Hello community,
here is the log from the commit of package namazu for openSUSE:12.1:Update:Test checked in at 2011-12-08 17:37:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1:Update:Test/namazu (Old)
and /work/SRC/openSUSE:12.1:Update:Test/.namazu.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "namazu", Maintainer is "JMatejek@suse.com"
Changes:
--------
New Changes file:
--- /dev/null 2010-08-26 16:28:41.000000000 +0200
+++ /work/SRC/openSUSE:12.1:Update:Test/.namazu.new/namazu.changes 2011-12-08 17:37:21.000000000 +0100
@@ -0,0 +1,230 @@
+-------------------------------------------------------------------
+Thu Dec 8 10:36:12 UTC 2011 - jmatejek@suse.com
+
+- bnc#732323 (pretty bug number!)
+ - CVE-2011-4345 XSS flaw for IE6/7 in japanese locale
+
+-------------------------------------------------------------------
+Mon Mar 22 14:43:54 CET 2010 - tiwai@suse.de
+
+- patches refreshed to remove fuzz
+
+-------------------------------------------------------------------
+Fri Mar 19 12:33:43 CET 2010 - tiwai@suse.de
+
+- merged from M17N:Devel
+
+-------------------------------------------------------------------
+Tue Nov 3 19:09:32 UTC 2009 - coolo@novell.com
+
+- updated patches to apply with fuzz=0
+
+-------------------------------------------------------------------
+Thu Sep 24 16:54:00 CEST 2009 - tiwai@suse.de
+
+- updated to namazu 2.0.20:
+ * fix possible buffer overrun with a blank line in NMZ.field.*
+ files.
+
+-------------------------------------------------------------------
+Fri Aug 21 14:15:26 CEST 2009 - tiwai@suse.de
+
+- updated to version 2.0.19:
+ * Bug fix in analytical part of namazu and namazu.cgi
+ * mknmz checks on the size of the file is added
+ * Addition of code conversion processing to htmlsplit.pl
+ * The regularization of the text is added
+ * The judgment processing of an internal filter is sped up
+ * The processing done with an individual filter is integrated as an
+ extensions module
+ * UTF-8 processing
+ * See NEWS for more details
+
+-------------------------------------------------------------------
+Mon Apr 07 12:48:16 CEST 2008 - mfabian@suse.de
+
+- bnc#373529: update to 2.0.18: Upstream NEWS:
+ • Add 'Charset' directive. "charset" was added to "ContentType"
+ of the example in conf/namazurc-sample.
+ • "charset" was added to the response header in Error messages
+ for namazu.cgi.
+ • Add HTML, BODY tags in Error messages for namazu.cgi.
+ • '\'', '(', ')' is converted into "'", "(", ")"
+ respectively.
+ • Add po/{de, pl}.po files. (But, it doesn't translate.)
+ • Change charset from SJIS to Shift_JIS in po/ja_SJIS.po.
+ • Change soname (LTVERSION 8:0:1)
+ • pltests/env.pl: The checked environment variable and version of
+ the checked Perl module is added.
+ • pltests/mknmz-8.pl.in: The confirmation whether the index
+ has been updated is added.
+ • pltests/namazu-cgi-12.pl.in: Add new test.
+ • tests/mknmz-9: Expand test file.
+ • filter/hnf.pl: Correspondence GRP and bug fix.
+ • conf/*.win32: Add new files.
+ • filter/win32/ole*.pl: correspondence Office 2007. [for Windows]
+ • filter/win32/olevisio.pl: It corresponds to Visio 2000 of another
+ type. For Visio 2007/.vdx file. [for Windows]
+ • OOo bug correction. for Office Open XML file. [for Windows]
+ • nmzcat: SJIS output. [For Windows]
+ • mailutime: Bug correction related to passing.
+ • To the code in which it considers after 2038 (In the direction
+ that doesn't correspond).
+ • File-MMagic: Imported 1.27. For eml file.
+ • libnmz: Speed-up of retrieval.
+ • nmzchkw.pl: New addition. (contrib)
+ • libnmz: The bug around the memory is corrected. (users-ja#821).
+ • namazu and namazu.cgi: The bug that falls into an infinite
+ loop is corrected.
+ • namazu and namazu.cgi: Correction of HTML emphasis tag.
+ (for Windows)
+ • gcnmz and nmzmerge: The output of the log is corrected and
+ the format is corrected.
+ • namazu and namazu.cgi: The possibility that the buffer
+ overflow cuts it when the template is corrected is corrected.
