diff options
Diffstat (limited to '')
| -rw-r--r-- | debian/patches/CVE-2019-0215.patch | 52 |
1 files changed, 0 insertions, 52 deletions
diff --git a/debian/patches/CVE-2019-0215.patch b/debian/patches/CVE-2019-0215.patch deleted file mode 100644 index 6c0461e..0000000 --- a/debian/patches/CVE-2019-0215.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 84edf5f49db23ced03259812bbf9426685f7d82a Mon Sep 17 00:00:00 2001 -From: Joe Orton <jorton@apache.org> -Date: Wed, 20 Mar 2019 15:45:16 +0000 -Subject: [PATCH] Merge r1855849 from trunk: - -* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access_modern): Correctly - restore SSL verify state after PHA failure in TLSv1.3. - -Submitted by: Michael Kaufmann <mail michael-kaufmann.ch> -Reviewed by: jorton, covener, jim - - -git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855917 13f79535-47bb-0310-9956-ffa450edef68 ---- - CHANGES | 3 +++ - modules/ssl/ssl_engine_kernel.c | 2 ++ - 2 files changed, 5 insertions(+) - -#diff --git a/CHANGES b/CHANGES -#index 6b03eadfa07..6f20d688ece 100644 -#--- a/CHANGES -#+++ b/CHANGES -#@@ -1,6 +1,9 @@ -# -*- coding: utf-8 -*- -# Changes with Apache 2.4.39 -# -#+ *) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure. -#+ [Michael Kaufmann <mail michael-kaufmann.ch>] -#+ -# *) mod_log_config: Support %{c}h for conn-hostname, %h for useragent_host -# PR 55348 -# -Index: apache2-2.4.38/modules/ssl/ssl_engine_kernel.c -=================================================================== ---- apache2-2.4.38.orig/modules/ssl/ssl_engine_kernel.c 2019-04-03 14:31:14.279214679 -0400 -+++ apache2-2.4.38/modules/ssl/ssl_engine_kernel.c 2019-04-03 14:31:14.279214679 -0400 -@@ -1154,6 +1154,7 @@ static int ssl_hook_Access_modern(reques - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server); - apr_table_setn(r->notes, "error-notes", - "Reason: Cannot perform Post-Handshake Authentication.<br />"); -+ SSL_set_verify(ssl, vmode_inplace, NULL); - return HTTP_FORBIDDEN; - } - -@@ -1175,6 +1176,7 @@ static int ssl_hook_Access_modern(reques - * Finally check for acceptable renegotiation results - */ - if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) { -+ SSL_set_verify(ssl, vmode_inplace, NULL); - return rc; - } - } |