update to 3.2.0b6

security fixes [release 3.2.0b6-1mamba;Tue Dec 01 2009]
2024-01-05 23:43:40 +01:00 · 2024-01-05 23:43:40 +01:00 · 49fba54f41
commit 49fba54f41
parent 36d106c085
7 changed files with 218 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,8 @@
 # htdig

+The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet.
+This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Google and AltaVista.
+Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site.
+As opposed to some WAIS-based or web-server based search engines, ht://Dig can easily span several web servers.
+The type of these different web servers doesn't matter as long as they understand common protocols like HTTP.
+
--- a/htdig-3.2.0b6-CAN_2005_0085.patch
+++ b/htdig-3.2.0b6-CAN_2005_0085.patch
@ -0,0 +1,26 @@
+diff -ru htdig-3.2.0b6/htsearch/htsearch.cc htdig-3.2.0b6-fix/htsearch/htsearch.cc
+--- htdig-3.2.0b6/htsearch/htsearch.cc	2004-05-28 15:15:24.000000000 +0200
+++ htdig-3.2.0b6-fix/htsearch/htsearch.cc	2009-12-01 21:24:38.000000000 +0100
+@@ -211,8 +211,7 @@
+ 	}
+ 	if (access((char*)configFile, R_OK) < 0)
+ 	{
+-	    reportError(form("Unable to read configuration file '%s'",
+-			     configFile.get()));
+	    reportError("Unable to read configuration file"); 
+ 	}
+ 	config->Read(configFile);
+ 
+diff -ru htdig-3.2.0b6/htsearch/qtest.cc htdig-3.2.0b6-fix/htsearch/qtest.cc
+--- htdig-3.2.0b6/htsearch/qtest.cc	2004-05-28 15:15:25.000000000 +0200
+++ htdig-3.2.0b6-fix/htsearch/qtest.cc	2009-12-01 21:25:17.000000000 +0100
+@@ -132,8 +132,7 @@
+ 
+     if (access((char*)configFile, R_OK) < 0)
+     {
+-	reportError(form("Unable to find configuration file '%s'",
+-			 configFile.get()));
+	reportError("Unable to find configuration file");
+     }
+ 	
+     config->Read(configFile);
--- a/htdig-3.2.0b6-CVE_2007_6110.patch
+++ b/htdig-3.2.0b6-CVE_2007_6110.patch
@ -0,0 +1,24 @@
+diff -ru htdig-3.2.0b6/htsearch/Display.cc htdig-3.2.0b6-fix/htsearch/Display.cc
+--- htdig-3.2.0b6/htsearch/Display.cc	2004-05-28 15:15:24.000000000 +0200
+++ htdig-3.2.0b6-fix/htsearch/Display.cc	2009-12-01 21:29:25.000000000 +0100
+@@ -137,7 +137,7 @@
+       // Must temporarily stash the message in a String, since
+       // displaySyntaxError will overwrite the static temp used in form.
+ 
+-      String s(form("No such sort method: `%s'", (const char*)config->Find("sort")));
+      String s("invalid sort method");
+ 
+       displaySyntaxError(s);
+       return;
+diff -ru htdig-3.2.0b6/libhtdig/ResultFetch.cc htdig-3.2.0b6-fix/libhtdig/ResultFetch.cc
+--- htdig-3.2.0b6/libhtdig/ResultFetch.cc	2004-05-28 15:15:28.000000000 +0200
+++ htdig-3.2.0b6-fix/libhtdig/ResultFetch.cc	2009-12-01 21:30:26.000000000 +0100
+@@ -142,7 +142,7 @@
+         // Must temporarily stash the message in a String, since
+         // displaySyntaxError will overwrite the static temp used in form.
