From 628be7e501bd12054b6899f74b3407373fd84b2f Mon Sep 17 00:00:00 2001 From: adrianp Date: Sun, 28 Oct 2007 13:40:47 +0000 Subject: Add a fix for CVE-2006-4003 PKGREVISION++ --- net/hobbitmon/Makefile | 4 ++-- net/hobbitmon/distinfo | 3 ++- net/hobbitmon/patches/patch-ad | 13 +++++++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 net/hobbitmon/patches/patch-ad (limited to 'net/hobbitmon') diff --git a/net/hobbitmon/Makefile b/net/hobbitmon/Makefile index fae3066f43a..5bcbc020fbb 100644 --- a/net/hobbitmon/Makefile +++ b/net/hobbitmon/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.20 2007/09/21 13:04:11 wiz Exp $ +# $NetBSD: Makefile,v 1.21 2007/10/28 13:40:47 adrianp Exp $ # DISTNAME= hobbit-4.0-beta6 PKGNAME= hobbit-4.0b6 -PKGREVISION= 9 +PKGREVISION= 10 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=hobbitmon/} diff --git a/net/hobbitmon/distinfo b/net/hobbitmon/distinfo index c86e0af397e..60432eef685 100644 --- a/net/hobbitmon/distinfo +++ b/net/hobbitmon/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.7 2006/10/09 13:29:00 ben Exp $ +$NetBSD: distinfo,v 1.8 2007/10/28 13:40:47 adrianp Exp $ SHA1 (hobbit-4.0-beta6.tar.gz) = 82e6a76e55682c205adac47e54830064bba44f2d RMD160 (hobbit-4.0-beta6.tar.gz) = 6542f6a1cd58236c85eefc74872436ee75f36b4b @@ -6,5 +6,6 @@ Size (hobbit-4.0-beta6.tar.gz) = 1130547 bytes SHA1 (patch-aa) = a1d5ceaaa7cc99be2a55543234cdd3b20dd0e1a9 SHA1 (patch-ab) = 810b67dfa9c149defb3d05886d70e62798eaf96f SHA1 (patch-ac) = 26ea6fd07f9529fe2af3067d1e704a64157756d0 +SHA1 (patch-ad) = 5670f19d8a95a57cc419bfb23b9adb6c3b416b9f SHA1 (patch-ae) = 3f60fc25597113a7565fb583b75a360585c2457e SHA1 (patch-aj) = 4758ccbabb6a109c3f3da40c3fd5129be1f7bbfd diff --git a/net/hobbitmon/patches/patch-ad b/net/hobbitmon/patches/patch-ad new file mode 100644 index 00000000000..457cd8202e9 --- /dev/null +++ b/net/hobbitmon/patches/patch-ad @@ -0,0 +1,13 @@ +$NetBSD: patch-ad,v 1.3 2007/10/28 13:40:47 adrianp Exp $ + +--- hobbitd/hobbitd.c.orig 2005-01-22 08:54:48.000000000 +0000 ++++ hobbitd/hobbitd.c +@@ -1460,7 +1460,7 @@ void do_message(conn_t *msg, char *origi + MEMDEFINE(conffn); + + if ( (sscanf(msg->buf, "config %1023s", conffn) == 1) && +- (strstr("../", conffn) == NULL) && (get_config(conffn, msg) == 0) ) { ++ (strstr(conffn, "../") == NULL) && (get_config(conffn, msg) == 0) ) { + msg->doingwhat = RESPONDING; + msg->bufp = msg->buf; + } -- cgit v1.2.3