diff options
| author | Stefan Fritsch <sf@debian.org> | 2008-08-06 21:31:13 +0000 |
|---|---|---|
| committer | Stefan Fritsch <sf@sfritsch.de> | 2012-01-02 10:36:57 +0100 |
| commit | 2d348a6e26ff90e14ca4bcaeb9f9fd6fffe5448d (patch) | |
| tree | 7557bdeda5b8fa4468d9ba623f395e10bb42b544 | |
| parent | dec2fa670629b3a31b4e3731ab8b68bfcfbb9f07 (diff) | |
| download | apache2-2d348a6e26ff90e14ca4bcaeb9f9fd6fffe5448d.tar.gz | |
Make the balancer manager work in Opera and MSIE
git-svn-id: svn+ssh://svn.debian.org/svn/pkg-apache/trunk/apache2@796 01b336ce-410b-0410-9a02-a0e7f243c266
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | debian/patches/00list | 1 | ||||
| -rwxr-xr-x | debian/patches/061_balancer_manager_nonce.dpatch | 20 |
3 files changed, 22 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 2c89eff9..3202b21b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ apache2 (2.2.9-7) UNRELEASED; urgency=low * Fix XSS in mod_proxy_ftp (CVE-2008-2939). + * Make the balancer manager work in Opera and MSIE (PR 45578). * Also describe how to get a backtrace from a running process in README.backtrace. diff --git a/debian/patches/00list b/debian/patches/00list index 77fb84e7..86fd11b4 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -19,6 +19,7 @@ 058_suexec-CVE-2007-1742.dpatch 059_sparc_sigbus.dpatch 060_mod_proxy_ftp_CVE-2008-2939.dpatch +061_balancer_manager_nonce.dpatch 099_config_guess_sub_update 200_cp_suexec.dpatch 201_build_suexec-custom.dpatch diff --git a/debian/patches/061_balancer_manager_nonce.dpatch b/debian/patches/061_balancer_manager_nonce.dpatch new file mode 100755 index 00000000..87332048 --- /dev/null +++ b/debian/patches/061_balancer_manager_nonce.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: https://issues.apache.org/bugzilla/show_bug.cgi?id=45578 + +@DPATCH@ +--- a/modules/proxy/mod_proxy_balancer.c (revision 683372) ++++ b/modules/proxy/mod_proxy_balancer.c (revision 683373) +@@ -897,9 +897,10 @@ + ap_rvputs(r, "value=\"", ap_escape_uri(r->pool, wsel->name), "\">\n", NULL); + ap_rvputs(r, "<input type=hidden name=\"b\" ", NULL); + ap_rvputs(r, "value=\"", bsel->name + sizeof("balancer://") - 1, +- "\">\n</form>\n", NULL); ++ "\">\n", NULL); + ap_rvputs(r, "<input type=hidden name=\"nonce\" value=\"", + balancer_nonce, "\">\n", NULL); ++ ap_rvputs(r, "</form>\n", NULL); + ap_rputs("<hr />\n", r); + } + ap_rputs(ap_psignature("",r), r); |