Package: apache2 / 2.4.25-3+deb9u7

Metadata

Package Version Patches format
apache2 2.4.25-3+deb9u7 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fhs_compliance.patch | (download)

configure | 6 3 + 3 - 0 !
configure.in | 6 3 + 3 - 0 !
include/ap_config_layout.h.in | 1 1 + 0 - 0 !
include/httpd.h | 2 1 + 1 - 0 !
4 files changed, 8 insertions(+), 7 deletions(-)

 fix up fhs file locations for apache2 droppings.
no_LD_LIBRARY_PATH.patch | (download)

support/envvars-std.in | 7 0 + 7 - 0 !
1 file changed, 7 deletions(-)

 remove ld_library_path from envvars-std
suexec CVE 2007 1742.patch | (download)

support/suexec.c | 17 14 + 3 - 0 !
1 file changed, 14 insertions(+), 3 deletions(-)

 fix race condition with chdir
 Fix /var/www* being accepted as docroot instead of /var/www/*
 (the same for public_html* instead of public_html/* )
customize_apxs.patch | (download)

support/apxs.in | 139 34 + 105 - 0 !
1 file changed, 34 insertions(+), 105 deletions(-)

 adapt apxs to debian specific changes
 - Make apxs2 use a2enmod and /etc/apache2/mods-available
 - Make libtool happier
 - Use LDFLAGS from config_vars.mk, allow to override them
build_suexec custom.patch | (download)

Makefile.in | 10 6 + 4 - 0 !
support/Makefile.in | 12 8 + 4 - 0 !
2 files changed, 14 insertions(+), 8 deletions(-)

 add suexec-custom to the build system
reproducible_builds.diff | (download)

server/Makefile.in | 5 3 + 2 - 0 !
server/buildmark.c | 6 1 + 5 - 0 !
2 files changed, 4 insertions(+), 7 deletions(-)

 make builds reproducible
 Don't use __DATE__ __TIME__. Use changelog date instead.
 Sort exported symbols.
fix_logresolve_segfault.patch | (download)

support/logresolve.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
mpm_event_restart_segfault_PR60487.patch | (download)

server/mpm/event/event.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

---
CVE 2017 3167.diff | (download)

include/ap_mmn.h | 4 3 + 1 - 0 !
include/http_protocol.h | 25 24 + 1 - 0 !
server/protocol.c | 48 48 + 0 - 0 !
server/request.c | 17 14 + 3 - 0 !
4 files changed, 89 insertions(+), 5 deletions(-)

---
CVE 2017 3169.diff | (download)

modules/ssl/ssl_engine_io.c | 15 8 + 7 - 0 !
1 file changed, 8 insertions(+), 7 deletions(-)

---
CVE 2017 7668.diff | (download)

server/util.c | 6 2 + 4 - 0 !
1 file changed, 2 insertions(+), 4 deletions(-)

---
CVE 2017 7679.diff | (download)

modules/http/mod_mime.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---
CVE 2017 9788 mod_auth_digest.diff | (download)

modules/aaa/mod_auth_digest.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---
core Disallow Methods registration at run time .htac.patch | (download)

server/core.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 core: disallow methods' registration at run time (.htaccess), they
 may be used only if registered at init time (httpd.conf).
CVE 2017 15710 mod_authnz_ldap.diff | (download)

modules/aaa/mod_authnz_ldap.c | 10 7 + 3 - 0 !
1 file changed, 7 insertions(+), 3 deletions(-)

---
CVE 2017 15715 regex line endings.diff | (download)

include/ap_mmn.h | 5 5 + 0 - 0 !
include/ap_regex.h | 22 22 + 0 - 0 !
server/core.c | 58 58 + 0 - 0 !
server/util_pcre.c | 35 35 + 0 - 0 !
4 files changed, 120 insertions(+)

---
CVE 2018 1283 mod_session.diff | (download)

modules/session/mod_session.c | 13 8 + 5 - 0 !
1 file changed, 8 insertions(+), 5 deletions(-)

---
CVE 2018 1301 HTTP request read out of bounds.diff | (download)

server/protocol.c | 76 42 + 34 - 0 !
1 file changed, 42 insertions(+), 34 deletions(-)

