update to 3.2.0b6
security fixes [release 3.2.0b6-1mamba;Tue Dec 01 2009]
This commit is contained in:
parent
36d106c085
commit
49fba54f41
@ -1,2 +1,8 @@
|
|||||||
# htdig
|
# htdig
|
||||||
|
|
||||||
|
The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet.
|
||||||
|
This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Google and AltaVista.
|
||||||
|
Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site.
|
||||||
|
As opposed to some WAIS-based or web-server based search engines, ht://Dig can easily span several web servers.
|
||||||
|
The type of these different web servers doesn't matter as long as they understand common protocols like HTTP.
|
||||||
|
|
||||||
|
26
htdig-3.2.0b6-CAN_2005_0085.patch
Normal file
26
htdig-3.2.0b6-CAN_2005_0085.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
diff -ru htdig-3.2.0b6/htsearch/htsearch.cc htdig-3.2.0b6-fix/htsearch/htsearch.cc
|
||||||
|
--- htdig-3.2.0b6/htsearch/htsearch.cc 2004-05-28 15:15:24.000000000 +0200
|
||||||
|
+++ htdig-3.2.0b6-fix/htsearch/htsearch.cc 2009-12-01 21:24:38.000000000 +0100
|
||||||
|
@@ -211,8 +211,7 @@
|
||||||
|
}
|
||||||
|
if (access((char*)configFile, R_OK) < 0)
|
||||||
|
{
|
||||||
|
- reportError(form("Unable to read configuration file '%s'",
|
||||||
|
- configFile.get()));
|
||||||
|
+ reportError("Unable to read configuration file");
|
||||||
|
}
|
||||||
|
config->Read(configFile);
|
||||||
|
|
||||||
|
diff -ru htdig-3.2.0b6/htsearch/qtest.cc htdig-3.2.0b6-fix/htsearch/qtest.cc
|
||||||
|
--- htdig-3.2.0b6/htsearch/qtest.cc 2004-05-28 15:15:25.000000000 +0200
|
||||||
|
+++ htdig-3.2.0b6-fix/htsearch/qtest.cc 2009-12-01 21:25:17.000000000 +0100
|
||||||
|
@@ -132,8 +132,7 @@
|
||||||
|
|
||||||
|
if (access((char*)configFile, R_OK) < 0)
|
||||||
|
{
|
||||||
|
- reportError(form("Unable to find configuration file '%s'",
|
||||||
|
- configFile.get()));
|
||||||
|
+ reportError("Unable to find configuration file");
|
||||||
|
}
|
||||||
|
|
||||||
|
config->Read(configFile);
|
24
htdig-3.2.0b6-CVE_2007_6110.patch
Normal file
24
htdig-3.2.0b6-CVE_2007_6110.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
diff -ru htdig-3.2.0b6/htsearch/Display.cc htdig-3.2.0b6-fix/htsearch/Display.cc
|
||||||
|
--- htdig-3.2.0b6/htsearch/Display.cc 2004-05-28 15:15:24.000000000 +0200
|
||||||
|
+++ htdig-3.2.0b6-fix/htsearch/Display.cc 2009-12-01 21:29:25.000000000 +0100
|
||||||
|
@@ -137,7 +137,7 @@
|
||||||
|
// Must temporarily stash the message in a String, since
|
||||||
|
// displaySyntaxError will overwrite the static temp used in form.
|
||||||
|
|
||||||
|
- String s(form("No such sort method: `%s'", (const char*)config->Find("sort")));
|
||||||
|
+ String s("invalid sort method");
|
||||||
|
|
||||||
|
displaySyntaxError(s);
|
||||||
|
return;
|
||||||
|
diff -ru htdig-3.2.0b6/libhtdig/ResultFetch.cc htdig-3.2.0b6-fix/libhtdig/ResultFetch.cc
|
||||||
|
--- htdig-3.2.0b6/libhtdig/ResultFetch.cc 2004-05-28 15:15:28.000000000 +0200
|
||||||
|
+++ htdig-3.2.0b6-fix/libhtdig/ResultFetch.cc 2009-12-01 21:30:26.000000000 +0100
|
||||||
|
@@ -142,7 +142,7 @@
|
||||||
|
// Must temporarily stash the message in a String, since
|
||||||
|
// displaySyntaxError will overwrite the static temp used in form.
