summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authoritojun <itojun@pkgsrc.org>2001-09-28 10:10:40 +0000
committeritojun <itojun@pkgsrc.org>2001-09-28 10:10:40 +0000
commit6b12727d2038aa687b1589059d763ebe1a1e319d (patch)
tree23aad0981858d9abb0a2785bb5c405a79aa4e820 /www
parent6cf04de1479d6ad86d3a2adf230e89309ca8a272 (diff)
downloadpkgsrc-6b12727d2038aa687b1589059d763ebe1a1e319d.tar.gz
plug a security hole (any command can be invoked from remote).
bump version to w3m-0.2.1.0.19nb2
Diffstat (limited to 'www')
-rw-r--r--www/w3m/Makefile4
-rw-r--r--www/w3m/distinfo5
-rw-r--r--www/w3m/patches/patch-ah24
-rw-r--r--www/w3m/patches/patch-ai17
-rw-r--r--www/w3m/patches/patch-aj52
5 files changed, 99 insertions, 3 deletions
diff --git a/www/w3m/Makefile b/www/w3m/Makefile
index 6b6e803e8bc..e92aaefcc93 100644
--- a/www/w3m/Makefile
+++ b/www/w3m/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.27 2001/09/27 23:18:58 jlam Exp $
+# $NetBSD: Makefile,v 1.28 2001/09/28 10:10:40 itojun Exp $
#
DISTNAME= w3m-0.2.1
-PKGNAME= w3m-0.2.1.0.19nb1
+PKGNAME= w3m-0.2.1.0.19nb2
CATEGORIES= www
MASTER_SITES= ftp://ei5nazha.yz.yamagata-u.ac.jp/w3m/
diff --git a/www/w3m/distinfo b/www/w3m/distinfo
index 02605cee2d0..974eac0a29b 100644
--- a/www/w3m/distinfo
+++ b/www/w3m/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.3 2001/06/24 05:57:23 itojun Exp $
+$NetBSD: distinfo,v 1.4 2001/09/28 10:10:40 itojun Exp $
SHA1 (w3m-0.2.1.tar.gz) = 3ae98283f02f4faf05af76ee0b022f01c1301d29
Size (w3m-0.2.1.tar.gz) = 844101 bytes
@@ -8,3 +8,6 @@ SHA1 (patch-aa) = 9c8e45448aedb1959d155eef355fe5d37599e11c
SHA1 (patch-ab) = 08a28e40907f8c3040b1e9253caf14b8b4f0dc7e
SHA1 (patch-af) = f43380334a92c609afef4058b03f1ef72ae77e2e
SHA1 (patch-ag) = e394cac02a053c8deb5cb6c2d946c9ae8edc891d
+SHA1 (patch-ah) = 1d961e2a476a9e5d5422cc60fd1069823c3100cb
+SHA1 (patch-ai) = 74a13fc7e13d6b989a64bef827ea6ebfe0abf57f
+SHA1 (patch-aj) = cc098950a78dbf5a1bd2febf74f237ed60aac881
diff --git a/www/w3m/patches/patch-ah b/www/w3m/patches/patch-ah
new file mode 100644
index 00000000000..9d45d29919d
--- /dev/null
+++ b/www/w3m/patches/patch-ah
@@ -0,0 +1,24 @@
+$NetBSD: patch-ah,v 1.1 2001/09/28 10:10:41 itojun Exp $
+
+plug security hole.
