diff options
| author | Ryan Steinmetz <zi@FreeBSD.org> | 2017-09-19 12:31:54 +0000 |
|---|---|---|
| committer | Ryan Steinmetz <zi@FreeBSD.org> | 2017-09-19 12:31:54 +0000 |
| commit | f26df96c9376a2919ced66efb34257f5f72416b3 (patch) | |
| tree | 6b9692d4da3ade4daef5e7c0d83d5a8914151be1 | |
| parent | b7324e218426eafd17bd13a4d09a132c7b925d55 (diff) | |
| download | ports-f26df96c9376a2919ced66efb34257f5f72416b3.tar.gz ports-f26df96c9376a2919ced66efb34257f5f72416b3.zip | |
MFH: r450116
- Add upstream commit for CVE-2017-9798
- Bump PORTREVISION
Security: 76b085e2-9d33-11e7-9260-000c292ee6b8
Approved by: ports-secteam (with hat)
Notes
Notes:
svn path=/branches/2017Q3/; revision=450120
| -rw-r--r-- | www/apache24/Makefile | 1 | ||||
| -rw-r--r-- | www/apache24/files/patch-CVE-2017-9798 | 15 |
2 files changed, 16 insertions, 0 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile index 67cc6658c6ee..557d8028bf89 100644 --- a/www/apache24/Makefile +++ b/www/apache24/Makefile @@ -2,6 +2,7 @@ PORTNAME= apache24 PORTVERSION= 2.4.27 +PORTREVISION= 1 CATEGORIES= www ipv6 MASTER_SITES= APACHE_HTTPD DISTNAME= httpd-${PORTVERSION} diff --git a/www/apache24/files/patch-CVE-2017-9798 b/www/apache24/files/patch-CVE-2017-9798 new file mode 100644 index 000000000000..260012f7277f --- /dev/null +++ b/www/apache24/files/patch-CVE-2017-9798 @@ -0,0 +1,15 @@ +--- server/core.c 2017/08/16 16:50:29 1805223 ++++ server/core.c 2017/09/08 13:13:11 1807754 +@@ -2266,6 +2266,12 @@ + /* method has not been registered yet, but resource restriction + * is always checked before method handling, so register it. + */ ++ if (cmd->pool == cmd->temp_pool) { ++ /* In .htaccess, we can't globally register new methods. */ ++ return apr_psprintf(cmd->pool, "Could not register method '%s' " ++ "for %s from .htaccess configuration", ++ method, cmd->cmd->name); ++ } + methnum = ap_method_register(cmd->pool, + apr_pstrdup(cmd->pool, method)); + } |