diff options
Diffstat (limited to 'www/apache/patches')
| -rw-r--r-- | www/apache/patches/patch-ap | 30 | ||||
| -rw-r--r-- | www/apache/patches/patch-aq | 14 | ||||
| -rw-r--r-- | www/apache/patches/patch-ar | 75 | ||||
| -rw-r--r-- | www/apache/patches/patch-as | 16 |
4 files changed, 0 insertions, 135 deletions
diff --git a/www/apache/patches/patch-ap b/www/apache/patches/patch-ap deleted file mode 100644 index 3d2ee54266b..00000000000 --- a/www/apache/patches/patch-ap +++ /dev/null @@ -1,30 +0,0 @@ -$NetBSD: patch-ap,v 1.3 2004/04/07 19:53:27 reed Exp $ -SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog - ---- src/main/http_log.c.orig 2003-02-03 09:13:21.000000000 -0800 -+++ src/main/http_log.c -@@ -314,6 +314,9 @@ static void log_error_core(const char *f - const char *fmt, va_list args) - { - char errstr[MAX_STRING_LEN]; -+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED -+ char scratch[MAX_STRING_LEN]; -+#endif - size_t len; - int save_errno = errno; - FILE *logf; -@@ -445,7 +448,14 @@ static void log_error_core(const char *f - } - #endif - -+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED -+ if (ap_vsnprintf(scratch, sizeof(scratch) - len, fmt, args)) { -+ len += ap_escape_errorlog_item(errstr + len, scratch, -+ sizeof(errstr) - len); -+ } -+#else - len += ap_vsnprintf(errstr + len, sizeof(errstr) - len, fmt, args); -+#endif - - /* NULL if we are logging to syslog */ - if (logf) { diff --git a/www/apache/patches/patch-aq b/www/apache/patches/patch-aq deleted file mode 100644 index 128e1b7f7e2..00000000000 --- a/www/apache/patches/patch-aq +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-aq,v 1.3 2004/04/07 19:53:27 reed Exp $ -SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog - ---- src/include/httpd.h.orig 2004-04-07 12:24:10.967724616 -0700 -+++ src/include/httpd.h -@@ -1072,6 +1072,8 @@ API_EXPORT(char *) ap_escape_html(pool * - API_EXPORT(char *) ap_construct_server(pool *p, const char *hostname, - unsigned port, const request_rec *r); - API_EXPORT(char *) ap_escape_logitem(pool *p, const char *str); -+API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source, -+ size_t buflen); - API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *s); - - API_EXPORT(int) ap_count_dirs(const char *path); diff --git a/www/apache/patches/patch-ar b/www/apache/patches/patch-ar deleted file mode 100644 index 5461b844597..00000000000 --- a/www/apache/patches/patch-ar +++ /dev/null @@ -1,75 +0,0 @@ -$NetBSD: patch-ar,v 1.3 2004/04/07 19:53:27 reed Exp $ -SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog - ---- src/main/util.c.orig 2003-02-03 09:13:23.000000000 -0800 -+++ src/main/util.c -@@ -1520,6 +1520,69 @@ API_EXPORT(char *) ap_escape_logitem(poo - return ret; - } - -+API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source, -+ size_t buflen) -+{ -+ unsigned char *d, *ep; -+ const unsigned char *s; -+ -+ if (!source || !buflen) { /* be safe */ -+ return 0; -+ } -+ -+ d = (unsigned char *)dest; -+ s = (const unsigned char *)source; -+ ep = d + buflen - 1; -+ -+ for (; d < ep && *s; ++s) { -+ -+ if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) { -+ *d++ = '\\'; -+ if (d >= ep) { -+ --d; -+ break; -+ } -+ -+ switch(*s) { -+ case '\b': -+ *d++ = 'b'; -+ break; -+ case '\n': -+ *d++ = 'n'; -+ break; -+ case '\r': -+ *d++ = 'r'; -+ break; -+ case '\t': -+ *d++ = 't'; -+ break; -+ case '\v': -+ *d++ = 'v'; -+ break; -+ case '\\': -+ *d++ = *s; -+ break; -+ case '"': /* no need for this in error log */ -+ d[-1] = *s; -+ break; -+ default: -+ if (d >= ep - 2) { -+ ep = --d; /* break the for loop as well */ -+ break; -+ } -+ c2x(*s, d); -+ *d = 'x'; -+ d += 3; -+ } -+ } -+ else { -+ *d++ = *s; -+ } -+ } -+ *d = '\0'; -+ -+ return (d - (unsigned char *)dest); -+} - - API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *str) - { diff --git a/www/apache/patches/patch-as b/www/apache/patches/patch-as deleted file mode 100644 index 00c39ba9059..00000000000 --- a/www/apache/patches/patch-as +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-as,v 1.3 2004/04/26 20:06:58 jlam Exp $ - ---- src/modules/standard/mod_auth_db.c.orig Mon Feb 3 12:13:27 2003 -+++ src/modules/standard/mod_auth_db.c -@@ -170,7 +170,10 @@ static char *get_db_pw(request_rec *r, c - q.data = user; - q.size = strlen(q.data); - --#if defined(DB3) || defined(DB4) -+#if defined(DB4) -+ if ( db_create(&f, NULL, 0) != 0 -+ || f->open(f, NULL, auth_dbpwfile, NULL, DB_HASH, DB_RDONLY, 0664) != 0) { -+#elif defined(DB3) - if ( db_create(&f, NULL, 0) != 0 - || f->open(f, auth_dbpwfile, NULL, DB_HASH, DB_RDONLY, 0664) != 0) { - #elif defined(DB2) |