Sophie: apache-2.2.9-12.9mdv2009.0 src

apache-2.2.9-12.9mdv2009.0.src.rpm


 http://svn.apache.org/viewvc?view=rev&revision=779472

diff -Naurp httpd-2.2.11/include/http_core.h httpd-2.2.11.oden/include/http_core.h
--- httpd-2.2.11/include/http_core.h	2009-06-09 15:48:50.000000000 +0200
+++ httpd-2.2.11.oden/include/http_core.h	2009-06-09 15:48:16.000000000 +0200
@@ -73,16 +73,29 @@ extern "C" {
 #define OPT_EXECCGI 8
 /**  directive unset */
 #define OPT_UNSET 16
-/**  SSI exec= permission is permitted, iff OPT_INCLUDES is also set */
-#define OPT_INC_WITH_EXEC 32
+/**  IncludesNOEXEC directive */
+#define OPT_INCNOEXEC 32
 /** SymLinksIfOwnerMatch directive */
 #define OPT_SYM_OWNER 64
 /** MultiViews directive */
 #define OPT_MULTI 128
 /**  All directives */
-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI)
+#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INCNOEXEC|OPT_SYM_LINKS|OPT_EXECCGI)
 /** @} */
 
+#ifdef CORE_PRIVATE
+/* For internal use only - since 2.2.12, the OPT_INCNOEXEC bit is
+ * internally replaced by OPT_INC_WITH_EXEC.  The internal semantics
+ * of the two SSI-related bits are hence:
+ *
+ *  OPT_INCLUDES => "enable SSI, without exec= permission"
+ *  OPT_INC_WITH_EXEC => "iff OPT_INCLUDES is set, also enable exec="
+ *
+ * The set of options exposed via ap_allow_options() retains the
+ * semantics of OPT_INCNOEXEC by flipping the bit. */
+#define OPT_INC_WITH_EXEC OPT_INCNOEXEC
+#endif
+
 /**
  * @defgroup get_remote_host Remote Host Resolution 
  * @ingroup APACHE_CORE_HTTPD
diff -Naurp httpd-2.2.11/modules/filters/mod_include.c httpd-2.2.11.oden/modules/filters/mod_include.c
--- httpd-2.2.11/modules/filters/mod_include.c	2009-06-09 15:48:50.000000000 +0200
+++ httpd-2.2.11.oden/modules/filters/mod_include.c	2009-06-09 15:48:16.000000000 +0200
@@ -3564,7 +3564,7 @@ static apr_status_t includes_filter(ap_f
         intern->seen_eos = 0;
         intern->state = PARSE_PRE_HEAD;
         ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
-        if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) {
+        if (ap_allow_options(r) & OPT_INCNOEXEC) {
             ctx->flags |= SSI_FLAG_NO_EXEC;
         }
         intern->accessenable = conf->accessenable;
diff -Naurp httpd-2.2.11/server/core.c httpd-2.2.11.oden/server/core.c
--- httpd-2.2.11/server/core.c	2009-06-09 15:48:50.000000000 +0200
+++ httpd-2.2.11.oden/server/core.c	2009-06-09 15:48:16.000000000 +0200
@@ -661,7 +661,11 @@ AP_DECLARE(int) ap_allow_options(request
     core_dir_config *conf =
       (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module);
 
-    return conf->opts;
+    /* Per comment in http_core.h - the OPT_INC_WITH_EXEC bit is
+     * inverted, such that the exposed semantics match that of
+     * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not*
+     * permitted. */
+    return conf->opts ^ OPT_INC_WITH_EXEC;
 }
 
 AP_DECLARE(int) ap_allow_overrides(request_rec *r)