svn commit: r139 - in /release/httpd/patches: apply_to_2.2.15/CVE-2010-2068-r953616.patch apply_to_2.3.5/CVE-2010-2068-r953418.patch

[tr...@apache.org]

Author: trawick
Date: Mon Jun 14 19:53:52 2010
New Revision: 139

Log:
add commentary to avoid any confusion about affected
platforms due to presence of additional code in patch

Modified:
    release/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch
    release/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch

Modified: release/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch
==============================================================================
--- release/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch (original)
+++ release/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch Mon Jun 14 19:53:52 2010
@@ -6,6 +6,10 @@
 #
 # Only affects mod_proxy_http.c on Windows, Netware and OS2 platforms.
 #
+#     Note: This patch has an additional, platform-independent change to
+#     mark the back-end connection for closing ("backend->close = 1;").
+#     That code is not required to resolve CVE-2010-2068 on any platform.
+#
 # Is only triggered by proxy pools configured for timeouts shorter than the 
 # backend server response delay.
 #

Modified: release/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch
==============================================================================
--- release/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch (original)
+++ release/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch Mon Jun 14 19:53:52 2010
@@ -6,6 +6,10 @@
 #
 # Only affects mod_proxy_http.c on Windows, Netware and OS2 platforms.
 #
+#     Note: This patch has an additional, platform-independent change to
+#     mark the back-end connection for closing ("backend->close = 1;").
+#     That code is not required to resolve CVE-2010-2068 on any platform.
+#
 # Is only triggered by proxy pools configured for timeouts shorter than the 
 # backend server response delay.
 #