linux/meta-openembedded.git/meta-webserver, branch thud Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=thud 2019-09-03T02:53:53+00:00 apache2: upgrade 2.4.39 -> 2.4.41 2019-09-03T02:53:53+00:00 Yi Zhao yi.zhao@windriver.com 2019-08-20T08:44:08+00:00 urn:sha1:05360c2a74c62d39818bbbdc4fb7ec18bb6e83ff Security fixes: CVE-2019-10081 CVE-2019-9517 CVE-2019-10098 CVE-2019-10092 CVE-2019-10097 CVE-2019-10082 See: http://www.apache.org/dist/httpd/CHANGES_2.4.41 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> apache2: Correct appending to SYSROOT_PREPROCESS_FUNCS 2019-09-03T02:53:53+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2019-04-19T23:56:01+00:00 urn:sha1:6f5862f52561c0874989fa3b232bd258c6fcd0ba A missing space lead to problems if something else was already added to SYSROOT_PREPROCESS_FUNCS. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> apache2: upgrade 2.4.34 -> 2.4.39 2019-09-03T02:53:53+00:00 Yi Zhao yi.zhao@windriver.com 2019-04-15T03:39:38+00:00 urn:sha1:a42f773baae90558c4a2e9f207579db7edb830a5 * Drop apache2-native recipe. Add native to BBCLASSEXTEND in apache2 recipe. * Refresh patches. Drop CVE-2018-11763.patch and apache-configure_perlbin.patch * Cleanup recipe file. Remove obsolete code. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> [Bug fix only update: Includes CVES: CVE-2018-17189 CVE-2018-17199 CVE-2019-0190 CVE-2019-0220 CVE-2019-0196 CVE-2019-0197 CVE-2019-0215 CVE-2019-0217 CVE-2019-0211 ] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> apache2: set CVE_PRODUCT 2019-09-03T02:53:53+00:00 Qi.Chen@windriver.com Qi.Chen@windriver.com 2019-03-29T06:54:59+00:00 urn:sha1:63acd997e6eb92e59ef84a1598d90279a794549c Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> apache2: Fix CVE-2018-11763 2018-11-15T21:18:50+00:00 Mingli Yu mingli.yu@windriver.com 2018-10-29T07:25:49+00:00 urn:sha1:de6d776d800384aed442b643fd03ccd35d5a9194 mod_http2: connection IO event handling reworked. Instead of reacting on incoming bytes, the state machine now acts on incoming frames that are affecting it. This reduces state transitions. Reference: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11763.html Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> README: updated Maintainers list for Thud 2018-11-15T21:17:00+00:00 Armin Kuster akuster808@gmail.com 2018-10-31T14:59:03+00:00 urn:sha1:ed4472e0541dc8741dd9a7a8e6cc49e4e650eaa7 Signed-off-by: Armin Kuster <akuster808@gmail.com> layers: Update layer compatibility to thud 2018-09-30T17:17:48+00:00 Khem Raj raj.khem@gmail.com 2018-09-25T21:18:00+00:00 urn:sha1:d273070293cf646fb399167dccc1a1b18dc41cb6 Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Andreas Müller <schnitzeltony@googlemail.com> Cc: Derek Straka <derek@asterius.io> Cc: Tim Orling <TicoTimo@gmail.com> Cc: Hongxu Jia <hongxu.jia@windriver.com> Cc: Armin Kuster <akuster808@gmail.com> Cc: Joe MacDonald <joe_macdonald@mentor.com> Cc: Andrea Adami <andrea.adami@gmail.com> nginx: add PACKAGECONFIG[ssl] 2018-09-24T18:49:45+00:00 Max Kellermann max.kellermann@gmail.com 2018-09-18T08:26:02+00:00 urn:sha1:4e389f64d7e87efdde26c5164063b7dea6a0d072 Signed-off-by: Max Kellermann <max.kellermann@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> phpmyadmin: upgrade 4.8.2 -> 4.8.3 2018-09-05T20:59:16+00:00 Yi Zhao yi.zhao@windriver.com 2018-09-05T05:06:03+00:00 urn:sha1:85986e6d73e7ca525455021ea29b0df8b725c591 Security fixes: CVE-2018-15605: An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> apache2: set files layout to debian style 2018-08-24T15:58:13+00:00 Yi Zhao yi.zhao@windriver.com 2018-08-24T03:40:11+00:00 urn:sha1:8b021f35e343d5ea3b44ed9f9da8c9db6998bf3b The default layout installs log files to /var/apache2/logs. But we assume the log directory is /var/log/apache2 in volatile.conf. Specify the layout to debian style to set the correct the log directory. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>