Bug 844 doc: Don't ask users to provide a patch, as we already have one.

2024-12-04 14:46:47 -05:00 · 2007-02-22 11:05:39 +02:00 · 2007-02-22 11:05:39 +02:00 · a5656701ef
commit a5656701ef
parent 67ee2205f3
2 changed files with 5 additions and 4 deletions
--- a/configure.in
+++ b/configure.in
@ -1263,7 +1263,7 @@ EL_ARG_ENABLE(CONFIG_NNTP, nntp, [NNTP protocol],
 dnl Force disable SMB before EL_ARG_DEPEND so that it logs the correct value.
 if test "${enable_smb-no}" != no || test "${CONFIG_SMB-no}" != no; then
  AC_MSG_WARN([Forcing --disable-smb because of vulnerability CVE-2006-5925.
-If you want to use SMB, please vote for bug 844 or post a patch.])
+If you want to use SMB, please see bug 844.])
 fi
 enable_smb=no
 CONFIG_SMB=no
--- a/features.conf
+++ b/features.conf
@ -375,9 +375,10 @@ CONFIG_NNTP=no
 #
 # Unfortunately, ELinks doesn't yet properly validate the file name passed to
 # smbclient, and this caused vulnerability CVE-2006-5925 (bug 841).  To close
-# the vulnerability, configure.in now disables the SMB protocol regardless
-# of what you specify here.  If you would like to fix the code so that the
-# protocol can be safely enabled again, please see bug 844.
+# the vulnerability, configure.in now disables the SMB protocol regardless of
+# what you specify here.  There is a patch that reimplements SMB in a safer
+# way, but it has not yet been included in the main ELinks tree.  Please see
+# bug 844 for further information.
 #
 # Default: disabled