- Add fix for CAN-2005-2088

From Changelog:
  *) SECURITY: CAN-2005-2088
     core: If a request contains both Transfer-Encoding and Content-Length
     headers, remove the Content-Length, mitigating some HTTP Request
     Splitting/Spoofing attacks.  [Paul Querna, Joe Orton]

- Rename previous patch to CVE ID
- bump PORTREVISION

Security:       CAN-2005-2088
Obtained From: Apache repository

6 files changed, 42 insertions, 2 deletions

diff --git a/www/apache2/Makefile b/www/apache2/Makefile
index 1d81c75dde42..5990a90b46ec 100644
--- a/www/apache2/Makefile
+++ b/www/apache2/Makefile
@@ -9,7 +9,7 @@
 
 PORTNAME=	apache
 PORTVERSION=	2.0.54
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD} \
 		${MASTER_SITE_LOCAL:S/%SUBDIR%/clement/}:powerlogo
diff --git a/www/apache2/files/patch-secfix-ssl_engine_kernel.c b/www/apache2/files/patch-secfix-CAN-2005-1268
index 3b8be849954b..3b8be849954b 100644
--- a/www/apache2/files/patch-secfix-ssl_engine_kernel.c
+++ b/www/apache2/files/patch-secfix-CAN-2005-1268
diff --git a/www/apache2/files/patch-secfix-CAN-2005-2088 b/www/apache2/files/patch-secfix-CAN-2005-2088
new file mode 100644
index 000000000000..36fe17ad303c
--- /dev/null
+++ b/www/apache2/files/patch-secfix-CAN-2005-2088
@@ -0,0 +1,20 @@
+--- server/protocol.c	2005/07/14 16:49:17	219060
++++ server/protocol.c	2005/07/14 16:51:55	219061
+@@ -885,6 +885,15 @@
+             apr_brigade_destroy(tmp_bb);
+             return r;
+         }
++
++        if (apr_table_get(r->headers_in, "Transfer-Encoding")
++            && apr_table_get(r->headers_in, "Content-Length")) {
++            /* 2616 section 4.4, point 3: "if both Transfer-Encoding
++             * and Content-Length are received, the latter MUST be
++             * ignored"; so unset it here to prevent any confusion
++             * later. */
++            apr_table_unset(r->headers_in, "Content-Length");
++        }
+     }
+     else {
+         if (r->header_only) {
+
+
diff --git a/www/apache20/Makefile b/www/apache20/Makefile
index 1d81c75dde42..5990a90b46ec 100644
--- a/www/apache20/Makefile
+++ b/www/apache20/Makefile
@@ -9,7 +9,7 @@
 
 PORTNAME=	apache
 PORTVERSION=	2.0.54
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD} \
 		${MASTER_SITE_LOCAL:S/%SUBDIR%/clement/}:powerlogo
diff --git a/www/apache20/files/patch-secfix-ssl_engine_kernel.c b/www/apache20/files/patch-secfix-CAN-2005-1268
index 3b8be849954b..3b8be849954b 100644
--- a/www/apache20/files/patch-secfix-ssl_engine_kernel.c
+++ b/www/apache20/files/patch-secfix-CAN-2005-1268
diff --git a/www/apache20/files/patch-secfix-CAN-2005-2088 b/www/apache20/files/patch-secfix-CAN-2005-2088
new file mode 100644
index 000000000000..36fe17ad303c
--- /dev/null
+++ b/www/apache20/files/patch-secfix-CAN-2005-2088
@@ -0,0 +1,20 @@
+--- server/protocol.c	2005/07/14 16:49:17	219060
++++ server/protocol.c	2005/07/14 16:51:55	219061
+@@ -885,6 +885,15 @@
+             apr_brigade_destroy(tmp_bb);
+             return r;
+         }
++
++        if (apr_table_get(r->headers_in, "Transfer-Encoding")
++            && apr_table_get(r->headers_in, "Content-Length")) {
++            /* 2616 section 4.4, point 3: "if both Transfer-Encoding
++             * and Content-Length are received, the latter MUST be
++             * ignored"; so unset it here to prevent any confusion
++             * later. */
++            apr_table_unset(r->headers_in, "Content-Length");
++        }
+     }
+     else {
+         if (r->header_only) {
+
+