1 files changed, 0 insertions, 206 deletions

diff --git a/debian/patches/CVE-2021-44224-1.patch b/debian/patches/CVE-2021-44224-1.patch
deleted file mode 100644
index 0f540c8..0000000
--- a/debian/patches/CVE-2021-44224-1.patch
+++ /dev/null
@@ -1,206 +0,0 @@
-Description: CVE-2021-44224
-Author: Yann Ylavic <ylavic@apache.org>
-Origin: upstream, https://github.com/apache/httpd/commit/a962ba73
-Bug: https://security-tracker.debian.org/tracker/CVE-2021-44224
-Forwarded: not-needed
-Reviewed-By: Yadd <yadd@debian.org>
-Last-Update: 2021-12-21
-
---- a/include/http_protocol.h
-+++ b/include/http_protocol.h
-@@ -75,6 +75,13 @@
- AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r,
-                                           apr_bucket_brigade *bb);
- 
-+/**
-+ * Run post_read_request hook and validate.
-+ * @param r The current request
-+ * @return OK or HTTP_...
-+ */
-+AP_DECLARE(int) ap_post_read_request(request_rec *r);
-+
- /* Finish up stuff after a request */
- 
- /**
---- a/modules/http/http_request.c
-+++ b/modules/http/http_request.c
-@@ -681,7 +681,7 @@
-      * to do their thing on internal redirects as well.  Perhaps this is a
-      * misnamed function.
-      */
--    if ((access_status = ap_run_post_read_request(new))) {
-+    if ((access_status = ap_post_read_request(new))) {
-         ap_die(access_status, new);
-         return NULL;
-     }
---- a/modules/http2/h2_request.c
-+++ b/modules/http2/h2_request.c
-@@ -337,7 +337,7 @@
-                                NULL, r, r->connection);
-     
-     if (access_status != HTTP_OK
--        || (access_status = ap_run_post_read_request(r))) {
-+        || (access_status = ap_post_read_request(r))) {
-         /* Request check post hooks failed. An example of this would be a
-          * request for a vhost where h2 is disabled --> 421.
-          */
---- a/modules/proxy/mod_proxy.c
-+++ b/modules/proxy/mod_proxy.c
-@@ -576,13 +576,13 @@
- 
-     /* Ick... msvc (perhaps others) promotes ternary short results to int */
- 
--    if (conf->req && r->parsed_uri.scheme) {
-+    if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
-         /* but it might be something vhosted */
--        if (!(r->parsed_uri.hostname
--              && !strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r))
--              && ap_matches_request_vhost(r, r->parsed_uri.hostname,
--                                          (apr_port_t)(r->parsed_uri.port_str ? r->parsed_uri.port
--                                                       : ap_default_port(r))))) {
-+        if (strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
-+            || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
-+                                         (apr_port_t)(r->parsed_uri.port_str
-+                                                      ? r->parsed_uri.port
-+                                                      : ap_default_port(r)))) {
-             r->proxyreq = PROXYREQ_PROXY;
-             r->uri = r->unparsed_uri;
-             r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
-@@ -1722,6 +1722,7 @@
-     struct proxy_alias *new;
-     char *f = cmd->path;
-     char *r = NULL;
-+    const char *real;
-     char *word;
-     apr_table_t *params = apr_table_make(cmd->pool, 5);
-     const apr_array_header_t *arr;
-@@ -1787,6 +1788,10 @@
-     if (r == NULL) {
-         return "ProxyPass|ProxyPassMatch needs a path when not defined in a location";
-     }
-+    if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, r))) {
-+        return "ProxyPass|ProxyPassMatch uses an invalid \"unix:\" URL";
-+    }
-+
- 
-     /* if per directory, save away the single alias */
-     if (cmd->path) {
-@@ -1803,7 +1808,7 @@
-     }
- 
-     new->fake = apr_pstrdup(cmd->pool, f);
--    new->real = apr_pstrdup(cmd->pool, ap_proxy_de_socketfy(cmd->pool, r));
-+    new->real = apr_pstrdup(cmd->pool, real);
-     new->flags = flags;
-     if (use_regex) {
