rpms/htdig/F-7 htdig-3.2-CVE-2007-6110.patch, NONE, 1.1 htdig.spec, 1.37, 1.38 htdig-3.2.0b6-segfault.patch, 1.1, NONE
Adam Tkac (atkac)
fedora-extras-commits at redhat.com
Wed Nov 28 11:08:27 UTC 2007
Author: atkac
Update of /cvs/pkgs/rpms/htdig/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31838
Modified Files:
htdig.spec
Added Files:
htdig-3.2-CVE-2007-6110.patch
Removed Files:
htdig-3.2.0b6-segfault.patch
Log Message:
- CVE-2007-6110
htdig-3.2-CVE-2007-6110.patch:
--- NEW FILE htdig-3.2-CVE-2007-6110.patch ---
--- htdig-3.2.0b6/htsearch/Display.cc
+++ htdig-3.2.0b6/htsearch/Display.cc
@@ -137,7 +137,7 @@ Display::display(int pageNumber)
// Must temporarily stash the message in a String, since
// displaySyntaxError will overwrite the static temp used in form.
- String s(form("No such sort method: `%s'", (const char*)config->Find("sort")));
+ String s("invalid sort method");
displaySyntaxError(s);
return;
--- htdig-3.2.0b6/libhtdig/ResultFetch.cc
+++ htdig-3.2.0b6/libhtdig/ResultFetch.cc
@@ -142,7 +142,7 @@ ResultFetch::fetch()
// Must temporarily stash the message in a String, since
// displaySyntaxError will overwrite the static temp used in form.
- String s(form("No such sort method: `%s'", (const char *) config->Find("sort")));
+ String s("invalid sort method");
displaySyntaxError(s);
//return;
Index: htdig.spec
===================================================================
RCS file: /cvs/pkgs/rpms/htdig/F-7/htdig.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- htdig.spec 7 Mar 2007 21:02:47 -0000 1.37
+++ htdig.spec 28 Nov 2007 11:07:53 -0000 1.38
@@ -5,7 +5,7 @@
Summary: ht://Dig - Web search engine
Name: htdig
Version: 3.2.0b6
-Release: 11%{?dist}
+Release: 12%{?dist}
Epoch: 3
License: GPL
Group: Applications/Internet
@@ -23,10 +23,10 @@
Patch7: htdig-3.2.0b-versioncheck.patch
Patch8: htdig-3.2.0b6-compile-fix.patch
Patch9: htdig-3.2.0b6-opts.patch
-Patch10: htdig-3.2.0b6-segfault.patch
Patch11: htdig-3.2.0b6-incremental.patch
+Patch12: htdig-3.2-CVE-2007-6110.patch
BuildRequires: flex >= 2.5.4a-13
-BuildRequires: zlib-devel httpd openssl-devel
+BuildRequires: zlib-devel openssl-devel httpd
BuildRoot: %{_tmppath}/%{name}-root
%package web
@@ -77,8 +77,8 @@
%patch7 -p1 -b .versioncheck
%patch8 -p1 -b .compile-fix
%patch9 -p1 -b .opts
-#%patch10 -p1 -b .segfault
%patch11 -p1 -b .incremental
+%patch12 -p1 -b .CVE-2007-6110
%build
%configure \
@@ -149,6 +149,9 @@
%endif
%changelog
+* Wed Nov 28 2007 Adam Tkac <atkac redhat com> 3:3.2.0b6-12
+- CVE-2007-6110
+
* Wed Mar 07 2007 Adam Tkac <atkac redhat com> 3:3.2.0b6-11.fc7
- added upstream's segfault patch
- added ?_smp_mflags macro to make
--- htdig-3.2.0b6-segfault.patch DELETED ---
More information about the fedora-extras-commits
mailing list