diff options
author | itojun <itojun@pkgsrc.org> | 2001-09-28 10:10:40 +0000 |
---|---|---|
committer | itojun <itojun@pkgsrc.org> | 2001-09-28 10:10:40 +0000 |
commit | 6b12727d2038aa687b1589059d763ebe1a1e319d (patch) | |
tree | 23aad0981858d9abb0a2785bb5c405a79aa4e820 /www | |
parent | 6cf04de1479d6ad86d3a2adf230e89309ca8a272 (diff) | |
download | pkgsrc-6b12727d2038aa687b1589059d763ebe1a1e319d.tar.gz |
plug a security hole (any command can be invoked from remote).
bump version to w3m-0.2.1.0.19nb2
Diffstat (limited to 'www')
-rw-r--r-- | www/w3m/Makefile | 4 | ||||
-rw-r--r-- | www/w3m/distinfo | 5 | ||||
-rw-r--r-- | www/w3m/patches/patch-ah | 24 | ||||
-rw-r--r-- | www/w3m/patches/patch-ai | 17 | ||||
-rw-r--r-- | www/w3m/patches/patch-aj | 52 |
5 files changed, 99 insertions, 3 deletions
diff --git a/www/w3m/Makefile b/www/w3m/Makefile index 6b6e803e8bc..e92aaefcc93 100644 --- a/www/w3m/Makefile +++ b/www/w3m/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.27 2001/09/27 23:18:58 jlam Exp $ +# $NetBSD: Makefile,v 1.28 2001/09/28 10:10:40 itojun Exp $ # DISTNAME= w3m-0.2.1 -PKGNAME= w3m-0.2.1.0.19nb1 +PKGNAME= w3m-0.2.1.0.19nb2 CATEGORIES= www MASTER_SITES= ftp://ei5nazha.yz.yamagata-u.ac.jp/w3m/ diff --git a/www/w3m/distinfo b/www/w3m/distinfo index 02605cee2d0..974eac0a29b 100644 --- a/www/w3m/distinfo +++ b/www/w3m/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.3 2001/06/24 05:57:23 itojun Exp $ +$NetBSD: distinfo,v 1.4 2001/09/28 10:10:40 itojun Exp $ SHA1 (w3m-0.2.1.tar.gz) = 3ae98283f02f4faf05af76ee0b022f01c1301d29 Size (w3m-0.2.1.tar.gz) = 844101 bytes @@ -8,3 +8,6 @@ SHA1 (patch-aa) = 9c8e45448aedb1959d155eef355fe5d37599e11c SHA1 (patch-ab) = 08a28e40907f8c3040b1e9253caf14b8b4f0dc7e SHA1 (patch-af) = f43380334a92c609afef4058b03f1ef72ae77e2e SHA1 (patch-ag) = e394cac02a053c8deb5cb6c2d946c9ae8edc891d +SHA1 (patch-ah) = 1d961e2a476a9e5d5422cc60fd1069823c3100cb +SHA1 (patch-ai) = 74a13fc7e13d6b989a64bef827ea6ebfe0abf57f +SHA1 (patch-aj) = cc098950a78dbf5a1bd2febf74f237ed60aac881 diff --git a/www/w3m/patches/patch-ah b/www/w3m/patches/patch-ah new file mode 100644 index 00000000000..9d45d29919d --- /dev/null +++ b/www/w3m/patches/patch-ah @@ -0,0 +1,24 @@ +$NetBSD: patch-ah,v 1.1 2001/09/28 10:10:41 itojun Exp $ + +plug security hole. +http://mi.med.tohoku.ac.jp/~satodai/w3m-dev/200109.month/2226.html + +--- indep.c.orig Fri Sep 28 18:57:03 2001 ++++ indep.c Fri Sep 28 18:58:06 2001 +@@ -74,14 +74,14 @@ + #endif /* __EMX__ */ + + char * +-cleanupName(char *name) ++cleanupName2(char *name, int flag) + { + char *buf, *p, *q; + + buf = allocStr(name, 0); + p = buf; + q = name; +- while (*q != '\0' && *q != '?') { ++ while (*q != '\0' && (*q != '?' || ! flag)) { + if (strncmp(p, "/../", 4) == 0) { /* foo/bar/../FOO */ + if (p - 2 == buf && strncmp(p - 2, "..", 2) == 0) { + /* ../../ */ diff --git a/www/w3m/patches/patch-ai b/www/w3m/patches/patch-ai new file mode 100644 index 00000000000..b176fba132a --- /dev/null +++ b/www/w3m/patches/patch-ai @@ -0,0 +1,17 @@ +$NetBSD: patch-ai,v 1.3 2001/09/28 10:10:41 itojun Exp $ + +plug security hole. +http://mi.med.tohoku.ac.jp/~satodai/w3m-dev/200109.month/2226.html + +--- indep.h.orig Fri Sep 28 18:57:03 2001 ++++ indep.h Fri Sep 28 18:57:45 2001 +@@ -20,7 +20,8 @@ + extern char *allocStr(const char *s, int len); + extern int strCmp(const void *s1, const void *s2); + extern char *currentdir(void); +-extern char *cleanupName(char *name); ++extern char *cleanupName2(char *name, int flag); ++#define cleanupName(name) cleanupName2((name), TRUE) + extern char *expandPath(char *name); + extern char *strcasestr(char *s1, char *s2); + extern int strcasemstr(char *str, char *srch[], char **ret_ptr); diff --git a/www/w3m/patches/patch-aj b/www/w3m/patches/patch-aj new file mode 100644 index 00000000000..dabdc2abab7 --- /dev/null +++ b/www/w3m/patches/patch-aj @@ -0,0 +1,52 @@ +$NetBSD: patch-aj,v 1.1 2001/09/28 10:10:41 itojun Exp $ + +plug security hole. +http://mi.med.tohoku.ac.jp/~satodai/w3m-dev/200109.month/2226.html + +--- url.c.orig Fri Sep 28 18:57:05 2001 ++++ url.c Fri Sep 28 18:59:14 2001 +@@ -949,7 +949,7 @@ + pu->file = cleanupName(pu->file); + } + if (pu->scheme == SCM_LOCAL) +- pu->real_file = file_unquote(pu->file); ++ pu->real_file = cleanupName2(file_unquote(pu->file), FALSE); + } + } + +@@ -1247,7 +1247,7 @@ + Str tmp2 = Strnew_charp("#"); + Strcat_charp(tmp2, pu->label); + pu->file = tmp2->ptr; +- pu->real_file = file_unquote(pu->file); ++ pu->real_file = cleanupName2(file_unquote(pu->file), FALSE); + pu->label = NULL; + } + else { +@@ -1284,7 +1284,7 @@ + else if ((q = strchr(pu->file, '?')) != NULL) { + /* local CGI: GET */ + p = Strnew_charp_n(pu->file, (int)(q - pu->file))->ptr; +- pu->real_file = file_unquote(p); ++ pu->real_file = cleanupName2(file_unquote(p), FALSE); + uf.stream = newFileStream(localcgi_get(pu->real_file, q + 1, option->referer), + (void (*)()) pclose); + if (uf.stream != NULL) { +@@ -1322,7 +1322,7 @@ + Strcat_char(tmp, '/'); + Strcat_charp(tmp, pu->file); + p = cleanupName(tmp->ptr); +- q = file_unquote(p); ++ q = cleanupName2(file_unquote(p), FALSE); + if (dir_exist(q)) { + pu->file = p; + pu->real_file = q; +@@ -1606,7 +1606,7 @@ + } + p = Strnew_m_charp(pu->file, "/", file_quote(index_file), NULL)->ptr; + p = cleanupName(p); +- q = file_unquote(p); ++ q = cleanupName2(file_unquote(p), FALSE); + examineFile(q, uf); + if (uf->stream == NULL) + return; |