diff options
author | taca <taca> | 2016-12-11 23:52:55 +0000 |
---|---|---|
committer | taca <taca> | 2016-12-11 23:52:55 +0000 |
commit | e922637c78c4a729fee5c11ffa3d3447eb73bfac (patch) | |
tree | ab82c5027aeaafa9e7d63a79fc7d235e08eb2ab5 /www | |
parent | ab50511a01652ff98dec0a3f3877ab301c7b3cad (diff) | |
download | pkgsrc-e922637c78c4a729fee5c11ffa3d3447eb73bfac.tar.gz |
Add patch for CVE-2016-8740.
Bump PKGREVISION.
Diffstat (limited to 'www')
-rw-r--r-- | www/apache24/Makefile | 4 | ||||
-rw-r--r-- | www/apache24/distinfo | 3 | ||||
-rw-r--r-- | www/apache24/patches/patch-CVE-2016-8740-2.4.23 | 36 |
3 files changed, 40 insertions, 3 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile index cc68d4957ef..24fee1915b8 100644 --- a/www/apache24/Makefile +++ b/www/apache24/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.49 2016/10/07 18:26:12 adam Exp $ +# $NetBSD: Makefile,v 1.50 2016/12/11 23:52:55 taca Exp $ # # When updating this package, make sure that no strings like # "PR 12345" are in the commit message. Upstream likes @@ -7,7 +7,7 @@ DISTNAME= httpd-2.4.23 PKGNAME= ${DISTNAME:S/httpd/apache/} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ http://archive.apache.org/dist/httpd/ \ diff --git a/www/apache24/distinfo b/www/apache24/distinfo index e8dc5ec03ab..221fb48eb90 100644 --- a/www/apache24/distinfo +++ b/www/apache24/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.26 2016/07/29 11:11:24 wiz Exp $ +$NetBSD: distinfo,v 1.27 2016/12/11 23:52:55 taca Exp $ SHA1 (httpd-2.4.23.tar.bz2) = 5101be34ac4a509b245adb70a56690a84fcc4e7f RMD160 (httpd-2.4.23.tar.bz2) = 01a485281ededaaf932c9478ad078879a63254bc SHA512 (httpd-2.4.23.tar.bz2) = c520de5be748c0a785ef0dc77102749eb4f47e224968b8d4bed2ae644faa0964623a0e960b64486a0888446790d050b52a6ae34fe61717fab95b37384b4825b1 Size (httpd-2.4.23.tar.bz2) = 6351875 bytes +SHA1 (patch-CVE-2016-8740-2.4.23) = 286afd11a07f4bb1acb0ca9b89086c79930ca562 SHA1 (patch-aa) = 2d92b1340aaae40289421f164346348c6d7fe839 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d diff --git a/www/apache24/patches/patch-CVE-2016-8740-2.4.23 b/www/apache24/patches/patch-CVE-2016-8740-2.4.23 new file mode 100644 index 00000000000..4d69be605f3 --- /dev/null +++ b/www/apache24/patches/patch-CVE-2016-8740-2.4.23 @@ -0,0 +1,36 @@ +$NetBSD: patch-CVE-2016-8740-2.4.23,v 1.1 2016/12/11 23:52:55 taca Exp $ + +Patch for CVE-2016-8740. + +--- modules/http2/h2_stream.c.orig 2016-06-09 10:38:10.000000000 +0000 ++++ modules/http2/h2_stream.c +@@ -322,18 +322,18 @@ apr_status_t h2_stream_add_header(h2_str + HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE); + } + } +- } +- +- if (h2_stream_is_scheduled(stream)) { +- return h2_request_add_trailer(stream->request, stream->pool, +- name, nlen, value, vlen); +- } +- else { +- if (!input_open(stream)) { +- return APR_ECONNRESET; ++ ++ if (h2_stream_is_scheduled(stream)) { ++ return h2_request_add_trailer(stream->request, stream->pool, ++ name, nlen, value, vlen); ++ } ++ else { ++ if (!input_open(stream)) { ++ return APR_ECONNRESET; ++ } ++ return h2_request_add_header(stream->request, stream->pool, ++ name, nlen, value, vlen); + } +- return h2_request_add_header(stream->request, stream->pool, +- name, nlen, value, vlen); + } + } + |