From 8db4b37afced56955732a3afa169b77f6b07663f Mon Sep 17 00:00:00 2001
From: =?utf8?q?Elan=20Ruusam=C3=A4e?= <glen@pld-linux.org>
Date: Tue, 6 Apr 2010 21:54:45 +0000
Subject: [PATCH] - two more patches from fc

Changed files:
    ntop-http_c.patch -> 1.1
    ntop-running-user.patch -> 1.1
    ntop.spec -> 1.86
---
 ntop-http_c.patch       | 27 +++++++++++++++++++++++++++
 ntop-running-user.patch | 13 +++++++++++++
 ntop.spec               |  7 ++++++-
 3 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 ntop-http_c.patch
 create mode 100644 ntop-running-user.patch

diff --git a/ntop-http_c.patch b/ntop-http_c.patch
new file mode 100644
index 0000000..3596067
--- /dev/null
+++ b/ntop-http_c.patch
@@ -0,0 +1,27 @@
+revision 1.3
+date: 2009/10/10 06:09:31;  author: rakesh;  state: Exp;  lines: +11 -9
+Patch7: ntop-http_c_user.patch for #518264 (CVE-2009-2732)
+----------------------------
+revision 1.2
+date: 2009/08/05 15:25:07;  author: rakesh;  state: dead;  lines: +0 -0
+
+ - Updated to 3.3.10, updated geoip patch
+ - lua_wget patch to prevent wget lua
+ - removed ntop-http_c.patch
+----------------------------
+revision 1.1
+date: 2009/03/17 08:28:30;  author: rakesh;  state: Exp;
+Fixed world-writable access log (#490561)
+
+--- ntop-3.3.10.org/http.c	2009-09-13 14:23:48.895204786 +0530
++++ ntop-3.3.10/http.c	2009-09-13 14:45:35.603204376 +0530
+@@ -3439,6 +3439,9 @@
+     strncpy(thePw, &outBuffer[i+1], thePwLen-1)[thePwLen-1] = '\0';
+   }
+ 
++  if(user == NULL)
++    user = "";
++
+   if(strlen(user) >= sizeof(theHttpUser)) user[sizeof(theHttpUser)-1] = '\0';
+   strcpy(theHttpUser, user);
+ 
diff --git a/ntop-running-user.patch b/ntop-running-user.patch
new file mode 100644
index 0000000..a60f10d
--- /dev/null
+++ b/ntop-running-user.patch
@@ -0,0 +1,13 @@
+--- ntop-3.2/prefs.c	2005-09-29 10:39:06.000000000 +1200
++++ ntop-3.2/prefs.c.mjk	2006-07-06 17:34:34.000000000 +1200
+@@ -772,8 +772,8 @@
+       /* We're root */
+       char *user;
+ 
+-      pw = getpwnam(user = "nobody");
+-      if(pw == NULL) pw = getpwnam(user = "anonymous");
++      pw = getpwnam(user = "ntop");
++      if(pw == NULL) pw = getpwnam(user = "nobody");
+ 
+       if(pw != NULL) {
+ 	myGlobals.userId  = pw->pw_uid;
diff --git a/ntop.spec b/ntop.spec
index 8b2b57f..7bcef49 100644
--- a/ntop.spec
+++ b/ntop.spec
@@ -1,6 +1,7 @@
 # TODO
 # - see if it uses system files for ettercap and geoip files we did not package
-# - see if /etc/ntop/oui.txt.gz can be externalized (whatever it is)
+# - see if /etc/ntop/oui.txt.gz can be externalized (ethernet vendor id file),
+#   hwdata uses same file for example. url: http://linux.die.net/man/1/get-oui
 #
 # Conditional build:
 %bcond_with	mysql	# with mysql support
@@ -21,6 +22,8 @@ Patch1:		%{name}-config.patch
 Patch2:		%{name}-am.patch
 Patch3:		%{name}-lua_wget.patch
 Patch4:		%{name}-geoip.patch
+Patch5:		%{name}-http_c.patch
+Patch6:		%{name}-running-user.patch
 URL:		http://www.ntop.org/
 BuildRequires:	GeoIP-devel
 BuildRequires:	autoconf
@@ -77,6 +80,8 @@ robi to popularna uniksowa komenda top.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
 
 # taken from autogen.sh
 cp -f %{_aclocaldir}/libtool.m4 libtool.m4.in
-- 
2.43.0