rpms/ntop/devel ntop-http_c.patch, 1.2, 1.3 import.log, 1.3, 1.4 ntop.spec, 1.12, 1.13

Rakesh Pandit rakesh at fedoraproject.org
Sat Oct 10 06:09:32 UTC 2009


Author: rakesh

Update of /cvs/pkgs/rpms/ntop/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6767/devel

Modified Files:
	import.log ntop.spec 
Added Files:
	ntop-http_c.patch 
Log Message:
Patch7: ntop-http_c_user.patch for #518264 (CVE-2009-2732)


ntop-http_c.patch:
 http.c |    3 +++
 1 file changed, 3 insertions(+)

Index: ntop-http_c.patch
===================================================================
RCS file: ntop-http_c.patch
diff -N ntop-http_c.patch
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ ntop-http_c.patch	10 Oct 2009 06:09:31 -0000	1.3
@@ -0,0 +1,12 @@
+--- ntop-3.3.10.org/http.c	2009-09-13 14:23:48.895204786 +0530
++++ ntop-3.3.10/http.c	2009-09-13 14:45:35.603204376 +0530
+@@ -3439,6 +3439,9 @@
+     strncpy(thePw, &outBuffer[i+1], thePwLen-1)[thePwLen-1] = '\0';
+   }
+ 
++  if(user == NULL)
++    user = "";
++
+   if(strlen(user) >= sizeof(theHttpUser)) user[sizeof(theHttpUser)-1] = '\0';
+   strcpy(theHttpUser, user);
+ 


Index: import.log
===================================================================
RCS file: /cvs/pkgs/rpms/ntop/devel/import.log,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- import.log	5 Aug 2009 15:25:07 -0000	1.3
+++ import.log	10 Oct 2009 06:09:31 -0000	1.4
@@ -1,3 +1,4 @@
 ntop-3_3_6-5_fc9:HEAD:ntop-3.3.6-5.fc9.src.rpm:1218561708
 ntop-3_3_8-1_fc10:HEAD:ntop-3.3.8-1.fc10.src.rpm:1224702132
 ntop-3_3_10-1_fc11:HEAD:ntop-3.3.10-1.fc11.src.rpm:1249486132
+ntop-3_3_10-3_fc12:HEAD:ntop-3.3.10-3.fc12.src.rpm:1255155644


Index: ntop.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ntop/devel/ntop.spec,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -p -r1.12 -r1.13
--- ntop.spec	21 Aug 2009 14:44:32 -0000	1.12
+++ ntop.spec	10 Oct 2009 06:09:31 -0000	1.13
@@ -1,6 +1,6 @@
 Name:           ntop
 Version:        3.3.10
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        A network traffic probe similar to the UNIX top command
 Group:          Applications/Internet
 # Confirmed from fedora legal 488717
@@ -17,6 +17,7 @@ Patch3:         ntop-dbfile-default-dir.
 Patch4:         ntop-enable-sslv3.patch
 Patch5:         ntop-geoip.patch
 Patch6:         ntop-lua_wget.patch
+Patch7:         ntop-http_c.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  autoconf, automake, pkgconfig, libtool, groff, libpcap-devel wget
 BuildRequires:  gdbm-devel, gd-devel, rrdtool-devel, openssl-devel
@@ -69,7 +70,7 @@ find . \( -name \*\.gz -o -name \*\.c -o
 %patch4 -p1 -b .sslv3
 %patch5 -p1 -b .geo
 %patch6 -p1 -b .lua_wget
-#%patch6 -p1 -b .http_c
+%patch7 -p1 -b .http_c
 
 %build
 #run ntop own autoconf wrapper
@@ -189,6 +190,9 @@ fi
 %{_localstatedir}/lib/ntop/rrd
 
 %changelog
+* Sun Sep 13 2009 Rakesh Pandit <rakesh at fedoraproject.org> - 3.3.10-3
+- Patch7: ntop-http_c.patch for #518264 (CVE-2009-2732)
+
 * Fri Aug 21 2009 Tomas Mraz <tmraz at redhat.com> - 3.3.10-2
 - rebuilt with new openssl
 




More information about the fedora-extras-commits mailing list