+ 
+-        String s(form("No such sort method: `%s'", (const char *) config->Find("sort")));
+        String s("invalid sort method");
+ 
+         displaySyntaxError(s);
+         //return;
--- a/htdig-3.2.0b6-compile-fix.patch
+++ b/htdig-3.2.0b6-compile-fix.patch
@ -0,0 +1,15 @@
+diff -ru htdig-3.2.0b6/htsearch/Collection.h htdig-3.2.0b6-fix/htsearch/Collection.h
+--- htdig-3.2.0b6/htsearch/Collection.h	2004-05-28 15:15:24.000000000 +0200
+++ htdig-3.2.0b6-fix/htsearch/Collection.h	2009-12-01 21:16:14.000000000 +0100
+@@ -36,9 +36,9 @@
+                const char *docExcerpt);
+     ~Collection();
+ 
+-    void Collection::Open();
+    void Open();
+ 
+-    void Collection::Close(); 
+    void Close(); 
+ 
+     char *getWordFile() { return wordFile.get(); }
+     DocumentRef         *getDocumentRef(int id);
--- a/htdig-3.2.0b6-overflow.patch
+++ b/htdig-3.2.0b6-overflow.patch
@ -0,0 +1,12 @@
+diff -ru htdig-3.2.0b6/htword/WordDBPage.cc htdig-3.2.0b6-fix/htword/WordDBPage.cc
+--- htdig-3.2.0b6/htword/WordDBPage.cc	2004-05-28 15:15:26.000000000 +0200
+++ htdig-3.2.0b6-fix/htword/WordDBPage.cc	2009-12-01 21:13:37.000000000 +0100
+@@ -82,7 +82,7 @@
+   	if(debuglevel>2)printf("TOTAL SIZE: %6d %8f\n",size,size/8.0);
+ 	// argh! compare failed somthing went wrong
+ 	// display the compress/decompress sequence and fail
+-	if(cmp || size>8*1024*1000000000)
+	if(cmp || size>8*1024)
+ 	{
+ 	    if(size>8*1024)
+ 	    {
--- a/htdig-3.2.0b6-segv.patch
+++ b/htdig-3.2.0b6-segv.patch
@ -0,0 +1,13 @@
+diff -ru htdig-3.2.0b6/httools/htstat.cc htdig-3.2.0b6-fix/httools/htstat.cc
+--- htdig-3.2.0b6/httools/htstat.cc	2004-05-28 15:15:25.000000000 +0200
+++ htdig-3.2.0b6-fix/httools/htstat.cc	2009-12-01 21:21:06.000000000 +0100
+@@ -158,7 +158,8 @@
+     if(words.Open(config->Find("word_db"), O_RDONLY) == OK)
+       {
+ 	cout << "htstat: Total words: " << words.WordRefs()->Count() << endl;
+-	cout << "htstat: Total unique words: " << words.Words()->Count() << endl;
+	if (words.WordRefs()->Count() != 0)
+	  cout << "htstat: Total unique words: " << words.Words()->Count() << endl; 
+ 	words.Close();
+       }
+ 
--- a/htdig.spec
+++ b/htdig.spec
@ -0,0 +1,122 @@
+%define groupid 65038
+%define userid 65038
+
+Name:          htdig
+Version:       3.2.0b6
+Release:       1mamba
+Summary:       A complete world wide web indexing and searching system for a domain or intranet
+Group:         Applications/Web
+Vendor:        openmamba
+Distribution:  openmamba
+Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
+URL:           http://www.htdig.org/
+Source:        http://downloads.sourceforge.net/project/htdig/htdig/%{version}/htdig-%{version}.tar.bz2
+Patch1:        %{name}-3.2.0b6-CAN_2005_0085.patch
+Patch2:        %{name}-3.2.0b6-overflow.patch
+Patch3:        %{name}-3.2.0b6-compile-fix.patch
+Patch4:        %{name}-3.2.0b6-segv.patch
+Patch5:        %{name}-3.2.0b6-CVE_2007_6110.patch
+License:       GPL
+BuildRoot:     %{_tmppath}/%{name}-%{version}-root
+
+%description
+The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet.
+This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Google and AltaVista.
+Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site.