+ • filter/mp3.pl: MP3-Info 1.21.
+ • namazu.spec.in: add nmzcat, nmzegrep.
+ • namazu.spec.in: fix filter-requires-namazu.sh.
+ • conf/namazurc-sample: It is added to the comment that
+ Suicide_Time is only UNIX.
+ • scripts/mknmz.in: The mistake of the number of dummy
+ arguments of process_file() is corrected.
+ • filter/pdf.pl: 'Unable to convert pdf file (maybe copying
+ protection)' was corrected at option --debug.
+ • filter/msofficexml.pl: Added new fiter.
+ • filter/visio.pl: Added a new filter.
+ • filter/mp3.pl: Support MP3-Info 1.21's behavior.
+ • tests/*: It deals with trouble in which make check fails
+ because of the environment of Mac + gettext 0.14.2.
+ • tests/data/ja/*: Added new file.
+ • Fix some bugs.
+
+-------------------------------------------------------------------
+Mon Feb 25 08:06:20 CET 2008 - crrodriguez@suse.de
+
+- fix library-without-ldconfig-postin errors
+- disbale static libraries and remove libtool archives
+
+-------------------------------------------------------------------
+Tue Dec 19 15:01:17 CET 2006 - mfabian@suse.de
+
+- updated to 2.0.16. Upstream NEWS:
+ • Directory traversal problem by lang and result of CGI parameter
+ is corrected.
+ • Substitution of "-r" that doesn't correspond to ACL of NTFS.
+ • It corresponds to the file name including space.
+ • For MeCab-perl-0.90rc10.
+ • The mistake of the document concerning ISO-8859-* is corrected.
+ • RedHat software namazu.spec was taken in.
+ The unnecessary patch was deleted.
+ • Include File::MMagic 1.25.
+ • Support MeCab.
+ • Add -b and --use-mecab options for mknmz.
+ • Add --norc option for mknmz and namazu.
+ • Add --decode-base64 option for mknmz.
+ • Add new filters (Gnumeric, Koffice, Mainman/Pipermail, Zip, Visio).
+ • Add new directives for mknmzrc (MECAB, DENY_DDN).
+ To skip when filename is DDN.
+ • Add sorting function by date of field.
+ • Added new files (nmzcat, nmzegrep).
+ • Adapt new filter programs (wvWare 1.0.3, xlhtml 0.5.1, xpdf 3.01).
+ • For Windows of filter (msword.pl, excel.pl, powerpoint.pl,
+ postscript.pl, etc...).
+ • Ole control filter renewal.
+ • ';' can have been used for the delimiter of QUERY_STRING.
+ • Add the Perl version test program (pltests).
+ • Fix some bugs.
+
+-------------------------------------------------------------------
+Wed Jan 25 21:38:33 CET 2006 - mls@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Fri Dec 17 20:11:29 CET 2004 - mfabian@suse.de
+
+- Bugzilla #49304: update to 2.0.14.
+
+-------------------------------------------------------------------
+Sat Jan 10 16:22:54 CET 2004 - adrian@suse.de
+
+- build as user
+
+-------------------------------------------------------------------
+Thu Jun 19 21:27:24 CEST 2003 - ro@suse.de
+
+- build with current gettext
+
+-------------------------------------------------------------------
+Mon Jun 16 12:51:22 CEST 2003 - mfabian@suse.de
+
+- add patch for German template files from
+ http://www.namazu.org/stable/namazu-2.0.12-de.diff
+- fix "directory not owned by any package".
+
+-------------------------------------------------------------------
+Sun Feb 16 13:16:04 CET 2003 - mfabian@suse.de
+
+- update to 2.0.12
+ From the NEWS file of 2.0.12
+ * Fix more cross-site scripting issue around NMZ.warnlog.
+ From the NEWS file of 2.0.11
+ * Change output warning to NMZ.warnlog file instead stderr
+ (for cross-site scripting issue on some environments)
+ * Update some filters.
+ * Fix possibility of buffer overflow.
+ * Fix shell execution issue on rpm/deb files.
+ * Adaptation to xpdf 1.0x (filter/pdf.pl).
+ * Fix possibility of relative path vulnerability on Win95/98.
+ * Improve HTML filter (exclude scripting language code).
+ * Add German template files.
+
+-------------------------------------------------------------------
+Mon Nov 18 20:46:25 CET 2002 - schwab@suse.de
+
+- Add AM_GNU_GETTEXT_VERSION.
