Address CVE-2017-9798 by applying upstream patch
Reference RHBZ #1490344
This commit is contained in:
parent
b022e3b523
commit
fd03d5ee37
15
httpd-2.4.27-CVE-2017-9798.patch
Normal file
15
httpd-2.4.27-CVE-2017-9798.patch
Normal file
@ -0,0 +1,15 @@
|
||||
--- httpd/httpd/branches/2.4.x/server/core.c 2017/08/16 16:50:29 1805223
|
||||
+++ httpd/httpd/branches/2.4.x/server/core.c 2017/09/08 13:13:11 1807754
|
||||
@@ -2266,6 +2266,12 @@
|
||||
/* method has not been registered yet, but resource restriction
|
||||
* is always checked before method handling, so register it.
|
||||
*/
|
||||
+ if (cmd->pool == cmd->temp_pool) {
|
||||
+ /* In .htaccess, we can't globally register new methods. */
|
||||
+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
|
||||
+ "for %s from .htaccess configuration",
|
||||
+ method, cmd->cmd->name);
|
||||
+ }
|
||||
methnum = ap_method_register(cmd->pool,
|
||||
apr_pstrdup(cmd->pool, method));
|
||||
}
|
11
httpd.spec
11
httpd.spec
@ -13,7 +13,7 @@
|
||||
Summary: Apache HTTP Server
|
||||
Name: httpd
|
||||
Version: 2.4.27
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
URL: https://httpd.apache.org/
|
||||
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
||||
Source1: index.html
|
||||
@ -72,7 +72,8 @@ Patch56: httpd-2.4.4-mod_unique_id.patch
|
||||
Patch57: httpd-2.4.10-sigint.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
|
||||
Patch58: httpd-2.4.25-r1738878.patch
|
||||
Patch59: httpd-2.4.27-r1808230.patch
|
||||
Patch59: httpd-2.4.27-CVE-2017-9798.patch
|
||||
Patch60: httpd-2.4.27-r1808230.patch
|
||||
# Security fixes
|
||||
|
||||
License: ASL 2.0
|
||||
@ -219,7 +220,8 @@ interface for storing and accessing per-user session data.
|
||||
%patch56 -p1 -b .uniqueid
|
||||
%patch57 -p1 -b .sigint
|
||||
%patch58 -p1 -b .r1738878
|
||||
%patch59 -p1 -b .r1808230
|
||||
%patch59 -p4 -b .cve-2017-9798
|
||||
%patch60 -p1 -b .r1808230
|
||||
|
||||
# Patch in the vendor string
|
||||
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
|
||||
@ -705,6 +707,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_rpmconfigdir}/macros.d/macros.httpd
|
||||
|
||||
%changelog
|
||||
* Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-8
|
||||
- Address CVE-2017-9798 by applying patch from upstream (#1490344)
|
||||
|
||||
* Wed Sep 13 2017 Joe Orton <jorton@redhat.com> - 2.4.27-7
|
||||
- add new content-length filter (upstream PR 61222)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user