[SCM] Debian packaging of libapache-authenhook-perl branch, master, updated. 62e27239f22932f20daebac1e203078b55a539de

Sun Jan 6 14:40:46 UTC 2013

The following commit has been merged in the master branch:
commit ad17587677aaae3ee64a37611c29d3c4646ed66e
Author: Xavier Guimard <x.guimard at free.fr>
Date:   Sun Jan 6 14:34:45 2013 +0100

    Replace old debian.diff to quilt patch

diff --git a/AuthenHook.xs b/AuthenHook.xs
index 22b4ff9..502a207 100755
--- a/AuthenHook.xs
+++ b/AuthenHook.xs
@@ -180,8 +180,8 @@ static authn_status check_password(request_rec *r, const char *user,
 
     case OK:
       ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
-                    "Apache::AuthenHook - user '%s' verified",
-                    user);
+                    "Apache::AuthenHook - user '%s', password '%s' verified",
+                    user, password);
 
       status = AUTH_GRANTED;
       break;
@@ -196,8 +196,8 @@ static authn_status check_password(request_rec *r, const char *user,
 
     default:
       ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
-                    "Apache::AuthenHook - user '%s' denied",
-                    user);
+                    "Apache::AuthenHook - user '%s', password '%s' denied",
+                    user, password);
 
       status = AUTH_DENIED;
   };
diff --git a/debian/patches/leaks-passwords-to-the-logs.patch b/debian/patches/leaks-passwords-to-the-logs.patch
new file mode 100644
index 0000000..3df23b8
--- /dev/null
+++ b/debian/patches/leaks-passwords-to-the-logs.patch
@@ -0,0 +1,32 @@
+Description: Leaks passwords to the logs
+Author: Ivan Kohler <ivan at debian.org>
+Bug: https://rt.cpan.org/Ticket/Display.html?id=62040
+Bug-Debian: http://bugs.debian.org/599712
+Forwarded: https://rt.cpan.org/Ticket/Display.html?id=62040
+Reviewed-By: Xavier Guimard <x.guimard at free.fr>
+Last-Update: 2013-01-06
+
+--- a/AuthenHook.xs
++++ b/AuthenHook.xs
+@@ -180,8 +180,8 @@
+ 
+     case OK:
+       ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
+-                    "Apache::AuthenHook - user '%s', password '%s' verified",
+-                    user, password);
++                    "Apache::AuthenHook - user '%s' verified",
++                    user);
+ 
+       status = AUTH_GRANTED;
+       break;
+@@ -196,8 +196,8 @@
+ 
+     default:
+       ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
+-                    "Apache::AuthenHook - user '%s', password '%s' denied",
+-                    user, password);
++                    "Apache::AuthenHook - user '%s' denied",
++                    user);
+ 
+       status = AUTH_DENIED;
+   };
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..e60ae45
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+leaks-passwords-to-the-logs.patch

-- 
Debian packaging of libapache-authenhook-perl

