Index: trunk/server/common/patches/httpd-suexec-CVE-2016-5387.patch
===================================================================
--- trunk/server/common/patches/httpd-suexec-CVE-2016-5387.patch	(revision 2774)
+++ trunk/server/common/patches/httpd-suexec-CVE-2016-5387.patch	(revision 2774)
@@ -0,0 +1,45 @@
+------------------------------------------------------------------------
+r1659711 | sf | 2015-02-13 18:24:10 -0500 (Fri, 13 Feb 2015) | 4 lines
+
+suexec: Filter out HTTP_PROXY
+
+Some programs look there for the http proxy server.
+
+
+Index: support/suexec.c
+===================================================================
+--- support/suexec.c	(revision 1659710)
++++ support/suexec.c	(revision 1659711)
+@@ -91,8 +91,8 @@
+ static const char *const safe_env_lst[] =
+ {
+     /* variable name starts with */
+-    "HTTP_",
+     "SSL_",
++    /* "HTTP_" is handled specially in clean_env() */
+ 
+     /* variable name is */
+     "AUTH_TYPE=",
+@@ -253,6 +253,20 @@
+     cidx++;
+ 
+     for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) {
++        if (strncmp(*ep, "HTTP_", 5) == 0) {
++            if (strncmp(*ep + 5, "PROXY=", 6) == 0) {
++                /*
++		 * HTTP_PROXY is treated as alias for http_proxy by some
++		 * programs.
++		 */
++            }
++            else {
++                /* Other HTTP_* are safe */
++                cleanenv[cidx] = *ep;
++                cidx++;
++            }
++            continue;
++        }
+         for (idx = 0; safe_env_lst[idx]; idx++) {
+             if (!strncmp(*ep, safe_env_lst[idx],
+                          strlen(safe_env_lst[idx]))) {
+
+------------------------------------------------------------------------
Index: trunk/server/common/patches/httpd-suexec-scripts.patch
===================================================================
--- trunk/server/common/patches/httpd-suexec-scripts.patch	(revision 2766)
+++ trunk/server/common/patches/httpd-suexec-scripts.patch	(revision 2774)
@@ -52,12 +52,4 @@
  #include "ap_config.h"
  #include "suexec.h"
-@@ -92,6 +95,7 @@ static const char *const safe_env_lst[] =
- {
-     /* variable name starts with */
-     "HTTP_",
-+    "HTTPS_",
-     "SSL_",
- 
-     /* variable name is */
 @@ -268,9 +272,108 @@ static void clean_env(void)
      environ = cleanenv;