Adding debian version 2.4.59-1~deb10u1.debian/2.4.59-1_deb10u1debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 0 insertions, 27 deletions

diff --git a/debian/patches/CVE-2020-35452.patch b/debian/patches/CVE-2020-35452.patch
deleted file mode 100644
index 5204210..0000000
--- a/debian/patches/CVE-2020-35452.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Description: <short summary of the patch>
-Author: Apache authors
-Origin: upstream, https://github.com/apache/httpd/commit/3b6431e
-Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452
-Forwarded: not-needed
-Reviewed-By: Yadd <yadd@debian.org>
-Last-Update: 2021-06-10
-
---- a/modules/aaa/mod_auth_digest.c
-+++ b/modules/aaa/mod_auth_digest.c
-@@ -1422,9 +1422,14 @@
-     time_rec nonce_time;
-     char tmp, hash[NONCE_HASH_LEN+1];
- 
--    if (strlen(resp->nonce) != NONCE_LEN) {
-+    /* Since the time part of the nonce is a base64 encoding of an
-+     * apr_time_t (8 bytes), it should end with a '=', fail early otherwise.
-+     */
-+    if (strlen(resp->nonce) != NONCE_LEN
-+            || resp->nonce[NONCE_TIME_LEN - 1] != '=') {
-         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775)
--                      "invalid nonce %s received - length is not %d",
-+                      "invalid nonce '%s' received - length is not %d "
-+                      "or time encoding is incorrect",
-                       resp->nonce, NONCE_LEN);
-         note_digest_auth_failure(r, conf, resp, 1);
-         return HTTP_UNAUTHORIZED;