diff options
author | agc <agc> | 2004-04-27 08:14:40 +0000 |
---|---|---|
committer | agc <agc> | 2004-04-27 08:14:40 +0000 |
commit | b0292dd4c031f6a0db643bd927a09d895243b9ca (patch) | |
tree | 2a20cc0b0dcafdcd0338a29dad1b5b7b8e364dbe /www/apache/patches/patch-aq | |
parent | f4ed20d3c9aeb6ca034ba037c4c8149a4db6cf28 (diff) | |
download | pkgsrc-b0292dd4c031f6a0db643bd927a09d895243b9ca.tar.gz |
Pull up security fix to the pkgsrc-2004Q1 branch.
Requested by taca in ticket pkgsrc-16 (and 12, I think).
"Add three patches to resolve security issue:
SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
The three patches are from Apache cvs.
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/
Also bump PKGREVISION too."
Diffstat (limited to 'www/apache/patches/patch-aq')
-rw-r--r-- | www/apache/patches/patch-aq | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/www/apache/patches/patch-aq b/www/apache/patches/patch-aq new file mode 100644 index 00000000000..3c4c78d4221 --- /dev/null +++ b/www/apache/patches/patch-aq @@ -0,0 +1,14 @@ +$NetBSD: patch-aq,v 1.2.4.1 2004/04/27 08:14:40 agc Exp $ +SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog + +--- src/include/httpd.h.orig 2004-04-07 12:24:10.967724616 -0700 ++++ src/include/httpd.h +@@ -1072,6 +1072,8 @@ API_EXPORT(char *) ap_escape_html(pool * + API_EXPORT(char *) ap_construct_server(pool *p, const char *hostname, + unsigned port, const request_rec *r); + API_EXPORT(char *) ap_escape_logitem(pool *p, const char *str); ++API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source, ++ size_t buflen); + API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *s); + + API_EXPORT(int) ap_count_dirs(const char *path); |