From owner-freebsd-i386@FreeBSD.ORG  Sun Jan  9 22:00:49 2005
Return-Path: <owner-freebsd-i386@FreeBSD.ORG>
Delivered-To: freebsd-i386@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7860716A4D0
	for <freebsd-i386@hub.freebsd.org>;
	Sun,  9 Jan 2005 22:00:49 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4BE0E43D2D
	for <freebsd-i386@hub.freebsd.org>;
	Sun,  9 Jan 2005 22:00:49 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j09M0n4E034051
	for <freebsd-i386@freefall.freebsd.org>; Sun, 9 Jan 2005 22:00:49 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j09M0n1V034048;
	Sun, 9 Jan 2005 22:00:49 GMT
	(envelope-from gnats)
Resent-Date: Sun, 9 Jan 2005 22:00:49 GMT
Resent-Message-Id: <200501092200.j09M0n1V034048@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-i386@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Joe Rhett <jrhett@meer.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8AD5D16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun,  9 Jan 2005 21:52:17 +0000 (GMT)
Received: from outbound0.sv.meer.net (outbound0.sv.meer.net [205.217.152.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 50F2543D2D
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun,  9 Jan 2005 21:52:17 +0000 (GMT)	(envelope-from jrhett@meer.net)
Received: from mail.meer.net (mail.meer.net [209.157.152.14])
	j09LqGwN056508	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 9 Jan 2005 13:52:16 -0800 (PST)	(envelope-from jrhett@meer.net)
Received: from meme.sv.meer.net (meme.sv.meer.net [205.217.152.18])
	by mail.meer.net (8.12.10/8.12.10/meer) with ESMTP id j09LqAsM014589
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 9 Jan 2005 13:52:12 -0800 (PST)	(envelope-from jrhett@meer.net)
Received: (from meer@localhost)
	by meme.sv.meer.net (8.12.11/8.12.11) id j09LqBAE025941;
	Sun, 9 Jan 2005 13:52:11 -0800 (PST)
	(envelope-from meer)
Message-Id: <200501092152.j09LqBAE025941@meme.sv.meer.net>
Date: Sun, 9 Jan 2005 13:16:09 -0800 (PST)
From: Joe Rhett <jrhett@meer.net>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Subject: i386/76013: patch to allow mod_frontpage to work with security fix
	from rtr
X-BeenThere: freebsd-i386@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: I386-specific issues for FreeBSD <freebsd-i386.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-i386>,
	<mailto:freebsd-i386-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-i386>
List-Post: <mailto:freebsd-i386@freebsd.org>
List-Help: <mailto:freebsd-i386-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-i386>,
	<mailto:freebsd-i386-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Jan 2005 22:00:49 -0000


>Number:         76013
>Category:       i386
>Synopsis:       patch to allow mod_frontpage to work with security fix from rtr
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-i386
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 09 22:00:48 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Joe Rhett
>Release:        FreeBSD 4.10-RELEASE-p5 i386
>Organization:
meer.net
>Environment:
System: FreeBSD meme.sv.meer.net 4.10-RELEASE-p5 FreeBSD 4.10-RELEASE-p5 #0: Wed Dec 29 18:23:27 PST 2004 meer@meme.sv.meer.net:/d/RELENG_4_10/src/sys/compile/CRYSTAL i386
>Description:
	The frontpage port uses the microsoft compilation, which requires compat3x. 
	The rtr-compiled frontpage binaries uses 4.x libraries and are therefore not suspect,
	however they changed a path in the installation.  This patch to mod_frontpage matches
	that change, thus allowing mod_frontpage to work with the rtr-supplied binaries.

>How-To-Repeat:
	Install the rtr-supplied binaries for frontpage to solve known security problem.
	None of the images appear in the admin pages.
>Fix:
	Change the path hardcoded into the mod_frontpage binary (patch included here)

--- fpstatic.c_orig	Sun Jan  9 13:05:30 2005
+++ fpstatic.c	Sat Jan  8 00:40:12 2005
@@ -433,7 +433,7 @@
 		} else if ((pos = strstr(uri, ".gif")) != NULL) {
 			pos = strrchr((char *)uri, '/');
 			snprintf((char *)fnbuf, sizeof(fnbuf), "%s%s%s%s%s",
-			    FPBASE, _EXES, _VTI_ADM, _IMAGES, pos);
+			    FPBASE, _EXES, _VTI_BIN, _IMAGES, pos);
 		/*
 		 * Check to see if the user is changing the password,
 		 * which has a URL like _vti_bin/_vti_aut/ passwd.htm.

>From meer Sun Jan  9 13:18:32 2005
Return-Path: <meer>
Received: (from meer@localhost)
	by meme.sv.meer.net (8.12.11/8.12.11) id j09LIWaU025666;
	Sun, 9 Jan 2005 13:18:32 -0800 (PST)
	(envelope-from meer)
Message-Id: <200501092118.j09LIWaU025666@meme.sv.meer.net>
Date: Sun, 9 Jan 2005 13:16:09 -0800 (PST)
To: FreeBSD-gnats-submit@freebsd.org
Subject: patch to allow mod_frontpage to work with security fix from rtr
From: Joe Rhett <jrhett@meer.net>
Cc: 
X-send-pr-version: 3.113
X-GNATS-Notify: 

>Release-Note:
>Audit-Trail:
>Unformatted: