svn commit: r450116 - in head/www/apache24: . files
Ryan Steinmetz
zi at FreeBSD.org
Tue Sep 19 12:21:19 UTC 2017
Author: zi
Date: Tue Sep 19 12:21:17 2017
New Revision: 450116
URL: https://svnweb.freebsd.org/changeset/ports/450116
Log:
- Add upstream commit for CVE-2017-9798
- Bump PORTREVISION
Security: 76b085e2-9d33-11e7-9260-000c292ee6b8
Added:
head/www/apache24/files/patch-CVE-2017-9798 (contents, props changed)
Modified:
head/www/apache24/Makefile
Modified: head/www/apache24/Makefile
==============================================================================
--- head/www/apache24/Makefile Tue Sep 19 11:57:22 2017 (r450115)
+++ head/www/apache24/Makefile Tue Sep 19 12:21:17 2017 (r450116)
@@ -2,6 +2,7 @@
PORTNAME= apache24
PORTVERSION= 2.4.27
+PORTREVISION= 1
CATEGORIES= www ipv6
MASTER_SITES= APACHE_HTTPD
DISTNAME= httpd-${PORTVERSION}
Added: head/www/apache24/files/patch-CVE-2017-9798
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/www/apache24/files/patch-CVE-2017-9798 Tue Sep 19 12:21:17 2017 (r450116)
@@ -0,0 +1,15 @@
+--- server/core.c 2017/08/16 16:50:29 1805223
++++ server/core.c 2017/09/08 13:13:11 1807754
+@@ -2266,6 +2266,12 @@
+ /* method has not been registered yet, but resource restriction
+ * is always checked before method handling, so register it.
+ */
++ if (cmd->pool == cmd->temp_pool) {
++ /* In .htaccess, we can't globally register new methods. */
++ return apr_psprintf(cmd->pool, "Could not register method '%s' "
++ "for %s from .htaccess configuration",
++ method, cmd->cmd->name);
++ }
+ methnum = ap_method_register(cmd->pool,
+ apr_pstrdup(cmd->pool, method));
+ }
More information about the svn-ports-all
mailing list