head	1.2;
access;
symbols
	RELEASE_7_3_0:1.1
	RELEASE_8_0_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2010.05.06.23.10.19;	author pgollucci;	state dead;
branches;
next	1.1;

1.1
date	2009.06.08.05.11.09;	author pgollucci;	state Exp;
branches;
next	;


desc
@@


1.2
log
@- Regenerate patch files with make makepatch for they have
  piled up and additional patches conflict.
  This also will help when we try to syncronize www/apache20&www/apache22

With Hat:   apache@@
@
text
@Equal to the fix in the apr-util itself:
  http://svn.apache.org/viewvc/apr/apr/trunk/buckets/apr_brigade.c?r1=768417&r2=768416&pathrev=768417&view=patch

See discuission about original vulnerability at
  http://www.mail-archive.com/dev@@apr.apache.org/msg21592.html

--- srclib/apr-util/buckets/apr_brigade.c.orig	2009-06-06 12:32:12.000000000 +0400
+++ srclib/apr-util/buckets/apr_brigade.c	2009-06-06 12:35:30.000000000 +0400
@@@@ -689,9 +689,6 @@@@
       return -1;
     }
 
-    /* tack on null terminator to remaining string */
-    *(vd.vbuff.curpos) = '\0';
-
     /* write out what remains in the buffer */
     return apr_brigade_write(b, flush, ctx, buf, vd.vbuff.curpos - buf);
 }
@


1.1
log
@- Backport apr-util security fixes pending the 2.2.12 release (forthcomming)

Security:       http://www.vuxml.org/freebsd/eb9212f7-526b-11de-bbf2-001b77d09812
PR:             ports/135310
Submitted by:   Eygene Ryabinkin <rea-fbsd@@codelabs.ru>
With Hat:       apache
@
text
@@

