Sync from SUSE:SLFO:Main apache2 revision 9cb42edc63a1b8792f84fb6ec2a18780

apache2-CVE-2024-38473-3.patch

@@ -0,0 +1,51 @@
+From cc00cf6b4e37370897daddc307bf1deecf8fedfa Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Tue, 25 Jun 2024 20:20:05 +0000
+Subject: [PATCH] Merge r1918623 from trunk:
+
+fix comparison of local path on Windows
+
+Submitted By: Yann Ylavic
+
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918625 13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/mappers/mod_rewrite.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
+index 46ea16c8c64..e0390768267 100644
+--- a/modules/mappers/mod_rewrite.c
++++ b/modules/mappers/mod_rewrite.c
+@@ -653,6 +653,19 @@ static unsigned is_absolute_uri(char *uri, int *supportsqs)
+     return 0;
+ }
+ 
++static int is_absolute_path(const char *path)
++{
++#ifndef WIN32
++    return (path[0] == '/');
++#else
++#define IS_SLASH(c) ((c) == '/' || (c) == '\\')
++    /* "//", "\\", "x:/" and "x:\" are absolute paths on Windows */
++    return ((IS_SLASH(path[0]) && path[1] == path[0])
++            || (apr_isalpha(path[0]) && path[1] == ':' && IS_SLASH(path[2])));
++#undef IS_SLASH
++#endif
++}
++
+ static const char c2x_table[] = "0123456789abcdef";
+ 
+ static APR_INLINE unsigned char *c2x(unsigned what, unsigned char prefix,
+@@ -4351,7 +4364,9 @@ static rule_return_type apply_rewrite_rule(rewriterule_entry *p,
+      * (1) it's an absolute URL path and
+      * (2) it's a full qualified URL
+      */
+-    if (!is_proxyreq && *newuri != '/' && !is_absolute_uri(newuri, NULL)) {
++    if (!is_proxyreq
++        && !is_absolute_path(newuri)
++        && !is_absolute_uri(newuri, NULL)) {
+         if (ctx->perdir) {
+             rewritelog((r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s",
+                        newuri, ctx->perdir, newuri));