From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] apache: Update to 2.4.52
Date: Thu, 23 Dec 2021 17:32:52 +0100 [thread overview]
Message-ID: <20211223163252.26494-1-matthias.fischer@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2569 bytes --]
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
For details see:
https://dlcdn.apache.org//httpd/CHANGES_2.4.52
Excerpt from changelog:
""Changes with Apache 2.4.52
*) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
multipart content in mod_lua of Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A carefully crafted request body can cause a buffer overflow in
the mod_lua multipart parser (r:parsebody() called from Lua
scripts).
The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credits: Chamal
*) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
Credits: 漂亮é¼
TengMA(@Te3t123)
..."
---
config/rootfiles/common/apache2 | 2 ++
lfs/apache2 | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2
index 8442446df..b6e83ab9d 100644
--- a/config/rootfiles/common/apache2
+++ b/config/rootfiles/common/apache2
@@ -1080,6 +1080,8 @@ srv/web/ipfire/html/captive
#srv/web/ipfire/manual/mod/mod_systemd.html
#srv/web/ipfire/manual/mod/mod_systemd.html.en
#srv/web/ipfire/manual/mod/mod_systemd.html.fr.utf8
+#srv/web/ipfire/manual/mod/mod_tls.html
+#srv/web/ipfire/manual/mod/mod_tls.html.en
#srv/web/ipfire/manual/mod/mod_unique_id.html
#srv/web/ipfire/manual/mod/mod_unique_id.html.en
#srv/web/ipfire/manual/mod/mod_unique_id.html.fr.utf8
diff --git a/lfs/apache2 b/lfs/apache2
index b4064cee0..226058a22 100644
--- a/lfs/apache2
+++ b/lfs/apache2
@@ -25,7 +25,7 @@
include Config
-VER = 2.4.51
+VER = 2.4.52
THISAPP = httpd-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d2793fc1c8cb8ba355cee877d1f2d46d
+$(DL_FILE)_MD5 = a94ae42b84309d5ef6e613ae825b92fa
install : $(TARGET)
--
2.18.0
next reply other threads:[~2021-12-23 16:32 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-23 16:32 Matthias Fischer [this message]
2021-12-24 11:30 ` Michael Tremer
2021-12-26 21:14 ` Peter Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211223163252.26494-1-matthias.fischer@ipfire.org \
--to=matthias.fischer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox