1 files changed, 0 insertions, 170 deletions

diff --git a/debian/patches/0053-CVE-2023-25690-1.patch b/debian/patches/0053-CVE-2023-25690-1.patch
deleted file mode 100644
index a7370c7..0000000
--- a/debian/patches/0053-CVE-2023-25690-1.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-From 8789f6bb926fa4c33b4231a8444340515c82bdff Mon Sep 17 00:00:00 2001
-From: Eric Covener <covener@apache.org>
-Date: Sun, 5 Mar 2023 20:28:43 +0000
-Subject: [PATCH] [1/2] Fix CVE-2023-25690: HTTP Request Smuggling in mod_proxy*
-
-    don't forward invalid query strings
-
-    Submitted by: rpluem
-
-Reviewed By:  covener, fielding, rpluem, gbechis
-bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-25690
-bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476
-bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-25690
-origin: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908096 13f79535-47bb-0310-9956-ffa450edef68
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908096 13f79535-47bb-0310-9956-ffa450edef68
----
- modules/http2/mod_proxy_http2.c    | 10 ++++++++++
- modules/mappers/mod_rewrite.c      | 22 ++++++++++++++++++++++
- modules/proxy/mod_proxy_ajp.c      | 10 ++++++++++
- modules/proxy/mod_proxy_balancer.c | 10 ++++++++++
- modules/proxy/mod_proxy_http.c     | 10 ++++++++++
- modules/proxy/mod_proxy_wstunnel.c | 10 ++++++++++
- 6 files changed, 72 insertions(+)
-
-diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c
-index 3faf03472bb..aa299b937a5 100644
---- a/modules/http2/mod_proxy_http2.c
-+++ b/modules/http2/mod_proxy_http2.c
-@@ -158,6 +158,16 @@ static int proxy_http2_canon(request_rec *r, char *url)
-             path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
-                                      enc_path, 0, r->proxyreq);
-             search = r->args;
-+            if (search && *(ap_scan_vchar_obstext(search))) {
-+                /*
-+                 * We have a raw control character or a ' ' in r->args.
-+                 * Correct encoding was missed.
-+                 */
-+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
-+                              "To be forwarded query string contains control "
-+                              "characters or spaces");
-+                return HTTP_FORBIDDEN;
-+            }
-         }
-         break;
-     case PROXYREQ_PROXY:
-diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
-index 943996560e5..f6398f19386 100644
---- a/modules/mappers/mod_rewrite.c
-+++ b/modules/mappers/mod_rewrite.c
-@@ -4729,6 +4729,17 @@ static int hook_uri2file(request_rec *r)
-         unsigned skip;
-         apr_size_t flen;
- 
-+        if (r->args && *(ap_scan_vchar_obstext(r->args))) {
-+            /*
-+             * We have a raw control character or a ' ' in r->args.
-+             * Correct encoding was missed.
-+             */
-+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10410)
-+                          "Rewritten query string contains control "
-+                          "characters or spaces");
-+            return HTTP_FORBIDDEN;
-+        }
-+
-         if (ACTION_STATUS == rulestatus) {
-             int n = r->status;
- 
-@@ -5013,6 +5024,17 @@ static int hook_fixup(request_rec *r)
-     if (rulestatus) {
-         unsigned skip;
- 
-+        if (r->args && *(ap_scan_vchar_obstext(r->args))) {
-+            /*
-+             * We have a raw control character or a ' ' in r->args.
-+             * Correct encoding was missed.
-+             */
-+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10411)
-+                          "Rewritten query string contains control "
-+                          "characters or spaces");
-+            return HTTP_FORBIDDEN;
-+        }
-+
-         if (ACTION_STATUS == rulestatus) {
-             int n = r->status;
- 
-diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
-index 1449acad733..e46bd903a36 100644
---- a/modules/proxy/mod_proxy_ajp.c
-+++ b/modules/proxy/mod_proxy_ajp.c
-@@ -69,6 +69,16 @@ static int proxy_ajp_canon(request_rec *r, char *url)
-         path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
-                                  r->proxyreq);
-         search = r->args;
-+        if (search && *(ap_scan_vchar_obstext(search))) {
-+            /*
-+             * We have a raw control character or a ' ' in r->args.
-+             * Correct encoding was missed.
-+             */
-+             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
-+                           "To be forwarded query string contains control "
-+                           "characters or spaces");
-+             return HTTP_FORBIDDEN;
-+        }
-     }
-     if (path == NULL)
-         return HTTP_BAD_REQUEST;
-diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
-index f6fb6345ae3..7f990084336 100644
---- a/modules/proxy/mod_proxy_balancer.c
-+++ b/modules/proxy/mod_proxy_balancer.c
-@@ -106,6 +106,16 @@ static int proxy_balancer_canon(request_rec *r, char *url)
-         path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
-                                  r->proxyreq);
-         search = r->args;
-+        if (search && *(ap_scan_vchar_obstext(search))) {
-+            /*
-+             * We have a raw control character or a ' ' in r->args.
-+             * Correct encoding was missed.
-+             */
-+             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
-+                           "To be forwarded query string contains control "
-+                           "characters or spaces");
-+             return HTTP_FORBIDDEN;
-+        }
-     }
-     if (path == NULL)
-         return HTTP_BAD_REQUEST;
-diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
-index ec4e7fb06b5..51d19a0a21b 100644
---- a/modules/proxy/mod_proxy_http.c
-+++ b/modules/proxy/mod_proxy_http.c
-@@ -125,6 +125,16 @@ static int proxy_http_canon(request_rec *r, char *url)
-             path = ap_proxy_canonenc(r->pool, url, strlen(url),
-                                      enc_path, 0, r->proxyreq);
-             search = r->args;
-+            if (search && *(ap_scan_vchar_obstext(search))) {
-+                /*
-+                 * We have a raw control character or a ' ' in r->args.
-+                 * Correct encoding was missed.
-+                 */
-+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
-+                              "To be forwarded query string contains control "
-+                              "characters or spaces");
-+                return HTTP_FORBIDDEN;
-+            }
-         }
-         break;
-     case PROXYREQ_PROXY:
-diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
-index bcbba42f9a4..88f86a49dbb 100644
---- a/modules/proxy/mod_proxy_wstunnel.c
-+++ b/modules/proxy/mod_proxy_wstunnel.c
-@@ -114,6 +114,16 @@ static int proxy_wstunnel_canon(request_rec *r, char *url)
-         path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
-                                  r->proxyreq);
-         search = r->args;
-+        if (search && *(ap_scan_vchar_obstext(search))) {
-+            /*
-+             * We have a raw control character or a ' ' in r->args.
-+             * Correct encoding was missed.
-+             */
-+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
-+                          "To be forwarded query string contains control "
-+                          "characters or spaces");
-+            return HTTP_FORBIDDEN;
-+        }
-     }
-     if (path == NULL)
-         return HTTP_BAD_REQUEST;
-