Summary: | dev-libs/apr-1.6.2 change breaks htpasswd files | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Hank Leininger <hlein> |
Component: | Current packages | Assignee: | Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c> |
Status: | RESOLVED UPSTREAM | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
Revert the change in behavior of apr_file_transfer_contents which breaks htpasswd files.
ebuild patch to apply the apr_file_transfer_contents patch |
Description
Hank Leininger
2017-06-29 18:14:18 UTC
Created attachment 478348 [details, diff]
ebuild patch to apply the apr_file_transfer_contents patch
As an update on this, upstream concluded that this was a longstanding bug in how htpasswd / htdigest called libapr's apr_file_copy. So they fixed those in apache-2.4.27, which has landed in portage by now. Anybody running current versions of both dev-libs/apr and app-admin/apache-tools will not hit this problem. I'm closing this bug, but it could still be that other users of dev-libs/apr that also happen to call apr_file_copy or apr_file_transfer_contents incorrectly. I'll leave this here for possible future reference: foo /usr/portage $ find . -type f -name \*.ebuild 2>/dev/null | xargs egrep -l 'dev-libs/apr' | cut -d/ -f2,3 | sort -u app-admin/apache-tools app-admin/fsvs app-i18n/tomoe dev-java/netty-tcnative dev-java/tomcat-native dev-libs/apr-util dev-libs/log4cxx dev-libs/poco dev-util/anjuta dev-util/kdevplatform dev-vcs/kdesvn dev-vcs/qsvn dev-vcs/rapidsvn dev-vcs/rsvndump dev-vcs/subversion net-analyzer/nmap net-libs/serf sys-cluster/ganglia www-apache/mod_perl www-apache/mod_security www-apache/mod_vhost_ldap www-servers/nginx xfce-extra/thunar-vcs-plugin I made no effort to go into each of those packages, review their source and look for which apr_ functions they called and how. |