diff --git a/.gitignore b/.gitignore
index 260a2d6..9969f1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
SOURCES/httpd-2.4.6.tar.bz2
-SOURCES/centos-noindex.tar.gz
diff --git a/.httpd.metadata b/.httpd.metadata
index 17ede1b..d335a99 100644
--- a/.httpd.metadata
+++ b/.httpd.metadata
@@ -1,2 +1 @@
16d8ec72535ded65d035122b0d944b0e64eaa2a2 SOURCES/httpd-2.4.6.tar.bz2
-6ce5ab3c765b9efeceb2e636e32373bc6e6ed489 SOURCES/centos-noindex.tar.gz
diff --git a/SOURCES/httpd-2.4.6-CVE-2017-3167.patch b/SOURCES/httpd-2.4.6-CVE-2017-3167.patch
new file mode 100644
index 0000000..3272598
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2017-3167.patch
@@ -0,0 +1,343 @@
+diff --git a/include/http_protocol.h b/include/http_protocol.h
+index 5ac0ce3..f3a5137 100644
+--- a/include/http_protocol.h
++++ b/include/http_protocol.h
+@@ -558,7 +558,11 @@ AP_DECLARE(void) ap_note_digest_auth_failure(request_rec *r);
+ AP_DECLARE_HOOK(int, note_auth_failure, (request_rec *r, const char *auth_type))
+
+ /**
+- * Get the password from the request headers
++ * Get the password from the request headers. This function has multiple side
++ * effects due to its prior use in the old authentication framework.
++ * ap_get_basic_auth_components() should be preferred.
++ *
++ * @deprecated @see ap_get_basic_auth_components
+ * @param r The current request
+ * @param pw The password as set in the headers
+ * @return 0 (OK) if it set the 'pw' argument (and assured
+@@ -571,6 +575,25 @@ AP_DECLARE_HOOK(int, note_auth_failure, (request_rec *r, const char *auth_type))
+ */
+ AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw);
+
++#define AP_GET_BASIC_AUTH_PW_NOTE "AP_GET_BASIC_AUTH_PW_NOTE"
++
++/**
++ * Get the username and/or password from the request's Basic authentication
++ * headers. Unlike ap_get_basic_auth_pw(), calling this function has no side
++ * effects on the passed request_rec.
++ *
++ * @param r The current request
++ * @param username If not NULL, set to the username sent by the client
++ * @param password If not NULL, set to the password sent by the client
++ * @return APR_SUCCESS if the credentials were successfully parsed and returned;
++ * APR_EINVAL if there was no authentication header sent or if the
++ * client was not using the Basic authentication scheme. username and
++ * password are unchanged on failure.
++ */
++AP_DECLARE(apr_status_t) ap_get_basic_auth_components(const request_rec *r,
++ const char **username,
++ const char **password);
++
+ /**
+ * parse_uri: break apart the uri
+ * @warning Side Effects:
+diff --git a/include/httpd.h b/include/httpd.h
+index 652a212..176ef5e 100644
+--- a/include/httpd.h
++++ b/include/httpd.h
+@@ -2272,6 +2272,34 @@ AP_DECLARE(char *) ap_get_exec_line(apr_pool_t *p,
+
+ #define AP_NORESTART APR_OS_START_USEERR + 1
+
++/**
++ * Perform a case-insensitive comparison of two strings @a atr1 and @a atr2,
++ * treating upper and lower case values of the 26 standard C/POSIX alphabetic
++ * characters as equivalent. Extended latin characters outside of this set
++ * are treated as unique octets, irrespective of the current locale.
++ *
++ * Returns in integer greater than, equal to, or less than 0,
++ * according to whether @a str1 is considered greater than, equal to,
++ * or less than @a str2.
++ *
++ * @note Same code as apr_cstr_casecmp, which arrives in APR 1.6
++ */
++AP_DECLARE(int) ap_cstr_casecmp(const char *s1, const char *s2);
++
++/**
++ * Perform a case-insensitive comparison of two strings @a atr1 and @a atr2,
++ * treating upper and lower case values of the 26 standard C/POSIX alphabetic
++ * characters as equivalent. Extended latin characters outside of this set
++ * are treated as unique octets, irrespective of the current locale.
