| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
| |
libxml2 restructured includes, thus another include is now required
otherwise build fails.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |
|
|
|
|
|
| |
Move apache to PCRE2 now that PCRE is flagged EOL and won't receive any
security update.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
| |
Bump apache to release 2.4.57 and refresh patch automatically.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes CVEs:
- CVE-2021-44790
- CVE-2021-44224
Refreshed patches
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
apxs is used to get information about the apache installation when
building external modules. Currently there are issues:
1.
./staging_dir/target-mips_24kc_musl/usr/bin/apxs -q TARGET
apache2
apxs:Error: ./staging_dir/target-mips_24kc_musl/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/bin/apr-1-config not found!.
This error is fixed by sed script #2.
2.
./staging_dir/target-mips_24kc_musl/usr/bin/apxs -q TARGET
cannot open ./staging_dir/target-mips_24kc_musl/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/share/apache2/build/config_vars.mk: No such file or directory at ./staging_dir/target-mips_24kc_musl/usr/bin/apxs line 213.
This error is fixed by sed scipt #1.
Both sed scripts taken from buildroot (see [1]).
[1] https://github.com/buildroot/buildroot/blob/master/package/apache/apache.mk
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes (see [1] for details):
CVE-2021-33193
CVE-2021-41524
CVE-2021-41773
CVE-2021-42013
[1] https://httpd.apache.org/security/vulnerabilities_24.html
Patch 020-openssl-deprecated.patch refreshed.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed patch.
Fixes:
CVE-2019-17567
CVE-2020-13938
CVE-2020-13950
CVE-2020-35452
CVE-2021-26690
CVE-2021-26691
CVE-2021-30641
CVE-2021-31618
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
|
| |\
| |
| | |
apache: use fakeroot instead of postinst script
|
| | |
| |
| |
| |
| |
| | |
fakeroot support was recently added to OpenWrt. Let's make use of it.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |/
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From CHANGES_2.4:
SECURITY: CVE-2020-11984 (cve.mitre.org)
mod_proxy_uwsgi: Malicious request may result in information disclosure
or RCE of existing file on the server running under a malicious process
environment. [Yann Ylavic]
SECURITY: CVE-2020-11993 (cve.mitre.org)
mod_http2: when throttling connection requests, log statements
where possibly made that result in concurrent, unsafe use of
a memory pool. [Stefan Eissing]
SECURITY:
mod_http2: a specially crafted value for the 'Cache-Digest' header
request would result in a crash when the server actually tries
to HTTP/2 PUSH a resource afterwards.
[Stefan Eissing, Eric Covener, Christophe Jaillet]
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
| |
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When adding suEXEC to the apache package, Alpine's package [1] served as
a template. Not enough attention was paid to the details.
Alpine uses a different layout. So for OpenWrt to use /var/www as
DocumentRoot does not make sense. /var is also volatile on OpenWrt. This
commit removes the configure argument. The default is htdocsdir.
This also does away with uidmin/gidmin 99. The default is 100, which is
fine.
Finally, the suexec binary is moved from /usr/sbin to
/usr/lib/apache2/suexec_dir. Upstream recommends installing suexec with
"4750" (see [2]) and the group set to the user's group. While that would
be possible, it would cause a few headaches on OpenWrt. The group would
need to be changed first in a post-install script and a call to chmod
would need to be made afterward, to make the binary SUID again.
It's easier to hide the SUID binary away from others in a directory.
This way we don't need to use chmod in the post-install script.
[1] https://github.com/alpinelinux/aports/tree/master/main/apache2
[2] https://httpd.apache.org/docs/2.4/suexec.html
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
| |
Hides away the contents of the log directory from others.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This minor version bump fixes:
CVE-2020-1934
CVE-2020-1927
Upstream added cross-compile compatibility to apxs, so we can drop a sed
script. Upstream also added the OpenWrt layout, so we can drop our local
copy.
The OpenSSL patch to remove deprecated symbols doesn't apply anymore and
gets removed.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |\
| |
| | |
apache: fix compilation without deprecated OpenSSL APIs
|
| | |
| |
| |
| | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |/
|
|
|
|
|
|
| |
gettid happens to be supported by all glibc, musl and uclibc, but
configure cannot detect it when cross-compiling. This adds a configure
variable for it.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
| |
This file is meant for AIX, OpenWrt doesn't need it.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
| |
In OpenWrt this module is available, but not part of the main package.
