From: vanusuri@mvista.com
To: openembedded-devel@lists.openembedded.org
Cc: Vijay Anusuri <vanusuri@mvista.com>
Subject: [oe][meta-webserver][kirkstone][PATCH] apache2: upgrade 2.4.58 -> 2.4.59
Date: Tue, 23 Apr 2024 07:10:22 +0530 [thread overview]
Message-ID: <20240423014022.36657-1-vanusuri@mvista.com> (raw)
From: Vijay Anusuri <vanusuri@mvista.com>
This upgrade incorporates the CVE-2024-27316 CVE-2024-24795
CVE-2023-38709 fixes and other bugfixes.
Updated below patches
0004-apache2-log-the-SELinux-context-at-startup.patch
0007-apache2-allow-to-disable-selinux-support.patch
Changelog:
https://downloads.apache.org/httpd/CHANGES_2.4.59
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
...pache2-log-the-SELinux-context-at-startup.patch | 14 +++++++-------
...-apache2-allow-to-disable-selinux-support.patch | 12 ++++++------
.../{apache2_2.4.58.bb => apache2_2.4.59.bb} | 2 +-
3 files changed, 14 insertions(+), 14 deletions(-)
rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.58.bb => apache2_2.4.59.bb} (99%)
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch
index a652b7969..9ee7cc356 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch
+++ b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch
@@ -14,10 +14,10 @@ Note: unlikely to be any interest in this upstream
2 files changed, 31 insertions(+)
diff --git a/configure.in b/configure.in
-index ea6cec3..92b74b7 100644
+index 352711a..f58620f 100644
--- a/configure.in
+++ b/configure.in
-@@ -491,6 +491,11 @@ getloadavg
+@@ -514,6 +514,11 @@ gettid
dnl confirm that a void pointer is large enough to store a long integer
APACHE_CHECK_VOID_PTR_LEN
@@ -26,11 +26,11 @@ index ea6cec3..92b74b7 100644
+ APR_ADDTO(AP_LIBS, [-lselinux])
+])
+
- AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
- [AC_TRY_RUN(#define _GNU_SOURCE
- #include <unistd.h>
+ if test $ac_cv_func_gettid = no; then
+ # On Linux before glibc 2.30, gettid() is only usable via syscall()
+ AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid,
diff --git a/server/core.c b/server/core.c
-index 4da7209..d3ca25b 100644
+index 30b317e..81f145f 100644
--- a/server/core.c
+++ b/server/core.c
@@ -65,6 +65,10 @@
@@ -44,7 +44,7 @@ index 4da7209..d3ca25b 100644
/* LimitRequestBody handling */
#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */
-@@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
+@@ -5139,6 +5143,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
}
#endif
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch b/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch
index 3ff689440..7f6aaa525 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch
+++ b/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch
@@ -11,10 +11,10 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/configure.in b/configure.in
-index 76811e7..4df3ff3 100644
+index f58620f..da1521b 100644
--- a/configure.in
+++ b/configure.in
-@@ -491,10 +491,16 @@ getloadavg
+@@ -514,10 +514,16 @@ gettid
dnl confirm that a void pointer is large enough to store a long integer
APACHE_CHECK_VOID_PTR_LEN
@@ -28,13 +28,13 @@ index 76811e7..4df3ff3 100644
+
+if test x$enable_selinux != xno; then
+ AC_CHECK_LIB(selinux, is_selinux_enabled, [
-+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
-+ APR_ADDTO(AP_LIBS, [-lselinux])
++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
++ APR_ADDTO(AP_LIBS, [-lselinux])
+ ])
+fi
- AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
- [AC_TRY_RUN(#define _GNU_SOURCE
+ if test $ac_cv_func_gettid = no; then
+ # On Linux before glibc 2.30, gettid() is only usable via syscall()
--
2.25.1
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb
similarity index 99%
rename from meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb
rename to meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb
index 84b19de59..7740b4e33 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb
@@ -27,7 +27,7 @@ SRC_URI:append:class-target = " \
"
LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
-SRC_URI[sha256sum] = "fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5"
+SRC_URI[sha256sum] = "ec51501ec480284ff52f637258135d333230a7d229c3afa6f6c2f9040e321323"
S = "${WORKDIR}/httpd-${PV}"
--
2.25.1
reply other threads:[~2024-04-23 1:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240423014022.36657-1-vanusuri@mvista.com \
--to=vanusuri@mvista.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).