Date: Tue, 26 Jul 2005 10:10:35 +0000 (UTC) From: Clement Laforet <clement@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files patch-secfix-CAN-2005-1268 patch-secfix-CAN-2005-2088 patch-secfix-ssl_engine_kernel.c ports/www/apache20 Makefile ports/www/apache20/files patch-secfix-CAN-2005-1268 patch-secfix-CAN-2005-2088 patch-secfix-ssl_engine_kernel.c Message-ID: <200507261010.j6QAAZGs015988@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
clement 2005-07-26 10:10:35 UTC
FreeBSD ports repository
Modified files:
www/apache2 Makefile
www/apache20 Makefile
Added files:
www/apache2/files patch-secfix-CAN-2005-1268
patch-secfix-CAN-2005-2088
www/apache20/files patch-secfix-CAN-2005-1268
patch-secfix-CAN-2005-2088
Removed files:
www/apache2/files patch-secfix-ssl_engine_kernel.c
www/apache20/files patch-secfix-ssl_engine_kernel.c
Log:
- Add fix for CAN-2005-2088
From Changelog:
*) SECURITY: CAN-2005-2088
core: If a request contains both Transfer-Encoding and Content-Length
headers, remove the Content-Length, mitigating some HTTP Request
Splitting/Spoofing attacks. [Paul Querna, Joe Orton]
- Rename previous patch to CVE ID
- bump PORTREVISION
Security: CAN-2005-2088
Obtained From: Apache repository
Revision Changes Path
1.223 +1 -1 ports/www/apache2/Makefile
1.1 +11 -0 ports/www/apache2/files/patch-secfix-CAN-2005-1268 (new)
1.1 +20 -0 ports/www/apache2/files/patch-secfix-CAN-2005-2088 (new)
1.2 +0 -11 ports/www/apache2/files/patch-secfix-ssl_engine_kernel.c (dead)
1.221 +1 -1 ports/www/apache20/Makefile
1.1 +11 -0 ports/www/apache20/files/patch-secfix-CAN-2005-1268 (new)
1.1 +20 -0 ports/www/apache20/files/patch-secfix-CAN-2005-2088 (new)
1.2 +0 -11 ports/www/apache20/files/patch-secfix-ssl_engine_kernel.c (dead)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507261010.j6QAAZGs015988>