cvs commit: ports/www/apache2 Makefile ports/www/apache2/files
patch-secfix-CAN-2005-1268 patch-secfix-CAN-2005-2088
patch-secfix-ssl_engine_kernel.c
ports/www/apache20 Makefile ports/www/apache20/files
patch-secfix-CAN-2005-1268 patch-secfix-CAN-2005-2088
patch-secfix-ssl_engine_kernel.c
Clement Laforet
clement at FreeBSD.org
Tue Jul 26 10:10:35 GMT 2005
clement 2005-07-26 10:10:35 UTC
FreeBSD ports repository
Modified files:
www/apache2 Makefile
www/apache20 Makefile
Added files:
www/apache2/files patch-secfix-CAN-2005-1268
patch-secfix-CAN-2005-2088
www/apache20/files patch-secfix-CAN-2005-1268
patch-secfix-CAN-2005-2088
Removed files:
www/apache2/files patch-secfix-ssl_engine_kernel.c
www/apache20/files patch-secfix-ssl_engine_kernel.c
Log:
- Add fix for CAN-2005-2088
From Changelog:
*) SECURITY: CAN-2005-2088
core: If a request contains both Transfer-Encoding and Content-Length
headers, remove the Content-Length, mitigating some HTTP Request
Splitting/Spoofing attacks. [Paul Querna, Joe Orton]
- Rename previous patch to CVE ID
- bump PORTREVISION
Security: CAN-2005-2088
Obtained From: Apache repository
Revision Changes Path
1.223 +1 -1 ports/www/apache2/Makefile
1.1 +11 -0 ports/www/apache2/files/patch-secfix-CAN-2005-1268 (new)
1.1 +20 -0 ports/www/apache2/files/patch-secfix-CAN-2005-2088 (new)
1.2 +0 -11 ports/www/apache2/files/patch-secfix-ssl_engine_kernel.c (dead)
1.221 +1 -1 ports/www/apache20/Makefile
1.1 +11 -0 ports/www/apache20/files/patch-secfix-CAN-2005-1268 (new)
1.1 +20 -0 ports/www/apache20/files/patch-secfix-CAN-2005-2088 (new)
1.2 +0 -11 ports/www/apache20/files/patch-secfix-ssl_engine_kernel.c (dead)
More information about the cvs-all
mailing list