OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 21-Jan-2007 00:15:45
Branch: HEAD Handle: 2007012023154400
Added files:
openpkg-src/apache apache.patch.modauthradius
Modified files:
openpkg-src/apache apache.spec
Log:
Security Fix (CVE-2005-0108)
Summary:
Revision Changes Path
1.1 +21 -0 openpkg-src/apache/apache.patch.modauthradius
1.371 +3 -1 openpkg-src/apache/apache.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/apache/apache.patch.modauthradius
============================================================================
$ cvs diff -u -r0 -r1.1 apache.patch.modauthradius
--- /dev/null 2007-01-21 00:15:29 +0100
+++ apache.patch.modauthradius 2007-01-21 00:15:44 +0100
@@ -0,0 +1,21 @@
+Security Fix (CVE-2005-0108)
+http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-02
+
+Index: mod_auth_radius.c
+--- mod_auth_radius.c.orig 2003-03-24 20:16:15 +0100
++++ mod_auth_radius.c 2007-01-21 00:12:03 +0100
+@@ -971,9 +971,12 @@
+ }
+ return attr;
+ }
+-#define radcpy(STRING, ATTR) {memcpy(STRING, ATTR->data, ATTR->length - 2);
\
+- (STRING)[ATTR->length - 2] = 0;}
+
++#define radcpy(STRING, ATTR) do { \
++ unsigned char len = ATTR->length; \
++ if (len >= 2) len-=2; \
++ memcpy(STRING, ATTR->data, len); \
++ (STRING)[len] = 0;} while (0)
+
+ /* authentication module utility functions */
+ static int
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/apache/apache.spec
============================================================================
$ cvs diff -u -r1.370 -r1.371 apache.spec
--- openpkg-src/apache/apache.spec 20 Jan 2007 14:18:04 -0000 1.370
+++ openpkg-src/apache/apache.spec 20 Jan 2007 23:15:44 -0000 1.371
@@ -68,7 +68,7 @@
Group: Web
License: ASF
Version: %{V_apache}
-Release: 20070120
+Release: 20070121
# package options (suexec related)
%option with_suexec yes
@@ -230,6 +230,7 @@
Patch4: apache.patch.suphp
Patch5: apache.patch.php
Patch6: apache.patch.modauthkerb
+Patch7: apache.patch.modauthradius
# build information
Prefix: %{l_prefix}
@@ -617,6 +618,7 @@
%endif
%if "%{with_mod_auth_radius}" == "yes"
%setup -q -T -D -a 15
+ %patch -p0 -d mod_auth_radius-%{V_mod_auth_radius} -P 7
%endif
%if "%{with_mod_auth_mysql}" == "yes"
%setup -q -T -D -a 16
@@ .
______________________________________________________________________
OpenPKG http://openpkg.org
CVS Repository Commit List [email protected]
