From owner-cvs-all@FreeBSD.ORG  Thu May 13 00:30:20 2010
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 22B5C1065670;
	Thu, 13 May 2010 00:30:20 +0000 (UTC)
	(envelope-from pgollucci@FreeBSD.org)
Received: from repoman.freebsd.org (unknown [IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 1119F8FC1A;
	Thu, 13 May 2010 00:30:20 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o4D0UJnq098801;
	Thu, 13 May 2010 00:30:19 GMT
	(envelope-from pgollucci@repoman.freebsd.org)
Received: (from pgollucci@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o4D0UJkF098800;
	Thu, 13 May 2010 00:30:19 GMT (envelope-from pgollucci)
Message-Id: <201005130030.o4D0UJkF098800@repoman.freebsd.org>
From: "Philip M. Gollucci" <pgollucci@FreeBSD.org>
Date: Thu, 13 May 2010 00:30:19 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/www/apache20 Makefile ports/www/apache20/files
 patch-CVE-2008-2364 patch-CVE-2009-3555 patch-CVE-2010-0434
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2010 00:30:20 -0000

pgollucci    2010-05-13 00:30:19 UTC

  FreeBSD ports repository

  Modified files:
    www/apache20         Makefile 
    www/apache20/files   patch-CVE-2009-3555 
  Added files:
    www/apache20/files   patch-CVE-2008-2364 patch-CVE-2010-0434 
  Log:
  - Fix openssl rengotiation patch [1]
  - Fix the openssl from ports flag
  - Bump PORTREVISION
  - Also patch 2 more CVEs
  
   *) SECURITY: CVE-2010-0434 (cve.mitre.org)
       Ensure each subrequest has a shallow copy of headers_in so that the
       parent request headers are not corrupted.  Elimiates a problematic
       optimization in the case of no request body.  PR 48359
       [Jake Scott, William Rowe, Ruediger Pluem]
  
    *) SECURITY: CVE-2008-2364 (cve.mitre.org)
       mod_proxy_http: Better handling of excessive interim responses
       from origin server to prevent potential denial of service and high
       memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
       Joe Orton, Jim Jagielski]
  
  PR:             ports/146389 [1]
  Submitted by:   several [1]
  With Hat:       apache@
  
  Revision  Changes    Path
  1.278     +2 -2      ports/www/apache20/Makefile
  1.1       +62 -0     ports/www/apache20/files/patch-CVE-2008-2364 (new)
  1.2       +73 -271   ports/www/apache20/files/patch-CVE-2009-3555
  1.1       +11 -0     ports/www/apache20/files/patch-CVE-2010-0434 (new)