Commit Message
For details see:
https://dlcdn.apache.org/httpd/CHANGES_2.4.61
"Changes with Apache 2.4.61
*) SECURITY: CVE-2024-39884: Apache HTTP Server: source code
disclosure with handlers configured via AddType (cve.mitre.org)
A regression in the core of Apache HTTP Server 2.4.60 ignores
some use of the legacy content-type based configuration of
handlers. "AddType" and similar configuration, under some
circumstances where files are requested indirectly, result in
source code disclosure of local content. For example, PHP
scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.61, which fixes
this issue."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
lfs/apache2 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
@@ -25,7 +25,7 @@
include Config
-VER = 2.4.60
+VER = 2.4.61
THISAPP = httpd-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = d1b4d2e05edfe8b88f541e6fa8b5db73f37cc349a4037b493e57ae2f2e0bb84f92aad3ad3bc0bdbc454d2677091bbca283ebe752a9335fae6931ec65cc687326
+$(DL_FILE)_BLAKE2 = 9299ef5843888829143732b3a60d1713aff688ed2f6c2b7f154be16bc075ec747a5b116716f188491ebc9947ff2dfe09dfc71f5245d98a4be3ba27ada28ec8a5
install : $(TARGET)