svn commit: r450119 - in branches/2017Q3/www/apache22: . files

Ryan Steinmetz zi at FreeBSD.org
Tue Sep 19 12:30:41 UTC 2017 

Author: zi
Date: Tue Sep 19 12:30:39 2017
New Revision: 450119
URL: https://svnweb.freebsd.org/changeset/ports/450119

Log:
  MFH: r450118
  
  - Add backport of patch for CVE-2017-9798
  - Bump PORTREVISION
  
  Approved by:	ports-secteam (with hat)
  Security:	76b085e2-9d33-11e7-9260-000c292ee6b8

Added:
  branches/2017Q3/www/apache22/files/patch-CVE-2017-9798
     - copied unchanged from r450118, head/www/apache22/files/patch-CVE-2017-9798
Modified:
  branches/2017Q3/www/apache22/Makefile
Directory Properties:
  branches/2017Q3/   (props changed)

Modified: branches/2017Q3/www/apache22/Makefile
==============================================================================
--- branches/2017Q3/www/apache22/Makefile	Tue Sep 19 12:29:33 2017	(r450118)
+++ branches/2017Q3/www/apache22/Makefile	Tue Sep 19 12:30:39 2017	(r450119)
@@ -2,7 +2,7 @@
 
 PORTNAME=	apache22
 PORTVERSION=	2.2.34
-PORTREVISION?=	0
+PORTREVISION?=	1
 CATEGORIES=	www ipv6
 MASTER_SITES=	APACHE_HTTPD
 DISTNAME=	httpd-${PORTVERSION}

Copied: branches/2017Q3/www/apache22/files/patch-CVE-2017-9798 (from r450118, head/www/apache22/files/patch-CVE-2017-9798)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q3/www/apache22/files/patch-CVE-2017-9798	Tue Sep 19 12:30:39 2017	(r450119, copy of r450118, head/www/apache22/files/patch-CVE-2017-9798)
@@ -0,0 +1,21 @@
+CVE-2017-9798
+
+Backport from https://svn.apache.org/viewvc?view=revision&revision=1807655
+
+diff --git a/server/core.c b/server/core.c
+index f61699e..d24542e 100644
+--- server/core.c
++++ server/core.c
+@@ -1809,6 +1809,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
+             /* method has not been registered yet, but resorce restriction
+              * is always checked before method handling, so register it.
+              */
++            if (cmd->pool == cmd->temp_pool) {
++                /* In .htaccess, we can't globally register new methods. */
++                return apr_psprintf(cmd->pool, "Could not register method '%s' "
++                                   "for %s from .htaccess configuration",
++                                    method, cmd->cmd->name);
++            }
+             methnum = ap_method_register(cmd->pool, method);
+         }
+

More information about the svn-ports-branches mailing list