SF.net SVN: gar:[26401] csw/mgar/pkg/apache2/trunk

dmichelsen at users.sourceforge.net dmichelsen at users.sourceforge.net
Wed Mar 28 15:29:23 CEST 2018 

Revision: 26401
          http://sourceforge.net/p/gar/code/26401
Author:   dmichelsen
Date:     2018-03-28 13:29:22 +0000 (Wed, 28 Mar 2018)
Log Message:
-----------
apache2/trunk: Add patches for CVE 2017 9798

Modified Paths:
--------------
    csw/mgar/pkg/apache2/trunk/Makefile

Added Paths:
-----------
    csw/mgar/pkg/apache2/trunk/files/0001-2.2.x-mod_proxy-without-APR_HAS_THREADS.patch
    csw/mgar/pkg/apache2/trunk/files/0001-CVE-2017-9798-patch-2.2.patch

Modified: csw/mgar/pkg/apache2/trunk/Makefile
===================================================================
--- csw/mgar/pkg/apache2/trunk/Makefile	2018-03-27 09:09:26 UTC (rev 26400)
+++ csw/mgar/pkg/apache2/trunk/Makefile	2018-03-28 13:29:22 UTC (rev 26401)
@@ -53,6 +53,14 @@
 PATCHFILES += 0003-Switch-usr-local-for-opt-csw-in-default-cgi-path.patch
 PATCHFILES += 0004-Move-the-envvars-files-to-sysconfdir.patch
 
+# Reformatted patch from
+#   https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/2.2.x-mod_proxy-without-APR_HAS_THREADS.patch
+PATCHFILES += 0001-2.2.x-mod_proxy-without-APR_HAS_THREADS.patch
+
+# Reformatted patch from
+#   https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/CVE-2017-9798-patch-2.2.patch
+PATCHFILES += 0001-CVE-2017-9798-patch-2.2.patch
+
 #Use Modern SOS
 GARCOMPILER = SOS12U3
 

Added: csw/mgar/pkg/apache2/trunk/files/0001-2.2.x-mod_proxy-without-APR_HAS_THREADS.patch
===================================================================
--- csw/mgar/pkg/apache2/trunk/files/0001-2.2.x-mod_proxy-without-APR_HAS_THREADS.patch	                        (rev 0)
+++ csw/mgar/pkg/apache2/trunk/files/0001-2.2.x-mod_proxy-without-APR_HAS_THREADS.patch	2018-03-28 13:29:22 UTC (rev 26401)
@@ -0,0 +1,32 @@
+From 5a9fb30cdb27a18a332cd3f0efe69bc8b8c0e966 Mon Sep 17 00:00:00 2001
+From: Dagobert Michelsen <dam at opencsw.org>
+Date: Wed, 28 Mar 2018 14:46:17 +0200
+Subject: [PATCH] 2.2.x mod_proxy without APR_HAS_THREADS
+
+---
+ modules/proxy/proxy_util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
+index 4b6b8cf..e2a06cd 100644
+--- a/modules/proxy/proxy_util.c
++++ b/modules/proxy/proxy_util.c
+@@ -1398,7 +1398,6 @@ PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker(apr_pool_t *p,
+     return max_worker;
+ }
+ 
+-#if APR_HAS_THREADS
+ static void socket_cleanup(proxy_conn_rec *conn)
+ {
+     conn->sock = NULL;
+@@ -1407,6 +1406,7 @@ static void socket_cleanup(proxy_conn_rec *conn)
+     apr_pool_clear(conn->scpool);
+ }
+ 
++#if APR_HAS_THREADS
+ static apr_status_t conn_pool_cleanup(void *theworker)
+ {
+     proxy_worker *worker = (proxy_worker *)theworker;
+-- 
+2.4.0
+

Added: csw/mgar/pkg/apache2/trunk/files/0001-CVE-2017-9798-patch-2.2.patch
===================================================================
--- csw/mgar/pkg/apache2/trunk/files/0001-CVE-2017-9798-patch-2.2.patch	                        (rev 0)
+++ csw/mgar/pkg/apache2/trunk/files/0001-CVE-2017-9798-patch-2.2.patch	2018-03-28 13:29:22 UTC (rev 26401)
@@ -0,0 +1,29 @@
+From 62e95a5567be3e16fb991ef7b01d7b939f7e4710 Mon Sep 17 00:00:00 2001
+From: Dagobert Michelsen <dam at opencsw.org>
+Date: Wed, 28 Mar 2018 14:45:24 +0200
+Subject: [PATCH] CVE 2017 9798 patch 2.2
+
+---
+ server/core.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/server/core.c b/server/core.c
+index 34afb34..926a2af 100644
+--- a/server/core.c
++++ b/server/core.c
+@@ -1809,6 +1809,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
+             /* method has not been registered yet, but resorce restriction
+              * is always checked before method handling, so register it.
+              */
++            if (cmd->pool == cmd->temp_pool) {
++                /* In .htaccess, we can't globally register new methods. */
++                return apr_psprintf(cmd->pool, "Could not register method '%s' "
++                                   "for %s from .htaccess configuration",
++                                    method, cmd->cmd->name);
++            }
+             methnum = ap_method_register(cmd->pool, method);
+         }
+ 
+-- 
+2.4.0
+

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the devel mailing list