Add patch for CVE-2016-8740.

Bump PKGREVISION.

3 files changed, 40 insertions, 3 deletions

diff --git a/www/apache24/Makefile b/www/apache24/Makefile
index cc68d4957ef..24fee1915b8 100644
--- a/www/apache24/Makefile
+++ b/www/apache24/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.49 2016/10/07 18:26:12 adam Exp $
+# $NetBSD: Makefile,v 1.50 2016/12/11 23:52:55 taca Exp $
 #
 # When updating this package, make sure that no strings like
 # "PR 12345" are in the commit message. Upstream likes
@@ -7,7 +7,7 @@
 
 DISTNAME=	httpd-2.4.23
 PKGNAME=	${DISTNAME:S/httpd/apache/}
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE:=httpd/} \
 		http://archive.apache.org/dist/httpd/ \
diff --git a/www/apache24/distinfo b/www/apache24/distinfo
index e8dc5ec03ab..221fb48eb90 100644
--- a/www/apache24/distinfo
+++ b/www/apache24/distinfo
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.26 2016/07/29 11:11:24 wiz Exp $
+$NetBSD: distinfo,v 1.27 2016/12/11 23:52:55 taca Exp $
 
 SHA1 (httpd-2.4.23.tar.bz2) = 5101be34ac4a509b245adb70a56690a84fcc4e7f
 RMD160 (httpd-2.4.23.tar.bz2) = 01a485281ededaaf932c9478ad078879a63254bc
 SHA512 (httpd-2.4.23.tar.bz2) = c520de5be748c0a785ef0dc77102749eb4f47e224968b8d4bed2ae644faa0964623a0e960b64486a0888446790d050b52a6ae34fe61717fab95b37384b4825b1
 Size (httpd-2.4.23.tar.bz2) = 6351875 bytes
+SHA1 (patch-CVE-2016-8740-2.4.23) = 286afd11a07f4bb1acb0ca9b89086c79930ca562
 SHA1 (patch-aa) = 2d92b1340aaae40289421f164346348c6d7fe839
 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d
diff --git a/www/apache24/patches/patch-CVE-2016-8740-2.4.23 b/www/apache24/patches/patch-CVE-2016-8740-2.4.23
new file mode 100644
index 00000000000..4d69be605f3
--- /dev/null
+++ b/www/apache24/patches/patch-CVE-2016-8740-2.4.23
@@ -0,0 +1,36 @@
+$NetBSD: patch-CVE-2016-8740-2.4.23,v 1.1 2016/12/11 23:52:55 taca Exp $
+
+Patch for CVE-2016-8740.
+
+--- modules/http2/h2_stream.c.orig	2016-06-09 10:38:10.000000000 +0000
++++ modules/http2/h2_stream.c
+@@ -322,18 +322,18 @@ apr_status_t h2_stream_add_header(h2_str
+                                            HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
+             }
+         }
+-    }
+-    
+-    if (h2_stream_is_scheduled(stream)) {
+-        return h2_request_add_trailer(stream->request, stream->pool,
+-                                      name, nlen, value, vlen);
+-    }
+-    else {
+-        if (!input_open(stream)) {
+-            return APR_ECONNRESET;
++        
++        if (h2_stream_is_scheduled(stream)) {
++            return h2_request_add_trailer(stream->request, stream->pool,
++                                          name, nlen, value, vlen);
++        }
++        else {
++            if (!input_open(stream)) {
++                return APR_ECONNRESET;
++            }
++            return h2_request_add_header(stream->request, stream->pool,
++                                         name, nlen, value, vlen);
+         }
+-        return h2_request_add_header(stream->request, stream->pool,
+-                                     name, nlen, value, vlen);
+     }
+ }
+