update to 3.2.0b6
security fixes [release 3.2.0b6-1mamba;Tue Dec 01 2009]
This commit is contained in:
parent
36d106c085
commit
49fba54f41
@ -1,2 +1,8 @@
|
||||
# htdig
|
||||
|
||||
The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet.
|
||||
This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Google and AltaVista.
|
||||
Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site.
|
||||
As opposed to some WAIS-based or web-server based search engines, ht://Dig can easily span several web servers.
|
||||
The type of these different web servers doesn't matter as long as they understand common protocols like HTTP.
|
||||
|
||||
|
26
htdig-3.2.0b6-CAN_2005_0085.patch
Normal file
26
htdig-3.2.0b6-CAN_2005_0085.patch
Normal file
@ -0,0 +1,26 @@
|
||||
diff -ru htdig-3.2.0b6/htsearch/htsearch.cc htdig-3.2.0b6-fix/htsearch/htsearch.cc
|
||||
--- htdig-3.2.0b6/htsearch/htsearch.cc 2004-05-28 15:15:24.000000000 +0200
|
||||
+++ htdig-3.2.0b6-fix/htsearch/htsearch.cc 2009-12-01 21:24:38.000000000 +0100
|
||||
@@ -211,8 +211,7 @@
|
||||
}
|
||||
if (access((char*)configFile, R_OK) < 0)
|
||||
{
|
||||
- reportError(form("Unable to read configuration file '%s'",
|
||||
- configFile.get()));
|
||||
+ reportError("Unable to read configuration file");
|
||||
}
|
||||
config->Read(configFile);
|
||||
|
||||
diff -ru htdig-3.2.0b6/htsearch/qtest.cc htdig-3.2.0b6-fix/htsearch/qtest.cc
|
||||
--- htdig-3.2.0b6/htsearch/qtest.cc 2004-05-28 15:15:25.000000000 +0200
|
||||
+++ htdig-3.2.0b6-fix/htsearch/qtest.cc 2009-12-01 21:25:17.000000000 +0100
|
||||
@@ -132,8 +132,7 @@
|
||||
|
||||
if (access((char*)configFile, R_OK) < 0)
|
||||
{
|
||||
- reportError(form("Unable to find configuration file '%s'",
|
||||
- configFile.get()));
|
||||
+ reportError("Unable to find configuration file");
|
||||
}
|
||||
|
||||
config->Read(configFile);
|
24
htdig-3.2.0b6-CVE_2007_6110.patch
Normal file
24
htdig-3.2.0b6-CVE_2007_6110.patch
Normal file
@ -0,0 +1,24 @@
|
||||
diff -ru htdig-3.2.0b6/htsearch/Display.cc htdig-3.2.0b6-fix/htsearch/Display.cc
|
||||
--- htdig-3.2.0b6/htsearch/Display.cc 2004-05-28 15:15:24.000000000 +0200
|
||||
+++ htdig-3.2.0b6-fix/htsearch/Display.cc 2009-12-01 21:29:25.000000000 +0100
|
||||
@@ -137,7 +137,7 @@
|
||||
// Must temporarily stash the message in a String, since
|
||||
// displaySyntaxError will overwrite the static temp used in form.
|
||||
|
||||
- String s(form("No such sort method: `%s'", (const char*)config->Find("sort")));
|
||||
+ String s("invalid sort method");
|
||||
|
||||
displaySyntaxError(s);
|
||||
return;
|
||||
diff -ru htdig-3.2.0b6/libhtdig/ResultFetch.cc htdig-3.2.0b6-fix/libhtdig/ResultFetch.cc
|
||||
--- htdig-3.2.0b6/libhtdig/ResultFetch.cc 2004-05-28 15:15:28.000000000 +0200
|
||||
+++ htdig-3.2.0b6-fix/libhtdig/ResultFetch.cc 2009-12-01 21:30:26.000000000 +0100
|
||||
@@ -142,7 +142,7 @@
|
||||
// Must temporarily stash the message in a String, since
|
||||
// displaySyntaxError will overwrite the static temp used in form.
