diff options
Diffstat (limited to 'www-servers/apache')
| -rw-r--r-- | www-servers/apache/files/apache-asf-httpoxy.patch | 20 |
1 files changed, 0 insertions, 20 deletions
diff --git a/www-servers/apache/files/apache-asf-httpoxy.patch b/www-servers/apache/files/apache-asf-httpoxy.patch deleted file mode 100644 index 68e3d869a77e..000000000000 --- a/www-servers/apache/files/apache-asf-httpoxy.patch +++ /dev/null @@ -1,20 +0,0 @@ -https://bugs.gentoo.org/589226 -https://www.apache.org/security/asf-httpoxy-response.txt - ---- server/util_script.c (revision 1752426) -+++ server/util_script.c (working copy) -@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r - else if (!strcasecmp(hdrs[i].key, "Content-length")) { - apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val); - } -+ /* HTTP_PROXY collides with a popular envvar used to configure -+ * proxies, don't let clients set/override it. But, if you must... -+ */ -+#ifndef SECURITY_HOLE_PASS_PROXY -+ else if (!strcasecmp(hdrs[i].key, "Proxy")) { -+ ; -+ } -+#endif - /* - * You really don't want to disable this check, since it leaves you - * wide open to CGIs stealing passwords and people viewing them |