From: Jakub Bogusz <qboosh@pld-linux.org>
Date: Wed, 26 Feb 2003 14:25:42 +0000 (+0000)
Subject: - fix for possible format string problem
X-Git-Tag: auto/ac/apache-2_0_49-0_2~8
X-Git-Url: http://git.pld-linux.org/?a=commitdiff_plain;h=76c318f23086a2763c914d7d423ba447c71ace9f;p=packages%2Fapache1-mod_dav.git

- fix for possible format string problem
  (doesn't affect directly mod_dav, but can lead to security hole in
   connection with some other programs - e.g. Oracle 9i)

Changed files:
    apache-mod_dav-format.patch -> 1.1
    apache1-mod_dav-format.patch -> 1.1
---

diff --git a/apache-mod_dav-format.patch b/apache-mod_dav-format.patch
new file mode 100644
index 0000000..890eb8f
--- /dev/null
+++ b/apache-mod_dav-format.patch
@@ -0,0 +1,11 @@
+--- mod_dav-1.0.3-1.3.6/mod_dav.c.orig	Sun Sep 23 00:22:39 2001
++++ mod_dav-1.0.3-1.3.6/mod_dav.c	Wed Feb 26 15:07:31 2003
+@@ -2298,7 +2298,7 @@
+ 	if (lookup.err.status == HTTP_BAD_REQUEST) {
+ 	    /* This supplies additional information for the default message. */
+ 	    ap_log_rerror(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, r,
+-			  lookup.err.desc);
++			  "%s", lookup.err.desc);
+ 	    return HTTP_BAD_REQUEST;
+ 	}
+ 
diff --git a/apache1-mod_dav-format.patch b/apache1-mod_dav-format.patch
new file mode 100644
index 0000000..890eb8f
--- /dev/null
+++ b/apache1-mod_dav-format.patch
@@ -0,0 +1,11 @@
+--- mod_dav-1.0.3-1.3.6/mod_dav.c.orig	Sun Sep 23 00:22:39 2001
++++ mod_dav-1.0.3-1.3.6/mod_dav.c	Wed Feb 26 15:07:31 2003
+@@ -2298,7 +2298,7 @@
+ 	if (lookup.err.status == HTTP_BAD_REQUEST) {
+ 	    /* This supplies additional information for the default message. */
+ 	    ap_log_rerror(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, r,
+-			  lookup.err.desc);
++			  "%s", lookup.err.desc);
+ 	    return HTTP_BAD_REQUEST;
+ 	}
+