[pkgsrc/trunk]: pkgsrc/net/hobbitmon Add a fix for CVE-2006-4003

[adrianp <adrianp%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9cc6121a0780
branches:  trunk
changeset: 534640:9cc6121a0780
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Sun Oct 28 13:40:47 2007 +0000

description:
Add a fix for CVE-2006-4003
PKGREVISION++

diffstat:

 net/hobbitmon/Makefile         |   4 ++--
 net/hobbitmon/distinfo         |   3 ++-
 net/hobbitmon/patches/patch-ad |  13 +++++++++++++
 3 files changed, 17 insertions(+), 3 deletions(-)

diffs (48 lines):

diff -r cc4ae3287a56 -r 9cc6121a0780 net/hobbitmon/Makefile
--- a/net/hobbitmon/Makefile    Sun Oct 28 13:27:50 2007 +0000
+++ b/net/hobbitmon/Makefile    Sun Oct 28 13:40:47 2007 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.20 2007/09/21 13:04:11 wiz Exp $
+# $NetBSD: Makefile,v 1.21 2007/10/28 13:40:47 adrianp Exp $
 #
 
 DISTNAME=      hobbit-4.0-beta6
 PKGNAME=       hobbit-4.0b6
-PKGREVISION=   9
+PKGREVISION=   10
 CATEGORIES=    net
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=hobbitmon/}
 
diff -r cc4ae3287a56 -r 9cc6121a0780 net/hobbitmon/distinfo
--- a/net/hobbitmon/distinfo    Sun Oct 28 13:27:50 2007 +0000
+++ b/net/hobbitmon/distinfo    Sun Oct 28 13:40:47 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.7 2006/10/09 13:29:00 ben Exp $
+$NetBSD: distinfo,v 1.8 2007/10/28 13:40:47 adrianp Exp $
 
 SHA1 (hobbit-4.0-beta6.tar.gz) = 82e6a76e55682c205adac47e54830064bba44f2d
 RMD160 (hobbit-4.0-beta6.tar.gz) = 6542f6a1cd58236c85eefc74872436ee75f36b4b
@@ -6,5 +6,6 @@
 SHA1 (patch-aa) = a1d5ceaaa7cc99be2a55543234cdd3b20dd0e1a9
 SHA1 (patch-ab) = 810b67dfa9c149defb3d05886d70e62798eaf96f
 SHA1 (patch-ac) = 26ea6fd07f9529fe2af3067d1e704a64157756d0
+SHA1 (patch-ad) = 5670f19d8a95a57cc419bfb23b9adb6c3b416b9f
 SHA1 (patch-ae) = 3f60fc25597113a7565fb583b75a360585c2457e
 SHA1 (patch-aj) = 4758ccbabb6a109c3f3da40c3fd5129be1f7bbfd
diff -r cc4ae3287a56 -r 9cc6121a0780 net/hobbitmon/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/hobbitmon/patches/patch-ad    Sun Oct 28 13:40:47 2007 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ad,v 1.3 2007/10/28 13:40:47 adrianp Exp $
+
+--- hobbitd/hobbitd.c.orig     2005-01-22 08:54:48.000000000 +0000
++++ hobbitd/hobbitd.c
+@@ -1460,7 +1460,7 @@ void do_message(conn_t *msg, char *origi
+               MEMDEFINE(conffn);
+ 
+               if ( (sscanf(msg->buf, "config %1023s", conffn) == 1) &&
+-                   (strstr("../", conffn) == NULL) && (get_config(conffn, msg) == 0) ) {
++                   (strstr(conffn, "../") == NULL) && (get_config(conffn, msg) == 0) ) {
+                       msg->doingwhat = RESPONDING;
+                       msg->bufp = msg->buf;
+               }