apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <...@manyfish.co.uk>
Subject Re: cvs commit: apr-util/test testpass.c .cvsignore Makefile.in
Date Wed, 28 May 2003 19:57:27 GMT
On Wed, May 28, 2003 at 04:45:46AM -0000, Justin Erenkrantz wrote:
> jerenkrantz    2003/05/27 21:45:46
> 
>   Modified:    .        CHANGES configure.in
>                build    apu-hints.m4
>                crypto   apr_md5.c
>                test     .cvsignore Makefile.in
>   Added:       test     testpass.c
>   Log:
>   SECURITY [httpd incident CAN-2003-0189] Address a thread safety issue with
>   apr_password_validate() on AIX, Linux, Mac OS X, and possibly other platforms.
>   
>   We didn't move the crypt_r checks from apr to apr-util when we moved
>   apr_password_validate.  Add testpass.c to ensure we don't regress.

I looked into moving the macro but there was a nasty gotcha, maybe this
is what you found too: the glibc-style crypt_r implementation relies on
-D_GNU_SOURCE being in CPPFLAGS, but any additions to CPPFLAGS made by
the apr-util configure script are dropped on the floor. (since
apr-util/crypto/Makefile just includes apr_rules.mk from APR)

joe

Mime
View raw message