From 400a302e8bca4ad2bbef3bb38737680ef8fb53cd Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 1 Feb 2012 07:25:24 +0000
Subject: main/apache2: security upgrade to 2.2.22 (CVE-2012-0021,
 CVE-2012-0031, CVE-2012-0053, CVE-2011-3368)

low: mod_log_config crash CVE-2012-0021
low: scoreboard parent DoS CVE-2012-0031
moderate: error responses can expose cookies CVE-2012-0053
moderate: mod_proxy reverse proxy exposure CVE-2011-3368

This release also include the previosly patched:
low: mod_setenvif .htaccess privilege escalation CVE-2011-3607
moderate: mod_proxy reverse proxy exposure CVE-2011-4317

fixes #982
---
 main/apache2/CVE-2011-4317.patch | 36 ------------------------------------
 1 file changed, 36 deletions(-)
 delete mode 100644 main/apache2/CVE-2011-4317.patch

(limited to 'main/apache2/CVE-2011-4317.patch')

diff --git a/main/apache2/CVE-2011-4317.patch b/main/apache2/CVE-2011-4317.patch
deleted file mode 100644
index 698b2eb7ab..0000000000
--- a/main/apache2/CVE-2011-4317.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Index: modules/proxy/mod_proxy.c
-===================================================================
---- httpd-2.2.21/modules/proxy/mod_proxy.c	(revision 1179633)
-+++ httpd-2.2.21/modules/proxy/mod_proxy.c	(working copy)
-@@ -566,6 +566,13 @@
-         return OK;
-     }
- 
-+    /* Check that the URI is valid. */
-+    if (!r->uri  || r->uri[0] != '/') {
-+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-+                     "Invalid URI in request %s", r->the_request);
-+        return HTTP_BAD_REQUEST;
-+    }
-+
-     /* XXX: since r->uri has been manipulated already we're not really
-      * compliant with RFC1945 at this point.  But this probably isn't
-      * an issue because this is a hybrid proxy/origin server.
-Index: modules/mappers/mod_rewrite.c
-===================================================================
---- httpd-2.2.21/modules/mappers/mod_rewrite.c	(revision 1179633)
-+++ httpd-2.2.21/modules/mappers/mod_rewrite.c	(working copy)
-@@ -4266,6 +4266,13 @@
-         return DECLINED;
-     }
- 
-+    /* Check that the URI is valid. */
-+    if (!r->uri || r->uri[0] != '/') {
-+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-+                     "Invalid URI in request %s", r->the_request);
-+        return HTTP_BAD_REQUEST;
-+    }
-+    
-     /*
-      *  add the SCRIPT_URL variable to the env. this is a bit complicated
-      *  due to the fact that apache uses subrequests and internal redirects
-- 
cgit v1.2.3