me
/
guix
Archived
1
0
Fork 0
Code

gnu: httpd: Update to 2.4.29. 

* gnu/packages/web.scm (httpd): Update to 2.4.29.
[source]: Remove patch.
* gnu/packages/patches/httpd-CVE-2017-9798.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
master
Leo Famulari 2018-01-02 21:40:16 -05:00
parent 48a716c484
commit 7526338837
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
3 changed files with 2 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gnu/local.mk
View File

@ -746,7 +746,6 @@ dist_patch_DATA = \
%D%/packages/patches/heimdal-CVE-2017-11103.patch \ %D%/packages/patches/heimdal-CVE-2017-11103.patch \
%D%/packages/patches/hmmer-remove-cpu-specificity.patch \ %D%/packages/patches/hmmer-remove-cpu-specificity.patch \
%D%/packages/patches/higan-remove-march-native-flag.patch \ %D%/packages/patches/higan-remove-march-native-flag.patch \
%D%/packages/patches/httpd-CVE-2017-9798.patch \
%D%/packages/patches/hubbub-sort-entities.patch \ %D%/packages/patches/hubbub-sort-entities.patch \
%D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch \ %D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch \
%D%/packages/patches/hydra-disable-darcs-test.patch \ %D%/packages/patches/hydra-disable-darcs-test.patch \

22
gnu/packages/patches/httpd-CVE-2017-9798.patch
View File

@ -1,22 +0,0 @@
Fixes "options bleed", aka. CVE-2017-9798:
https://nvd.nist.gov/vuln/detail/CVE-2017-9798
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
From <https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch>.
--- a/server/core.c 2017/08/16 16:50:29 1805223
+++ b/server/core.c 2017/09/08 13:13:11 1807754
@@ -2266,6 +2266,12 @@
/* method has not been registered yet, but resource restriction
* is always checked before method handling, so register it.
*/
+ if (cmd->pool == cmd->temp_pool) {
+ /* In .htaccess, we can't globally register new methods. */
+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
+ "for %s from .htaccess configuration",
+ method, cmd->cmd->name);
+ }
methnum = ap_method_register(cmd->pool,
apr_pstrdup(cmd->pool, method));
}

5
gnu/packages/web.scm
View File

@ -109,15 +109,14 @@
(define-public httpd (define-public httpd
(package (package
(name "httpd") (name "httpd")
(version "2.4.27") (version "2.4.29")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "mirror://apache/httpd/httpd-" (uri (string-append "mirror://apache/httpd/httpd-"
version ".tar.bz2")) version ".tar.bz2"))
(sha256 (sha256
(base32 (base32
"0fn1778mxhf78np2d8qlycg1c2ak18rxax41plahasca4clc3z3i")) "003z3yckkdihfv69rgqsik1w2jsnh14j3ci8fjia4s2mlajm6xvp"))))
(patches (search-patches "httpd-CVE-2017-9798.patch"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config' (native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config'
(inputs `(("apr" ,apr) (inputs `(("apr" ,apr)