+http://mi.med.tohoku.ac.jp/~satodai/w3m-dev/200109.month/2226.html
+
+--- indep.c.orig Fri Sep 28 18:57:03 2001
++++ indep.c Fri Sep 28 18:58:06 2001
+@@ -74,14 +74,14 @@
+ #endif /* __EMX__ */
+
+ char *
+-cleanupName(char *name)
++cleanupName2(char *name, int flag)
+ {
+ char *buf, *p, *q;
+
+ buf = allocStr(name, 0);
+ p = buf;
+ q = name;
+- while (*q != '\0' && *q != '?') {
++ while (*q != '\0' && (*q != '?' || ! flag)) {
+ if (strncmp(p, "/../", 4) == 0) { /* foo/bar/../FOO */
+ if (p - 2 == buf && strncmp(p - 2, "..", 2) == 0) {
+ /* ../../ */
diff --git a/www/w3m/patches/patch-ai b/www/w3m/patches/patch-ai
new file mode 100644
index 00000000000..b176fba132a
--- /dev/null
+++ b/www/w3m/patches/patch-ai
@@ -0,0 +1,17 @@
+$NetBSD: patch-ai,v 1.3 2001/09/28 10:10:41 itojun Exp $
+
+plug security hole.
+http://mi.med.tohoku.ac.jp/~satodai/w3m-dev/200109.month/2226.html
+
+--- indep.h.orig Fri Sep 28 18:57:03 2001
++++ indep.h Fri Sep 28 18:57:45 2001
+@@ -20,7 +20,8 @@
+ extern char *allocStr(const char *s, int len);
+ extern int strCmp(const void *s1, const void *s2);
+ extern char *currentdir(void);
+-extern char *cleanupName(char *name);
++extern char *cleanupName2(char *name, int flag);
++#define cleanupName(name) cleanupName2((name), TRUE)
+ extern char *expandPath(char *name);
+ extern char *strcasestr(char *s1, char *s2);
+ extern int strcasemstr(char *str, char *srch[], char **ret_ptr);
diff --git a/www/w3m/patches/patch-aj b/www/w3m/patches/patch-aj
new file mode 100644
index 00000000000..dabdc2abab7
--- /dev/null
+++ b/www/w3m/patches/patch-aj
@@ -0,0 +1,52 @@
+$NetBSD: patch-aj,v 1.1 2001/09/28 10:10:41 itojun Exp $
+
+plug security hole.
+http://mi.med.tohoku.ac.jp/~satodai/w3m-dev/200109.month/2226.html
+
+--- url.c.orig Fri Sep 28 18:57:05 2001
++++ url.c Fri Sep 28 18:59:14 2001
+@@ -949,7 +949,7 @@
+ pu->file = cleanupName(pu->file);
+ }
+ if (pu->scheme == SCM_LOCAL)
+- pu->real_file = file_unquote(pu->file);
++ pu->real_file = cleanupName2(file_unquote(pu->file), FALSE);
+ }
+ }
+
+@@ -1247,7 +1247,7 @@
+ Str tmp2 = Strnew_charp("#");
+ Strcat_charp(tmp2, pu->label);
+ pu->file = tmp2->ptr;
+- pu->real_file = file_unquote(pu->file);
++ pu->real_file = cleanupName2(file_unquote(pu->file), FALSE);
+ pu->label = NULL;
+ }
+ else {
+@@ -1284,7 +1284,7 @@
+ else if ((q = strchr(pu->file, '?')) != NULL) {
+ /* local CGI: GET */
+ p = Strnew_charp_n(pu->file, (int)(q - pu->file))->ptr;
+- pu->real_file = file_unquote(p);
++ pu->real_file = cleanupName2(file_unquote(p), FALSE);
+ uf.stream = newFileStream(localcgi_get(pu->real_file, q + 1, option->referer),
+ (void (*)()) pclose);
+ if (uf.stream != NULL) {
+@@ -1322,7 +1322,7 @@
+ Strcat_char(tmp, '/');
+ Strcat_charp(tmp, pu->file);
+ p = cleanupName(tmp->ptr);
+- q = file_unquote(p);
++ q = cleanupName2(file_unquote(p), FALSE);
+ if (dir_exist(q)) {
+ pu->file = p;
+ pu->real_file = q;
+@@ -1606,7 +1606,7 @@
+ }
+ p = Strnew_m_charp(pu->file, "/", file_quote(index_file), NULL)->ptr;
+ p = cleanupName(p);
+- q = file_unquote(p);
++ q = cleanupName2(file_unquote(p), FALSE);
+ examineFile(q, uf);
+ if (uf->stream == NULL)
+ return;