Adding debian version 2.4.59-1~deb10u1.debian/2.4.59-1_deb10u1debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 0 insertions, 32 deletions

diff --git a/debian/patches/CVE-2021-36160-2.patch b/debian/patches/CVE-2021-36160-2.patch
deleted file mode 100644
index cad5774..0000000
--- a/debian/patches/CVE-2021-36160-2.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Description: mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO.
- Relaxes the behaviour introduced by the CVE-2021-36160 fix
-Author: Stefan Eissing <icing@apache.org>
-Origin: upstream, https://github.com/apache/httpd/commit/8966e290a
-Forwarded: not-needed
-Reviewed-By: Yadd <yadd@debian.org>
-Last-Update: 2021-12-21
-
---- a/modules/proxy/mod_proxy_uwsgi.c
-+++ b/modules/proxy/mod_proxy_uwsgi.c
-@@ -467,11 +467,20 @@
- 
-     /* ADD PATH_INFO (unescaped) */
-     u_path_info = ap_strchr(url + sizeof(UWSGI_SCHEME) + 2, '/');
--    if (!u_path_info || ap_unescape_url(u_path_info) != OK) {
-+    if (!u_path_info) {
-+        u_path_info = apr_pstrdup(r->pool, "/");
-+    }
-+    else if (ap_unescape_url(u_path_info) != OK) {
-         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10100)
-                       "unable to decode uwsgi uri: %s", url);
-         return HTTP_INTERNAL_SERVER_ERROR;
-     }
-+    else {
-+        /* Remove duplicate slashes at the beginning of PATH_INFO */
-+        while (u_path_info[1] == '/') {
-+            u_path_info++;
-+        }
-+    }
-     apr_table_add(r->subprocess_env, "PATH_INFO", u_path_info);
- 
-