+
+-------------------------------------------------------------------
+Sat Aug 10 01:21:42 CEST 2002 - mfabian@suse.de
+
+- namazu-devel package should require namazu package
+- fix directory permissions
+
+-------------------------------------------------------------------
+Mon Aug 5 12:57:08 CEST 2002 - ro@suse.de
+
+- adapt to server-root /srv/www
+
++++ 33 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.1:Update:Test/.namazu.new/namazu.changes
New:
----
_link
configure.patch
linguas.patch
namazu-2.0.18-CVE-2011-4345-XSS.patch
namazu-2.0.20.tar.bz2
namazu.changes
namazu.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ namazu.spec ++++++
#
# spec file for package namazu
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: namazu
BuildRequires: kakasi-devel nkf perl-File-MMagic perl-NKF perl-Text-ChaSen perl-Text-Kakasi
License: GPLv2+
Group: Productivity/Networking/Web/Utilities
Requires: perl >= 5.8.0, perl-File-MMagic >= 1.20, nkf >= 1.70, perl-NKF >= 1.70
Requires: kakasi >= 2.3.0, perl-Text-Kakasi >= 1.00
AutoReqProv: on
Version: 2.0.20
Release: 1
Url: http://www.namazu.org/
# Original Source is gzipped.
Source0: http://www.namazu.org/stable/%{name}-%{version}.tar.bz2
Patch0: linguas.patch
Patch2: configure.patch
Patch3: namazu-2.0.18-CVE-2011-4345-XSS.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Summary: A Full-Text Search Engine
#Summary(ja): 全文検索シス テムです。
# %description -l ja
# Namazu は手軽に使えることを第一に目指した日本語全文検索シ
# ステムです。CGI として動作させることにより小中規模の WWW
# 全文検索システムを構築することができるほか、コマンドライ
# ンやEmacs上で電子メイルの山を検索するといった個人用途にも
# 使えます。
#
# Authors:
# --------
# Satoru Takabayashi
# knok@daionet.gr.jp (NOKUBI Takatsugu)
# Yukinori MAEDA
# Ken-ichi Hirose
# masao@ulis.ac.jp (Masao Takaku)
# Ryuji Abe
# Hajime BABA
# KOSEKI Yoshinori
# Rei FURUKAWA
# Makoto Fujiwara
# Kenji Suzuki
# MIYOSHI Masanori
# Hideyuki SHIRAI
# Jose Juan Zapater Vera
# Yoshinori TAKESAKO
# SATOH Fumiyasu
%description
Namazu is a full-text search engine software intended for easy use. It
works not only as a CGI program for small or medium scale WWW search
engines, but also works for personal use such as a search system for
the local hard disk.
Authors:
--------
Satoru Takabayashi
knok@daionet.gr.jp (NOKUBI Takatsugu)
Yukinori MAEDA
Ken-ichi Hirose
masao@ulis.ac.jp (Masao Takaku)
Ryuji Abe
Hajime BABA
KOSEKI Yoshinori
Rei FURUKAWA
Makoto Fujiwara
Kenji Suzuki
MIYOSHI Masanori
Hideyuki SHIRAI
Jose Juan Zapater Vera
Yoshinori TAKESAKO
SATOH Fumiyasu
%package -n namazu-devel
License: GPLv2+
Summary: Header files and libraries of Namazu
# Summary(ja): Namazu のヘッダファイル及びライブラリです。
Group: Productivity/Networking/Web/Utilities
Requires: %{name} = %{version}
# %description -n namazu-devel -l ja
# Namazuのヘッダファイル及びライブラリです。
%description -n namazu-devel
header files and libraries of Namazu
