packages: ntop/ntop.spec, ntop/ntop-http_c.patch (NEW), ntop/ntop-running-u...

glen glen at pld-linux.org
Tue Apr 6 23:54:50 CEST 2010


Author: glen                         Date: Tue Apr  6 21:54:50 2010 GMT
Module: packages                      Tag: HEAD
---- Log message:
- two more patches from fc

---- Files affected:
packages/ntop:
   ntop.spec (1.85 -> 1.86) , ntop-http_c.patch (NONE -> 1.1)  (NEW), ntop-running-user.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/ntop/ntop.spec
diff -u packages/ntop/ntop.spec:1.85 packages/ntop/ntop.spec:1.86
--- packages/ntop/ntop.spec:1.85	Tue Apr  6 23:20:02 2010
+++ packages/ntop/ntop.spec	Tue Apr  6 23:54:45 2010
@@ -1,7 +1,8 @@
 # $Revision$, $Date$
 # TODO
 # - see if it uses system files for ettercap and geoip files we did not package
-# - see if /etc/ntop/oui.txt.gz can be externalized (whatever it is)
+# - see if /etc/ntop/oui.txt.gz can be externalized (ethernet vendor id file),
+#   hwdata uses same file for example. url: http://linux.die.net/man/1/get-oui
 #
 # Conditional build:
 %bcond_with	mysql	# with mysql support
@@ -22,6 +23,8 @@
 Patch2:		%{name}-am.patch
 Patch3:		%{name}-lua_wget.patch
 Patch4:		%{name}-geoip.patch
+Patch5:		%{name}-http_c.patch
+Patch6:		%{name}-running-user.patch
 URL:		http://www.ntop.org/
 BuildRequires:	GeoIP-devel
 BuildRequires:	autoconf
@@ -78,6 +81,8 @@
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
 
 # taken from autogen.sh
 cp -f %{_aclocaldir}/libtool.m4 libtool.m4.in
@@ -164,6 +169,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.86  2010/04/06 21:54:45  glen
+- two more patches from fc
+
 Revision 1.85  2010/04/06 21:20:02  glen
 - geoip and lua fixes from fc with my addons to get it building
 

================================================================
Index: packages/ntop/ntop-http_c.patch
diff -u /dev/null packages/ntop/ntop-http_c.patch:1.1
--- /dev/null	Tue Apr  6 23:54:50 2010
+++ packages/ntop/ntop-http_c.patch	Tue Apr  6 23:54:45 2010
@@ -0,0 +1,27 @@
+revision 1.3
+date: 2009/10/10 06:09:31;  author: rakesh;  state: Exp;  lines: +11 -9
+Patch7: ntop-http_c_user.patch for #518264 (CVE-2009-2732)
+----------------------------
+revision 1.2
+date: 2009/08/05 15:25:07;  author: rakesh;  state: dead;  lines: +0 -0
+
+ - Updated to 3.3.10, updated geoip patch
+ - lua_wget patch to prevent wget lua
+ - removed ntop-http_c.patch
+----------------------------
+revision 1.1
+date: 2009/03/17 08:28:30;  author: rakesh;  state: Exp;
+Fixed world-writable access log (#490561)
+
+--- ntop-3.3.10.org/http.c	2009-09-13 14:23:48.895204786 +0530
++++ ntop-3.3.10/http.c	2009-09-13 14:45:35.603204376 +0530
+@@ -3439,6 +3439,9 @@
+     strncpy(thePw, &outBuffer[i+1], thePwLen-1)[thePwLen-1] = '\0';
+   }
+ 
++  if(user == NULL)
++    user = "";
++
+   if(strlen(user) >= sizeof(theHttpUser)) user[sizeof(theHttpUser)-1] = '\0';
+   strcpy(theHttpUser, user);
+ 

================================================================
Index: packages/ntop/ntop-running-user.patch
diff -u /dev/null packages/ntop/ntop-running-user.patch:1.1
--- /dev/null	Tue Apr  6 23:54:50 2010
+++ packages/ntop/ntop-running-user.patch	Tue Apr  6 23:54:45 2010
@@ -0,0 +1,13 @@
+--- ntop-3.2/prefs.c	2005-09-29 10:39:06.000000000 +1200
++++ ntop-3.2/prefs.c.mjk	2006-07-06 17:34:34.000000000 +1200
+@@ -772,8 +772,8 @@
+       /* We're root */
+       char *user;
+ 
+-      pw = getpwnam(user = "nobody");
+-      if(pw == NULL) pw = getpwnam(user = "anonymous");
++      pw = getpwnam(user = "ntop");
++      if(pw == NULL) pw = getpwnam(user = "nobody");
+ 
+       if(pw != NULL) {
+ 	myGlobals.userId  = pw->pw_uid;
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/ntop/ntop.spec?r1=1.85&r2=1.86&f=u



More information about the pld-cvs-commit mailing list