diff options
| author | Daniel Isaksen <d@duniel.no> | 2017-09-20 17:42:53 +0000 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-09-21 11:14:23 +0300 |
| commit | 6113fd53b8d6aa8846f017a77ea8482c9d44469b (patch) | |
| tree | 3cbe30dcb3f36876a820b64e4fb5999a6bc83e95 /main | |
| parent | 2f060253d9da280e5a4fc3ca510d94d2357c5355 (diff) | |
main/apache2: fix CVE-2017-9798 aka Optionsbleed
Diffstat (limited to 'main')
| -rw-r--r-- | main/apache2/APKBUILD | 6 | ||||
| -rw-r--r-- | main/apache2/optionsbleed.patch | 15 |
2 files changed, 20 insertions, 1 deletions
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD index 304c4688cc8..42031a56950 100644 --- a/main/apache2/APKBUILD +++ b/main/apache2/APKBUILD @@ -3,7 +3,7 @@ pkgname=apache2 _pkgreal=httpd pkgver=2.4.27 -pkgrel=0 +pkgrel=1 pkgdesc="A high performance Unix-based HTTP server" url="http://httpd.apache.org/" arch="all" @@ -26,6 +26,7 @@ subpackages="$pkgname-dev $pkgname-utils $pkgname-webdav" source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2 + optionsbleed.patch apache2.confd apache2.logrotate apache2.initd @@ -60,6 +61,8 @@ _builddir="$srcdir"/$_pkgreal-$pkgver # - CVE-2017-7679 # 2.4.27-r0: # - CVE-2017-9789 +# 2.4.27-r1: +# - CVE-2017-9798 prepare() { cd "$_builddir" @@ -283,6 +286,7 @@ _lua() { "$subpkgdir"/etc/apache2/conf.d/lua.conf || return 1 } sha512sums="7e7e8070715b74cb6890096a74e194f4c6a49c14bda685b1ad832e84312f1ac4316ea03a430e679502bfd8e1853aefa544ee002a20d0f7e994b9a590c74bc42c httpd-2.4.27.tar.bz2 +11582354ef82be7c1f71b44f135dd15d99c3945a2aa52e9d3213119024a9cf83a137251a730c186a416ecfd57cc4acfc166ce2c27023988b22b31b24222d1632 optionsbleed.patch 8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc apache2.confd 18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b apache2.logrotate 81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701 apache2.initd diff --git a/main/apache2/optionsbleed.patch b/main/apache2/optionsbleed.patch new file mode 100644 index 00000000000..be0afee60a7 --- /dev/null +++ b/main/apache2/optionsbleed.patch @@ -0,0 +1,15 @@ +--- httpd-2.4.2//server/core.c 2017/08/16 16:50:29 1805223 ++++ httpd-2.4.2//server/core.c 2017/09/08 13:13:11 1807754 +@@ -2266,6 +2266,12 @@ + /* method has not been registered yet, but resource restriction + * is always checked before method handling, so register it. + */ ++ if (cmd->pool == cmd->temp_pool) { ++ /* In .htaccess, we can't globally register new methods. */ ++ return apr_psprintf(cmd->pool, "Could not register method '%s' " ++ "for %s from .htaccess configuration", ++ method, cmd->cmd->name); ++ } + methnum = ap_method_register(cmd->pool, + apr_pstrdup(cmd->pool, method)); + } |