++ *
++ * Returns in integer greater than, equal to, or less than 0,
++ * according to whether @a str1 is considered greater than, equal to,
++ * or less than @a str2.
++ *
++ * @note Same code as apr_cstr_casecmpn, which arrives in APR 1.6
++ */
++AP_DECLARE(int) ap_cstr_casecmpn(const char *s1, const char *s2, apr_size_t n);
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/server/protocol.c b/server/protocol.c
+index 24355c7..868c3e3 100644
+--- a/server/protocol.c
++++ b/server/protocol.c
+@@ -1567,6 +1567,7 @@ AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
+
+ t = ap_pbase64decode(r->pool, auth_line);
+ r->user = ap_getword_nulls (r->pool, &t, ':');
++ apr_table_setn(r->notes, AP_GET_BASIC_AUTH_PW_NOTE, "1");
+ r->ap_auth_type = "Basic";
+
+ *pw = t;
+@@ -1574,6 +1575,53 @@ AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
+ return OK;
+ }
+
++AP_DECLARE(apr_status_t) ap_get_basic_auth_components(const request_rec *r,
++ const char **username,
++ const char **password)
++{
++ const char *auth_header;
++ const char *credentials;
++ const char *decoded;
++ const char *user;
++
++ auth_header = (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization"
++ : "Authorization";
++ credentials = apr_table_get(r->headers_in, auth_header);
++
++ if (!credentials) {
++ /* No auth header. */
++ return APR_EINVAL;
++ }
++
++ if (ap_cstr_casecmp(ap_getword(r->pool, &credentials, ' '), "Basic")) {
++ /* These aren't Basic credentials. */
++ return APR_EINVAL;
++ }
++
++ while (*credentials == ' ' || *credentials == '\t') {
++ credentials++;
++ }
++
++ /* XXX Our base64 decoding functions don't actually error out if the string
++ * we give it isn't base64; they'll just silently stop and hand us whatever
++ * they've parsed up to that point.
++ *
++ * Since this function is supposed to be a drop-in replacement for the
++ * deprecated ap_get_basic_auth_pw(), don't fix this for 2.4.x.
++ */
++ decoded = ap_pbase64decode(r->pool, credentials);
++ user = ap_getword_nulls(r->pool, &decoded, ':');
++
++ if (username) {
++ *username = user;
++ }
++ if (password) {
++ *password = decoded;
++ }
++
++ return APR_SUCCESS;
++}
++
+ struct content_length_ctx {
+ int data_sent; /* true if the C-L filter has already sent at
+ * least one bucket on to the next output filter
+diff --git a/server/request.c b/server/request.c
+index 2711bed..4eef097 100644
+--- a/server/request.c
++++ b/server/request.c
+@@ -124,6 +124,8 @@ static int decl_die(int status, const char *phase, request_rec *r)
+ AP_DECLARE(int) ap_some_authn_required(request_rec *r)
+ {
+ int access_status;
++ char *olduser = r->user;
++ int rv = FALSE;
+
+ switch (ap_satisfies(r)) {
+ case SATISFY_ALL:
+@@ -134,7 +136,7 @@ AP_DECLARE(int) ap_some_authn_required(request_rec *r)
+
+ access_status = ap_run_access_checker_ex(r);
+ if (access_status == DECLINED) {
+- return TRUE;
++ rv = TRUE;
+ }
+
+ break;
+@@ -145,13 +147,14 @@ AP_DECLARE(int) ap_some_authn_required(request_rec *r)
+
+ access_status = ap_run_access_checker_ex(r);
+ if (access_status == DECLINED) {
+- return TRUE;
++ rv = TRUE;
+ }
+
+ break;
+ }
+
+- return FALSE;
++ r->user = olduser;
++ return rv;
+ }
+
+ /* This is the master logic for processing requests. Do NOT duplicate
+@@ -259,6 +262,14 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
+ r->ap_auth_type = r->main->ap_auth_type;
+ }
+ else {
++ /* A module using a confusing API (ap_get_basic_auth_pw) caused
++ ** r->user to be filled out prior to check_authn hook. We treat
++ ** it is inadvertent.
