From af9996ce6998c4c343dc7ac5677fd4f159085480 Mon Sep 17 00:00:00 2001
From: Jan Kaluza <jkaluza@redhat.com>
Date: Wed, 17 Dec 2014 09:25:50 +0100
Subject: core: fix bypassing of mod_headers rules via chunked requests
 (CVE-2013-5704)

- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
- mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)
- mod_lua: fix handling of the Require line when a LuaAuthzProvider is used
  in multiple Require directives with different arguments (CVE-2014-8109)
---
 httpd.spec | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'httpd.spec')

diff --git a/httpd.spec b/httpd.spec
index d88386f..8a63aa4 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -14,7 +14,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.10
-Release: 14%{?dist}
+Release: 15%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@@ -72,6 +72,11 @@ Patch35: httpd-2.4.10-sslciphdefault.patch
 Patch55: httpd-2.4.4-malformed-host.patch
 Patch56: httpd-2.4.4-mod_unique_id.patch
 Patch57: httpd-2.4.10-sigint.patch
+# Security fixes
+Patch100: httpd-2.4.6-CVE-2013-5704.patch
+Patch101: httpd-2.4.6-CVE-2014-3581.patch
+Patch102: httpd-2.4.10-CVE-2014-3583.patch
+Patch103: httpd-2.4.10-CVE-2014-8109.patch
 License: ASL 2.0
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -216,6 +221,11 @@ interface for storing and accessing per-user session data.
 %patch56 -p1 -b .uniqueid
 %patch57 -p1 -b .sigint
 
+%patch100 -p1 -b cve20135704
+%patch101 -p1 -b cve20143581
+%patch102 -p1 -b cve20143583
+%patch103 -p1 -b cve20148109
+
 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
 
@@ -669,6 +679,13 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Wed Dec 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-15
+- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
+- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
+- mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)
+- mod_lua: fix handling of the Require line when a LuaAuthzProvider is used
+  in multiple Require directives with different arguments (CVE-2014-8109)
+
 * Tue Oct 14 2014 Joe Orton <jorton@redhat.com> - 2.4.10-14
 - require apr-util 1.5.x
 
-- 
cgit