package/apache: security bump to version 2.4.51

Fixes CVE-2021-42013, for details see [1] and [2]. Change download URL from http://archive.apache.org/dist/httpd to https://downloads.apache.org/httpd (seems more up to date). [1] https://downloads.apache.org/httpd/CHANGES_2.4.51 [2] https://httpd.apache.org/security/vulnerabilities_24.html Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-10-07 23:28:42 +02:00 · 2021-10-07 23:28:42 +02:00 · 7af7546f9a
commit 7af7546f9a
parent 0a05655705
2 changed files with 5 additions and 5 deletions
--- a/package/apache/apache.hash
+++ b/package/apache/apache.hash
@ -1,5 +1,5 @@
-# From https://archive.apache.org/dist/httpd/httpd-2.4.50.tar.bz2.{sha256,sha512}
-sha256  6a2817c070c606682eb53ed963511407d3c3d7a379cdf855971467b00fb3890f  httpd-2.4.50.tar.bz2
-sha512  b1afbaf44e503b822ff2b443881dcb44a93aa55d496f88ae399a2e7def05f78590f266a16da1f2c0aac88e463b76fba20843b1e20a102e76c8269de6fae3e158  httpd-2.4.50.tar.bz2
+# From https://downloads.apache.org/httpd/httpd-2.4.51.tar.bz2.{sha256,sha512}
+sha256  20e01d81fecf077690a4439e3969a9b22a09a8d43c525356e863407741b838f4  httpd-2.4.51.tar.bz2
+sha512  9fb07c4b176f5c0485a143e2b1bb1085345ca9120b959974f68c37a8911a57894d2cb488b1b42fdf3102860b99e890204f5e9fa7ae3828b481119c563812cc66  httpd-2.4.51.tar.bz2
 # Locally computed
 sha256  47b8c2b6c3309282a99d4a3001575c790fead690cc14734628c4667d2bbffc43  LICENSE
--- a/package/apache/apache.mk
+++ b/package/apache/apache.mk
@ -4,9 +4,9 @@
 #
 ################################################################################

-APACHE_VERSION = 2.4.50
+APACHE_VERSION = 2.4.51
 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
-APACHE_SITE = http://archive.apache.org/dist/httpd
+APACHE_SITE = https://downloads.apache.org/httpd
 APACHE_LICENSE = Apache-2.0
 APACHE_LICENSE_FILES = LICENSE
 APACHE_CPE_ID_VENDOR = apache