Package: apache2 / 2.4.25-3+deb9u8

Metadata

Package Version Patches format
apache2 2.4.25-3+deb9u8 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fhs_compliance.patch | (download)

configure | 6 3 + 3 - 0 !
configure.in | 6 3 + 3 - 0 !
include/ap_config_layout.h.in | 1 1 + 0 - 0 !
include/httpd.h | 2 1 + 1 - 0 !
4 files changed, 8 insertions(+), 7 deletions(-)

 fix up fhs file locations for apache2 droppings.
no_LD_LIBRARY_PATH.patch | (download)

support/envvars-std.in | 7 0 + 7 - 0 !
1 file changed, 7 deletions(-)

 remove ld_library_path from envvars-std
suexec CVE 2007 1742.patch | (download)

support/suexec.c | 17 14 + 3 - 0 !
1 file changed, 14 insertions(+), 3 deletions(-)

 fix race condition with chdir
 Fix /var/www* being accepted as docroot instead of /var/www/*
 (the same for public_html* instead of public_html/* )
customize_apxs.patch | (download)

support/apxs.in | 139 34 + 105 - 0 !
1 file changed, 34 insertions(+), 105 deletions(-)

 adapt apxs to debian specific changes
 - Make apxs2 use a2enmod and /etc/apache2/mods-available
 - Make libtool happier
 - Use LDFLAGS from config_vars.mk, allow to override them
build_suexec custom.patch | (download)

Makefile.in | 10 6 + 4 - 0 !
support/Makefile.in | 12 8 + 4 - 0 !
2 files changed, 14 insertions(+), 8 deletions(-)

 add suexec-custom to the build system
reproducible_builds.diff | (download)

server/Makefile.in | 5 3 + 2 - 0 !
server/buildmark.c | 6 1 + 5 - 0 !
2 files changed, 4 insertions(+), 7 deletions(-)

 make builds reproducible
 Don't use __DATE__ __TIME__. Use changelog date instead.
 Sort exported symbols.
fix_logresolve_segfault.patch | (download)

support/logresolve.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
mpm_event_restart_segfault_PR60487.patch | (download)

server/mpm/event/event.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

---
CVE 2017 3167.diff | (download)

include/ap_mmn.h | 4 3 + 1 - 0 !
include/http_protocol.h | 25 24 + 1 - 0 !
server/protocol.c | 48 48 + 0 - 0 !
server/request.c | 17 14 + 3 - 0 !
4 files changed, 89 insertions(+), 5 deletions(-)

---
CVE 2017 3169.diff | (download)

modules/ssl/ssl_engine_io.c | 15 8 + 7 - 0 !
1 file changed, 8 insertions(+), 7 deletions(-)

---
CVE 2017 7668.diff | (download)

server/util.c | 6 2 + 4 - 0 !
1 file changed, 2 insertions(+), 4 deletions(-)

---
CVE 2017 7679.diff | (download)

modules/http/mod_mime.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---
CVE 2017 9788 mod_auth_digest.diff | (download)

modules/aaa/mod_auth_digest.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---
core Disallow Methods registration at run time .htac.patch | (download)

server/core.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 core: disallow methods' registration at run time (.htaccess), they
 may be used only if registered at init time (httpd.conf).
CVE 2017 15710 mod_authnz_ldap.diff | (download)

modules/aaa/mod_authnz_ldap.c | 10 7 + 3 - 0 !
1 file changed, 7 insertions(+), 3 deletions(-)

---
CVE 2017 15715 regex line endings.diff | (download)

include/ap_mmn.h | 5 5 + 0 - 0 !
include/ap_regex.h | 22 22 + 0 - 0 !
server/core.c | 58 58 + 0 - 0 !
server/util_pcre.c | 35 35 + 0 - 0 !
4 files changed, 120 insertions(+)

---
CVE 2018 1283 mod_session.diff | (download)

modules/session/mod_session.c | 13 8 + 5 - 0 !
1 file changed, 8 insertions(+), 5 deletions(-)

---
CVE 2018 1301 HTTP request read out of bounds.diff | (download)

server/protocol.c | 76 42 + 34 - 0 !
1 file changed, 42 insertions(+), 34 deletions(-)

---
CVE 2018 1303 mod_cache_socache oob.diff | (download)

modules/cache/mod_cache_socache.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

---
CVE 2018 1312 mod_auth_digest nonce.diff | (download)

modules/aaa/mod_auth_digest.c | 241 51 + 190 - 0 !
1 file changed, 51 insertions(+), 190 deletions(-)

---
mod_http2 upgrade to 2.4.41.diff | (download)

