NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
63f40a109b
kumquat-buildroot/package/apache/apache.mk
Peter Korsgaard bdc3f6888f package/apache: security bump to version 2.4.52 
Fixes the following security issues:

  *) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
     multipart content in mod_lua of Apache HTTP Server 2.4.51 and
     earlier (cve.mitre.org)
     A carefully crafted request body can cause a buffer overflow in
     the mod_lua multipart parser (r:parsebody() called from Lua
     scripts).
     The Apache httpd team is not aware of an exploit for the
     vulnerabilty though it might be possible to craft one.
     This issue affects Apache HTTP Server 2.4.51 and earlier.
     Credits: Chamal

  *) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
     forward proxy configurations in Apache HTTP Server 2.4.51 and
     earlier (cve.mitre.org)
     A crafted URI sent to httpd configured as a forward proxy
     (ProxyRequests on) can cause a crash (NULL pointer dereference)
     or, for configurations mixing forward and reverse proxy
     declarations, can allow for requests to be directed to a
     declared Unix Domain Socket endpoint (Server Side Request
     Forgery).
     This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
     (included).

For more details, see the changes file:
https://downloads.apache.org/httpd/CHANGES_2.4.52

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-12-23 18:37:03 +01:00

127 lines
3.3 KiB
Makefile
Raw Blame History

################################################################################
#
# apache
#
################################################################################
APACHE_VERSION = 2.4.52
APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
APACHE_SITE = https://downloads.apache.org/httpd
APACHE_LICENSE = Apache-2.0
APACHE_LICENSE_FILES = LICENSE
APACHE_CPE_ID_VENDOR = apache
APACHE_CPE_ID_PRODUCT = http_server
APACHE_SELINUX_MODULES = apache
# Needed for mod_php
APACHE_INSTALL_STAGING = YES
# We have a patch touching configure.in and Makefile.in,
# so we need to autoreconf:
APACHE_AUTORECONF = YES
APACHE_DEPENDENCIES = apr apr-util pcre
ifeq ($(BR2_PER_PACKAGE_DIRECTORIES),y)
define APACHE_FIXUP_APR_LIBTOOL
$(SED) "s@$(PER_PACKAGE_DIR)/[^/]\+/@$(PER_PACKAGE_DIR)/apache/@g" \
$(STAGING_DIR)/usr/build-1/libtool
endef
APACHE_POST_PREPARE_HOOKS += APACHE_FIXUP_APR_LIBTOOL
endif
APACHE_CONF_ENV= \
ap_cv_void_ptr_lt_long=no \
PCRE_CONFIG=$(STAGING_DIR)/usr/bin/pcre-config
ifeq ($(BR2_PACKAGE_APACHE_MPM_EVENT),y)
APACHE_MPM = event
else ifeq ($(BR2_PACKAGE_APACHE_MPM_PREFORK),y)
APACHE_MPM = prefork
else ifeq ($(BR2_PACKAGE_APACHE_MPM_WORKER),y)
APACHE_MPM = worker
endif
APACHE_CONF_OPTS = \
--sysconfdir=/etc/apache2 \
--with-apr=$(STAGING_DIR)/usr \
--with-apr-util=$(STAGING_DIR)/usr \
--with-pcre=$(STAGING_DIR)/usr/bin/pcre-config \
--enable-http \
--enable-dbd \
--enable-proxy \
--enable-mime-magic \
--without-suexec-bin \
--enable-mods-shared=all \
--with-mpm=$(APACHE_MPM) \
--disable-luajit
ifeq ($(BR2_PACKAGE_LIBXML2),y)
APACHE_DEPENDENCIES += libxml2
# Apache wants the path to the header file, where it can find
# <libxml/parser.h>.
APACHE_CONF_OPTS += \
--enable-xml2enc \
--enable-proxy-html \
--with-libxml2=$(STAGING_DIR)/usr/include/libxml2
else
APACHE_CONF_OPTS += \
--disable-xml2enc \
--disable-proxy-html
endif
ifeq ($(BR2_PACKAGE_LUA),y)
APACHE_CONF_OPTS += --enable-lua
APACHE_DEPENDENCIES += lua
else
APACHE_CONF_OPTS += --disable-lua
endif
ifeq ($(BR2_PACKAGE_NGHTTP2),y)
APACHE_CONF_OPTS += \
--enable-http2 \
--with-nghttp2=$(STAGING_DIR)/usr
APACHE_DEPENDENCIES += nghttp2
else
APACHE_CONF_OPTS += --disable-http2
endif
ifeq ($(BR2_PACKAGE_OPENSSL),y)
APACHE_DEPENDENCIES += openssl
APACHE_CONF_OPTS += \
--enable-ssl \
--with-ssl=$(STAGING_DIR)/usr
else
APACHE_CONF_OPTS += --disable-ssl
endif
ifeq ($(BR2_PACKAGE_ZLIB),y)
APACHE_DEPENDENCIES += zlib
APACHE_CONF_OPTS += \
--enable-deflate \
--with-z=$(STAGING_DIR)/usr
else
APACHE_CONF_OPTS += --disable-deflate
endif
define APACHE_FIX_STAGING_APACHE_CONFIG
$(SED) 's%"/usr/bin"%"$(STAGING_DIR)/usr/bin"%' $(STAGING_DIR)/usr/bin/apxs
$(SED) 's%/usr/build%$(STAGING_DIR)/usr/build%' $(STAGING_DIR)/usr/bin/apxs
$(SED) 's%^prefix =.*%prefix = $(STAGING_DIR)/usr%' $(STAGING_DIR)/usr/build/config_vars.mk
endef
APACHE_POST_INSTALL_STAGING_HOOKS += APACHE_FIX_STAGING_APACHE_CONFIG
define APACHE_CLEANUP_TARGET
$(RM) -rf $(TARGET_DIR)/usr/manual $(TARGET_DIR)/usr/build
endef
APACHE_POST_INSTALL_TARGET_HOOKS += APACHE_CLEANUP_TARGET
define APACHE_INSTALL_INIT_SYSV
$(INSTALL) -D -m 0755 package/apache/S50apache \
$(TARGET_DIR)/etc/init.d/S50apache
endef
define APACHE_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 644 package/apache/apache.service \
$(TARGET_DIR)/usr/lib/systemd/system/apache.service
endef
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink