apache2: Fix CVE-2018-11763

mod_http2: connection IO event handling reworked. Instead of reacting on incoming bytes, the state machine now acts on incoming frames that are affecting it. This reduces state transitions. Reference: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11763.html Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Mingli Yu <mingli.yu@windriver.com> 2018-10-29 00:25:49 -0700
committer: Khem Raj <raj.khem@gmail.com> 2018-11-02 10:05:06 -0700
commit: e9e214875fa9109ce49a31c5d964e31fccf02282 (patch)
tree: 390ee87ec7fafe6d09da71db5cbe51b4be65909a /meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb
parent: 5f94a97b0cffe81278e6835e5cdaa0e43816f46d (diff)
download: meta-openembedded-contrib-e9e214875fa9109ce49a31c5d964e31fccf02282.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb
index a92ec5458c..a87e3847f3 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb
@@ -16,6 +16,7 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
            file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \
            file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
            file://configure-allow-to-disable-selinux-support.patch \
+           file://CVE-2018-11763.patch \
            file://init \
            file://apache2-volatile.conf \
            file://apache2.service \
author	Mingli Yu <mingli.yu@windriver.com>	2018-10-29 00:25:49 -0700
committer	Khem Raj <raj.khem@gmail.com>	2018-11-02 10:05:06 -0700
commit	e9e214875fa9109ce49a31c5d964e31fccf02282 (patch)
tree	390ee87ec7fafe6d09da71db5cbe51b4be65909a /meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb
parent	5f94a97b0cffe81278e6835e5cdaa0e43816f46d (diff)
download	meta-openembedded-contrib-e9e214875fa9109ce49a31c5d964e31fccf02282.tar.gz