|
||||||
|
|
||||||
|
- String s(form("No such sort method: `%s'", (const char *) config->Find("sort")));
|
||||||
|
+ String s("invalid sort method");
|
||||||
|
|
||||||
|
displaySyntaxError(s);
|
||||||
|
//return;
|
15
htdig-3.2.0b6-compile-fix.patch
Normal file
15
htdig-3.2.0b6-compile-fix.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff -ru htdig-3.2.0b6/htsearch/Collection.h htdig-3.2.0b6-fix/htsearch/Collection.h
|
||||||
|
--- htdig-3.2.0b6/htsearch/Collection.h 2004-05-28 15:15:24.000000000 +0200
|
||||||
|
+++ htdig-3.2.0b6-fix/htsearch/Collection.h 2009-12-01 21:16:14.000000000 +0100
|
||||||
|
@@ -36,9 +36,9 @@
|
||||||
|
const char *docExcerpt);
|
||||||
|
~Collection();
|
||||||
|
|
||||||
|
- void Collection::Open();
|
||||||
|
+ void Open();
|
||||||
|
|
||||||
|
- void Collection::Close();
|
||||||
|
+ void Close();
|
||||||
|
|
||||||
|
char *getWordFile() { return wordFile.get(); }
|
||||||
|
DocumentRef *getDocumentRef(int id);
|
12
htdig-3.2.0b6-overflow.patch
Normal file
12
htdig-3.2.0b6-overflow.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -ru htdig-3.2.0b6/htword/WordDBPage.cc htdig-3.2.0b6-fix/htword/WordDBPage.cc
|
||||||
|
--- htdig-3.2.0b6/htword/WordDBPage.cc 2004-05-28 15:15:26.000000000 +0200
|
||||||
|
+++ htdig-3.2.0b6-fix/htword/WordDBPage.cc 2009-12-01 21:13:37.000000000 +0100
|
||||||
|
@@ -82,7 +82,7 @@
|
||||||
|
if(debuglevel>2)printf("TOTAL SIZE: %6d %8f\n",size,size/8.0);
|
||||||
|
// argh! compare failed somthing went wrong
|
||||||
|
// display the compress/decompress sequence and fail
|
||||||
|
- if(cmp || size>8*1024*1000000000)
|
||||||
|
+ if(cmp || size>8*1024)
|
||||||
|
{
|
||||||
|
if(size>8*1024)
|
||||||
|
{
|
13
htdig-3.2.0b6-segv.patch
Normal file
13
htdig-3.2.0b6-segv.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -ru htdig-3.2.0b6/httools/htstat.cc htdig-3.2.0b6-fix/httools/htstat.cc
|
||||||
|
--- htdig-3.2.0b6/httools/htstat.cc 2004-05-28 15:15:25.000000000 +0200
|
||||||
|
+++ htdig-3.2.0b6-fix/httools/htstat.cc 2009-12-01 21:21:06.000000000 +0100
|
||||||
|
@@ -158,7 +158,8 @@
|
||||||
|
if(words.Open(config->Find("word_db"), O_RDONLY) == OK)
|
||||||
|
{
|
||||||
|
cout << "htstat: Total words: " << words.WordRefs()->Count() << endl;
|
||||||
|
- cout << "htstat: Total unique words: " << words.Words()->Count() << endl;
|
||||||
|
+ if (words.WordRefs()->Count() != 0)
|
||||||
|
+ cout << "htstat: Total unique words: " << words.Words()->Count() << endl;
|
||||||
|
words.Close();
|
||||||
|
}
|
||||||
|
|
122
htdig.spec
Normal file
122
htdig.spec
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
%define groupid 65038
|
||||||
|
%define userid 65038
|
||||||
|
|
||||||
|
Name: htdig
|
||||||
|
Version: 3.2.0b6
|
||||||
|
Release: 1mamba
|
||||||
|
Summary: A complete world wide web indexing and searching system for a domain or intranet
|
||||||
|
Group: Applications/Web
|
||||||
|
Vendor: openmamba
|
||||||
|
Distribution: openmamba
|
||||||
|
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
|
||||||
|
URL: http://www.htdig.org/
|
||||||
|
Source: http://downloads.sourceforge.net/project/htdig/htdig/%{version}/htdig-%{version}.tar.bz2
|
||||||
|
Patch1: %{name}-3.2.0b6-CAN_2005_0085.patch
|
||||||
|
Patch2: %{name}-3.2.0b6-overflow.patch
|
||||||
|
Patch3: %{name}-3.2.0b6-compile-fix.patch
|
||||||
|
Patch4: %{name}-3.2.0b6-segv.patch
|
||||||
|
Patch5: %{name}-3.2.0b6-CVE_2007_6110.patch
|
||||||
|
License: GPL
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||||
|
|
||||||
|
%description
|
||||||
|
The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet.
|
||||||
|
This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Google and AltaVista.
|
||||||
|
Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site.
|
||||||
|
As opposed to some WAIS-based or web-server based search engines, ht://Dig can easily span several web servers.