Authors:
--------
Satoru Takabayashi
knok@daionet.gr.jp (NOKUBI Takatsugu)
Yukinori MAEDA
Ken-ichi Hirose
masao@ulis.ac.jp (Masao Takaku)
Ryuji Abe
Hajime BABA
KOSEKI Yoshinori
Rei FURUKAWA
Makoto Fujiwara
Kenji Suzuki
MIYOSHI Masanori
Hideyuki SHIRAI
Jose Juan Zapater Vera
Yoshinori TAKESAKO
SATOH Fumiyasu
%package -n namazu-cgi
License: GPLv2+
Summary: A CGI interface for Namazu
# Summary(ja): Namazu のためのCGIインタフェース
Group: Productivity/Networking/Web/Utilities
# Requires: webserver
# %description -n namazu-cgi -l ja
# Namazu のためのCGIインタフェース
%description -n namazu-cgi
a CGI interface for Namazu
Authors:
--------
Satoru Takabayashi
knok@daionet.gr.jp (NOKUBI Takatsugu)
Yukinori MAEDA
Ken-ichi Hirose
masao@ulis.ac.jp (Masao Takaku)
Ryuji Abe
Hajime BABA
KOSEKI Yoshinori
Rei FURUKAWA
Makoto Fujiwara
Kenji Suzuki
MIYOSHI Masanori
Hideyuki SHIRAI
Jose Juan Zapater Vera
Yoshinori TAKESAKO
SATOH Fumiyasu
%prep
%setup0 -q
%patch0 -p1 -b .linguas
%patch2 -p1 -b .config
%patch3 -p1
chmod +x tests/ja-namazu-cgi-3
%build
# XXX is this right - it was /var/lib before FHS macros
%define _localstatedir /var/lib
%define _libexecdir /srv/www/cgi-bin
autoreconf --force --install
test -f po/Makevars || mv po/Makevars.template po/Makevars
export CFLAGS="$RPM_OPT_FLAGS"
%configure --disable-static --with-pic \
--with-perl5=/usr/bin/perl
make
%install
mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/namazu \
$RPM_BUILD_ROOT/%{_libexecdir}
make DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} install
mv %{buildroot}%{_sysconfdir}/namazu/namazurc-sample \
%{buildroot}%{_sysconfdir}/namazu/namazurc
mv %{buildroot}%{_sysconfdir}/namazu/mknmzrc-sample \
%{buildroot}%{_sysconfdir}/namazu/mknmzrc
chmod a+rw -R %{buildroot}%{_localstatedir}/namazu
chmod a+rw -R %{buildroot}%{_localstatedir}/namazu/index
mkdir -p $RPM_BUILD_ROOT/%{_defaultdocdir}/namazu/
pushd $RPM_BUILD_ROOT/%{_defaultdocdir}/namazu/
ln -s %{_datadir}/namazu/doc .
ln -s %{_datadir}/namazu/etc .
popd
# install (X)Emacs lisp code:
mkdir -p $RPM_BUILD_ROOT/usr/share/emacs/site-lisp
install -p -m 644 lisp/gnus-nmz-1.el $RPM_BUILD_ROOT/usr/share/emacs/site-lisp
install -p -m 644 lisp/namazu.el $RPM_BUILD_ROOT/usr/share/emacs/site-lisp
mkdir -p $RPM_BUILD_ROOT/usr/share/xemacs/site-lisp/lisp
install -p -m 644 lisp/gnus-nmz-1.el $RPM_BUILD_ROOT/usr/share/xemacs/site-lisp/lisp
install -p -m 644 lisp/namazu.el $RPM_BUILD_ROOT/usr/share/xemacs/site-lisp/lisp
%{find_lang} namazu
%clean
rm -rf $RPM_BUILD_ROOT;
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files -f namazu.lang
%defattr(-, root, root)
%doc %dir %{_defaultdocdir}/namazu/
%doc %{_defaultdocdir}/namazu/*
%dir %{_sysconfdir}/namazu/
%config(noreplace) %{_sysconfdir}/namazu/*
%{_bindir}/namazu
%{_bindir}/bnamazu
%{_bindir}/*nmz
%{_bindir}/mailutime
