Note:
* SECURITY: CVE-2011-3348 (cve.mitre.org)
mod_proxy_ajp when combined with mod_proxy_balancer: Prevents unrecognized
HTTP methods from marking ajp: balancer members in an error state, avoiding
denial of service.
* SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Further fixes to the handling of byte-range requests to use less
memory, to avoid denial of service. This patch includes fixes to the patch
introduced in release 2.2.20 for protocol compliance, as well as the
MaxRanges directive.
Note:
This commit is improving the openvpn package to build the included
plugins if possible (currently only the pam authentication plugin
if pam is installed), but also introducing the 'plugins_enabled'
variable within the openvpn.conf file which can be used to define
a space seperated list of plugins which should be build additionally.
This will offer a convinient way for targets which patch in custom
plugins to enable them within the build process of the package.
The only thing to do is to append the desired plugin to then list
stored within the $plugins_enabled variable.
Example: Adding 'myplugin' within a target specific 'openvpn.conf'
--------------------------------------------------------------------
var_append plugins_enabled ' ' "myplugin"
--------------------------------------------------------------------
Note:
This partially reverts commit cde2856ca0
because I wrongly assumed that the IDN support will be enabled by default,
which is not the case! As of glibc 2.11 only the sources of the glibc
libidn addon are included, but the addon itself is *NOT* enabled by
default. Thus I restored the old behavior besides the part for unpacking
the libidn addon sources.
Christian Wiese
Christian Wiese
Alejandro Mery
Alejandro Mery
Gernot Tenchio
Bastian Kummer