[arch-commits] Commit in apache/trunk (2 files)
Levente Polyak
anthraxx at archlinux.org
Mon Sep 18 13:40:37 UTC 2017
Date: Monday, September 18, 2017 @ 13:40:36
Author: anthraxx
Revision: 305808
upgpkg: apache 2.4.27-2 (CVE-2017-9798)
Added:
apache/trunk/apache-2.2-optionsbleed-CVE-2017-9798.patch
Modified:
apache/trunk/PKGBUILD
---------------------------------------------+
PKGBUILD | 8 ++++++--
apache-2.2-optionsbleed-CVE-2017-9798.patch | 21 +++++++++++++++++++++
2 files changed, 27 insertions(+), 2 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-09-18 13:37:02 UTC (rev 305807)
+++ PKGBUILD 2017-09-18 13:40:36 UTC (rev 305808)
@@ -5,7 +5,7 @@
pkgname=apache
pkgver=2.4.27
-pkgrel=1
+pkgrel=2
pkgdesc='A high performance Unix-based HTTP server'
arch=('i686' 'x86_64')
url='http://www.apache.org/dist/httpd'
@@ -33,6 +33,7 @@
httpd.logrotate
httpd.service
arch.layout
+ apache-2.2-optionsbleed-CVE-2017-9798.patch
)
sha256sums=('71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a'
'SKIP'
@@ -40,7 +41,8 @@
'63da1a420f4714a3e7af2672d28384419cc7eedbe7bf35baebd02938fabc15bf'
'0bbbfae23a917b2fce0bf8f900f60319b50769224a96314e9301a75ccd078e16'
'f574bac6d5f398e7a649fc0e1ca66ff01ad4ef34dac71258e93d8a9d9a2b3960'
- 'dda05c6e76f12624e418ca18a36f2e90ec1c5b1cc52fed7142fce6076ec413f3')
+ 'dda05c6e76f12624e418ca18a36f2e90ec1c5b1cc52fed7142fce6076ec413f3'
+ '8278b462612dd64e1d6e9e7b6ef6141efc60917b3598ba20b4423998b2c05b01')
validpgpkeys=('A93D62ECC3C8EA12DB220EC934EA76E6791485A8') # Jim Jagielski
prepare() {
@@ -55,6 +57,8 @@
# https://github.com/openssl/openssl/issues/2865
patch -Np1 -i ../openssl-malloc-init.patch
+
+ patch -p1 -i ../apache-2.2-optionsbleed-CVE-2017-9798.patch
}
build() {
Added: apache-2.2-optionsbleed-CVE-2017-9798.patch
===================================================================
--- apache-2.2-optionsbleed-CVE-2017-9798.patch (rev 0)
+++ apache-2.2-optionsbleed-CVE-2017-9798.patch 2017-09-18 13:40:36 UTC (rev 305808)
@@ -0,0 +1,21 @@
+CVE-2017-9798
+
+Backport from https://svn.apache.org/viewvc?view=revision&revision=1807655
+
+diff --git a/server/core.c b/server/core.c
+index f61699e..d24542e 100644
+--- a/server/core.c
++++ b/server/core.c
+@@ -1809,6 +1809,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
+ /* method has not been registered yet, but resorce restriction
+ * is always checked before method handling, so register it.
+ */
++ if (cmd->pool == cmd->temp_pool) {
++ /* In .htaccess, we can't globally register new methods. */
++ return apr_psprintf(cmd->pool, "Could not register method '%s' "
++ "for %s from .htaccess configuration",
++ method, cmd->cmd->name);
++ }
+ methnum = ap_method_register(cmd->pool,
+ apr_pstrdup(cmd->pool, method));
+
More information about the arch-commits
mailing list