1 files changed, 0 insertions, 45 deletions

diff --git a/debian/patches/CVE-2020-11984.patch b/debian/patches/CVE-2020-11984.patch
deleted file mode 100644
index 409f958..0000000
--- a/debian/patches/CVE-2020-11984.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Description: fix error out on HTTP header larger than 16K
- The uwsgi protocol does not let us serialize more than 16K of HTTP header,
- so fail early with 500 if it happens.
-Author: ylavic
-Origin: upstream, https://github.com/apache/httpd/commit/0c543e3f
-Bug: https://security-tracker.debian.org/tracker/CVE-2020-11984
-Forwarded: not-needed
-Reviewed-By: Xavier Guimard <yadd@debian.org>
-Last-Update: 2020-08-25
-
---- a/modules/proxy/mod_proxy_uwsgi.c
-+++ b/modules/proxy/mod_proxy_uwsgi.c
-@@ -136,7 +136,7 @@
-     int j;
- 
-     apr_size_t headerlen = 4;
--    apr_uint16_t pktsize, keylen, vallen;
-+    apr_size_t pktsize, keylen, vallen;
-     const char *script_name;
-     const char *path_info;
-     const char *auth;
-@@ -177,6 +177,14 @@
-     for (j = 0; j < env_table->nelts; ++j) {
-         headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val);
-     }
-+    pktsize = headerlen - 4;
-+    if (pktsize > APR_UINT16_MAX) {
-+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10259)
-+                      "can't send headers to %s:%u: packet size too "
-+                      "large (%" APR_SIZE_T_FMT ")",
-+                      conn->hostname, conn->port, pktsize);
-+        return HTTP_INTERNAL_SERVER_ERROR;
-+    }
- 
-     ptr = buf = apr_palloc(r->pool, headerlen);
- 
-@@ -196,8 +204,6 @@
-         ptr += vallen;
-     }
- 
--    pktsize = headerlen - 4;
--
-     buf[0] = 0;
-     buf[1] = (apr_byte_t) (pktsize & 0xff);
-     buf[2] = (apr_byte_t) ((pktsize >> 8) & 0xff);