summaryrefslogtreecommitdiffstats
path: root/debian/patches/0057-CVE-2023-25690-Regression-3.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/0057-CVE-2023-25690-Regression-3.patch')
-rw-r--r--debian/patches/0057-CVE-2023-25690-Regression-3.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/debian/patches/0057-CVE-2023-25690-Regression-3.patch b/debian/patches/0057-CVE-2023-25690-Regression-3.patch
new file mode 100644
index 0000000..431f145
--- /dev/null
+++ b/debian/patches/0057-CVE-2023-25690-Regression-3.patch
@@ -0,0 +1,24 @@
+From 1a4aac3d209f4314bcb511d73cf12f8c25c8c984 Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Sat, 11 Mar 2023 21:29:11 +0000
+Subject: [PATCH] followup to r1908296: only for redirects
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908299 13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/mappers/mod_rewrite.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+Index: apache2/modules/mappers/mod_rewrite.c
+===================================================================
+--- apache2.orig/modules/mappers/mod_rewrite.c
++++ apache2/modules/mappers/mod_rewrite.c
+@@ -4708,8 +4708,7 @@ static int hook_uri2file(request_rec *r)
+ unsigned skip_absolute = is_absolute_uri(r->filename, NULL);
+ apr_size_t flen = r->filename ? strlen(r->filename) : 0;
+ int to_proxyreq = (flen > 6 && strncmp(r->filename, "proxy:", 6) == 0);
+- int will_escape = (to_proxyreq || skip_absolute)
+- && (rulestatus != ACTION_NOESCAPE);
++ int will_escape = skip_absolute && (rulestatus != ACTION_NOESCAPE);
+
+ if (r->args
+ && !will_escape