apache2: update to version 2.4.25

Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Derek Straka <derek@asterius.io> 2016-12-21 18:38:58 -0500
committer: Martin Jansa <Martin.Jansa@gmail.com> 2016-12-26 08:24:54 +0100
commit: 9148d8b8243236c61c2d5a45c807fa0bd4387da6 (patch)
tree: fe445d9d57e43011f21a9dea81bf42828caa9744 /meta-webserver
parent: e873c0e6e30029729fa18b5b7cb0af58dfbf47d3 (diff)
download: meta-openembedded-9148d8b8243236c61c2d5a45c807fa0bd4387da6.tar.gz
3 files changed, 4 insertions, 30 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.23.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.25.bb
index b227f191d..ca8ebaf95 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.23.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.25.bb
@@ -15,8 +15,8 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
 S = "${WORKDIR}/httpd-${PV}"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
-SRC_URI[md5sum] = "04f19c60e810c028f5240a062668a688"
+SRC_URI[md5sum] = "2826f49619112ad5813c0be5afcc7ddb"
-SRC_URI[sha256sum] = "0c1694b2aad7765896faf92843452ee2555b9591ae10d4f19b245f2adfe85e58"
+SRC_URI[sha256sum] = "f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2"
 EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
                --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch b/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch
deleted file mode 100644
index dbcdfc6df..000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-This patch has been copied from https://www.apache.org/security/asf-httpoxy-response.txt
-as a mitigation of CVE-2016-5387.
-Upstream-Status: Backport - fixed in 2.4.24
-Signed-off-by: Joe Slater<jslater@windriver.com>
--- a/server/util_script.c      (revision 1752426)
-+++ b/server/util_script.c      (working copy)
-@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r
-         else if (!strcasecmp(hdrs[i].key, "Content-length")) {
-             apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
-         }
-+        /* HTTP_PROXY collides with a popular envvar used to configure
-+         * proxies, don't let clients set/override it.  But, if you must...
-+         */
-+#ifndef SECURITY_HOLE_PASS_PROXY
-+        else if (!strcasecmp(hdrs[i].key, "Proxy")) {
-+            ;
-+        }
-+#endif
-         /*
-          * You really don't want to disable this check, since it leaves you
-          * wide open to CGIs stealing passwords and people viewing them
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.23.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.25.bb
index b78ff5163..3bd8579a8 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.23.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.25.bb
@@ -17,15 +17,14 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
           file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \
           file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
           file://configure-allow-to-disable-selinux-support.patch \
-           file://cve-2016-5387.patch \
           file://init \
           file://apache2-volatile.conf \
           file://apache2.service \
          "
 LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
-SRC_URI[md5sum] = "04f19c60e810c028f5240a062668a688"
+SRC_URI[md5sum] = "2826f49619112ad5813c0be5afcc7ddb"
-SRC_URI[sha256sum] = "0c1694b2aad7765896faf92843452ee2555b9591ae10d4f19b245f2adfe85e58"
+SRC_URI[sha256sum] = "f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2"
 S = "${WORKDIR}/httpd-${PV}"
author	Derek Straka <derek@asterius.io>	2016-12-21 18:38:58 -0500
committer	Martin Jansa <Martin.Jansa@gmail.com>	2016-12-26 08:24:54 +0100
commit	9148d8b8243236c61c2d5a45c807fa0bd4387da6 (patch)
tree	fe445d9d57e43011f21a9dea81bf42828caa9744 /meta-webserver
parent	e873c0e6e30029729fa18b5b7cb0af58dfbf47d3 (diff)
download	meta-openembedded-9148d8b8243236c61c2d5a45c807fa0bd4387da6.tar.gz

diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.23.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.25.bb index b227f191d..ca8ebaf95 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.23.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.25.bb
@@ -15,8 +15,8 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
15	S = "${WORKDIR}/httpd-${PV}"	15	S = "${WORKDIR}/httpd-${PV}"
16		16
17	LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"	17	LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
18	SRC_URI[md5sum] = "04f19c60e810c028f5240a062668a688"	18	SRC_URI[md5sum] = "2826f49619112ad5813c0be5afcc7ddb"
19	SRC_URI[sha256sum] = "0c1694b2aad7765896faf92843452ee2555b9591ae10d4f19b245f2adfe85e58"	19	SRC_URI[sha256sum] = "f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2"
20		20
21	EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \	21	EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
22	--with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \	22	--with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \


diff --git a/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch b/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch deleted file mode 100644 index dbcdfc6df..000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch +++ /dev/null
@@ -1,25 +0,0 @@
1	This patch has been copied from https://www.apache.org/security/asf-httpoxy-response.txt
2	as a mitigation of CVE-2016-5387.
3
4	Upstream-Status: Backport - fixed in 2.4.24
5
6	Signed-off-by: Joe Slater<jslater@windriver.com>
7
8
9	--- a/server/util_script.c (revision 1752426)
10	+++ b/server/util_script.c (working copy)
11	@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r
12	else if (!strcasecmp(hdrs[i].key, "Content-length")) {
13	apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
14	}
15	+ /* HTTP_PROXY collides with a popular envvar used to configure
16	+ * proxies, don't let clients set/override it. But, if you must...
17	+ */
18	+#ifndef SECURITY_HOLE_PASS_PROXY
19	+ else if (!strcasecmp(hdrs[i].key, "Proxy")) {
20	+ ;
21	+ }
22	+#endif
23	/*
24	* You really don't want to disable this check, since it leaves you
25	* wide open to CGIs stealing passwords and people viewing them


diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.23.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.25.bb index b78ff5163..3bd8579a8 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.23.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.25.bb
@@ -17,15 +17,14 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
17	file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \	17	file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \
18	file://0001-configure-use-pkg-config-for-PCRE-detection.patch \	18	file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
19	file://configure-allow-to-disable-selinux-support.patch \	19	file://configure-allow-to-disable-selinux-support.patch \
20	file://cve-2016-5387.patch \
21	file://init \	20	file://init \
22	file://apache2-volatile.conf \	21	file://apache2-volatile.conf \
23	file://apache2.service \	22	file://apache2.service \
24	"	23	"
25		24
26	LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"	25	LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
27	SRC_URI[md5sum] = "04f19c60e810c028f5240a062668a688"	26	SRC_URI[md5sum] = "2826f49619112ad5813c0be5afcc7ddb"
28	SRC_URI[sha256sum] = "0c1694b2aad7765896faf92843452ee2555b9591ae10d4f19b245f2adfe85e58"	27	SRC_URI[sha256sum] = "f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2"
29		28
30	S = "${WORKDIR}/httpd-${PV}"	29	S = "${WORKDIR}/httpd-${PV}"
31		30