|
||||||
|
The type of these different web servers doesn't matter as long as they understand common protocols like HTTP.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q
|
||||||
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
%configure \
|
||||||
|
--enable-shared \
|
||||||
|
--enable-tests \
|
||||||
|
--enable-bigfile \
|
||||||
|
--with-config-dir=%{_sysconfdir}/htdig \
|
||||||
|
--with-default-config-file=%{_sysconfdir}/htdig/htdig.conf \
|
||||||
|
--with-cgi-bin-dir=/var/www/cgi-bin \
|
||||||
|
--with-image-dir=/var/www/html/htdig \
|
||||||
|
--with-search-dir=/var/www/html/htdig \
|
||||||
|
--with-common-dir=%{_datadir}/htdig \
|
||||||
|
--with-database-dir=/var/lib/htdig \
|
||||||
|
--with-apache=/usr/sbin/httpd \
|
||||||
|
--with-zlib=/usr \
|
||||||
|
--with-ssl
|
||||||
|
|
||||||
|
%make
|
||||||
|
|
||||||
|
%install
|
||||||
|
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
|
||||||
|
install -d %{buildroot}%{_sysconfdir}/htdig
|
||||||
|
%makeinstall
|
||||||
|
|
||||||
|
cp %{buildroot}/var/www/cgi-bin/htsearch %{buildroot}%{_bindir}
|
||||||
|
chmod 644 %{buildroot}/var/www/html/htdig/*
|
||||||
|
ln -sf ./search.html %{buildroot}/var/www/html/htdig/index.html
|
||||||
|
|
||||||
|
# remove unpackaged files
|
||||||
|
rm -fr %{buildroot}%{_includedir}
|
||||||
|
rm -rf %{buildroot}%{_libdir}/htdig/*.a
|
||||||
|
rm -rf %{buildroot}%{_libdir}/htdig/*.la
|
||||||
|
rm -rf %{buildroot}%{_libdir}/htdig_db/*.a
|
||||||
|
rm -rf %{buildroot}%{_libdir}/htdig_db/*.la
|
||||||
|
|
||||||
|
%clean
|
||||||
|
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
|
||||||
|
|
||||||
|
%pre
|
||||||
|
groupadd htdig -g %{groupid} 2>/dev/null
|
||||||
|
useradd -u %{userid} -c 'Htdig user' -d /var/lib/htdig -g htdig \
|
||||||
|
-s /bin/false htdig 2>/dev/null
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
%preun
|
||||||
|
# erase
|
||||||
|
if [ $1 -eq 0 ]; then
|
||||||
|
userdel htdig 2>/dev/null
|
||||||
|
groupdel htdig 2>/dev/null
|
||||||
|
fi
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
%files
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%{_bindir}/*
|
||||||
|
%dir %attr(-,htdig,root) %{_datadir}/htdig
|
||||||
|
%{_datadir}/htdig/*
|
||||||
|
%dir %attr(-,htdig,htdig) /var/lib/htdig
|
||||||
|
%{_libdir}/htdig
|
||||||
|
%{_libdir}/htdig_db
|
||||||
|
%dir %{_sysconfdir}/htdig
|
||||||
|
%config(noreplace) %{_sysconfdir}/htdig/htdig.conf
|
||||||
|
%config(noreplace) %{_sysconfdir}/htdig/cookies.txt
|
||||||
|
%{_sysconfdir}/htdig/HtFileType-magic.mime
|
||||||
|
%{_sysconfdir}/htdig/mime.types
|
||||||
|
/var/www/cgi-bin/*
|
||||||
|
%dir /var/www/html/htdig
|
||||||
|
/var/www/html/htdig/*
|
||||||
|
%{_mandir}/man1/*
|
||||||
|
%{_mandir}/man8/*
|
||||||
|
%doc COPYING ChangeLog README
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Tue Dec 01 2009 Davide Madrisan <davide.madrisan@gmail.com> 3.2.0b6-1mamba
|
||||||
|
- update to 3.2.0b6
|
||||||
|
- security fixes
|
||||||
|
|
||||||
|
* Mon Jun 26 2006 Davide Madrisan <davide.madrisan@qilinux.it> 3.1.6-3qilnx
|
||||||
|
- own %{_datadir}/htdig
|
||||||
|
- fixed directory and files permissions
|
||||||
|
- added %%pre and %%preun scriplets
|
||||||
|
|
||||||
|
* Fri Apr 01 2005 Davide Madrisan <davide.madrisan@qilinux.it> 3.1.6-2qilnx
|
||||||
|
- fixed security flaw QSA-2005-034 (CAN-2005-0085)
|
||||||
|
|
||||||
|
* Tue Oct 19 2004 Silvan Calarco <silvan.calarco@qilinux.it> 3.1.6-1qilnx
|
||||||
|
- package created by autospec
|
Loading…
Reference in New Issue
Block a user