guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/02: gnu: httpd: Update to 2.4.29.

From: Leo Famulari
Subject: 01/02: gnu: httpd: Update to 2.4.29.
Date: Wed, 3 Jan 2018 00:39:40 -0500 (EST) 
lfam pushed a commit to branch master
in repository guix.

commit 7526338837baf4d6ceef922b09df6967ff3aa6ec
Author: Leo Famulari <address@hidden>
Date:   Tue Jan 2 21:40:16 2018 -0500

    gnu: httpd: Update to 2.4.29.
    
    * gnu/packages/web.scm (httpd): Update to 2.4.29.
    [source]: Remove patch.
    * gnu/packages/patches/httpd-CVE-2017-9798.patch: Delete file.
    * gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk                                   |  1 -
 gnu/packages/patches/httpd-CVE-2017-9798.patch | 22 ----------------------
 gnu/packages/web.scm                           |  5 ++---
 3 files changed, 2 insertions(+), 26 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index e9b3002..afa25e8 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -746,7 +746,6 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/heimdal-CVE-2017-11103.patch            \
   %D%/packages/patches/hmmer-remove-cpu-specificity.patch      \
   %D%/packages/patches/higan-remove-march-native-flag.patch    \
-  %D%/packages/patches/httpd-CVE-2017-9798.patch               \
   %D%/packages/patches/hubbub-sort-entities.patch              \
   %D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch        \
   %D%/packages/patches/hydra-disable-darcs-test.patch          \
diff --git a/gnu/packages/patches/httpd-CVE-2017-9798.patch 
b/gnu/packages/patches/httpd-CVE-2017-9798.patch
deleted file mode 100644
index 8391a3d..0000000
--- a/gnu/packages/patches/httpd-CVE-2017-9798.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Fixes "options bleed", aka. CVE-2017-9798:
-
-  https://nvd.nist.gov/vuln/detail/CVE-2017-9798
-  
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
-
-From 
<https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch>.
-
---- a/server/core.c    2017/08/16 16:50:29     1805223
-+++ b/server/core.c    2017/09/08 13:13:11     1807754
-@@ -2266,6 +2266,12 @@
-             /* method has not been registered yet, but resource restriction
-              * is always checked before method handling, so register it.
-              */
-+            if (cmd->pool == cmd->temp_pool) {
-+                /* In .htaccess, we can't globally register new methods. */
-+                return apr_psprintf(cmd->pool, "Could not register method 
'%s' "
-+                                   "for %s from .htaccess configuration",
-+                                    method, cmd->cmd->name);
-+            }
-             methnum = ap_method_register(cmd->pool,
-                                          apr_pstrdup(cmd->pool, method));
-         }
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index c8ad735..a0d9e7a 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -109,15 +109,14 @@
 (define-public httpd
   (package
     (name "httpd")
-    (version "2.4.27")
+    (version "2.4.29")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://apache/httpd/httpd-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "0fn1778mxhf78np2d8qlycg1c2ak18rxax41plahasca4clc3z3i"))
-             (patches (search-patches "httpd-CVE-2017-9798.patch"))))
+               "003z3yckkdihfv69rgqsik1w2jsnh14j3ci8fjia4s2mlajm6xvp"))))
     (build-system gnu-build-system)
     (native-inputs `(("pcre" ,pcre "bin")))       ;for 'pcre-config'
     (inputs `(("apr" ,apr)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]