diff options
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/local.mk | 1 | ||||
| -rw-r--r-- | gnu/packages/patches/httpd-CVE-2017-9798.patch | 22 | ||||
| -rw-r--r-- | gnu/packages/web.scm | 5 |
3 files changed, 2 insertions, 26 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index e9b3002b68..afa25e8c06 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -746,7 +746,6 @@ dist_patch_DATA = \ %D%/packages/patches/heimdal-CVE-2017-11103.patch \ %D%/packages/patches/hmmer-remove-cpu-specificity.patch \ %D%/packages/patches/higan-remove-march-native-flag.patch \ - %D%/packages/patches/httpd-CVE-2017-9798.patch \ %D%/packages/patches/hubbub-sort-entities.patch \ %D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch \ %D%/packages/patches/hydra-disable-darcs-test.patch \ diff --git a/gnu/packages/patches/httpd-CVE-2017-9798.patch b/gnu/packages/patches/httpd-CVE-2017-9798.patch deleted file mode 100644 index 8391a3db4a..0000000000 --- a/gnu/packages/patches/httpd-CVE-2017-9798.patch +++ /dev/null @@ -1,22 +0,0 @@ -Fixes "options bleed", aka. CVE-2017-9798: - - https://nvd.nist.gov/vuln/detail/CVE-2017-9798 - https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html - -From <https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch>. - ---- a/server/core.c 2017/08/16 16:50:29 1805223 -+++ b/server/core.c 2017/09/08 13:13:11 1807754 -@@ -2266,6 +2266,12 @@ - /* method has not been registered yet, but resource restriction - * is always checked before method handling, so register it. - */ -+ if (cmd->pool == cmd->temp_pool) { -+ /* In .htaccess, we can't globally register new methods. */ -+ return apr_psprintf(cmd->pool, "Could not register method '%s' " -+ "for %s from .htaccess configuration", -+ method, cmd->cmd->name); -+ } - methnum = ap_method_register(cmd->pool, - apr_pstrdup(cmd->pool, method)); - } diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index c8ad735423..a0d9e7a329 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -109,15 +109,14 @@ (define-public httpd (package (name "httpd") - (version "2.4.27") + (version "2.4.29") (source (origin (method url-fetch) (uri (string-append "mirror://apache/httpd/httpd-" version ".tar.bz2")) (sha256 (base32 - "0fn1778mxhf78np2d8qlycg1c2ak18rxax41plahasca4clc3z3i")) - (patches (search-patches "httpd-CVE-2017-9798.patch")))) + "003z3yckkdihfv69rgqsik1w2jsnh14j3ci8fjia4s2mlajm6xvp")))) (build-system gnu-build-system) (native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config' (inputs `(("apr" ,apr) |