[pkgsrc/pkgsrc-2005Q3]: pkgsrc/www/apachetop Pullup ticket 808 - requested by...

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/4151b60fdc2b
branches:  pkgsrc-2005Q3
changeset: 499564:4151b60fdc2b
user:      salo <salo%pkgsrc.org@localhost>
date:      Thu Oct 06 11:48:26 2005 +0000

description:
Pullup ticket 808 - requested by Jonathan Perkin
security fix for apachetop

Revisions pulled up:
- pkgsrc/www/apachetop/Makefile                 1.6
- pkgsrc/www/apachetop/distinfo                 1.4
- pkgsrc/www/apachetop/patches/patch-aa         1.3

   Module Name:         pkgsrc
   Committed By:        sketch
   Date:                Thu Oct  6 11:26:18 UTC 2005

   Modified Files:
        pkgsrc/www/apachetop: Makefile distinfo
   Added Files:
        pkgsrc/www/apachetop/patches: patch-aa

   Log Message:
   Apply patch from Steve Kemp of Debian to fix insecure temporary file usage.

   Fixes CAN-2005-2660.

diffstat:

 www/apachetop/Makefile         |   3 ++-
 www/apachetop/distinfo         |   3 ++-
 www/apachetop/patches/patch-aa |  22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+), 2 deletions(-)

diffs (50 lines):

diff -r 778e9a89f42d -r 4151b60fdc2b www/apachetop/Makefile
--- a/www/apachetop/Makefile    Wed Oct 05 20:39:46 2005 +0000
+++ b/www/apachetop/Makefile    Thu Oct 06 11:48:26 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.5 2005/04/11 21:47:51 tv Exp $
+# $NetBSD: Makefile,v 1.5.4.1 2005/10/06 11:48:26 salo Exp $
 #
 
 DISTNAME=      apachetop-0.12.5
+PKGREVISION=   1
 CATEGORIES=    sysutils www
 MASTER_SITES=  http://clueful.shagged.org/apachetop/files/
 
diff -r 778e9a89f42d -r 4151b60fdc2b www/apachetop/distinfo
--- a/www/apachetop/distinfo    Wed Oct 05 20:39:46 2005 +0000
+++ b/www/apachetop/distinfo    Thu Oct 06 11:48:26 2005 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.3 2005/02/24 14:08:28 wiz Exp $
+$NetBSD: distinfo,v 1.3.6.1 2005/10/06 11:48:26 salo Exp $
 
 SHA1 (apachetop-0.12.5.tar.gz) = b41d3c68478e3cd378988834f32ce9a33975c67e
 RMD160 (apachetop-0.12.5.tar.gz) = a46fb8e850d6d98ce38aaa97fb2ea62553091ded
 Size (apachetop-0.12.5.tar.gz) = 126967 bytes
+SHA1 (patch-aa) = eae05f08dc87ba367256d632e8b95d186955e4dc
diff -r 778e9a89f42d -r 4151b60fdc2b www/apachetop/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apachetop/patches/patch-aa    Thu Oct 06 11:48:26 2005 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-aa,v 1.2.8.1 2005/10/06 11:48:26 salo Exp $
+
+--- src/apachetop.cc.orig      2005-10-06 12:07:41.000000000 +0100
++++ src/apachetop.cc   2005-10-06 12:10:07.000000000 +0100
+@@ -1104,8 +1104,16 @@
+ {
+       FILE *d;
+         va_list args;
++      static char tmpfile[1024] = {'\0'};
+ 
+-      if (cf.debug && (d = fopen(DEBUG_OUTPUT, "a")))
++      if (!strlen(tmpfile))
++      {
++              strcpy(tmpfile, "/tmp/atop.XXXXXX");
++              mkdtemp(tmpfile);
++              strncat(tmpfile, "/debug", sizeof(tmpfile));
++      }
++
++      if (cf.debug && (d = fopen(tmpfile, "a")))
+       {
+               va_start(args, fmt);
+               vfprintf(d, fmt, args);