mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
bfb19ad740
For details see: https://dlcdn.apache.org/httpd/CHANGES_2.4.53 Short summary of the most important SECURITY changes: "Changes with Apache 2.4.53 *) SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds (cve.mitre.org) Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Credits: Ronald Crane (Zippenhop LLC) *) SECURITY: CVE-2022-22721: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (cve.mitre.org) If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Anonymous working with Trend Micro Zero Day Initiative *) SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (cve.mitre.org) Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Credits: James Kettle <james.kettle portswigger.net> *) SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody (cve.mitre.org) A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Chamal De Silva ..." Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
123 lines
5.3 KiB
Plaintext
123 lines
5.3 KiB
Plaintext
###############################################################################
|
|
# #
|
|
# IPFire.org - A linux based firewall #
|
|
# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
|
|
# #
|
|
# This program is free software: you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation, either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# This program is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
|
|
# #
|
|
###############################################################################
|
|
|
|
|
|
###############################################################################
|
|
# Definitions
|
|
###############################################################################
|
|
|
|
include Config
|
|
|
|
VER = 2.4.53
|
|
|
|
THISAPP = httpd-$(VER)
|
|
DL_FILE = $(THISAPP).tar.bz2
|
|
DL_FROM = $(URL_IPFIRE)
|
|
|
|
DIR_APP = $(DIR_SRC)/$(THISAPP)
|
|
|
|
TARGET = $(DIR_INFO)/$(THISAPP)
|
|
|
|
DEPS = aprutil pcre
|
|
|
|
###############################################################################
|
|
# Top-level Rules
|
|
###############################################################################
|
|
|
|
objects = $(DL_FILE)
|
|
|
|
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
|
|
|
|
$(DL_FILE)_MD5 = f594f137137b5bdff3998dc17e3e9526
|
|
|
|
install : $(TARGET)
|
|
|
|
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
|
|
|
|
download :$(patsubst %,$(DIR_DL)/%,$(objects))
|
|
|
|
md5 : $(subst %,%_MD5,$(objects))
|
|
|
|
###############################################################################
|
|
# Downloading, checking, md5sum
|
|
###############################################################################
|
|
|
|
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
|
|
@$(CHECK)
|
|
|
|
$(patsubst %,$(DIR_DL)/%,$(objects)) :
|
|
@$(LOAD)
|
|
|
|
$(subst %,%_MD5,$(objects)) :
|
|
@$(MD5)
|
|
|
|
###############################################################################
|
|
# Installation Details
|
|
###############################################################################
|
|
|
|
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
|
|
@$(PREBUILD)
|
|
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
|
|
### Add IPFire's layout, too
|
|
echo "# IPFire layout" >> $(DIR_APP)/config.layout
|
|
echo "<Layout IPFire>" >> $(DIR_APP)/config.layout
|
|
echo " prefix: /usr" >> $(DIR_APP)/config.layout
|
|
echo " exec_prefix: /usr" >> $(DIR_APP)/config.layout
|
|
echo " bindir: /usr/bin" >> $(DIR_APP)/config.layout
|
|
echo " sbindir: /usr/sbin" >> $(DIR_APP)/config.layout
|
|
echo " libdir: /usr/lib" >> $(DIR_APP)/config.layout
|
|
echo " libexecdir: /usr/lib/apache" >> $(DIR_APP)/config.layout
|
|
echo " mandir: /usr/share/man" >> $(DIR_APP)/config.layout
|
|
echo " sysconfdir: /etc/httpd/conf" >> $(DIR_APP)/config.layout
|
|
echo " datadir: /srv/web/ipfire" >> $(DIR_APP)/config.layout
|
|
echo " installbuilddir: /usr/lib/apache/build" >> $(DIR_APP)/config.layout
|
|
echo " errordir: /srv/web/ipfire/error" >> $(DIR_APP)/config.layout
|
|
echo " iconsdir: /srv/web/ipfire/icons" >> $(DIR_APP)/config.layout
|
|
echo " htdocsdir: /srv/web/ipfire/htdocs" >> $(DIR_APP)/config.layout
|
|
echo " manualdir: /srv/web/ipfire/manual" >> $(DIR_APP)/config.layout
|
|
echo " cgidir: /srv/web/ipfire/cgi-bin" >> $(DIR_APP)/config.layout
|
|
echo " includedir: /usr/include/apache" >> $(DIR_APP)/config.layout
|
|
echo " localstatedir: /srv/web/ipfire" >> $(DIR_APP)/config.layout
|
|
echo " runtimedir: /var/run" >> $(DIR_APP)/config.layout
|
|
echo " logfiledir: /var/log/httpd" >> $(DIR_APP)/config.layout
|
|
echo " proxycachedir: /var/cache/apache/proxy" >> $(DIR_APP)/config.layout
|
|
echo "</Layout>" >> $(DIR_APP)/config.layout
|
|
|
|
cd $(DIR_APP) && ./configure --enable-layout=IPFire \
|
|
--enable-ssl --enable-mods-shared=all --enable-proxy --with-mpm=event --disable-lua --disable-md
|
|
cd $(DIR_APP) && make $(MAKETUNING)
|
|
cd $(DIR_APP) && make install
|
|
chown -v root:root /usr/lib/apache/httpd.exp \
|
|
/usr/bin/{apxs,dbmmanage} \
|
|
/usr/sbin/apachectl \
|
|
/usr/share/man/man1/{ab,apxs,dbmmanage,ht{dbm,digest,passwd,txt2dbm},logresolve}.1 \
|
|
/usr/share/man/man8/{apachectl,htcacheclean,httpd}.8 \
|
|
/usr/share/man/man8/{rotatelogs,suexec}.8
|
|
|
|
# Install apache config
|
|
cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf
|
|
touch /etc/httpd/conf/hostname.conf
|
|
|
|
# Create captive logging directory
|
|
-mkdir -pv /var/log/httpd/captive
|
|
|
|
@rm -rf $(DIR_APP)
|
|
@$(POSTBUILD)
|