Update to ap-auth-ldap to 1.6.1; changes since 1.6.0 include:

     * Fixed security bug that could allow attacker to execute arbitrary
       commands as the apache user. [Digital Armaments, seregon at bughunter
       dot net]

     * Fixed bug that sometimes resulted in segfaults during periodic cache
       cleanup. [Stefan Gaffga]
     * Add AuthLDAPVersion option to specify which LDAP version to use on
       LDAP server. [Hans Petter Selasky]
     * Support ldaps:// urls automatically under OpenLDAP. No need to compile
       with --with-ssl; this is just to enable SSL with the Netscape SDK.
       [Andrew McAllister, Malcolm Locke]
     * Fixed bug where auth_ldap didn't always rebind as the AuthLDAPBindDN
       after doing an authorization. [Stephen Lombardo, Brent Putnam, Ace
       Suares, Ted Cabeen, others].
     * Fixed bug where we forgot to note a failed auth attempt which would
       result in the browser never giving the user a second chance to enter a
       password. [Thanks to many other people]

1 files changed, 6 insertions, 6 deletions

diff --git a/www/ap-auth-ldap/patches/patch-aa b/www/ap-auth-ldap/patches/patch-aa
index 028cac4296b..5b91122e20a 100644
--- a/www/ap-auth-ldap/patches/patch-aa
+++ b/www/ap-auth-ldap/patches/patch-aa
@@ -1,11 +1,11 @@
-$NetBSD: patch-aa,v 1.1 2006/01/02 20:52:09 joerg Exp $
+$NetBSD: patch-aa,v 1.2 2006/01/15 16:25:41 kleink Exp $
 
---- auth_ldap.c.orig	2006-01-02 20:47:58.000000000 +0000
-+++ auth_ldap.c
-@@ -169,7 +169,6 @@ auth_ldap_connect_to_server(request_rec 
- 		  "{%d} LDAP OP: init", (int)getpid());
-     
+--- auth_ldap.c.orig	2006-01-09 19:08:56.000000000 +0100
++++ auth_ldap.c	2006-01-15 17:19:30.000000000 +0100
+@@ -173,7 +173,6 @@
+ #else
      if ((sec->ldc->ldap = ldap_init(sec->host, sec->port)) == NULL) {
+ #endif
 -      extern int errno;
        auth_ldap_log_reason(r, "Could not connect to LDAP server: %s", strerror(errno));
        return 0;