-         new->regex = ap_pregcomp(cmd->pool, f, AP_REG_EXTENDED);
-@@ -2280,6 +2285,7 @@
-     proxy_worker *worker;
-     char *path = cmd->path;
-     char *name = NULL;
-+    const char *real;
-     char *word;
-     apr_table_t *params = apr_table_make(cmd->pool, 5);
-     const apr_array_header_t *arr;
-@@ -2320,6 +2326,9 @@
-         return "BalancerMember must define balancer name when outside <Proxy > section";
-     if (!name)
-         return "BalancerMember must define remote proxy server";
-+    if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
-+        return "BalancerMember uses an invalid \"unix:\" URL";
-+    }
- 
-     ap_str_tolower(path);   /* lowercase scheme://hostname */
- 
-@@ -2332,7 +2341,7 @@
-     }
- 
-     /* Try to find existing worker */
--    worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf, ap_proxy_de_socketfy(cmd->temp_pool, name));
-+    worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf, real);
-     if (!worker) {
-         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, APLOGNO(01147)
-                      "Defining worker '%s' for balancer '%s'",
-@@ -2421,7 +2430,14 @@
-         }
-     }
-     else {
--        worker = ap_proxy_get_worker(cmd->temp_pool, NULL, conf, ap_proxy_de_socketfy(cmd->temp_pool, name));
-+        const char *real;
-+
-+        if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
-+            return "ProxySet uses an invalid \"unix:\" URL";
-+        }
-+
-+        worker = ap_proxy_get_worker(cmd->temp_pool, NULL, conf,
-+                                real);
-         if (!worker) {
-             if (in_proxy_section) {
-                 err = ap_proxy_define_worker(cmd->pool, &worker, NULL,
-@@ -2563,8 +2579,14 @@
-             }
-         }
-         else {
-+            const char *real;
-+
-+            if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, conf->p))) {
-+                return "<Proxy/ProxyMatch > uses an invalid \"unix:\" URL";
-+            }
-+
-             worker = ap_proxy_get_worker(cmd->temp_pool, NULL, sconf,
--                                         ap_proxy_de_socketfy(cmd->temp_pool, (char*)conf->p));
-+                                         real);
-             if (!worker) {
-                 err = ap_proxy_define_worker(cmd->pool, &worker, NULL,
-                                           sconf, conf->p, 0);
---- a/modules/proxy/proxy_util.c
-+++ b/modules/proxy/proxy_util.c
-@@ -1662,6 +1662,9 @@
-     }
- 
-     url = ap_proxy_de_socketfy(p, url);
-+    if (!url) {
-+        return NULL;
-+    }
- 
-     c = ap_strchr_c(url, ':');
-     if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0') {
---- a/server/protocol.c
-+++ b/server/protocol.c
-@@ -1465,7 +1465,7 @@
-                                NULL, r, r->connection);
- 
-     if (access_status != HTTP_OK
--        || (access_status = ap_run_post_read_request(r))) {
-+        || (access_status = ap_post_read_request(r))) {
-         ap_die(access_status, r);
-         ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
-         ap_run_log_transaction(r);
-@@ -1503,6 +1503,27 @@
-     return r;
- }
- 
-+AP_DECLARE(int) ap_post_read_request(request_rec *r)
-+{
-+    int status;
-+
-+    if ((status = ap_run_post_read_request(r))) {
-+        return status;
-+    }
-+
-+    /* Enforce http(s) only scheme for non-forward-proxy requests */
-+    if (!r->proxyreq
-+            && r->parsed_uri.scheme
-+            && (ap_cstr_casecmpn(r->parsed_uri.scheme, "http", 4) != 0
-+                || (r->parsed_uri.scheme[4] != '\0'
-+                    && (apr_tolower(r->parsed_uri.scheme[4]) != 's'
-+                        || r->parsed_uri.scheme[5] != '\0')))) {
-+        return HTTP_BAD_REQUEST;
-+    }
-+
-+    return OK;
-+}
-+
- /* if a request with a body creates a subrequest, remove original request's
-  * input headers which pertain to the body which has already been read.
-  * out-of-line helper function for ap_set_sub_req_protocol.