- added security patch - heap overflows and format strings (BugTraqID 7388,7393)
Changed files:
apache-mod_ntlm-security.patch -> 1.1
apache1-mod_ntlm-security.patch -> 1.1
apache1-mod_ntlm.spec -> 1.15
--- /dev/null
+Fixes vulnerabilities in log() and flog() functions:
+heap overflows (BugTraqID 7388)
+format strings (BugTraqID 7393)
+insecure file access in /tmp
+diff -Nur mod_ntlm-0.4.orig/mod_ntlm.c mod_ntlm-0.4/mod_ntlm.c
+--- mod_ntlm-0.4.orig/mod_ntlm.c 2003-02-21 02:55:13.000000000 +0100
++++ mod_ntlm-0.4/mod_ntlm.c 2003-10-25 23:03:34.470322328 +0200
+@@ -48,9 +48,9 @@
+ if ((s = (char *) malloc(2048)) == NULL)
+ return;
+ va_start(ap, format);
+- vsprintf(s, format, ap);
++ vsnprintf(s, 2048, format, ap);
+ va_end(ap);
+- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_NOTICE, r, s);
++ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_NOTICE, r, "%s", s);
+ free(s);
+ }
+ static void
+@@ -63,9 +63,9 @@
+ if ((s = (char *) malloc(2048)) == NULL)
+ return;
+ va_start(ap, format);
+- vsprintf(s, format, ap);
++ vsnprintf(s, 2048, format, ap);
+ va_end(ap);
+- if ((f = fopen("/tmp/mod_ntlm.log", "a")) != NULL) {
++ if ((f = fopen("/var/log/mod_ntlm.log", "a")) != NULL) {
+ fputs(s, f);
+ fputs("\n", f);
+ fclose(f);
--- /dev/null
+Fixes vulnerabilities in log() and flog() functions:
+heap overflows (BugTraqID 7388)
+format strings (BugTraqID 7393)
+insecure file access in /tmp
+diff -Nur mod_ntlm-0.4.orig/mod_ntlm.c mod_ntlm-0.4/mod_ntlm.c
+--- mod_ntlm-0.4.orig/mod_ntlm.c 2003-02-21 02:55:13.000000000 +0100
++++ mod_ntlm-0.4/mod_ntlm.c 2003-10-25 23:03:34.470322328 +0200
+@@ -48,9 +48,9 @@
+ if ((s = (char *) malloc(2048)) == NULL)
+ return;
+ va_start(ap, format);
+- vsprintf(s, format, ap);
++ vsnprintf(s, 2048, format, ap);
+ va_end(ap);
+- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_NOTICE, r, s);
++ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_NOTICE, r, "%s", s);
+ free(s);
+ }
+ static void
+@@ -63,9 +63,9 @@
+ if ((s = (char *) malloc(2048)) == NULL)
+ return;
+ va_start(ap, format);
+- vsprintf(s, format, ap);
++ vsnprintf(s, 2048, format, ap);
+ va_end(ap);
+- if ((f = fopen("/tmp/mod_ntlm.log", "a")) != NULL) {
++ if ((f = fopen("/var/log/mod_ntlm.log", "a")) != NULL) {
+ fputs(s, f);
+ fputs("\n", f);
+ fclose(f);
%define mod_name ntlm
%define apxs /usr/sbin/apxs
Summary: This is the NTLM authentication module for Apache
-Summary(pl): Modu³ autentykacji NTLM dla Apache
+Summary(pl): Modu³ uwierzytelnienia NTLM dla Apache
Name: apache-mod_%{mod_name}
-Version: 0.3
-Release: 3
+Version: 0.4
+Release: 1
License: GPL
Group: Networking/Daemons
Source0: http://dl.sourceforge.net/modntlm/mod_%{mod_name}-%{version}.tar.gz
-# Source0-md5: fff67ce0ddb524588ea01cb4a015890c
+# Source0-md5: 5e9b8d1abf872926d6ff01a05a7deb2a
+Patch0: %{name}-security.patch
URL: http://modntlm.sourceforge.net/
BuildRequires: %{apxs}
BuildRequires: apache(EAPI)-devel
NTLM protocol).
%description -l pl
-To jest modu³ autentykacji dla Apache pozwalaj±cy na autentykacjê
-klientów HTTP poprzez sambê lub serwer na Windows (z u¿yciem protoko³u
-NTLM).
+To jest modu³ uwierzytelnienia dla Apache pozwalaj±cy na
+uwierzytelnianie klientów HTTP poprzez sambê lub serwer na Windows (z
+u¿yciem protoko³u NTLM).
%prep
%setup -q -n mod_%{mod_name}-%{version}
+%patch -p1
%build
PATH=$PATH:/usr/sbin %{__make}