|
||||
|
||||
- String s(form("No such sort method: `%s'", (const char *) config->Find("sort")));
|
||||
+ String s("invalid sort method");
|
||||
|
||||
displaySyntaxError(s);
|
||||
//return;
|
15
htdig-3.2.0b6-compile-fix.patch
Normal file
15
htdig-3.2.0b6-compile-fix.patch
Normal file
@ -0,0 +1,15 @@
|
||||
diff -ru htdig-3.2.0b6/htsearch/Collection.h htdig-3.2.0b6-fix/htsearch/Collection.h
|
||||
--- htdig-3.2.0b6/htsearch/Collection.h 2004-05-28 15:15:24.000000000 +0200
|
||||
+++ htdig-3.2.0b6-fix/htsearch/Collection.h 2009-12-01 21:16:14.000000000 +0100
|
||||
@@ -36,9 +36,9 @@
|
||||
const char *docExcerpt);
|
||||
~Collection();
|
||||
|
||||
- void Collection::Open();
|
||||
+ void Open();
|
||||
|
||||
- void Collection::Close();
|
||||
+ void Close();
|
||||
|
||||
char *getWordFile() { return wordFile.get(); }
|
||||
DocumentRef *getDocumentRef(int id);
|
12
htdig-3.2.0b6-overflow.patch
Normal file
12
htdig-3.2.0b6-overflow.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -ru htdig-3.2.0b6/htword/WordDBPage.cc htdig-3.2.0b6-fix/htword/WordDBPage.cc
|
||||
--- htdig-3.2.0b6/htword/WordDBPage.cc 2004-05-28 15:15:26.000000000 +0200
|
||||
+++ htdig-3.2.0b6-fix/htword/WordDBPage.cc 2009-12-01 21:13:37.000000000 +0100
|
||||
@@ -82,7 +82,7 @@
|
||||
if(debuglevel>2)printf("TOTAL SIZE: %6d %8f\n",size,size/8.0);
|
||||
// argh! compare failed somthing went wrong
|
||||
// display the compress/decompress sequence and fail
|
||||
- if(cmp || size>8*1024*1000000000)
|
||||
+ if(cmp || size>8*1024)
|
||||
{
|
||||
if(size>8*1024)
|
||||
{
|
13
htdig-3.2.0b6-segv.patch
Normal file
13
htdig-3.2.0b6-segv.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff -ru htdig-3.2.0b6/httools/htstat.cc htdig-3.2.0b6-fix/httools/htstat.cc
|
||||
--- htdig-3.2.0b6/httools/htstat.cc 2004-05-28 15:15:25.000000000 +0200
|
||||
+++ htdig-3.2.0b6-fix/httools/htstat.cc 2009-12-01 21:21:06.000000000 +0100
|
||||
@@ -158,7 +158,8 @@
|
||||
if(words.Open(config->Find("word_db"), O_RDONLY) == OK)
|
||||
{
|
||||
cout << "htstat: Total words: " << words.WordRefs()->Count() << endl;
|
||||
- cout << "htstat: Total unique words: " << words.Words()->Count() << endl;
|
||||
+ if (words.WordRefs()->Count() != 0)
|
||||
+ cout << "htstat: Total unique words: " << words.Words()->Count() << endl;
|
||||
words.Close();
|
||||
}
|
||||
|
122
htdig.spec
Normal file
122
htdig.spec
Normal file
@ -0,0 +1,122 @@
|
||||
%define groupid 65038
|
||||
%define userid 65038
|
||||
|
||||
Name: htdig
|
||||
Version: 3.2.0b6
|
||||
Release: 1mamba
|
||||
Summary: A complete world wide web indexing and searching system for a domain or intranet
|
||||
Group: Applications/Web
|
||||
Vendor: openmamba
|
||||
Distribution: openmamba
|
||||
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
|
||||
URL: http://www.htdig.org/
|
||||
Source: http://downloads.sourceforge.net/project/htdig/htdig/%{version}/htdig-%{version}.tar.bz2
|
||||
Patch1: %{name}-3.2.0b6-CAN_2005_0085.patch
|
||||
Patch2: %{name}-3.2.0b6-overflow.patch
|
||||
Patch3: %{name}-3.2.0b6-compile-fix.patch
|
||||
Patch4: %{name}-3.2.0b6-segv.patch
|
||||
Patch5: %{name}-3.2.0b6-CVE_2007_6110.patch
|
||||
License: GPL
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||
|
||||
%description
|
||||
The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet.
|
||||
This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Google and AltaVista.
|
||||
Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site.
|
||||
As opposed to some WAIS-based or web-server based search engines, ht://Dig can easily span several web servers.
