diff options
| author |   Benedikt Boehm <hollow@gentoo.org> | 2007-12-15 14:38:32 +0000 |
|---|---|---|
| committer | Benedikt Boehm <hollow@gentoo.org> | 2007-12-15 14:38:32 +0000 |
| commit | 7291186b8e6790cb1af2d5a69eae4c2b1b1f6359 (patch) | |
| tree | e1e8cb6b073c96650d69b08de397b62bcba33db3 /2.2 | |
| parent | fix vim modeline (diff) | |
| download | apache-7291186b8e6790cb1af2d5a69eae4c2b1b1f6359.tar.gz apache-7291186b8e6790cb1af2d5a69eae4c2b1b1f6359.tar.bz2 apache-7291186b8e6790cb1af2d5a69eae4c2b1b1f6359.zip | |
update for apache-2.2.6-r6; fix rolltarball.sh for apache-2.eclass
Diffstat (limited to '2.2')
| -rw-r--r-- | 2.2/patches/05_all_CVE-2006-6203.patch | 32 | ||||
| -rw-r--r-- | 2.2/patches/06_all_CVE-2007-5000.patch | 25 |
2 files changed, 57 insertions, 0 deletions
diff --git a/2.2/patches/05_all_CVE-2006-6203.patch b/2.2/patches/05_all_CVE-2006-6203.patch new file mode 100644 index 0000000..4f59287 --- /dev/null +++ b/2.2/patches/05_all_CVE-2006-6203.patch @@ -0,0 +1,32 @@ +Index: httpd-2.2.x/modules/http/http_protocol.c +=================================================================== +--- httpd-2.2.x/modules/http/http_protocol.c (revision 596677) ++++ httpd-2.2.x/modules/http/http_protocol.c (revision 604192) +@@ -913,7 +913,8 @@ + NULL)); + case HTTP_METHOD_NOT_ALLOWED: + return(apr_pstrcat(p, +- "<p>The requested method ", r->method, ++ "<p>The requested method ", ++ ap_escape_html(r->pool, r->method), + " is not allowed for the URL ", + ap_escape_html(r->pool, r->uri), + ".</p>\n", +@@ -931,7 +932,7 @@ + case HTTP_LENGTH_REQUIRED: + s1 = apr_pstrcat(p, + "<p>A request of the requested method ", +- r->method, ++ ap_escape_html(r->pool, r->method), + " requires a valid Content-length.<br />\n", + NULL); + return(add_optional_notes(r, s1, "error-notes", "</p>\n")); +@@ -978,7 +979,7 @@ + "The requested resource<br />", + ap_escape_html(r->pool, r->uri), "<br />\n", + "does not allow request data with ", +- r->method, ++ ap_escape_html(r->pool, r->method), + " requests, or the amount of data provided in\n" + "the request exceeds the capacity limit.\n", + NULL)); diff --git a/2.2/patches/06_all_CVE-2007-5000.patch b/2.2/patches/06_all_CVE-2007-5000.patch new file mode 100644 index 0000000..b329bb5 --- /dev/null +++ b/2.2/patches/06_all_CVE-2007-5000.patch @@ -0,0 +1,25 @@ +Index: httpd-2.2.x/modules/mappers/mod_imagemap.c +=================================================================== +--- httpd-2.2.x/modules/mappers/mod_imagemap.c (revision 603710) ++++ httpd-2.2.x/modules/mappers/mod_imagemap.c (revision 604312) +@@ -479,13 +479,16 @@ + + static void menu_header(request_rec *r, char *menu) + { +- ap_set_content_type(r, "text/html"); ++ ap_set_content_type(r, "text/html; charset=ISO-8859-1"); + +- ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ", r->uri, +- "</title>\n</head><body>\n", NULL); ++ ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ", ++ ap_escape_html(r->pool, r->uri), ++ "</title>\n</head><body>\n", NULL); + + if (!strcasecmp(menu, "formatted")) { +- ap_rvputs(r, "<h1>Menu for ", r->uri, "</h1>\n<hr />\n\n", NULL); ++ ap_rvputs(r, "<h1>Menu for ", ++ ap_escape_html(r->pool, r->uri), ++ "</h1>\n<hr />\n\n", NULL); + } + + return; |