[apache2] 06/07: patch for CVE-2015-0253, introduced in 2.4.11

[Stefan Fritsch]

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch master
in repository apache2.

commit 257d1ec57aae6d60ba89cee8308b780cc9ddf192
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Tue Apr 28 22:48:01 2015 +0200

    patch for CVE-2015-0253, introduced in 2.4.11
---
 debian/changelog                                |  2 ++
 debian/patches/CVE-2015-0253_ErrorDocument.diff | 42 +++++++++++++++++++++++++
 debian/patches/series                           |  6 ++--
 3 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index df624ec..98f94cc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 apache2 (2.4.12-1) UNRELEASED; urgency=medium
 
   * New upstream version
+  * Add a patch for CVE-2015-0253 which was introduced in 2.4.11 which
+    was never shipped in Debian.
   * Ship mod_proxy_html's default config file. Closes: #782022
   * Fix typo in dh_apache2 man page. Closes: #781032
 
diff --git a/debian/patches/CVE-2015-0253_ErrorDocument.diff b/debian/patches/CVE-2015-0253_ErrorDocument.diff
new file mode 100644
index 0000000..36a9581
--- /dev/null
+++ b/debian/patches/CVE-2015-0253_ErrorDocument.diff
@@ -0,0 +1,42 @@
+#commit 9a6f9bcf9594bc946d23b9a27e3510488e9f94a9
+#Author: Eric Covener <covener at apache.org>
+#Date:   Tue Mar 24 13:08:44 2015 +0000
+#
+#    Merge r1664205 from trunk:
+#    
+#      *) SECURITY: CVE-2015-0253 (cve.mitre.org)
+#         core: Fix a crash introduced in with ErrorDocument 400 pointing
+#         to a local URL-path with the INCLUDES filter active, introduced
+#         in 2.4.11. PR 57531. [Yann Ylavic]
+#    
+#    
+#    Submitted By: ylavic
+#    Committed By: covener
+#    
+#    
+#    
+#    
+#    
+#    
+#    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1668879 13f79535-47bb-0310-9956-ffa450edef68
+#
+--- apache2.orig/server/protocol.c
++++ apache2/server/protocol.c
+@@ -599,8 +599,6 @@ static int read_request_line(request_rec
+              */
+             if (APR_STATUS_IS_ENOSPC(rv)) {
+                 r->status    = HTTP_REQUEST_URI_TOO_LARGE;
+-                r->proto_num = HTTP_VERSION(1,0);
+-                r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
+             }
+             else if (APR_STATUS_IS_TIMEUP(rv)) {
+                 r->status = HTTP_REQUEST_TIME_OUT;
+@@ -608,6 +606,8 @@ static int read_request_line(request_rec
+             else if (APR_STATUS_IS_EINVAL(rv)) {
+                 r->status = HTTP_BAD_REQUEST;
+             }
++            r->proto_num = HTTP_VERSION(1,0);
++            r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
+             return 0;
+         }
+     } while ((len <= 0) && (++num_blank_lines < max_blank_lines));
diff --git a/debian/patches/series b/debian/patches/series
index 87ab59c..c9ff599 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,7 +3,9 @@ no_LD_LIBRARY_PATH.patch
 suexec-CVE-2007-1742.patch
 customize_apxs.patch
 build_suexec-custom.patch
-# This patch is applied manually
-#suexec-custom.patch
 CVE-2015-0228_mod_lua.diff
 mpm_event_crash.diff
+CVE-2015-0253_ErrorDocument.diff
+
+# This patch is applied manually
+#suexec-custom.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git