update to 3.2.0b6

security fixes [release 3.2.0b6-1mamba;Tue Dec 01 2009]
This commit is contained in:
Davide Madrisan 2024-01-05 23:43:40 +01:00
parent 36d106c085
commit 49fba54f41
7 changed files with 218 additions and 0 deletions

View File

@ -1,2 +1,8 @@
# htdig # htdig
The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet.
This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Google and AltaVista.
Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site.
As opposed to some WAIS-based or web-server based search engines, ht://Dig can easily span several web servers.
The type of these different web servers doesn't matter as long as they understand common protocols like HTTP.

View File

@ -0,0 +1,26 @@
diff -ru htdig-3.2.0b6/htsearch/htsearch.cc htdig-3.2.0b6-fix/htsearch/htsearch.cc
--- htdig-3.2.0b6/htsearch/htsearch.cc 2004-05-28 15:15:24.000000000 +0200
+++ htdig-3.2.0b6-fix/htsearch/htsearch.cc 2009-12-01 21:24:38.000000000 +0100
@@ -211,8 +211,7 @@
}
if (access((char*)configFile, R_OK) < 0)
{
- reportError(form("Unable to read configuration file '%s'",
- configFile.get()));
+ reportError("Unable to read configuration file");
}
config->Read(configFile);
diff -ru htdig-3.2.0b6/htsearch/qtest.cc htdig-3.2.0b6-fix/htsearch/qtest.cc
--- htdig-3.2.0b6/htsearch/qtest.cc 2004-05-28 15:15:25.000000000 +0200
+++ htdig-3.2.0b6-fix/htsearch/qtest.cc 2009-12-01 21:25:17.000000000 +0100
@@ -132,8 +132,7 @@
if (access((char*)configFile, R_OK) < 0)
{
- reportError(form("Unable to find configuration file '%s'",
- configFile.get()));
+ reportError("Unable to find configuration file");
}
config->Read(configFile);

View File

@ -0,0 +1,24 @@
diff -ru htdig-3.2.0b6/htsearch/Display.cc htdig-3.2.0b6-fix/htsearch/Display.cc
--- htdig-3.2.0b6/htsearch/Display.cc 2004-05-28 15:15:24.000000000 +0200
+++ htdig-3.2.0b6-fix/htsearch/Display.cc 2009-12-01 21:29:25.000000000 +0100
@@ -137,7 +137,7 @@
// Must temporarily stash the message in a String, since
// displaySyntaxError will overwrite the static temp used in form.
- String s(form("No such sort method: `%s'", (const char*)config->Find("sort")));
+ String s("invalid sort method");
displaySyntaxError(s);
return;
diff -ru htdig-3.2.0b6/libhtdig/ResultFetch.cc htdig-3.2.0b6-fix/libhtdig/ResultFetch.cc
--- htdig-3.2.0b6/libhtdig/ResultFetch.cc 2004-05-28 15:15:28.000000000 +0200
+++ htdig-3.2.0b6-fix/libhtdig/ResultFetch.cc 2009-12-01 21:30:26.000000000 +0100
@@ -142,7 +142,7 @@
// Must temporarily stash the message in a String, since
// displaySyntaxError will overwrite the static temp used in form.
- String s(form("No such sort method: `%s'", (const char *) config->Find("sort")));
+ String s("invalid sort method");
displaySyntaxError(s);
//return;

View File

@ -0,0 +1,15 @@
diff -ru htdig-3.2.0b6/htsearch/Collection.h htdig-3.2.0b6-fix/htsearch/Collection.h
--- htdig-3.2.0b6/htsearch/Collection.h 2004-05-28 15:15:24.000000000 +0200
+++ htdig-3.2.0b6-fix/htsearch/Collection.h 2009-12-01 21:16:14.000000000 +0100
@@ -36,9 +36,9 @@
const char *docExcerpt);
~Collection();
- void Collection::Open();
+ void Open();
- void Collection::Close();
+ void Close();
char *getWordFile() { return wordFile.get(); }
DocumentRef *getDocumentRef(int id);

View File

@ -0,0 +1,12 @@
diff -ru htdig-3.2.0b6/htword/WordDBPage.cc htdig-3.2.0b6-fix/htword/WordDBPage.cc
--- htdig-3.2.0b6/htword/WordDBPage.cc 2004-05-28 15:15:26.000000000 +0200
+++ htdig-3.2.0b6-fix/htword/WordDBPage.cc 2009-12-01 21:13:37.000000000 +0100
@@ -82,7 +82,7 @@
if(debuglevel>2)printf("TOTAL SIZE: %6d %8f\n",size,size/8.0);
// argh! compare failed somthing went wrong
// display the compress/decompress sequence and fail
- if(cmp || size>8*1024*1000000000)
+ if(cmp || size>8*1024)
{
if(size>8*1024)
{