%{_bindir}/nmzgrep
%{_bindir}/nmzegrep
%{_bindir}/nmzmerge
%{_bindir}/nmzcat
%{_libdir}/*.so.*
%{_mandir}/man1/*
%{_datadir}/namazu
%attr(755,root,root) %dir %{_localstatedir}/namazu
%attr(755,root,root) %dir %{_localstatedir}/namazu/index
%dir /usr/share/emacs/
%dir /usr/share/emacs/site-lisp/
/usr/share/emacs/site-lisp/*
%dir /usr/share/xemacs/
%dir /usr/share/xemacs/site-lisp/
%dir /usr/share/xemacs/site-lisp/lisp/
/usr/share/xemacs/site-lisp/lisp/*
%files devel
%defattr(-, root, root)
%{_bindir}/nmz-config
%dir %{_includedir}/namazu/
%{_includedir}/namazu/*.h
%{_libdir}/*.so
%exclude %{_libdir}/*.la
%files cgi
%defattr(-, root, root)
%{_libexecdir}/namazu.cgi
%changelog
++++++ _link ++++++
<link project="openSUSE:12.1" package="namazu" baserev="dac68119db673f8f01f11270a17af035">
<patches>
<branch/>
</patches>
</link>
++++++ configure.patch ++++++
---
configure.in | 1 +
1 file changed, 1 insertion(+)
--- a/configure.in
+++ b/configure.in
@@ -94,6 +94,7 @@
dnl *
ALL_LINGUAS="ja es fr de pl"
AM_GNU_GETTEXT([external])
+AM_GNU_GETTEXT_VERSION(0.12)
AM_LC_MESSAGES
dnl For latest gettext
++++++ linguas.patch ++++++
---
configure | 2 +-
configure.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/configure
+++ b/configure
@@ -8019,7 +8019,7 @@
LTVERSION="8:2:1"
-ALL_LINGUAS="ja ja_JP.SJIS es fr de pl"
+ALL_LINGUAS="ja es fr de pl"
MKINSTALLDIRS=
if test -n "$ac_aux_dir"; then
--- a/configure.in
+++ b/configure.in
@@ -92,7 +92,7 @@
dnl *
dnl * I18N
dnl *
-ALL_LINGUAS="ja ja_JP.SJIS es fr de pl"
+ALL_LINGUAS="ja es fr de pl"
AM_GNU_GETTEXT([external])
AM_LC_MESSAGES
++++++ namazu-2.0.18-CVE-2011-4345-XSS.patch ++++++
Index: namazu-2.0.18/nmz/codeconv.c
===================================================================
--- namazu-2.0.18.orig/nmz/codeconv.c
+++ namazu-2.0.18/nmz/codeconv.c
@@ -400,6 +400,71 @@ zen2han(char *str)
*(s + q) = '\0';
}
+static void
+check_eucjp(uchar *s)
+{
+ int i;
+ size_t num;
+
+ num = strlen((char *)s);
+ i = 0;
+ while (i < num) {
+ if (s[i] >= 0x20 && s[i] <= 0x7e) {
+ i++;
+ }
+ else if (s[i] >= 0xa1 && s[i] <= 0xfe) {
+ if (i + 1 < num) {
+ if (s[i + 1] >= 0xa1 && s[i + 1] <= 0xfe) {
+ i += 2;
+ }
+ else {
+ s[i++] = ' ';
+ s[i++] = ' ';
+ }
+ }
+ else {
+ s[i++] = ' ';
+ }
+ }
+ else if (s[i] == 0x8e) {
+ if (i + 1 < num) {
+ if (s[i + 1] >= 0xa1 && s[i + 1] <= 0xdf) {
+ i += 2;
+ }
+ else {
+ s[i++] = ' ';
+ s[i++] = ' ';
+ }
+ }
+ else {
+ s[i++] = ' ';
+ }
+ }
+ else if (s[i] == 0x8f) {
+ if (i + 2 < num) {
+ if (s[i + 1] >= 0xa1 && s[i + 1] <= 0xfe
+ && s[i + 2] >= 0xa1 && s[i + 2] <= 0xfe) {
+ i += 3;
+ }
+ else {
+ s[i++] = ' ';
+ s[i++] = ' ';
+ s[i++] = ' ';
+ }
+ }
+ else if (i + 1 < num) {
+ s[i++] = ' ';
+ s[i++] = ' ';
+ }
+ else {
+ s[i++] = ' ';
+ }
+ }
+ else {
+ s[i++] = ' ';
+ }
+ }
+}
/*
*
