Adding debian version 2.4.59-1~deb10u1.debian/2.4.59-1_deb10u1debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 0 insertions, 40 deletions

diff --git a/debian/patches/CVE-2021-34798.patch b/debian/patches/CVE-2021-34798.patch
deleted file mode 100644
index bd6261a..0000000
--- a/debian/patches/CVE-2021-34798.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Description: Initialize the request fields on read failure to avoid NULLs
-Origin: upstream, https://github.com/apache/httpd/commit/74c097f0,
- https://github.com/apache/httpd/commit/6945bb2
-Bug: https://security-tracker.debian.org/tracker/CVE-2021-34798
-Forwarded: not-needed
-Reviewed-By: Yadd <yadd@debian.org>
-Last-Update: 2021-09-21
-
---- a/server/protocol.c
-+++ b/server/protocol.c
-@@ -643,6 +643,8 @@
-     return end - field;
- }
- 
-+static const char m_invalid_str[] = "-";
-+
- static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
- {
-     enum {
-@@ -685,6 +687,11 @@
-         if (rv != APR_SUCCESS) {
-             r->request_time = apr_time_now();
- 
-+            /* Fall through with an invalid (non NULL) request */
-+            r->method = m_invalid_str;
-+            r->method_number = M_INVALID;
-+            r->uri = r->unparsed_uri = apr_pstrdup(r->pool, "-");
-+
-             /* ap_rgetline returns APR_ENOSPC if it fills up the
-              * buffer before finding the end-of-line.  This is only going to
-              * happen if it exceeds the configured limit for a request-line.
-@@ -1330,7 +1337,7 @@
-                               "request failed: client's request-line exceeds LimitRequestLine (longer than %d)",
-                               r->server->limit_req_line);
-             }
--            else if (r->method == NULL) {
-+            else if (r->method == m_invalid_str) {
-                 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00566)
-                               "request failed: malformed request line");
-             }