apache: add fix for CVE-2014-0117 Security Advisory

The patch comes from upstream:
http://svn.apache.org/viewvc?view=revision&revision=1610674

SECURITY (CVE-2014-0117): Fix a crash in mod_proxy.  In a reverse proxy
configuration, a remote attacker could send a carefully crafted request which
could crash a server process, resulting in denial of service.

Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting
this issue.

Submitted by: Edward Lu, breser, covener
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
This commit is contained in:
Kang Kai
2014-10-29 09:40:08 +08:00
committed by Paul Eggleton
parent 6aee572984
commit a4fd0b3410
2 changed files with 292 additions and 1 deletions
@@ -19,7 +19,9 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
file://init \
file://apache2-volatile.conf \
file://apache2.service"
file://apache2.service \
file://apache-CVE-2014-0117.patch \
"
LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156"