| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| fhs_compliance.patch | Fix up FHS file locations for apache2 droppings. | Adam Conrad <adconrad@0c3.net> | not-needed | 2023-10-19 | ||
| no_LD_LIBRARY_PATH.patch | Remove LD_LIBRARY_PATH from envvars-std | Adam Conrad <adconrad@0c3.net> | no | 2012-04-15 | ||
| suexec-CVE-2007-1742.patch | Fix race condition with chdir Fix /var/www* being accepted as docroot instead of /var/www/* (the same for public_html* instead of public_html/* ) |
Stefan Fritsch <sf@debian.org> | yes | upstream | 2014-05-29 | |
| customize_apxs.patch | Adapt apxs to Debian specific changes - Make apxs2 use a2enmod and /etc/apache2/mods-available - Make libtool happier - Use LDFLAGS from config_vars.mk, allows one to override them |
Stefan Fritsch <sf@debian.org> | not-needed | 2012-03-17 | ||
| build_suexec-custom.patch | add suexec-custom to the build system | Stefan Fritsch <sf@debian.org> | not-needed | 2012-02-25 | ||
| reproducible_builds.diff | Make builds reproducible Don't use __DATE__ __TIME__. Use changelog date instead. Sort exported symbols. |
Jean-Michel Vourgère <nirgal@debian.org> | no | 2015-08-11 | ||
| fix-macro.patch | add macro_ignore_empty and macro_ignore_bad_nesting parameters | Upstream authors | not-needed | upstream, https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/core/mod_macro.c?r1=1770843&r2=1770842&pathrev=1770843 | 2021-10-25 | |
| 0008-CVE-2024-38474-regression-mod_rewrite-Better-questio.patch | CVE-2024-38474 regression mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F. PR 69197. Track in do_expand() whether a '?' in the uri-path comes from a literal in the substitution string or from an expansion (variable, lookup, ...). In the former case it's safe to assume that it's the query-string separator but for the other case it's not (could be a decoded %3f from r->uri). This allows to avoid [UnsafeAllow3F] for most cases. Merges r1919325 from trunk Reviewed by: ylavic, covener, jorton |
Yann Ylavic <ylavic@apache.org> | yes | upstream | https://github.com/apache/httpd/commit/a0a68b99d131741c1867cff321424892838fc4b3 | 2024-07-27 |
| 0009-CVE-2024-38474-regression-mod_rewrite-Improve-safe-q.patch | CVE-2024-38474 regression mod_rewrite: Improve safe question mark detection Trunk version of patch: https://svn.apache.org/r1920566 Backport version for 2.4.x of patch: Trunk version of patch works svn merge -c 1920566 ^/httpd/httpd/trunk . +1: rpluem, covener, jorton |
Eric Covener <covener@apache.org> | no | https://github.com/apache/httpd/commit/c91445b7f905587aa86ad552f4a1a3f29345e695 | 2024-09-27 | |
| 0010-VE-2024-39884-Regression-Remove-support-for-Request-.patch | VE-2024-39884 Regression Remove support for Request-Range header sent by Navigator 2-3 and MSIE 3 Strings are from configuration and thus trusted Submitted by: sf, rpluem Reviewed by: rpluem, covener, jorton |
Eric Covener <covener@apache.org> | yes | debian upstream | https://github.com/apache/httpd/commit/5f82765bc640ddb6a13a681464856bf8f8a5cb10 | 2024-09-27 |