summaryrefslogtreecommitdiff
path: root/www/apache22/patches/patch-ba
diff options
context:
space:
mode:
Diffstat (limited to 'www/apache22/patches/patch-ba')
-rw-r--r--www/apache22/patches/patch-ba35
1 files changed, 21 insertions, 14 deletions
diff --git a/www/apache22/patches/patch-ba b/www/apache22/patches/patch-ba
index c65510d2533..5ca3b8b1c64 100644
--- a/www/apache22/patches/patch-ba
+++ b/www/apache22/patches/patch-ba
@@ -1,11 +1,12 @@
-$NetBSD: patch-ba,v 1.1.2.2 2009/06/04 20:41:20 spz Exp $
+$NetBSD: patch-ba,v 1.1.2.3 2009/06/12 21:38:06 spz Exp $
Patch for CVE-2009-1195 taken from:
-http://svn.apache.org/viewvc/httpd/httpd/trunk/include/http_core.h?r1=739382&r2=772997&pathrev=772997
+http://svn.apache.org/viewvc?view=rev&revision=773881
+http://svn.apache.org/viewvc?view=rev&revision=779472
--- include/http_core.h.orig 2008-02-26 19:47:51.000000000 +0000
-+++ include/http_core.h 2009-06-04 09:39:58.000000000 +0100
++++ include/http_core.h 2009-06-11 20:53:26.000000000 +0100
@@ -65,7 +65,7 @@
#define OPT_NONE 0
/** Indexes directive */
@@ -15,21 +16,27 @@ http://svn.apache.org/viewvc/httpd/httpd/trunk/include/http_core.h?r1=739382&r2=
#define OPT_INCLUDES 2
/** FollowSymLinks directive */
#define OPT_SYM_LINKS 4
-@@ -73,14 +73,14 @@
- #define OPT_EXECCGI 8
- /** directive unset */
- #define OPT_UNSET 16
--/** IncludesNOEXEC directive */
--#define OPT_INCNOEXEC 32
-+/** SSI exec= permission is permitted, iff OPT_INCLUDES is also set */
-+#define OPT_INC_WITH_EXEC 32
- /** SymLinksIfOwnerMatch directive */
- #define OPT_SYM_OWNER 64
+@@ -80,9 +80,22 @@
/** MultiViews directive */
#define OPT_MULTI 128
/** All directives */
-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_SYM_LINKS|OPT_EXECCGI)
-+#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI)
++#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INCNOEXEC|OPT_SYM_LINKS|OPT_EXECCGI)
/** @} */
++#ifdef CORE_PRIVATE
++/* For internal use only - since 2.2.12, the OPT_INCNOEXEC bit is
++ * internally replaced by OPT_INC_WITH_EXEC. The internal semantics
++ * of the two SSI-related bits are hence:
++ *
++ * OPT_INCLUDES => "enable SSI, without exec= permission"
++ * OPT_INC_WITH_EXEC => "iff OPT_INCLUDES is set, also enable exec="
++ *
++ * The set of options exposed via ap_allow_options() retains the
++ * semantics of OPT_INCNOEXEC by flipping the bit. */
++#define OPT_INC_WITH_EXEC OPT_INCNOEXEC
++#endif
++
/**
+ * @defgroup get_remote_host Remote Host Resolution
+ * @ingroup APACHE_CORE_HTTPD