* [Buildroot] [PATCH v1 1/2] package/apache: security bump to version 2.4.50
@ 2021-10-05 19:09 Peter Seiderer
2021-10-05 19:09 ` [Buildroot] [PATCH v1 2/2] package/apache: change project URL to https Peter Seiderer
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Peter Seiderer @ 2021-10-05 19:09 UTC (permalink / raw)
To: buildroot; +Cc: Bernd Kuhls
Fixes CVE-2021-41524 and CVE-2021-41773, for details see [1] and [2].
[1] https://downloads.apache.org/httpd/CHANGES_2.4.50
[2] https://httpd.apache.org/security/vulnerabilities_24.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
package/apache/apache.hash | 6 +++---
package/apache/apache.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/apache/apache.hash b/package/apache/apache.hash
index 49efefebb9..abcb79f14d 100644
--- a/package/apache/apache.hash
+++ b/package/apache/apache.hash
@@ -1,5 +1,5 @@
-# From http://archive.apache.org/dist/httpd/httpd-2.4.49.tar.bz2.{sha256,sha512}
-sha256 65b965d6890ea90d9706595e4b7b9365b5060bec8ea723449480b4769974133b httpd-2.4.49.tar.bz2
-sha512 418e277232cf30a81d02b8554e31aaae6433bbea842bdb81e47a609469395cc4891183fb6ee02bd669edb2392c2007869b19da29f5998b8fd5c7d3142db310dd httpd-2.4.49.tar.bz2
+# From https://archive.apache.org/dist/httpd/httpd-2.4.50.tar.bz2.{sha256,sha512}
+sha256 6a2817c070c606682eb53ed963511407d3c3d7a379cdf855971467b00fb3890f httpd-2.4.50.tar.bz2
+sha512 b1afbaf44e503b822ff2b443881dcb44a93aa55d496f88ae399a2e7def05f78590f266a16da1f2c0aac88e463b76fba20843b1e20a102e76c8269de6fae3e158 httpd-2.4.50.tar.bz2
# Locally computed
sha256 47b8c2b6c3309282a99d4a3001575c790fead690cc14734628c4667d2bbffc43 LICENSE
diff --git a/package/apache/apache.mk b/package/apache/apache.mk
index ae2fb70535..e355ff71bf 100644
--- a/package/apache/apache.mk
+++ b/package/apache/apache.mk
@@ -4,7 +4,7 @@
#
################################################################################
-APACHE_VERSION = 2.4.49
+APACHE_VERSION = 2.4.50
APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
APACHE_SITE = http://archive.apache.org/dist/httpd
APACHE_LICENSE = Apache-2.0
--
2.33.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v1 2/2] package/apache: change project URL to https
2021-10-05 19:09 [Buildroot] [PATCH v1 1/2] package/apache: security bump to version 2.4.50 Peter Seiderer
@ 2021-10-05 19:09 ` Peter Seiderer
2021-10-07 20:16 ` Peter Korsgaard
2021-10-09 11:47 ` Peter Korsgaard
2021-10-07 20:16 ` [Buildroot] [PATCH v1 1/2] package/apache: security bump to version 2.4.50 Peter Korsgaard
2021-10-09 11:47 ` Peter Korsgaard
2 siblings, 2 replies; 6+ messages in thread
From: Peter Seiderer @ 2021-10-05 19:09 UTC (permalink / raw)
To: buildroot; +Cc: Bernd Kuhls
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
package/apache/Config.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/apache/Config.in b/package/apache/Config.in
index 693ee20a1b..8b6a5bf7ea 100644
--- a/package/apache/Config.in
+++ b/package/apache/Config.in
@@ -13,7 +13,7 @@ config BR2_PACKAGE_APACHE
server that provides HTTP services in sync with the current
HTTP standards.
- http://httpd.apache.org
+ https://httpd.apache.org
if BR2_PACKAGE_APACHE
--
2.33.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH v1 1/2] package/apache: security bump to version 2.4.50
2021-10-05 19:09 [Buildroot] [PATCH v1 1/2] package/apache: security bump to version 2.4.50 Peter Seiderer
2021-10-05 19:09 ` [Buildroot] [PATCH v1 2/2] package/apache: change project URL to https Peter Seiderer
@ 2021-10-07 20:16 ` Peter Korsgaard
2021-10-09 11:47 ` Peter Korsgaard
2 siblings, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2021-10-07 20:16 UTC (permalink / raw)
To: Peter Seiderer; +Cc: Bernd Kuhls, buildroot
>>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes:
> Fixes CVE-2021-41524 and CVE-2021-41773, for details see [1] and [2].
> [1] https://downloads.apache.org/httpd/CHANGES_2.4.50
> [2] https://httpd.apache.org/security/vulnerabilities_24.html
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Committed, thanks.
I see that there is already a 2.4.51 release with additional fixes for
CVE-2021-41773, care to send a patch for that?
https://downloads.apache.org/httpd/CHANGES_2.4.51
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH v1 2/2] package/apache: change project URL to https
2021-10-05 19:09 ` [Buildroot] [PATCH v1 2/2] package/apache: change project URL to https Peter Seiderer
@ 2021-10-07 20:16 ` Peter Korsgaard
2021-10-09 11:47 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2021-10-07 20:16 UTC (permalink / raw)
To: Peter Seiderer; +Cc: Bernd Kuhls, buildroot
>>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes:
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH v1 1/2] package/apache: security bump to version 2.4.50
2021-10-05 19:09 [Buildroot] [PATCH v1 1/2] package/apache: security bump to version 2.4.50 Peter Seiderer
2021-10-05 19:09 ` [Buildroot] [PATCH v1 2/2] package/apache: change project URL to https Peter Seiderer
2021-10-07 20:16 ` [Buildroot] [PATCH v1 1/2] package/apache: security bump to version 2.4.50 Peter Korsgaard
@ 2021-10-09 11:47 ` Peter Korsgaard
2 siblings, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2021-10-09 11:47 UTC (permalink / raw)
To: Peter Seiderer; +Cc: Bernd Kuhls, buildroot
>>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes:
> Fixes CVE-2021-41524 and CVE-2021-41773, for details see [1] and [2].
> [1] https://downloads.apache.org/httpd/CHANGES_2.4.50
> [2] https://httpd.apache.org/security/vulnerabilities_24.html
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH v1 2/2] package/apache: change project URL to https
2021-10-05 19:09 ` [Buildroot] [PATCH v1 2/2] package/apache: change project URL to https Peter Seiderer
2021-10-07 20:16 ` Peter Korsgaard
@ 2021-10-09 11:47 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2021-10-09 11:47 UTC (permalink / raw)
To: Peter Seiderer; +Cc: Bernd Kuhls, buildroot
>>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes:
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-10-09 11:48 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-05 19:09 [Buildroot] [PATCH v1 1/2] package/apache: security bump to version 2.4.50 Peter Seiderer
2021-10-05 19:09 ` [Buildroot] [PATCH v1 2/2] package/apache: change project URL to https Peter Seiderer
2021-10-07 20:16 ` Peter Korsgaard
2021-10-09 11:47 ` Peter Korsgaard
2021-10-07 20:16 ` [Buildroot] [PATCH v1 1/2] package/apache: security bump to version 2.4.50 Peter Korsgaard
2021-10-09 11:47 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.