~ruther/guix-local

7526338837baf4d6ceef922b09df6967ff3aa6ec — Leo Famulari 8 years ago 48a716c 
gnu: httpd: Update to 2.4.29.

* gnu/packages/web.scm (httpd): Update to 2.4.29.
[source]: Remove patch.
* gnu/packages/patches/httpd-CVE-2017-9798.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
patch browse .tar.gz 
3 files changed, 2 insertions(+), 26 deletions(-)

M gnu/local.mk
D gnu/packages/patches/httpd-CVE-2017-9798.patch
M gnu/packages/web.scm

M gnu/local.mk => gnu/local.mk +0 -1
@@ 746,7 746,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/heimdal-CVE-2017-11103.patch		\
  %D%/packages/patches/hmmer-remove-cpu-specificity.patch	\
  %D%/packages/patches/higan-remove-march-native-flag.patch	\
  %D%/packages/patches/httpd-CVE-2017-9798.patch		\
  %D%/packages/patches/hubbub-sort-entities.patch		\
  %D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch        \
  %D%/packages/patches/hydra-disable-darcs-test.patch		\


D gnu/packages/patches/httpd-CVE-2017-9798.patch => gnu/packages/patches/httpd-CVE-2017-9798.patch +0 -22
@@ 1,22 0,0 @@
Fixes "options bleed", aka. CVE-2017-9798:

  https://nvd.nist.gov/vuln/detail/CVE-2017-9798
  https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html

From <https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch>.

--- a/server/core.c	2017/08/16 16:50:29	1805223
+++ b/server/core.c	2017/09/08 13:13:11	1807754
@@ -2266,6 +2266,12 @@
             /* method has not been registered yet, but resource restriction
              * is always checked before method handling, so register it.
              */
+            if (cmd->pool == cmd->temp_pool) {
+                /* In .htaccess, we can't globally register new methods. */
+                return apr_psprintf(cmd->pool, "Could not register method '%s' "
+                                   "for %s from .htaccess configuration",
+                                    method, cmd->cmd->name);
+            }
             methnum = ap_method_register(cmd->pool,
                                          apr_pstrdup(cmd->pool, method));
         }


M gnu/packages/web.scm => gnu/packages/web.scm +2 -3
@@ 109,15 109,14 @@
(define-public httpd
  (package
    (name "httpd")
    (version "2.4.27")
    (version "2.4.29")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://apache/httpd/httpd-"
                                 version ".tar.bz2"))
             (sha256
              (base32
               "0fn1778mxhf78np2d8qlycg1c2ak18rxax41plahasca4clc3z3i"))
             (patches (search-patches "httpd-CVE-2017-9798.patch"))))
               "003z3yckkdihfv69rgqsik1w2jsnh14j3ci8fjia4s2mlajm6xvp"))))
    (build-system gnu-build-system)
    (native-inputs `(("pcre" ,pcre "bin")))       ;for 'pcre-config'
    (inputs `(("apr" ,apr)