Ubuntu
libapache2-mod-auth-pgsql package

41b5169... by Andreas Hasenack on 2017-07-13: Updated DEP3 header with forwarded info and a small syntax fix.
7857ad9... by Andreas Hasenack on 2017-07-13: update-maintainer

LocutusOfBorg (costamagnagianfranco) wrote on 2017-07-13:

uploaded

review: Approve

LocutusOfBorg (costamagnagianfranco) wrote on 2017-07-13:

with a little change in maintainer and dep3 header patch

Robie Basak (racb) wrote on 2017-07-13:

Upload tag upload/2.0.3-6.1ubuntu1 pushed; tree matches existing tag pkg import/2.0.3-6.1ubuntu1.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Andreas Hasenack

Ubuntu Server Dev import team

 diff --git a/debian/changelog b/debian/changelog
 index 5156bbc..ac7f61b 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,10 @@
++libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu1) artful; urgency=medium
++
++  * d/p/crypt-check-null-1698758.patch: check for a NULL return from crypt(3)
++    (LP: #1698758)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 22 Jun 2017 14:34:03 -0300
++
  libapache2-mod-auth-pgsql (2.0.3-6.1) unstable; urgency=medium
    * Non-maintainer upload.
 diff --git a/debian/control b/debian/control
 index 0882707..2187ec0 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,5 +1,6 @@
  Source: libapache2-mod-auth-pgsql
--Maintainer: Marco Nenciarini <mnencia@debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Marco Nenciarini <mnencia@debian.org>
  Section: httpd
  Priority: extra
  Standards-Version: 3.9.4
 diff --git a/debian/patches/crypt-check-null-1698758.patch b/debian/patches/crypt-check-null-1698758.patch
 new file mode 100644
 index 0000000..012a77a
 --- /dev/null
 +++ b/debian/patches/crypt-check-null-1698758.patch
@@ -0,0 +1,25 @@
++Description: check for a NULL return from crypt(3)
++ crypt(3) will return NULL in the case of errors, like if an
++ unsupported hash algorithm is used, or incorrect salt options
++ are passed.
++Author: Andreas Hasenack <andreas@canonical.com>
++Bug-Debian: https://bugs.debian.org/865553
++Bug-Ubuntu: https://launchpad.net/bugs/1698758
++Forwarded: yes (emailed Giuseppe Tanzilli <info@giuseppetanzilli.it>)
++Last-Update: 2017-07-13
++
++--- libapache2-mod-auth-pgsql-2.0.3.orig/mod_auth_pgsql.c
+++++ libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c
++@@ -868,6 +868,12 @@ static authn_status check_password(reque
++ 			break;
++ 		case AUTH_PG_HASH_TYPE_CRYPT:
++ 			sent_pw = (char *) crypt(sent_pw, real_pw);
+++			if (!sent_pw) {
+++				apr_snprintf(pg_errstr, MAX_STRING_LEN,
+++						 "PG user %s: unsupported CRYPT format", user);
+++				ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr);
+++				return AUTH_DENIED;
+++			}
++ 			break;
++ 		case AUTH_PG_HASH_TYPE_BASE64:
++ 			sent_pw = auth_pg_base64(sent_pw);
 diff --git a/debian/patches/series b/debian/patches/series
 index 5eff60a..0746b9a 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -3,3 +3,4 @@ documentation.patch
  encoding.patch
  apache-2.4.patch
  fixdoublefree.patch
++crypt-check-null-1698758.patch

Ubuntulibapache2-mod-auth-pgsql package

Merge ~ahasenack/ubuntu/+source/libapache2-mod-auth-pgsql:artful-mod-auth-pgsql-null-check-1698758 into ~usd-import-team/ubuntu/+source/libapache2-mod-auth-pgsql:ubuntu/devel

Commit Message

Description of the Change

Preview Diff

Subscribers

Ubuntu
libapache2-mod-auth-pgsql package