* [Buildroot] [PATCH v2 1/1] package/apache: security bump version to 2.4.53
@ 2022-03-14 21:20 Bernd Kuhls
2022-03-22 8:21 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Bernd Kuhls @ 2022-03-14 21:20 UTC (permalink / raw)
To: buildroot
Changelog: https://downloads.apache.org/httpd/CHANGES_2.4.53
Fixes CVE-2022-22719, CVE-2022-22720, CVE-2022-22721 & CVE-2022-23943.
Switch from pcre to pcre2 following upstream commit:
https://github.com/apache/httpd/commit/c602ba14811ede722017c4e59e4e30d9990227b4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
v2: switch from pcre to pcre2 (Peter S.)
package/apache/Config.in | 2 +-
package/apache/apache.hash | 6 +++---
package/apache/apache.mk | 8 ++++----
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/package/apache/Config.in b/package/apache/Config.in
index 8b6a5bf7ea..270296bce4 100644
--- a/package/apache/Config.in
+++ b/package/apache/Config.in
@@ -4,7 +4,7 @@ config BR2_PACKAGE_APACHE
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_USE_MMU # apr
select BR2_PACKAGE_APR_UTIL
- select BR2_PACKAGE_PCRE
+ select BR2_PACKAGE_PCRE2
help
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
diff --git a/package/apache/apache.hash b/package/apache/apache.hash
index 014d920772..11dcdefe46 100644
--- a/package/apache/apache.hash
+++ b/package/apache/apache.hash
@@ -1,5 +1,5 @@
-# From https://downloads.apache.org/httpd/httpd-2.4.52.tar.bz2.{sha256,sha512}
-sha256 0127f7dc497e9983e9c51474bed75e45607f2f870a7675a86dc90af6d572f5c9 httpd-2.4.52.tar.bz2
-sha512 97c021c576022a9d32f4a390f62e07b5f550973aef2f299fd52defce1a9fa5d27bd4a676e7bf214373ba46063d34aecce42de62fdd93678a4e925cfcbb2afdf6 httpd-2.4.52.tar.bz2
+# From https://downloads.apache.org/httpd/httpd-2.4.53.tar.bz2.{sha256,sha512}
+sha256 d0bbd1121a57b5f2a6ff92d7b96f8050c5a45d3f14db118f64979d525858db63 httpd-2.4.53.tar.bz2
+sha512 07ef59594251a30a864cc9cc9a58ab788c2d006cef85b728f29533243927c63cb063e0867f2a306f37324c3adb9cf7dcb2402f3516b05c2c6f32469d475dd756 httpd-2.4.53.tar.bz2
# Locally computed
sha256 47b8c2b6c3309282a99d4a3001575c790fead690cc14734628c4667d2bbffc43 LICENSE
diff --git a/package/apache/apache.mk b/package/apache/apache.mk
index b280d4dc3a..b2c855aa36 100644
--- a/package/apache/apache.mk
+++ b/package/apache/apache.mk
@@ -4,7 +4,7 @@
#
################################################################################
-APACHE_VERSION = 2.4.52
+APACHE_VERSION = 2.4.53
APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
APACHE_SITE = https://downloads.apache.org/httpd
APACHE_LICENSE = Apache-2.0
@@ -17,11 +17,11 @@ APACHE_INSTALL_STAGING = YES
# We have a patch touching configure.in and Makefile.in,
# so we need to autoreconf:
APACHE_AUTORECONF = YES
-APACHE_DEPENDENCIES = apr apr-util pcre
+APACHE_DEPENDENCIES = apr apr-util pcre2
APACHE_CONF_ENV= \
ap_cv_void_ptr_lt_long=no \
- PCRE_CONFIG=$(STAGING_DIR)/usr/bin/pcre-config
+ PCRE_CONFIG=$(STAGING_DIR)/usr/bin/pcre2-config
ifeq ($(BR2_PACKAGE_APACHE_MPM_EVENT),y)
APACHE_MPM = event
@@ -35,7 +35,7 @@ APACHE_CONF_OPTS = \
--sysconfdir=/etc/apache2 \
--with-apr=$(STAGING_DIR)/usr \
--with-apr-util=$(STAGING_DIR)/usr \
- --with-pcre=$(STAGING_DIR)/usr/bin/pcre-config \
+ --with-pcre=$(STAGING_DIR)/usr/bin/pcre2-config \
--enable-http \
--enable-dbd \
--enable-proxy \
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH v2 1/1] package/apache: security bump version to 2.4.53
2022-03-14 21:20 [Buildroot] [PATCH v2 1/1] package/apache: security bump version to 2.4.53 Bernd Kuhls
@ 2022-03-22 8:21 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2022-03-22 8:21 UTC (permalink / raw)
To: Bernd Kuhls; +Cc: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Changelog: https://downloads.apache.org/httpd/CHANGES_2.4.53
> Fixes CVE-2022-22719, CVE-2022-22720, CVE-2022-22721 & CVE-2022-23943.
> Switch from pcre to pcre2 following upstream commit:
> https://github.com/apache/httpd/commit/c602ba14811ede722017c4e59e4e30d9990227b4
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
> v2: switch from pcre to pcre2 (Peter S.)
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-03-22 8:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-14 21:20 [Buildroot] [PATCH v2 1/1] package/apache: security bump version to 2.4.53 Bernd Kuhls
2022-03-22 8:21 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.