configure | 2 1 + 1 - 0 !
modules/http2/NWGNUmod_http2 | 2 0 + 2 - 0 !
modules/http2/config2.m4 | 24 15 + 9 - 0 !
modules/http2/h2.h | 54 37 + 17 - 0 !
modules/http2/h2_alt_svc.c | 25 13 + 12 - 0 !
modules/http2/h2_alt_svc.h | 13 7 + 6 - 0 !
modules/http2/h2_bucket_beam.c | 902 518 + 384 - 0 !
modules/http2/h2_bucket_beam.h | 147 87 + 60 - 0 !
modules/http2/h2_bucket_eoc.c | 110 0 + 110 - 0 !
modules/http2/h2_bucket_eoc.h | 32 0 + 32 - 0 !
modules/http2/h2_bucket_eos.c | 18 17 + 1 - 0 !
modules/http2/h2_bucket_eos.h | 13 7 + 6 - 0 !
modules/http2/h2_config.c | 716 507 + 209 - 0 !
modules/http2/h2_config.h | 78 36 + 42 - 0 !
modules/http2/h2_conn.c | 223 139 + 84 - 0 !
modules/http2/h2_conn.h | 24 13 + 11 - 0 !
modules/http2/h2_conn_io.c | 160 61 + 99 - 0 !
modules/http2/h2_conn_io.h | 30 15 + 15 - 0 !
modules/http2/h2_ctx.c | 48 17 + 31 - 0 !
modules/http2/h2_ctx.h | 26 12 + 14 - 0 !
modules/http2/h2_filter.c | 200 141 + 59 - 0 !
modules/http2/h2_filter.h | 26 11 + 15 - 0 !
modules/http2/h2_from_h1.c | 88 63 + 25 - 0 !
modules/http2/h2_from_h1.h | 13 7 + 6 - 0 !
modules/http2/h2_h2.c | 100 49 + 51 - 0 !
modules/http2/h2_h2.h | 29 11 + 18 - 0 !
modules/http2/h2_headers.c | 78 55 + 23 - 0 !
modules/http2/h2_headers.h | 29 22 + 7 - 0 !
modules/http2/h2_mplx.c | 1711 721 + 990 - 0 !
modules/http2/h2_mplx.h | 125 35 + 90 - 0 !
modules/http2/h2_ngn_shed.c | 380 0 + 380 - 0 !
modules/http2/h2_ngn_shed.h | 78 0 + 78 - 0 !
modules/http2/h2_private.h | 13 7 + 6 - 0 !
modules/http2/h2_proxy_session.c | 197 108 + 89 - 0 !
modules/http2/h2_proxy_session.h | 26 17 + 9 - 0 !
modules/http2/h2_proxy_util.c | 336 319 + 17 - 0 !
modules/http2/h2_proxy_util.h | 66 60 + 6 - 0 !
modules/http2/h2_push.c | 22 11 + 11 - 0 !
modules/http2/h2_push.h | 14 8 + 6 - 0 !
modules/http2/h2_request.c | 74 48 + 26 - 0 !
modules/http2/h2_request.h | 15 8 + 7 - 0 !
modules/http2/h2_session.c | 1644 852 + 792 - 0 !
modules/http2/h2_session.h | 90 37 + 53 - 0 !
modules/http2/h2_stream.c | 1231 769 + 462 - 0 !
modules/http2/h2_stream.h | 186 113 + 73 - 0 !
modules/http2/h2_switch.c | 42 25 + 17 - 0 !
modules/http2/h2_switch.h | 13 7 + 6 - 0 !
modules/http2/h2_task.c | 341 180 + 161 - 0 !
modules/http2/h2_task.h | 42 19 + 23 - 0 !
modules/http2/h2_util.c | 1083 831 + 252 - 0 !
modules/http2/h2_util.h | 188 160 + 28 - 0 !
modules/http2/h2_version.h | 34 17 + 17 - 0 !
modules/http2/h2_worker.c | 103 0 + 103 - 0 !
modules/http2/h2_worker.h | 135 0 + 135 - 0 !
modules/http2/h2_workers.c | 587 277 + 310 - 0 !
modules/http2/h2_workers.h | 82 22 + 60 - 0 !
modules/http2/mod_http2.c | 86 42 + 44 - 0 !
modules/http2/mod_http2.dep | 120 0 + 120 - 0 !
modules/http2/mod_http2.dsp | 12 0 + 12 - 0 !
modules/http2/mod_http2.h | 64 24 + 40 - 0 !
modules/http2/mod_http2.mak | 27 0 + 27 - 0 !
modules/http2/mod_proxy_http2.c | 446 122 + 324 - 0 !
modules/http2/mod_proxy_http2.h | 13 7 + 6 - 0 !
63 files changed, 6707 insertions(+), 6129 deletions(-)

---
mod_http2 revert new proxy features.diff | (download)

modules/http2/mod_proxy_http2.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
add_AP_STATUS_IS_HEADER_ONLY.diff | (download)

include/httpd.h | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

---
fcgi_crash.diff | (download)

server/util_fcgi.c | 11 7 + 4 - 0 !
1 file changed, 7 insertions(+), 4 deletions(-)

---
CVE 2018 17199 mod session ignore timeout.diff | (download)

modules/session/mod_session.c | 24 13 + 11 - 0 !
1 file changed, 13 insertions(+), 11 deletions(-)

 fix for cve-2018-17199
CVE 2019 0211 privilege escalation.diff | (download)

include/scoreboard.h | 4 3 + 1 - 0 !
server/mpm/event/event.c | 13 8 + 5 - 0 !
server/mpm/prefork/prefork.c | 19 7 + 12 - 0 !
server/mpm/worker/worker.c | 10 6 + 4 - 0 !
4 files changed, 24 insertions(+), 22 deletions(-)

---
CVE 2019 0217 digest collusion in mod_auth_digest.diff | (download)

modules/aaa/mod_auth_digest.c | 26 12 + 14 - 0 !
1 file changed, 12 insertions(+), 14 deletions(-)

---
CVE 2019 0220 merge slashes.diff | (download)

include/ap_mmn.h | 2 2 + 0 - 0 !
include/http_core.h | 2 1 + 1 - 0 !
include/httpd.h | 14 12 + 2 - 0 !
server/core.c | 13 13 + 0 - 0 !
server/request.c | 27 11 + 16 - 0 !
server/util.c | 14 11 + 3 - 0 !
6 files changed, 50 insertions(+), 22 deletions(-)

---
CVE 2019 10092.patch | (download)

modules/proxy/mod_proxy_balancer.c | 80 51 + 29 - 0 !
modules/proxy/proxy_util.c | 9 5 + 4 - 0 !
2 files changed, 56 insertions(+), 33 deletions(-)

 fix for cve-2019-10092
CVE 2019 10098.patch | (download)

server/util_pcre.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 patch to set pcre_dotall by default