From: akuster808 <akuster808@gmail.com>
To: Changqing Li <changqing.li@windriver.com>,
openembedded-devel@lists.openembedded.org
Subject: Re: [oe] [hardknott][meta-webserver][PATCH] apache2: fix CVE-2021-44790,CVE-2021-44224
Date: Sat, 15 Jan 2022 06:16:27 -0800 [thread overview]
Message-ID: <a0d4cfca-7d8b-50f2-cad7-ddd93e083ecd@gmail.com> (raw)
In-Reply-To: <20220113080206.25750-1-changqing.li@windriver.com>
On 1/13/22 12:02 AM, Changqing Li wrote:
> From: Changqing Li <changqing.li@windriver.com>
>
> Signed-off-by: Changqing Li <changqing.li@windriver.com>
> ---
> .../apache2/apache2/CVE-2021-44224-1.patch | 282 ++++++++++++++++++
> .../apache2/apache2/CVE-2021-44224-2.patch | 110 +++++++
> .../apache2/apache2/CVE-2021-44790.patch | 32 ++
> .../recipes-httpd/apache2/apache2_2.4.51.bb | 3 +
> 4 files changed, 427 insertions(+)
> create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch
> create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch
> create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch
There is an apache update siting in stable/hardknott-nut.
FYI, apache 2.4.x is an LTS version so package updates are allowed as
they only contain bug fixes
-armin
>
> diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch
> new file mode 100644
> index 000000000..90efafb6a
> --- /dev/null
> +++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch
> @@ -0,0 +1,282 @@
> +From 14e54221476e45a6a63c7c656bf967f1fe810b3f Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 13 Jan 2022 14:37:50 +0800
> +Subject: [PATCH] Merge r1895914, r1895921 from trunk:
> +
> + *) http: Enforce that fully qualified uri-paths not to be forward-proxied
> + have an http(s) scheme, and that the ones to be forward proxied have a
> + hostname, per HTTP specifications.
> + trunk patch: http://svn.apache.org/r1895914
> + http://svn.apache.org/r1895921
> + 2.4.x patch: https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/286.patch
> + backport PR: https://github.com/apache/httpd/pull/286
> + +1: ylavic, minfrin, gbechis
> +
> +mod_proxy: Detect unix: scheme syntax errors at load time.
> +
> +* modules/proxy/mod_proxy.c(add_pass, add_member, set_proxy_param,
> + proxysection):
> + Check return value of ap_proxy_de_socketfy().
> +
> +* modules/proxy/proxy_util.c(ap_proxy_get_worker_ex):
> + Check return value of ap_proxy_de_socketfy().
> +
> +http: Enforce that fully qualified uri-paths not to be forward-proxied
> + have an http(s) scheme, and that the ones to be forward proxied have a
> + hostname, per HTTP specifications.
> +
> +The early checks avoid failing the request later on and thus save cycles
> +for those invalid cases.
> +
> +Submitted by: ylavic
> +Reviewed by: ylavic, minfrin, gbechis
> +Closes #286
> +
> +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1895955 13f79535-47bb-0310-9956-ffa450edef68
> +
> +CVE: CVE-2021-44224
> +Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1895955]
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + include/ap_mmn.h | 2 +-
> + include/http_protocol.h | 7 ++++++
> + modules/http/http_request.c | 2 +-
> + modules/http2/h2_request.c | 4 ++--
> + modules/proxy/mod_proxy.c | 45 ++++++++++++++++++++++++++-----------
> + modules/proxy/proxy_util.c | 3 +++
> + server/protocol.c | 23 ++++++++++++++++++-
> + 7 files changed, 68 insertions(+), 18 deletions(-)
> +
> +diff --git a/include/ap_mmn.h b/include/ap_mmn.h
> +index 942e6d4..f2eee7a 100644
> +--- a/include/ap_mmn.h
> ++++ b/include/ap_mmn.h
> +@@ -589,7 +589,7 @@
> + #ifndef MODULE_MAGIC_NUMBER_MAJOR
> + #define MODULE_MAGIC_NUMBER_MAJOR 20120211
> + #endif
> +-#define MODULE_MAGIC_NUMBER_MINOR 118 /* 0...n */
> ++#define MODULE_MAGIC_NUMBER_MINOR 119 /* 0...n */
> +
> + /**
> + * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
> +diff --git a/include/http_protocol.h b/include/http_protocol.h
> +index 9ccac89..20bd202 100644
> +--- a/include/http_protocol.h
> ++++ b/include/http_protocol.h
> +@@ -96,6 +96,13 @@ AP_DECLARE(void) ap_get_mime_headers(request_rec *r);
> + AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r,
> + apr_bucket_brigade *bb);
> +
> ++/**
> ++ * Run post_read_request hook and validate.
