apache2: Fix CVE-2018-11763

mod_http2: connection IO event handling reworked.
Instead of reacting on incoming bytes, the state
machine now acts on incoming frames that are affecting
it. This reduces state transitions.

Reference: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11763.html

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Mingli Yu
2018-10-29 00:25:49 -07:00
committed by Armin Kuster
parent 31f567c235
commit de6d776d80
3 changed files with 514 additions and 0 deletions
@@ -16,6 +16,7 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \
file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
file://configure-allow-to-disable-selinux-support.patch \
file://CVE-2018-11763.patch \
file://init \
file://apache2-volatile.conf \
file://apache2.service \