Página inicial Explorar Ajuda
Entrar
openpkg
/
openpkg-packages
Observar 2
Favorito 0
Fork 0
Arquivos Issues 0 Pull Requests 0
Tree: 52c59dcbf2
Branches Tags
openpkg-pack...
/
sitecopy
/
sitecopy.patch

sitecopy.patch 4.1 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123 
  1. Security Fix
    2. 

  2. 

  3. Index: libneon/ne_207.c
    4. 

  4. --- libneon/ne_207.c.orig	2003-07-23 23:48:21.000000000 +0200
    5. 

  5. +++ libneon/ne_207.c	2004-04-16 18:26:08.000000000 +0200
    6. 

  6. @@ -320,12 +320,12 @@
    7. 

  7.  	if (ne_get_status(req)->code == 207) {
    8. 

  8.  	    if (!ne_xml_valid(p)) { 
    9. 

  9.  		/* The parse was invalid */
    10. 

  10. -		ne_set_error(sess, ne_xml_get_error(p));
    11. 

  11. +		ne_set_error(sess, "%s", ne_xml_get_error(p));
    12. 

  12.  		ret = NE_ERROR;
    13. 

  13.  	    } else if (ctx.is_error) {
    14. 

  14.  		/* If we've actually got any error information
    15. 

  15.  		 * from the 207, then set that as the error */
    16. 

  16. -		ne_set_error(sess, ctx.buf->data);
    17. 

  17. +		ne_set_error(sess, "%s", ctx.buf->data);
    18. 

  18.  		ret = NE_ERROR;
    19. 

  19.  	    }
    20. 

  20.  	} else if (ne_get_status(req)->klass != 2) {
    21. 

  21. Index: libneon/ne_auth.c
    22. 

  22. --- libneon/ne_auth.c.orig	2003-07-24 00:16:18.000000000 +0200
    23. 

  23. +++ libneon/ne_auth.c	2004-04-16 18:26:08.000000000 +0200
    24. 

  24. @@ -1062,7 +1062,7 @@
    25. 

  25.      if (areq->auth_info_hdr != NULL && 
    26. 

  26.  	verify_response(areq, sess, areq->auth_info_hdr)) {
    27. 

  27.  	NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n");
    28. 

  28. -	ne_set_error(sess->sess, _(sess->spec->fail_msg));
    29. 

  29. +	ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg));
    30. 

  30.  	ret = NE_ERROR;
    31. 

  31.      } else if (status->code == sess->spec->status_code && 
    32. 

  32.  	       areq->auth_hdr != NULL) {
    33. 

  33. Index: libneon/ne_locks.c
    34. 

  34. --- libneon/ne_locks.c.orig	2003-06-19 00:10:58.000000000 +0200
    35. 

  35. +++ libneon/ne_locks.c	2004-04-16 18:26:08.000000000 +0200
    36. 

  36. @@ -734,7 +734,7 @@
    37. 

  37.  	}
    38. 

  38.  	else if (parse_failed) {
    39. 

  39.  	    ret = NE_ERROR;
    40. 

  40. -	    ne_set_error(sess, ne_xml_get_error(parser));
    41. 

  41. +	    ne_set_error(sess, "%s", ne_xml_get_error(parser));
    42. 

  42.  	}
    43. 

  43.  	else if (ne_get_status(req)->code == 207) {
    44. 

  44.  	    ret = NE_ERROR;
    45. 

  45. @@ -802,7 +802,7 @@
    46. 

  46.      if (ret == NE_OK && ne_get_status(req)->klass == 2) {
    47. 

  47.  	if (parse_failed) {
    48. 

  48.  	    ret = NE_ERROR;
    49. 

  49. -	    ne_set_error(sess, ne_xml_get_error(parser));
    50. 

  50. +	    ne_set_error(sess, "%s", ne_xml_get_error(parser));
    51. 

  51.  	}
    52. 

  52.  	else if (ne_get_status(req)->code == 207) {
    53. 

  53.  	    ret = NE_ERROR;
    54. 

  54. Index: libneon/ne_props.c
    55. 

  55. --- libneon/ne_props.c.orig	2003-06-19 00:10:58.000000000 +0200
    56. 

  56. +++ libneon/ne_props.c	2004-04-16 18:26:08.000000000 +0200
    57. 

  57. @@ -142,7 +142,7 @@
    58. 

