From eaf5813503828ee1a1a0f9f5bf95832fed2c82e8 Mon Sep 17 00:00:00 2001 From: Ned Ludd Date: Mon, 26 Jul 2004 13:53:46 +0000 Subject: another security fix, this time in the digest auth code. Note: This package appears to be at high risk for security problems and may/should be removed from the tree in the future --- net-misc/pavuk/ChangeLog | 10 ++- net-misc/pavuk/Manifest | 5 +- net-misc/pavuk/files/digest-pavuk-0.9.28-r3 | 1 + .../pavuk/files/pavuk-0.9.28-digest_auth.c.patch | 30 +++++++ net-misc/pavuk/pavuk-0.9.28-r3.ebuild | 95 ++++++++++++++++++++++ 5 files changed, 139 insertions(+), 2 deletions(-) create mode 100644 net-misc/pavuk/files/digest-pavuk-0.9.28-r3 create mode 100644 net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch create mode 100644 net-misc/pavuk/pavuk-0.9.28-r3.ebuild (limited to 'net-misc/pavuk') diff --git a/net-misc/pavuk/ChangeLog b/net-misc/pavuk/ChangeLog index f7123b6dbd18..616036e2c49d 100644 --- a/net-misc/pavuk/ChangeLog +++ b/net-misc/pavuk/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-misc/pavuk # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/pavuk/ChangeLog,v 1.6 2004/06/30 00:11:55 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/pavuk/ChangeLog,v 1.7 2004/07/26 13:53:46 solar Exp $ + +*pavuk-0.9.28-r3 (26 Jul 2004) + + 26 Jul 2004; pavuk-0.9.28-r3.ebuild, + files/pavuk-0.9.28-digest_auth.c.patch: + another security fix, this time in the digest auth code. Note: This package + appears to be at high risk for security problems and may/should be removed + from the tree in the future 29 Jun 2004; pavuk-0.9.28-r2.ebuild: marked x86 ppc sparc stable diff --git a/net-misc/pavuk/Manifest b/net-misc/pavuk/Manifest index ae3165fa0f72..24e63b86641e 100644 --- a/net-misc/pavuk/Manifest +++ b/net-misc/pavuk/Manifest @@ -1,7 +1,10 @@ MD5 9b43ac4c1fc7f0bce0ceaf906b891abc pavuk-0.9.28-r1.ebuild 1888 +MD5 9305d65473e3f0f704959b94a117d416 pavuk-0.9.28-r3.ebuild 2384 MD5 02882c093c817385fd716bf60f927d4d pavuk-0.9.28-r2.ebuild 2270 -MD5 90588e6df4c13d1edcc0b896f32e8dc7 ChangeLog 993 +MD5 79f50ffad643e0573f22ad38f8dc2d7c ChangeLog 1311 MD5 11e5f54a97abb41296c28d7e43cf9a56 metadata.xml 229 MD5 7e864c54e972ae5a1456fa08d6d4e792 files/digest-pavuk-0.9.28-r1 62 MD5 7e864c54e972ae5a1456fa08d6d4e792 files/digest-pavuk-0.9.28-r2 62 +MD5 7e864c54e972ae5a1456fa08d6d4e792 files/digest-pavuk-0.9.28-r3 62 +MD5 3ceb6f5a4af6fa6bfb24671fb1c29877 files/pavuk-0.9.28-digest_auth.c.patch 1013 MD5 10d79651cad9ba99fed11403edfb4b3a files/pavuk-0.9.28-http.patch 450 diff --git a/net-misc/pavuk/files/digest-pavuk-0.9.28-r3 b/net-misc/pavuk/files/digest-pavuk-0.9.28-r3 new file mode 100644 index 000000000000..cdc14b2bba09 --- /dev/null +++ b/net-misc/pavuk/files/digest-pavuk-0.9.28-r3 @@ -0,0 +1 @@ +MD5 d0f7b77bd11322add1f7d52d62afbf78 pavuk-0.9pl28.tgz 968336 diff --git a/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch b/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch new file mode 100644 index 000000000000..9b12207d0a6a --- /dev/null +++ b/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch @@ -0,0 +1,30 @@ +--- digest_auth_orig.c 2000-12-03 08:25:44.000000000 -0600 ++++ digest_auth.c 2004-07-24 13:45:50.000000000 -0500 +@@ -87,6 +87,7 @@ + return retv; + } + ++/* PRE: Assumes 'buf' can store 2K */ + char *http_get_digest_auth_str(auth_digest, method, user, pass, urlp, buf) + http_digest_info *auth_digest; + char *method; +@@ -99,14 +100,15 @@ + char *a1,*a2,*a3; + char *d = url_encode_str(urlp->p.http.document, URL_PATH_UNSAFE); + +- sprintf(pom, "%s:%s:%s", user, auth_digest->realm, pass); ++ snprintf(pom, sizeof(pom), "%s:%s:%s", user, auth_digest->realm, pass); + a1 = _md5(pom); +- sprintf(pom, "%s:%s", method, d); ++ snprintf(pom, sizeof(pom), "%s:%s", method, d); + a2 = _md5(pom); +- sprintf(pom, "%s:%s:%s", a1, auth_digest->nonce, a2); ++ snprintf(pom, sizeof(pom), "%s:%s:%s", a1, auth_digest->nonce, a2); + a3 = _md5(pom); + +- sprintf(buf, ++ snprintf(buf, ++ 2048, + "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\"" , + user, auth_digest->realm, auth_digest->nonce, d, a3); + diff --git a/net-misc/pavuk/pavuk-0.9.28-r3.ebuild b/net-misc/pavuk/pavuk-0.9.28-r3.ebuild new file mode 100644 index 000000000000..18d91b128989 --- /dev/null +++ b/net-misc/pavuk/pavuk-0.9.28-r3.ebuild @@ -0,0 +1,95 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/pavuk/pavuk-0.9.28-r3.ebuild,v 1.1 2004/07/26 13:53:46 solar Exp $ + +inherit eutils + +IUSE="ssl X gtk gnome mozilla socks5 nls" + +S="${WORKDIR}/${PN}-0.9pl28" +DESCRIPTION="Web spider and website mirroring tool" +HOMEPAGE="http://www.pavuk.org/" +SRC_URI="http://www.pavuk.org/sw/${PN}-0.9pl28.tgz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="x86 ppc sparc" + +DEPEND=">=sys-apps/sed-4.0.5 + sys-devel/gettext + sys-libs/zlib + ssl? ( dev-libs/openssl ) + X? ( virtual/x11 ) + gtk? ( =x11-libs/gtk+-1.2* ) + gnome? (