From 444551f222b58e3f5dee327d17c8f403465acda0 Mon Sep 17 00:00:00 2001 From: ologantr Date: Sat, 30 Apr 2022 10:38:10 +0200 Subject: [PATCH] apache: update to 2.4.53. Fixes CVE-2022-23943, CVE-2022-22721, CVE-2022-22720, CVE-2022-22719. --- srcpkgs/apache/patches/libressl.patch | 11 ----------- srcpkgs/apache/template | 13 ++++++++----- 2 files changed, 8 insertions(+), 16 deletions(-) delete mode 100644 srcpkgs/apache/patches/libressl.patch diff --git a/srcpkgs/apache/patches/libressl.patch b/srcpkgs/apache/patches/libressl.patch deleted file mode 100644 index 300bd7ee1fa6..000000000000 --- a/srcpkgs/apache/patches/libressl.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/modules/ssl/ssl_engine_init.c.orig 2018-10-30 16:25:09.084840429 +0100 -+++ b/modules/ssl/ssl_engine_init.c 2018-10-30 16:25:55.019411636 +0100 -@@ -1492,7 +1492,7 @@ - X509_STORE_CTX *sctx; - X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx); - --#if OPENSSL_VERSION_NUMBER >= 0x1010100fL -+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) - /* For OpenSSL >=1.1.1, turn on client cert support which is - * otherwise turned off by default (by design). - * https://github.com/openssl/openssl/issues/6933 */ diff --git a/srcpkgs/apache/template b/srcpkgs/apache/template index 2cdb6ca2f449..d64f307ccdf1 100644 --- a/srcpkgs/apache/template +++ b/srcpkgs/apache/template @@ -1,6 +1,6 @@ # Template file for 'apache' pkgname=apache -version=2.4.52 +version=2.4.53 revision=1 wrksrc="httpd-${version}" build_style=gnu-configure @@ -19,15 +19,14 @@ configure_args="--prefix= --sbindir=/usr/bin --enable-pie --enable-modules=all --enable-dav --enable-info --enable-cgi --enable-cgid --enable-dav-fs --enable-dav-lock --enable-vhost-alias --enable-imagemap --enable-so --enable-rewrite --enable-layout=XBPS --sysconfdir=/etc/${pkgname} - --enable-mpms-shared=all --with-pcre=${XBPS_CROSS_BASE}/usr - --with-z=${XBPS_CROSS_BASE}/usr" + --enable-mpms-shared=all --with-z=${XBPS_CROSS_BASE}/usr" conf_files=" /etc/${pkgname}/extra/*.conf /etc/${pkgname}/httpd.conf /etc/${pkgname}/magic /etc/${pkgname}/mime.types" hostmakedepends="pkg-config perl apr-util-devel" -makedepends="zlib-devel libuuid-devel pcre-devel nghttp2-devel +makedepends="zlib-devel libuuid-devel pcre2-devel nghttp2-devel openssl-devel db-devel gdbm-devel expat-devel libldap-devel apr-util-devel" depends="apache-htpasswd" short_desc="Apache http server" @@ -36,7 +35,7 @@ license="Apache-2.0" homepage="http://httpd.apache.org/" changelog="http://www.apache.org/dist/httpd/CHANGES_2.4" distfiles="https://dlcdn.apache.org/httpd/httpd-${version}.tar.bz2" -checksum=0127f7dc497e9983e9c51474bed75e45607f2f870a7675a86dc90af6d572f5c9 +checksum=d0bbd1121a57b5f2a6ff92d7b96f8050c5a45d3f14db118f64979d525858db63 system_accounts="_apache" _apache_homedir="/srv/www/$pkgname" @@ -63,6 +62,10 @@ pre_configure() { cat ${FILESDIR}/xbps.layout >> config.layout if [ "$CROSS_BUILD" ]; then + # pcre{,2}-config detection doesn't work on cross + # since httpd-2.4.53, manually export PCRE_CONFIG + # to let configure know where it is + export PCRE_CONFIG="${XBPS_CROSS_BASE}/usr/bin/pcre2-config" configure_args+=" --with-apr=$XBPS_WRAPPERDIR/apr-1-config --with-apr-util=$XBPS_WRAPPERDIR/apu-1-config" else