Control: tags 774313 + pending Dear maintainer,
I've prepared an NMU for libapache2-mod-auth-pgsql (versioned as 2.0.3-6.1) and uploaded it to unstable as part of the Debian UK BSP. Regards.
diff -Nru libapache2-mod-auth-pgsql-2.0.3/debian/changelog libapache2-mod-auth-pgsql-2.0.3/debian/changelog --- libapache2-mod-auth-pgsql-2.0.3/debian/changelog 2015-01-17 13:00:01.000000000 +0000 +++ libapache2-mod-auth-pgsql-2.0.3/debian/changelog 2015-01-17 13:02:06.000000000 +0000 @@ -1,3 +1,11 @@ +libapache2-mod-auth-pgsql (2.0.3-6.1) unstable; urgency=medium + + * Non-maintainer upload. + * Apply patch from Launchpad to set freed pointers to NULL before + subsequent checks against NULL. (Closes: #774313) + + -- Neil Williams <codeh...@debian.org> Sat, 17 Jan 2015 13:01:31 +0000 + libapache2-mod-auth-pgsql (2.0.3-6) unstable; urgency=low [ Peter Pentchev ] diff -Nru libapache2-mod-auth-pgsql-2.0.3/debian/patches/fixdoublefree.patch libapache2-mod-auth-pgsql-2.0.3/debian/patches/fixdoublefree.patch --- libapache2-mod-auth-pgsql-2.0.3/debian/patches/fixdoublefree.patch 1970-01-01 01:00:00.000000000 +0100 +++ libapache2-mod-auth-pgsql-2.0.3/debian/patches/fixdoublefree.patch 2015-01-17 13:07:56.000000000 +0000 @@ -0,0 +1,87 @@ +Description: Avoid double free of connection pointers + . + libapache2-mod-auth-pgsql (2.0.3-6.1) unstable; urgency=medium + . + * Non-maintainer upload. + * Apply patch from Launchpad to set freed pointers to NULL before + subsequent checks against NULL. (Closes: #774313) +Author: Neil Williams <codeh...@debian.org> +Bug-Debian: https://bugs.debian.org/774313 +Origin: ubuntu, https://launchpadlibrarian.net/177475074/doublefree.patch + +--- + +--- libapache2-mod-auth-pgsql-2.0.3.orig/mod_auth_pgsql.c ++++ libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c +@@ -489,6 +489,7 @@ PGconn *pg_connect(pg_auth_config_rec *s + "mod_auth_pgsql database connection error reset failed %s", + PQerrorMessage(conn)); + PQfinish(conn); ++ conn = NULL; + return NULL; + } + } +@@ -562,6 +563,7 @@ char *do_pg_query(request_rec * r, char + "mod_auth_pgsql database character set encoding %s", + check); + PQfinish(pg_conn); ++ pg_conn = NULL; + return NULL; + } + } +@@ -573,12 +575,15 @@ char *do_pg_query(request_rec * r, char + "PGSQL 2: %s -- Query: %s ", + PQerrorMessage(pg_conn), query); + PQfinish(pg_conn); ++ pg_conn = NULL; + return NULL; + } + + if (PQresultStatus(pg_result) == PGRES_EMPTY_QUERY) { + PQclear(pg_result); ++ pg_result = NULL; + PQfinish(pg_conn); ++ pg_conn = NULL; + return NULL; + } + +@@ -586,7 +591,9 @@ char *do_pg_query(request_rec * r, char + apr_snprintf(pg_errstr, MAX_STRING_LEN, "PGSQL 3: %s -- Query: %s", + PQerrorMessage(pg_conn), query); + PQclear(pg_result); ++ pg_result = NULL; + PQfinish(pg_conn); ++ pg_conn = NULL; + return NULL; + } + +@@ -596,7 +603,9 @@ char *do_pg_query(request_rec * r, char + apr_snprintf(pg_errstr, MAX_STRING_LEN, "PGSQL 4: %s", + PQerrorMessage(pg_conn)); + PQclear(pg_result); ++ pg_result = NULL; + PQfinish(pg_conn); ++ pg_conn = NULL; + return NULL; + } + +@@ -604,7 +613,9 @@ char *do_pg_query(request_rec * r, char + apr_snprintf(pg_errstr, MAX_STRING_LEN, + "Could not get memory for Postgres query."); + PQclear(pg_result); ++ pg_result = NULL; + PQfinish(pg_conn); ++ pg_conn = NULL; + return NULL; + } + +@@ -613,7 +624,9 @@ char *do_pg_query(request_rec * r, char + + /* ignore errors here ! */ + PQclear(pg_result); ++ pg_result = NULL; + PQfinish(pg_conn); ++ pg_conn = NULL; + return result; + } + diff -Nru libapache2-mod-auth-pgsql-2.0.3/debian/patches/series libapache2-mod-auth-pgsql-2.0.3/debian/patches/series --- libapache2-mod-auth-pgsql-2.0.3/debian/patches/series 2013-08-10 18:22:37.000000000 +0100 +++ libapache2-mod-auth-pgsql-2.0.3/debian/patches/series 2015-01-17 13:04:26.000000000 +0000 @@ -2,3 +2,4 @@ documentation.patch encoding.patch apache-2.4.patch +fixdoublefree.patch
