diff --git a/apache2.changes b/apache2.changes index 64a3a36..dced312 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Fri Aug 31 12:37:27 CEST 2007 - poeml@suse.de + +- replace httpd-2.2.3-AddDirectoryIndexCharset.patch with the upstream + solution, httpd-2.2.4-mod_autoindex-charset-r570962.patch [#153557] + (backport from 2.2.6) + * Merge r570532, r570535, r570558 from trunk: + IndexOptions ContentType=text/html Charset=UTF-8 magic. + http://svn.apache.org/viewvc?rev=570962&view=rev + http://issues.apache.org/bugzilla/show_bug.cgi?id=42105 + This means that the AddDirectoryIndexCharset is no longer + available. Instead, IndexOptions Charset=xyz can be used. + +------------------------------------------------------------------- +Fri Aug 31 11:42:58 CEST 2007 - poeml@suse.de + +- remove libexpat-devel in the build service version of the package +- apply apache2-mod_cache-CVE-2007-1863.patch (patch 152) in the + buildservice package +- don't apply mod_dbd.c-issue18989-autoconnect.dif, since it + patches only modules/database/mod_dbd.c which is replaced with + trunk version anyway + ------------------------------------------------------------------- Thu Aug 23 11:27:19 CEST 2007 - mskibbe@suse.de diff --git a/apache2.spec b/apache2.spec index 5553ce2..6e3bf7a 100644 --- a/apache2.spec +++ b/apache2.spec @@ -55,7 +55,7 @@ License: The Apache Software License Group: Productivity/Networking/Web/Servers %define realver 2.2.4 Version: 2.2.4 -Release: 57 +Release: 59 #Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2 Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2 Source10: SUSE-NOTICE @@ -107,7 +107,7 @@ Patch23: httpd-2.1.9-apachectl.dif Patch65: httpd-2.0.49-log_server_status.dif Patch66: httpd-2.0.54-envvars.dif Patch67: httpd-2.2.0-apxs-a2enmod.dif -Patch68: httpd-2.2.3-AddDirectoryIndexCharset.patch +Patch68: httpd-2.2.4-mod_autoindex-charset-r570962.patch Patch69: httpd-2.2.x.doublefree.patch Patch150: mod_dbd.c-issue18989-autoconnect.dif Patch151: apache2-mod_status-CVE-2006-5752.patch @@ -321,7 +321,7 @@ Authors: %patch65 -p1 %patch66 -p1 %patch67 -p1 -%patch68 -p1 +%patch68 -p0 %patch69 -p0 %patch151 -p0 %patch152 -p0 @@ -1060,6 +1060,23 @@ if ! test -f /.buildenv; then fi %changelog +* Fri Aug 31 2007 - poeml@suse.de +- replace httpd-2.2.3-AddDirectoryIndexCharset.patch with the upstream + solution, httpd-2.2.4-mod_autoindex-charset-r570962.patch [#153557] + (backport from 2.2.6) + * Merge r570532, r570535, r570558 from trunk: + IndexOptions ContentType=text/html Charset=UTF-8 magic. + http://svn.apache.org/viewvc?rev=570962&view=rev + http://issues.apache.org/bugzilla/show_bug.cgi?id=42105 + This means that the AddDirectoryIndexCharset is no longer + available. Instead, IndexOptions Charset=xyz can be used. +* Fri Aug 31 2007 - poeml@suse.de +- remove libexpat-devel in the build service version of the package +- apply apache2-mod_cache-CVE-2007-1863.patch (patch 152) in the + buildservice package +- don't apply mod_dbd.c-issue18989-autoconnect.dif, since it + patches only modules/database/mod_dbd.c which is replaced with + trunk version anyway * Thu Aug 23 2007 - mskibbe@suse.de - Bug 289996 - VUL-0: mod_status XSS in public server status page - Bug 289997 - VUL-0: apache2: mod_cache remote denial of service diff --git a/httpd-2.2.3-AddDirectoryIndexCharset.patch b/httpd-2.2.3-AddDirectoryIndexCharset.patch deleted file mode 100644 index 563be1c..0000000 --- a/httpd-2.2.3-AddDirectoryIndexCharset.