[SCM] Debian packaging for apache2 branch, master, updated. debian/2.2.22-12-3-g087b370
Stefan Fritsch
sf at sfritsch.de
Sat Feb 23 11:00:29 UTC 2013
The following commit has been merged in the master branch:
commit 087b37086a20440d3d10c3950a6526354dc94bae
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sat Feb 23 11:58:18 2013 +0100
mod_log_forensic: Fix spurious '-' characters being logged
diff --git a/debian/changelog b/debian/changelog
index 23a9c34..47d1d14 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ apache2 (2.2.22-13) UNRELEASED; urgency=low
[ Stefan Fritsch ]
* CVE-2012-3499, CVE-2012-4558: Fix XSS flaws in various modules.
+ * mod_log_forensic: Fix spurious '-' characters being logged, causing
+ false positives. Closes: #693292
[ Arno Töll ]
* Document APACHE_ARGUMENTS in envvars (Closes: #693299)
diff --git a/debian/patches/mod_log_forensic_693292.patch b/debian/patches/mod_log_forensic_693292.patch
new file mode 100644
index 0000000..44fdb0f
--- /dev/null
+++ b/debian/patches/mod_log_forensic_693292.patch
@@ -0,0 +1,20 @@
+http://svn.apache.org/viewvc?view=revision&revision=r1410954
+
+ Don't log a spurious "-" if a request has been rejected
+ before mod_log_forensic could attach its id to it.
+
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693292
+
+diff --git a/modules/loggers/mod_log_forensic.c b/modules/loggers/mod_log_forensic.c
+index add3eb9..7cbb76d 100644
+--- a/modules/loggers/mod_log_forensic.c
++++ b/modules/loggers/mod_log_forensic.c
+@@ -240,7 +240,7 @@ static int log_after(request_rec *r)
+ apr_size_t l, n;
+ apr_status_t rv;
+
+- if (!cfg->fd) {
++ if (!cfg->fd || id == NULL) {
+ return DECLINED;
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index 89c016a..1c7f102 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -34,3 +34,4 @@ dbmmanage-perl-510.patch
SSLProtocol-tls11-12.2.patch
disable-ssl-compression.patch
CVE-2012-3499_CVE-2012-4558_XSS.patch
+mod_log_forensic_693292.patch
--
Debian packaging for apache2
More information about the Pkg-apache-commits
mailing list