rpms/mod_auth_pgsql/FC-4 mod_auth_pgsql-2.0.1-CVE-2005-3656.patch, NONE, 1.1 mod_auth_pgsql.spec, 1.18, 1.19
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Jan 6 08:51:17 UTC 2006
- Previous message (by thread): rpms/mod_auth_pgsql/FC-3 mod_auth_pgsql-2.0.1-CVE-2005-3656.patch, NONE, 1.1 mod_auth_pgsql-2.0.1-ruser.patch, NONE, 1.1 mod_auth_pgsql.spec, 1.18, 1.19 mod_auth_pgsql-2.0.1-crasher.patch, 1.1, NONE
- Next message (by thread): rpms/mod_auth_pgsql/FC-3 mod_auth_pgsql.spec,1.19,1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jorton
Update of /cvs/dist/rpms/mod_auth_pgsql/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv6360
Modified Files:
mod_auth_pgsql.spec
Added Files:
mod_auth_pgsql-2.0.1-CVE-2005-3656.patch
Log Message:
* Fri Jan 6 2006 Joe Orton <jorton at redhat.com> 2.0.1-8.1
- add security fix for CVE-2005-3656
- don't strip .so file so debuginfo works
mod_auth_pgsql-2.0.1-CVE-2005-3656.patch:
mod_auth_pgsql.c | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
--- NEW FILE mod_auth_pgsql-2.0.1-CVE-2005-3656.patch ---
--- mod_auth_pgsql-2.0.1/mod_auth_pgsql.c.cve3656
+++ mod_auth_pgsql-2.0.1/mod_auth_pgsql.c
@@ -808,7 +808,7 @@
return DECLINED;
}
}
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
return res;
}
@@ -819,7 +819,7 @@
apr_snprintf(pg_errstr, MAX_STRING_LEN,
"[mod_auth_pgsql.c] - Empty password accepted for user \"%s\"",
user);
- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, pg_errstr);
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "%s", pg_errstr);
pg_log_auth_user(r, sec, user, sent_pw);
return OK;
};
@@ -831,7 +831,7 @@
apr_snprintf(pg_errstr, MAX_STRING_LEN,
"[mod_auth_pgsql.c] - Empty password rejected for user \"%s\"",
user);
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
ap_note_basic_auth_failure(r);
return HTTP_UNAUTHORIZED;
};
@@ -861,7 +861,7 @@
? strcasecmp(real_pw, sent_pw) : strcmp(real_pw, sent_pw)) {
apr_snprintf(pg_errstr, MAX_STRING_LEN,
"PG user %s: password mismatch", user);
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
ap_note_basic_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
@@ -921,7 +921,7 @@
apr_snprintf(pg_errstr, MAX_STRING_LEN,
"mod_auth_pgsql: user %s denied, no access rules specified (PG-Authoritative)",
user);
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
ap_note_basic_auth_failure(r);
res = HTTP_UNAUTHORIZED;
} else {
@@ -951,7 +951,7 @@
apr_snprintf(pg_errstr, MAX_STRING_LEN,
"mod_auth_pgsql: user %s denied, no access rules specified (PG-Authoritative)",
user);
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
ap_note_basic_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
@@ -967,7 +967,7 @@
};
if (pg_errstr[0]) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
return HTTP_INTERNAL_SERVER_ERROR;
}
@@ -978,7 +978,7 @@
apr_snprintf(pg_errstr, MAX_STRING_LEN,
"[mod_auth_pgsql.c] - user %s not in right groups (PG-Authoritative)",
user);
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
ap_note_basic_auth_failure(r);
return HTTP_UNAUTHORIZED;
};
Index: mod_auth_pgsql.spec
===================================================================
RCS file: /cvs/dist/rpms/mod_auth_pgsql/FC-4/mod_auth_pgsql.spec,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- mod_auth_pgsql.spec 13 Apr 2005 08:18:03 -0000 1.18
+++ mod_auth_pgsql.spec 6 Jan 2006 08:51:15 -0000 1.19
@@ -3,7 +3,7 @@
Summary: Basic authentication for the Apache web server using a PostgreSQL database.
Name: mod_auth_pgsql
Version: 2.0.1
-Release: 8
+Release: 8.1
Group: System Environment/Daemons
URL: http://www.giuseppetanzilli.it/mod_auth_pgsql2/
Source: http://www.giuseppetanzilli.it/mod_auth_pgsql2/dist/mod_auth_pgsql-%{version}.tar.gz
@@ -12,6 +12,7 @@
Patch1: mod_auth_pgsql-2.0.1-pgconn.patch
Patch2: mod_auth_pgsql-2.0.1-static.patch
Patch3: mod_auth_pgsql-2.0.1-crasher.patch
+Patch4: mod_auth_pgsql-2.0.1-CVE-2005-3656.patch
License: Apache Software License
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildPrereq: httpd-devel >= 2.0.40-6, postgresql-devel
@@ -28,16 +29,15 @@
%patch1 -p1 -b .pgconn
%patch2 -p1 -b .static
%patch3 -p1 -b .crasher
+%patch4 -p1 -b .cve3656
%build
%{_sbindir}/apxs -c %{name}.c -lpq
-mv .libs/%{name}.so .
-%{__strip} -g %{name}.so
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{_libdir}/httpd/modules
-install -m755 %{name}.so $RPM_BUILD_ROOT%{_libdir}/httpd/modules
+install -m755 .libs/%{name}.so $RPM_BUILD_ROOT%{_libdir}/httpd/modules
# Install the config file
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
@@ -59,6 +59,10 @@
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*.conf
%changelog
+* Fri Jan 6 2006 Joe Orton <jorton at redhat.com> 2.0.1-8.1
+- add security fix for CVE-2005-3656
+- don't strip .so file so debuginfo works
+
* Wed Apr 13 2005 Joe Orton <jorton at redhat.com> 2.0.1-8
- rebuild for new libpq
- Previous message (by thread): rpms/mod_auth_pgsql/FC-3 mod_auth_pgsql-2.0.1-CVE-2005-3656.patch, NONE, 1.1 mod_auth_pgsql-2.0.1-ruser.patch, NONE, 1.1 mod_auth_pgsql.spec, 1.18, 1.19 mod_auth_pgsql-2.0.1-crasher.patch, 1.1, NONE
- Next message (by thread): rpms/mod_auth_pgsql/FC-3 mod_auth_pgsql.spec,1.19,1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list