debian_build_apache24

• Update APR und cURL

APR changes

Changes for APR 1.7.5

*) SECURITY: CVE-2023-49582: Apache Portable Runtime (APR):
Unexpected lax shared memory permissions (cve.mitre.org)
Lax permissions set by the Apache Portable Runtime library on
Unix platforms would allow local users read access to named
shared memory segments, potentially revealing sensitive
application data.
This issue does not affect non-Unix platforms, or builds with
APR_USE_SHMEM_SHMGET=1 (apr.h)
Users are recommended to upgrade to APR version 1.7.5, which
fixes this issue.
Credits: Thomas Stangner

*) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()"
and "classic mmap" shared memory implementations. [Joe Orton,
Ruediger Pluem]

*) Fix missing ';' for XML/HTML hex entities from apr_escape_entity().
[Yann Ylavic]

*) Fix crash in apr_pool_create() with --enable-pool-debug=all|owner.
[Yann Ylavic]

*) Improve platform detection by updating config.guess and config.sub.
[Rainer Jung]

*) CMake: Add support for CMAKE_WARNING_AS_ERROR. [Ivan Zhakov]

*) CMake: Enable support for MSVC runtime library selection by abstraction.
[Ivan Zhakov]

*) CMake: Export installed targets (libapr-1, apr-1, libaprapp-1, aprapp-1)
to apr:: namespace. [Ivan Zhakov]

• Changelog https://downloads.apache.org/httpd/CHANGES_2.4.62
• Important security vulnerabilities are fixed in 2.4.62, see https://httpd.apache.org/security/vulnerabilities_24.html.

Changes https://www.apachelounge.com/Changelog-2.4.html

Important security vulnerabilities are fixed in 2.4.60, see https://httpd.apache.org/security/vulnerabilities_24.html.

Changes: https://www.apachelounge.com/Changelog-2.4.html

Important security vulnerabilities are fixed in 2.4.59, see https://httpd.apache.org/security/vulnerabilities_24.html

OpenSSL Security Update See https://www.openssl.org/news/secadv/20231024.txt

Mainly a security fix release for Apache. See https://downloads.apache.org/httpd/CHANGES_2.4.58 for more details.

• Update Apache to 2.4.58
• Update OpenSSL to 3.0.11
• Update Curl to 8.4.0

Updates:

• SSL
• HTTP2 lib
• curl
• APR

Updates:

• httpd Apache to 2.4.57
• http2 lib to 1.52
• curl to 7.88.1

• Update OpenSSL Version to 3.0.8

Updated

• Updated 3rd Party
  • APR
  • APR UTIL
  • PCRE 2
  • mod security
  • curl
  • JANSON
  • zlib
• Updated: Raspberry PI notes

• Update 3rd party modules
  • PCRE
  • mod_security
  • OpenSSL
  • mod_xsendfiles
• Improved some scripts
• Update recommended SSL config

• fix remove
• Update OpenSSL

• Add cleaning option
• Update zlib
• update OpenSSL
• Update to 2.4.54
• Update OpenSSL patch version to p

• Update Apache to 2.4.53
• Update OpenSSL 1.1.1n

• Update: Don't activate mod_bikeshed by default](https://github.com/JBlond/debian_build_apache24/commit/8145e014995e63cf2dee30145e9bd6ad002ad827)
• Fix: SIGSEGV (segmentation fault) at startup, when BikeShedTokensStr…](https://github.com/JBlond/debian_build_apache24/commit/56b530a64f8be3e5075fc0053bb682e9dcbd6100)
• Update: recommended SSL configuration](https://github.com/JBlond/debian_build_apache24/commit/4cdfcb3ce8014560682b57dde1d5dc203ab9788a)
• Fix: wget is needed on newer systems](https://github.com/JBlond/debian_build_apache24/commit/7e75473c397b662e9cdfb0783ea388bc44a699ba)
• Update: Remove RHEL support](https://github.com/JBlond/debian_build_apache24/commit/e055f0e5dc461a0bfa1486d2cafebd409787d187)

• Update PCRE to last version of PCRE 1 (8.44 -> 8.45)
• Update mod_security
• Fix mod_bikeshed build

• httpd apache changelog

OpenSSL Update

• FIX PCRE download link

• SECURITY: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (cve.mitre.org)
• core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag