package/apache: security bump to version 2.4.23

Fixes CVE-2016-4979:
TLS/SSL X.509 client certificate auth bypass with HTTP/2
http://httpd.apache.org/security/vulnerabilities_24.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/package/apache/apache.hash b/package/apache/apache.hash
index 062a54990d8cb05d592d77c45a4a20c5f6c4269a..e4710b041507b948fdbb9c0d013cb74bf413d231 100644 (file)
--- a/package/apache/apache.hash
+++ b/package/apache/apache.hash
@@ -1,2 +1,2 @@
-# From http://www.apache.org/dist/httpd/httpd-2.4.20.tar.bz2.sha1
-sha1   cefe8ea4a3f81c7a08e36c80ebbd792c67ab361b        httpd-2.4.20.tar.bz2
+# From http://www.apache.org/dist/httpd/httpd-2.4.23.tar.bz2.sha1
+sha1   5101be34ac4a509b245adb70a56690a84fcc4e7f        httpd-2.4.23.tar.bz2

diff --git a/package/apache/apache.mk b/package/apache/apache.mk
index 6d9a324b9fd1091f3a0fc944040ce8f4e16743a2..e78545a076ae38d3c56aa5c50580b2eb7ba29b95 100644 (file)
--- a/package/apache/apache.mk
+++ b/package/apache/apache.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-APACHE_VERSION = 2.4.20
+APACHE_VERSION = 2.4.23
 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
 APACHE_SITE = http://archive.apache.org/dist/httpd
 APACHE_LICENSE = Apache-2.0