@@ -422,17 +486,24 @@ nmz_codeconv_internal(char *s)
in = (uchar *)s;
if (!nmz_is_lang_ja()) { /* Lang != ja */
+ for (i = 0; i < strlen(s); i++) {
+ if (s[i] < 0x20 || s[i] >= 0x7f) {
+ s[i] = ' ';
+ }
+ }
return 0;
}
for (i = 0, m = 0, n = 0, f = 0; *(in + i); i++) {
if (*(in + i) == ESC) {
jistoeuc(in);
+ check_eucjp(in);
return 1;
}
if (*(in + i) > (uchar) '\x80')
m++, f = f ? 0 : 1;
else if (f) {
sjistoeuc(in);
+ check_eucjp(in);
return 1;
}
if (*(in + i) > (uchar) '\xa0')
@@ -440,10 +511,14 @@ nmz_codeconv_internal(char *s)
}
if (m != n) {
sjistoeuc(in);
+ check_eucjp(in);
return 1;
}
- if (n)
+ if (n) {
+ check_eucjp(in);
return 1;
+ }
+ check_eucjp(in);
return 0;
}
Index: namazu-2.0.18/pltests/alltests.pl.in
===================================================================
--- namazu-2.0.18.orig/pltests/alltests.pl.in
+++ namazu-2.0.18/pltests/alltests.pl.in
@@ -44,6 +44,7 @@ my @TESTS = (
'namazu-cgi-7.pl', 'namazu-cgi-8.pl',
'namazu-cgi-9.pl', 'namazu-cgi-10.pl',
'namazu-cgi-12.pl',
+ 'ja-namazu-cgi-3.pl',
'chasen-1.pl', 'chasen-2.pl', 'chasen-3.pl',
'mecab-1.pl', 'mecab-2.pl', 'mecab-3.pl',
'kakasi-1.pl', 'kakasi-2.pl', 'kakasi-3.pl',
Index: namazu-2.0.18/pltests/Makefile.am
===================================================================
--- namazu-2.0.18.orig/pltests/Makefile.am
+++ namazu-2.0.18/pltests/Makefile.am
@@ -23,6 +23,7 @@ PROGRAM = alltests.pl pltests.pl \
namazu-cgi-7.pl namazu-cgi-8.pl \
namazu-cgi-9.pl namazu-cgi-10.pl \
namazu-cgi-12.pl \
+ ja-namazu-cgi-3.pl \
chasen-1.pl chasen-2.pl chasen-3.pl \
mecab-1.pl mecab-2.pl mecab-3.pl \
kakasi-1.pl kakasi-2.pl kakasi-3.pl
@@ -48,6 +49,7 @@ EXTRA_DIST = pltests.pl.in \
namazu-cgi-7.pl.in namazu-cgi-8.pl.in \
namazu-cgi-9.pl.in namazu-cgi-10.pl.in \
namazu-cgi-12.pl.in \
+ ja-namazu-cgi-3.pl.in \
chasen-1.pl.in chasen-2.pl.in chasen-3.pl.in \
mecab-1.pl.in mecab-2.pl.in mecab-3.pl.in \
kakasi-1.pl.in kakasi-2.pl.in kakasi-3.pl.in
@@ -283,6 +285,11 @@ namazu-cgi-12.pl: namazu-cgi-12.pl.in pl
sed -e 's!%PERL%!$(PERL)!g' $(srcdir)/$@.in > $@.tmp
mv $@.tmp $@
chmod +x $@
+
+ja-namazu-cgi-3.pl: ja-namazu-cgi-3.pl.in pltests.pl.in Makefile
+ sed -e 's!%PERL%!$(PERL)!g' $(srcdir)/$@.in > $@.tmp
+ mv $@.tmp $@
+ chmod +x $@
chasen-1.pl: chasen-1.pl.in pltests.pl.in Makefile
sed -e 's!%PERL%!$(PERL)!g' $(srcdir)/$@.in > $@.tmp
Index: namazu-2.0.18/pltests/Makefile.in
===================================================================
--- namazu-2.0.18.orig/pltests/Makefile.in
+++ namazu-2.0.18/pltests/Makefile.in
@@ -158,6 +158,7 @@ PROGRAM = alltests.pl pltests.pl \
namazu-cgi-7.pl namazu-cgi-8.pl \
namazu-cgi-9.pl namazu-cgi-10.pl \
namazu-cgi-12.pl \
+ ja-namazu-cgi-3.pl \
chasen-1.pl chasen-2.pl chasen-3.pl \
mecab-1.pl mecab-2.pl mecab-3.pl \
kakasi-1.pl kakasi-2.pl kakasi-3.pl
@@ -184,6 +185,7 @@ EXTRA_DIST = pltests.pl.in \
