diff options
| author |   wangmy <wangmy@fujitsu.com> | 2022-10-11 16:58:49 +0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-10-28 09:44:48 +0100 |
| commit | 7a399862bb2e1503fbffa18e7ec0767643f76132 (patch) | |
| tree | cfc7d53021923fb36e38e424d987b6b856477d1b /meta/recipes-extended | |
| parent | f417ae30c79fac99e2549324ed351f6f63cc4a25 (diff) | |
| download | openembedded-core-contrib-7a399862bb2e1503fbffa18e7ec0767643f76132.tar.gz | |
lighttpd: upgrade 1.4.66 -> 1.4.67
Changelog:
=============
* Update comment about TCP_INFO on OpenBSD
* [mod_ajp13] fix crash with bad response headers (fixes #3170)
* [core] handle RDHUP when collecting chunked body
* [core] tweak streaming request body to backends
* [core] handle ENOSPC with pwritev() (#3171)
* [core] manually calculate off_t max (fixes #3171)
* [autoconf] force large file support (#3171)
* [multiple] quiet coverity warnings using casts
* [meson] add license keyword to project declaration
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
| -rw-r--r-- | meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch | 31 | ||||
| -rw-r--r-- | meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb (renamed from meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb) | 3 |
2 files changed, 1 insertions, 33 deletions
diff --git a/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch b/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch deleted file mode 100644 index 284a5a3ea9..0000000000 --- a/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch +++ /dev/null @@ -1,31 +0,0 @@ -CVE: CVE-2022-41556 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001 -From: Glenn Strauss <gstrauss@gluelogic.com> -Date: Sun, 11 Sep 2022 22:31:34 -0400 -Subject: [PATCH] [core] handle RDHUP when collecting chunked body - -handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked -request body (and when not streaming request body to backend) - -x-ref: - https://github.com/lighttpd/lighttpd1.4/pull/115 ---- - src/gw_backend.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/gw_backend.c b/src/gw_backend.c -index df9d8217..5db56287 100644 ---- a/src/gw_backend.c -+++ b/src/gw_backend.c -@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) { - * and module is flagged to stream request body to backend) */ - return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST) - ? http_response_reqbody_read_error(r, 411) -- : HANDLER_WAIT_FOR_EVENT; -+ : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc; - } - - if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) { diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb index 78978105b2..838881f238 100644 --- a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb +++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb @@ -14,13 +14,12 @@ RRECOMMENDS:${PN} = "lighttpd-module-access \ lighttpd-module-accesslog" SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \ - file://CVE-2022-41556.patch \ file://index.html.lighttpd \ file://lighttpd.conf \ file://lighttpd \ " -SRC_URI[sha256sum] = "47ac6e60271aa0196e65472d02d019556dc7c6d09df3b65df2c1ab6866348e3b" +SRC_URI[sha256sum] = "7e04d767f51a8d824b32e2483ef2950982920d427d1272ef4667f49d6f89f358" DEPENDS = "virtual/crypt" |