From f5a57e42ca6f59ccac963a019ea6275642a1ffb2 Mon Sep 17 00:00:00 2001 From: Sebastian Kemper Date: Sat, 8 Aug 2020 16:15:43 +0200 Subject: [PATCH] apache: security bump to 2.4.46 From CHANGES_2.4: SECURITY: CVE-2020-11984 (cve.mitre.org) mod_proxy_uwsgi: Malicious request may result in information disclosure or RCE of existing file on the server running under a malicious process environment. [Yann Ylavic] SECURITY: CVE-2020-11993 (cve.mitre.org) mod_http2: when throttling connection requests, log statements where possibly made that result in concurrent, unsafe use of a memory pool. [Stefan Eissing] SECURITY: mod_http2: a specially crafted value for the 'Cache-Digest' header request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. [Stefan Eissing, Eric Covener, Christophe Jaillet] Signed-off-by: Sebastian Kemper --- net/apache/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/apache/Makefile b/net/apache/Makefile index 012f53ea41..c6bc29d499 100644 --- a/net/apache/Makefile +++ b/net/apache/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=apache -PKG_VERSION:=2.4.43 -PKG_RELEASE:=2 +PKG_VERSION:=2.4.46 +PKG_RELEASE:=1 PKG_SOURCE_NAME:=httpd PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=@APACHE/httpd/ -PKG_HASH:=a497652ab3fc81318cdc2a203090a999150d86461acff97c1065dc910fe10f43 +PKG_HASH:=740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_NAME)-$(PKG_VERSION) -- 2.30.2