namazu-cgi-7.pl.in namazu-cgi-8.pl.in \
namazu-cgi-9.pl.in namazu-cgi-10.pl.in \
namazu-cgi-12.pl.in \
+ ja-namazu-cgi-3.pl.in \
chasen-1.pl.in chasen-2.pl.in chasen-3.pl.in \
mecab-1.pl.in mecab-2.pl.in mecab-3.pl.in \
kakasi-1.pl.in kakasi-2.pl.in kakasi-3.pl.in
@@ -590,6 +592,11 @@ namazu-cgi-12.pl: namazu-cgi-12.pl.in pl
sed -e 's!%PERL%!$(PERL)!g' $(srcdir)/$@.in > $@.tmp
mv $@.tmp $@
chmod +x $@
+
+ja-namazu-cgi-3.pl: ja-namazu-cgi-3.pl.in pltests.pl.in Makefile
+ sed -e 's!%PERL%!$(PERL)!g' $(srcdir)/$@.in > $@.tmp
+ mv $@.tmp $@
+ chmod +x $@
chasen-1.pl: chasen-1.pl.in pltests.pl.in Makefile
sed -e 's!%PERL%!$(PERL)!g' $(srcdir)/$@.in > $@.tmp
Index: namazu-2.0.18/tests/Makefile.am
===================================================================
--- namazu-2.0.18.orig/tests/Makefile.am
+++ namazu-2.0.18/tests/Makefile.am
@@ -17,7 +17,10 @@ TESTS = mknmz-1 mknmz-2 mknmz-3 mknmz-4
namazu-cgi-1 namazu-cgi-2 namazu-cgi-3 namazu-cgi-4 \
namazu-cgi-5 namazu-cgi-6 namazu-cgi-7 namazu-cgi-8 \
namazu-cgi-9 namazu-cgi-10 namazu-cgi-11 \
- ja-mknmz-1 ja-namazu-cgi-1 ja-namazu-1
+ ja-mknmz-1 ja-namazu-cgi-1 \
+ ja-namazu-cgi-3 ja-namazu-1
+
+distclean: clean-local
clean-local:
rm -rf test-log tmp-data tmp.* idx[0-9]* ja-idx[0-9]*
Index: namazu-2.0.18/tests/Makefile.in
===================================================================
--- namazu-2.0.18.orig/tests/Makefile.in
+++ namazu-2.0.18/tests/Makefile.in
@@ -152,7 +152,8 @@ TESTS = mknmz-1 mknmz-2 mknmz-3 mknmz-4
namazu-cgi-1 namazu-cgi-2 namazu-cgi-3 namazu-cgi-4 \
namazu-cgi-5 namazu-cgi-6 namazu-cgi-7 namazu-cgi-8 \
namazu-cgi-9 namazu-cgi-10 namazu-cgi-11 \
- ja-mknmz-1 ja-namazu-cgi-1 ja-namazu-1
+ ja-mknmz-1 ja-namazu-cgi-1 \
+ ja-namazu-cgi-3 ja-namazu-1
EXTRA_DIST = $(TESTS) select-data commonfuncs
@@ -465,6 +466,8 @@ uninstall-info: uninstall-info-recursive
uninstall-info-recursive uninstall-recursive
+distclean: clean-local
+
clean-local:
rm -rf test-log tmp-data tmp.* idx[0-9]* ja-idx[0-9]*
# Tell versions [3.59,3.63) of GNU make to not export all variables.
Index: namazu-2.0.18/pltests/ja-namazu-cgi-3.pl.in
===================================================================
--- /dev/null
+++ namazu-2.0.18/pltests/ja-namazu-cgi-3.pl.in
@@ -0,0 +1,90 @@
+#!%PERL% -w
+#
+# $Id: ja-namazu-cgi-3.pl.in,v 1.1.2.1 2011-07-18 13:32:49 opengl2772 Exp $
+# Copyright (C) 2007 Tadamasa Teranishi
+# 2007,2011 Namazu Project All rights reserved.
+# This is free software with ABSOLUTELY NO WARRANTY.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either versions 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+# 02111-1307, USA
+#
+# This file must be encoded in EUC-JP encoding
+#
+
+#
+# Test for cross-site scripting vulnerability with IE6,IE7 and wrong EUC-JP chracter code.
