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- htdig.spec	6 Mar 2007 08:18:42 -0000	1.33
+++ htdig.spec	28 Nov 2007 11:00:41 -0000	1.34
@@ -5,7 +5,7 @@
 Summary: ht://Dig - Web search engine
 Name: htdig
 Version: 3.2.0b6
-Release: 8%{?dist}
+Release: 9%{?dist}
 Epoch: 3
 License: GPL
 Group: Applications/Internet
@@ -23,8 +23,9 @@
 Patch7: htdig-3.2.0b-versioncheck.patch
 Patch8: htdig-3.2.0b6-compile-fix.patch
 Patch9: htdig-3.2.0b6-opts.patch
+Patch10:htdig-3.2-CVE-2007-6110.patch
 BuildRequires: flex >= 2.5.4a-13
-BuildRequires: zlib-devel httpd openssl-devel
+BuildRequires: zlib-devel openssl-devel httpd
 BuildRoot: %{_tmppath}/%{name}-root
 
 %package web
@@ -75,6 +76,7 @@
 %patch7 -p1 -b .versioncheck
 %patch8 -p1 -b .compile-fix
 %patch9 -p1 -b .opts
+%patch10 -p1 -b .CVE-2007-6110
 
 %build
 %configure \
@@ -92,7 +94,7 @@
 	--with-apache=/usr/sbin/httpd \
 	--with-zlib=/usr \
 	--with-ssl
-make
+make %{?_smp_mflags}
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -145,11 +147,14 @@
 %endif
 
 %changelog
+* Wed Nov 28 2007 Adam Tkac <atkac redhat com> 3:3.2.0b6-9
+- CVE-2007-6110
+
 * Tue Mar 06 2007 Adam Tkac <atkac redhat com> 3:3.2.0b6-8.fc6
-- fired away sigfault patch because it causes sigfaults :) (#230931)
+- fired away segfault patch because it causes segfaults :) (#230931)
 
 * Wed Dec 20 2006 Adam Tkac <atkac redhat com> 3:3.2.0b6-7.fc6
-- fixed htfuzzy's sigfaults (#130528)
+- fixed htfuzzy's segfaults (#130528)
 
 * Tue Aug 8 2006 Jitka Kudrnacova <jkudrnac at redhat.com> - 3:3.2.0b6-6.4.3
 - built with --with-ssl (#174162) to enable indexing ssl pages, BuildRequires openssl-devel


--- htdig-3.2.0b6-sigfault.patch DELETED ---

More information about the fedora-cvs-commits mailing list