apache2: Fix CVE-2018-11763

mod_http2: connection IO event handling reworked. Instead of reacting on incoming bytes, the state machine now acts on incoming frames that are affecting it. This reduces state transitions. Reference: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11763.html Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Mingli Yu <mingli.yu@windriver.com> 2018-10-29 00:25:49 -0700
committer: Armin Kuster <akuster808@gmail.com> 2018-11-15 13:18:50 -0800
commit: de6d776d800384aed442b643fd03ccd35d5a9194 (patch)
tree: 3a9b9ec9c481db220ad77da518f9970afe7be436 /meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb
parent: 31f567c23562644317822c3280a7409d8742b353 (diff)
download: meta-openembedded-contrib-de6d776d800384aed442b643fd03ccd35d5a9194.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb
index a3a6804d87..4cc3845463 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb
@@ -10,6 +10,7 @@ inherit autotools pkgconfig native
 
 SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
            file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
+           file://CVE-2018-11763.patch \
           "
 
 S = "${WORKDIR}/httpd-${PV}"
author	Mingli Yu <mingli.yu@windriver.com>	2018-10-29 00:25:49 -0700
committer	Armin Kuster <akuster808@gmail.com>	2018-11-15 13:18:50 -0800
commit	de6d776d800384aed442b643fd03ccd35d5a9194 (patch)
tree	3a9b9ec9c481db220ad77da518f9970afe7be436 /meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb
parent	31f567c23562644317822c3280a7409d8742b353 (diff)
download	meta-openembedded-contrib-de6d776d800384aed442b643fd03ccd35d5a9194.tar.gz