> ++ * @param r The current request
> ++ * @return OK or HTTP_...
> ++ */
> ++AP_DECLARE(int) ap_post_read_request(request_rec *r);
> ++
> + /* Finish up stuff after a request */
> +
> + /**
> +diff --git a/modules/http/http_request.c b/modules/http/http_request.c
> +index c9ae5af..d59cfe2 100644
> +--- a/modules/http/http_request.c
> ++++ b/modules/http/http_request.c
> +@@ -680,7 +680,7 @@ static request_rec *internal_internal_redirect(const char *new_uri,
> + * to do their thing on internal redirects as well. Perhaps this is a
> + * misnamed function.
> + */
> +- if ((access_status = ap_run_post_read_request(new))) {
> ++ if ((access_status = ap_post_read_request(new))) {
> + ap_die(access_status, new);
> + return NULL;
> + }
> +diff --git a/modules/http2/h2_request.c b/modules/http2/h2_request.c
> +index 7c4fb95..900f050 100644
> +--- a/modules/http2/h2_request.c
> ++++ b/modules/http2/h2_request.c
> +@@ -369,8 +369,8 @@ request_rec *h2_request_create_rec(const h2_request *req, conn_rec *c)
> + */
> + ap_add_input_filter_handle(ap_http_input_filter_handle,
> + NULL, r, r->connection);
> +-
> +- if ((access_status = ap_run_post_read_request(r))) {
> ++
> ++ if ((access_status = ap_post_read_request(r))) {
> + /* Request check post hooks failed. An example of this would be a
> + * request for a vhost where h2 is disabled --> 421.
> + */
> +diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
> +index 3fb84c8..b3aafcc 100644
> +--- a/modules/proxy/mod_proxy.c
> ++++ b/modules/proxy/mod_proxy.c
> +@@ -775,13 +775,13 @@ static int proxy_detect(request_rec *r)
> +
> + /* Ick... msvc (perhaps others) promotes ternary short results to int */
> +
> +- if (conf->req && r->parsed_uri.scheme) {
> ++ if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
> + /* but it might be something vhosted */
> +- if (!(r->parsed_uri.hostname
> +- && !ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r))
> +- && ap_matches_request_vhost(r, r->parsed_uri.hostname,
> +- (apr_port_t)(r->parsed_uri.port_str ? r->parsed_uri.port
> +- : ap_default_port(r))))) {
> ++ if (ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
> ++ || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
> ++ (apr_port_t)(r->parsed_uri.port_str
> ++ ? r->parsed_uri.port
> ++ : ap_default_port(r)))) {
> + r->proxyreq = PROXYREQ_PROXY;
> + r->uri = r->unparsed_uri;
> + r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
> +@@ -2007,6 +2007,7 @@ static const char *
> + struct proxy_alias *new;
> + char *f = cmd->path;
> + char *r = NULL;
> ++ const char *real;
> + char *word;
> + apr_table_t *params = apr_table_make(cmd->pool, 5);
> + const apr_array_header_t *arr;
> +@@ -2094,6 +2095,10 @@ static const char *
> + return "ProxyPass|ProxyPassMatch needs a path when not defined in a location";
> + }
> +
> ++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, r))) {
> ++ return "ProxyPass|ProxyPassMatch uses an invalid \"unix:\" URL";
> ++ }
> ++
> + /* if per directory, save away the single alias */
> + if (cmd->path) {
> + dconf->alias = apr_pcalloc(cmd->pool, sizeof(struct proxy_alias));
> +@@ -2109,7 +2114,7 @@ static const char *
> + }
> +
> + new->fake = apr_pstrdup(cmd->pool, f);
> +- new->real = apr_pstrdup(cmd->pool, ap_proxy_de_socketfy(cmd->pool, r));
> ++ new->real = apr_pstrdup(cmd->pool, real);
> + new->flags = flags;
> + if (worker_type & AP_PROXY_WORKER_IS_MATCH) {
> + new->regex = ap_pregcomp(cmd->pool, f, AP_REG_EXTENDED);
> +@@ -2635,6 +2640,7 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
> + proxy_worker *worker;
> + char *path = cmd->path;
> + char *name = NULL;
> ++ const char *real;
> + char *word;