13
htdig-3.2.0b6-segv.patch Normal file
View File

@ -0,0 +1,13 @@
diff -ru htdig-3.2.0b6/httools/htstat.cc htdig-3.2.0b6-fix/httools/htstat.cc
--- htdig-3.2.0b6/httools/htstat.cc 2004-05-28 15:15:25.000000000 +0200
+++ htdig-3.2.0b6-fix/httools/htstat.cc 2009-12-01 21:21:06.000000000 +0100
@@ -158,7 +158,8 @@
if(words.Open(config->Find("word_db"), O_RDONLY) == OK)
{
cout << "htstat: Total words: " << words.WordRefs()->Count() << endl;
- cout << "htstat: Total unique words: " << words.Words()->Count() << endl;
+ if (words.WordRefs()->Count() != 0)
+ cout << "htstat: Total unique words: " << words.Words()->Count() << endl;
words.Close();
}

122
htdig.spec Normal file
View File

@ -0,0 +1,122 @@
%define groupid 65038
%define userid 65038
Name: htdig
Version: 3.2.0b6
Release: 1mamba
Summary: A complete world wide web indexing and searching system for a domain or intranet
Group: Applications/Web
Vendor: openmamba
Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: http://www.htdig.org/
Source: http://downloads.sourceforge.net/project/htdig/htdig/%{version}/htdig-%{version}.tar.bz2
Patch1: %{name}-3.2.0b6-CAN_2005_0085.patch
Patch2: %{name}-3.2.0b6-overflow.patch
Patch3: %{name}-3.2.0b6-compile-fix.patch
Patch4: %{name}-3.2.0b6-segv.patch
Patch5: %{name}-3.2.0b6-CVE_2007_6110.patch
License: GPL
BuildRoot: %{_tmppath}/%{name}-%{version}-root
%description
The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet.
This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Google and AltaVista.
Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site.
As opposed to some WAIS-based or web-server based search engines, ht://Dig can easily span several web servers.
The type of these different web servers doesn't matter as long as they understand common protocols like HTTP.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%build
%configure \
--enable-shared \
--enable-tests \
--enable-bigfile \
--with-config-dir=%{_sysconfdir}/htdig \
--with-default-config-file=%{_sysconfdir}/htdig/htdig.conf \
--with-cgi-bin-dir=/var/www/cgi-bin \
--with-image-dir=/var/www/html/htdig \
--with-search-dir=/var/www/html/htdig \
--with-common-dir=%{_datadir}/htdig \
--with-database-dir=/var/lib/htdig \
--with-apache=/usr/sbin/httpd \
--with-zlib=/usr \
--with-ssl
%make
%install
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
install -d %{buildroot}%{_sysconfdir}/htdig
%makeinstall
cp %{buildroot}/var/www/cgi-bin/htsearch %{buildroot}%{_bindir}
chmod 644 %{buildroot}/var/www/html/htdig/*
ln -sf ./search.html %{buildroot}/var/www/html/htdig/index.html
# remove unpackaged files
rm -fr %{buildroot}%{_includedir}
rm -rf %{buildroot}%{_libdir}/htdig/*.a
rm -rf %{buildroot}%{_libdir}/htdig/*.la
rm -rf %{buildroot}%{_libdir}/htdig_db/*.a
rm -rf %{buildroot}%{_libdir}/htdig_db/*.la
%clean
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
%pre
groupadd htdig -g %{groupid} 2>/dev/null
useradd -u %{userid} -c 'Htdig user' -d /var/lib/htdig -g htdig \
-s /bin/false htdig 2>/dev/null
exit 0
%preun
# erase
if [ $1 -eq 0 ]; then
userdel htdig 2>/dev/null
groupdel htdig 2>/dev/null
fi
exit 0
%files
%defattr(-,root,root)
%{_bindir}/*
%dir %attr(-,htdig,root) %{_datadir}/htdig
%{_datadir}/htdig/*
%dir %attr(-,htdig,htdig) /var/lib/htdig
%{_libdir}/htdig
%{_libdir}/htdig_db
%dir %{_sysconfdir}/htdig
%config(noreplace) %{_sysconfdir}/htdig/htdig.conf
%config(noreplace) %{_sysconfdir}/htdig/cookies.txt
%{_sysconfdir}/htdig/HtFileType-magic.mime
%{_sysconfdir}/htdig/mime.types
/var/www/cgi-bin/*
%dir /var/www/html/htdig
/var/www/html/htdig/*
%{_mandir}/man1/*
%{_mandir}/man8/*
%doc COPYING ChangeLog README
%changelog
* Tue Dec 01 2009 Davide Madrisan <davide.madrisan@gmail.com> 3.2.0b6-1mamba
- update to 3.2.0b6
- security fixes
* Mon Jun 26 2006 Davide Madrisan <davide.madrisan@qilinux.it> 3.1.6-3qilnx
- own %{_datadir}/htdig
- fixed directory and files permissions
- added %%pre and %%preun scriplets
* Fri Apr 01 2005 Davide Madrisan <davide.madrisan@qilinux.it> 3.1.6-2qilnx
- fixed security flaw QSA-2005-034 (CAN-2005-0085)
* Tue Oct 19 2004 Silvan Calarco <silvan.calarco@qilinux.it> 3.1.6-1qilnx
- package created by autospec