Bug#685936: unblock: apr-util/1.4.1-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package apr-util
It fixes a bug with truncated sha512 password hashes that is annoying
to debug in some web server configurations, and the fix is trivial and
unlikely to break anything. Debdiff is attached.
unblock apr-util/1.4.1-3
diff -Nru apr-util-1.4.1/debian/changelog apr-util-1.4.1/debian/changelog
--- apr-util-1.4.1/debian/changelog 2012-05-20 22:14:38.000000000 +0200
+++ apr-util-1.4.1/debian/changelog 2012-08-15 20:10:55.000000000 +0200
@@ -1,3 +1,10 @@
+apr-util (1.4.1-3) unstable; urgency=low
+
+ * Fix apr_password_validate() to work with sha512-crypt hashes.
+ Closes: #684268
+
+ -- Stefan Fritsch <sf@debian.org> Wed, 15 Aug 2012 20:10:55 +0200
+
apr-util (1.4.1-2) unstable; urgency=low
* Remove obsolete version on binutils dependency. Closes: #666260
diff -Nru apr-util-1.4.1/debian/patches/fix-sha512.patch apr-util-1.4.1/debian/patches/fix-sha512.patch
--- apr-util-1.4.1/debian/patches/fix-sha512.patch 1970-01-01 01:00:00.000000000 +0100
+++ apr-util-1.4.1/debian/patches/fix-sha512.patch 2012-08-15 20:07:46.000000000 +0200
@@ -0,0 +1,13 @@
+Index: apr-util/crypto/apr_md5.c
+===================================================================
+--- apr-util.orig/crypto/apr_md5.c
++++ apr-util/crypto/apr_md5.c
+@@ -698,7 +698,7 @@
+ APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd,
+ const char *hash)
+ {
+- char sample[120];
++ char sample[200];
+ #if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
+ char *crypt_pw;
+ #endif
diff -Nru apr-util-1.4.1/debian/patches/series apr-util-1.4.1/debian/patches/series
--- apr-util-1.4.1/debian/patches/series 2012-05-19 23:38:25.000000000 +0200
+++ apr-util-1.4.1/debian/patches/series 2012-08-15 20:08:22.000000000 +0200
@@ -8,3 +8,4 @@
apu_config_dont_list_indep_libs.patch
disable_expat_buildconf.patch
avoid_db_by-default.patch
+fix-sha512.patch
Reply to: