[oe] [meta-webserver][SUMO][resend PATCH] apache2: CVE-2018-1333
Jagadeesh Krishnanjanappa
jkrishnanjanappa at mvista.com
Thu Aug 23 16:00:38 UTC 2018
* fixes a race condition where aborting streams triggers an
unnecessary timeout.
Affects apache2 2.4.18 to 2.4.30 and apache2 2.4.33
Fixed in apache2 2.4.34
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa at mvista.com>
---
.../recipes-httpd/apache2/apache2-native_2.4.29.bb | 1 +
.../recipes-httpd/apache2/apache2_2.4.29.bb | 1 +
.../apache2/files/CVE-2018-1333.patch | 44 ++++++++++++++++++++++
3 files changed, 46 insertions(+)
create mode 100644 meta-webserver/recipes-httpd/apache2/files/CVE-2018-1333.patch
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.29.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.29.bb
index 36f073c..e2cbba1 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.29.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.29.bb
@@ -10,6 +10,7 @@ inherit autotools pkgconfig native
SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
+ file://CVE-2018-1333.patch \
"
S = "${WORKDIR}/httpd-${PV}"
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.29.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.29.bb
index f0298b9..ddbd76f 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.29.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.29.bb
@@ -21,6 +21,7 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
file://apache2-volatile.conf \
file://apache2.service \
file://volatiles.04_apache2 \
+ file://CVE-2018-1333.patch \
"
LIC_FILES_CHKSUM = "file://LICENSE;md5=a62b0c7623826ff99766ff13fb9007f8"
diff --git a/meta-webserver/recipes-httpd/apache2/files/CVE-2018-1333.patch b/meta-webserver/recipes-httpd/apache2/files/CVE-2018-1333.patch
new file mode 100644
index 0000000..40d16cf
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/files/CVE-2018-1333.patch
@@ -0,0 +1,44 @@
+From 83a2e3866918ce6567a683eb4c660688d047ee81 Mon Sep 17 00:00:00 2001
+From: Stefan Eissing <stefan.eissing at greenbytes.de>
+Date: Wed, 18 Apr 2018 11:55:17 +0200
+Subject: [PATCH] * fixes a race condition where aborting streams triggers an
+ unnecessary timeout.
+
+Note: Re-factored upstream fix
+https://github.com/icing/mod_h2/commit/83a2e3866918ce6567a683eb4c660688d047ee81,
+so that it applies to httpd v2.4.29 code. Similarly done at
+http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_bucket_beam.c?r1=1828879&r2=1828878&pathrev=1828879
+
+CVE: CVE-2018-1333
+Upstream-Status: Backport [https://github.com/icing/mod_h2/commit/83a2e3866918ce6567a683eb4c660688d047ee81]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa at mvista.com>
+
+diff -Naurp httpd-2.4.29_org/modules/http2/h2_bucket_beam.c httpd-2.4.29/modules/http2/h2_bucket_beam.c
+--- httpd-2.4.29_org/modules/http2/h2_bucket_beam.c 2017-10-13 01:37:45.000000000 -0700
++++ httpd-2.4.29/modules/http2/h2_bucket_beam.c 2018-08-23 00:45:53.214181157 -0700
+@@ -549,6 +549,7 @@ static void recv_buffer_cleanup(h2_bucke
+ apr_brigade_destroy(bb);
+ if (bl) enter_yellow(beam, bl);
+
++ apr_thread_cond_broadcast(beam->change);
+ if (beam->cons_ev_cb) {
+ beam->cons_ev_cb(beam->cons_ctx, beam);
+ }
+@@ -697,12 +698,10 @@ void h2_beam_abort(h2_bucket_beam *beam)
+ h2_beam_lock bl;
+
+ if (enter_yellow(beam, &bl) == APR_SUCCESS) {
+- if (!beam->aborted) {
+- beam->aborted = 1;
+- r_purge_sent(beam);
+- h2_blist_cleanup(&beam->send_list);
+- report_consumption(beam, &bl);
+- }
++ beam->aborted = 1;
++ r_purge_sent(beam);
++ h2_blist_cleanup(&beam->send_list);
++ report_consumption(beam, &bl);
+ apr_thread_cond_broadcast(beam->change);
+ leave_yellow(beam, &bl);
+ }
--
2.7.4
More information about the Openembedded-devel
mailing list