X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-lf0-f45.google.com (mail-lf0-f45.google.com [209.85.215.45])
	by lists.alpinelinux.org (Postfix) with ESMTP id 06EFF5C4CF0
	for <alpine-aports@lists.alpinelinux.org>; Wed, 20 Sep 2017 17:42:59 +0000 (GMT)
Received: by mail-lf0-f45.google.com with SMTP id d17so3481572lfe.2
        for <alpine-aports@lists.alpinelinux.org>; Wed, 20 Sep 2017 10:42:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=duniel-no.20150623.gappssmtp.com; s=20150623;
        h=from:to:cc:subject:date:message-id;
        bh=bOB9AOSoibRHpQe6WI5kiluDAmEYRwXmr92K3WKMEBU=;
        b=hWr8QcLuVey5LriBgpGrXr1jtn6PqsJYQmpUvwmB5Wu1W9BppVcFIxDtuLb4fB8NqR
         20xM/ZbLx0BU+4+O6mxHzK4pnTh4ru9pKYiq5GA1kpvfx7UfMPXzzs2zCYwjch5E7Ok6
         SB8bzGk5uhbWCJpSf8FP6WrsSb0HlFyaKsuRqx8fgY32Buu98wq47UwnJPSHB7HtY6so
         bETUgbpR+Sq1cWzOGZhjMyv4yMFovetxb/yJKOOsQgFsqrVZQW+zjXLIocq8Ex7Ida8a
         5YoS7Xi0zFBJqfgVR3abcdTZsm8JO4lXbePxvOYeqdsuw4Nazi9Os/bfsz6WAu4AxYVt
         KOEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=bOB9AOSoibRHpQe6WI5kiluDAmEYRwXmr92K3WKMEBU=;
        b=t6XDlgO4Wl2RH2TkOyv07JSsDC003qVuMsDI4cGESd+8auZWinHdl4bbM1Fad0UB2k
         d3gsKblMwj3cK6Ix/NnJszNJ5hCimUbk99GG+HWiJOW9ymFIs9jgz8JMC1pz7h3S9nt+
         CIrCu5o6V/X42kJ2vEh8Po5JLbnB52aF9BdBg3SwajvEg2w9Q7/cip5D8Tl3RsRc3pES
         DKVRwZvT2ub+J68vrXKuncA0Po1rRsclk3i0e8l4LBUcwPhjZFGPFoAAXpV1vJNufzdH
         xck+3KIjxgiUT0t9+JbU7eEHtQ6MPRm9XLb2k721Sn1dy9PFsdjewf6Q2eS4WmGrdK6H
         J/xQ==
X-Gm-Message-State: AHPjjUhiIgEcfia6J6S4f5TLjG6Zly/FFwMV3lpPmlZ4H8c74ReUJQBJ
	b5eIy4BIJYgLOGICxvtLF7AjgfOh
X-Google-Smtp-Source: AOwi7QDTsZcBd46HH3ftdOT5kh3ZnqnR3sNnJ54P/dLDawhtrEpL/zrnqTlP8JticQ91GWsTp9yQfg==
X-Received: by 10.25.32.85 with SMTP id g82mr1169745lfg.115.1505929378746;
        Wed, 20 Sep 2017 10:42:58 -0700 (PDT)
Received: from localhost.localdomain ([85.113.173.53])
        by smtp.gmail.com with ESMTPSA id i137sm402904lfe.43.2017.09.20.10.42.57
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 20 Sep 2017 10:42:58 -0700 (PDT)
From: Daniel Isaksen <d@duniel.no>
To: alpine-aports@lists.alpinelinux.org
Cc: Daniel Isaksen <d@duniel.no>
Subject: [alpine-aports] [PATCH] main/apache2: fix CVE-2017-9798 aka Optionsbleed
Date: Wed, 20 Sep 2017 17:42:53 +0000
Message-Id: <20170920174253.7028-1-d@duniel.no>
X-Mailer: git-send-email 2.14.1
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

---
 main/apache2/APKBUILD           |  6 +++++-
 main/apache2/optionsbleed.patch | 15 +++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 main/apache2/optionsbleed.patch

diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD
index 323a3913d7..cb574c23d1 100644
--- a/main/apache2/APKBUILD
+++ b/main/apache2/APKBUILD
@@ -3,7 +3,7 @@
 pkgname=apache2
 _pkgreal=httpd
 pkgver=2.4.27
-pkgrel=0
+pkgrel=1
 pkgdesc="A high performance Unix-based HTTP server"
 url="http://httpd.apache.org/"
 arch="all"
@@ -28,6 +28,7 @@ subpackages="$pkgname-dev
              $pkgname-webdav"
 source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
 	libressl.patch
+	optionsbleed.patch
 	apache2.confd
 	apache2.logrotate
 	apache2.initd
@@ -51,6 +52,8 @@ options="suid"
 builddir="$srcdir"/$_pkgreal-$pkgver
 
 # secfixes:
+#   2.4.27-r1:
+#     - CVE-2017-9798
 #   2.4.26-r0:
 #     - CVE-2017-3167
 #     - CVE-2017-3169
@@ -305,6 +308,7 @@ _lua() {
 }
 sha512sums="7e7e8070715b74cb6890096a74e194f4c6a49c14bda685b1ad832e84312f1ac4316ea03a430e679502bfd8e1853aefa544ee002a20d0f7e994b9a590c74bc42c  httpd-2.4.27.tar.bz2
 7ccd6ba80836e5d8481779855e5b5618f10f20fb00c765e94a3788e746e99311d687c20053ed348fc1a31532fc8900c24915c7b0aff83418f2f40dc7b94944cc  libressl.patch
+11582354ef82be7c1f71b44f135dd15d99c3945a2aa52e9d3213119024a9cf83a137251a730c186a416ecfd57cc4acfc166ce2c27023988b22b31b24222d1632  optionsbleed.patch
 8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc  apache2.confd
 18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b  apache2.logrotate
 81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701  apache2.initd
diff --git a/main/apache2/optionsbleed.patch b/main/apache2/optionsbleed.patch
new file mode 100644
index 0000000000..be0afee60a
--- /dev/null
+++ b/main/apache2/optionsbleed.patch
@@ -0,0 +1,15 @@
+--- httpd-2.4.2//server/core.c	2017/08/16 16:50:29	1805223
++++ httpd-2.4.2//server/core.c	2017/09/08 13:13:11	1807754
+@@ -2266,6 +2266,12 @@
+             /* method has not been registered yet, but resource restriction
+              * is always checked before method handling, so register it.
+              */
++            if (cmd->pool == cmd->temp_pool) {
++                /* In .htaccess, we can't globally register new methods. */
++                return apr_psprintf(cmd->pool, "Could not register method '%s' "
++                                   "for %s from .htaccess configuration",
++                                    method, cmd->cmd->name);
++            }
+             methnum = ap_method_register(cmd->pool,
+                                          apr_pstrdup(cmd->pool, method));
+         }
-- 
2.14.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---