head	1.2;
access;
symbols
	RELEASE_6_0_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2005.10.14.13.54.09;	author clement;	state dead;
branches;
next	1.1;

1.1
date	2005.07.26.10.10.35;	author clement;	state Exp;
branches;
next	;


desc
@@


1.2
log
@- Update to 2.0.55
@
text
@--- modules/ssl/ssl_engine_kernel.c	2005/06/08 09:00:24	189561
+++ modules/ssl/ssl_engine_kernel.c	2005/06/08 09:08:09	189562
@@@@ -1398,7 +1398,7 @@@@
             BIO_printf(bio, ", nextUpdate: ");
             ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
 
-            n = BIO_read(bio, buff, sizeof(buff));
+            n = BIO_read(bio, buff, sizeof(buff) - 1);
             buff[n] = '\0';
 
             BIO_free(bio);
@


1.1
log
@- Add fix for CAN-2005-2088
From Changelog:
  *) SECURITY: CAN-2005-2088
     core: If a request contains both Transfer-Encoding and Content-Length
     headers, remove the Content-Length, mitigating some HTTP Request
     Splitting/Spoofing attacks.  [Paul Querna, Joe Orton]

- Rename previous patch to CVE ID
- bump PORTREVISION

Security:       CAN-2005-2088
Obtained From: Apache repository
@
text
@@

