summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPete Michaleas <tutor@gentoo.org>2002-04-25 22:26:49 +0000
committerPete Michaleas <tutor@gentoo.org>2002-04-25 22:26:49 +0000
commitae65a3491160ef43958417ad6997cc32820c6e93 (patch)
tree9a37cc9276629e45258273c9b1cdbfa7945be5a2 /net-analyzer/ntop
parentnew freetype - simple version bump (diff)
downloadgentoo-2-ae65a3491160ef43958417ad6997cc32820c6e93.tar.gz
gentoo-2-ae65a3491160ef43958417ad6997cc32820c6e93.tar.bz2
gentoo-2-ae65a3491160ef43958417ad6997cc32820c6e93.zip
Fix for remote vulnerability
Diffstat (limited to 'net-analyzer/ntop')
-rw-r--r--net-analyzer/ntop/ChangeLog10
-rw-r--r--net-analyzer/ntop/files/ntop-2.0_syslog_format.patch29
-rw-r--r--net-analyzer/ntop/ntop-2.0-r1.ebuild88
3 files changed, 126 insertions, 1 deletions
diff --git a/net-analyzer/ntop/ChangeLog b/net-analyzer/ntop/ChangeLog
index b96b763ff511..8ed66b99cc3f 100644
--- a/net-analyzer/ntop/ChangeLog
+++ b/net-analyzer/ntop/ChangeLog
@@ -1,6 +1,6 @@
# ChangeLog for net-analyzer/ntop
# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/ntop/ChangeLog,v 1.1 2002/02/01 21:53:32 gbevin Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/ntop/ChangeLog,v 1.2 2002/04/25 22:26:49 tutor Exp $
*ntop-2.0 (1 Feb 2002)
@@ -11,3 +11,11 @@
comments should well explained and written in clean English. The details about
writing correct changelogs are explained in the skel.ChangeLog file which you
can find in the root directory of the portage repository.
+
+*ntop-2.0 (25 Apr 2002)
+
+ 25 Apr 2002; Pete Michaleas <tutor@gentoo.org> ntop-2.0-r1.ebuild :
+
+ Included patch to fix vulnerability with syslog() call, found in
+ util.c.
+
diff --git a/net-analyzer/ntop/files/ntop-2.0_syslog_format.patch b/net-analyzer/ntop/files/ntop-2.0_syslog_format.patch
new file mode 100644
index 000000000000..5fab91a38a47
--- /dev/null
+++ b/net-analyzer/ntop/files/ntop-2.0_syslog_format.patch
@@ -0,0 +1,29 @@
+diff -u ntop_original/util.c ntop/util.c
+--- ntop_original/util.c Thu Dec 27 02:54:29 2001
++++ ntop/util.c Thu Apr 25 17:34:55 2002
+@@ -2179,20 +2179,20 @@
+ #if 0
+ switch(traceLevel) {
+ case 0:
+- syslog(LOG_ERR, buf);
++ syslog(LOG_ERR, "%s", buf);
+ break;
+ case 1:
+- syslog(LOG_WARNING, buf);
++ syslog(LOG_WARNING, "%s", buf);
+ break;
+ case 2:
+- syslog(LOG_NOTICE, buf);
++ syslog(LOG_NOTICE, "%s", buf);
+ break;
+ default:
+- syslog(LOG_INFO, buf);
++ syslog(LOG_INFO, "%s", buf);
+ break;
+ }
+ #else
+- syslog(LOG_ERR, buf);
++ syslog(LOG_ERR, "%s", buf);
+ #endif
+ }
+ #endif
diff --git a/net-analyzer/ntop/ntop-2.0-r1.ebuild b/net-analyzer/ntop/ntop-2.0-r1.ebuild
new file mode 100644
index 000000000000..4213260774bb
--- /dev/null
+++ b/net-analyzer/ntop/ntop-2.0-r1.ebuild
@@ -0,0 +1,88 @@
+# Copyright 1999-2000 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or later
+# Author Achim Gottinger <achim@gentoo.org>, Bruce A. Locke <blocke@shivan.org>
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/ntop/ntop-2.0-r1.ebuild,v 1.1 2002/04/25 22:26:49 tutor Exp $
+
+A="${P}-src.tgz"
+S=${WORKDIR}/ntop
+DESCRIPTION="ntop is a unix tool that shows network usage like top"
+SRC_URI="http://luca.ntop.org/${A}"
+HOMEPAGE="http://www.ntop.org/ntop.html"
+
+DEPEND="virtual/glibc sys-devel/gcc
+ >=sys-libs/gdbm-1.8.0
+ >=net-libs/libpcap-0.5.2
+ ssl? ( >=dev-libs/openssl-0.9.6 )
+ mysql? ( dev-db/mysql )
+ readline? ( >=sys-libs/readline-4.1 )
+ tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"
+
+RDEPEND="${DEPEND}"
+
+src_compile() {
+
+ local myconf
+ if [ -z "`use ssl`" ] ; then
+ myconf="--disable-ssl"
+ else
+ cp configure configure.orig
+ sed -e "s:/usr/local/ssl:/usr:" configure.orig > configure
+ export CFLAGS="$CFLAGS -I/usr/include/openssl"
+ fi
+
+ use mysql || myconf="$myconf --disable-mysql"
+ use readline || myconf="$myconf --disable-readline"
+ use tcpd || myconf="$myconf --enable-tcpwrap"
+
+ # ntop 2.0 ships with its own version of gdchart... gdchart should
+ # get its own package but ntop should be built with the version it
+ # shipped with just in case future versions are incompatible -- blocke
+
+ # compile gdchart
+ cd ../gdchart0.94c
+ ./configure || die
+
+ # subtree #1
+ cd gd-1.8.3/libpng-1.0.8
+ make -f scripts/makefile.linux || die
+
+ # subtree #2
+ cd ../../zlib-1.1.3/
+ ./configure || die
+ make || die
+
+ # gdchart make
+ cd ../
+ make || die
+
+ # now ntop itself...
+ cd ../ntop
+ # fix syslog() format strings vulnerability.
+ patch -p1 < ${FILESDIR}/ntop-2.0_syslog_format.patch
+ try ./configure --prefix=/usr --sysconfdir=/usr/share --mandir=/usr/share/man --host=${CHOST} $myconf
+ try make
+
+}
+
+src_install () {
+
+ # slight issue with man file installation
+ mv Makefile Makefile.orig
+ sed 's/man_MANS = ntop.8 intop\/intop.1//g' Makefile.orig > Makefile
+
+ try make prefix=${D}/usr sysconfdir=/${D}/usr/share mandir=${D}/usr/share/man install
+
+ # fixme: bad handling of plugins (in /usr/lib with unsuggestive names)
+ # (don't know if there is a clean way to handle it)
+
+ doman ntop-rules.8 ntop.8
+
+ dodoc AUTHORS CONTENTS COPYING ChangeLog INSTALL MANIFESTO NEWS
+ dodoc PORTING README SUPPORT_NTOP.txt THANKS
+
+ docinto html
+ dodoc ntop.html
+}
+
+
+