Am 15.04.2015 um 21:49 schrieb cove...@apache.org:
Author: covener
Date: Wed Apr 15 19:49:31 2015
New Revision: 1673940
URL: http://svn.apache.org/r1673940
Log:
Merge r1666297 from trunk:
ssl_util: Fix possible crash (free => OPENSSL_free) and error path leaks when
checking the server certificate constraints (SSL_X509_getBC()).
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ssl.c
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1673940&r1=1673939&r2=1673940&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Wed Apr 15 19:49:31 2015
@@ -12,6 +12,13 @@ Changes with Apache 2.4.13
calls r:wsupgrade() can cause a child process crash.
[Edward Lu <Chaosed0 gmail.com>]
+ *) mod_ssl: Fix possible crash when loading server certificate constraints.
+ PR 57694. [Paul Spangler <paul.spangler ni com>, Yann Ylavic]
+
+ *) core, modules: Avoid error response/document handling by the core if some
+ handler or input filter already did it while reading the request (causing
+ a double response body). [Yann Ylavic]
+
*) build: Don't load mod_cgi and mod_cgid in the default configuration
if they're both built. [olli hauer <ohauer gmx.de>]
Is the second (core) entry intentional or a merge error?
Regards,
Rainer
