Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package apr-util It fixes a bug with truncated sha512 password hashes that is annoying to debug in some web server configurations, and the fix is trivial and unlikely to break anything. Debdiff is attached. unblock apr-util/1.4.1-3
diff -Nru apr-util-1.4.1/debian/changelog apr-util-1.4.1/debian/changelog --- apr-util-1.4.1/debian/changelog 2012-05-20 22:14:38.000000000 +0200 +++ apr-util-1.4.1/debian/changelog 2012-08-15 20:10:55.000000000 +0200 @@ -1,3 +1,10 @@ +apr-util (1.4.1-3) unstable; urgency=low + + * Fix apr_password_validate() to work with sha512-crypt hashes. + Closes: #684268 + + -- Stefan Fritsch <s...@debian.org> Wed, 15 Aug 2012 20:10:55 +0200 + apr-util (1.4.1-2) unstable; urgency=low * Remove obsolete version on binutils dependency. Closes: #666260 diff -Nru apr-util-1.4.1/debian/patches/fix-sha512.patch apr-util-1.4.1/debian/patches/fix-sha512.patch --- apr-util-1.4.1/debian/patches/fix-sha512.patch 1970-01-01 01:00:00.000000000 +0100 +++ apr-util-1.4.1/debian/patches/fix-sha512.patch 2012-08-15 20:07:46.000000000 +0200 @@ -0,0 +1,13 @@ +Index: apr-util/crypto/apr_md5.c +=================================================================== +--- apr-util.orig/crypto/apr_md5.c ++++ apr-util/crypto/apr_md5.c +@@ -698,7 +698,7 @@ + APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd, + const char *hash) + { +- char sample[120]; ++ char sample[200]; + #if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) + char *crypt_pw; + #endif diff -Nru apr-util-1.4.1/debian/patches/series apr-util-1.4.1/debian/patches/series --- apr-util-1.4.1/debian/patches/series 2012-05-19 23:38:25.000000000 +0200 +++ apr-util-1.4.1/debian/patches/series 2012-08-15 20:08:22.000000000 +0200 @@ -8,3 +8,4 @@ apu_config_dont_list_indep_libs.patch disable_expat_buildconf.patch avoid_db_by-default.patch +fix-sha512.patch