All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH v1] package/apache: security bump to version 2.4.51
@ 2021-10-07 21:28 Peter Seiderer
  2021-10-08 10:46 ` Peter Korsgaard
  2021-10-09 11:49 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Peter Seiderer @ 2021-10-07 21:28 UTC (permalink / raw)
  To: buildroot; +Cc: Bernd Kuhls

Fixes CVE-2021-42013, for details see [1] and [2].

Change download URL from http://archive.apache.org/dist/httpd to
https://downloads.apache.org/httpd (seems more up to date).

[1] https://downloads.apache.org/httpd/CHANGES_2.4.51
[2] https://httpd.apache.org/security/vulnerabilities_24.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
 package/apache/apache.hash | 6 +++---
 package/apache/apache.mk   | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/apache/apache.hash b/package/apache/apache.hash
index abcb79f14d..138717c336 100644
--- a/package/apache/apache.hash
+++ b/package/apache/apache.hash
@@ -1,5 +1,5 @@
-# From https://archive.apache.org/dist/httpd/httpd-2.4.50.tar.bz2.{sha256,sha512}
-sha256  6a2817c070c606682eb53ed963511407d3c3d7a379cdf855971467b00fb3890f  httpd-2.4.50.tar.bz2
-sha512  b1afbaf44e503b822ff2b443881dcb44a93aa55d496f88ae399a2e7def05f78590f266a16da1f2c0aac88e463b76fba20843b1e20a102e76c8269de6fae3e158  httpd-2.4.50.tar.bz2
+# From https://downloads.apache.org/httpd/httpd-2.4.51.tar.bz2.{sha256,sha512}
+sha256  20e01d81fecf077690a4439e3969a9b22a09a8d43c525356e863407741b838f4  httpd-2.4.51.tar.bz2
+sha512  9fb07c4b176f5c0485a143e2b1bb1085345ca9120b959974f68c37a8911a57894d2cb488b1b42fdf3102860b99e890204f5e9fa7ae3828b481119c563812cc66  httpd-2.4.51.tar.bz2
 # Locally computed
 sha256  47b8c2b6c3309282a99d4a3001575c790fead690cc14734628c4667d2bbffc43  LICENSE
diff --git a/package/apache/apache.mk b/package/apache/apache.mk
index e355ff71bf..ff01b25106 100644
--- a/package/apache/apache.mk
+++ b/package/apache/apache.mk
@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-APACHE_VERSION = 2.4.50
+APACHE_VERSION = 2.4.51
 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
-APACHE_SITE = http://archive.apache.org/dist/httpd
+APACHE_SITE = https://downloads.apache.org/httpd
 APACHE_LICENSE = Apache-2.0
 APACHE_LICENSE_FILES = LICENSE
 APACHE_CPE_ID_VENDOR = apache
-- 
2.33.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH v1] package/apache: security bump to version 2.4.51
  2021-10-07 21:28 [Buildroot] [PATCH v1] package/apache: security bump to version 2.4.51 Peter Seiderer
@ 2021-10-08 10:46 ` Peter Korsgaard
  2021-10-09 11:49 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-10-08 10:46 UTC (permalink / raw)
  To: Peter Seiderer; +Cc: Bernd Kuhls, buildroot

>>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes:

 > Fixes CVE-2021-42013, for details see [1] and [2].
 > Change download URL from http://archive.apache.org/dist/httpd to
 > https://downloads.apache.org/httpd (seems more up to date).

 > [1] https://downloads.apache.org/httpd/CHANGES_2.4.51
 > [2] https://httpd.apache.org/security/vulnerabilities_24.html

 > Signed-off-by: Peter Seiderer <ps.report@gmx.net>

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH v1] package/apache: security bump to version 2.4.51
  2021-10-07 21:28 [Buildroot] [PATCH v1] package/apache: security bump to version 2.4.51 Peter Seiderer
  2021-10-08 10:46 ` Peter Korsgaard
@ 2021-10-09 11:49 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-10-09 11:49 UTC (permalink / raw)
  To: Peter Seiderer; +Cc: Bernd Kuhls, buildroot

>>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes:

 > Fixes CVE-2021-42013, for details see [1] and [2].
 > Change download URL from http://archive.apache.org/dist/httpd to
 > https://downloads.apache.org/httpd (seems more up to date).

 > [1] https://downloads.apache.org/httpd/CHANGES_2.4.51
 > [2] https://httpd.apache.org/security/vulnerabilities_24.html

 > Signed-off-by: Peter Seiderer <ps.report@gmx.net>

Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-10-09 11:49 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-07 21:28 [Buildroot] [PATCH v1] package/apache: security bump to version 2.4.51 Peter Seiderer
2021-10-08 10:46 ` Peter Korsgaard
2021-10-09 11:49 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.