thanks a lot i guessed so but could not find the proof. regards Niall O'Higgins wrote:
>On Wed, Nov 23, 2005 at 10:31:21PM +0200, BY wrote: > > > >This is a funny one. > >Diff mod_ssl 2.8.18 and 2.8.19 and you'll get the fix for the format >string bug (inline at the end of this email). > >Look at src/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c and you'll >see we have this fix. > >Look at the cvs log for revision 1.10 of that file, and you'll see >this: > >revision 1.10 >date: 2003/06/01 15:53:41; author: deraadt; state: Exp; lines: +1 -1 >various format string cleanups; tedu ok > >Note the date; fixed in OpenBSD over a year before the mod_ssl people fixed it. >[http://marc.theaimsgroup.com/?l=apache-modssl&m=109001100906749&w=2] > >diff -u mod_ssl-2.8.18-1.3.31/pkg.sslmod/libssl.version ./libssl.version >@@ -1 +1 @@ >-mod_ssl/2.8.18-1.3.31 >+mod_ssl/2.8.19-1.3.31 >diff -u mod_ssl-2.8.18-1.3.31/pkg.sslmod/ssl_engine_ext.c ./ssl_engine_ext.c >--- mod_ssl-2.8.18-1.3.31/pkg.sslmod/ssl_engine_ext.c Tue May 11 19:39:40 2004 >+++ ./ssl_engine_ext.c Fri Jul 16 08:57:33 2004 >@@ -524,7 +524,7 @@ > #endif > errmsg = ap_psprintf(r->pool, "SSL proxy connect failed (%s): peer > %s: %s", > cpVHostID, peer, > ERR_reason_error_string(ERR_get_error())); >- ssl_log(r->server, SSL_LOG_ERROR, errmsg); >+ ssl_log(r->server, SSL_LOG_ERROR, "%s", errmsg); > SSL_free(ssl); > ap_ctx_set(fb->ctx, "ssl", NULL); > return errmsg;