  58.      if (ret == NE_OK && ne_get_status(req)->klass != 2) {
    59. 

  59.  	ret = NE_ERROR;
    60. 

  60.      } else if (!ne_xml_valid(handler->parser)) {
    61. 

  61. -	ne_set_error(handler->sess, ne_xml_get_error(handler->parser));
    62. 

  62. +	ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser));
    63. 

  63.  	ret = NE_ERROR;
    64. 

  64.      }
    65. 

  65.  
    66. 

  66. Index: libneon/ne_xml.c
    67. 

  67. --- libneon/ne_xml.c.orig	2003-05-10 18:05:59.000000000 +0200
    68. 

  68. +++ libneon/ne_xml.c	2004-04-16 18:26:08.000000000 +0200
    69. 

  69. @@ -538,7 +538,7 @@
    70. 

  70.  
    71. 

  71.  void ne_xml_set_error(ne_xml_parser *p, const char *msg)
    72. 

  72.  {
    73. 

  73. -    ne_snprintf(p->error, ERR_SIZE, msg);
    74. 

  74. +    ne_snprintf(p->error, ERR_SIZE, "%s", msg);
    75. 

  75.  }
    76. 

  76.  
    77. 

  77.  #ifdef HAVE_LIBXML
    78. 

  78. 

  79. -----------------------------------------------------------------------------
    80. 

  80. 

  81. Security Fix
    82. 

  82. OpenPKG-SA-2004.024-neon, CAN-2004-0398
    83. 

  83. 

  84. Index: libneon/ne_dates.c
    85. 

  85. --- libneon/ne_dates.c.orig	2003-04-07 21:01:46.000000000 +0200
    86. 

  86. +++ libneon/ne_dates.c	2004-05-19 21:55:14.000000000 +0200
    87. 

  87. @@ -47,7 +47,7 @@
    88. 

  88.  /* RFC1123: Sun, 06 Nov 1994 08:49:37 GMT */
    89. 

  89.  #define RFC1123_FORMAT "%3s, %02d %3s %4d %02d:%02d:%02d GMT"
    90. 

  90.  /* RFC850:  Sunday, 06-Nov-94 08:49:37 GMT */
    91. 

  91. -#define RFC1036_FORMAT "%s %2d-%3s-%2d %2d:%2d:%2d GMT"
    92. 

  92. +#define RFC1036_FORMAT "%10s %2d-%3s-%2d %2d:%2d:%2d GMT"
    93. 

  93.  /* asctime: Wed Jun 30 21:49:08 1993 */
    94. 

  94.  #define ASCTIME_FORMAT "%3s %3s %2d %2d:%2d:%2d %4d"
    95. 

  95.  
    96. 

  96. @@ -133,7 +133,7 @@
    97. 

  97.  time_t ne_rfc1123_parse(const char *date) 
    98. 

  98.  {
    99. 

  99.      struct tm gmt = {0};
    100. 

  100. -    static char wkday[4], mon[4];
    101. 

  101. +    char wkday[4], mon[4];
    102. 

  102.      int n;
    103. 

  103.  /*  it goes: Sun, 06 Nov 1994 08:49:37 GMT */
    104. 

  104.      n = sscanf(date, RFC1123_FORMAT,
    105. 

  105. @@ -156,7 +156,7 @@
    106. 

  106.  {
    107. 

  107.      struct tm gmt = {0};
    108. 

  108.      int n;
    109. 

  109. -    static char wkday[10], mon[4];
    110. 

  110. +    char wkday[11], mon[4];
    111. 

  111.      /* RFC850/1036 style dates: Sunday, 06-Nov-94 08:49:37 GMT */
    112. 

  112.      n = sscanf(date, RFC1036_FORMAT,
    113. 

  113.  		wkday, &gmt.tm_mday, mon, &gmt.tm_year,
    114. 

  114. @@ -189,7 +189,7 @@
    115. 

  115.  {
    116. 

  116.      struct tm gmt = {0};
    117. 

  117.      int n;
    118. 

  118. -    static char wkday[4], mon[4];
    119. 

  119. +    char wkday[4], mon[4];
    120. 

  120.      n = sscanf(date, ASCTIME_FORMAT,
    121. 

  121.  		wkday, mon, &gmt.tm_mday, 
    122. 

  122.  		&gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec,
    123. 

  123.