++ */
++ if (r->user && apr_table_get(r->notes, AP_GET_BASIC_AUTH_PW_NOTE)) {
++ r->user = NULL;
++ }
++
+ switch (ap_satisfies(r)) {
+ case SATISFY_ALL:
+ case SATISFY_NOSPEC:
+diff --git a/server/util.c b/server/util.c
+index db22b50..70fd662 100644
+--- a/server/util.c
++++ b/server/util.c
+@@ -96,7 +96,6 @@
+ #undef APLOG_MODULE_INDEX
+ #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
+
+-
+ /*
+ * Examine a field value (such as a media-/content-type) string and return
+ * it sans any parameters; e.g., strip off any ';charset=foo' and the like.
+@@ -3036,3 +3035,128 @@ AP_DECLARE(char *) ap_get_exec_line(apr_pool_t *p,
+
+ return apr_pstrndup(p, buf, k);
+ }
++
++#if !APR_CHARSET_EBCDIC
++/*
++ * Our own known-fast translation table for casecmp by character.
++ * Only ASCII alpha characters 41-5A are folded to 61-7A, other
++ * octets (such as extended latin alphabetics) are never case-folded.
++ * NOTE: Other than Alpha A-Z/a-z, each code point is unique!
++*/
++static const short ucharmap[] = {
++ 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7,
++ 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf,
++ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
++ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
++ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
++ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
++ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
++ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
++ 0x40, 'a', 'b', 'c', 'd', 'e', 'f', 'g',
++ 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o',
++ 'p', 'q', 'r', 's', 't', 'u', 'v', 'w',
++ 'x', 'y', 'z', 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
++ 0x60, 'a', 'b', 'c', 'd', 'e', 'f', 'g',
++ 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o',
++ 'p', 'q', 'r', 's', 't', 'u', 'v', 'w',
++ 'x', 'y', 'z', 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
++ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
++ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
++ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
++ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
++ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
++ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
++ 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
++ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
++ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
++ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
++ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
++ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
++ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
++ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
++ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
++ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
++};
++#else /* APR_CHARSET_EBCDIC */
++/*
++ * Derived from apr-iconv/ccs/cp037.c for EBCDIC case comparison,
++ * provides unique identity of every char value (strict ISO-646
++ * conformance, arbitrary election of an ISO-8859-1 ordering, and
++ * very arbitrary control code assignments into C1 to achieve
++ * identity and a reversible mapping of code points),
++ * then folding the equivalences of ASCII 41-5A into 61-7A,
++ * presenting comparison results in a somewhat ISO/IEC 10646
++ * (ASCII-like) order, depending on the EBCDIC code page in use.
++ *
++ * NOTE: Other than Alpha A-Z/a-z, each code point is unique!
++ */
++static const short ucharmap[] = {
++ 0x00, 0x01, 0x02, 0x03, 0x9C, 0x09, 0x86, 0x7F,
++ 0x97, 0x8D, 0x8E, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
++ 0x10, 0x11, 0x12, 0x13, 0x9D, 0x85, 0x08, 0x87,
++ 0x18, 0x19, 0x92, 0x8F, 0x1C, 0x1D, 0x1E, 0x1F,
++ 0x80, 0x81, 0x82, 0x83, 0x84, 0x0A, 0x17, 0x1B,
++ 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x05, 0x06, 0x07,
++ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
++ 0x98, 0x99, 0x9A, 0x9B, 0x14, 0x15, 0x9E, 0x1A,
