Index: trunk/server/common/patches/httpd-suexec-CVE-2016-5387.patch =================================================================== --- trunk/server/common/patches/httpd-suexec-CVE-2016-5387.patch (revision 2774) +++ trunk/server/common/patches/httpd-suexec-CVE-2016-5387.patch (revision 2774) @@ -0,0 +1,45 @@ +------------------------------------------------------------------------ +r1659711 | sf | 2015-02-13 18:24:10 -0500 (Fri, 13 Feb 2015) | 4 lines + +suexec: Filter out HTTP_PROXY + +Some programs look there for the http proxy server. + + +Index: support/suexec.c +=================================================================== +--- support/suexec.c (revision 1659710) ++++ support/suexec.c (revision 1659711) +@@ -91,8 +91,8 @@ + static const char *const safe_env_lst[] = + { + /* variable name starts with */ +- "HTTP_", + "SSL_", ++ /* "HTTP_" is handled specially in clean_env() */ + + /* variable name is */ + "AUTH_TYPE=", +@@ -253,6 +253,20 @@ + cidx++; + + for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) { ++ if (strncmp(*ep, "HTTP_", 5) == 0) { ++ if (strncmp(*ep + 5, "PROXY=", 6) == 0) { ++ /* ++ * HTTP_PROXY is treated as alias for http_proxy by some ++ * programs. ++ */ ++ } ++ else { ++ /* Other HTTP_* are safe */ ++ cleanenv[cidx] = *ep; ++ cidx++; ++ } ++ continue; ++ } + for (idx = 0; safe_env_lst[idx]; idx++) { + if (!strncmp(*ep, safe_env_lst[idx], + strlen(safe_env_lst[idx]))) { + +------------------------------------------------------------------------ Index: trunk/server/common/patches/httpd-suexec-scripts.patch =================================================================== --- trunk/server/common/patches/httpd-suexec-scripts.patch (revision 2773) +++ trunk/server/common/patches/httpd-suexec-scripts.patch (revision 2774) @@ -52,12 +52,4 @@ #include "ap_config.h" #include "suexec.h" -@@ -92,6 +95,7 @@ static const char *const safe_env_lst[] = - { - /* variable name starts with */ - "HTTP_", -+ "HTTPS_", - "SSL_", - - /* variable name is */ @@ -268,9 +272,108 @@ static void clean_env(void) environ = cleanenv; Index: trunk/server/fedora/specs/httpd.spec.patch =================================================================== --- trunk/server/fedora/specs/httpd.spec.patch (revision 2773) +++ trunk/server/fedora/specs/httpd.spec.patch (revision 2774) @@ -10,5 +10,5 @@ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html -@@ -65,6 +65,15 @@ +@@ -65,6 +65,16 @@ Patch101: httpd-2.4.6-CVE-2014-3581.patch Patch102: httpd-2.4.10-CVE-2014-3583.patch @@ -22,4 +22,5 @@ +Patch1006: httpd-suexec-journald.patch +Patch1007: httpd-bug57070.patch ++Patch1008: httpd-suexec-CVE-2016-5387.patch + License: ASL 2.0 @@ -50,5 +51,5 @@ %description -n mod_ssl -@@ -190,6 +202,14 @@ +@@ -190,6 +202,15 @@ %patch55 -p1 -b .malformedhost %patch56 -p1 -b .uniqueid @@ -61,4 +62,5 @@ +%patch1006 -p1 -b .journald +%patch1007 -p0 -b .bug57070 ++%patch1008 -p0 -b .CVE-2016-5387 + # Patch in the vendor string