---
CVE 2018 1303 mod_cache_socache oob.diff | (download)

modules/cache/mod_cache_socache.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

---
CVE 2018 1312 mod_auth_digest nonce.diff | (download)

modules/aaa/mod_auth_digest.c | 241 51 + 190 - 0 !
1 file changed, 51 insertions(+), 190 deletions(-)

---
mod_http2 upgrade to 2.4.33.diff | (download)

configure | 2 1 + 1 - 0 !
modules/http2/NWGNUmod_http2 | 2 0 + 2 - 0 !
modules/http2/config2.m4 | 23 15 + 8 - 0 !
modules/http2/h2.h | 46 30 + 16 - 0 !
modules/http2/h2_alt_svc.c | 13 7 + 6 - 0 !
modules/http2/h2_alt_svc.h | 13 7 + 6 - 0 !
modules/http2/h2_bucket_beam.c | 892 513 + 379 - 0 !
modules/http2/h2_bucket_beam.h | 147 87 + 60 - 0 !
modules/http2/h2_bucket_eoc.c | 110 0 + 110 - 0 !
modules/http2/h2_bucket_eoc.h | 32 0 + 32 - 0 !
modules/http2/h2_bucket_eos.c | 18 17 + 1 - 0 !
modules/http2/h2_bucket_eos.h | 13 7 + 6 - 0 !
modules/http2/h2_config.c | 38 16 + 22 - 0 !
modules/http2/h2_config.h | 15 7 + 8 - 0 !
modules/http2/h2_conn.c | 156 93 + 63 - 0 !
modules/http2/h2_conn.h | 16 9 + 7 - 0 !
modules/http2/h2_conn_io.c | 138 48 + 90 - 0 !
modules/http2/h2_conn_io.h | 27 14 + 13 - 0 !
modules/http2/h2_ctx.c | 15 8 + 7 - 0 !
modules/http2/h2_ctx.h | 13 7 + 6 - 0 !
modules/http2/h2_filter.c | 165 100 + 65 - 0 !
modules/http2/h2_filter.h | 26 11 + 15 - 0 !
modules/http2/h2_from_h1.c | 54 39 + 15 - 0 !
modules/http2/h2_from_h1.h | 13 7 + 6 - 0 !
modules/http2/h2_h2.c | 25 13 + 12 - 0 !
modules/http2/h2_h2.h | 13 7 + 6 - 0 !
modules/http2/h2_headers.c | 31 24 + 7 - 0 !
modules/http2/h2_headers.h | 19 13 + 6 - 0 !
modules/http2/h2_mplx.c | 1551 702 + 849 - 0 !
modules/http2/h2_mplx.h | 84 29 + 55 - 0 !
modules/http2/h2_ngn_shed.c | 30 21 + 9 - 0 !
modules/http2/h2_ngn_shed.h | 13 7 + 6 - 0 !
modules/http2/h2_private.h | 13 7 + 6 - 0 !
modules/http2/h2_proxy_session.c | 94 66 + 28 - 0 !
modules/http2/h2_proxy_session.h | 23 17 + 6 - 0 !
modules/http2/h2_proxy_util.c | 296 289 + 7 - 0 !
modules/http2/h2_proxy_util.h | 64 58 + 6 - 0 !
modules/http2/h2_push.c | 20 10 + 10 - 0 !
modules/http2/h2_push.h | 14 8 + 6 - 0 !
modules/http2/h2_request.c | 34 19 + 15 - 0 !
modules/http2/h2_request.h | 13 7 + 6 - 0 !
modules/http2/h2_session.c | 1432 692 + 740 - 0 !
modules/http2/h2_session.h | 76 34 + 42 - 0 !
modules/http2/h2_stream.c | 1208 736 + 472 - 0 !
modules/http2/h2_stream.h | 179 106 + 73 - 0 !
modules/http2/h2_switch.c | 29 19 + 10 - 0 !
modules/http2/h2_switch.h | 13 7 + 6 - 0 !
modules/http2/h2_task.c | 250 158 + 92 - 0 !
modules/http2/h2_task.h | 26 14 + 12 - 0 !
modules/http2/h2_util.c | 1017 796 + 221 - 0 !
modules/http2/h2_util.h | 188 160 + 28 - 0 !
modules/http2/h2_version.h | 33 17 + 16 - 0 !
modules/http2/h2_worker.c | 103 0 + 103 - 0 !
modules/http2/h2_worker.h | 135 0 + 135 - 0 !
modules/http2/h2_workers.c | 587 277 + 310 - 0 !
modules/http2/h2_workers.h | 82 22 + 60 - 0 !
modules/http2/mod_http2.c | 37 29 + 8 - 0 !
modules/http2/mod_http2.dep | 118 0 + 118 - 0 !
modules/http2/mod_http2.dsp | 8 0 + 8 - 0 !
modules/http2/mod_http2.h | 13 7 + 6 - 0 !
modules/http2/mod_http2.mak | 18 0 + 18 - 0 !
modules/http2/mod_proxy_http2.c | 208 113 + 95 - 0 !
modules/http2/mod_proxy_http2.h | 13 7 + 6 - 0 !
63 files changed, 5534 insertions(+), 4563 deletions(-)

