Mail archive
alpine-aports

[alpine-aports] [PATCH] main/apache2: fix CVE-2017-9798 aka Optionsbleed

From: Daniel Isaksen <d_at_duniel.no>
Date: Wed, 20 Sep 2017 17:42:53 +0000

---
 main/apache2/APKBUILD           |  6 +++++-
 main/apache2/optionsbleed.patch | 15 +++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 main/apache2/optionsbleed.patch
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD
index 323a3913d7..cb574c23d1 100644
--- a/main/apache2/APKBUILD
+++ b/main/apache2/APKBUILD
_at_@ -3,7 +3,7 @@
 pkgname=apache2
 _pkgreal=httpd
 pkgver=2.4.27
-pkgrel=0
+pkgrel=1
 pkgdesc="A high performance Unix-based HTTP server"
 url="http://httpd.apache.org/"
 arch="all"
_at_@ -28,6 +28,7 @@ subpackages="$pkgname-dev
              $pkgname-webdav"
 source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
 	libressl.patch
+	optionsbleed.patch
 	apache2.confd
 	apache2.logrotate
 	apache2.initd
_at_@ -51,6 +52,8 @@ options="suid"
 builddir="$srcdir"/$_pkgreal-$pkgver
 
 # secfixes:
+#   2.4.27-r1:
+#     - CVE-2017-9798
 #   2.4.26-r0:
 #     - CVE-2017-3167
 #     - CVE-2017-3169
_at_@ -305,6 +308,7 @@ _lua() {
 }
 sha512sums="7e7e8070715b74cb6890096a74e194f4c6a49c14bda685b1ad832e84312f1ac4316ea03a430e679502bfd8e1853aefa544ee002a20d0f7e994b9a590c74bc42c  httpd-2.4.27.tar.bz2
 7ccd6ba80836e5d8481779855e5b5618f10f20fb00c765e94a3788e746e99311d687c20053ed348fc1a31532fc8900c24915c7b0aff83418f2f40dc7b94944cc  libressl.patch
+11582354ef82be7c1f71b44f135dd15d99c3945a2aa52e9d3213119024a9cf83a137251a730c186a416ecfd57cc4acfc166ce2c27023988b22b31b24222d1632  optionsbleed.patch
 8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc  apache2.confd
 18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b  apache2.logrotate
 81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701  apache2.initd
diff --git a/main/apache2/optionsbleed.patch b/main/apache2/optionsbleed.patch
new file mode 100644
index 0000000000..be0afee60a
--- /dev/null
+++ b/main/apache2/optionsbleed.patch
_at_@ -0,0 +1,15 @@
+--- httpd-2.4.2//server/core.c	2017/08/16 16:50:29	1805223
++++ httpd-2.4.2//server/core.c	2017/09/08 13:13:11	1807754
+_at_@ -2266,6 +2266,12 @@
+             /* method has not been registered yet, but resource restriction
+              * is always checked before method handling, so register it.
+              */
++            if (cmd->pool == cmd->temp_pool) {
++                /* In .htaccess, we can't globally register new methods. */
++                return apr_psprintf(cmd->pool, "Could not register method '%s' "
++                                   "for %s from .htaccess configuration",
++                                    method, cmd->cmd->name);
++            }
+             methnum = ap_method_register(cmd->pool,
+                                          apr_pstrdup(cmd->pool, method));
+         }
-- 
2.14.1
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Wed Sep 20 2017 - 17:42:53 UTC