Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8 debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-07 02:04:07 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-07 02:04:07 +0000
commit: 1221c736f9a90756d47ea6d28320b6b83602dd2a (patch)
tree: b453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2021-40438.patch
parent: Adding upstream version 2.4.38. (diff)
download: apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.tar.xz
apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.zip
1 files changed, 124 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-40438.patch b/debian/patches/CVE-2021-40438.patch
new file mode 100644
index 0000000..8cf60a7
--- /dev/null
+++ b/debian/patches/CVE-2021-40438.patch
@@ -0,0 +1,124 @@
+Description: Backport of the following patches:
+Origin: upstream,
+ https://github.com/apache/httpd/commit/496c863776c68bd08cdbeb7d8fa5935ba63b76c2
+ https://github.com/apache/httpd/commit/d4901cb32133bc0e59ad193a29d1665597080d67
+ https://github.com/apache/httpd/commit/81a8b0133b46c4cf7dfc4b5476ad46eb34aa0a5c
+ https://github.com/apache/httpd/commit/6e768a811c59ca6a0769b72681aaef381823339f
+Forwarded: not-needed
+Reviewed-By: Moritz Muehlenhoff <jmm@inutil.org>
+Last-Update: 2021-09-30
+
+--- a/modules/mappers/mod_rewrite.c
++++ b/modules/mappers/mod_rewrite.c
+@@ -620,6 +620,13 @@
+             return 6;
+         }
+         break;
++
++    case 'u':
++    case 'U':
++        if (!ap_cstr_casecmpn(uri, "nix:", 4)) {        /* unix:     */
++            *sqs = 1;
++            return (uri[4] == '/' && uri[5] == '/') ? 7 : 5;
++        }
+     }
+ 
+     return 0;
+--- a/modules/proxy/mod_proxy.c
++++ b/modules/proxy/mod_proxy.c
+@@ -1690,7 +1690,7 @@
+      * the UDS path... ignore it
+      */
+     if (!strncasecmp(url, "unix:", 5) &&
+-        ((ptr = ap_strchr_c(url, '|')) != NULL)) {
++        ((ptr = ap_strchr_c(url + 5, '|')) != NULL)) {
+         /* move past the 'unix:...|' UDS path info */
+         const char *ret, *c;
+ 
+--- a/modules/proxy/proxy_util.c
++++ b/modules/proxy/proxy_util.c
+@@ -2077,33 +2077,43 @@
+  * were passed a UDS url (eg: from mod_proxy) and adjust uds_path
+  * as required.  
+  */
+-static void fix_uds_filename(request_rec *r, char **url) 
++static int fix_uds_filename(request_rec *r, char **url) 
+ {
+-    char *ptr, *ptr2;
+-    if (!r || !r->filename) return;
++    char *uds_url = r->filename + 6, *origin_url;
+ 
+     if (!strncmp(r->filename, "proxy:", 6) &&
+-            (ptr2 = ap_strcasestr(r->filename, "unix:")) &&
+-            (ptr = ap_strchr(ptr2, '|'))) {
++            !ap_cstr_casecmpn(uds_url, "unix:", 5) &&
++            (origin_url = ap_strchr(uds_url + 5, '|'))) {
++        char *uds_path = NULL;
++        apr_size_t url_len;
+         apr_uri_t urisock;
+         apr_status_t rv;
+-        *ptr = '\0';
+-        rv = apr_uri_parse(r->pool, ptr2, &urisock);
+-        if (rv == APR_SUCCESS) {
+-            char *rurl = ptr+1;
+-            char *sockpath = ap_runtime_dir_relative(r->pool, urisock.path);
+-            apr_table_setn(r->notes, "uds_path", sockpath);
+-            *url = apr_pstrdup(r->pool, rurl); /* so we get the scheme for the uds */
+-            /* r->filename starts w/ "proxy:", so add after that */
+-            memmove(r->filename+6, rurl, strlen(rurl)+1);
+-            ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
+-                    "*: rewrite of url due to UDS(%s): %s (%s)",
+-                    sockpath, *url, r->filename);
++
++        *origin_url = '\0';
++        rv = apr_uri_parse(r->pool, uds_url, &urisock);
++        *origin_url++ = '|';
++
++        if (rv == APR_SUCCESS && urisock.path && (!urisock.hostname
++                                                  || !urisock.hostname[0])) {
++            uds_path = ap_runtime_dir_relative(r->pool, urisock.path);
+         }
+-        else {
+-            *ptr = '|';
++        if (!uds_path) {
++            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10292)
++                    "Invalid proxy UDS filename (%s)", r->filename);
++            return 0;
+         }
++        apr_table_setn(r->notes, "uds_path", uds_path);
++
++        /* Remove the UDS path from *url and r->filename */
++        url_len = strlen(origin_url);
++        *url = apr_pstrmemdup(r->pool, origin_url, url_len);
++        memcpy(uds_url, *url, url_len + 1);
++
++        ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
++                "*: rewrite of url due to UDS(%s): %s (%s)",
++                uds_path, *url, r->filename);
+     }
++    return 1;
+ }
+ 
+ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
+@@ -2121,7 +2131,9 @@
+                           "%s: found worker %s for %s",
+                           (*worker)->s->scheme, (*worker)->s->name, *url);
+             *balancer = NULL;
+-            fix_uds_filename(r, url);
++            if (!fix_uds_filename(r, url)) {
++                return HTTP_INTERNAL_SERVER_ERROR;
++            }
+             access_status = OK;
+         }
+         else if (r->proxyreq == PROXYREQ_PROXY) {
+@@ -2152,7 +2164,9 @@
+                  * regarding the Connection header in the request.
+                  */
+                 apr_table_setn(r->subprocess_env, "proxy-nokeepalive", "1");
+-                fix_uds_filename(r, url);
++                if (!fix_uds_filename(r, url)) {
++                    return HTTP_INTERNAL_SERVER_ERROR;
++                }
+             }
+         }
+     }
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-07 02:04:07 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-07 02:04:07 +0000
commit	1221c736f9a90756d47ea6d28320b6b83602dd2a (patch)
tree	b453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2021-40438.patch
parent	Adding upstream version 2.4.38. (diff)
download	apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.tar.xz apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.zip