From 868367222b6bda2fa4c155a1c6334e7efbdbf62b Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sat, 18 Sep 2021 00:19:34 +0200 Subject: [PATCH] package/apache: security bump to version 2.4.49 Fix CVE-2021-33193: A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. https://github.com/apache/httpd/blob/2.4.49/CHANGES Signed-off-by: Fabrice Fontaine Signed-off-by: Yann E. MORIN --- package/apache/apache.hash | 6 +++--- package/apache/apache.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/apache/apache.hash b/package/apache/apache.hash index c03934b40a..49efefebb9 100644 --- a/package/apache/apache.hash +++ b/package/apache/apache.hash @@ -1,5 +1,5 @@ -# From http://archive.apache.org/dist/httpd/httpd-2.4.46.tar.bz2.{sha256,sha512} -sha256 1bc826e7b2e88108c7e4bf43c026636f77a41d849cfb667aa7b5c0b86dbf966c httpd-2.4.48.tar.bz2 -sha512 6c250626f1e7d10428a92d984fd48ff841effcc8705f7816ab71b681bbd51d0012ad158dcd13763fe7d630311f2de258b27574603140d648be42796ab8326724 httpd-2.4.48.tar.bz2 +# From http://archive.apache.org/dist/httpd/httpd-2.4.49.tar.bz2.{sha256,sha512} +sha256 65b965d6890ea90d9706595e4b7b9365b5060bec8ea723449480b4769974133b httpd-2.4.49.tar.bz2 +sha512 418e277232cf30a81d02b8554e31aaae6433bbea842bdb81e47a609469395cc4891183fb6ee02bd669edb2392c2007869b19da29f5998b8fd5c7d3142db310dd httpd-2.4.49.tar.bz2 # Locally computed sha256 47b8c2b6c3309282a99d4a3001575c790fead690cc14734628c4667d2bbffc43 LICENSE diff --git a/package/apache/apache.mk b/package/apache/apache.mk index 365dc9a72e..ae2fb70535 100644 --- a/package/apache/apache.mk +++ b/package/apache/apache.mk @@ -4,7 +4,7 @@ # ################################################################################ -APACHE_VERSION = 2.4.48 +APACHE_VERSION = 2.4.49 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2 APACHE_SITE = http://archive.apache.org/dist/httpd APACHE_LICENSE = Apache-2.0 -- 2.30.2