!24 [sync] PR-16: fix CVE-2022-2255

From: @openeuler-sync-bot 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia

CVE-2022-2255.patch

@@ -0,0 +1,11 @@
+diff -Nur mod_wsgi-4.6.4.old/src/server/mod_wsgi.c mod_wsgi-4.6.4/src/server/mod_wsgi.c
+--- mod_wsgi-4.6.4.old/src/server/mod_wsgi.c	2022-08-02 15:45:40.742342954 +0800
++++ mod_wsgi-4.6.4/src/server/mod_wsgi.c	2022-08-02 15:51:26.380418412 +0800
+@@ -13886,6 +13886,7 @@
+             value = apr_table_get(r->subprocess_env, name);
+ 
+             if (!strcmp(name, "HTTP_X_FORWARDED_FOR") ||
++		     !strcmp(name, "HTTP_X_CLIENT_IP") ||    
+                      !strcmp(name, "HTTP_X_REAL_IP")) {
+ 
+                 match_client_header = 1;

mod_wsgi.spec

@@ -6,12 +6,13 @@
 %global sphinxbin %{_bindir}/sphinx-build-3
 Name:                mod_wsgi
 Version:             4.6.4
-Release:             2
+Release:             3
 Summary:             A WSGI interface for Python web applications in Apache
 License:             ASL 2.0
 URL:                 https://github.com/GrahamDumpleton/mod_wsgi 
 Source0:             https://github.com/GrahamDumpleton/mod_wsgi/archive/%{version}.tar.gz#/mod_wsgi-%{version}.tar.gz
 Patch1:              mod_wsgi-4.5.20-exports.patch
+Patch2:              CVE-2022-2255.patch
 BuildRequires:       httpd-devel gcc
 %{?filter_provides_in: %filter_provides_in %{_httpd_moddir}/.*\.so$}
 %{?filter_setup}
@@ -40,6 +41,7 @@ existing WSGI adapters for mod_python or CGI.
 %prep
 %setup -qn %{name}-%{version}
 %patch1 -p1 -b .exports
+%patch2 -p1
 
 %build
 make -C docs html SPHINXBUILD=%{sphinxbin}
@@ -77,6 +79,9 @@ EOT
 %config(noreplace) %{_httpd_modconfdir}/*.conf
 
 %changelog
+* Tue Aug 02 2022 zhuhai95 <zhuhai@ncti-gba.cn> - 4.6.4-3
+- fix CVE-2022-2255
+
 * Wed Oct 13 2021 xu_ping <xuping33@huawei.com> - 4.6.4-2
 - add 10-wsgi-python3.conf to httpd