aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Isaksen <d@duniel.no>2017-09-20 17:42:53 +0000
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2017-09-21 11:14:23 +0300
commit6113fd53b8d6aa8846f017a77ea8482c9d44469b (patch)
tree3cbe30dcb3f36876a820b64e4fb5999a6bc83e95
parent2f060253d9da280e5a4fc3ca510d94d2357c5355 (diff)
downloadaports-6113fd53b8d6aa8846f017a77ea8482c9d44469b.tar.bz2
aports-6113fd53b8d6aa8846f017a77ea8482c9d44469b.tar.xz
main/apache2: fix CVE-2017-9798 aka Optionsbleed
-rw-r--r--main/apache2/APKBUILD6
-rw-r--r--main/apache2/optionsbleed.patch15
2 files changed, 20 insertions, 1 deletions
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD
index 304c4688cc..42031a5695 100644
--- a/main/apache2/APKBUILD
+++ b/main/apache2/APKBUILD
@@ -3,7 +3,7 @@
pkgname=apache2
_pkgreal=httpd
pkgver=2.4.27
-pkgrel=0
+pkgrel=1
pkgdesc="A high performance Unix-based HTTP server"
url="http://httpd.apache.org/"
arch="all"
@@ -26,6 +26,7 @@ subpackages="$pkgname-dev
$pkgname-utils
$pkgname-webdav"
source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
+ optionsbleed.patch
apache2.confd
apache2.logrotate
apache2.initd
@@ -60,6 +61,8 @@ _builddir="$srcdir"/$_pkgreal-$pkgver
# - CVE-2017-7679
# 2.4.27-r0:
# - CVE-2017-9789
+# 2.4.27-r1:
+# - CVE-2017-9798
prepare() {
cd "$_builddir"
@@ -283,6 +286,7 @@ _lua() {
"$subpkgdir"/etc/apache2/conf.d/lua.conf || return 1
}
sha512sums="7e7e8070715b74cb6890096a74e194f4c6a49c14bda685b1ad832e84312f1ac4316ea03a430e679502bfd8e1853aefa544ee002a20d0f7e994b9a590c74bc42c httpd-2.4.27.tar.bz2
+11582354ef82be7c1f71b44f135dd15d99c3945a2aa52e9d3213119024a9cf83a137251a730c186a416ecfd57cc4acfc166ce2c27023988b22b31b24222d1632 optionsbleed.patch
8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc apache2.confd
18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b apache2.logrotate
81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701 apache2.initd
diff --git a/main/apache2/optionsbleed.patch b/main/apache2/optionsbleed.patch
new file mode 100644
index 0000000000..be0afee60a
--- /dev/null
+++ b/main/apache2/optionsbleed.patch
@@ -0,0 +1,15 @@
+--- httpd-2.4.2//server/core.c 2017/08/16 16:50:29 1805223
++++ httpd-2.4.2//server/core.c 2017/09/08 13:13:11 1807754
+@@ -2266,6 +2266,12 @@
+ /* method has not been registered yet, but resource restriction
+ * is always checked before method handling, so register it.
+ */
++ if (cmd->pool == cmd->temp_pool) {
++ /* In .htaccess, we can't globally register new methods. */
++ return apr_psprintf(cmd->pool, "Could not register method '%s' "
++ "for %s from .htaccess configuration",
++ method, cmd->cmd->name);
++ }
+ methnum = ap_method_register(cmd->pool,
+ apr_pstrdup(cmd->pool, method));
+ }