summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2019-10092.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/CVE-2019-10092.patch193
1 files changed, 0 insertions, 193 deletions
diff --git a/debian/patches/CVE-2019-10092.patch b/debian/patches/CVE-2019-10092.patch
deleted file mode 100644
index eb3352c..0000000
--- a/debian/patches/CVE-2019-10092.patch
+++ /dev/null
@@ -1,193 +0,0 @@
-Description: Fix for CVE-2019-10092
-Author: Stefan Eissing
-Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1864191
-Bug: https://security-tracker.debian.org/tracker/CVE-2019-10092
-Forwarded: not-needed
-Reviewed-By: Xavier Guimard <yadd@debian.org>
-Last-Update: 2019-10-11
-[Salvatore Bonaccorso: Add additional change from https://svn.apache.org/r1864699
-to add missing APLOGNO's in mod_proxy.c and mod_proxy_ftp.c]
---- a/modules/http/http_protocol.c
-+++ b/modules/http/http_protocol.c
-@@ -1132,13 +1132,10 @@
- "\">here</a>.</p>\n",
- NULL));
- case HTTP_USE_PROXY:
-- return(apr_pstrcat(p,
-- "<p>This resource is only accessible "
-- "through the proxy\n",
-- ap_escape_html(r->pool, location),
-- "<br />\nYou will need to configure "
-- "your client to use that proxy.</p>\n",
-- NULL));
-+ return("<p>This resource is only accessible "
-+ "through the proxy\n"
-+ "<br />\nYou will need to configure "
-+ "your client to use that proxy.</p>\n");
- case HTTP_PROXY_AUTHENTICATION_REQUIRED:
- case HTTP_UNAUTHORIZED:
- return("<p>This server could not verify that you\n"
-@@ -1154,34 +1151,20 @@
- "error-notes",
- "</p>\n"));
- case HTTP_FORBIDDEN:
-- s1 = apr_pstrcat(p,
-- "<p>You don't have permission to access ",
-- ap_escape_html(r->pool, r->uri),
-- "\non this server.<br />\n",
-- NULL);
-- return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
-+ return(add_optional_notes(r, "<p>You don't have permission to access this resource.", "error-notes", "</p>\n"));
- case HTTP_NOT_FOUND:
-- return(apr_pstrcat(p,
-- "<p>The requested URL ",
-- ap_escape_html(r->pool, r->uri),
-- " was not found on this server.</p>\n",
-- NULL));
-+ return("<p>The requested URL was not found on this server.</p>\n");
- case HTTP_METHOD_NOT_ALLOWED:
- return(apr_pstrcat(p,
- "<p>The requested method ",
- ap_escape_html(r->pool, r->method),
-- " is not allowed for the URL ",
-- ap_escape_html(r->pool, r->uri),
-- ".</p>\n",
-+ " is not allowed for this URL.</p>\n",
- NULL));
- case HTTP_NOT_ACCEPTABLE:
-- s1 = apr_pstrcat(p,
-- "<p>An appropriate representation of the "
-- "requested resource ",
-- ap_escape_html(r->pool, r->uri),
-- " could not be found on this server.</p>\n",
-- NULL);
-- return(add_optional_notes(r, s1, "variant-list", ""));
-+ return(add_optional_notes(r,
-+ "<p>An appropriate representation of the requested resource "
-+ "could not be found on this server.</p>\n",
-+ "variant-list", ""));
- case HTTP_MULTIPLE_CHOICES:
- return(add_optional_notes(r, "", "variant-list", ""));
- case HTTP_LENGTH_REQUIRED:
-@@ -1192,18 +1175,13 @@
- NULL);
- return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
- case HTTP_PRECONDITION_FAILED:
-- return(apr_pstrcat(p,
-- "<p>The precondition on the request "
-- "for the URL ",
-- ap_escape_html(r->pool, r->uri),
-- " evaluated to false.</p>\n",
-- NULL));
-+ return("<p>The precondition on the request "
-+ "for this URL evaluated to false.</p>\n");
- case HTTP_NOT_IMPLEMENTED:
- s1 = apr_pstrcat(p,
- "<p>",
-- ap_escape_html(r->pool, r->method), " to ",
-- ap_escape_html(r->pool, r->uri),
-- " not supported.<br />\n",
-+ ap_escape_html(r->pool, r->method), " ",
-+ " not supported for current URL.<br />\n",
- NULL);
- return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
- case HTTP_BAD_GATEWAY:
-@@ -1211,29 +1189,19 @@
- "response from an upstream server.<br />" CRLF;
