From 6dfd07097de4e737444cf70c62d34453bbf84f7a Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Tue, 15 Jun 2021 18:36:03 -0700
Subject: [PATCH] apache: update to 2.4.48

Refreshed patch.

Fixes:

CVE-2019-17567
CVE-2020-13938
CVE-2020-13950
CVE-2020-35452
CVE-2021-26690
CVE-2021-26691
CVE-2021-30641
CVE-2021-31618

Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
 net/apache/Makefile                             |  6 +++---
 net/apache/patches/020-openssl-deprecated.patch | 10 +++++-----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/net/apache/Makefile b/net/apache/Makefile
index d558675f5..f1dcbe6cd 100644
--- a/net/apache/Makefile
+++ b/net/apache/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=apache
-PKG_VERSION:=2.4.46
-PKG_RELEASE:=2
+PKG_VERSION:=2.4.48
+PKG_RELEASE:=1
 PKG_SOURCE_NAME:=httpd
 
 PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=@APACHE/httpd/
-PKG_HASH:=740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea
+PKG_HASH:=1bc826e7b2e88108c7e4bf43c026636f77a41d849cfb667aa7b5c0b86dbf966c
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_NAME)-$(PKG_VERSION)
 
diff --git a/net/apache/patches/020-openssl-deprecated.patch b/net/apache/patches/020-openssl-deprecated.patch
index 667a24c68..68909332f 100644
--- a/net/apache/patches/020-openssl-deprecated.patch
+++ b/net/apache/patches/020-openssl-deprecated.patch
@@ -1,6 +1,6 @@
 --- a/modules/md/md_crypt.c
 +++ b/modules/md/md_crypt.c
-@@ -708,23 +708,23 @@ const char *md_cert_get_serial_number(co
+@@ -1098,23 +1098,23 @@ const char *md_cert_get_serial_number(co
  
  int md_cert_is_valid_now(const md_cert_t *cert)
  {
@@ -28,10 +28,10 @@
 +    return md_asn1_time_get(X509_get0_notBefore(cert->x509));
  }
  
- int md_cert_covers_domain(md_cert_t *cert, const char *domain_name)
+ md_timeperiod_t md_cert_get_valid(const md_cert_t *cert)
 --- a/modules/ssl/ssl_engine_init.c
 +++ b/modules/ssl/ssl_engine_init.c
-@@ -226,7 +226,7 @@ apr_status_t ssl_init_Module(apr_pool_t
+@@ -231,7 +231,7 @@ apr_status_t ssl_init_Module(apr_pool_t
      apr_status_t rv;
      apr_array_header_t *pphrases;
  
@@ -42,7 +42,7 @@
                       "a newer library (%s, version currently loaded is %s)"
 --- a/modules/ssl/ssl_engine_io.c
 +++ b/modules/ssl/ssl_engine_io.c
-@@ -1255,9 +1255,9 @@ static apr_status_t ssl_io_filter_handsh
+@@ -1264,9 +1264,9 @@ static apr_status_t ssl_io_filter_handsh
          if (dc->proxy->ssl_check_peer_expire != FALSE) {
              if (!cert
                  || (X509_cmp_current_time(
@@ -90,7 +90,7 @@
      else if (*var && strcEQ(var+1, "_DN")) {
 --- a/modules/ssl/ssl_private.h
 +++ b/modules/ssl/ssl_private.h
-@@ -98,6 +98,9 @@
+@@ -99,6 +99,9 @@
  #include <openssl/x509v3.h>
  #include <openssl/x509_vfy.h>
  #include <openssl/ocsp.h>