Date: Mon, 5 Jan 2009 16:18:20 +0800 (CST) From: Chen-Yu Tsai <wens@csie.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: clement@FreeBSD.org Subject: ports/130179: [PATCH] www/apache: Enable passing HTTP 'Authorization' headers as compile time option Message-ID: <200901050818.n058IKZm092909@aqua.pixnet.tw> Resent-Message-ID: <200901050840.n058e2aS090289@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 130179
>Category: ports
>Synopsis: [PATCH] www/apache: Enable passing HTTP 'Authorization' headers as compile time option
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 05 08:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Chen-Yu Tsai
>Release: FreeBSD 7.1-PRERELEASE amd64
>Organization:
>Environment:
System: FreeBSD aqua 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #4: Wed Dec 24 17:04:40 CST 2008
>Description:
By default Apache does not pass the HTTP 'Authorization' header to
other modules, handlers, CGI, etc.. However there is a compile time
macro 'SECURITY_HOLE_PASS_AUTHORIZATION' that enables apache to
include the content of the header in the environment. This patch
creates an option, when turned on, will define the mentioned macro.
Port maintainer (clement@FreeBSD.org) is cc'd.
Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:
--- apache-2.2.11.patch begins here ---
diff -ruN --exclude=CVS /.amd_mnt/10.1.1.100/vol/home/admin/wens/www/apache22.orig/Makefile /.amd_mnt/10.1.1.100/vol/home/admin/wens/www/apache22/Makefile
--- /.amd_mnt/10.1.1.100/vol/home/admin/wens/www/apache22.orig/Makefile 2009-01-05 14:55:16.110421000 +0800
+++ /.amd_mnt/10.1.1.100/vol/home/admin/wens/www/apache22/Makefile 2009-01-05 15:55:38.423426000 +0800
@@ -63,6 +63,7 @@
SQLITE "Enable SQLite support for apr-dbd" Off \
IPV6 "Enable IPv6 support" On \
BDB "Enable BerkeleyDB dbm" Off \
+ PASS_AUTHORIZATION "Pass HTTP authorization header" Off \
SVN "Enable Subversion support" Off
.include "${APACHEDIR}/Makefile.options"
.endif
@@ -174,6 +175,10 @@
. endif
.endif
+.if defined(WITH_PASS_AUTHORIZATION)
+CFLAGS+= -DSECURITY_HOLE_PASS_AUTHORIZATION
+.endif
+
CONFIGURE_ARGS+= --with-mpm=${WITH_MPM:L}
pre-everything::
diff -ruN --exclude=CVS /.amd_mnt/10.1.1.100/vol/home/admin/wens/www/apache22.orig/Makefile.doc /.amd_mnt/10.1.1.100/vol/home/admin/wens/www/apache22/Makefile.doc
--- /.amd_mnt/10.1.1.100/vol/home/admin/wens/www/apache22.orig/Makefile.doc 2009-01-05 14:55:16.094417000 +0800
+++ /.amd_mnt/10.1.1.100/vol/home/admin/wens/www/apache22/Makefile.doc 2009-01-04 23:50:33.446503000 +0800
@@ -73,6 +73,8 @@
## to "-O0 -g -ggdb3" or ${DEBUG_FLAGS} and
## defines WITH_EXCEPTION_HOOK too)
## WITH_EXCEPTION_HOOK: Enable fatal exception hook
+## WITH_PASS_AUTHORIZATION: Passes the HTTP "Authorization" headers in
+## the environment
##
## Optionnal patches:
## WITH_EXPERIMENTAL_PATCHES Add performance patches (generally backported
--- apache-2.2.11.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901050818.n058IKZm092909>