$OpenBSD: patch-auth_ldap_c,v 1.3 2009/05/11 19:40:58 claudio Exp $

Fixes a security bug that could allow attacker to execute arbitrary
commands as the apache user.

This is fixed in auth_ldap-1.6.1 but that release is broken. So we just
took the security fix.

--- auth_ldap.c.orig	Wed Jul  4 16:38:03 2001
+++ auth_ldap.c	Sun May 10 12:37:14 2009
@@ -87,7 +87,7 @@ void auth_ldap_log_reason(request_rec *r, const char *
 #if APACHE_RELEASE < 1030000
   log_reason(buf, r->uri, r);
 #else
-  ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r, buf);
+  ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r, "%s", buf);
 #endif
 }
 