> + apr_table_t *params = apr_table_make(cmd->pool, 5);
> + const apr_array_header_t *arr;
> +@@ -2676,6 +2682,10 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
> + if (!name)
> + return "BalancerMember must define remote proxy server";
> +
> ++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
> ++ return "BalancerMember uses an invalid \"unix:\" URL";
> ++ }
> ++
> + ap_str_tolower(path); /* lowercase scheme://hostname */
> +
> + /* Try to find the balancer */
> +@@ -2687,8 +2697,7 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
> + }
> +
> + /* Try to find existing worker */
> +- worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf,
> +- ap_proxy_de_socketfy(cmd->temp_pool, name));
> ++ worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf, real);
> + if (!worker) {
> + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, APLOGNO(01147)
> + "Defining worker '%s' for balancer '%s'",
> +@@ -2785,9 +2794,14 @@ static const char *
> + }
> + }
> + else {
> ++ const char *real;
> ++
> ++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
> ++ return "ProxySet uses an invalid \"unix:\" URL";
> ++ }
> ++
> + worker = ap_proxy_get_worker_ex(cmd->temp_pool, NULL, conf,
> +- ap_proxy_de_socketfy(cmd->temp_pool, name),
> +- worker_type);
> ++ real, worker_type);
> + if (!worker) {
> + if (in_proxy_section) {
> + err = ap_proxy_define_worker_ex(cmd->pool, &worker, NULL,
> +@@ -2930,9 +2944,14 @@ static const char *proxysection(cmd_parms *cmd, void *mconfig, const char *arg)
> + }
> + }
> + else {
> ++ const char *real;
> ++
> ++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, conf->p))) {
> ++ return "<Proxy/ProxyMatch > uses an invalid \"unix:\" URL";
> ++ }
> ++
> + worker = ap_proxy_get_worker_ex(cmd->temp_pool, NULL, sconf,
> +- ap_proxy_de_socketfy(cmd->temp_pool, conf->p),
> +- worker_type);
> ++ real, worker_type);
> + if (!worker) {
> + err = ap_proxy_define_worker_ex(cmd->pool, &worker, NULL, sconf,
> + conf->p, worker_type);
> +diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
> +index f291a0d..3511688 100644
> +--- a/modules/proxy/proxy_util.c
> ++++ b/modules/proxy/proxy_util.c
> +@@ -1742,6 +1742,9 @@ PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker_ex(apr_pool_t *p,
> + }
> +
> + url = ap_proxy_de_socketfy(p, url);
> ++ if (!url) {
> ++ return NULL;
> ++ }
> +
> + c = ap_strchr_c(url, ':');
> + if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0') {
> +diff --git a/server/protocol.c b/server/protocol.c
> +index 3d74c5b..2214f72 100644
> +--- a/server/protocol.c
> ++++ b/server/protocol.c
> +@@ -1548,7 +1548,7 @@ request_rec *ap_read_request(conn_rec *conn)
> + /* we may have switched to another server */
> + apply_server_config(r);
> +
> +- if ((access_status = ap_run_post_read_request(r))) {
> ++ if ((access_status = ap_post_read_request(r))) {
> + goto die;
> + }
> +
> +@@ -1603,6 +1603,27 @@ ignore:
> + return NULL;
> + }
> +
> ++AP_DECLARE(int) ap_post_read_request(request_rec *r)
> ++{
> ++ int status;
> ++
> ++ if ((status = ap_run_post_read_request(r))) {
> ++ return status;
> ++ }
> ++
> ++ /* Enforce http(s) only scheme for non-forward-proxy requests */
> ++ if (!r->proxyreq
> ++ && r->parsed_uri.scheme
> ++ && (ap_cstr_casecmpn(r->parsed_uri.scheme, "http", 4) != 0
> ++ || (r->parsed_uri.scheme[4] != '\0'
> ++ && (apr_tolower(r->parsed_uri.scheme[4]) != 's'
> ++ || r->parsed_uri.scheme[5] != '\0')))) {
> ++ return HTTP_BAD_REQUEST;
> ++ }
> ++
> ++ return OK;
> ++}
> ++
> + /* if a request with a body creates a subrequest, remove original request's
> + * input headers which pertain to the body which has already been read.
