2 files changed, 1 insertions, 33 deletions
diff --git a/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch b/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
deleted file mode 100644
index 284a5a3ea9..0000000000
--- a/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-CVE: CVE-2022-41556
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001
-From: Glenn Strauss <gstrauss@gluelogic.com>
-Date: Sun, 11 Sep 2022 22:31:34 -0400
-Subject: [PATCH] [core] handle RDHUP when collecting chunked body
-handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked
-request body (and when not streaming request body to backend)
-x-ref:
-  https://github.com/lighttpd/lighttpd1.4/pull/115
---
- src/gw_backend.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/src/gw_backend.c b/src/gw_backend.c
-index df9d8217..5db56287 100644
--- a/src/gw_backend.c
-+++ b/src/gw_backend.c
-@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) {
-                  *  and module is flagged to stream request body to backend) */
-                 return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST)
-                   ? http_response_reqbody_read_error(r, 411)
-                  : HANDLER_WAIT_FOR_EVENT;
-+                  : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc;
-             }
- 
-             if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) {
diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb
index 78978105b2..838881f238 100644
--- a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb
+++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb
@@ -14,13 +14,12 @@ RRECOMMENDS:${PN} = "lighttpd-module-access \
                     lighttpd-module-accesslog"
 SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
-           file://CVE-2022-41556.patch \
           file://index.html.lighttpd \
           file://lighttpd.conf \
           file://lighttpd \
           "
-SRC_URI[sha256sum] = "47ac6e60271aa0196e65472d02d019556dc7c6d09df3b65df2c1ab6866348e3b"
+SRC_URI[sha256sum] = "7e04d767f51a8d824b32e2483ef2950982920d427d1272ef4667f49d6f89f358"
 DEPENDS = "virtual/crypt"

diff --git a/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch b/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch deleted file mode 100644 index 284a5a3ea9..0000000000 --- a/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch +++ /dev/null
@@ -1,31 +0,0 @@
1	CVE: CVE-2022-41556
2	Upstream-Status: Backport
3	Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5	From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001
6	From: Glenn Strauss <gstrauss@gluelogic.com>
7	Date: Sun, 11 Sep 2022 22:31:34 -0400
8	Subject: [PATCH] [core] handle RDHUP when collecting chunked body
9
10	handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked
11	request body (and when not streaming request body to backend)
12
13	x-ref:
14	https://github.com/lighttpd/lighttpd1.4/pull/115
15	---
16	src/gw_backend.c \| 2 +-
17	1 file changed, 1 insertion(+), 1 deletion(-)
18
19	diff --git a/src/gw_backend.c b/src/gw_backend.c
20	index df9d8217..5db56287 100644
21	--- a/src/gw_backend.c
22	+++ b/src/gw_backend.c
23	@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) {
24	* and module is flagged to stream request body to backend) */
25	return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST)
26	? http_response_reqbody_read_error(r, 411)
27	- : HANDLER_WAIT_FOR_EVENT;
28	+ : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc;
29	}
30
31	if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) {


diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb index 78978105b2..838881f238 100644 --- a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb +++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb
@@ -14,13 +14,12 @@ RRECOMMENDS:${PN} = "lighttpd-module-access \
14	lighttpd-module-accesslog"	14	lighttpd-module-accesslog"
15		15
16	SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \	16	SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
17	file://CVE-2022-41556.patch \
18	file://index.html.lighttpd \	17	file://index.html.lighttpd \
19	file://lighttpd.conf \	18	file://lighttpd.conf \
20	file://lighttpd \	19	file://lighttpd \
21	"	20	"
22		21
23	SRC_URI[sha256sum] = "47ac6e60271aa0196e65472d02d019556dc7c6d09df3b65df2c1ab6866348e3b"	22	SRC_URI[sha256sum] = "7e04d767f51a8d824b32e2483ef2950982920d427d1272ef4667f49d6f89f358"
24		23
25	DEPENDS = "virtual/crypt"	24	DEPENDS = "virtual/crypt"
26		25