From: Eric Covener Date: Tue, 22 May 2012 21:42:41 +0000 (+0000) Subject: Merge r1296428 from trunk: X-Git-Tag: 2.2.23~172 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0962247686de712b747b1c2f7cc47865d0a316a2;p=thirdparty%2Fapache%2Fhttpd.git Merge r1296428 from trunk: Fix insecure handling of LD_LIBRARY_PATH that could lead to the current working directory to be searched for DSOs CVE-2012-0883 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1341651 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 53b98b851e4..4da3193addc 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.23 + *) SECURITY: CVE-2012-0883 (cve.mitre.org) + envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the + current working directory to be searched for DSOs. [Stefan Fritsch] + *) core: Fix building against PCRE 8.30 by switching from the obsolete pcre_info() to pcre_fullinfo(). PR 52623 [Ruediger Pluem, Rainer Jung] diff --git a/support/envvars-std.in b/support/envvars-std.in index cf50c5c75e5..9493bc749ca 100644 --- a/support/envvars-std.in +++ b/support/envvars-std.in @@ -18,7 +18,11 @@ # # This file is generated from envvars-std.in # -@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@" +if test "x$@SHLIBPATH_VAR@" != "x" ; then + @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@" +else + @SHLIBPATH_VAR@="@exp_libdir@" +fi export @SHLIBPATH_VAR@ # @OS_SPECIFIC_VARS@