++ 0x20, 0xA0, 0xE2, 0xE4, 0xE0, 0xE1, 0xE3, 0xE5,
++ 0xE7, 0xF1, 0xA2, 0x2E, 0x3C, 0x28, 0x2B, 0x7C,
++ 0x26, 0xE9, 0xEA, 0xEB, 0xE8, 0xED, 0xEE, 0xEF,
++ 0xEC, 0xDF, 0x21, 0x24, 0x2A, 0x29, 0x3B, 0xAC,
++ 0x2D, 0x2F, 0xC2, 0xC4, 0xC0, 0xC1, 0xC3, 0xC5,
++ 0xC7, 0xD1, 0xA6, 0x2C, 0x25, 0x5F, 0x3E, 0x3F,
++ 0xF8, 0xC9, 0xCA, 0xCB, 0xC8, 0xCD, 0xCE, 0xCF,
++ 0xCC, 0x60, 0x3A, 0x23, 0x40, 0x27, 0x3D, 0x22,
++ 0xD8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
++ 0x68, 0x69, 0xAB, 0xBB, 0xF0, 0xFD, 0xFE, 0xB1,
++ 0xB0, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70,
++ 0x71, 0x72, 0xAA, 0xBA, 0xE6, 0xB8, 0xC6, 0xA4,
++ 0xB5, 0x7E, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
++ 0x79, 0x7A, 0xA1, 0xBF, 0xD0, 0xDD, 0xDE, 0xAE,
++ 0x5E, 0xA3, 0xA5, 0xB7, 0xA9, 0xA7, 0xB6, 0xBC,
++ 0xBD, 0xBE, 0x5B, 0x5D, 0xAF, 0xA8, 0xB4, 0xD7,
++ 0x7B, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
++ 0x68, 0x69, 0xAD, 0xF4, 0xF6, 0xF2, 0xF3, 0xF5,
++ 0x7D, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70,
++ 0x71, 0x72, 0xB9, 0xFB, 0xFC, 0xF9, 0xFA, 0xFF,
++ 0x5C, 0xF7, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
++ 0x79, 0x7A, 0xB2, 0xD4, 0xD6, 0xD2, 0xD3, 0xD5,
++ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
++ 0x38, 0x39, 0xB3, 0xDB, 0xDC, 0xD9, 0xDA, 0x9F
++};
++#endif
++
++AP_DECLARE(int) ap_cstr_casecmp(const char *s1, const char *s2)
++{
++ const unsigned char *str1 = (const unsigned char *)s1;
++ const unsigned char *str2 = (const unsigned char *)s2;
++ for (;;)
++ {
++ const int c1 = (int)(*str1);
++ const int c2 = (int)(*str2);
++ const int cmp = ucharmap[c1] - ucharmap[c2];
++ /* Not necessary to test for !c2, this is caught by cmp */
++ if (cmp || !c1)
++ return cmp;
++ str1++;
++ str2++;
++ }
++}
++
++AP_DECLARE(int) ap_cstr_casecmpn(const char *s1, const char *s2, apr_size_t n)
++{
++ const unsigned char *str1 = (const unsigned char *)s1;
++ const unsigned char *str2 = (const unsigned char *)s2;
++ while (n--)
++ {
++ const int c1 = (int)(*str1);
++ const int c2 = (int)(*str2);
++ const int cmp = ucharmap[c1] - ucharmap[c2];
++ /* Not necessary to test for !c2, this is caught by cmp */
++ if (cmp || !c1)
++ return cmp;
++ str1++;
++ str2++;
++ }
++ return 0;
++}
diff --git a/SOURCES/httpd-2.4.6-CVE-2017-3169.patch b/SOURCES/httpd-2.4.6-CVE-2017-3169.patch
new file mode 100644
index 0000000..36e2611
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2017-3169.patch
@@ -0,0 +1,64 @@
+diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
+index 85c6ce7..4a9fc9a 100644
+--- a/modules/ssl/ssl_engine_io.c
++++ b/modules/ssl/ssl_engine_io.c
+@@ -834,19 +834,20 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
+ * establish an outgoing SSL connection. */
+ #define MODSSL_ERROR_BAD_GATEWAY (APR_OS_START_USERERR + 1)
+
+-static void ssl_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f)
++static void ssl_io_filter_disable(SSLConnRec *sslconn,
++ bio_filter_in_ctx_t *inctx)
+ {
+- bio_filter_in_ctx_t *inctx = f->ctx;
+ SSL_free(inctx->ssl);
+ sslconn->ssl = NULL;
+ inctx->ssl = NULL;
+ inctx->filter_ctx->pssl = NULL;
+ }
+
+-static apr_status_t ssl_io_filter_error(ap_filter_t *f,
++static apr_status_t ssl_io_filter_error(bio_filter_in_ctx_t *inctx,
+ apr_bucket_brigade *bb,
+ apr_status_t status)
+ {
++ ap_filter_t *f = inctx->f;
+ SSLConnRec *sslconn = myConnConfig(f->c);
+ apr_bucket *bucket;
+ int send_eos = 1;
+@@ -860,7 +861,7 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f,
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, sslconn->server);
+
+ sslconn->non_ssl_request = NON_SSL_SEND_HDR_SEP;
+- ssl_io_filter_disable(sslconn, f);
++ ssl_io_filter_disable(sslconn, inctx);
+
+ /* fake the request line */
+ bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
+@@ -1342,7 +1343,7 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
+ * rather than have SSLEngine On configured.
