Author: glen Date: Tue Apr 6 21:54:50 2010 GMT Module: packages Tag: HEAD ---- Log message: - two more patches from fc
---- Files affected: packages/ntop: ntop.spec (1.85 -> 1.86) , ntop-http_c.patch (NONE -> 1.1) (NEW), ntop-running-user.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/ntop/ntop.spec diff -u packages/ntop/ntop.spec:1.85 packages/ntop/ntop.spec:1.86 --- packages/ntop/ntop.spec:1.85 Tue Apr 6 23:20:02 2010 +++ packages/ntop/ntop.spec Tue Apr 6 23:54:45 2010 @@ -1,7 +1,8 @@ # $Revision$, $Date$ # TODO # - see if it uses system files for ettercap and geoip files we did not package -# - see if /etc/ntop/oui.txt.gz can be externalized (whatever it is) +# - see if /etc/ntop/oui.txt.gz can be externalized (ethernet vendor id file), +# hwdata uses same file for example. url: http://linux.die.net/man/1/get-oui # # Conditional build: %bcond_with mysql # with mysql support @@ -22,6 +23,8 @@ Patch2: %{name}-am.patch Patch3: %{name}-lua_wget.patch Patch4: %{name}-geoip.patch +Patch5: %{name}-http_c.patch +Patch6: %{name}-running-user.patch URL: http://www.ntop.org/ BuildRequires: GeoIP-devel BuildRequires: autoconf @@ -78,6 +81,8 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 # taken from autogen.sh cp -f %{_aclocaldir}/libtool.m4 libtool.m4.in @@ -164,6 +169,9 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.86 2010/04/06 21:54:45 glen +- two more patches from fc + Revision 1.85 2010/04/06 21:20:02 glen - geoip and lua fixes from fc with my addons to get it building ================================================================ Index: packages/ntop/ntop-http_c.patch diff -u /dev/null packages/ntop/ntop-http_c.patch:1.1 --- /dev/null Tue Apr 6 23:54:50 2010 +++ packages/ntop/ntop-http_c.patch Tue Apr 6 23:54:45 2010 @@ -0,0 +1,27 @@ +revision 1.3 +date: 2009/10/10 06:09:31; author: rakesh; state: Exp; lines: +11 -9 +Patch7: ntop-http_c_user.patch for #518264 (CVE-2009-2732) +---------------------------- +revision 1.2 +date: 2009/08/05 15:25:07; author: rakesh; state: dead; lines: +0 -0 + + - Updated to 3.3.10, updated geoip patch + - lua_wget patch to prevent wget lua + - removed ntop-http_c.patch +---------------------------- +revision 1.1 +date: 2009/03/17 08:28:30; author: rakesh; state: Exp; +Fixed world-writable access log (#490561) + +--- ntop-3.3.10.org/http.c 2009-09-13 14:23:48.895204786 +0530 ++++ ntop-3.3.10/http.c 2009-09-13 14:45:35.603204376 +0530 +@@ -3439,6 +3439,9 @@ + strncpy(thePw, &outBuffer[i+1], thePwLen-1)[thePwLen-1] = '\0'; + } + ++ if(user == NULL) ++ user = ""; ++ + if(strlen(user) >= sizeof(theHttpUser)) user[sizeof(theHttpUser)-1] = '\0'; + strcpy(theHttpUser, user); + ================================================================ Index: packages/ntop/ntop-running-user.patch diff -u /dev/null packages/ntop/ntop-running-user.patch:1.1 --- /dev/null Tue Apr 6 23:54:50 2010 +++ packages/ntop/ntop-running-user.patch Tue Apr 6 23:54:45 2010 @@ -0,0 +1,13 @@ +--- ntop-3.2/prefs.c 2005-09-29 10:39:06.000000000 +1200 ++++ ntop-3.2/prefs.c.mjk 2006-07-06 17:34:34.000000000 +1200 +@@ -772,8 +772,8 @@ + /* We're root */ + char *user; + +- pw = getpwnam(user = "nobody"); +- if(pw == NULL) pw = getpwnam(user = "anonymous"); ++ pw = getpwnam(user = "ntop"); ++ if(pw == NULL) pw = getpwnam(user = "nobody"); + + if(pw != NULL) { + myGlobals.userId = pw->pw_uid; ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/ntop/ntop.spec?r1=1.85&r2=1.86&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
