Pull up security fix to the pkgsrc-2004Q1 branch.

Requested by taca in ticket pkgsrc-16 (and 12, I think). "Add three patches to resolve security issue: SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog The three patches are from Apache cvs. http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/ Also bump PKGREVISION too."
author: agc <agc> 2004-04-27 08:14:40 +0000
committer: agc <agc> 2004-04-27 08:14:40 +0000
commit: b0292dd4c031f6a0db643bd927a09d895243b9ca (patch)
tree: 2a20cc0b0dcafdcd0338a29dad1b5b7b8e364dbe /www/apache/patches/patch-aq
parent: f4ed20d3c9aeb6ca034ba037c4c8149a4db6cf28 (diff)
download: pkgsrc-b0292dd4c031f6a0db643bd927a09d895243b9ca.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/www/apache/patches/patch-aq b/www/apache/patches/patch-aq
new file mode 100644
index 00000000000..3c4c78d4221
--- /dev/null
+++ b/www/apache/patches/patch-aq
@@ -0,0 +1,14 @@
+$NetBSD: patch-aq,v 1.2.4.1 2004/04/27 08:14:40 agc Exp $
+SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
+
+--- src/include/httpd.h.orig	2004-04-07 12:24:10.967724616 -0700
++++ src/include/httpd.h
+@@ -1072,6 +1072,8 @@ API_EXPORT(char *) ap_escape_html(pool *
+ API_EXPORT(char *) ap_construct_server(pool *p, const char *hostname,
+ 				    unsigned port, const request_rec *r);
+ API_EXPORT(char *) ap_escape_logitem(pool *p, const char *str);
++API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source,
++                                           size_t buflen);
+ API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *s);
+ 
+ API_EXPORT(int) ap_count_dirs(const char *path);
author	agc <agc>	2004-04-27 08:14:40 +0000
committer	agc <agc>	2004-04-27 08:14:40 +0000
commit	b0292dd4c031f6a0db643bd927a09d895243b9ca (patch)
tree	2a20cc0b0dcafdcd0338a29dad1b5b7b8e364dbe /www/apache/patches/patch-aq
parent	f4ed20d3c9aeb6ca034ba037c4c8149a4db6cf28 (diff)
download	pkgsrc-b0292dd4c031f6a0db643bd927a09d895243b9ca.tar.gz