added patch changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff to "cherry-pick" ac061155f0 (BF: anchor introduced nginx-http-auth at the end)

debian/patches/changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff

@@ -0,0 +1,17 @@
+From: Yaroslav Halchenko <debian@onerussian.com>
+Subject: BF: anchor introduced nginx-http-auth at the end
+  needed since request probably could be not a correct HTTP statement but
+continue with all those to match till the end and then injected ", client:
+VICTIM, server..." thus allowing injection.  We better anchor at the end then
+
+--- a/config/filter.d/nginx-http-auth.conf
++++ b/config/filter.d/nginx-http-auth.conf
+@@ -4,7 +4,7 @@
+ [Definition]
+ 
+ 
+-failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"
++failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$
+ 
+ ignoreregex = 
+ 

debian/patches/series

@@ -1 +1,2 @@
 deb_manpages_reportbug
+changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff