1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-25 00:51:21 +00:00
freebsd-ports/www/apache22
Olli Hauer 0220dfc0a3 - backport upstream security fixes
- fix build with SSL from ports [1]

SECURITY: CVE-2014-0118 (cve.mitre.org)

mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to
avoid denial of sevice via highly compressed bodies.  See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
DeflateInflateRatioBurst.

http://svn.apache.org/viewvc?view=revision&revision=1611426

SECURITY: CVE-2014-0226 (cve.mitre.org)

Fix a race condition in scoreboard handling,
which could lead to a heap buffer overflow.  Thanks to Marek Kroemeke
working with HP's Zero Day Initiative for reporting this.
* include/scoreboard.h: Add ap_copy_scoreboard_worker.
* server/scoreboard.c (ap_copy_scoreboard_worker): New function.
* modules/generators/mod_status.c (status_handler): Use it.

http://svn.apache.org/viewvc?view=revision&revision=1610515

SECURITY: CVE-2014-0231 (cve.mitre.org)

mod_cgid: Fix a denial of service against CGI scripts that do not consume
stdin that could lead to lingering HTTPD child processes filling up the
scoreboard and eventually hanging the server.

http://svn.apache.org/viewvc?view=revision&revision=1611185

[1] noted and testd by mat@

MFH:		2014Q3
Security:	f927e06c-1109-11e4-b090-20cf30e32f6d
		CVE-2014-0118
		CVE-2014-0231
		CVE-2014-0226
2014-07-24 20:22:08 +00:00
..
files - backport upstream security fixes 2014-07-24 20:22:08 +00:00
distinfo
Makefile - backport upstream security fixes 2014-07-24 20:22:08 +00:00
Makefile.doc
Makefile.modules
Makefile.options
pkg-descr
pkg-message
pkg-plist