rpms/apachetop/F-9 apachetop-0.12.6-maxpathlen.patch, NONE, 1.1 apachetop.spec, 1.15, 1.16

Sat Jun 21 14:21:24 UTC 2008

Author: robert

Update of /cvs/pkgs/rpms/apachetop/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv351/F-9

Modified Files:
	apachetop.spec 
Added Files:
	apachetop-0.12.6-maxpathlen.patch 
Log Message:
Fixed a buffer overflow by wrong MAXPATHLEN define (#446199)


apachetop-0.12.6-maxpathlen.patch:

--- NEW FILE apachetop-0.12.6-maxpathlen.patch ---
Patch by Robert Scheck <robert at fedoraproject.org> for apachetop <= 0.12.6, which
adds some includes in order to have a real change to get MAXPATHLEN defined with
a valid value. Once MAXPATHLEN really gets filled with 128, it will just cause a
buffer overflow.

See Red Hat Bugzilla #446199 (https://bugzilla.redhat.com/show_bug.cgi?id=446199)
for more information. This patch should solve the mentioned bug report and should
be sane enough to get included by upstream of apachetop for the next release. It
is important to run autoheader before ./configure to get these changes activated.

--- apachetop-0.12.6/configure.ac		2005-10-27 18:39:25.000000000 +0200
+++ apachetop-0.12.6/configure.ac.maxpathlen	2008-06-21 16:00:38.000000000 +0200
@@ -34,7 +34,8 @@
 # Checks for header files.
 AC_HEADER_STDC
 AC_CHECK_HEADERS([arpa/inet.h netdb.h netinet/in.h \
-		string.h strings.h sys/socket.h time.h sys/time.h])
+		string.h strings.h sys/socket.h time.h sys/time.h \
+		limits.h sys/param.h])
 
 # Checks for typedefs, structures, and compiler characteristics.
 #AC_HEADER_STDBOOL # not in 2.53?
--- apachetop-0.12.6/src/apachetop.h		2005-10-15 18:10:01.000000000 +0200
+++ apachetop-0.12.6/src/apachetop.h.maxpatlen	2008-06-21 16:02:00.000000000 +0200
@@ -89,8 +89,12 @@
 #define getMIN(a,b) (a < b ? a : b)
 #define getMAX(a,b) (a > b ? a : b)
 
-#ifndef MAXPATHLEN
-# define MAXPATHLEN 128
+#ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+#endif
+ 
+#if HAVE_LIMITS_H
+# include <limits.h>
 #endif
 
 /* upon startup, each input file is put into an element of this array,


Index: apachetop.spec
===================================================================
RCS file: /cvs/pkgs/rpms/apachetop/F-9/apachetop.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- apachetop.spec	18 Feb 2008 18:12:01 -0000	1.15
+++ apachetop.spec	21 Jun 2008 14:19:30 -0000	1.16
@@ -1,15 +1,16 @@
 Name:           apachetop
 Version:        0.12.6
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        A top-like display of Apache logs
 
 Group:          Applications/Internet
 License:        BSD
 URL:            http://www.webta.org/projects/apachetop
-Source0:        http://www.webta.org/apachetop/apachetop-0.12.6.tar.gz
+Source0:        http://www.webta.org/apachetop/apachetop-%{version}.tar.gz
+Patch:          apachetop-0.12.6-maxpathlen.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-BuildRequires:  ncurses-devel, m4, readline-devel
+BuildRequires:  ncurses-devel, m4, readline-devel, autoconf, automake
 
 %description
 ApacheTop watches a logfile generated by Apache (in standard common or
@@ -19,6 +20,8 @@
 
 %prep
 %setup -q
+%patch -p1 -b .maxpathlen
+autoheader
 
 
 %build
@@ -43,6 +46,9 @@
 
 
 %changelog
+* Sat Jun 21 2008 Robert Scheck <robert at fedoraproject.org> 0.12.6-5
+- Fixed a buffer overflow by wrong MAXPATHLEN define (#446199)
+
 * Mon Feb 18 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 0.12.6-4
 - Autorebuild for GCC 4.3
 


