+++ /dev/null
-http://bugs.gentoo.org/show_bug.cgi?id=118875
-
---- server/util.c (revision 330526)
-+++ server/util.c (working copy)
-@@ -1762,6 +1762,8 @@
- j += 3;
- else if (s[i] == '&')
- j += 4;
-+ else if (s[i] == '"')
-+ j += 5;
-
- if (j == 0)
- return apr_pstrmemdup(p, s, i);
-@@ -1780,6 +1782,10 @@
- memcpy(&x[j], "&", 5);
- j += 4;
- }
-+ else if (s[i] == '"') {
-+ memcpy(&x[j], """, 6);
-+ j += 5;
-+ }
- else
- x[j] = s[i];
-
---- modules/mappers/mod_imap.c (revision 330526)
-+++ modules/mappers/mod_imap.c (working copy)
-@@ -342,7 +342,7 @@
- if (!strcasecmp(value, "referer")) {
- referer = apr_table_get(r->headers_in, "Referer");
- if (referer && *referer) {
-- return apr_pstrdup(r->pool, referer);
-+ return ap_escape_html(r->pool, referer);
- }
- else {
- /* XXX: This used to do *value = '\0'; ... which is totally bogus
+++ /dev/null
-http://bugs.gentoo.org/show_bug.cgi?id=115324
-
---- modules/ssl/ssl_engine_kernel.c (Revision 368148)
-+++ modules/ssl/ssl_engine_kernel.c (Arbeitskopie)
-@@ -202,11 +202,14 @@
- }
-
- /*
-- * Check to see if SSL protocol is on
-+ * Check to see whether SSL is in use; if it's not, then no
-+ * further access control checks are relevant. (the test for
-+ * sc->enabled is probably strictly unnecessary)
- */
-- if (!(sc->enabled || ssl)) {
-+ if (!sc->enabled || !ssl) {
- return DECLINED;
- }
-+
- /*
- * Support for per-directory reconfigured SSL connection parameters.
- *