Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 64684 invoked from network); 18 Dec 2005 11:18:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 18 Dec 2005 11:18:05 -0000 Received: (qmail 86505 invoked by uid 500); 18 Dec 2005 11:18:04 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 86278 invoked by uid 500); 18 Dec 2005 11:18:03 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 86262 invoked by uid 99); 18 Dec 2005 11:18:02 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 18 Dec 2005 03:18:02 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Sun, 18 Dec 2005 03:18:01 -0800 Received: (qmail 64514 invoked by uid 65534); 18 Dec 2005 11:17:41 -0000 Message-ID: <20051218111741.64513.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r357454 - in /httpd/httpd/branches/2.0.x: CHANGES modules/http/http_core.c Date: Sun, 18 Dec 2005 11:17:40 -0000 To: cvs@httpd.apache.org From: rpluem@apache.org X-Mailer: svnmailer-1.0.5 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: rpluem Date: Sun Dec 18 03:17:32 2005 New Revision: 357454 URL: http://svn.apache.org/viewcvs?rev=357454&view=rev Log: Backport of r357328 from trunk: * Fix ap_http_chunk_filter to create correct chunks in the case that a flush bucket is pre- and postfixed by data buckets in the brigade. Submitted by: Ruediger Pluem Reviewed by: Justin Erenkrantz, Joe Orton, Jim Jagielski Modified: httpd/httpd/branches/2.0.x/CHANGES httpd/httpd/branches/2.0.x/modules/http/http_core.c Modified: httpd/httpd/branches/2.0.x/CHANGES URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=357454&r1=357453&r2=357454&view=diff ============================================================================== --- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original) +++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Sun Dec 18 03:17:32 2005 @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.0.56 + *) Chunk filter: Fix chunk filter to create correct chunks in the case that + a flush bucket is surrounded by data buckets. [Ruediger Pluem] + *) SECURITY: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to Modified: httpd/httpd/branches/2.0.x/modules/http/http_core.c URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/modules/http/http_core.c?rev=357454&r1=357453&r2=357454&view=diff ============================================================================== --- httpd/httpd/branches/2.0.x/modules/http/http_core.c (original) +++ httpd/httpd/branches/2.0.x/modules/http/http_core.c Sun Dec 18 03:17:32 2005 @@ -124,6 +124,8 @@ } if (APR_BUCKET_IS_FLUSH(e)) { flush = e; + more = apr_brigade_split(b, APR_BUCKET_NEXT(e)); + break; } else if (e->length == (apr_size_t)-1) { /* unknown amount of data (e.g. a pipe) */