CVS Update: src

[Dan Brosemer <odin@akbar.cleannorth.org>]

CVSROOT:	/cvs
Module name:	src
Repository:	src/usr.sbin/httpd/src/modules/standard/
Changes by:	odin@akbar.cleannorth.org.	04/06/16 09:05:19

Modified files:
	src/usr.sbin/httpd/src/include/: http_core.h httpd.h 
	src/usr.sbin/httpd/src/main/: http_core.c http_log.c 
	                              http_protocol.c util.c 
	src/usr.sbin/httpd/src/modules/proxy/: proxy_http.c 
	src/usr.sbin/httpd/src/modules/ssl/: mod_ssl.h 
	                                     ssl_engine_kernel.c 
	                                     ssl_engine_rand.c 
	                                     ssl_util.c 
	src/usr.sbin/httpd/src/modules/standard/: mod_digest.c 

Log message:
	Multiple patches from OPENBSD_3_5
	
	MFC:
	Fix by brad@
	
	Apache does not filter terminal escape sequences from its error logs, which
	could make it easier for attackers to insert those sequences into terminal
	emulators containing vulnerabilities related to escape sequences.
	
	CAN-2003-0020
	
	MFC:
	Fix by brad@
	
	mod_digest for Apache does not properly verify the nonce of a client response
	by using a AuthNonce secret.
	
	CAN-2003-0987
	
	MFC:
	Fix by henning@
	
	SECURITY: CAN-2004-0492 (cve.mitre.org)
	Reject responses from a remote server if sent an invalid (negative)
	Content-Length.  [Mark Cox]
	
	MFC:
	Fix by otto@
	
	Use arc4random(3) to compute random numbers, instead of using rand()
	to produce a double, snprintf()ing that into a buffer and then
	converting the string to an int with atoi().
	
	MFC:
	Fix by henning@
	
	get changes from mod_ssl 2.8.18:
	
	*) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
	if the Subject-DN in the client certificate exceeds 6KB in length.
	(CVE CAN-2004-0488).
	
	*) Handle the case of OpenSSL retry requests after interrupted system
	calls during the SSL handshake phase.
	
	*) Remove some unused functions.
	
	ok henning@