neighbourhoodie · ninetteadhikari · Jul 3, 2024 · Jul 3, 2024 · Jul 4, 2024 · Jul 8, 2024
diff --git a/0000-cover-letter.patch b/0000-cover-letter.patch
@@ -0,0 +1,17 @@
+From 2971f8b570529dbac05d8300cd4c0ca82d16fa6e Mon Sep 17 00:00:00 2001
+From: Ninette Adhikari <[email protected]>
+Date: Wed, 3 Jul 2024 09:27:31 -0700
+Subject: [PATCH 0/1] apache2:apache2-native: CVE status update for
+ CVE-1999-0289
+
+CVE only applies for Windows
+
+Ninette Adhikari (1):
+  apache2:apache2-native: CVE status update for CVE-1999-0289
+
+ meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 1 +
+ 1 file changed, 1 insertion(+)
+
+--
+2.44.0
+
diff --git a/0001-apache2-apache2-native-CVE-status-update-for-CVE-199.patch b/0001-apache2-apache2-native-CVE-status-update-for-CVE-199.patch
@@ -0,0 +1,28 @@
+From 2971f8b570529dbac05d8300cd4c0ca82d16fa6e Mon Sep 17 00:00:00 2001
+From: Ninette Adhikari <[email protected]>
+Date: Wed, 3 Jul 2024 09:25:47 -0700
+Subject: [PATCH 1/1] apache2:apache2-native: CVE status update for
+ CVE-1999-0289
+
+CVE only applies for Windows
+
+Signed-off-by: Ninette Adhikari <[email protected]>
+---
+ meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb
+index 6dfecef8d..7b0ed338b 100644
+--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb
++++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb
+@@ -41,6 +41,7 @@ CVE_STATUS[CVE-2007-6421] = "cpe-incorrect: The current version (2.4.59) is not
+ CVE_STATUS[CVE-2007-6422] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)"
+ CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev"
+ CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions up to 2.2.6 (excl.)"
++CVE_STATUS[CVE-1999-0289] = "not-applicable-platform: CVE only applies for Windows"
+
+ SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
+
+--
+2.44.0
+
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb
@@ -37,10 +37,13 @@ DEPENDS = "openssl expat pcre apr apr-util apache2-native "
 
 CVE_PRODUCT = "apache:http_server"
 
+CVE_STATUS[CVE-1999-0289] = "not-applicable-platform: The current version (2.4.6) is not affected. It only applies for Windows"
+CVE_STATUS[CVE-2007-0450] = "not-applicable-platform: The current version (2.4.6) is not affected. It only applies for Windows."
 CVE_STATUS[CVE-2007-6421] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)"
 CVE_STATUS[CVE-2007-6422] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)"
 CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev"
 CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions up to 2.2.6 (excl.)"
+CVE_STATUS[CVE-2010-0425] = "not-applicable-platform: The current version (2.4.6) is not affected. It only applies for Windows."
 
 SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
 

diff --git a/v2-0001-apache2-apache2-native-Update-CVE-status.patch b/v2-0001-apache2-apache2-native-Update-CVE-status.patch
@@ -0,0 +1,31 @@
+From 5cfc3a15f22ed057253602e4dc9cf2982bc04090 Mon Sep 17 00:00:00 2001
+From: Ninette Adhikari <[email protected]>
+Date: Wed, 3 Jul 2024 11:37:33 -0700
+Subject: [PATCH v2] apache2:apache2-native: Update CVE status
+
+Update CVE status for: CVE-1999-0289, CVE-2007-0450, CVE-2010-0425
+
+The current version (2.4.6) is not affected. It only applies for Windows.
+
+Signed-off-by: Ninette Adhikari <[email protected]>
+---
+ meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb
+index 48bb773dd..265313b3f 100644
+--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb
++++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb
+@@ -41,6 +41,9 @@ CVE_STATUS[CVE-2007-6421] = "cpe-incorrect: The current version (2.4.59) is not
+ CVE_STATUS[CVE-2007-6422] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)"
+ CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev"
+ CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions up to 2.2.6 (excl.)"
++CVE_STATUS[CVE-1999-0289] = "not-applicable-platform: The current version (2.4.6) is not affected. It only applies for Windows"
++CVE_STATUS[CVE-2007-0450] = "not-applicable-platform: The current version (2.4.6) is not affected. It only applies for Windows."
++CVE_STATUS[CVE-2010-0425] = "not-applicable-platform: The current version (2.4.6) is not affected. It only applies for Windows."
+
+ SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
+
+-- 
+2.44.0
+
diff --git a/v3-0001-apache2-apache2-native-sort-CVE-status.patch b/v3-0001-apache2-apache2-native-sort-CVE-status.patch
@@ -0,0 +1,35 @@
+From 334c70f1c8009785a6a769fc132bac05ea477f9e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alba=20Herrer=C3=ADas?= <[email protected]>
+Date: Thu, 4 Jul 2024 10:53:04 +0100
+Subject: [PATCH v3] apache2:apache2-native: sort CVE status
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Alba Herrerías <[email protected]>
+---
+ meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb
+index 265313b3f..ab19ff1dc 100644
+--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb
++++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.60.bb
+@@ -37,12 +37,12 @@ DEPENDS = "openssl expat pcre apr apr-util apache2-native "
+
+ CVE_PRODUCT = "apache:http_server"
+
++CVE_STATUS[CVE-1999-0289] = "not-applicable-platform: The current version (2.4.6) is not affected. It only applies for Windows"
++CVE_STATUS[CVE-2007-0450] = "not-applicable-platform: The current version (2.4.6) is not affected. It only applies for Windows."
+ CVE_STATUS[CVE-2007-6421] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)"
+ CVE_STATUS[CVE-2007-6422] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)"
+ CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev"
+ CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions up to 2.2.6 (excl.)"
+-CVE_STATUS[CVE-1999-0289] = "not-applicable-platform: The current version (2.4.6) is not affected. It only applies for Windows"
+-CVE_STATUS[CVE-2007-0450] = "not-applicable-platform: The current version (2.4.6) is not affected. It only applies for Windows."
+ CVE_STATUS[CVE-2010-0425] = "not-applicable-platform: The current version (2.4.6) is not affected. It only applies for Windows."
+
+ SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
+-- 
+2.40.1
+