diff options
author | bouyer <bouyer@pkgsrc.org> | 2005-10-19 20:30:20 +0000 |
---|---|---|
committer | bouyer <bouyer@pkgsrc.org> | 2005-10-19 20:30:20 +0000 |
commit | 6ef9e838e008cc033d586649bf85f035f7560530 (patch) | |
tree | f089e49d41398575603a08eebd101ed0c9895775 /archivers | |
parent | 3d0240dc4ed579f8bae6276ee68652a6e552c3ab (diff) | |
download | pkgsrc-6ef9e838e008cc033d586649bf85f035f7560530.tar.gz |
Update to 1.3.34. This is a security fix release, fix pkg/31868 by
Zafer Aydogan. Changes from 1.3.33:
*) hsregex: fix potential core dumping on 64 bit machines, such as
AMD64. PR 31858. [Glenn Strauss < gs-apache-dev gluelogic.com>]
*) SECURITY: core: If a request contains both Transfer-Encoding and
Content-Length headers, remove the Content-Length, mitigating some
HTTP Request Splitting/Spoofing attacks. This has no impact on
mod_proxy_http, yet affects any module which supports chunked
encoding yet fails to prefer T-E: chunked over the Content-Length
purported value. [Paul Querna, Joe Orton]
*) Added TraceEnable [on|off|extended] per-server directive to alter
the behavior of the TRACE method. This addresses a flaw in proxy
conformance to RFC 2616 - previously the proxy server would accept
a TRACE request body although the RFC prohibited it. The default
remains 'TraceEnable on'.
[William Rowe]
*) mod_digest: Fix another nonce string calculation issue.
[Eric Covener]
Diffstat (limited to 'archivers')
0 files changed, 0 insertions, 0 deletions