From: William A. Rowe Jr <wrowe@apache.org>
Date: Fri, 15 Jul 2005 18:32:54 +0000 (+0000)
Subject:   Backported a few already
X-Git-Tag: 2.1.7~19
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=be88b3150c75e6e3a4c48f2b4a323cf803f9767e;p=apache

  Backported a few already

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219231 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 832ed1d96f..e9c47a2e5d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,11 +3,10 @@ Changes with Apache 2.1.7
 
   *) SECURITY: CAN-2005-2088
      proxy: Correctly handle the Transfer-Encoding and Content-Length
-     headers, discard the request Content-Length whenever T-E: chunked
+     headers.  Discard the request Content-Length whenever T-E: chunked
      is used, always passing one of either C-L or T-E: chunked whenever 
-     the request includes a request body, and no longer upgrade HTTP/1.0 
-     requests to the origin server as HTTP/1.1.  Resolves an entire class
-     of proxy HTTP Request Splitting/Spoofing attacks.  [William Rowe]
+     the request includes a request body.  Resolves an entire class of
+     proxy HTTP Request Splitting/Spoofing attacks.  [William Rowe]
 
   *) Added TraceEnable [on|off|extended] per-server directive to alter
      the behavior of the TRACE method.  This addresses a flaw in proxy
@@ -34,19 +33,9 @@ Changes with Apache 2.1.7
 
 Changes with Apache 2.1.6
 
-  *) SECURITY: CAN-2005-2088
-     core: If a request contains both Transfer-Encoding and Content-Length
-     headers, remove the Content-Length, mitigating some HTTP Request 
-     Splitting/Spoofing attacks.  [Paul Querna]
-
   *) Fix htdbm password validation for records which included comments.
      [Eric Covener <covener gmail.com>]
 
-  *) proxy HTTP: If a response contains both Transfer-Encoding and a 
-     Content-Length, remove the Content-Length and don't reuse the
-     connection, mitigating some HTTP Response Splitting attacks.
-     [Jeff Trawick]
-
   *) mod_cgid: Fix buffer overflow processing ScriptSock directive.
      [Steve Kemp <steve steve.org.uk>]
 
@@ -773,6 +762,16 @@ Changes with Apache 2.1.1
 
 Changes with Apache 2.0.55
 
+  *) SECURITY: CAN-2005-2088
+     core: If a request contains both Transfer-Encoding and Content-Length
+     headers, remove the Content-Length, mitigating some HTTP Request 
+     Splitting/Spoofing attacks.  [Paul Querna, Joe Orton]
+
+  *) proxy HTTP: If a response contains both Transfer-Encoding and a 
+     Content-Length, remove the Content-Length and don't reuse the
+     connection, mitigating some HTTP Response Splitting attacks.
+     [Jeff Trawick]
+
   *) SECURITY: CAN-2005-1268 (cve.mitre.org)
      mod_ssl: Fix off-by-one overflow whilst printing CRL information
      at "LogLevel debug" which could be triggered if configured