kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/apache/patches/patch-af
obache ebadff7698 Update apache to 1.3.41. 
Changes with Apache 1.3.41

  *) SECURITY: CVE-2007-6388 (cve.mitre.org)
     mod_status: Ensure refresh parameter is numeric to prevent
     a possible XSS attack caused by redirecting to other URLs.
     Reported by SecurityReason.  [Mark Cox]

Changes with Apache 1.3.40 (not released)

  *) SECURITY: CVE-2007-5000 (cve.mitre.org)
     mod_imap: Fix cross-site scripting issue.  Reported by JPCERT.
     [Joe Orton]

  *) SECURITY: CVE-2007-3847 (cve.mitre.org)
     mod_proxy: Prevent reading past the end of a buffer when parsing
     date-related headers.  PR 41144.
     With Apache 1.3, the denial of service vulnerability applies only
     to the Windows and NetWare platforms.
     [Jeff Trawick]

  *) More efficient implementation of the CVE-2007-3304 PID table
     patch. This fixes issues with excessive memory usage by the
     parent process if long-running and with a high number of child
     process forks during that timeframe. Also fixes bogus "Bad pid"
     errors. [Jim Jagielski, Jeff Trawick]

Changes with Apache 1.3.39

  *) SECURITY: CVE-2006-5752 (cve.mitre.org)
     mod_status: Fix a possible XSS attack against a site with a public
     server-status page and ExtendedStatus enabled, for browsers which
     perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]

  *) SECURITY: CVE-2007-3304 (cve.mitre.org)
     Ensure that the parent process cannot be forced to kill non-child
     processes by checking scoreboard PID data with parent process
     privately stored PID data. [Jim Jagielski]

  *) mime.types: Many updates to sync with IANA registry and common
     unregistered types that the owners refuse to register.  Admins
     are encouraged to update their installed mime.types file.
     pr: 35550, 37798, 39317, 31483 [Roy T. Fielding]

There was no Apache 1.3.38
2008-02-23 05:16:33 +00:00

21 lines
696 B
Text
Raw Blame History

$NetBSD: patch-af,v 1.11 2008/02/23 05:16:34 obache Exp $
--- src/modules/standard/mod_so.c.orig 2008-02-23 04:22:56.000000000 +0000
+++ src/modules/standard/mod_so.c
@@ -322,7 +322,15 @@ static const char *load_file(cmd_parms *
return err;
}
- file = ap_server_root_relative(cmd->pool, filename);
+ /*
+ * If the filename starts with '!', then just dlopen() it without
+ * translating it to a pathname relative to ServerRoot.
+ */
+ if (filename[0] == '!') {
+ file = filename + 1;
+ } else {
+ file = ap_server_root_relative(cmd->pool, filename);
+ }
if (!(handle = ap_os_dso_load(file))) {
const char *my_error = ap_os_dso_error();
Reference in a new issue View git blame Copy permalink