This commit disables the LoadModule directive for this module. Otherwise
following the installation of the main apache package the start of the
server would fail (due to the absence of this particular module).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
| |
This way there's no need to worry about overwriting another httpd binary
or symlink from another package, for example busyboxes httpd.
The init script is also renamed to apache2 for consistency.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
| |
This dep can be removed since apu-1-config was cleaned up.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
| |
- helps build system to locate zlib
- adds depend on libgdbm if libaprutil-dbm-gdbm is selected
This fixes the two different build failures that can currently be
observed.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
| |
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The package doesn't need to install _everything_ to staging. This commit
reduces the amount of files that get copied over to staging. Currently
there's no package depending on apache anyway.
This adds sed scripts from buildroot (thanks!) to fix two files that are
important for cross-compiling external modules. This has been tested and
was confirmed to work with mod_gnutls taken as an example package.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
| |
Taken from upstream website. Also remove parts that aren't up to date
anymore.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
| |
Also preinst and postrm are removed. busybox's httpd isn't installed by
default, so these gimmicks seem antiquated.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This adds extra packages for certain modules (basically the ones that
incur further dependencies), support files etc. This is pretty much
follows Alpine's example.
This updates the httpd.conf patch to _not_ uncomment MIMEMagicFile
(because the module isn't loaded by default) and removes that changes
that aren't needed anymore (because of the added module support). The
patch now only changes the default user.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This gets rid of flags. For instance $(FPIC) shouldn't be forced onto
applications (see [1]).
And CONFIGURE_ARGS + CONFIGURE_VARS are broken out of Build/Configure.
This way more arguments can be added easily in the future.
The target is changed from apache to apache2 (which is used by upstream
by default). the CONFIGURE_ARGS are changed where need to enable
modules.
This also renames one patch that fixes scoreboard location (the name
004-pidfile_fix.patch didn't describe what it's doing).
Now with the OpenWrt layout in place 003-logdir_fix.patch can be
removed.
[1] https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
| |
- version bump
- update license description
- add PKG_BUILD_PARALLEL:=1
- remove two cross-compile patches and replace them with the
cross-compile patch from buildroot (adds autoreconf to get this going)
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
| |
This is a new feature that requires new dependencies. Disable it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes at least:
CVE-2017-15710
CVE-2017-15715
CVE-2018-1283
CVE-2018-1312
Added CPE ID for proper CVE tracking.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Remove build timestamp [0] and correct sorting [1].
Thanks to debian for the patch.
[0] https://reproducible-builds.org/docs/timestamps/
[1] https://reproducible-builds.org/docs/stable-inputs/
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
| |
|
|
|
|
|
|
|
|
| |
- fix CVE-2017-9798
- fix #4926
make http2 support configurable, in case of enables libnghttp2
package dont build http2. instead use CONFIG_APACHE_HTTP2 to
enable http2 support
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
|
| |
|
|
|
|
|
|
|
|
| |
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
|
| |
|
|
|
|
|
|
| |
- fixes security issues
CVE-2017-7679, CVE-2017-7668, CVE-2017-7659, CVE-2017-3169
CVE-2017-3167, CVE-2017-9788, CVE-2017-9789
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
|
| | |
|
| | |
|
| |
|
|
|
|
| |
- refresh patches
Signed-off-by: heil <heil@terminal-consulting.de>
|
| |
|
|
| |
Signed-off-by: heil <heil@terminal-consulting.de>
|
| |
|
|
|
|
|
| |
SSLv3 support is deactivated in LEDE now, which causes a build problem
in apache.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
Instead of explicitly specyfing an Apache mirror use the
@APACHE download facility.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
| |
|
|
| |
Signed-off-by: heil <heil@terminal-consulting.de>
|
| |
|
|
|
|
|
|
|
| |
- CVE-2014-0118
- CVE-2014-0231
- CVE-2014-0226
- CVE-2013-5704
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
|
|
|
information, update source-url update to v2.2.27
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
|