apache: security bump to 2.4.51

Fixes (see [1] for details): CVE-2021-33193 CVE-2021-41524 CVE-2021-41773 CVE-2021-42013 [1] https://httpd.apache.org/security/vulnerabilities_24.html Patch 020-openssl-deprecated.patch refreshed. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2021-10-24 15:32:06 +02:00 · 2021-10-24 15:32:06 +02:00 · da4b1ca8d6
parent 8b7fb614dd
commit da4b1ca8d6
2 changed files with 4 additions and 4 deletions
--- a/net/apache/Makefile
+++ b/net/apache/Makefile
@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=apache
-PKG_VERSION:=2.4.48
+PKG_VERSION:=2.4.51
 PKG_RELEASE:=1
 PKG_SOURCE_NAME:=httpd

 PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=@APACHE/httpd/
-PKG_HASH:=1bc826e7b2e88108c7e4bf43c026636f77a41d849cfb667aa7b5c0b86dbf966c
+PKG_HASH:=20e01d81fecf077690a4439e3969a9b22a09a8d43c525356e863407741b838f4

 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_NAME)-$(PKG_VERSION)

--- a/net/apache/patches/020-openssl-deprecated.patch
+++ b/net/apache/patches/020-openssl-deprecated.patch
@ -1,6 +1,6 @@
 --- a/modules/md/md_crypt.c
 +++ b/modules/md/md_crypt.c
-@@ -1098,23 +1098,23 @@ const char *md_cert_get_serial_number(co
+@@ -1095,23 +1095,23 @@ const char *md_cert_get_serial_number(co
 
 int md_cert_is_valid_now(const md_cert_t *cert)
 {
@ -42,7 +42,7 @@
                      "a newer library (%s, version currently loaded is %s)"
 --- a/modules/ssl/ssl_engine_io.c
 +++ b/modules/ssl/ssl_engine_io.c
-@@ -1264,9 +1264,9 @@ static apr_status_t ssl_io_filter_handsh
+@@ -1280,9 +1280,9 @@ static apr_status_t ssl_io_filter_handsh
         if (dc->proxy->ssl_check_peer_expire != FALSE) {
             if (!cert
                 || (X509_cmp_current_time(