+As opposed to some WAIS-based or web-server based search engines, ht://Dig can easily span several web servers.
+The type of these different web servers doesn't matter as long as they understand common protocols like HTTP. 
+
+%prep
+%setup -q
+%patch1 -p1 
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+
+%build
+%configure \
+   --enable-shared \
+   --enable-tests \
+   --enable-bigfile \
+   --with-config-dir=%{_sysconfdir}/htdig \
+   --with-default-config-file=%{_sysconfdir}/htdig/htdig.conf \
+   --with-cgi-bin-dir=/var/www/cgi-bin \
+   --with-image-dir=/var/www/html/htdig \
+   --with-search-dir=/var/www/html/htdig \
+   --with-common-dir=%{_datadir}/htdig \
+   --with-database-dir=/var/lib/htdig \
+   --with-apache=/usr/sbin/httpd \
+   --with-zlib=/usr \
+   --with-ssl
+
+%make
+
+%install
+[ "%{buildroot}" != / ] && rm -rf %{buildroot}
+install -d %{buildroot}%{_sysconfdir}/htdig
+%makeinstall
+
+cp %{buildroot}/var/www/cgi-bin/htsearch %{buildroot}%{_bindir}
+chmod 644 %{buildroot}/var/www/html/htdig/*
+ln -sf ./search.html %{buildroot}/var/www/html/htdig/index.html
+
+# remove unpackaged files
+rm -fr %{buildroot}%{_includedir}
+rm -rf %{buildroot}%{_libdir}/htdig/*.a
+rm -rf %{buildroot}%{_libdir}/htdig/*.la
+rm -rf %{buildroot}%{_libdir}/htdig_db/*.a
+rm -rf %{buildroot}%{_libdir}/htdig_db/*.la
+
+%clean
+[ "%{buildroot}" != / ] && rm -rf %{buildroot}
+
+%pre
+groupadd htdig -g %{groupid} 2>/dev/null
+useradd -u %{userid} -c 'Htdig user' -d /var/lib/htdig -g htdig \
+   -s /bin/false htdig 2>/dev/null
+exit 0
+
+%preun
+# erase
+if [ $1 -eq 0 ]; then
+   userdel htdig 2>/dev/null
+   groupdel htdig 2>/dev/null
+fi
+exit 0
+
+%files
+%defattr(-,root,root)
+%{_bindir}/*
+%dir %attr(-,htdig,root) %{_datadir}/htdig
+%{_datadir}/htdig/*
+%dir %attr(-,htdig,htdig) /var/lib/htdig
+%{_libdir}/htdig
+%{_libdir}/htdig_db
+%dir %{_sysconfdir}/htdig
+%config(noreplace) %{_sysconfdir}/htdig/htdig.conf
+%config(noreplace) %{_sysconfdir}/htdig/cookies.txt
+%{_sysconfdir}/htdig/HtFileType-magic.mime
+%{_sysconfdir}/htdig/mime.types
+/var/www/cgi-bin/*
+%dir /var/www/html/htdig
+/var/www/html/htdig/*
+%{_mandir}/man1/*
+%{_mandir}/man8/*
+%doc COPYING ChangeLog README
+
+%changelog
+* Tue Dec 01 2009 Davide Madrisan <davide.madrisan@gmail.com> 3.2.0b6-1mamba
+- update to 3.2.0b6
+- security fixes
+
+* Mon Jun 26 2006 Davide Madrisan <davide.madrisan@qilinux.it> 3.1.6-3qilnx
+- own %{_datadir}/htdig
+- fixed directory and files permissions
+- added %%pre and %%preun scriplets
+
+* Fri Apr 01 2005 Davide Madrisan <davide.madrisan@qilinux.it> 3.1.6-2qilnx
+- fixed security flaw QSA-2005-034 (CAN-2005-0085)
+
+* Tue Oct 19 2004 Silvan Calarco <silvan.calarco@qilinux.it> 3.1.6-1qilnx
+- package created by autospec