Apply patch from Steve Kemp of Debian to fix insecure temporary file usage.

Fixes CAN-2005-2660.

3 files changed, 26 insertions, 2 deletions

diff --git a/www/apachetop/Makefile b/www/apachetop/Makefile
index 2d424c1fbb3..07d0d0f43f0 100644
--- a/www/apachetop/Makefile
+++ b/www/apachetop/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.5 2005/04/11 21:47:51 tv Exp $
+# $NetBSD: Makefile,v 1.6 2005/10/06 11:26:18 sketch Exp $
 #
 
 DISTNAME=	apachetop-0.12.5
+PKGREVISION=	1
 CATEGORIES=	sysutils www
 MASTER_SITES=	http://clueful.shagged.org/apachetop/files/
 
diff --git a/www/apachetop/distinfo b/www/apachetop/distinfo
index 585411828ba..f4d88de1e93 100644
--- a/www/apachetop/distinfo
+++ b/www/apachetop/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.3 2005/02/24 14:08:28 wiz Exp $
+$NetBSD: distinfo,v 1.4 2005/10/06 11:26:18 sketch Exp $
 
 SHA1 (apachetop-0.12.5.tar.gz) = b41d3c68478e3cd378988834f32ce9a33975c67e
 RMD160 (apachetop-0.12.5.tar.gz) = a46fb8e850d6d98ce38aaa97fb2ea62553091ded
 Size (apachetop-0.12.5.tar.gz) = 126967 bytes
+SHA1 (patch-aa) = eae05f08dc87ba367256d632e8b95d186955e4dc
diff --git a/www/apachetop/patches/patch-aa b/www/apachetop/patches/patch-aa
new file mode 100644
index 00000000000..798c03d03a2
--- /dev/null
+++ b/www/apachetop/patches/patch-aa
@@ -0,0 +1,22 @@
+$NetBSD: patch-aa,v 1.3 2005/10/06 11:26:18 sketch Exp $
+
+--- src/apachetop.cc.orig	2005-10-06 12:07:41.000000000 +0100
++++ src/apachetop.cc	2005-10-06 12:10:07.000000000 +0100
+@@ -1104,8 +1104,16 @@
+ {
+ 	FILE *d;
+         va_list args;
++	static char tmpfile[1024] = {'\0'};
+ 
+-	if (cf.debug && (d = fopen(DEBUG_OUTPUT, "a")))
++	if (!strlen(tmpfile))
++	{
++		strcpy(tmpfile, "/tmp/atop.XXXXXX");
++		mkdtemp(tmpfile);
++		strncat(tmpfile, "/debug", sizeof(tmpfile));
++	}
++
++	if (cf.debug && (d = fopen(tmpfile, "a")))
+ 	{
+         	va_start(args, fmt);
+         	vfprintf(d, fmt, args);