| 1 |
commit: 68bf261f5deea91855076a07330793f455475242 |
| 2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Wed May 28 07:41:36 2014 +0000 |
| 4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed May 28 07:41:36 2014 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commit;h=68bf261f |
| 7 |
|
| 8 |
Removed obsolete patch for CVE-2011-3368 (bug #511656). |
| 9 |
|
| 10 |
--- |
| 11 |
.../25_all-apply_to_2.2.21-CVE-2011-3368.patch | 34 ---------------------- |
| 12 |
.../25_all-apply_to_2.2.21-CVE-2011-3368.patch | 34 ---------------------- |
| 13 |
2 files changed, 68 deletions(-) |
| 14 |
|
| 15 |
diff --git a/2.2/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch b/2.2/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch |
| 16 |
deleted file mode 100644 |
| 17 |
index e8125d9..0000000 |
| 18 |
--- a/2.2/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch |
| 19 |
+++ /dev/null |
| 20 |
@@ -1,34 +0,0 @@ |
| 21 |
- |
| 22 |
-SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some |
| 23 |
-reverse proxy configurations by strictly validating the request-URI. |
| 24 |
- |
| 25 |
-http://svn.apache.org/viewvc?rev=1179239&view=rev |
| 26 |
- |
| 27 |
---- httpd-2.2.21/server/protocol.c |
| 28 |
-+++ httpd-2.2.21/server/protocol.c |
| 29 |
-@@ -640,6 +640,25 @@ |
| 30 |
- |
| 31 |
- ap_parse_uri(r, uri); |
| 32 |
- |
| 33 |
-+ /* RFC 2616: |
| 34 |
-+ * Request-URI = "*" | absoluteURI | abs_path | authority |
| 35 |
-+ * |
| 36 |
-+ * authority is a special case for CONNECT. If the request is not |
| 37 |
-+ * using CONNECT, and the parsed URI does not have scheme, and |
| 38 |
-+ * it does not begin with '/', and it is not '*', then, fail |
| 39 |
-+ * and give a 400 response. */ |
| 40 |
-+ if (r->method_number != M_CONNECT |
| 41 |
-+ && !r->parsed_uri.scheme |
| 42 |
-+ && uri[0] != '/' |
| 43 |
-+ && !(uri[0] == '*' && uri[1] == '\0')) { |
| 44 |
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
| 45 |
-+ "invalid request-URI %s", uri); |
| 46 |
-+ r->args = NULL; |
| 47 |
-+ r->hostname = NULL; |
| 48 |
-+ r->status = HTTP_BAD_REQUEST; |
| 49 |
-+ r->uri = apr_pstrdup(r->pool, uri); |
| 50 |
-+ } |
| 51 |
-+ |
| 52 |
- if (ll[0]) { |
| 53 |
- r->assbackwards = 0; |
| 54 |
- pro = ll; |
| 55 |
|
| 56 |
diff --git a/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch |
| 57 |
deleted file mode 100644 |
| 58 |
index e8125d9..0000000 |
| 59 |
--- a/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch |
| 60 |
+++ /dev/null |
| 61 |
@@ -1,34 +0,0 @@ |
| 62 |
- |
| 63 |
-SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some |
| 64 |
-reverse proxy configurations by strictly validating the request-URI. |
| 65 |
- |
| 66 |
-http://svn.apache.org/viewvc?rev=1179239&view=rev |
| 67 |
- |
| 68 |
---- httpd-2.2.21/server/protocol.c |
| 69 |
-+++ httpd-2.2.21/server/protocol.c |
| 70 |
-@@ -640,6 +640,25 @@ |
| 71 |
- |
| 72 |
- ap_parse_uri(r, uri); |
| 73 |
- |
| 74 |
-+ /* RFC 2616: |
| 75 |
-+ * Request-URI = "*" | absoluteURI | abs_path | authority |
| 76 |
-+ * |
| 77 |
-+ * authority is a special case for CONNECT. If the request is not |
| 78 |
-+ * using CONNECT, and the parsed URI does not have scheme, and |
| 79 |
-+ * it does not begin with '/', and it is not '*', then, fail |
| 80 |
-+ * and give a 400 response. */ |
| 81 |
-+ if (r->method_number != M_CONNECT |
| 82 |
-+ && !r->parsed_uri.scheme |
| 83 |
-+ && uri[0] != '/' |
| 84 |
-+ && !(uri[0] == '*' && uri[1] == '\0')) { |
| 85 |
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
| 86 |
-+ "invalid request-URI %s", uri); |
| 87 |
-+ r->args = NULL; |
| 88 |
-+ r->hostname = NULL; |
| 89 |
-+ r->status = HTTP_BAD_REQUEST; |
| 90 |
-+ r->uri = apr_pstrdup(r->pool, uri); |
| 91 |
-+ } |
| 92 |
-+ |
| 93 |
- if (ll[0]) { |
| 94 |
- r->assbackwards = 0; |
| 95 |
- pro = ll; |
Archives