+#
+
+use strict;
+require Cwd;
+use File::Copy;
+require 'pltests.pl';
+
+my $cwd = Cwd::cwd();
+my $LOG = "$cwd/test-log";
+my $INDEX = "$cwd/idx1";
+my $NAMAZU = pltests::binpath('namazu.cgi');
+my $RC = pltests::binpath('.namazurc');
+
+my @cmd;
+
+$ENV{'SCRIPT_NAME'} = 'namazu.cgi';
+$ENV{'QUERY_STRING'} = 'query=%8F%EF%9C/%20%8F%EF%9E%20%8F%EF%9C/';
+
+pltests::putline($LOG, " *** starting $0");
+
+if ($English::OSNAME eq "MSWin32" || $English::OSNAME eq "os2") {
+ pltests::putline($LOG, "Skipping because of MSWin32 or os2: $0");
+ exit 77;
+}
+
+if (pltests::get_lang() !~ /^ja/) {
+ pltests::putline($LOG, "Skipping because of LANG does not begin with ja: $0");
+ exit 77;
+}
+
+if (-f $RC) {
+ unlink("$RC");
+}
+pltests::putline($RC, "Index $INDEX");
+pltests::duprcs($RC);
+
+my $ascii = '[\x00-\x7F]';
+my $twoBytes = '(?:[\x8E\xA1-\xFE][\xA1-\xFE])';
+my $threeBytes = '(?:\x8F[\xA1-\xFE][xA1-\xFE])';
+my $character = "(?:$ascii|$twoBytes|$threeBytes)";
+
+@cmd = ("$NAMAZU");
+my ($staus, $result, $conts_err) = pltests::ezsyscmd(\@cmd);
+$result =~ s/$character//g;
+$result =~ s/[\n\r]//g;
+pltests::putline($LOG, "\"$result\"");
+exit 1 if $result;
+
+$ENV{'QUERY_STRING'} = 'query=%8F%AF%82%20';
+@cmd = ("$NAMAZU");
+($staus, $result, $conts_err) = pltests::ezsyscmd(\@cmd);
+$result =~ s/$character//g;
+$result =~ s/[\n\r]//g;
+pltests::putline($LOG, "\"$result\"");
+exit 1 if $result;
+
+exit 0;
+
+END {
+ if (-f $RC) {
+ unlink("$RC");
+ }
+}
Index: namazu-2.0.18/tests/ja-namazu-cgi-3
===================================================================
--- /dev/null
+++ namazu-2.0.18/tests/ja-namazu-cgi-3
@@ -0,0 +1,80 @@
+#! /bin/sh
+#
+# Test for cross-site scripting vulnerability with IE6,IE7 and wrong EUC-JP chracter code.
+#
+LOG=`pwd`/test-log
+echo ' *** starting ' $0 >>$LOG
+. ${srcdir}/commonfuncs
+
+EXEC=no
+
+lc_all=$LC_ALL
+lc_ctype=$LC_CTYPE
+lang=$LANG
+
+for ctype in "$lc_all" "$lc_ctype" "$lang"; do
+ if test -n "$ctype" -a "$ctype" = "C"; then
+ ctype="en"
+ break
+ fi
+ cand=`echo "$ctype" | LC_ALL="C" perl -nle 'print $1 if /^(..)/'`
+ if test -n "$cand"; then
+ ctype=$cand
+ break
+ fi
+done
+
+case $ctype in
+ ja*)
+ EXEC=yes
+ ;;
+esac
+if [ $EXEC = 'no' ]
+then
+ echo "Skipping because of LANG does not begin with ja: $0" >> $LOG
+ exit 77
+fi
+
+unset LANGUAGE
+unset LC_ALL
+unset LC_MESSAGES
+unset LC_CTYPE
+unset LANG
+
+
+pwd=`pwd`
+tmprc="$pwd/../src/.namazurc"
+echo "Index ../tests/idx1" > $tmprc
+echo "Lang ja" >> $tmprc
+duprcs
+cd ../src
+
+perl << 'TEST' >> $LOG
+ my $query = 'query=%8F%EF%9C/%8F%EF%9E%20%8F%EF%9C';
+ $ENV{'SCRIPT_NAME'} = 'namazu.cgi';
+ $ENV{'QUERY_STRING'} = $query;
+ my $cmd = "./namazu.cgi";
+ my $result = `$cmd 2>&1`;
+
+ my $ascii = '[\x00-\x7F]';
+ my $twoBytes = '(?:[\x8E\xA1-\xFE][\xA1-\xFE])';
+ my $threeBytes = '(?:\x8F[\xA1-\xFE][xA1-\xFE])';
+ my $character = "(?:$ascii|$twoBytes|$threeBytes)";
+ $result =~ s/$character//g;
+ $result =~ s/[\n\r]//g;
+ print "\"$result\"\n";
+ exit 1 if $result;
+
+ $query = 'query=%8F%AF%82%20';
+ $ENV{'QUERY_STRING'} = $query;
+ $result = `$cmd 2>&1`;
+ $result =~ s/$character//g;
+ $result =~ s/[\n\r]//g;
+ print "\"$result\"\n";
+ exit 1 if $result;
+
+ exit 0;
+TEST
+result=$?
+rm -f $tmprc
+exit $result
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org