diff options
| author | salo <salo@pkgsrc.org> | 2005-10-06 11:48:26 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2005-10-06 11:48:26 +0000 |
| commit | ad0e1d6a1bb17b50d4bf8bb75a24850dcaec4ee3 (patch) | |
| tree | 4945b695aac3968141518b0f38e80ab51cc72594 /www | |
| parent | d1b9cd4dc5fb32628961c7de25a1e0173000de6f (diff) | |
| download | pkgsrc-ad0e1d6a1bb17b50d4bf8bb75a24850dcaec4ee3.tar.gz | |
Pullup ticket 808 - requested by Jonathan Perkin
security fix for apachetop
Revisions pulled up:
- pkgsrc/www/apachetop/Makefile 1.6
- pkgsrc/www/apachetop/distinfo 1.4
- pkgsrc/www/apachetop/patches/patch-aa 1.3
Module Name: pkgsrc
Committed By: sketch
Date: Thu Oct 6 11:26:18 UTC 2005
Modified Files:
pkgsrc/www/apachetop: Makefile distinfo
Added Files:
pkgsrc/www/apachetop/patches: patch-aa
Log Message:
Apply patch from Steve Kemp of Debian to fix insecure temporary file usage.
Fixes CAN-2005-2660.
Diffstat (limited to 'www')
| -rw-r--r-- | www/apachetop/Makefile | 3 | ||||
| -rw-r--r-- | www/apachetop/distinfo | 3 | ||||
| -rw-r--r-- | www/apachetop/patches/patch-aa | 22 |
3 files changed, 26 insertions, 2 deletions
diff --git a/www/apachetop/Makefile b/www/apachetop/Makefile index 2d424c1fbb3..7ac64351ca5 100644 --- a/www/apachetop/Makefile +++ b/www/apachetop/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.5 2005/04/11 21:47:51 tv Exp $ +# $NetBSD: Makefile,v 1.5.4.1 2005/10/06 11:48:26 salo Exp $ # DISTNAME= apachetop-0.12.5 +PKGREVISION= 1 CATEGORIES= sysutils www MASTER_SITES= http://clueful.shagged.org/apachetop/files/ diff --git a/www/apachetop/distinfo b/www/apachetop/distinfo index 585411828ba..044cec8de8c 100644 --- a/www/apachetop/distinfo +++ b/www/apachetop/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.3 2005/02/24 14:08:28 wiz Exp $ +$NetBSD: distinfo,v 1.3.6.1 2005/10/06 11:48:26 salo Exp $ SHA1 (apachetop-0.12.5.tar.gz) = b41d3c68478e3cd378988834f32ce9a33975c67e RMD160 (apachetop-0.12.5.tar.gz) = a46fb8e850d6d98ce38aaa97fb2ea62553091ded Size (apachetop-0.12.5.tar.gz) = 126967 bytes +SHA1 (patch-aa) = eae05f08dc87ba367256d632e8b95d186955e4dc diff --git a/www/apachetop/patches/patch-aa b/www/apachetop/patches/patch-aa new file mode 100644 index 00000000000..2db379c7858 --- /dev/null +++ b/www/apachetop/patches/patch-aa @@ -0,0 +1,22 @@ +$NetBSD: patch-aa,v 1.2.8.1 2005/10/06 11:48:26 salo Exp $ + +--- src/apachetop.cc.orig 2005-10-06 12:07:41.000000000 +0100 ++++ src/apachetop.cc 2005-10-06 12:10:07.000000000 +0100 +@@ -1104,8 +1104,16 @@ + { + FILE *d; + va_list args; ++ static char tmpfile[1024] = {'\0'}; + +- if (cf.debug && (d = fopen(DEBUG_OUTPUT, "a"))) ++ if (!strlen(tmpfile)) ++ { ++ strcpy(tmpfile, "/tmp/atop.XXXXXX"); ++ mkdtemp(tmpfile); ++ strncat(tmpfile, "/debug", sizeof(tmpfile)); ++ } ++ ++ if (cf.debug && (d = fopen(tmpfile, "a"))) + { + va_start(args, fmt); + vfprintf(d, fmt, args); |