apply security fix

22 years ago · e672072ebf
2 changed files with 25 additions and 1 deletions
--- a/apache2/apache2.patch
+++ b/apache2/apache2.patch
@ -10,3 +10,27 @@
 	done; \
 	sort -u $$tmp > $@; \
 	rm -f $$tmp
+
+-----------------------------------------------------------------------------
+
+Security Fix:
+http://www.securityfocus.com/archive/1/374916/2004-09-10/2004-09-16/0
+
+Index: modules/ssl/ssl_engine_io.c
+--- modules/ssl/ssl_engine_io.c	2004/08/11 13:19:24	1.125
+++ modules/ssl/ssl_engine_io.c	2004/08/17 16:31:23	1.126
+@@ -564,8 +564,12 @@
+         *len = bytes;
+         if (inctx->mode == AP_MODE_SPECULATIVE) {
+             /* We want to rollback this read. */
+-            inctx->cbuf.value -= bytes;
+-            inctx->cbuf.length += bytes;
+            if (inctx->cbuf.length > 0) {
+                inctx->cbuf.value -= bytes;
+                inctx->cbuf.length += bytes;
+            } else {
+                char_buffer_write(&inctx->cbuf, buf, (int)bytes);
+            }
+             return APR_SUCCESS;
+         }
+         /* This could probably be *len == wanted, but be safe from stray
--- a/apache2/apache2.spec
+++ b/apache2/apache2.spec
@ -34,7 +34,7 @@ Class:        PLUS
 Group:        Web
 License:      ASF
 Version:      2.0.50
-Release:      20040730
+Release:      20040913

 #   package options (suexec related)
 %option       with_suexec               yes