diff options
author | Leo Famulari <leo@famulari.name> | 2017-02-01 01:21:14 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2017-02-01 18:14:55 -0500 |
commit | a3df7e9f862c756684cf13d7ecb5cb6275bb7ee1 (patch) | |
tree | f6152691756a21b277ac9260c33c4fa3d1ba1fad /gnu/packages | |
parent | 4a6b2a21bf36a6d0170d7568073f0a03ef3004f3 (diff) | |
download | guix-a3df7e9f862c756684cf13d7ecb5cb6275bb7ee1.tar.gz |
gnu: httpd: Update to 2.4.25 [fixes CVE-2016-{0736,2161,5387,8743}].
* gnu/packages/web.scm (httpd): Update to 2.4.25. [source]: Remove obsolete patch 'httpd-CVE-2016-8740.patch'. * gnu/packages/patches/httpd-CVE-2016-8740.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
Diffstat (limited to 'gnu/packages')
-rw-r--r-- | gnu/packages/patches/httpd-CVE-2016-8740.patch | 36 | ||||
-rw-r--r-- | gnu/packages/web.scm | 6 |
2 files changed, 2 insertions, 40 deletions
diff --git a/gnu/packages/patches/httpd-CVE-2016-8740.patch b/gnu/packages/patches/httpd-CVE-2016-8740.patch deleted file mode 100644 index 17ba323ccf..0000000000 --- a/gnu/packages/patches/httpd-CVE-2016-8740.patch +++ /dev/null @@ -1,36 +0,0 @@ -This patch applies against httpd-2.4.23 and shouldn't be needed in later releases -http://openwall.com/lists/oss-security/2016/12/05/17 -Index: modules/http2/h2_stream.c -=================================================================== ---- modules/http2/h2_stream.c (revision 1771866) -+++ modules/http2/h2_stream.c (working copy) -@@ -322,18 +322,18 @@ - HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE); - } - } -- } -- -- if (h2_stream_is_scheduled(stream)) { -- return h2_request_add_trailer(stream->request, stream->pool, -- name, nlen, value, vlen); -- } -- else { -- if (!input_open(stream)) { -- return APR_ECONNRESET; -+ -+ if (h2_stream_is_scheduled(stream)) { -+ return h2_request_add_trailer(stream->request, stream->pool, -+ name, nlen, value, vlen); - } -- return h2_request_add_header(stream->request, stream->pool, -- name, nlen, value, vlen); -+ else { -+ if (!input_open(stream)) { -+ return APR_ECONNRESET; -+ } -+ return h2_request_add_header(stream->request, stream->pool, -+ name, nlen, value, vlen); -+ } - } - } - diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 108ccafd2f..8cc80a2c45 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -88,16 +88,14 @@ (define-public httpd (package (name "httpd") - (version "2.4.23") + (version "2.4.25") (source (origin (method url-fetch) (uri (string-append "mirror://apache/httpd/httpd-" version ".tar.bz2")) (sha256 (base32 - "0n2yx3gjlpr4kgqx845fj6amnmg25r2l6a7rzab5hxnpmar985hc")) - (patches (search-patches "httpd-CVE-2016-8740.patch")) - (patch-flags '("-p0")))) + "1cl0bkqg6srb1sypga0cn8dcmdyxldavij73zmmkxvlz3kgw4zpq")))) (build-system gnu-build-system) (native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config' (inputs `(("apr" ,apr) |