From a30dbd55635b5e5c03db10c63ac61a2a9b3c3b05 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Tue, 27 Mar 2018 14:22:40 +0300
Subject: main/apache2: security upgrade to 2.4.33

fixes #8732
---
 main/apache2/APKBUILD           | 22 +++++++++++++++-------
 main/apache2/optionsbleed.patch | 15 ---------------
 2 files changed, 15 insertions(+), 22 deletions(-)
 delete mode 100644 main/apache2/optionsbleed.patch

diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD
index 8defe0d7bb7..e12e731ea07 100644
--- a/main/apache2/APKBUILD
+++ b/main/apache2/APKBUILD
@@ -2,8 +2,8 @@
 # Contributor: Valery Kartel <valery.kartel@gmail.com>
 pkgname=apache2
 _pkgreal=httpd
-pkgver=2.4.27
-pkgrel=1
+pkgver=2.4.33
+pkgrel=0
 pkgdesc="A high performance Unix-based HTTP server"
 url="http://httpd.apache.org/"
 arch="all"
@@ -26,7 +26,6 @@ subpackages="$pkgname-dev
              $pkgname-utils
              $pkgname-webdav"
 source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
-	optionsbleed.patch
 	apache2.confd
 	apache2.logrotate
 	apache2.initd
@@ -50,8 +49,16 @@ options="suid"
 _builddir="$srcdir"/$_pkgreal-$pkgver
 
 # secfixes:
-#   2.4.23-r1:
-#     - CVE-2016-5387
+#   2.4.33-r0:
+#     - CVE-2017-15710
+#     - CVE-2017-15715
+#     - CVE-2018-1283
+#     - CVE-2018-1301
+#     - CVE-2018-1302
+#     - CVE-2018-1303
+#     - CVE-2018-1312
+#   2.4.27-r1:
+#     - CVE-2017-9798
 #   2.4.26-r0:
 #     - CVE-2017-3167
 #     - CVE-2017-3169
@@ -62,6 +69,8 @@ _builddir="$srcdir"/$_pkgreal-$pkgver
 #     - CVE-2017-9789
 #   2.4.27-r1:
 #     - CVE-2017-9798
+#   2.4.23-r1:
+#     - CVE-2016-5387
 
 prepare() {
 	cd "$_builddir"
@@ -303,8 +312,7 @@ _lua() {
 		"$subpkgdir"/usr/lib/apache2/ || return 1
 	_load_mods
 }
-sha512sums="7e7e8070715b74cb6890096a74e194f4c6a49c14bda685b1ad832e84312f1ac4316ea03a430e679502bfd8e1853aefa544ee002a20d0f7e994b9a590c74bc42c  httpd-2.4.27.tar.bz2
-11582354ef82be7c1f71b44f135dd15d99c3945a2aa52e9d3213119024a9cf83a137251a730c186a416ecfd57cc4acfc166ce2c27023988b22b31b24222d1632  optionsbleed.patch
+sha512sums="e74b2b3346d67be45a8bc8a7cbb8eabf5c403a5cfe5797a976f94a539529843fbcdf03b9ca0548816b2cf37f4ce0eb301f8d5af25b1270fdf8dd9f5bf0585269  httpd-2.4.33.tar.bz2
 8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc  apache2.confd
 18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b  apache2.logrotate
 81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701  apache2.initd
diff --git a/main/apache2/optionsbleed.patch b/main/apache2/optionsbleed.patch
deleted file mode 100644
index be0afee60a7..00000000000
--- a/main/apache2/optionsbleed.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- httpd-2.4.2//server/core.c	2017/08/16 16:50:29	1805223
-+++ httpd-2.4.2//server/core.c	2017/09/08 13:13:11	1807754
-@@ -2266,6 +2266,12 @@
-             /* method has not been registered yet, but resource restriction
-              * is always checked before method handling, so register it.
-              */
-+            if (cmd->pool == cmd->temp_pool) {
-+                /* In .htaccess, we can't globally register new methods. */
-+                return apr_psprintf(cmd->pool, "Could not register method '%s' "
-+                                   "for %s from .htaccess configuration",
-+                                    method, cmd->cmd->name);
-+            }
-             methnum = ap_method_register(cmd->pool,
-                                          apr_pstrdup(cmd->pool, method));
-         }
-- 
cgit v1.2.3