Fix mod_cache CacheIgnoreURLSessionIdentifiers handling

git-svn-id: svn+ssh://svn.debian.org/svn/pkg-apache/trunk/apache2@1131 01b336ce-410b-0410-9a02-a0e7f243c266

3 files changed, 88 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index 171b53c5..0d493411 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ apache2 (2.2.14-6) UNRELEASED; urgency=low
 
   * Move ab and logresolve from /usr/sbin to /usr/bin. Closes: #351450, #564061
   * Fix symlinks in apache2-dbg package. Closes: #567076
+  * Fix mod_cache CacheIgnoreURLSessionIdentifiers handling. Closes: #556383
   * Add new init script action graceful-stop (LP: #456381)
   * Unset $HOME in /etc/apache2/envvars.
   * Add a hook to apache2.2-common's postrm script that may come in handy
diff --git a/debian/patches/00list b/debian/patches/00list
index 52292c4b..e1193c13 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -26,6 +26,7 @@
 074_link_support_progs_with_lcrypt.dpatch
 075_mod_rewrite_literal_ipv6_redirect.dpatch
 076_apxs2_a2enmod.dpatch
+077_CacheIgnoreURLSessionIdentifiers.dpatch
 099_config_guess_sub_update
 200_cp_suexec.dpatch
 201_build_suexec-custom.dpatch
diff --git a/debian/patches/077_CacheIgnoreURLSessionIdentifiers.dpatch b/debian/patches/077_CacheIgnoreURLSessionIdentifiers.dpatch
new file mode 100755
index 00000000..aa339114
--- /dev/null
+++ b/debian/patches/077_CacheIgnoreURLSessionIdentifiers.dpatch
@@ -0,0 +1,86 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix CacheIgnoreURLSessionIdentifiers
+## DP: r892289, r897705 from upstream svn. Debian bug #556383
+
+@DPATCH@
+diff --git a/modules/cache/cache_storage.c b/modules/cache/cache_storage.c
+index c122bdd..a44b9e4 100644
+--- a/modules/cache/cache_storage.c
++++ b/modules/cache/cache_storage.c
+@@ -498,28 +498,60 @@ apr_status_t cache_generate_key_default(request_rec *r, apr_pool_t* p,
+                 && (*(param + len + 1) == '=')
+                 && !strchr(param + len + 2, '/')) {
+                 path = apr_pstrndup(p, path, param - path);
+-                break;
++                continue;
+             }
+             /*
+              * Check if the identifier is in the querystring and cut it out.
+              */
+-            if (querystring
+-                && (param = strstr(querystring, *identifier))
+-                && (*(param + len) == '=')
+-                ) {
+-                char *amp;
+-
+-                if (querystring != param) {
+-                    querystring = apr_pstrndup(p, querystring,
+-                                               param - querystring);
++            if (querystring) {
++                /*
++                 * First check if the identifier is at the beginning of the
++                 * querystring and followed by a '='
++                 */
++                if (!strncmp(querystring, *identifier, len)
++                    && (*(querystring + len) == '=')) {
++                    param = querystring;
+                 }
+                 else {
+-                    querystring = "";
++                    char *complete;
++
++                    /*
++                     * In order to avoid subkey matching (PR 48401) prepend
++                     * identifier with a '&' and append a '='
++                     */
++                    complete = apr_pstrcat(p, "&", *identifier, "=", NULL);
++                    param = strstr(querystring, complete);
++                    /* If we found something we are sitting on the '&' */
++                    if (param) {
++                        param++;
++                    }
+                 }
+-                if ((amp = strchr(param + len + 1, '&'))) {
+-                    querystring = apr_pstrcat(p, querystring, amp + 1, NULL);
++                if (param) {
++                    char *amp;
++
++                    if (querystring != param) {
++                        querystring = apr_pstrndup(p, querystring,
++                                               param - querystring);
++                    }
++                    else {
++                        querystring = "";
++                    }
++
++                    if ((amp = strchr(param + len + 1, '&'))) {
++                        querystring = apr_pstrcat(p, querystring, amp + 1, NULL);
++                    }
++                    else {
++                        /*
++                         * If querystring is not "", then we have the case
++                         * that the identifier parameter we removed was the
++                         * last one in the original querystring. Hence we have
++                         * a trailing '&' which needs to be removed.
++                         */
++                        if (*querystring) {
++                            querystring[strlen(querystring) - 1] = '\0';
++                        }
++                    }
+                 }
+-                break;
+             }
+         }
+     }