Browse Source

apache: update to 2.4.48

Refreshed patch.

Fixes:

CVE-2019-17567
CVE-2020-13938
CVE-2020-13950
CVE-2020-35452
CVE-2021-26690
CVE-2021-26691
CVE-2021-30641
CVE-2021-31618

Signed-off-by: Rosen Penev <rosenp@gmail.com>
lilik-openwrt-22.03
Rosen Penev 3 years ago
committed by Josef Schlehofer
parent
commit
6dfd07097d
2 changed files with 8 additions and 8 deletions
  1. +3
    -3
      net/apache/Makefile
  2. +5
    -5
      net/apache/patches/020-openssl-deprecated.patch

+ 3
- 3
net/apache/Makefile View File

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=apache PKG_NAME:=apache
PKG_VERSION:=2.4.46
PKG_RELEASE:=2
PKG_VERSION:=2.4.48
PKG_RELEASE:=1
PKG_SOURCE_NAME:=httpd PKG_SOURCE_NAME:=httpd
PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@APACHE/httpd/ PKG_SOURCE_URL:=@APACHE/httpd/
PKG_HASH:=740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea
PKG_HASH:=1bc826e7b2e88108c7e4bf43c026636f77a41d849cfb667aa7b5c0b86dbf966c
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_NAME)-$(PKG_VERSION) PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_NAME)-$(PKG_VERSION)


+ 5
- 5
net/apache/patches/020-openssl-deprecated.patch View File

@ -1,6 +1,6 @@
--- a/modules/md/md_crypt.c --- a/modules/md/md_crypt.c
+++ b/modules/md/md_crypt.c +++ b/modules/md/md_crypt.c
@@ -708,23 +708,23 @@ const char *md_cert_get_serial_number(co
@@ -1098,23 +1098,23 @@ const char *md_cert_get_serial_number(co
int md_cert_is_valid_now(const md_cert_t *cert) int md_cert_is_valid_now(const md_cert_t *cert)
{ {
@ -28,10 +28,10 @@
+ return md_asn1_time_get(X509_get0_notBefore(cert->x509)); + return md_asn1_time_get(X509_get0_notBefore(cert->x509));
} }
int md_cert_covers_domain(md_cert_t *cert, const char *domain_name)
md_timeperiod_t md_cert_get_valid(const md_cert_t *cert)
--- a/modules/ssl/ssl_engine_init.c --- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c
@@ -226,7 +226,7 @@ apr_status_t ssl_init_Module(apr_pool_t
@@ -231,7 +231,7 @@ apr_status_t ssl_init_Module(apr_pool_t
apr_status_t rv; apr_status_t rv;
apr_array_header_t *pphrases; apr_array_header_t *pphrases;
@ -42,7 +42,7 @@
"a newer library (%s, version currently loaded is %s)" "a newer library (%s, version currently loaded is %s)"
--- a/modules/ssl/ssl_engine_io.c --- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c
@@ -1255,9 +1255,9 @@ static apr_status_t ssl_io_filter_handsh
@@ -1264,9 +1264,9 @@ static apr_status_t ssl_io_filter_handsh
if (dc->proxy->ssl_check_peer_expire != FALSE) { if (dc->proxy->ssl_check_peer_expire != FALSE) {
if (!cert if (!cert
|| (X509_cmp_current_time( || (X509_cmp_current_time(
@ -90,7 +90,7 @@
else if (*var && strcEQ(var+1, "_DN")) { else if (*var && strcEQ(var+1, "_DN")) {
--- a/modules/ssl/ssl_private.h --- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h
@@ -98,6 +98,9 @@
@@ -99,6 +99,9 @@
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include <openssl/x509_vfy.h> #include <openssl/x509_vfy.h>
#include <openssl/ocsp.h> #include <openssl/ocsp.h>


Loading…
Cancel
Save