summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenedikt Boehm <hollow@gentoo.org>2007-12-15 14:38:32 +0000
committerBenedikt Boehm <hollow@gentoo.org>2007-12-15 14:38:32 +0000
commit7291186b8e6790cb1af2d5a69eae4c2b1b1f6359 (patch)
treee1e8cb6b073c96650d69b08de397b62bcba33db3 /2.2/patches
parentfix vim modeline (diff)
downloadapache-7291186b8e6790cb1af2d5a69eae4c2b1b1f6359.tar.gz
apache-7291186b8e6790cb1af2d5a69eae4c2b1b1f6359.tar.bz2
apache-7291186b8e6790cb1af2d5a69eae4c2b1b1f6359.zip
update for apache-2.2.6-r6; fix rolltarball.sh for apache-2.eclass
Diffstat (limited to '2.2/patches')
-rw-r--r--2.2/patches/05_all_CVE-2006-6203.patch32
-rw-r--r--2.2/patches/06_all_CVE-2007-5000.patch25
2 files changed, 57 insertions, 0 deletions
diff --git a/2.2/patches/05_all_CVE-2006-6203.patch b/2.2/patches/05_all_CVE-2006-6203.patch
new file mode 100644
index 0000000..4f59287
--- /dev/null
+++ b/2.2/patches/05_all_CVE-2006-6203.patch
@@ -0,0 +1,32 @@
+Index: httpd-2.2.x/modules/http/http_protocol.c
+===================================================================
+--- httpd-2.2.x/modules/http/http_protocol.c (revision 596677)
++++ httpd-2.2.x/modules/http/http_protocol.c (revision 604192)
+@@ -913,7 +913,8 @@
+ NULL));
+ case HTTP_METHOD_NOT_ALLOWED:
+ return(apr_pstrcat(p,
+- "<p>The requested method ", r->method,
++ "<p>The requested method ",
++ ap_escape_html(r->pool, r->method),
+ " is not allowed for the URL ",
+ ap_escape_html(r->pool, r->uri),
+ ".</p>\n",
+@@ -931,7 +932,7 @@
+ case HTTP_LENGTH_REQUIRED:
+ s1 = apr_pstrcat(p,
+ "<p>A request of the requested method ",
+- r->method,
++ ap_escape_html(r->pool, r->method),
+ " requires a valid Content-length.<br />\n",
+ NULL);
+ return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
+@@ -978,7 +979,7 @@
+ "The requested resource<br />",
+ ap_escape_html(r->pool, r->uri), "<br />\n",
+ "does not allow request data with ",
+- r->method,
++ ap_escape_html(r->pool, r->method),
+ " requests, or the amount of data provided in\n"
+ "the request exceeds the capacity limit.\n",
+ NULL));
diff --git a/2.2/patches/06_all_CVE-2007-5000.patch b/2.2/patches/06_all_CVE-2007-5000.patch
new file mode 100644
index 0000000..b329bb5
--- /dev/null
+++ b/2.2/patches/06_all_CVE-2007-5000.patch
@@ -0,0 +1,25 @@
+Index: httpd-2.2.x/modules/mappers/mod_imagemap.c
+===================================================================
+--- httpd-2.2.x/modules/mappers/mod_imagemap.c (revision 603710)
++++ httpd-2.2.x/modules/mappers/mod_imagemap.c (revision 604312)
+@@ -479,13 +479,16 @@
+
+ static void menu_header(request_rec *r, char *menu)
+ {
+- ap_set_content_type(r, "text/html");
++ ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+
+- ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ", r->uri,
+- "</title>\n</head><body>\n", NULL);
++ ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ",
++ ap_escape_html(r->pool, r->uri),
++ "</title>\n</head><body>\n", NULL);
+
+ if (!strcasecmp(menu, "formatted")) {
+- ap_rvputs(r, "<h1>Menu for ", r->uri, "</h1>\n<hr />\n\n", NULL);
++ ap_rvputs(r, "<h1>Menu for ",
++ ap_escape_html(r->pool, r->uri),
++ "</h1>\n<hr />\n\n", NULL);
+ }
+
+ return;