From: dgaudet Date: Fri, 27 Jun 1997 02:09:15 +0000 (+0000) Subject: PR#752: make clean is more aggressive X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=117a14075aa00971f613a31f6a13b75a99d4232f;p=thirdparty%2Fapache%2Fhttpd.git PR#752: make clean is more aggressive git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3@78383 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/APACHE_1_2_X/src/CHANGES b/APACHE_1_2_X/src/CHANGES index 3624094d8b7..0caa687fe53 100644 --- a/APACHE_1_2_X/src/CHANGES +++ b/APACHE_1_2_X/src/CHANGES @@ -1,4 +1,19 @@ Changes with Apache 1.2.1 + + *) "make clean" at the top level now removes *.o. [Dean Gaudet] PR#752 + + *) Don't serve file system objects unless they are plain files, symlinks, + or directories. This prevents local users from using pipes or + named sockets to invoke programs for an extremely crude form of + CGI. [Dean Gaudet] + + *) HeaderName and ReadmeName were settable in .htaccess and could + contain "../" allowing a local user to "publish" any file on the + system. No slashes are allowed now. [Dean Gaudet] + + *) It was possible to violate the symlink Options using mod_dir (headers, + readmes, titles), mod_negotiation (type maps), or mod_cern_meta + (meta files). [Dean Gaudet] *) Update Unixware support for 2.1.2. [Lawrence Rosenman ] PR#511 diff --git a/APACHE_1_2_X/src/Makefile.tmpl b/APACHE_1_2_X/src/Makefile.tmpl index 54352ace964..aa6972e75e7 100644 --- a/APACHE_1_2_X/src/Makefile.tmpl +++ b/APACHE_1_2_X/src/Makefile.tmpl @@ -36,7 +36,7 @@ modules/last-built: $(MAKE) CC=$(CC) AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)') clean: - rm -f httpd $(OBJS) + rm -f httpd *.o core cd regex; $(MAKE) clean cd modules; $(MAKE) clean