---
mod_http2 revert new proxy features.diff | (download)

modules/http2/h2_h2.c | 2 2 + 0 - 0 !
modules/http2/mod_proxy_http2.c | 6 3 + 3 - 0 !
2 files changed, 5 insertions(+), 3 deletions(-)

---
mod_http2_mem_usage_32bit.diff | (download)

modules/http2/h2_bucket_beam.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

---
fcgi_crash.diff | (download)

server/util_fcgi.c | 11 7 + 4 - 0 !
1 file changed, 7 insertions(+), 4 deletions(-)

---
CVE 2018 1333 mod_http2_DoS.diff | (download)

modules/http2/h2_bucket_beam.c | 11 5 + 6 - 0 !
1 file changed, 5 insertions(+), 6 deletions(-)

---
CVE 2018 11763 mod_http2_DoS SETTINGS.diff | (download)

modules/http2/h2_session.c | 238 151 + 87 - 0 !
modules/http2/h2_session.h | 7 5 + 2 - 0 !
2 files changed, 156 insertions(+), 89 deletions(-)

---
CVE 2018 17199 mod session ignore timeout.diff | (download)

modules/session/mod_session.c | 24 13 + 11 - 0 !
1 file changed, 13 insertions(+), 11 deletions(-)

 fix for cve-2018-17199
mod_http2 keepalive timeout.diff | (download)

modules/http2/h2_conn.c | 14 13 + 1 - 0 !
1 file changed, 13 insertions(+), 1 deletion(-)

---
CVE 2018 17189 mod_http2_DoS.diff | (download)

modules/http2/h2_conn.c | 21 18 + 3 - 0 !
1 file changed, 18 insertions(+), 3 deletions(-)

---
CVE 2019 0196 h2 raf.diff | (download)

modules/http2/h2_request.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
CVE 2019 0211 privilege escalation.diff | (download)

include/scoreboard.h | 4 3 + 1 - 0 !
server/mpm/event/event.c | 13 8 + 5 - 0 !
server/mpm/prefork/prefork.c | 19 7 + 12 - 0 !
server/mpm/worker/worker.c | 10 6 + 4 - 0 !
4 files changed, 24 insertions(+), 22 deletions(-)

---
CVE 2019 0217 digest collusion in mod_auth_digest.diff | (download)

modules/aaa/mod_auth_digest.c | 26 12 + 14 - 0 !
1 file changed, 12 insertions(+), 14 deletions(-)

---
CVE 2019 0220 merge slashes.diff | (download)

include/ap_mmn.h | 2 2 + 0 - 0 !
include/http_core.h | 2 1 + 1 - 0 !
include/httpd.h | 14 12 + 2 - 0 !
server/core.c | 13 13 + 0 - 0 !
server/request.c | 27 11 + 16 - 0 !
server/util.c | 14 11 + 3 - 0 !
6 files changed, 50 insertions(+), 22 deletions(-)

---