This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, next has been updated via 28e8d436fc14cc2a0bcc16251756951178b8f6f0 (commit) via e212c7293d717aa70c9b03ad0b282dd76e6d68e6 (commit) via 9fbb9c39fb13dbfbe90c3038fcb5abbe771ad91f (commit) from 9ce9514bad8109a9ffa0f4206a7668757221287c (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit 28e8d436fc14cc2a0bcc16251756951178b8f6f0 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Apr 21 21:10:52 2024 +0000

Remove orphaned Apache patch

See: https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/messag...

Signed-off-by: Peter Müller peter.mueller@ipfire.org

commit e212c7293d717aa70c9b03ad0b282dd76e6d68e6 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Apr 21 21:10:29 2024 +0000

Core Update 186: Ship and restart Apache

Signed-off-by: Peter Müller peter.mueller@ipfire.org

commit 9fbb9c39fb13dbfbe90c3038fcb5abbe771ad91f Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Apr 21 14:55:25 2024 +0200

apache: Update to 2.4.59

For details see: https://dlcdn.apache.org/httpd/CHANGES_2.4.59

Fixes CVE-2024-27316 / CVE-2024-24795 / CVE-2023-38709

Previously applied patch (apache-2.4.58_mod_xml2enc_remove_dependency_on_xmlstring_header.patch) has been removed - is now included.

Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org

-----------------------------------------------------------------------

Summary of changes: .../{oldcore/114 => core/186}/filelists/apache2 | 0 config/rootfiles/core/186/update.sh | 2 ++ lfs/apache2 | 7 +++---- ...enc_remove_dependency_on_xmlstring_header.patch | 24 ---------------------- 4 files changed, 5 insertions(+), 28 deletions(-) copy config/rootfiles/{oldcore/114 => core/186}/filelists/apache2 (100%) delete mode 100644 src/patches/apache-2.4.58_mod_xml2enc_remove_dependency_on_xmlstring_header.patch

Difference in files: diff --git a/config/rootfiles/core/186/filelists/apache2 b/config/rootfiles/core/186/filelists/apache2 new file mode 120000 index 000000000..eef95efa7 --- /dev/null +++ b/config/rootfiles/core/186/filelists/apache2 @@ -0,0 +1 @@ +../../../common/apache2 \ No newline at end of file diff --git a/config/rootfiles/core/186/update.sh b/config/rootfiles/core/186/update.sh index 33e253804..444b041a4 100644 --- a/config/rootfiles/core/186/update.sh +++ b/config/rootfiles/core/186/update.sh @@ -44,6 +44,7 @@ for (( i=1; i<=$core; i++ )); do done

# Stop services +/etc/rc.d/init.d/apache stop

KVER="xxxKVERxxx"

@@ -116,6 +117,7 @@ ldconfig /usr/local/bin/filesystem-cleanup

# Start services +/etc/rc.d/init.d/apache start

# Build initial ramdisks dracut --regenerate-all --force diff --git a/lfs/apache2 b/lfs/apache2 index c1973e6d5..0851471fe 100644 --- a/lfs/apache2 +++ b/lfs/apache2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,7 +25,7 @@

include Config

-VER = 2.4.58 +VER = 2.4.59

THISAPP = httpd-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -45,7 +45,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 2105b8fada99f1dda55201ed89ed5326f0edb078d352cbff44f02cde80d129b65b63e07366a9a744ba474be5687fa8d3d2d8ddc64ac914b47166607f3f4a9de2 +$(DL_FILE)_BLAKE2 = 836e3538a120d71c016149397a4efd61ae6acd8a8fb9d2ce117c7d86209c4b40c0be3c464007891f28c58182e9d40a8793abe9e94e642354492954af91d9878c

install : $(TARGET)

@@ -75,7 +75,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/apache-2.4.58_mod_xml2enc_remove_dependency_on_xmlstring_header.patch ### Add IPFire's layout, too echo "# IPFire layout" >> $(DIR_APP)/config.layout echo "<Layout IPFire>" >> $(DIR_APP)/config.layout diff --git a/src/patches/apache-2.4.58_mod_xml2enc_remove_dependency_on_xmlstring_header.patch b/src/patches/apache-2.4.58_mod_xml2enc_remove_dependency_on_xmlstring_header.patch deleted file mode 100644 index c190a2648..000000000 --- a/src/patches/apache-2.4.58_mod_xml2enc_remove_dependency_on_xmlstring_header.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -Naur httpd-2.4.58-orig/changes-entries/xmlchar.txt httpd-2.4.58/changes-entries/xmlchar.txt ---- httpd-2.4.58-orig/changes-entries/xmlchar.txt 1970-01-01 01:00:00.000000000 +0100 -+++ httpd-2.4.58/changes-entries/xmlchar.txt 2023-12-18 12:31:00.719087460 +0100 -@@ -0,0 +1,2 @@ -+ *) mod_xml2enc: Tolerate libxml2 2.12.0 and later. -+ [ttachi <tachihara AT hotmail.com>] -diff -Naur httpd-2.4.58-orig/modules/filters/mod_xml2enc.c httpd-2.4.58/modules/filters/mod_xml2enc.c ---- httpd-2.4.58-orig/modules/filters/mod_xml2enc.c 2020-02-21 01:33:40.000000000 +0100 -+++ httpd-2.4.58/modules/filters/mod_xml2enc.c 2023-12-18 12:32:34.248535392 +0100 -@@ -206,11 +206,11 @@ - } - } - } -- -+ - /* to sniff, first we look for BOM */ - if (ctx->xml2enc == XML_CHAR_ENCODING_NONE) { -- ctx->xml2enc = xmlDetectCharEncoding((const xmlChar*)ctx->buf, -- ctx->bytes); -+ ctx->xml2enc = xmlDetectCharEncoding((const unsigned char*)ctx->buf, -+ ctx->bytes); - if (HAVE_ENCODING(ctx->xml2enc)) { - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01432) - "Got charset from XML rules.") ;

hooks/post-receive -- IPFire 2.x development tree