diff options
| author |   Ned Ludd <solar@gentoo.org> | 2004-07-26 13:53:46 +0000 |
|---|---|---|
| committer | Ned Ludd <solar@gentoo.org> | 2004-07-26 13:53:46 +0000 |
| commit | eaf5813503828ee1a1a0f9f5bf95832fed2c82e8 (patch) | |
| tree | cb2881ec23a61c7a61dd87e4cdd7e7ea0a7dd70b /net-misc/pavuk | |
| parent | ~amd64 (diff) | |
| download | historical-eaf5813503828ee1a1a0f9f5bf95832fed2c82e8.tar.gz historical-eaf5813503828ee1a1a0f9f5bf95832fed2c82e8.tar.bz2 historical-eaf5813503828ee1a1a0f9f5bf95832fed2c82e8.zip | |
another security fix, this time in the digest auth code. Note: This package appears to be at high risk for security problems and may/should be removed from the tree in the future
Diffstat (limited to 'net-misc/pavuk')
| -rw-r--r-- | net-misc/pavuk/ChangeLog | 10 | ||||
| -rw-r--r-- | net-misc/pavuk/Manifest | 5 | ||||
| -rw-r--r-- | net-misc/pavuk/files/digest-pavuk-0.9.28-r3 | 1 | ||||
| -rw-r--r-- | net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch | 30 | ||||
| -rw-r--r-- | net-misc/pavuk/pavuk-0.9.28-r3.ebuild | 95 |
5 files changed, 139 insertions, 2 deletions
diff --git a/net-misc/pavuk/ChangeLog b/net-misc/pavuk/ChangeLog index f7123b6dbd18..616036e2c49d 100644 --- a/net-misc/pavuk/ChangeLog +++ b/net-misc/pavuk/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-misc/pavuk # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/pavuk/ChangeLog,v 1.6 2004/06/30 00:11:55 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/pavuk/ChangeLog,v 1.7 2004/07/26 13:53:46 solar Exp $ + +*pavuk-0.9.28-r3 (26 Jul 2004) + + 26 Jul 2004; <solar@gentoo.org> pavuk-0.9.28-r3.ebuild, + files/pavuk-0.9.28-digest_auth.c.patch: + another security fix, this time in the digest auth code. Note: This package + appears to be at high risk for security problems and may/should be removed + from the tree in the future 29 Jun 2004; <solar@gentoo.org> pavuk-0.9.28-r2.ebuild: marked x86 ppc sparc stable diff --git a/net-misc/pavuk/Manifest b/net-misc/pavuk/Manifest index ae3165fa0f72..24e63b86641e 100644 --- a/net-misc/pavuk/Manifest +++ b/net-misc/pavuk/Manifest @@ -1,7 +1,10 @@ MD5 9b43ac4c1fc7f0bce0ceaf906b891abc pavuk-0.9.28-r1.ebuild 1888 +MD5 9305d65473e3f0f704959b94a117d416 pavuk-0.9.28-r3.ebuild 2384 MD5 02882c093c817385fd716bf60f927d4d pavuk-0.9.28-r2.ebuild 2270 -MD5 90588e6df4c13d1edcc0b896f32e8dc7 ChangeLog 993 +MD5 79f50ffad643e0573f22ad38f8dc2d7c ChangeLog 1311 MD5 11e5f54a97abb41296c28d7e43cf9a56 metadata.xml 229 MD5 7e864c54e972ae5a1456fa08d6d4e792 files/digest-pavuk-0.9.28-r1 62 MD5 7e864c54e972ae5a1456fa08d6d4e792 files/digest-pavuk-0.9.28-r2 62 +MD5 7e864c54e972ae5a1456fa08d6d4e792 files/digest-pavuk-0.9.28-r3 62 +MD5 3ceb6f5a4af6fa6bfb24671fb1c29877 files/pavuk-0.9.28-digest_auth.c.patch 1013 MD5 10d79651cad9ba99fed11403edfb4b3a files/pavuk-0.9.28-http.patch 450 diff --git a/net-misc/pavuk/files/digest-pavuk-0.9.28-r3 b/net-misc/pavuk/files/digest-pavuk-0.9.28-r3 new file mode 100644 index 000000000000..cdc14b2bba09 --- /dev/null +++ b/net-misc/pavuk/files/digest-pavuk-0.9.28-r3 @@ -0,0 +1 @@ +MD5 d0f7b77bd11322add1f7d52d62afbf78 pavuk-0.9pl28.tgz 968336 diff --git a/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch b/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch new file mode 100644 index 000000000000..9b12207d0a6a --- /dev/null +++ b/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch @@ -0,0 +1,30 @@ +--- digest_auth_orig.c 2000-12-03 08:25:44.000000000 -0600 ++++ digest_auth.c 2004-07-24 