httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1341651 - in /httpd/httpd/branches/2.2.x: CHANGES support/envvars-std.in
Date Tue, 22 May 2012 21:42:41 GMT
Author: covener
Date: Tue May 22 21:42:41 2012
New Revision: 1341651

URL: http://svn.apache.org/viewvc?rev=1341651&view=rev
Log:
Merge r1296428 from trunk:

Fix insecure handling of LD_LIBRARY_PATH that could lead to the
current working directory to be searched for DSOs

CVE-2012-0883


Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/support/envvars-std.in

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1341651&r1=1341650&r2=1341651&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue May 22 21:42:41 2012
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.23
 
+  *) SECURITY: CVE-2012-0883 (cve.mitre.org)
+     envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
+     current working directory to be searched for DSOs. [Stefan Fritsch]
+
   *) core: Fix building against PCRE 8.30 by switching from the obsolete
      pcre_info() to pcre_fullinfo(). PR 52623 [Ruediger Pluem, Rainer Jung]
 

Modified: httpd/httpd/branches/2.2.x/support/envvars-std.in
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/envvars-std.in?rev=1341651&r1=1341650&r2=1341651&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/support/envvars-std.in (original)
+++ httpd/httpd/branches/2.2.x/support/envvars-std.in Tue May 22 21:42:41 2012
@@ -18,7 +18,11 @@
 #
 # This file is generated from envvars-std.in
 #
-@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
+if test "x$@SHLIBPATH_VAR@" != "x" ; then
+  @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
+else
+  @SHLIBPATH_VAR@="@exp_libdir@"
+fi
 export @SHLIBPATH_VAR@
 #
 @OS_SPECIFIC_VARS@



Mime
View raw message