From 4e37785d3894e9afa38ce928757d946540db4054 Mon Sep 17 00:00:00 2001
From: zhuhai <zhuhai@ncti-gba.cn>
Date: Wed, 3 Aug 2022 10:44:28 +0800
Subject: [PATCH] fix cve-2022-2255

cve to CVE

(cherry picked from commit 55a125e517cbc95a24c118fd13205c2adf12d39d)
---
 CVE-2022-2255.patch | 11 +++++++++++
 mod_wsgi.spec       |  7 ++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-2255.patch

diff --git a/CVE-2022-2255.patch b/CVE-2022-2255.patch
new file mode 100644
index 0000000..08ca2d8
--- /dev/null
+++ b/CVE-2022-2255.patch
@@ -0,0 +1,11 @@
+diff -Nur mod_wsgi-4.6.4.old/src/server/mod_wsgi.c mod_wsgi-4.6.4/src/server/mod_wsgi.c
+--- mod_wsgi-4.6.4.old/src/server/mod_wsgi.c	2022-08-02 15:45:40.742342954 +0800
++++ mod_wsgi-4.6.4/src/server/mod_wsgi.c	2022-08-02 15:51:26.380418412 +0800
+@@ -13886,6 +13886,7 @@
+             value = apr_table_get(r->subprocess_env, name);
+ 
+             if (!strcmp(name, "HTTP_X_FORWARDED_FOR") ||
++		     !strcmp(name, "HTTP_X_CLIENT_IP") ||    
+                      !strcmp(name, "HTTP_X_REAL_IP")) {
+ 
+                 match_client_header = 1;
diff --git a/mod_wsgi.spec b/mod_wsgi.spec
index ef183f2..bb91226 100644
--- a/mod_wsgi.spec
+++ b/mod_wsgi.spec
@@ -6,12 +6,13 @@
 %global sphinxbin %{_bindir}/sphinx-build-3
 Name:                mod_wsgi
 Version:             4.6.4
-Release:             2
+Release:             3
 Summary:             A WSGI interface for Python web applications in Apache
 License:             ASL 2.0
 URL:                 https://github.com/GrahamDumpleton/mod_wsgi 
 Source0:             https://github.com/GrahamDumpleton/mod_wsgi/archive/%{version}.tar.gz#/mod_wsgi-%{version}.tar.gz
 Patch1:              mod_wsgi-4.5.20-exports.patch
+Patch2:              CVE-2022-2255.patch
 BuildRequires:       httpd-devel gcc
 %{?filter_provides_in: %filter_provides_in %{_httpd_moddir}/.*\.so$}
 %{?filter_setup}
@@ -40,6 +41,7 @@ existing WSGI adapters for mod_python or CGI.
 %prep
 %setup -qn %{name}-%{version}
 %patch1 -p1 -b .exports
+%patch2 -p1
 
 %build
 make -C docs html SPHINXBUILD=%{sphinxbin}
@@ -77,6 +79,9 @@ EOT
 %config(noreplace) %{_httpd_modconfdir}/*.conf
 
 %changelog
+* Tue Aug 02 2022 zhuhai95 <zhuhai@ncti-gba.cn> - 4.6.4-3
+- fix CVE-2022-2255
+
 * Wed Oct 13 2021 xu_ping <xuping33@huawei.com> - 4.6.4-2
 - add 10-wsgi-python3.conf to httpd
 
-- 
Gitee