apache2: Fix CVE-2018-11763

mod_http2: connection IO event handling reworked. Instead of reacting on incoming bytes, the state machine now acts on incoming frames that are affecting it. This reduces state transitions. Reference: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11763.html Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Mingli Yu <mingli.yu@windriver.com> 2018-10-29 00:25:49 -0700
committer: Khem Raj <raj.khem@gmail.com> 2018-11-02 10:05:06 -0700
commit: e9e214875fa9109ce49a31c5d964e31fccf02282 (patch)
tree: 390ee87ec7fafe6d09da71db5cbe51b4be65909a /meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb
parent: 5f94a97b0cffe81278e6835e5cdaa0e43816f46d (diff)
download: meta-openembedded-contrib-e9e214875fa9109ce49a31c5d964e31fccf02282.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb
index a3a6804d87..4cc3845463 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb
@@ -10,6 +10,7 @@ inherit autotools pkgconfig native
 
 SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
            file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
+           file://CVE-2018-11763.patch \
           "
 
 S = "${WORKDIR}/httpd-${PV}"
author	Mingli Yu <mingli.yu@windriver.com>	2018-10-29 00:25:49 -0700
committer	Khem Raj <raj.khem@gmail.com>	2018-11-02 10:05:06 -0700
commit	e9e214875fa9109ce49a31c5d964e31fccf02282 (patch)
tree	390ee87ec7fafe6d09da71db5cbe51b4be65909a /meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb
parent	5f94a97b0cffe81278e6835e5cdaa0e43816f46d (diff)
download	meta-openembedded-contrib-e9e214875fa9109ce49a31c5d964e31fccf02282.tar.gz