summaryrefslogtreecommitdiffstats
path: root/debian/patches/0055-CVE-2023-25690-Regression-1.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/0055-CVE-2023-25690-Regression-1.patch131
1 files changed, 0 insertions, 131 deletions
diff --git a/debian/patches/0055-CVE-2023-25690-Regression-1.patch b/debian/patches/0055-CVE-2023-25690-Regression-1.patch
deleted file mode 100644
index d57a71c..0000000
--- a/debian/patches/0055-CVE-2023-25690-Regression-1.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-From 815cf05bb2d506f44a35b65e93de393d5410c779 Mon Sep 17 00:00:00 2001
-From: Yann Ylavic <ylavic@apache.org>
-Date: Tue, 1 Mar 2022 13:26:03 +0000
-Subject: [PATCH] mod_rewrite: URI-to-filename rewrites to transparently handle
- proxy mappings.
-
-Since mod_rewrite works on r->filename and mod_proxy's mapping=servlet|decoded
-sets its "proxy:" URL there at pre_translate_name stage (i.e. before
-mod_rewrite's translate_name hook), users have to match the full proxy URL in
-their RewriteRules to handle proxy mappings, which is not very friendly nor
-consistent with how proxy non-mapping requests have to be matched.
-
-Let's use r->filename = r->uri in hook_uri2file() for pre_trans'ed reverse
-proxy requests, and restore r->filename to its original value if the request
-was finally DECLINED (like in hook_fixup).
-
-But if a proxy mapping gets rewritten to a non-proxy request, clear any
-proxy specific r->proxyreq or r->handler so that processing continues
-accordingly.
-
-
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898509 13f79535-47bb-0310-9956-ffa450edef68
----
- changes-entries/rewrite_vs_proxy_mapping.txt | 2 ++
- modules/mappers/mod_rewrite.c | 38 +++++++++++++++-----
- 2 files changed, 32 insertions(+), 8 deletions(-)
- create mode 100644 changes-entries/rewrite_vs_proxy_mapping.txt
-
-Index: apache2/changes-entries/rewrite_vs_proxy_mapping.txt
-===================================================================
---- /dev/null
-+++ apache2/changes-entries/rewrite_vs_proxy_mapping.txt
-@@ -0,0 +1,2 @@
-+ *) mod_rewrite: Make URI-to-filename rewrites work transparently with
-+ proxy early mappings (mapping=servlet/decoded). [Yann Ylavic]
-\ No newline at end of file
-Index: apache2/modules/mappers/mod_rewrite.c
-===================================================================
---- apache2.orig/modules/mappers/mod_rewrite.c
-+++ apache2/modules/mappers/mod_rewrite.c
-@@ -4575,6 +4575,7 @@ static int hook_uri2file(request_rec *r)
- unsigned int port;
- int rulestatus;
- void *skipdata;
-+ char *ofilename;
- const char *oargs;
-
- /*
-@@ -4628,7 +4629,10 @@ static int hook_uri2file(request_rec *r)
- /*
- * remember the original query string for later check, since we don't
- * want to apply URL-escaping when no substitution has changed it.
-+ * also, we'll restore original r->filename if we decline this
-+ * request.
- */
-+ ofilename = r->filename;
- oargs = r->args;
-
- /*
-@@ -4671,13 +4675,15 @@ static int hook_uri2file(request_rec *r)
- apr_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URI, var);
-
- if (!(saved_rulestatus = apr_table_get(r->notes,"mod_rewrite_rewritten"))) {
-- /* if filename was not initially set,
-- * we start with the requested URI
-+ /* If r->filename was not initially set or if it's a pre_trans reverse
-+ * "proxy:" scheme, we start with the requested URI.
- */
-- if (r->filename == NULL) {
-+ if (r->filename == NULL || (r->proxyreq == PROXYREQ_REVERSE &&
-+ strncmp(r->filename, "proxy:", 6) == 0)) {
- r->filename = apr_pstrdup(r->pool, r->uri);
-- rewritelog((r, 2, NULL, "init rewrite engine with requested uri %s",
-- r->filename));
-+ rewritelog((r, 2, NULL, "init rewrite engine with requested uri "
-+ "%s. Original filename = %s", r->filename,
-+ ((ofilename) ? ofilename : "n/a")));
- }
- else {
- rewritelog((r, 2, NULL, "init rewrite engine with passed filename "
-@@ -4701,6 +4707,7 @@ static int hook_uri2file(request_rec *r)
- if (rulestatus) {
- unsigned skip;
- apr_size_t flen;
-+ int to_proxyreq;
-
- if (r->args && *(ap_scan_vchar_obstext(r->args))) {
- /*
-@@ -4721,7 +4728,19 @@ static int hook_uri2file(request_rec *r)
- }
-
- flen = r->filename ? strlen(r->filename) : 0;
-- if (flen > 6 && strncmp(r->filename, "proxy:", 6) == 0) {
-+ to_proxyreq = (flen > 6 && strncmp(r->filename, "proxy:", 6) == 0);
-+
-+ /* If a pre_trans reverse "proxy:" filename gets rewritten to
-+ * a non-proxy one this is not a proxy request anymore.
-+ */
-+ if (r->proxyreq == PROXYREQ_REVERSE && !to_proxyreq) {
-+ if (r->handler && strcmp(r->handler, "proxy-server") == 0) {
-+ r->handler = NULL;
-+ }
-+ r->proxyreq = PROXYREQ_NONE;
-+ }
-+
-+ if (to_proxyreq) {
- /* it should be go on as an internal proxy request */
-
- /* check if the proxy module is enabled, so
-@@ -4888,7 +4907,9 @@ static int hook_uri2file(request_rec *r)
- }
- }
- else {
-- rewritelog((r, 1, NULL, "pass through %s", r->filename));
-+ rewritelog((r, 1, NULL, "pass through %s, filename %s",
-+ r->filename, ((ofilename) ? ofilename : "n/a")));
-+ r->filename = ofilename;
- return DECLINED;
- }
- }
-@@ -5234,7 +5255,8 @@ static int hook_fixup(request_rec *r)
- }
- }
- else {
-- rewritelog((r, 1, dconf->directory, "pass through %s", r->filename));
-+ rewritelog((r, 1, dconf->directory, "pass through %s, filename %s",
-+ r->filename, ((ofilename) ? ofilename : "n/a")));
- r->filename = ofilename;
- return DECLINED;
- }