From 7d407425e996860cd0bca696916472fb53b70b8d Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Tue, 13 Aug 2019 18:05:17 -0500
Subject: user/apache-httpd: [CVE] bump to 2.4.41

---
 user/apache-httpd/APKBUILD | 43 +++++++++++++++++++++++++------------------
 1 file changed, 25 insertions(+), 18 deletions(-)

(limited to 'user')

diff --git a/user/apache-httpd/APKBUILD b/user/apache-httpd/APKBUILD
index fe6dd6672..fddd11a12 100644
--- a/user/apache-httpd/APKBUILD
+++ b/user/apache-httpd/APKBUILD
@@ -2,8 +2,8 @@
 # Maintainer: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com>
 pkgname=apache-httpd
 _pkgreal=httpd
-pkgver=2.4.39
-pkgrel=2
+pkgver=2.4.41
+pkgrel=0
 pkgdesc="Open-source HTTP server"
 url="https://httpd.apache.org"
 arch="all"
@@ -11,7 +11,7 @@ license="Apache-2.0"
 depends=""
 install="$pkgname.pre-install $pkgname.pre-upgrade"
 makedepends="apr-dev apr-util-dev autoconf automake libxml2-dev nghttp2-dev
-	openssl-dev pcre-dev sed zlib-dev"
+	openssl-dev pcre-dev sed zlib-dev cmd:which"
 pkgusers="apache"
 pkggroups="apache"
 subpackages="$pkgname-dev
@@ -21,7 +21,7 @@ subpackages="$pkgname-dev
 	     $pkgname-ldap
 	     $pkgname-openrc"
 provides="apache2 apache2-ssl"
-source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
+source="$pkgname-$pkgver.tar.gz::https://github.com/apache/httpd/archive/$pkgver.tar.gz
 	adelie.layout
 	apache-httpd.confd
 	apache-httpd.initd
@@ -36,25 +36,33 @@ source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
 builddir="$srcdir/$_pkgreal-$pkgver"
 options="suid !check"
 
-# 2.4.30: (unreleased)
-# - CVE-2017-15710
-# - CVE-2018-1283
-# - CVE-2018-1303
-# - CVE-2018-1301
-# - CVE-2017-15715
-# - CVE-2018-1312
-# - CVE-2018-1302
-# 2.4.34:
-# - CVE-2018-8011
-# - CVE-2018-1333
+# secfixes: http_server
+#   2.4.34-r0:
+#     - CVE-2017-15710
+#     - CVE-2017-15715
+#     - CVE-2018-1283
+#     - CVE-2018-1301
+#     - CVE-2018-1302
+#     - CVE-2018-1303
+#     - CVE-2018-1312
+#     - CVE-2018-1333
+#     - CVE-2018-8011
+#   2.4.41-r0:
+#     - CVE-2019-9517
+#     - CVE-2019-10081
+#     - CVE-2019-10082
+#     - CVE-2019-10092
+#     - CVE-2019-10097
+#     - CVE-2019-10098
 
 prepare() {
 	default_prepare
 	cat "$srcdir"/adelie.layout >> "$builddir"/config.layout
+	./buildconf \
+		--with-apr=apr-1-config
 }
 
 build() {
-	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -77,7 +85,6 @@ build() {
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" -j1 install
 
 	# apache-provided configuration is awful
@@ -135,7 +142,7 @@ ldap() {
 		"$subpkgdir"/usr/libexec/apache2
 }
 
-sha512sums="9742202040b3dc6344b301540f54b2d3f8e36898410d24206a7f8dcecb1bea7d7230fabc7256752724558af249facf64bffe2cf678b8f7cccb64076737abfda7  httpd-2.4.39.tar.bz2
+sha512sums="447310a625c0aaff10777c70d178853536c010a376b7e27a137461e5b83e438bc0548b90f47c21f1d047f685d082db84920bc6b1365f6e1f16698ba059df927a  apache-httpd-2.4.41.tar.gz
 c8bc2bb06ae51b0956e0ee673e80c444551c9b33dfcbb845106477c46d9e52786a8896022e1f00102264fecdf66e35e47fc6cf0abe9836fa536735cff4e6adf4  adelie.layout
 336e81fa0d08f8fbe6243d52bd59b12cf2e925deb49b29d7a22953c5d40a951b6b753f51e5a396752cb0bbaf1cf25b1358902f375fb65639d00e62db7ae55ff2  apache-httpd.confd
 5762d53f39ce7ecd730e05ddf6c063ede65cd75b9e7d67217784c80366646491ef9474306e8eb119c8fb5b4358407b07636a4e9cd82325d8df4e3e00dabc3459  apache-httpd.initd
-- 
cgit v1.2.3-60-g2f50