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff -uNr httpd-2.2.3.orig/modules/generators/mod_autoindex.c httpd-2.2.3/modules/generators/mod_autoindex.c ---- httpd-2.2.3.orig/modules/generators/mod_autoindex.c 2006-07-12 05:38:44.000000000 +0200 -+++ httpd-2.2.3/modules/generators/mod_autoindex.c 2006-12-21 10:32:01.478754000 +0100 -@@ -130,6 +130,7 @@ - int icon_height; - char default_keyid; - char default_direction; -+ char *fs_charset; - - apr_array_header_t *icon_list; - apr_array_header_t *alt_list; -@@ -556,6 +557,9 @@ - AP_INIT_ITERATE2("AddAltByEncoding", add_alt, BY_ENCODING, DIR_CMD_PERMS, - "alternate descriptive text followed by one or more " - "content encodings"), -+ AP_INIT_TAKE1("AddDirectoryIndexCharset", ap_set_string_slot, -+ (void *)APR_OFFSETOF(autoindex_config_rec, fs_charset), -+ DIR_CMD_PERMS, "alternative encoding of filenames, if not utf-8"), - AP_INIT_TAKE_ARGV("IndexOptions", add_opts, NULL, DIR_CMD_PERMS, - "one or more index options [+|-][]"), - AP_INIT_TAKE2("IndexOrderDefault", set_default_order, NULL, DIR_CMD_PERMS, -@@ -617,6 +621,8 @@ - : base->default_icon; - new->style_sheet = add->style_sheet ? add->style_sheet - : base->style_sheet; -+ new->fs_charset = add->fs_charset ? add->fs_charset -+ : base->fs_charset; - new->icon_height = add->icon_height ? add->icon_height : base->icon_height; - new->icon_width = add->icon_width ? add->icon_width : base->icon_width; - -@@ -1978,11 +1984,15 @@ - return HTTP_FORBIDDEN; - } - --#if APR_HAS_UNICODE_FS -- ap_set_content_type(r, "text/html;charset=utf-8"); --#else -- ap_set_content_type(r, "text/html"); --#endif -+ if (autoindex_conf->fs_charset != NULL) { -+ ap_set_content_type(r, apr_pstrcat(r->pool, -+ "text/html;charset=", -+ autoindex_conf->fs_charset, -+ NULL)); -+ } else { -+ ap_set_content_type(r, "text/html;charset=utf-8"); -+ } -+ - if (autoindex_opts & TRACK_MODIFIED) { - ap_update_mtime(r, r->finfo.mtime); - ap_set_last_modified(r); diff --git a/httpd-2.2.4-mod_autoindex-charset-r570962.patch b/httpd-2.2.4-mod_autoindex-charset-r570962.patch new file mode 100644 index 0000000..ecba3e3 --- /dev/null +++ b/httpd-2.2.4-mod_autoindex-charset-r570962.patch @@ -0,0 +1,75 @@ +Index: modules/generators/mod_autoindex.c +=================================================================== +--- modules/generators/mod_autoindex.c (revision 570961) ++++ modules/generators/mod_autoindex.c (revision 570962) +@@ -138,6 +138,8 @@ + apr_array_header_t *hdr_list; + apr_array_header_t *rdme_list; + ++ char *ctype; ++ char *charset; + } autoindex_config_rec; + + static char c_by_encoding, c_by_type, c_by_path; +@@ -476,6 +478,12 @@ + d_cfg->desc_adjust = K_NOADJUST; + } + } ++ else if (!strncasecmp(w, "Type=", 5)) { ++ d_cfg->ctype = apr_pstrdup(cmd->pool, &w[5]); ++ } ++ else if (!strncasecmp(w, "Charset=", 8)) { ++ d_cfg->charset = apr_pstrdup(cmd->pool, &w[8]); ++ } + else { + return "Invalid directory indexing option"; + } +@@ -620,6 +628,9 @@ + new->icon_height = add->icon_height ? add->icon_height : base->icon_height; + new->icon_width = add->icon_width ? add->icon_width : base->icon_width; + ++ new->ctype = add->ctype ? add->ctype : base->ctype; ++ new->charset = add->charset ? add->charset : base->charset; ++ + new->alt_list = apr_array_append(p, add->alt_list, base->alt_list); + new->ign_list = apr_array_append(p, add->ign_list, base->ign_list); + new->hdr_list = apr_array_append(p, add->hdr_list, base->hdr_list); +@@ -1971,6 +1982,8 @@ + char *colargs; + char *fullpath; + apr_size_t dirpathlen; ++ char *ctype = "text/html"; ++ char *charset; + + if ((status = apr_dir_open(&thedir, name, r->pool)) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, +@@ -1978,11 +1991,27 @@ + return HTTP_FORBIDDEN; + } + ++ if (autoindex_conf->ctype) { ++ ctype = autoindex_conf->ctype; ++ } ++ if (autoindex_conf->charset) { ++ charset = autoindex_conf->charset; ++ } ++ else { + #if APR_HAS_UNICODE_FS +- ap_set_content_type(r, "text/html;charset=utf-8"); ++ charset = "UTF-8"; + #else +- ap_set_content_type(r, "text/html"); ++ charset = "ISO-8859-1"; + #endif ++ } ++ if (*charset) { ++ ap_set_content_type(r, apr_pstrcat(r->pool, ctype, ";charset=", ++ charset, NULL)); ++ } ++ else { ++ ap_set_content_type(r, ctype); ++ } ++ + if (autoindex_opts & TRACK_MODIFIED) { + ap_update_mtime(r, r->finfo.mtime); + ap_set_last_modified(r);