From d00881cad152040cc679c37124d636196ab7eb82 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Thu, 19 Oct 2023 18:51:11 +0200 Subject: [PATCH] package/apache: security bump version to 2.4.58 Fixes CVE-2023-31122, CVE-2023-43622 & CVE-2023-45802: https://httpd.apache.org/security/vulnerabilities_24.html Release notes: https://lists.apache.org/thread/1qnr3jpk1mdnqc2c6foyjvg0ch636h1n Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard --- package/apache/apache.hash | 6 +++--- package/apache/apache.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/apache/apache.hash b/package/apache/apache.hash index 1f0020f65a21..854bc85dcc54 100644 --- a/package/apache/apache.hash +++ b/package/apache/apache.hash @@ -1,5 +1,5 @@ -# From https://archive.apache.org/dist/httpd/httpd-2.4.57.tar.bz2.{sha256,sha512} -sha256 dbccb84aee95e095edfbb81e5eb926ccd24e6ada55dcd83caecb262e5cf94d2a httpd-2.4.57.tar.bz2 -sha512 4d1e0a274ee90bdfb5f38d4a7d73a7367ed1c6388e26280e640014e49abc0df03683705b88dcfe2ec2da313dda4c7b4a3b86daffa1911f58e224eba89d82d155 httpd-2.4.57.tar.bz2 +# From https://archive.apache.org/dist/httpd/httpd-2.4.58.tar.bz2.{sha256,sha512} +sha256 fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5 httpd-2.4.58.tar.bz2 +sha512 d6e73bf413a507ec16b621ff635e178206207a9e9810ce3944b3dc98d39cde8f225307110167fc9da5822175796c8cb66f98be5b9f0d8b76dcd83a401d39b2c1 httpd-2.4.58.tar.bz2 # Locally computed sha256 47b8c2b6c3309282a99d4a3001575c790fead690cc14734628c4667d2bbffc43 LICENSE diff --git a/package/apache/apache.mk b/package/apache/apache.mk index 320a6ad20ed9..cac62134ed94 100644 --- a/package/apache/apache.mk +++ b/package/apache/apache.mk @@ -4,7 +4,7 @@ # ################################################################################ -APACHE_VERSION = 2.4.57 +APACHE_VERSION = 2.4.58 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2 APACHE_SITE = https://downloads.apache.org/httpd APACHE_LICENSE = Apache-2.0