13:45:50.000000000 -0500 +@@ -87,6 +87,7 @@ + return retv; + } + ++/* PRE: Assumes 'buf' can store 2K */ + char *http_get_digest_auth_str(auth_digest, method, user, pass, urlp, buf) + http_digest_info *auth_digest; + char *method; +@@ -99,14 +100,15 @@ + char *a1,*a2,*a3; + char *d = url_encode_str(urlp->p.http.document, URL_PATH_UNSAFE); + +- sprintf(pom, "%s:%s:%s", user, auth_digest->realm, pass); ++ snprintf(pom, sizeof(pom), "%s:%s:%s", user, auth_digest->realm, pass); + a1 = _md5(pom); +- sprintf(pom, "%s:%s", method, d); ++ snprintf(pom, sizeof(pom), "%s:%s", method, d); + a2 = _md5(pom); +- sprintf(pom, "%s:%s:%s", a1, auth_digest->nonce, a2); ++ snprintf(pom, sizeof(pom), "%s:%s:%s", a1, auth_digest->nonce, a2); + a3 = _md5(pom); + +- sprintf(buf, ++ snprintf(buf, ++ 2048, + "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\"" , + user, auth_digest->realm, auth_digest->nonce, d, a3); + diff --git a/net-misc/pavuk/pavuk-0.9.28-r3.ebuild b/net-misc/pavuk/pavuk-0.9.28-r3.ebuild new file mode 100644 index 000000000000..18d91b128989 --- /dev/null +++ b/net-misc/pavuk/pavuk-0.9.28-r3.ebuild @@ -0,0 +1,95 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/pavuk/pavuk-0.9.28-r3.ebuild,v 1.1 2004/07/26 13:53:46 solar Exp $ + +inherit eutils + +IUSE="ssl X gtk gnome mozilla socks5 nls" + +S="${WORKDIR}/${PN}-0.9pl28" +DESCRIPTION="Web spider and website mirroring tool" +HOMEPAGE="http://www.pavuk.org/" +SRC_URI="http://www.pavuk.org/sw/${PN}-0.9pl28.tgz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="x86 ppc sparc" + +DEPEND=">=sys-apps/sed-4.0.5 + sys-devel/gettext + sys-libs/zlib + ssl? ( dev-libs/openssl ) + X? ( virtual/x11 ) + gtk? ( =x11-libs/gtk+-1.2* ) + gnome? ( <gnome-base/gnome-panel-1.5 ) + mozilla? ( net-www/mozilla ) + socks5? ( net-misc/tsocks )" + +src_unpack() { + unpack ${A} + + # When pavuk connects to a web server and the server sends back + # the HTTP status code 305 (Use Proxy), pavuk copies data from + # the HTTP Location header in an unsafe manner. This leads to a + # stack-based buffer overflow with control over EIP. + EPATCH_OPTS="${EPATCH_OPTS} -d ${S}/src" \ + epatch ${FILESDIR}/pavuk-0.9.28-http.patch + + # more flaws. + EPATCH_OPTS="${EPATCH_OPTS} -d ${S}/src" \ + epatch ${FILESDIR}/${PN}-0.9.28-digest_auth.c.patch +} + +src_compile() { + + local myconf + myconf="--enable-threads --with-regex=auto" + + use X \ + && myconf="${myconf} --with-x" \ + || myconf="${myconf} --without-x" + + use ssl \ + && myconf="${myconf} --enable-ssl" \ + || myconf="${myconf} --disable-ssl" + + use gtk \ + && myconf="${myconf} --enable-gtk" \ + || myconf="${myconf} --disable-gtk" + + use gnome \ + && myconf="${myconf} --enable-gnome" \ + || myconf="${myconf} --disable-gnome" + + use mozilla \ + && myconf="${myconf} --enable-js" \ + || myconf="${myconf} --disable-js" + + use socks5 \ + && myconf="${myconf} --enable-socks" \ + || myconf="${myconf} --disable-socks" + + use nls \ + && myconf="${myconf} --enable-nls" \ + || myconf="${myconf} --disable-nls" + + econf ${myconf} || die + + emake || die +} + +src_install() { + + # fix sandbox volation for gnome .desktop and icon + if use gnome + then + sed -i 's:GNOME_PREFIX = /usr:GNOME_PREFIX = ${D}usr:' Makefile + sed -i 's:GNOME_PREFIX = /usr:GNOME_PREFIX = ${D}usr:' icons/Makefile + fi + + einstall || die + + dodoc ABOUT-NLS README CREDITS FAQ NEWS AUTHORS COPYING BUGS \ + TODO MAILINGLIST ChangeLog wget-pavuk.HOWTO jsbind.txt \ + pavuk_authinfo.sample pavukrc.sample +} |