From owner-freebsd-ports Sun Feb 27 1:58:46 2000 Delivered-To: freebsd-ports@freebsd.org Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id D70A537B551; Sun, 27 Feb 2000 01:58:39 -0800 (PST) (envelope-from Doug@gorean.org) Received: from gorean.org (doug@master [10.0.0.2]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id BAA19128; Sun, 27 Feb 2000 01:58:39 -0800 (PST) (envelope-from Doug@gorean.org) Message-ID: <38B8F54F.70C5876B@gorean.org> Date: Sun, 27 Feb 2000 01:58:39 -0800 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 4.0-CURRENT i386) X-Accept-Language: en MIME-Version: 1.0 To: ports@freebsd.org, billf@freebsd.org, ache@freebsd.org Subject: Semi-Urgent: New htdig port Content-Type: multipart/mixed; boundary="------------28232B1F429F58DD0418B3C7" Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. --------------28232B1F429F58DD0418B3C7 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit There is a security hole in htDig that is addressed by the most recent version. I wrote Bill Fumerola about it yesterday and haven't heard back, so I thought I'd send this here. The diff is available at http://freebsd.simplenet.com/htdig-FreeBSD-port-3_1_3-3_1_5.patch. Information about the security hole is available at the URL below. Note that I did not address the path issue in PR 16766 since I'm not sure what Bill and ache are trying to accomplish. Either the htdig port or the apache port has to be changed to use the correct paths. One way to accomplish this would be to back out rev. 1.12 of htdig's Makefile before applying my patch. Doug -------- Original Message -------- Subject: New htdig port Hey Bill, Here is the port update for htdig I promised. I updated the version, fixed a portlint warning, updated the patch and fixed it so that the port installs htdig.conf.sample instead of htdig.conf since pkg_delete was deleting the config file. Any questions/comments/problems let me know. Also, here's a URL for the security warning in case you need it. http://www.htdig.org/mail/2000/02/0231.html Doug -- "Welcome to the desert of the real." - Laurence Fishburne as Morpheus, "The Matrix" --------------28232B1F429F58DD0418B3C7 Content-Type: text/plain; charset=us-ascii; name="htdig-FreeBSD-port-3_1_3-3_1_5.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="htdig-FreeBSD-port-3_1_3-3_1_5.patch" Index: Makefile =================================================================== RCS file: /usr/ncvs/ports/textproc/htdig/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- Makefile 1999/12/10 20:07:19 1.12 +++ Makefile 2000/02/26 22:49:39 @@ -1,12 +1,12 @@ # New ports collection makefile for: htdig -# Version required: 3.1.3 +# Version required: 3.1.5 # Date created: 18 August 1998 # Whom: Bill Fumerola # # $FreeBSD: ports/textproc/htdig/Makefile,v 1.12 1999/12/10 20:07:19 billf Exp $ # -DISTNAME= htdig-3.1.3 +DISTNAME= htdig-3.1.5 CATEGORIES= textproc www MASTER_SITES= http://www.htdig.org/files/ \ ${MASTER_SITE_SUNSITE} \ @@ -16,13 +16,9 @@ ftp://ftp.htdig.org/pub/htdig/ MASTER_SITE_SUBDIR= apps/www/indexing -PATCH_SITES= http://www.htdig.org/files/contrib/other/ -PATCHFILES= htdig-3.1.3-urlparmbug.patch -PATCH_DIST_STRIP= -p1 - MAINTAINER= billf@FreeBSD.org -RUN_DEPENDS= ${PREFIX}/share/apache:${PORTSDIR}/www/apache13 +RUN_DEPENDS= ${LOCALBASE}/share/apache:${PORTSDIR}/www/apache13 Y2K= http://www.htdig.org/FAQ.html#q1.7 @@ -33,6 +29,9 @@ BUILD_TARGET= depends all post-patch: + @ ${MV} ${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.in.Dist + @ ${SED} -e 's#(CONFIG_DIR)/htdig.conf#(CONFIG_DIR)/htdig.conf.sample#g' \ + ${WRKSRC}/Makefile.in.Dist > ${WRKSRC}/Makefile.in @ ${MV} ${WRKSRC}/CONFIG.in ${WRKSRC}/CONFIG.in.Dist @ ${SED} -e 's#/conf#/etc#' \ Index: files/md5 =================================================================== RCS file: /usr/ncvs/ports/textproc/htdig/files/md5,v retrieving revision 1.5 diff -u -r1.5 md5 --- files/md5 1999/10/29 01:19:08 1.5 +++ files/md5 2000/02/26 21:22:32 @@ -1,2 +1 @@ -MD5 (htdig-3.1.3.tar.gz) = 02c8e8e04c01932111958d4cd7bdd674 -MD5 (htdig-3.1.3-urlparmbug.patch) = 3744a515fc90edbb7bd3cfe9d60d20d0 +MD5 (htdig-3.1.5.tar.gz) = cbf4a0f2b703d9822db555a14dc96ed3 Index: patches/patch-ab =================================================================== RCS file: /usr/ncvs/ports/textproc/htdig/patches/patch-ab,v retrieving revision 1.2 diff -u -r1.2 patch-ab --- patches/patch-ab 1999/10/29 01:19:09 1.2 +++ patches/patch-ab 2000/02/26 21:40:49 @@ -1,6 +1,5 @@ -diff -ur ../htdig-3.1.3.Dist/db/dist/configure ./db/dist/configure ---- ../htdig-3.1.3.Dist/db/dist/configure Wed Sep 22 09:18:15 1999 -+++ ./db/dist/configure Tue Oct 26 18:06:57 1999 +--- db/dist/configure.orig Thu Feb 24 18:29:00 2000 ++++ db/dist/configure Sat Feb 26 13:25:13 2000 @@ -3056,7 +3056,7 @@ case "$host_os" in @@ -10,9 +9,8 @@ irix*) CPPFLAGS="-D_SGI_MP_SOURCE $CPPFLAGS";; osf*) CPPFLAGS="-D_REENTRANT $CPPFLAGS";; solaris*) CPPFLAGS="-D_REENTRANT $CPPFLAGS" -diff -ur ../htdig-3.1.3.Dist/db/dist/configure.in ./db/dist/configure.in ---- ../htdig-3.1.3.Dist/db/dist/configure.in Wed Sep 22 09:18:15 1999 -+++ ./db/dist/configure.in Tue Oct 26 18:06:46 1999 +--- db/dist/configure.in.orig Thu Feb 24 18:29:00 2000 ++++ db/dist/configure.in Sat Feb 26 13:25:13 2000 @@ -405,7 +405,7 @@ dnl libraries for threaded applications case "$host_os" in Index: pkg/PLIST =================================================================== RCS file: /usr/ncvs/ports/textproc/htdig/pkg/PLIST,v retrieving revision 1.4 diff -u -r1.4 PLIST --- pkg/PLIST 1999/12/10 20:07:21 1.4 +++ pkg/PLIST 2000/02/26 22:13:26 @@ -3,7 +3,7 @@ bin/htmerge bin/htnotify bin/rundig -etc/htdig.conf +etc/htdig.conf.sample share/htdig/bad_words share/htdig/english.0 share/htdig/english.aff --------------28232B1F429F58DD0418B3C7-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message