From patchwork Tue Jul 2 18:07:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddharth Doshi X-Patchwork-Id: 45925 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C6575C30658 for ; Tue, 2 Jul 2024 18:08:00 +0000 (UTC) Received: from mail-yw1-f181.google.com (mail-yw1-f181.google.com [209.85.128.181]) by mx.groups.io with SMTP id smtpd.web11.31813.1719943674575218377 for ; Tue, 02 Jul 2024 11:07:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=JzFJv9OU; spf=pass (domain: mvista.com, ip: 209.85.128.181, mailfrom: sdoshi@mvista.com) Received: by mail-yw1-f181.google.com with SMTP id 00721157ae682-64b417e1511so40983607b3.3 for ; Tue, 02 Jul 2024 11:07:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1719943673; x=1720548473; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=TG1wMyxPWEvSGxD3+5RGFV7oQLbbiIlDIXkVHHgT7Kc=; b=JzFJv9OUIAeLz6mRBUkxCEWv7FbChnrwI1zAPSMiz8IUySHDMyYmTuOIsQdDPxwtxh xllIVCpP2Tr5QyxER7Bn/uciXuxiVQsCMTE88cpWKSmruX6lcm0rLKX/3IX1Xti8TpzC ZtHAb5qPl+YQ6RrH4DcRxb/4g072a6W3v6FAk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719943673; x=1720548473; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TG1wMyxPWEvSGxD3+5RGFV7oQLbbiIlDIXkVHHgT7Kc=; b=Qs/RmR/VGmw4yzYiMVBZF2hK2b7eWsvLXri4QF6atRx5xZhNO/FNlmIlUktv+uGcH2 6H4nHahpsbBcpNhLVulemSdMMRyOV1XlXlsm0U04rM+dARIlLTbykr9MG4GCxgbicwvp GKJ/QwjhcLQLa+AGq/xohI1UAj6GIFZ4HUtVCJaMa366UVr48OT9K7rTNVUmiVJfOPms 2BUUzQWe1iwaAznFAy80DvqR0cQvweReIaRVVKTGtO5M2G37EGuy+HhID4DcB4TwqxWQ VXjUnaYZ6wRepfxdpTS8ybE9QjRHfNnGKE+hZFyaoHOugzTuNPQBerBuH9VFsaSs2j8s wWaQ== X-Gm-Message-State: AOJu0Yz8YFlf5e3y+nkH230uGvhXHnz8tF/VdcVRCgFD45rrvQgXE9CL on5JeurDNHjsYOt6tgg2dBFqmBozGx/I9z6x//oR13pqlNL8SjkIq6gxnyYvIQXubbvhm91Q4as V X-Google-Smtp-Source: AGHT+IFz+96W45uxMnd+HQPUXc9ESoxwNF69hd4j7OqY8Uqf95gdLBDS8V37t+eTS3t2MVEiKjPySw== X-Received: by 2002:a81:9286:0:b0:627:a917:76b1 with SMTP id 00721157ae682-64c73ae7a34mr98476587b3.44.1719943673030; Tue, 02 Jul 2024 11:07:53 -0700 (PDT) Received: from siddharth-latitude-3420.mvista.com ([157.32.44.151]) by smtp.gmail.com with ESMTPSA id 00721157ae682-64a99c71985sm18680497b3.16.2024.07.02.11.07.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Jul 2024 11:07:52 -0700 (PDT) From: Siddharth To: openembedded-devel@lists.openembedded.org Cc: Siddharth Doshi Subject: [meta-oe][master][PATCH] apache2: Upgrade 2.4.59 -> 2.4.60 Date: Tue, 2 Jul 2024 23:37:35 +0530 Message-Id: <20240702180735.94738-1-sdoshi@mvista.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 02 Jul 2024 18:08:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/111214 From: Siddharth Doshi CVE's Fixed by upgrade: CVE-2024-36387 apache2/httpd: DoS by null pointer in websocket over HTTP/2 CVE-2024-38472 apache2/httpd: UNC SSRF on WIndows CVE-2024-38473 apache2/httpd: Encoding problem in mod_proxy CVE-2024-38474 apache2/httpd: Substitution encoding issue in mod_rewrite CVE-2024-38475 apache2/httpd: Improper escaping of output in mod_rewrite CVE-2024-38476 apache2/httpd: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect CVE-2024-38477 apache2/httpd: null pointer dereference in mod_proxy CVE-2024-39573 apache2/httpd: Potential SSRF in mod_rewrite Other Changes between 2.4.59 -> 2.4.60 ====================================== https://github.com/apache/httpd/blob/2.4.60/CHANGES Signed-off-by: Siddharth Doshi --- .../apache2/{apache2_2.4.59.bb => apache2_2.4.60.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.59.bb => apache2_2.4.60.bb} (99%) diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb similarity index 99% rename from meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb rename to meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb index 6dfecef8d..48bb773dd 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb @@ -27,7 +27,7 @@ SRC_URI:append:class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "ec51501ec480284ff52f637258135d333230a7d229c3afa6f6c2f9040e321323" +SRC_URI[sha256sum] = "7b1ec7ec5635da7cb01550513215a90f8b2f52bb7c90cf3e97ede936d3e55b0f" S = "${WORKDIR}/httpd-${PV}"