Re: [PATCH] apache: Update to 2.4.52

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 2908 bytes --]

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 23 Dec 2021, at 17:32, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> 
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> 
> For details see:
> https://dlcdn.apache.org//httpd/CHANGES_2.4.52
> 
> Excerpt from changelog:
> 
> ""Changes with Apache 2.4.52
> 
>  *) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
>     multipart content in mod_lua of Apache HTTP Server 2.4.51 and
>     earlier (cve.mitre.org)
>     A carefully crafted request body can cause a buffer overflow in
>     the mod_lua multipart parser (r:parsebody() called from Lua
>     scripts).
>     The Apache httpd team is not aware of an exploit for the
>     vulnerabilty though it might be possible to craft one.
>     This issue affects Apache HTTP Server 2.4.51 and earlier.
>     Credits: Chamal
> 
>  *) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
>     forward proxy configurations in Apache HTTP Server 2.4.51 and
>     earlier (cve.mitre.org)
>     A crafted URI sent to httpd configured as a forward proxy
>     (ProxyRequests on) can cause a crash (NULL pointer dereference)
>     or, for configurations mixing forward and reverse proxy
>     declarations, can allow for requests to be directed to a
>     declared Unix Domain Socket endpoint (Server Side Request
>     Forgery).
>     This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
>     (included).
>     Credits: 漂亮é¼
>     TengMA(@Te3t123)
> ..."
> ---
> config/rootfiles/common/apache2 | 2 ++
> lfs/apache2                     | 4 ++--
> 2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2
> index 8442446df..b6e83ab9d 100644
> --- a/config/rootfiles/common/apache2
> +++ b/config/rootfiles/common/apache2
> @@ -1080,6 +1080,8 @@ srv/web/ipfire/html/captive
> #srv/web/ipfire/manual/mod/mod_systemd.html
> #srv/web/ipfire/manual/mod/mod_systemd.html.en
> #srv/web/ipfire/manual/mod/mod_systemd.html.fr.utf8
> +#srv/web/ipfire/manual/mod/mod_tls.html
> +#srv/web/ipfire/manual/mod/mod_tls.html.en
> #srv/web/ipfire/manual/mod/mod_unique_id.html
> #srv/web/ipfire/manual/mod/mod_unique_id.html.en
> #srv/web/ipfire/manual/mod/mod_unique_id.html.fr.utf8
> diff --git a/lfs/apache2 b/lfs/apache2
> index b4064cee0..226058a22 100644
> --- a/lfs/apache2
> +++ b/lfs/apache2
> @@ -25,7 +25,7 @@
> 
> include Config
> 
> -VER        = 2.4.51
> +VER        = 2.4.52
> 
> THISAPP    = httpd-$(VER)
> DL_FILE    = $(THISAPP).tar.bz2
> @@ -45,7 +45,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_MD5 = d2793fc1c8cb8ba355cee877d1f2d46d
> +$(DL_FILE)_MD5 = a94ae42b84309d5ef6e613ae825b92fa
> 
> install : $(TARGET)
> 
> -- 
> 2.18.0
>