apache2: Fix CVE-2018-11763

mod_http2: connection IO event handling reworked.
Instead of reacting on incoming bytes, the state
machine now acts on incoming frames that are affecting
it. This reduces state transitions.

Reference: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11763.html

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Mingli Yu
2018-10-29 00:25:49 -07:00
committed by Armin Kuster
parent 31f567c235
commit de6d776d80
3 changed files with 514 additions and 0 deletions
@@ -10,6 +10,7 @@ inherit autotools pkgconfig native
SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
file://CVE-2018-11763.patch \
"
S = "${WORKDIR}/httpd-${PV}"