kumquat-buildroot/package/apache
Peter Korsgaard 7675863549 package/apache: security bump to version 2.4.38
Fixes the following security vulnerabilities:

  *) SECURITY: CVE-2018-17199 (cve.mitre.org)
     mod_session: mod_session_cookie does not respect expiry time allowing
     sessions to be reused.  [Hank Ibell]

  *) SECURITY: CVE-2018-17189 (cve.mitre.org)
     mod_http2: fixes a DoS attack vector. By sending slow request bodies
     to resources not consuming them, httpd cleanup code occupies a server
     thread unnecessarily. This was changed to an immediate stream reset
     which discards all stream state and incoming data.  [Stefan Eissing]

  *) SECURITY: CVE-2019-0190 (cve.mitre.org)
     mod_ssl: Fix infinite loop triggered by a client-initiated
     renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
     later.  PR 63052.  [Joe Orton]

For more details, see the CHANGES file:
https://www.apache.org/dist/httpd/CHANGES_2.4.38

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-22 22:14:22 +01:00
..
0001-cross-compile.patch
0002-nios2_is_not_os2.patch
apache.hash package/apache: security bump to version 2.4.38 2019-01-22 22:14:22 +01:00
apache.mk package/apache: security bump to version 2.4.38 2019-01-22 22:14:22 +01:00
apache.service apache: add systemd init script 2018-06-23 09:51:59 +02:00
Config.in
S50apache apache: add reload target to sysv init script 2018-06-22 19:10:10 +02:00