diff options
Diffstat (limited to 'main/apache2')
| -rw-r--r-- | main/apache2/CVE-2016-5387.patch | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/main/apache2/CVE-2016-5387.patch b/main/apache2/CVE-2016-5387.patch deleted file mode 100644 index 494afef17c..0000000000 --- a/main/apache2/CVE-2016-5387.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- a/server/util_script.c (revision 1752426) -+++ b/server/util_script.c (working copy) -@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r - else if (!strcasecmp(hdrs[i].key, "Content-length")) { - apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val); - } -+ /* HTTP_PROXY collides with a popular envvar used to configure -+ * proxies, don't let clients set/override it. But, if you must... -+ */ -+#ifndef SECURITY_HOLE_PASS_PROXY -+ else if (!strcasecmp(hdrs[i].key, "Proxy")) { -+ ; -+ } -+#endif - /* - * You really don't want to disable this check, since it leaves you - * wide open to CGIs stealing passwords and people viewing them |