> + * out-of-line helper function for ap_set_sub_req_protocol.
> +--
> +2.17.1
> +
> diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch
> new file mode 100644
> index 000000000..b464a452b
> --- /dev/null
> +++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch
> @@ -0,0 +1,110 @@
> +From 994610ea76b6e1b3f198101af31564e6c4e8fc0f Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 13 Jan 2022 14:47:56 +0800
> +Subject: [PATCH] Merge of r1895981,r1895986 from trunk:
> +
> + *) mod_proxy: Don't prevent forwarding URIs w/ no hostname.
> + (fix for r1895955 already in 2.4.x)
> +
> +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1896044 13f79535-47bb-0310-9956-ffa450edef68
> +
> +CVE: CVE-2021-44224
> +Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1896044]
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + modules/proxy/mod_proxy.c | 5 +++--
> + modules/proxy/mod_proxy.h | 1 +
> + modules/proxy/proxy_util.c | 22 ++++++++++++----------
> + 3 files changed, 16 insertions(+), 12 deletions(-)
> +
> +diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
> +index b3aafcc..a28bea4 100644
> +--- a/modules/proxy/mod_proxy.c
> ++++ b/modules/proxy/mod_proxy.c
> +@@ -775,9 +775,10 @@ static int proxy_detect(request_rec *r)
> +
> + /* Ick... msvc (perhaps others) promotes ternary short results to int */
> +
> +- if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
> ++ if (conf->req && r->parsed_uri.scheme) {
> + /* but it might be something vhosted */
> +- if (ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
> ++ if (!r->parsed_uri.hostname
> ++ || ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
> + || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
> + (apr_port_t)(r->parsed_uri.port_str
> + ? r->parsed_uri.port
> +diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
> +index 1219e9f..47899d7 100644
> +--- a/modules/proxy/mod_proxy.h
> ++++ b/modules/proxy/mod_proxy.h
> +@@ -750,6 +750,7 @@ PROXY_DECLARE(int) ap_proxy_worker_can_upgrade(apr_pool_t *p,
> + #define AP_PROXY_WORKER_IS_PREFIX (1u << 0)
> + #define AP_PROXY_WORKER_IS_MATCH (1u << 1)
> + #define AP_PROXY_WORKER_IS_MALLOCED (1u << 2)
> ++#define AP_PROXY_WORKER_NO_UDS (1u << 3)
> +
> + /**
> + * Get the worker from proxy configuration, looking for either PREFIXED or
> +diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
> +index 3511688..d578452 100644
> +--- a/modules/proxy/proxy_util.c
> ++++ b/modules/proxy/proxy_util.c
> +@@ -1741,9 +1741,11 @@ PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker_ex(apr_pool_t *p,
> + return NULL;
> + }
> +
> +- url = ap_proxy_de_socketfy(p, url);
> +- if (!url) {
> +- return NULL;
> ++ if (!(mask & AP_PROXY_WORKER_NO_UDS)) {
> ++ url = ap_proxy_de_socketfy(p, url);
> ++ if (!url) {
> ++ return NULL;
> ++ }
> + }
> +
> + c = ap_strchr_c(url, ':');
> +@@ -2326,22 +2328,22 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
> +
> + access_status = proxy_run_pre_request(worker, balancer, r, conf, url);
> + if (access_status == DECLINED && *balancer == NULL) {
> +- *worker = ap_proxy_get_worker(r->pool, NULL, conf, *url);
> ++ const int forward = (r->proxyreq == PROXYREQ_PROXY);
> ++ *worker = ap_proxy_get_worker_ex(r->pool, NULL, conf, *url,
> ++ forward ? AP_PROXY_WORKER_NO_UDS : 0);
> + if (*worker) {
> + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
> + "%s: found worker %s for %s",
> + (*worker)->s->scheme, (*worker)->s->name, *url);
> +- *balancer = NULL;
> +- if (!fix_uds_filename(r, url)) {
