diff options
author | Leo Famulari <leo@famulari.name> | 2018-01-02 21:40:16 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2018-01-03 00:34:03 -0500 |
commit | 7526338837baf4d6ceef922b09df6967ff3aa6ec (patch) | |
tree | b4766f90d7a866099168636ffa2cc7299f411db0 /gnu/packages/patches | |
parent | 48a716c484c45594de86aa91c2ba5e80eb931a63 (diff) | |
download | guix-7526338837baf4d6ceef922b09df6967ff3aa6ec.tar guix-7526338837baf4d6ceef922b09df6967ff3aa6ec.tar.gz |
gnu: httpd: Update to 2.4.29.
* gnu/packages/web.scm (httpd): Update to 2.4.29.
[source]: Remove patch.
* gnu/packages/patches/httpd-CVE-2017-9798.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/httpd-CVE-2017-9798.patch | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/gnu/packages/patches/httpd-CVE-2017-9798.patch b/gnu/packages/patches/httpd-CVE-2017-9798.patch deleted file mode 100644 index 8391a3db4a..0000000000 --- a/gnu/packages/patches/httpd-CVE-2017-9798.patch +++ /dev/null @@ -1,22 +0,0 @@ -Fixes "options bleed", aka. CVE-2017-9798: - - https://nvd.nist.gov/vuln/detail/CVE-2017-9798 - https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html - -From <https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch>. - ---- a/server/core.c 2017/08/16 16:50:29 1805223 -+++ b/server/core.c 2017/09/08 13:13:11 1807754 -@@ -2266,6 +2266,12 @@ - /* method has not been registered yet, but resource restriction - * is always checked before method handling, so register it. - */ -+ if (cmd->pool == cmd->temp_pool) { -+ /* In .htaccess, we can't globally register new methods. */ -+ return apr_psprintf(cmd->pool, "Could not register method '%s' " -+ "for %s from .htaccess configuration", -+ method, cmd->cmd->name); -+ } - methnum = ap_method_register(cmd->pool, - apr_pstrdup(cmd->pool, method)); - } |