|
||||
The type of these different web servers doesn't matter as long as they understand common protocols like HTTP.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
|
||||
%build
|
||||
%configure \
|
||||
--enable-shared \
|
||||
--enable-tests \
|
||||
--enable-bigfile \
|
||||
--with-config-dir=%{_sysconfdir}/htdig \
|
||||
--with-default-config-file=%{_sysconfdir}/htdig/htdig.conf \
|
||||
--with-cgi-bin-dir=/var/www/cgi-bin \
|
||||
--with-image-dir=/var/www/html/htdig \
|
||||
--with-search-dir=/var/www/html/htdig \
|
||||
--with-common-dir=%{_datadir}/htdig \
|
||||
--with-database-dir=/var/lib/htdig \
|
||||
--with-apache=/usr/sbin/httpd \
|
||||
--with-zlib=/usr \
|
||||
--with-ssl
|
||||
|
||||
%make
|
||||
|
||||
%install
|
||||
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
|
||||
install -d %{buildroot}%{_sysconfdir}/htdig
|
||||
%makeinstall
|
||||
|
||||
cp %{buildroot}/var/www/cgi-bin/htsearch %{buildroot}%{_bindir}
|
||||
chmod 644 %{buildroot}/var/www/html/htdig/*
|
||||
ln -sf ./search.html %{buildroot}/var/www/html/htdig/index.html
|
||||
|
||||
# remove unpackaged files
|
||||
rm -fr %{buildroot}%{_includedir}
|
||||
rm -rf %{buildroot}%{_libdir}/htdig/*.a
|
||||
rm -rf %{buildroot}%{_libdir}/htdig/*.la
|
||||
rm -rf %{buildroot}%{_libdir}/htdig_db/*.a
|
||||
rm -rf %{buildroot}%{_libdir}/htdig_db/*.la
|
||||
|
||||
%clean
|
||||
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
|
||||
|
||||
%pre
|
||||
groupadd htdig -g %{groupid} 2>/dev/null
|
||||
useradd -u %{userid} -c 'Htdig user' -d /var/lib/htdig -g htdig \
|
||||
-s /bin/false htdig 2>/dev/null
|
||||
exit 0
|
||||
|
||||
%preun
|
||||
# erase
|
||||
if [ $1 -eq 0 ]; then
|
||||
userdel htdig 2>/dev/null
|
||||
groupdel htdig 2>/dev/null
|
||||
fi
|
||||
exit 0
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/*
|
||||
%dir %attr(-,htdig,root) %{_datadir}/htdig
|
||||
%{_datadir}/htdig/*
|
||||
%dir %attr(-,htdig,htdig) /var/lib/htdig
|
||||
%{_libdir}/htdig
|
||||
%{_libdir}/htdig_db
|
||||
%dir %{_sysconfdir}/htdig
|
||||
%config(noreplace) %{_sysconfdir}/htdig/htdig.conf
|
||||
%config(noreplace) %{_sysconfdir}/htdig/cookies.txt
|
||||
%{_sysconfdir}/htdig/HtFileType-magic.mime
|
||||
%{_sysconfdir}/htdig/mime.types
|
||||
/var/www/cgi-bin/*
|
||||
%dir /var/www/html/htdig
|
||||
/var/www/html/htdig/*
|
||||
%{_mandir}/man1/*
|
||||
%{_mandir}/man8/*
|
||||
%doc COPYING ChangeLog README
|
||||
|
||||
%changelog
|
||||
* Tue Dec 01 2009 Davide Madrisan <davide.madrisan@gmail.com> 3.2.0b6-1mamba
|
||||
- update to 3.2.0b6
|
||||
- security fixes
|
||||
|
||||
* Mon Jun 26 2006 Davide Madrisan <davide.madrisan@qilinux.it> 3.1.6-3qilnx
|
||||
- own %{_datadir}/htdig
|
||||
- fixed directory and files permissions
|
||||
- added %%pre and %%preun scriplets
|
||||
|
||||
* Fri Apr 01 2005 Davide Madrisan <davide.madrisan@qilinux.it> 3.1.6-2qilnx
|
||||
- fixed security flaw QSA-2005-034 (CAN-2005-0085)
|
||||
|
||||
* Tue Oct 19 2004 Silvan Calarco <silvan.calarco@qilinux.it> 3.1.6-1qilnx
|
||||
- package created by autospec
|
Loading…
Reference in New Issue
Block a user