[pkgsrc/trunk]: pkgsrc/www/htdig Security fix for CAN-2005-0085.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/www/htdig Security fix for CAN-2005-0085.
From: salo <salo%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 01:30:45 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/349809000c5a
branches:  trunk
changeset: 490817:349809000c5a
user:      salo <salo%pkgsrc.org@localhost>
date:      Sun Mar 20 20:34:27 2005 +0000

description:
Security fix for CAN-2005-0085.

"Cross-site scripting (XSS) vulnerability in ht://dig allows remote
 attackers to execute arbitrary web script or HTML via the config
 parameter, which is not properly sanitized before it is displayed
 in an error message."

Patch from Debian.  Bump PKGREVISION.

diffstat:

 www/htdig/Makefile         |   4 ++--
 www/htdig/distinfo         |   5 ++++-
 www/htdig/patches/patch-af |  14 ++++++++++++++
 www/htdig/patches/patch-ag |  14 ++++++++++++++
 www/htdig/patches/patch-ah |  14 ++++++++++++++
 5 files changed, 48 insertions(+), 3 deletions(-)

diffs (83 lines):

diff -r 716310c3bdcb -r 349809000c5a www/htdig/Makefile
--- a/www/htdig/Makefile        Sun Mar 20 19:53:09 2005 +0000
+++ b/www/htdig/Makefile        Sun Mar 20 20:34:27 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.21 2005/01/12 21:31:29 jlam Exp $
+# $NetBSD: Makefile,v 1.22 2005/03/20 20:34:27 salo Exp $
 
 DISTNAME=      htdig-3.1.6
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    www databases
 MASTER_SITES=  http://www.htdig.org/files/ \
                ftp://ftp.htdig.org/ \
diff -r 716310c3bdcb -r 349809000c5a www/htdig/distinfo
--- a/www/htdig/distinfo        Sun Mar 20 19:53:09 2005 +0000
+++ b/www/htdig/distinfo        Sun Mar 20 20:34:27 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2005/02/24 14:08:32 wiz Exp $
+$NetBSD: distinfo,v 1.5 2005/03/20 20:34:27 salo Exp $
 
 SHA1 (htdig-3.1.6.tar.gz) = 603fc244ba59ee1efcbe8f2ba087567cb14468d0
 RMD160 (htdig-3.1.6.tar.gz) = 1414943255f16cd278a31b8014a5bfe6c4400ead
@@ -7,3 +7,6 @@
 SHA1 (patch-ac) = d1f6ef3c4c7a2995217f391a4bf9d544e10f5a00
 SHA1 (patch-ad) = a727a2c3afdd697f0e2e46355f1e89bc70775bbf
 SHA1 (patch-ae) = 1be8e82b97bb9b16dcc301f3f02e642a41945878
+SHA1 (patch-af) = f9c83efb788cb735f42df606ee451324795140d6
+SHA1 (patch-ag) = d3c0c1b043e27706834aecf7ac0b07651ed5b438
+SHA1 (patch-ah) = e4df51f19717527c3a368cdcaffb4f3c8e7be521
diff -r 716310c3bdcb -r 349809000c5a www/htdig/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/htdig/patches/patch-af        Sun Mar 20 20:34:27 2005 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-af,v 1.1 2005/03/20 20:34:27 salo Exp $
+
+--- htsearch/htsearch.cc.orig  2002-02-01 00:47:18.000000000 +0100
++++ htsearch/htsearch.cc       2005-03-20 21:15:02.000000000 +0100
+@@ -145,8 +145,7 @@
+     if (access(configFile, R_OK) < 0)
+     {
+       if (filenameok) filenamemsg << " '" << configFile.get() << "'";
+-      reportError(form("Unable to read configuration file%s",
+-                       filenamemsg.get()));
++      reportError(form("Unable to read configuration file."));
+     }
+     config.Read(configFile);
+ 
diff -r 716310c3bdcb -r 349809000c5a www/htdig/patches/patch-ag
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/htdig/patches/patch-ag        Sun Mar 20 20:34:27 2005 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ag,v 1.1 2005/03/20 20:34:27 salo Exp $
+
+--- htfuzzy/htfuzzy.cc.orig    2002-02-01 00:47:17.000000000 +0100
++++ htfuzzy/htfuzzy.cc 2005-03-20 21:16:14.000000000 +0100
+@@ -148,8 +148,7 @@
+     config.Defaults(&defaults[0]);
+     if (access(configFile, R_OK) < 0)
+     {
+-      reportError(form("Unable to find configuration file '%s'",
+-                       configFile.get()));
++      reportError(form("Unable to find configuration file."));
+     }
+     config.Read(configFile);
+ 
diff -r 716310c3bdcb -r 349809000c5a www/htdig/patches/patch-ah
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/htdig/patches/patch-ah        Sun Mar 20 20:34:27 2005 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ah,v 1.1 2005/03/20 20:34:27 salo Exp $
+
+--- htmerge/htmerge.cc.orig    2002-02-01 00:47:18.000000000 +0100
++++ htmerge/htmerge.cc 2005-03-20 21:24:02.000000000 +0100
+@@ -116,8 +116,7 @@
+ 
+     if (access(configfile, R_OK) < 0)
+     {
+-      reportError(form("Unable to find configuration file '%s'",
+-                       configfile.get()));
++      reportError(form("Unable to find configuration file."));
+     }
+       
+     config.Read(configfile);

Prev by Date: [pkgsrc/trunk]: pkgsrc/chat/jabberd Backport fix for DoS attack in handling S...
Next by Date: [pkgsrc/trunk]: pkgsrc/pkgtools/pkg_comp/files Drop extra word.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/chat/jabberd Backport fix for DoS attack in handling S...
Next by Thread: [pkgsrc/trunk]: pkgsrc/pkgtools/pkg_comp/files Drop extra word.
Indexes:

Home | Main Index | Thread Index | Old Index