On Wed, May 28, 2003 at 04:45:46AM -0000, Justin Erenkrantz wrote: > jerenkrantz 2003/05/27 21:45:46 > > Modified: . CHANGES configure.in > build apu-hints.m4 > crypto apr_md5.c > test .cvsignore Makefile.in > Added: test testpass.c > Log: > SECURITY [httpd incident CAN-2003-0189] Address a thread safety issue with > apr_password_validate() on AIX, Linux, Mac OS X, and possibly other > platforms. > > We didn't move the crypt_r checks from apr to apr-util when we moved > apr_password_validate. Add testpass.c to ensure we don't regress.
I looked into moving the macro but there was a nasty gotcha, maybe this is what you found too: the glibc-style crypt_r implementation relies on -D_GNU_SOURCE being in CPPFLAGS, but any additions to CPPFLAGS made by the apr-util configure script are dropped on the floor. (since apr-util/crypto/Makefile just includes apr_rules.mk from APR) joe
