fix 2 vulnerabilities (#88537)

(Portage version: 2.0.51.19)
author: Alin Năstac <mrness@gentoo.org> 2005-04-12 20:09:29 +0000
committer: Alin Năstac <mrness@gentoo.org> 2005-04-12 20:09:29 +0000
commit: 4376483ea4cd91e30961d2d2888beeaf1b8448cf (patch)
tree: 6cfa5ade42721b1151d8979e041c08f71ab7fbb0 /www-proxy
parent: new upstream version, fixes #88404. introduced support for the doc, examples,... (diff)
download: gentoo-2-4376483ea4cd91e30961d2d2888beeaf1b8448cf.tar.gz
gentoo-2-4376483ea4cd91e30961d2d2888beeaf1b8448cf.tar.bz2
gentoo-2-4376483ea4cd91e30961d2d2888beeaf1b8448cf.zip
5 files changed, 38 insertions, 18 deletions
diff --git a/www-proxy/junkbuster/ChangeLog b/www-proxy/junkbuster/ChangeLog
index 476b70fa33a6..ddf8415607ad 100644
--- a/www-proxy/junkbuster/ChangeLog
+++ b/www-proxy/junkbuster/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for www-proxy/junkbuster
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-proxy/junkbuster/ChangeLog,v 1.5 2005/03/08 17:39:51 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-proxy/junkbuster/ChangeLog,v 1.6 2005/04/12 20:09:29 mrness Exp $
+
+*junkbuster-2.0.2-r3 (12 Apr 2005)
+
+  12 Apr 2005; Alin Nastac <mrness@gentoo.org>
+  files/junkbuster-2.0.2-fixups.patch, -junkbuster-2.0.2-r2.ebuild,
+  +junkbuster-2.0.2-r3.ebuild:
+  Fix remote exploitable vulnerability and heap corruption, thanks to James Ranson 
+  <euclid80@users.sf.net> and Tavis Ormandy <taviso@gentoo.org> (#88537).
 
 *junkbuster-2.0.2-r2 (08 Mar 2005)
 
diff --git a/www-proxy/junkbuster/Manifest b/www-proxy/junkbuster/Manifest
index 9c090a47058c..619eb0e0925f 100644
--- a/www-proxy/junkbuster/Manifest
+++ b/www-proxy/junkbuster/Manifest
@@ -1,16 +1,6 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
+MD5 9a6535f999af7230a8e410d969b1da3d junkbuster-2.0.2-r3.ebuild 996
 MD5 da8c22348d41a42808c871bbf99c9cf8 ChangeLog 1749
 MD5 fc31adb42c0ec77e8f6be26b67ce7ffd metadata.xml 218
-MD5 9a6535f999af7230a8e410d969b1da3d junkbuster-2.0.2-r2.ebuild 996
-MD5 144473c056c1fe200cf39e691a8417ba files/digest-junkbuster-2.0.2-r2 70
+MD5 144473c056c1fe200cf39e691a8417ba files/digest-junkbuster-2.0.2-r3 70
 MD5 6c8d7b83685f02017218f73763bd8b71 files/junkbuster.rc6 583
-MD5 00550b1ad1399d06d361a47a44cb34bb files/junkbuster-2.0.2-fixups.patch 1266
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.2.6 (GNU/Linux)
-
-iD8DBQFCLeN1jiC39V7gKu0RAowfAJ9fA5kds+20+lIrqQs/MR0qzVkWyQCgnq1f
-NElGas8vD4tFLPrC+sWHluQ=
-=HO11
------END PGP SIGNATURE-----
+MD5 a5d2cc9e89b19171fdac3fd57fd6ac9c files/junkbuster-2.0.2-fixups.patch 3135
diff --git a/www-proxy/junkbuster/files/digest-junkbuster-2.0.2-r2 b/www-proxy/junkbuster/files/digest-junkbuster-2.0.2-r3
index b8d73f6b66ec..b8d73f6b66ec 100644
--- a/www-proxy/junkbuster/files/digest-junkbuster-2.0.2-r2
+++ b/www-proxy/junkbuster/files/digest-junkbuster-2.0.2-r3
diff --git a/www-proxy/junkbuster/files/junkbuster-2.0.2-fixups.patch b/www-proxy/junkbuster/files/junkbuster-2.0.2-fixups.patch
index 72316161b683..47ed33eed0d0 100644
--- a/www-proxy/junkbuster/files/junkbuster-2.0.2-fixups.patch
+++ b/www-proxy/junkbuster/files/junkbuster-2.0.2-fixups.patch
@@ -1,6 +1,28 @@
 diff -Nru ijb20.orig/filters.c ijb20/filters.c
 --- ijb20.orig/filters.c	2000-03-29 16:05:42.000000000 +0300
-+++ ijb20/filters.c	2005-03-08 19:25:54.105567248 +0200
++++ ijb20/filters.c	2005-04-12 22:54:06.295702048 +0300
+@@ -652,7 +652,7 @@
+ ij_untrusted_url(struct http_request *http, struct client_state *csp)
+ {
+ 	int n;
+-	char *hostport, *path, *p, *v[9];
++	char *hostport, *path, *referrer, *p, *v[9];
+ 	char buf[BUFSIZ];
+ 	struct url_spec **tl, *t;
+ 
+@@ -700,9 +700,9 @@
+ 	freez(hostport);
+ 	freez(path    );
+ 
+-	strsav(p, "The referrer in this request was <strong>");
+-	strsav(p, referrer);
+-	strsav(p, "</strong><br>\n");
++	p = strsav(p, "The referrer in this request was <strong>");
++	p = strsav(p, referrer);
++	p = strsav(p, "</strong><br>\n");
+ 
+ 	p = strsav(p, "<h3>The following referrers are trusted</h3>\n");
+ 
 @@ -773,7 +773,7 @@
  
  			sprintf(out_str,
@@ -12,7 +34,7 @@ diff -Nru ijb20.orig/filters.c ijb20/filters.c
  			s = strsav(s,out_str);
 diff -Nru ijb20.orig/socks4.c ijb20/socks4.c
 --- ijb20.orig/socks4.c	1998-10-30 23:58:48.000000000 +0200
-+++ ijb20/socks4.c	2005-03-08 19:25:54.105567248 +0200
++++ ijb20/socks4.c	2005-04-12 22:44:47.367672024 +0300
 @@ -9,6 +9,7 @@
  #include <stdio.h>
  #include <sys/types.h>
@@ -32,7 +54,7 @@ diff -Nru ijb20.orig/socks4.c ijb20/socks4.c
  	char *errstr, *target_host;
 diff -Nru ijb20.orig/ssplit.c ijb20/ssplit.c
 --- ijb20.orig/ssplit.c	1998-10-30 23:58:48.000000000 +0200
-+++ ijb20/ssplit.c	2005-03-08 19:25:54.106567096 +0200
++++ ijb20/ssplit.c	2005-04-12 22:44:47.368671872 +0300
 @@ -19,6 +19,9 @@
   */
  
diff --git a/www-proxy/junkbuster/junkbuster-2.0.2-r2.ebuild b/www-proxy/junkbuster/junkbuster-2.0.2-r3.ebuild
index 4bed0d2c4b4f..12216fc42432 100644
--- a/www-proxy/junkbuster/junkbuster-2.0.2-r2.ebuild
+++ b/www-proxy/junkbuster/junkbuster-2.0.2-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-proxy/junkbuster/junkbuster-2.0.2-r2.ebuild,v 1.1 2005/03/08 17:39:51 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-proxy/junkbuster/junkbuster-2.0.2-r3.ebuild,v 1.1 2005/04/12 20:09:29 mrness Exp $
 inherit eutils
 
 DESCRIPTION="Filtering HTTP proxy"
author	Alin Năstac <mrness@gentoo.org>	2005-04-12 20:09:29 +0000
committer	Alin Năstac <mrness@gentoo.org>	2005-04-12 20:09:29 +0000
commit	4376483ea4cd91e30961d2d2888beeaf1b8448cf (patch)
tree	6cfa5ade42721b1151d8979e041c08f71ab7fbb0 /www-proxy
parent	new upstream version, fixes #88404. introduced support for the doc, examples,... (diff)
download	gentoo-2-4376483ea4cd91e30961d2d2888beeaf1b8448cf.tar.gz gentoo-2-4376483ea4cd91e30961d2d2888beeaf1b8448cf.tar.bz2 gentoo-2-4376483ea4cd91e30961d2d2888beeaf1b8448cf.zip