diff options
| author | tron <tron@pkgsrc.org> | 2007-09-07 23:28:23 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2007-09-07 23:28:23 +0000 |
| commit | 2b48765891d8313059ac8e535b863438dc2328af (patch) | |
| tree | 49d91bc64f071f48dae4937d5a88585eb2fa18a9 /www | |
| parent | 558ffb8fcd21bbaa1647eb7b8264f0d6ac56fb65 (diff) | |
| download | pkgsrc-2b48765891d8313059ac8e535b863438dc2328af.tar.gz | |
Remove obsolete patch files.
Diffstat (limited to 'www')
| -rw-r--r-- | www/apache2/patches/patch-ap | 44 | ||||
| -rw-r--r-- | www/apache2/patches/patch-aq | 87 |
2 files changed, 0 insertions, 131 deletions
diff --git a/www/apache2/patches/patch-ap b/www/apache2/patches/patch-ap deleted file mode 100644 index 7d42ccc770c..00000000000 --- a/www/apache2/patches/patch-ap +++ /dev/null @@ -1,44 +0,0 @@ -$NetBSD: patch-ap,v 1.3 2007/06/28 01:49:04 lkundrak Exp $ - -Fix for CVE-2006-5752 XSS in mod_status with ExtendedStatus on. - ---- modules/generators/mod_status.c.orig 2006-07-12 09:40:55.000000000 +0200 -+++ modules/generators/mod_status.c -@@ -269,7 +269,7 @@ static int status_handler(request_rec *r - if (r->method_number != M_GET) - return DECLINED; - -- ap_set_content_type(r, "text/html"); -+ ap_set_content_type(r, "text/html; charset=ISO-8859-1"); - - /* - * Simple table-driven form data set parser that lets you alter the header -@@ -298,7 +298,7 @@ static int status_handler(request_rec *r - no_table_report = 1; - break; - case STAT_OPT_AUTO: -- ap_set_content_type(r, "text/plain"); -+ ap_set_content_type(r, "text/plain; charset=ISO-8859-1"); - short_report = 1; - break; - } -@@ -664,7 +664,8 @@ static int status_handler(request_rec *r - ap_escape_html(r->pool, - ws_record->client), - ap_escape_html(r->pool, -- ws_record->request), -+ ap_escape_logitem(r->pool, -+ ws_record->request)), - ap_escape_html(r->pool, - ws_record->vhost)); - } -@@ -753,7 +754,8 @@ static int status_handler(request_rec *r - ap_escape_html(r->pool, - ws_record->vhost), - ap_escape_html(r->pool, -- ws_record->request)); -+ ap_escape_logitem(r->pool, -+ ws_record->request))); - } /* no_table_report */ - } /* for (j...) */ - } /* for (i...) */ diff --git a/www/apache2/patches/patch-aq b/www/apache2/patches/patch-aq deleted file mode 100644 index 243e6873394..00000000000 --- a/www/apache2/patches/patch-aq +++ /dev/null @@ -1,87 +0,0 @@ -$NetBSD: patch-aq,v 1.3 2007/06/28 01:49:04 lkundrak Exp $ - -Fix for CVE-2007-1863 remote crash when mod_cache enabled. - ---- modules/experimental/cache_util.c.orig 2006-07-12 09:40:55.000000000 +0200 -+++ modules/experimental/cache_util.c -@@ -186,10 +186,12 @@ CACHE_DECLARE(int) ap_cache_check_freshn - age = ap_cache_current_age(info, age_c, r->request_time); - - /* extract s-maxage */ -- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) { -+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val) -+ && val != NULL) { - smaxage = apr_atoi64(val); - } -- else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)) { -+ else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val) -+ && val != NULL) { - smaxage = apr_atoi64(val); - } - else { -@@ -197,7 +199,8 @@ CACHE_DECLARE(int) ap_cache_check_freshn - } - - /* extract max-age from request */ -- if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) { -+ if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val) -+ && val != NULL) { - maxage_req = apr_atoi64(val); - } - else { -@@ -205,10 +208,12 @@ CACHE_DECLARE(int) ap_cache_check_freshn - } - - /* extract max-age from response */ -- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) { -+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val) -+ && val != NULL) { - maxage_cresp = apr_atoi64(val); - } -- else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)) { -+ else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val) -+ && val != NULL) { - maxage_cresp = apr_atoi64(val); - } - else -@@ -231,14 +236,28 @@ CACHE_DECLARE(int) ap_cache_check_freshn - - /* extract max-stale */ - if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) { -- maxstale = apr_atoi64(val); -+ if(val != NULL) { -+ maxstale = apr_atoi64(val); -+ } -+ else { -+ /* -+ * If no value is assigned to max-stale, then the client is willing -+ * to accept a stale response of any age (RFC2616 14.9.3). We will -+ * set it to one year in this case as this situation is somewhat -+ * similar to a "never expires" Expires header (RFC2616 14.21) -+ * which is set to a date one year from the time the response is -+ * sent in this case. -+ */ -+ maxstale = APR_INT64_C(86400*365); -+ } - } - else { - maxstale = 0; - } - - /* extract min-fresh */ -- if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) { -+ if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val) -+ && val != NULL) { - minfresh = apr_atoi64(val); - } - else { -@@ -384,6 +403,9 @@ CACHE_DECLARE(int) ap_cache_liststr(apr_ - next - val_start); - } - } -+ else { -+ *val = NULL; -+ } - } - return 1; - } |