summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2019-0215.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
commit1221c736f9a90756d47ea6d28320b6b83602dd2a (patch)
treeb453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2019-0215.patch
parentAdding upstream version 2.4.38. (diff)
downloadapache2-debian/2.4.38-3+deb10u8.tar.xz
apache2-debian/2.4.38-3+deb10u8.zip
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2019-0215.patch')
-rw-r--r--debian/patches/CVE-2019-0215.patch52
1 files changed, 52 insertions, 0 deletions
diff --git a/debian/patches/CVE-2019-0215.patch b/debian/patches/CVE-2019-0215.patch
new file mode 100644
index 0000000..6c0461e
--- /dev/null
+++ b/debian/patches/CVE-2019-0215.patch
@@ -0,0 +1,52 @@
+From 84edf5f49db23ced03259812bbf9426685f7d82a Mon Sep 17 00:00:00 2001
+From: Joe Orton <jorton@apache.org>
+Date: Wed, 20 Mar 2019 15:45:16 +0000
+Subject: [PATCH] Merge r1855849 from trunk:
+
+* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access_modern): Correctly
+ restore SSL verify state after PHA failure in TLSv1.3.
+
+Submitted by: Michael Kaufmann <mail michael-kaufmann.ch>
+Reviewed by: jorton, covener, jim
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855917 13f79535-47bb-0310-9956-ffa450edef68
+---
+ CHANGES | 3 +++
+ modules/ssl/ssl_engine_kernel.c | 2 ++
+ 2 files changed, 5 insertions(+)
+
+#diff --git a/CHANGES b/CHANGES
+#index 6b03eadfa07..6f20d688ece 100644
+#--- a/CHANGES
+#+++ b/CHANGES
+#@@ -1,6 +1,9 @@
+# -*- coding: utf-8 -*-
+# Changes with Apache 2.4.39
+#
+#+ *) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure.
+#+ [Michael Kaufmann <mail michael-kaufmann.ch>]
+#+
+# *) mod_log_config: Support %{c}h for conn-hostname, %h for useragent_host
+# PR 55348
+#
+Index: apache2-2.4.38/modules/ssl/ssl_engine_kernel.c
+===================================================================
+--- apache2-2.4.38.orig/modules/ssl/ssl_engine_kernel.c 2019-04-03 14:31:14.279214679 -0400
++++ apache2-2.4.38/modules/ssl/ssl_engine_kernel.c 2019-04-03 14:31:14.279214679 -0400
+@@ -1154,6 +1154,7 @@ static int ssl_hook_Access_modern(reques
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
+ apr_table_setn(r->notes, "error-notes",
+ "Reason: Cannot perform Post-Handshake Authentication.<br />");
++ SSL_set_verify(ssl, vmode_inplace, NULL);
+ return HTTP_FORBIDDEN;
+ }
+
+@@ -1175,6 +1176,7 @@ static int ssl_hook_Access_modern(reques
+ * Finally check for acceptable renegotiation results
+ */
+ if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) {
++ SSL_set_verify(ssl, vmode_inplace, NULL);
+ return rc;
+ }
+ }