new file mode 100644
@@ -0,0 +1,31 @@
+CVE: CVE-2022-41556
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Sun, 11 Sep 2022 22:31:34 -0400
+Subject: [PATCH] [core] handle RDHUP when collecting chunked body
+
+handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked
+request body (and when not streaming request body to backend)
+
+x-ref:
+ https://github.com/lighttpd/lighttpd1.4/pull/115
+---
+ src/gw_backend.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/gw_backend.c b/src/gw_backend.c
+index df9d8217..5db56287 100644
+--- a/src/gw_backend.c
++++ b/src/gw_backend.c
+@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) {
+ * and module is flagged to stream request body to backend) */
+ return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST)
+ ? http_response_reqbody_read_error(r, 411)
+- : HANDLER_WAIT_FOR_EVENT;
++ : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc;
+ }
+
+ if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) {
@@ -14,6 +14,7 @@ RRECOMMENDS:${PN} = "lighttpd-module-access \
lighttpd-module-accesslog"
SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
+ file://CVE-2022-41556.patch \
file://index.html.lighttpd \
file://lighttpd.conf \
file://lighttpd \