Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Kennedy <mkennedy@gentoo.org>2003-01-07 07:12:15 +0000
committerMatthew Kennedy <mkennedy@gentoo.org>2003-01-07 07:12:15 +0000
commit971809a84e2a0d29599ad55c832d7b74b327dd5e (patch)
treec9446703d81d18f42b5db41e38e34ea596dea25a
parentonly update /etc/conf.d/rc once. (diff)
downloadhistorical-971809a84e2a0d29599ad55c832d7b74b327dd5e.tar.gz
historical-971809a84e2a0d29599ad55c832d7b74b327dd5e.tar.bz2
historical-971809a84e2a0d29599ad55c832d7b74b327dd5e.zip
fixes buffer overflow vulnerability problem (see bugtraq)
Diffstat
-rw-r--r--net-www/http-fetcher/ChangeLog13
-rw-r--r--net-www/http-fetcher/files/buffer-overflow-gentoo.patch35
-rw-r--r--net-www/http-fetcher/files/digest-http-fetcher-1.0.1-r11
-rw-r--r--net-www/http-fetcher/http-fetcher-1.0.1-r1.ebuild37
4 files changed, 83 insertions, 3 deletions
diff --git a/net-www/http-fetcher/ChangeLog b/net-www/http-fetcher/ChangeLog
index 015472ca2313..4a521b84c4a6 100644
--- a/net-www/http-fetcher/ChangeLog
+++ b/net-www/http-fetcher/ChangeLog
@@ -1,11 +1,18 @@
# ChangeLog for net-www/http-fetcher
# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/http-fetcher/ChangeLog,v 1.1 2003/01/02 02:37:38 mkennedy Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-www/http-fetcher/ChangeLog,v 1.2 2003/01/07 07:12:15 mkennedy Exp $
+
+*http-fetcher-1.0.1-r1 (06 Jan 2003)
+
+ 06 Jan 2003; Matthew Kennedy <mkennedy@gentoo.org> ChangeLog,
+ http-fetcher-1.0.1-r1.ebuild, files/buffer-overflow-gentoo.patch,
+ files/digest-http-fetcher-1.0.1-r1 :
+
+ Applies a fix for a buffer overflow problem.
*http-fetcher-1.0.1 (01 Jan 2003)
- 01 Jab 2003; Matthew Kennedy <mkennedy@gentoo.org> ChangeLog,
+ 01 Jan 2003; Matthew Kennedy <mkennedy@gentoo.org> ChangeLog,
http-fetcher-1.0.1.ebuild, files/digest-http-fetcher-1.0.1 :
Initial import. Dependency of net-www/fetch.
-
diff --git a/net-www/http-fetcher/files/buffer-overflow-gentoo.patch b/net-www/http-fetcher/files/buffer-overflow-gentoo.patch
new file mode 100644
index 000000000000..ac54815a0758
--- /dev/null
+++ b/net-www/http-fetcher/files/buffer-overflow-gentoo.patch
@@ -0,0 +1,35 @@
+--- http_fetcher.c Tue Jul 31 03:47:15 2001
++++ http_fetcher.patch.c Thu Jan 2 22:24:48 2003
+@@ -94,7 +94,7 @@
+ * request */
+ sprintf(requestBuf, "GET / %s\n", HTTP_VERSION);
+ else
+- sprintf(requestBuf, "GET %s %s\n", charIndex, HTTP_VERSION);
++ snprintf(requestBuf, sizeof(requestBuf)/4-1,"GET %s %s\n", charIndex, HTTP_VERSION);
+
+ /* Null out the end of the hostname if need be */
+ if(charIndex != NULL)
+@@ -102,13 +102,13 @@
+ /* Use Host: even though 1.0 doesn't specify it. Some servers
+ * won't play nice if we don't send Host, and it shouldn't hurt anything */
+ strcat(requestBuf, "Host: ");
+- strcat(requestBuf, host);
++ strncat(requestBuf, host, sizeof(requestBuf)/4-1);
+ strcat(requestBuf, "\n");
+
+ if(!hideReferer && referer != NULL) /* NO default referer */
+ {
+ strcat(requestBuf, "Referer: ");
+- strcat(requestBuf, referer);
++ strncat(requestBuf, referer, sizeof(requestBuf)/4-1);
+ strcat(requestBuf, "\n");
+ }
+
+@@ -123,7 +123,7 @@
+ else if(!hideUserAgent)
+ {
+ strcat(requestBuf, "User-Agent: ");
+- strcat(requestBuf, userAgent);
++ strncat(requestBuf, userAgent, sizeof(requestBuf)/4-1);
+ strcat(requestBuf, "\n");
+ }
diff --git a/net-www/http-fetcher/files/digest-http-fetcher-1.0.1-r1 b/net-www/http-fetcher/files/digest-http-fetcher-1.0.1-r1
new file mode 100644
index 000000000000..49a19aef6bdb
--- /dev/null
+++ b/net-www/http-fetcher/files/digest-http-fetcher-1.0.1-r1
@@ -0,0 +1 @@
+MD5 3fd1b6c1cada35279f08bf6874dab98e http_fetcher-1.0.1.tar.gz 173544
diff --git a/net-www/http-fetcher/http-fetcher-1.0.1-r1.ebuild b/net-www/http-fetcher/http-fetcher-1.0.1-r1.ebuild
new file mode 100644
index 000000000000..b5e39fab65b5
--- /dev/null
+++ b/net-www/http-fetcher/http-fetcher-1.0.1-r1.ebuild
@@ -0,0 +1,37 @@
+# Copyright 1999-2002 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-www/http-fetcher/http-fetcher-1.0.1-r1.ebuild,v 1.1 2003/01/07 07:12:15 mkennedy Exp $
+
+DESCRIPTION="HTTP Fetcher is a small, robust, flexible library for downloading files via HTTP using the GET method."
+HOMEPAGE="http://cs.nmu.edu/~lhanson/http_fetcher/"
+SRC_URI="http://cs.nmu.edu/~lhanson/http_fetcher/dls/${P/-/_}.tar.gz"
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="x86"
+IUSE=""
+
+DEPEND="virtual/glibc"
+
+S=${WORKDIR}/${P/-/_}
+
+src_unpack () {
+ unpack ${A}
+ # source: InetCop Security Advisory, Bugtraq, 06 Jan 2003
+ cd ${S}/src && patch -p0 <${FILESDIR}/buffer-overflow-gentoo.patch || die
+}
+
+src_compile() {
+ ./configure \
+ --host=${CHOST} \
+ --prefix=/usr \
+ --infodir=/usr/share/info \
+ --mandir=/usr/share/man || die "./configure failed"
+ emake || die
+}
+
+src_install() {
+ make DESTDIR=${D} install || die
+ dohtml -r docs/index.html docs/html
+ dodoc README ChangeLog INSTALL LICENSE
+}
+