From fde51ee5cfc5b9ea1a64956453da13b3b14f62fa Mon Sep 17 00:00:00 2001 From: Willy Sudiarto Raharjo Date: Mon, 1 Oct 2012 08:10:38 +0700 Subject: [PATCH] system/apachetop: Change maintainer & patch possible buffer overflow Signed-off-by: Robby Workman --- .../apachetop-0.12.6-maxpathlen.patch | 39 +++++++++++++++++++ system/apachetop/apachetop.SlackBuild | 6 ++- system/apachetop/apachetop.info | 4 +- 3 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 system/apachetop/apachetop-0.12.6-maxpathlen.patch diff --git a/system/apachetop/apachetop-0.12.6-maxpathlen.patch b/system/apachetop/apachetop-0.12.6-maxpathlen.patch new file mode 100644 index 0000000000..3b320d23d0 --- /dev/null +++ b/system/apachetop/apachetop-0.12.6-maxpathlen.patch @@ -0,0 +1,39 @@ +Patch by Robert Scheck for apachetop <= 0.12.6, which +adds some includes in order to have a real change to get MAXPATHLEN defined with +a valid value. Once MAXPATHLEN really gets filled with 128, it will just cause a +buffer overflow. + +See Red Hat Bugzilla #446199 (https://bugzilla.redhat.com/show_bug.cgi?id=446199) +for more information. This patch should solve the mentioned bug report and should +be sane enough to get included by upstream of apachetop for the next release. It +is important to run autoheader before ./configure to get these changes activated. + +--- apachetop-0.12.6/configure.ac.orig 2005-10-27 18:39:25.000000000 +0200 ++++ apachetop-0.12.6/configure.ac 2008-06-21 16:00:38.000000000 +0200 +@@ -34,7 +34,8 @@ + # Checks for header files. + AC_HEADER_STDC + AC_CHECK_HEADERS([arpa/inet.h netdb.h netinet/in.h \ +- string.h strings.h sys/socket.h time.h sys/time.h]) ++ string.h strings.h sys/socket.h time.h sys/time.h \ ++ limits.h sys/param.h]) + + # Checks for typedefs, structures, and compiler characteristics. + #AC_HEADER_STDBOOL # not in 2.53? +--- apachetop-0.12.6/src/apachetop.h.orig 2005-10-15 18:10:01.000000000 +0200 ++++ apachetop-0.12.6/src/apachetop.h 2008-06-21 16:02:00.000000000 +0200 +@@ -89,8 +89,12 @@ + #define getMIN(a,b) (a < b ? a : b) + #define getMAX(a,b) (a > b ? a : b) + +-#ifndef MAXPATHLEN +-# define MAXPATHLEN 128 ++#ifdef HAVE_SYS_PARAM_H ++# include ++#endif ++ ++#if HAVE_LIMITS_H ++# include + #endif + + /* upon startup, each input file is put into an element of this array, diff --git a/system/apachetop/apachetop.SlackBuild b/system/apachetop/apachetop.SlackBuild index 4051b84461..df3ae7f561 100644 --- a/system/apachetop/apachetop.SlackBuild +++ b/system/apachetop/apachetop.SlackBuild @@ -3,6 +3,7 @@ # Slackware build script for ApacheTop # Written by Menno Duursma +# Updated by Willy Sudiarto Raharjo # This program is free software. It comes without any warranty. # Granted WTFPLv2, as published by Sam Hocevar dec 2004. @@ -10,7 +11,7 @@ PRGNAM=apachetop VERSION=${VERSION:-0.12.6} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} TAG=${TAG:-_SBo} # Automatically determine the architecture we're building on: @@ -60,6 +61,9 @@ patch -p0 < $CWD/apachetop.outputfile.patch # Add mension of the feature added above to the manpage. patch -p0 < $CWD/apachetop.manpage.diff +# Add patch from Fedora Project to fix buffer overflow possibility +patch -p1 < $CWD/apachetop-0.12.6-maxpathlen.patch + # Add --with-adns= if you have adns installed and want ApacheTop support # Note: The log to parce can be overwritten at runtime, using the '-f' flag. CXXFLAGS="$SLKCFLAGS" \ diff --git a/system/apachetop/apachetop.info b/system/apachetop/apachetop.info index 2cc6eacd09..60e35a2bbe 100644 --- a/system/apachetop/apachetop.info +++ b/system/apachetop/apachetop.info @@ -6,5 +6,5 @@ MD5SUM="604283ac4bbbddd98fc9b1f11381657e" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="" -MAINTAINER="Diogo Leal" -EMAIL="diogo@diogoleal.com" +MAINTAINER="Willy Sudiarto Raharjo" +EMAIL="willysr@slackware-id.org"