Date: Sun, 9 Jan 2005 13:16:09 -0800 (PST) From: Joe Rhett <jrhett@meer.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: i386/76041: patch to allow mod_frontpage to work with security fix from rtr Message-ID: <200501092150.j09LodkD025937@meme.sv.meer.net> Resent-Message-ID: <200501101110.j0ABAPF5002287@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 76041
>Category: i386
>Synopsis: patch to allow mod_frontpage to work with security fix from rtr
>Confidential: no
>Severity: non-critical
>Priority: high
>Responsible: freebsd-i386
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 10 11:10:25 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Joe Rhett
>Release: FreeBSD 4.10-RELEASE-p5 i386
>Organization:
meer.net
>Environment:
System: FreeBSD meme.sv.meer.net 4.10-RELEASE-p5 FreeBSD 4.10-RELEASE-p5 #0: Wed Dec 29 18:23:27 PST 2004 meer@meme.sv.meer.net:/d/RELENG_4_10/src/sys/compile/CRYSTAL i386
>Description:
The frontpage port uses the microsoft compilation, which requires compat3x.
The rtr-compiled frontpage binaries uses 4.x libraries and are therefore not suspect,
however they changed a path in the installation. This patch to mod_frontpage matches
that change, thus allowing mod_frontpage to work with the rtr-supplied binaries.
>How-To-Repeat:
Install the rtr-supplied binaries for frontpage to solve known security problem.
None of the images appear in the admin pages.
>Fix:
Change the path hardcoded into the mod_frontpage binary (patch included here)
--- fpstatic.c_orig Sun Jan 9 13:05:30 2005
+++ fpstatic.c Sat Jan 8 00:40:12 2005
@@ -433,7 +433,7 @@
} else if ((pos = strstr(uri, ".gif")) != NULL) {
pos = strrchr((char *)uri, '/');
snprintf((char *)fnbuf, sizeof(fnbuf), "%s%s%s%s%s",
- FPBASE, _EXES, _VTI_ADM, _IMAGES, pos);
+ FPBASE, _EXES, _VTI_BIN, _IMAGES, pos);
/*
* Check to see if the user is changing the password,
* which has a URL like _vti_bin/_vti_aut/ passwd.htm.
>From meer Sun Jan 9 13:18:32 2005
Return-Path: <meer>
Received: (from meer@localhost)
by meme.sv.meer.net (8.12.11/8.12.11) id j09LIWaU025666;
Sun, 9 Jan 2005 13:18:32 -0800 (PST)
(envelope-from meer)
Message-Id: <200501092118.j09LIWaU025666@meme.sv.meer.net>
Date: Sun, 9 Jan 2005 13:16:09 -0800 (PST)
To: FreeBSD-gnats-submit@freebsd.org
Subject: patch to allow mod_frontpage to work with security fix from rtr
From: Joe Rhett <jrhett@meer.net>
Cc:
X-send-pr-version: 3.113
X-GNATS-Notify:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501092150.j09LodkD025937>