| Message ID | 20251208205128.1274030-1-valeria.petrov@spinetix.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | Anuj Mittal |
| Headers | show |
| Series | [meta-oe,scarthgap,kirkstone] apache2: upgrade 2.4.65 -> 2.4.66 | expand |
Hi, May I ask why this CVE patch didn't merge in kirkstone branch? https://git.openembedded.org/meta-openembedded/tree/meta-webserver/recipes-httpd/apache2?h=kirkstone It is still apache2_2.4.65 in kirkstone. We need this fix in kirkstone as well. Thanks, Liyin -----Original Message----- From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Valeria Petrov via lists.openembedded.org Sent: Tuesday, December 9, 2025 4:51 AM To: openembedded-devel@lists.openembedded.org Cc: Valeria Petrov <valeria.petrov@spinetix.com>; Khem Raj <raj.khem@gmail.com> Subject: [oe] [meta-oe][scarthgap][kirkstone][PATCH] apache2: upgrade 2.4.65 -> 2.4.66 CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. From: Valeria Petrov <valeria.petrov@spinetix.com> Security fixes: - CVE-2025-66200 - CVE-2025-65082 - CVE-2025-59775 - CVE-2025-58098 - CVE-2025-55753 See: http://www.apache.org/dist/httpd/CHANGES_2.4.66 Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> --- .../apache2/{apache2_2.4.65.bb => apache2_2.4.66.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.65.bb => apache2_2.4.66.bb} (99%) diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb similarity index 99% rename from meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb rename to meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb index 98b2215f44..0e96643fc3 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb @@ -27,7 +27,7 @@ SRC_URI:append:class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "58b8be97d9940ec17f7656c0c6b9f41b618aac468b894b534148e3296c53b8b3" +SRC_URI[sha256sum] = "94d7ff2b42acbb828e870ba29e4cbad48e558a79c623ad3596e4116efcfea25a" S = "${WORKDIR}/httpd-${PV}" -- 2.25.1
On 12/24/25 10:44, Zhang, Liyin (CN) via lists.openembedded.org wrote: > Hi, > > May I ask why this CVE patch didn't merge in kirkstone branch? > https://git.openembedded.org/meta-openembedded/tree/meta-webserver/recipes-httpd/apache2?h=kirkstone > It is still apache2_2.4.65 in kirkstone. We need this fix in kirkstone as well. It is in staging[1], but it arrived after the previous batch was merged. It is planned to be part of the next merge. [1]: https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/kirkstone-nut&id=46a6fbcdcb710e09d640f91609738e79b5a617eb > Thanks, > Liyin > > -----Original Message----- > From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Valeria Petrov via lists.openembedded.org > Sent: Tuesday, December 9, 2025 4:51 AM > To: openembedded-devel@lists.openembedded.org > Cc: Valeria Petrov <valeria.petrov@spinetix.com>; Khem Raj <raj.khem@gmail.com> > Subject: [oe] [meta-oe][scarthgap][kirkstone][PATCH] apache2: upgrade 2.4.65 -> 2.4.66 > > CAUTION: This email comes from a non Wind River email account! > Do not click links or open attachments unless you recognize the sender and know the content is safe. > > From: Valeria Petrov <valeria.petrov@spinetix.com> > > Security fixes: > - CVE-2025-66200 > - CVE-2025-65082 > - CVE-2025-59775 > - CVE-2025-58098 > - CVE-2025-55753 > > See: http://www.apache.org/dist/httpd/CHANGES_2.4.66 > > Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com> > Signed-off-by: Khem Raj <raj.khem@gmail.com> > --- > .../apache2/{apache2_2.4.65.bb => apache2_2.4.66.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.65.bb => apache2_2.4.66.bb} (99%) > > diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb > similarity index 99% > rename from meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb > rename to meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb > index 98b2215f44..0e96643fc3 100644 > --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb > +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb > @@ -27,7 +27,7 @@ SRC_URI:append:class-target = " \ > " > > LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" > -SRC_URI[sha256sum] = "58b8be97d9940ec17f7656c0c6b9f41b618aac468b894b534148e3296c53b8b3" > +SRC_URI[sha256sum] = "94d7ff2b42acbb828e870ba29e4cbad48e558a79c623ad3596e4116efcfea25a" > > S = "${WORKDIR}/httpd-${PV}" > > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#122879): https://lists.openembedded.org/g/openembedded-devel/message/122879 > Mute This Topic: https://lists.openembedded.org/mt/116683862/6084445 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [skandigraun@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On 12/24/2025 5:50 PM, Gyorgy Sarvari wrote: > CAUTION: This email comes from a non Wind River email account! > Do not click links or open attachments unless you recognize the sender and know the content is safe. > > On 12/24/25 10:44, Zhang, Liyin (CN) via lists.openembedded.org wrote: >> Hi, >> >> May I ask why this CVE patch didn't merge in kirkstone branch? >> https://git.openembedded.org/meta-openembedded/tree/meta-webserver/recipes-httpd/apache2?h=kirkstone >> It is still apache2_2.4.65 in kirkstone. We need this fix in kirkstone as well. > It is in staging[1], but it arrived after the previous batch was merged. > It is planned to be part of the next merge. > > [1]: > https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/kirkstone-nut&id=46a6fbcdcb710e09d640f91609738e79b5a617eb OK, got it. Thank you so much. >> Thanks, >> Liyin >> >> -----Original Message----- >> From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Valeria Petrov via lists.openembedded.org >> Sent: Tuesday, December 9, 2025 4:51 AM >> To: openembedded-devel@lists.openembedded.org >> Cc: Valeria Petrov <valeria.petrov@spinetix.com>; Khem Raj <raj.khem@gmail.com> >> Subject: [oe] [meta-oe][scarthgap][kirkstone][PATCH] apache2: upgrade 2.4.65 -> 2.4.66 >> >> CAUTION: This email comes from a non Wind River email account! >> Do not click links or open attachments unless you recognize the sender and know the content is safe. >> >> From: Valeria Petrov <valeria.petrov@spinetix.com> >> >> Security fixes: >> - CVE-2025-66200 >> - CVE-2025-65082 >> - CVE-2025-59775 >> - CVE-2025-58098 >> - CVE-2025-55753 >> >> See: http://www.apache.org/dist/httpd/CHANGES_2.4.66 >> >> Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com> >> Signed-off-by: Khem Raj <raj.khem@gmail.com> >> --- >> .../apache2/{apache2_2.4.65.bb => apache2_2.4.66.bb} | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.65.bb => apache2_2.4.66.bb} (99%) >> >> diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb >> similarity index 99% >> rename from meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb >> rename to meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb >> index 98b2215f44..0e96643fc3 100644 >> --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb >> +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb >> @@ -27,7 +27,7 @@ SRC_URI:append:class-target = " \ >> " >> >> LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" >> -SRC_URI[sha256sum] = "58b8be97d9940ec17f7656c0c6b9f41b618aac468b894b534148e3296c53b8b3" >> +SRC_URI[sha256sum] = "94d7ff2b42acbb828e870ba29e4cbad48e558a79c623ad3596e4116efcfea25a" >> >> S = "${WORKDIR}/httpd-${PV}" >> >> -- >> 2.25.1 >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#122879): https://lists.openembedded.org/g/openembedded-devel/message/122879 >> Mute This Topic: https://lists.openembedded.org/mt/116683862/6084445 >> Group Owner: openembedded-devel+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [skandigraun@gmail.com] >> -=-=-=-=-=-=-=-=-=-=-=- >>
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb similarity index 99% rename from meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb rename to meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb index 98b2215f44..0e96643fc3 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb @@ -27,7 +27,7 @@ SRC_URI:append:class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "58b8be97d9940ec17f7656c0c6b9f41b618aac468b894b534148e3296c53b8b3" +SRC_URI[sha256sum] = "94d7ff2b42acbb828e870ba29e4cbad48e558a79c623ad3596e4116efcfea25a" S = "${WORKDIR}/httpd-${PV}"