[arch-commits] CVS update of arch/build/network/w3m (2 files)

Jan de Groot jgc at archlinux.org
Sat Apr 28 12:36:59 EDT 2007


    Date: Saturday, April 28, 2007 @ 12:36:59
  Author: jgc
    Path: /home/cvs-arch/arch/build/network/w3m

   Added: w3m-0.5.1-CVE-2006-6772.patch (1.1)
Modified: PKGBUILD (1.19 -> 1.20)

upgpkg: w3m 0.5.1-3
Include libexec directory, fixes issues with bookmarks and help files


-------------------------------+
 PKGBUILD                      |   15 ++++++++-------
 w3m-0.5.1-CVE-2006-6772.patch |   13 +++++++++++++
 2 files changed, 21 insertions(+), 7 deletions(-)


Index: arch/build/network/w3m/PKGBUILD
diff -u arch/build/network/w3m/PKGBUILD:1.19 arch/build/network/w3m/PKGBUILD:1.20
--- arch/build/network/w3m/PKGBUILD:1.19	Mon May 29 06:11:09 2006
+++ arch/build/network/w3m/PKGBUILD	Sat Apr 28 12:36:59 2007
@@ -1,19 +1,20 @@
-# $Id: PKGBUILD,v 1.19 2006/05/29 10:11:09 tpowa Exp $
+# $Id: PKGBUILD,v 1.20 2007/04/28 16:36:59 jgc Exp $
 # Maintainer: dorphell <dorphell at archlinux.org>
 pkgname=w3m
 pkgver=0.5.1
-pkgrel=2
+pkgrel=3
 pkgdesc="A pager/text-based WWW browser"
 arch=(i686 x86_64)
-depends=('openssl' 'gc' 'ncurses')
-source=(http://heanet.dl.sourceforge.net/sourceforge/w3m/$pkgname-$pkgver.tar.gz)
+depends=('openssl>=0.9.8e' 'gc' 'ncurses' 'zlib')
+source=(http://heanet.dl.sourceforge.net/sourceforge/w3m/$pkgname-$pkgver.tar.gz
+	w3m-0.5.1-CVE-2006-6772.patch)
 url="http://w3m.sourceforge.net/"
 md5sums=('0678b72e07e69c41709d71ef0fe5da13')
 
 build() {
   cd $startdir/src/$pkgname-$pkgver
-  ./configure -prefix=/usr --enable-ansi-color --disable-mouse --disable-w3mmailer
+  patch -Np1 -i ${startdir}/src/w3m-0.5.1-CVE-2006-6772.patch || return 1
+  ./configure --prefix=/usr --libexecdir=/usr/lib --enable-ansi-color --disable-mouse --disable-w3mmailer
   make || return 1
-  make DESTDIR=$startdir/pkg install
-  rm -r $startdir/pkg/usr/libexec 
+  make DESTDIR=${startdir}/pkg install
 }
Index: arch/build/network/w3m/w3m-0.5.1-CVE-2006-6772.patch
diff -u /dev/null arch/build/network/w3m/w3m-0.5.1-CVE-2006-6772.patch:1.1
--- /dev/null	Sat Apr 28 12:36:59 2007
+++ arch/build/network/w3m/w3m-0.5.1-CVE-2006-6772.patch	Sat Apr 28 12:36:59 2007
@@ -0,0 +1,13 @@
+Fix for format string flaw (CVE-2006-6772)
+
+--- w3m-0.5.1/file.c.orig	2007-01-03 20:42:05.000000000 +0100
++++ w3m-0.5.1/file.c	2007-01-03 20:44:11.000000000 +0100
+@@ -7935,7 +7935,7 @@ inputAnswer(char *prompt)
+ 	ans = inputChar(prompt);
+     }
+     else {
+-	printf(prompt);
++	printf("%s", prompt);
+ 	fflush(stdout);
+ 	ans = Strfgets(stdin)->ptr;
+     }




More information about the arch-commits mailing list