summaryrefslogtreecommitdiffstats
path: root/package/apache/apache.hash
Commit message (Collapse)AuthorAgeFilesLines
* package/apache: bump version to 2.4.29Bernd Kuhls2017-10-241-2/+2
| | | | | | | Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.29 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/apache: bump to version 2.4.28Bernd Kuhls2017-10-061-2/+2
| | | | | | | | | Fix for CVE-2017-9798 is included in this release, so this patch is removed. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> [Update commit log: not a security bump] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/apache: bump version to 2.4.27Bernd Kuhls2017-07-111-2/+2
| | | | | | | | Announcement: http://www.apache.org/dist/httpd/Announcement2.4.html Release notes: http://www.apache.org/dist/httpd/CHANGES_2.4.27 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* apache: security bump to version 2.4.26Peter Korsgaard2017-06-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: CVE-2017-3167: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. CVE-2017-7659: A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process. CVE-2017-7668: The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. CVE-2017-7679: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. While we're at it, use the upstream sha256 checksum instead of sha1. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/apache: security bump version to 2.4.25Bernd Kuhls2016-12-221-1/+1
| | | | | | | | | | | Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.25 Fixes CVE-2016-8740, CVE-2016-5387, CVE-2016-2161, CVE-2016-0736, CVE-2016-8743. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/apache: security bump to version 2.4.23Bernd Kuhls2016-07-071-2/+2
| | | | | | | | | Fixes CVE-2016-4979: TLS/SSL X.509 client certificate auth bypass with HTTP/2 http://httpd.apache.org/security/vulnerabilities_24.html Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* apache: bump to version 2.4.20Gustavo Zacarias2016-04-131-2/+2
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/apache: bump version to 2.4.18Bernd Kuhls2015-12-191-2/+2
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* apache: bump to version 2.4.17Vicente Olivert Riera2015-10-141-2/+2
| | | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/apache: security bump to version 2.4.16Bernd Kuhls2015-07-161-2/+2
| | | | | | | | Fixes CVE-2015-3183, CVE-2015-3185, CVE-2015-0253, CVE-2015-0228 http://marc.info/?l=apache-httpd-announce&m=143704705330655&w=2 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* apache: new packageBernd Kuhls2015-02-221-0/+2
[Thomas: - Don't explicitly pass CC_FOR_BUILD and CFLAGS_FOR_BUILD, those are already part of the default environment passed by the autotools-package infrastructure. - Explicitly disable Lua and LuaJIT support to avoid mis-detection of host installation. - Explicitly handle the optional support of libxml2, OpenSSL and zlib. Especially, the absence of explicit handling for libxml2 was causing a build failure due to the host libxml2 being detected. - Remove /usr/manual and /usr/build from the target. This saves 20+ MB of target space.] Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
OpenPOWER on IntegriCloud