diff options
author | bouyer <bouyer@pkgsrc.org> | 2005-10-19 20:30:20 +0000 |
---|---|---|
committer | bouyer <bouyer@pkgsrc.org> | 2005-10-19 20:30:20 +0000 |
commit | 98d93c20139eb1795e0cb16cbdb17ad16712c051 (patch) | |
tree | f089e49d41398575603a08eebd101ed0c9895775 /www/ap-ssl | |
parent | a0109ad7f7a5a2bb93beadcf3609219570ddf94d (diff) | |
download | pkgsrc-98d93c20139eb1795e0cb16cbdb17ad16712c051.tar.gz |
Update to 1.3.34. This is a security fix release, fix pkg/31868 by
Zafer Aydogan. Changes from 1.3.33:
*) hsregex: fix potential core dumping on 64 bit machines, such as
AMD64. PR 31858. [Glenn Strauss < gs-apache-dev gluelogic.com>]
*) SECURITY: core: If a request contains both Transfer-Encoding and
Content-Length headers, remove the Content-Length, mitigating some
HTTP Request Splitting/Spoofing attacks. This has no impact on
mod_proxy_http, yet affects any module which supports chunked
encoding yet fails to prefer T-E: chunked over the Content-Length
purported value. [Paul Querna, Joe Orton]
*) Added TraceEnable [on|off|extended] per-server directive to alter
the behavior of the TRACE method. This addresses a flaw in proxy
conformance to RFC 2616 - previously the proxy server would accept
a TRACE request body although the RFC prohibited it. The default
remains 'TraceEnable on'.
[William Rowe]
*) mod_digest: Fix another nonce string calculation issue.
[Eric Covener]
Diffstat (limited to 'www/ap-ssl')
0 files changed, 0 insertions, 0 deletions