CVS log for ports/www/apache2/files/Attic/patch-modules:ssl:ssl_engine_kernel.c
![[BACK]](/gifs/back.gif){kind=small}
Up to [FreeBSD] / ports / www / apache2 / files
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Revision 1.2
Thu Jul 1 05:54:56 2004 UTC (7 years, 7 months ago) by clement
Branches: MAIN
CVS tags: HEAD
FILE REMOVED
Changes since revision 1.1: +0 -0 lines
- Update to 2.0.50
Important changes:
*) SECURITY: CAN-2004-0493 (cve.mitre.org)
Close a denial of service vulnerability identified by Georgi
Guninski which could lead to memory exhaustion with certain
input data. [Jeff Trawick]
*) SECURITY: CAN-2004-0488 (cve.mitre.org)
mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
(trusted) client certificate subject DN which exceeds 6K in length.
[Joe Orton]
Details can be found here:
http://www.apache.org/dist/httpd/CHANGES_2.0
- Use autoconf 2.59
- Add add SUEXEC_LOGFILE tunable to set suexec logfile [1]
- Silently ignore removal of libexec/apache2 directory
- Import latest version of apr_reslit.c from apr CVS which
adds timeout feature to apr_reslist_acquire().
This is required for future mod_logio-st.
- Add explicit dependency on libiconv (so nowwe support libiconv)
- Move Windows Update fix from MASTER_SITE_LOCAL to ports tree
- add WITH_EXPERIMENTAL_PATCHES knobs:
These patches are backports from apache CVS HEAD or apr CVS HEAD.
They have positive impacts on apache responsiveness but can be
instable
and are NOT currently supported by apache/apr teams.
* exp-http-ready.patch: add "httpready" support for ACCEPT_FILTER
(currently apache 2 only support "dataready")
* exp-apr-kqueue.patch: add support for kqueue in apr_poll().
This patch greatly improves apache network performance (up to
18% according to the author, on my test box, between 13% and 21%)
Test and feedback on -STABLE are welcome ;)
For more details, please see:
http://marc.theaimsgroup.com/?t=108650227500001&r=1&w=2
Submitted by: knu [1]
NOTE:
Please set MASTER_SITE_APACHE_HTTPD to closest mirrors.
you can easily find them from:
http://www.apache.org/dyn/closer.cgi/httpd/
Thanks :
Revision 1.1: download - view: text, markup, annotated - select for diffs
Fri May 28 15:27:02 2004 UTC (7 years, 8 months ago) by clement
Branches: MAIN
- Import security fix from Apache CVS... * modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer overflow in FakeBasicAuth code if client's subject DN exceeds 6K in length (CVE CAN-2004-0488); switch to using apr-util base64 encoder functions. - ... and of course bump PORTREVISION. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488 http://secunia.com/advisories/11534/ Reported by: Charles-Damien Orbello <tazma@cultdeadsheep.org>