Olli Hauer 0220dfc0a3 - backport upstream security fixes ... - fix build with SSL from ports [1] SECURITY: CVE-2014-0118 (cve.mitre.org) mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of sevice via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. http://svn.apache.org/viewvc?view=revision&revision=1611426 SECURITY: CVE-2014-0226 (cve.mitre.org) Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting this. * include/scoreboard.h: Add ap_copy_scoreboard_worker. * server/scoreboard.c (ap_copy_scoreboard_worker): New function. * modules/generators/mod_status.c (status_handler): Use it. http://svn.apache.org/viewvc?view=revision&revision=1610515 SECURITY: CVE-2014-0231 (cve.mitre.org) mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. http://svn.apache.org/viewvc?view=revision&revision=1611185 [1] noted and testd by mat@ MFH: 2014Q3 Security: f927e06c-1109-11e4-b090-20cf30e32f6d CVE-2014-0118 CVE-2014-0231 CVE-2014-0226		2014-07-24 20:22:08 +00:00
..
files	- backport upstream security fixes	2014-07-24 20:22:08 +00:00
distinfo	- update to version 2.2.27	2014-03-27 05:28:11 +00:00
Makefile	- backport upstream security fixes	2014-07-24 20:22:08 +00:00
Makefile.doc	- support staging	2013-10-27 17:40:21 +00:00
Makefile.modules	- support staging	2013-10-27 17:40:21 +00:00
Makefile.options
pkg-descr
pkg-message	- reflect new preferred apache version	2014-07-13 15:58:45 +00:00
pkg-plist	- strip files	2014-07-08 21:31:49 +00:00