rpms/htdig/F-7 htdig-3.2-CVE-2007-6110.patch, NONE, 1.1 htdig.spec, 1.37, 1.38 htdig-3.2.0b6-segfault.patch, 1.1, NONE

Adam Tkac (atkac) fedora-extras-commits at redhat.com
Wed Nov 28 11:08:27 UTC 2007 

Author: atkac

Update of /cvs/pkgs/rpms/htdig/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31838

Modified Files:
	htdig.spec 
Added Files:
	htdig-3.2-CVE-2007-6110.patch 
Removed Files:
	htdig-3.2.0b6-segfault.patch 
Log Message:
- CVE-2007-6110


htdig-3.2-CVE-2007-6110.patch:

--- NEW FILE htdig-3.2-CVE-2007-6110.patch ---
--- htdig-3.2.0b6/htsearch/Display.cc	
+++ htdig-3.2.0b6/htsearch/Display.cc	
@@ -137,7 +137,7 @@ Display::display(int pageNumber)
       // Must temporarily stash the message in a String, since
       // displaySyntaxError will overwrite the static temp used in form.
 
-      String s(form("No such sort method: `%s'", (const char*)config->Find("sort")));
+      String s("invalid sort method");
 
       displaySyntaxError(s);
       return;
--- htdig-3.2.0b6/libhtdig/ResultFetch.cc	
+++ htdig-3.2.0b6/libhtdig/ResultFetch.cc	
@@ -142,7 +142,7 @@ ResultFetch::fetch()
         // Must temporarily stash the message in a String, since
         // displaySyntaxError will overwrite the static temp used in form.
 
-        String s(form("No such sort method: `%s'", (const char *) config->Find("sort")));
+        String s("invalid sort method");
 
         displaySyntaxError(s);
         //return;


Index: htdig.spec
===================================================================
RCS file: /cvs/pkgs/rpms/htdig/F-7/htdig.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- htdig.spec	7 Mar 2007 21:02:47 -0000	1.37
+++ htdig.spec	28 Nov 2007 11:07:53 -0000	1.38
@@ -5,7 +5,7 @@
 Summary: ht://Dig - Web search engine
 Name: htdig
 Version: 3.2.0b6
-Release: 11%{?dist}
+Release: 12%{?dist}
 Epoch: 3
 License: GPL
 Group: Applications/Internet
@@ -23,10 +23,10 @@
 Patch7: htdig-3.2.0b-versioncheck.patch
 Patch8: htdig-3.2.0b6-compile-fix.patch
 Patch9: htdig-3.2.0b6-opts.patch
-Patch10: htdig-3.2.0b6-segfault.patch
 Patch11: htdig-3.2.0b6-incremental.patch
+Patch12: htdig-3.2-CVE-2007-6110.patch
 BuildRequires: flex >= 2.5.4a-13
-BuildRequires: zlib-devel httpd openssl-devel
+BuildRequires: zlib-devel openssl-devel httpd
 BuildRoot: %{_tmppath}/%{name}-root
 
 %package web
@@ -77,8 +77,8 @@
 %patch7 -p1 -b .versioncheck
 %patch8 -p1 -b .compile-fix
 %patch9 -p1 -b .opts
-#%patch10 -p1 -b .segfault
 %patch11 -p1 -b .incremental
+%patch12 -p1 -b .CVE-2007-6110
 
 %build
 %configure \
@@ -149,6 +149,9 @@
 %endif
 
 %changelog
+* Wed Nov 28 2007 Adam Tkac <atkac redhat com> 3:3.2.0b6-12
+- CVE-2007-6110
+
 * Wed Mar 07 2007 Adam Tkac <atkac redhat com> 3:3.2.0b6-11.fc7
 - added upstream's segfault patch
 - added ?_smp_mflags macro to make


--- htdig-3.2.0b6-segfault.patch DELETED ---

More information about the fedora-extras-commits mailing list