> ++ if (!forward && !fix_uds_filename(r, url)) {
> + return HTTP_INTERNAL_SERVER_ERROR;
> + }
> + access_status = OK;
> + }
> +- else if (r->proxyreq == PROXYREQ_PROXY) {
> ++ else if (forward) {
> + if (conf->forward) {
> + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
> + "*: found forward proxy worker for %s", *url);
> +- *balancer = NULL;
> + *worker = conf->forward;
> + access_status = OK;
> + /*
> +@@ -2355,8 +2357,8 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
> + else if (r->proxyreq == PROXYREQ_REVERSE) {
> + if (conf->reverse) {
> + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
> +- "*: using default reverse proxy worker for %s (no keepalive)", *url);
> +- *balancer = NULL;
> ++ "*: using default reverse proxy worker for %s "
> ++ "(no keepalive)", *url);
> + *worker = conf->reverse;
> + access_status = OK;
> + /*
> +--
> +2.17.1
> +
> diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch
> new file mode 100644
> index 000000000..4bef9519c
> --- /dev/null
> +++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch
> @@ -0,0 +1,32 @@
> +From 7e17af6bc469e9cdded01a3f076043892d9d9a58 Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 13 Jan 2022 13:50:20 +0800
> +Subject: [PATCH] Merge r1895970 from trunk:
> +
> + *) mod_lua: Improve error handling
> +
> +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1896039 13f79535-47bb-0310-9956-ffa450edef68
> +
> +CVE: CVE-2021-44790
> +Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1896039]
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + modules/lua/lua_request.c | 1 +
> + 1 file changed, 1 insertion(+)
> +
> +diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c
> +index 67ff432..493b2bb 100644
> +--- a/modules/lua/lua_request.c
> ++++ b/modules/lua/lua_request.c
> +@@ -410,6 +410,7 @@ static int req_parsebody(lua_State *L)
> + if (end == NULL) break;
> + key = (char *) apr_pcalloc(r->pool, 256);
> + filename = (char *) apr_pcalloc(r->pool, 256);
> ++ if (end - crlf <= 8) break;
> + vlen = end - crlf - 8;
> + buffer = (char *) apr_pcalloc(r->pool, vlen+1);
> + memcpy(buffer, crlf + 4, vlen);
> +--
> +2.17.1
> +
> diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
> index d6e736d31..233543af8 100644
> --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
> +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
> @@ -15,6 +15,9 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
> file://0007-apache2-allow-to-disable-selinux-support.patch \
> file://apache-configure_perlbin.patch \
> file://0001-support-apxs.in-force-destdir-to-be-empty-string.patch \
> + file://CVE-2021-44790.patch \
> + file://CVE-2021-44224-1.patch \
> + file://CVE-2021-44224-2.patch \
> "
>
> SRC_URI_append_class-target = " \
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#94800): https://lists.openembedded.org/g/openembedded-devel/message/94800
> Mute This Topic: https://lists.openembedded.org/mt/88392787/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
next prev parent reply other threads:[~2022-01-15 14:16 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-13 8:02 [hardknott][meta-webserver][PATCH] apache2: fix CVE-2021-44790,CVE-2021-44224 changqing.li
2022-01-15 14:16 ` akuster808 [this message]
2022-01-17 3:54 ` [oe] " Changqing Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a0d4cfca-7d8b-50f2-cad7-ddd93e083ecd@gmail.com \
--to=akuster808@gmail.com \
--cc=changqing.li@windriver.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.