- return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
- case HTTP_VARIANT_ALSO_VARIES:
-- return(apr_pstrcat(p,
-- "<p>A variant for the requested "
-- "resource\n<pre>\n",
-- ap_escape_html(r->pool, r->uri),
-- "\n</pre>\nis itself a negotiable resource. "
-- "This indicates a configuration error.</p>\n",
-- NULL));
-+ return("<p>A variant for the requested "
-+ "resource\n<pre>\n"
-+ "\n</pre>\nis itself a negotiable resource. "
-+ "This indicates a configuration error.</p>\n");
- case HTTP_REQUEST_TIME_OUT:
- return("<p>Server timeout waiting for the HTTP request from the client.</p>\n");
- case HTTP_GONE:
-- return(apr_pstrcat(p,
-- "<p>The requested resource<br />",
-- ap_escape_html(r->pool, r->uri),
-- "<br />\nis no longer available on this server "
-- "and there is no forwarding address.\n"
-- "Please remove all references to this "
-- "resource.</p>\n",
-- NULL));
-+ return("<p>The requested resource is no longer available on this server"
-+ " and there is no forwarding address.\n"
-+ "Please remove all references to this resource.</p>\n");
- case HTTP_REQUEST_ENTITY_TOO_LARGE:
- return(apr_pstrcat(p,
-- "The requested resource<br />",
-- ap_escape_html(r->pool, r->uri), "<br />\n",
-- "does not allow request data with ",
-+ "The requested resource does not allow request data with ",
- ap_escape_html(r->pool, r->method),
- " requests, or the amount of data provided in\n"
- "the request exceeds the capacity limit.\n",
-@@ -1317,11 +1285,9 @@
- "the Server Name Indication (SNI) in use for this\n"
- "connection.</p>\n");
- case HTTP_UNAVAILABLE_FOR_LEGAL_REASONS:
-- s1 = apr_pstrcat(p,
-- "<p>Access to ", ap_escape_html(r->pool, r->uri),
-- "\nhas been denied for legal reasons.<br />\n",
-- NULL);
-- return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
-+ return(add_optional_notes(r,
-+ "<p>Access to this URL has been denied for legal reasons.<br />\n",
-+ "error-notes", "</p>\n"));
- default: /* HTTP_INTERNAL_SERVER_ERROR */
- /*
- * This comparison to expose error-notes could be modified to
---- a/modules/proxy/mod_proxy.c
-+++ b/modules/proxy/mod_proxy.c
-@@ -1049,9 +1049,10 @@
- char *end;
- maxfwd = apr_strtoi64(str, &end, 10);
- if (maxfwd < 0 || maxfwd == APR_INT64_MAX || *end) {
-- return ap_proxyerror(r, HTTP_BAD_REQUEST,
-- apr_psprintf(r->pool,
-- "Max-Forwards value '%s' could not be parsed", str));
-+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10188)
-+ "Max-Forwards value '%s' could not be parsed", str);
-+ return ap_proxyerror(r, HTTP_BAD_REQUEST,
-+ "Max-Forwards request header could not be parsed");
- }
- else if (maxfwd == 0) {
- switch (r->method_number) {
---- a/modules/proxy/mod_proxy_ftp.c
-+++ b/modules/proxy/mod_proxy_ftp.c
-@@ -1024,8 +1024,9 @@
- /* We break the URL into host, port, path-search */
- if (r->parsed_uri.hostname == NULL) {
- if (APR_SUCCESS != apr_uri_parse(p, url, &uri)) {
-- return ap_proxyerror(r, HTTP_BAD_REQUEST,
-- apr_psprintf(p, "URI cannot be parsed: %s", url));
-+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10189)
-+ "URI cannot be parsed: %s", url);
-+ return ap_proxyerror(r, HTTP_BAD_REQUEST, "URI cannot be parsed");
- }
- connectname = uri.hostname;
- connectport = uri.port;
---- a/modules/proxy/proxy_util.c
-+++ b/modules/proxy/proxy_util.c
-@@ -368,12 +368,9 @@
-
- PROXY_DECLARE(int) ap_proxyerror(request_rec *r, int statuscode, const char *message)
- {
-- const char *uri = ap_escape_html(r->pool, r->uri);
- apr_table_setn(r->notes, "error-notes",
- apr_pstrcat(r->pool,
-- "The proxy server could not handle the request <em><a href=\"",
-- uri, "\">", ap_escape_html(r->pool, r->method), "&nbsp;", uri,
-- "</a></em>.<p>\n"
-+ "The proxy server could not handle the request<p>"
- "Reason: <strong>", ap_escape_html(r->pool, message),
- "</strong></p>",
- NULL));