Your message dated Sun, 26 Aug 2012 21:00:16 +0100
with message-id <b6b533bc1f076787f6f580376d476...@mail.adsl.funky-badger.org>
and subject line Re: Bug#685936: unblock: apr-util/1.4.1-3
has caused the Debian Bug report #685936,
regarding unblock: apr-util/1.4.1-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
685936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685936
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package apr-util
It fixes a bug with truncated sha512 password hashes that is annoying
to debug in some web server configurations, and the fix is trivial and
unlikely to break anything. Debdiff is attached.
unblock apr-util/1.4.1-3
diff -Nru apr-util-1.4.1/debian/changelog apr-util-1.4.1/debian/changelog
--- apr-util-1.4.1/debian/changelog 2012-05-20 22:14:38.000000000 +0200
+++ apr-util-1.4.1/debian/changelog 2012-08-15 20:10:55.000000000 +0200
@@ -1,3 +1,10 @@
+apr-util (1.4.1-3) unstable; urgency=low
+
+ * Fix apr_password_validate() to work with sha512-crypt hashes.
+ Closes: #684268
+
+ -- Stefan Fritsch <s...@debian.org> Wed, 15 Aug 2012 20:10:55 +0200
+
apr-util (1.4.1-2) unstable; urgency=low
* Remove obsolete version on binutils dependency. Closes: #666260
diff -Nru apr-util-1.4.1/debian/patches/fix-sha512.patch apr-util-1.4.1/debian/patches/fix-sha512.patch
--- apr-util-1.4.1/debian/patches/fix-sha512.patch 1970-01-01 01:00:00.000000000 +0100
+++ apr-util-1.4.1/debian/patches/fix-sha512.patch 2012-08-15 20:07:46.000000000 +0200
@@ -0,0 +1,13 @@
+Index: apr-util/crypto/apr_md5.c
+===================================================================
+--- apr-util.orig/crypto/apr_md5.c
++++ apr-util/crypto/apr_md5.c
+@@ -698,7 +698,7 @@
+ APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd,
+ const char *hash)
+ {
+- char sample[120];
++ char sample[200];
+ #if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
+ char *crypt_pw;
+ #endif
diff -Nru apr-util-1.4.1/debian/patches/series apr-util-1.4.1/debian/patches/series
--- apr-util-1.4.1/debian/patches/series 2012-05-19 23:38:25.000000000 +0200
+++ apr-util-1.4.1/debian/patches/series 2012-08-15 20:08:22.000000000 +0200
@@ -8,3 +8,4 @@
apu_config_dont_list_indep_libs.patch
disable_expat_buildconf.patch
avoid_db_by-default.patch
+fix-sha512.patch
--- End Message ---
--- Begin Message ---
On 26.08.2012 19:58, Stefan Fritsch wrote:
Please unblock package apr-util
It fixes a bug with truncated sha512 password hashes that is annoying
to debug in some web server configurations, and the fix is trivial
and
unlikely to break anything. Debdiff is attached.
Unblocked; thanks.
Regards,
Adam
--- End Message ---