+ */
+ if ((status = ssl_io_filter_handshake(inctx->filter_ctx)) != APR_SUCCESS) {
+- return ssl_io_filter_error(f, bb, status);
++ return ssl_io_filter_error(inctx, bb, status);
+ }
+
+ if (is_init) {
+@@ -1396,7 +1397,7 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
+
+ /* Handle custom errors. */
+ if (status != APR_SUCCESS) {
+- return ssl_io_filter_error(f, bb, status);
++ return ssl_io_filter_error(inctx, bb, status);
+ }
+
+ /* Create a transient bucket out of the decrypted data. */
+@@ -1613,7 +1614,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
+ inctx->block = APR_BLOCK_READ;
+
+ if ((status = ssl_io_filter_handshake(filter_ctx)) != APR_SUCCESS) {
+- return ssl_io_filter_error(f, bb, status);
++ return ssl_io_filter_error(inctx, bb, status);
+ }
+
+ while (!APR_BRIGADE_EMPTY(bb)) {
diff --git a/SOURCES/httpd-2.4.6-CVE-2017-7668.patch b/SOURCES/httpd-2.4.6-CVE-2017-7668.patch
new file mode 100644
index 0000000..8dd73e5
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2017-7668.patch
@@ -0,0 +1,15 @@
+--- a/server/util.c 2017/05/30 12:27:41 1796855
++++ b/server/util.c 2017/05/30 12:28:20 1796856
+@@ -1679,10 +1679,8 @@
+
+ s = (const unsigned char *)line;
+ for (;;) {
+- /* find start of token, skip all stop characters, note NUL
+- * isn't a token stop, so we don't need to test for it
+- */
+- while (TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
++ /* find start of token, skip all stop characters */
++ while (*s && TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
+ ++s;
+ }
+ if (!*s) {
diff --git a/SOURCES/httpd-2.4.6-CVE-2017-7679.patch b/SOURCES/httpd-2.4.6-CVE-2017-7679.patch
new file mode 100644
index 0000000..a68d3f6
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2017-7679.patch
@@ -0,0 +1,14 @@
+--- a/modules/http/mod_mime.c 2017/06/05 12:10:05 1797652
++++ b/modules/http/mod_mime.c 2017/06/05 12:12:31 1797653
+@@ -528,9 +528,9 @@
+ int res = -1;
+ int c;
+
+- if (((s + 1) != NULL) && (*s == '\\')) {
++ if (*s == '\\') {
+ c = (int) *(s + 1);
+- if (apr_isascii(c)) {
++ if (c && apr_isascii(c)) {
+ res = 1;
+ }
+ }
diff --git a/SOURCES/httpd-2.4.6-CVE-2017-9788.patch b/SOURCES/httpd-2.4.6-CVE-2017-9788.patch
new file mode 100644
index 0000000..d1a3480
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2017-9788.patch
@@ -0,0 +1,29 @@
+diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c
+index 0ff47f7..cbb4434 100644
+--- a/modules/aaa/mod_auth_digest.c
++++ b/modules/aaa/mod_auth_digest.c
+@@ -956,13 +956,13 @@ static int get_digest_rec(request_rec *r, digest_header_rec *resp)
+
+ /* find value */
+
++ vv = 0;
+ if (auth_line[0] == '=') {
+ auth_line++;
+ while (apr_isspace(auth_line[0])) {
+ auth_line++;
+ }
+
+- vv = 0;
+ if (auth_line[0] == '\"') { /* quoted string */
+ auth_line++;
+ while (auth_line[0] != '\"' && auth_line[0] != '\0') {
+@@ -981,8 +981,8 @@ static int get_digest_rec(request_rec *r, digest_header_rec *resp)
+ value[vv++] = *auth_line++;
+ }
+ }
+- value[vv] = '\0';
+ }
++ value[vv] = '\0';
+
+ while (auth_line[0] != ',' && auth_line[0] != '\0') {
+ auth_line++;
diff --git a/SOURCES/welcome.conf b/SOURCES/welcome.conf
index c1b6c11..5d1e452 100644
--- a/SOURCES/welcome.conf
+++ b/SOURCES/welcome.conf
@@ -16,7 +16,3 @@
</Directory>
Alias /.noindex.html /usr/share/httpd/noindex/index.html
-Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
diff --git a/SPECS/httpd.spec b/SPECS/httpd.spec
index 6ba91d0..ce39e07 100644
--- a/SPECS/httpd.spec
+++ b/SPECS/httpd.spec
@@ -4,7 +4,7 @@
%define mmn 20120211
%define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
-%define vstring CentOS
+%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
# Drop automatic provides for module DSOs
%{?filter_setup:
@@ -15,10 +15,10 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.6
-Release: 67%{?dist}
+Release: 67%{?dist}.2
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source1: centos-noindex.tar.gz
+Source1: index.html
Source2: httpd.logrotate
Source3: httpd.sysconf
Source4: httpd-ssl-pass-dialog
@@ -171,6 +171,12 @@ Patch211: httpd-2.4.6-CVE-2016-5387.patch
Patch212: httpd-2.4.6-CVE-2016-8743.patch
Patch213: httpd-2.4.6-CVE-2016-0736.patch
Patch214: httpd-2.4.6-CVE-2016-2161.patch
+Patch215: httpd-2.4.6-CVE-2017-3167.patch
+Patch216: httpd-2.4.6-CVE-2017-3169.patch
+Patch217: httpd-2.4.6-CVE-2017-7668.patch
+Patch218: httpd-2.4.6-CVE-2017-7679.patch
+Patch219: httpd-2.4.6-CVE-2017-9788.patch
+
License: ASL 2.0
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -389,6 +395,11 @@ rm modules/ssl/ssl_engine_dh.c
%patch212 -p1 -b .cve8743
%patch213 -p1 -b .cve0736
%patch214 -p1 -b .cve2161
+%patch215 -p1 -b .cve3167
+%patch216 -p1 -b .cve3169
+%patch217 -p1 -b .cve7668
+%patch218 -p1 -b .cve7679
+%patch219 -p1 -b .cve9788
# Patch in the vendor string and the release string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -542,10 +553,8 @@ EOF
# Handle contentdir
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
-tar xzf $RPM_SOURCE_DIR/centos-noindex.tar.gz \
- -C $RPM_BUILD_ROOT%{contentdir}/noindex/ \
- --strip-components=1
-
+install -m 644 -p $RPM_SOURCE_DIR/index.html \
+ $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
rm -rf %{contentdir}/htdocs
# remove manual sources
@@ -568,7 +577,7 @@ rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
$RPM_BUILD_ROOT%{docroot}/cgi-bin/*
# Symlink for the powered-by-$DISTRO image:
-ln -s ../noindex/images/poweredby.png \
+ln -s ../../pixmaps/poweredby.png \
$RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
# symlinks for /etc/httpd
@@ -754,7 +763,7 @@ rm -rf $RPM_BUILD_ROOT
%{contentdir}/error/README
%{contentdir}/error/*.var
%{contentdir}/error/include/*.html
-%{contentdir}/noindex/*
+%{contentdir}/noindex/index.html
%dir %{docroot}
%dir %{docroot}/cgi-bin
@@ -820,11 +829,14 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/rpm/macros.httpd
%changelog
-* Mon Jul 31 2017 CentOS Sources <bugs@centos.org> - 2.4.6-67.el7.centos
-- Remove index.html, add centos-noindex.tar.gz
-- change vstring
-- change symlink for poweredby.png
-- update welcome.conf with proper aliases
+* Wed Jul 26 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-67.2
+- Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw()
+ authentication bypass
+- Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference
+- Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread
+- Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread
+- Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection
+ in mod_auth_digest
* Tue May 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-67
- Related: #1332242 - Explicitly disallow the '#' character in allow,deny