diff options
Diffstat (limited to 'www/apache22/patches/patch-ba')
-rw-r--r-- | www/apache22/patches/patch-ba | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/www/apache22/patches/patch-ba b/www/apache22/patches/patch-ba index c65510d2533..5ca3b8b1c64 100644 --- a/www/apache22/patches/patch-ba +++ b/www/apache22/patches/patch-ba @@ -1,11 +1,12 @@ -$NetBSD: patch-ba,v 1.1.2.2 2009/06/04 20:41:20 spz Exp $ +$NetBSD: patch-ba,v 1.1.2.3 2009/06/12 21:38:06 spz Exp $ Patch for CVE-2009-1195 taken from: -http://svn.apache.org/viewvc/httpd/httpd/trunk/include/http_core.h?r1=739382&r2=772997&pathrev=772997 +http://svn.apache.org/viewvc?view=rev&revision=773881 +http://svn.apache.org/viewvc?view=rev&revision=779472 --- include/http_core.h.orig 2008-02-26 19:47:51.000000000 +0000 -+++ include/http_core.h 2009-06-04 09:39:58.000000000 +0100 ++++ include/http_core.h 2009-06-11 20:53:26.000000000 +0100 @@ -65,7 +65,7 @@ #define OPT_NONE 0 /** Indexes directive */ @@ -15,21 +16,27 @@ http://svn.apache.org/viewvc/httpd/httpd/trunk/include/http_core.h?r1=739382&r2= #define OPT_INCLUDES 2 /** FollowSymLinks directive */ #define OPT_SYM_LINKS 4 -@@ -73,14 +73,14 @@ - #define OPT_EXECCGI 8 - /** directive unset */ - #define OPT_UNSET 16 --/** IncludesNOEXEC directive */ --#define OPT_INCNOEXEC 32 -+/** SSI exec= permission is permitted, iff OPT_INCLUDES is also set */ -+#define OPT_INC_WITH_EXEC 32 - /** SymLinksIfOwnerMatch directive */ - #define OPT_SYM_OWNER 64 +@@ -80,9 +80,22 @@ /** MultiViews directive */ #define OPT_MULTI 128 /** All directives */ -#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_SYM_LINKS|OPT_EXECCGI) -+#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI) ++#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INCNOEXEC|OPT_SYM_LINKS|OPT_EXECCGI) /** @} */ ++#ifdef CORE_PRIVATE ++/* For internal use only - since 2.2.12, the OPT_INCNOEXEC bit is ++ * internally replaced by OPT_INC_WITH_EXEC. The internal semantics ++ * of the two SSI-related bits are hence: ++ * ++ * OPT_INCLUDES => "enable SSI, without exec= permission" ++ * OPT_INC_WITH_EXEC => "iff OPT_INCLUDES is set, also enable exec=" ++ * ++ * The set of options exposed via ap_allow_options() retains the ++ * semantics of OPT_INCNOEXEC by flipping the bit. */ ++#define OPT_INC_WITH_EXEC OPT_INCNOEXEC ++#endif ++ /** + * @defgroup get_remote_host Remote Host Resolution + * @ingroup APACHE_CORE_HTTPD |