diff --git a/.gitignore b/.gitignore
index 260a2d6..9969f1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
SOURCES/httpd-2.4.6.tar.bz2
-SOURCES/centos-noindex.tar.gz
diff --git a/.httpd.metadata b/.httpd.metadata
index 17ede1b..d335a99 100644
--- a/.httpd.metadata
+++ b/.httpd.metadata
@@ -1,2 +1 @@
16d8ec72535ded65d035122b0d944b0e64eaa2a2 SOURCES/httpd-2.4.6.tar.bz2
-6ce5ab3c765b9efeceb2e636e32373bc6e6ed489 SOURCES/centos-noindex.tar.gz
diff --git a/SOURCES/httpd-2.4.6-CVE-2017-15715.patch b/SOURCES/httpd-2.4.6-CVE-2017-15715.patch
new file mode 100644
index 0000000..74e3770
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2017-15715.patch
@@ -0,0 +1,190 @@
+diff --git a/include/ap_regex.h b/include/ap_regex.h
+index 5122154..349ae83 100644
+--- a/include/ap_regex.h
++++ b/include/ap_regex.h
+@@ -77,6 +77,8 @@ extern "C" {
+ #define AP_REG_NOMEM 0x20 /* nomem in our code */
+ #define AP_REG_DOTALL 0x40 /* perl's /s flag */
+
++#define AP_REG_DOLLAR_ENDONLY 0x200 /**< '$' matches at end of subject string only */
++
+ /* Error values: */
+ enum {
+ AP_REG_ASSERT = 1, /** internal error ? */
+@@ -100,6 +102,26 @@ typedef struct {
+
+ /* The functions */
+
++/**
++ * Get default compile flags
++ * @return Bitwise OR of AP_REG_* flags
++ */
++AP_DECLARE(int) ap_regcomp_get_default_cflags(void);
++
++/**
++ * Set default compile flags
++ * @param cflags Bitwise OR of AP_REG_* flags
++ */
++AP_DECLARE(void) ap_regcomp_set_default_cflags(int cflags);
++
++/**
++ * Get the AP_REG_* corresponding to the string.
++ * @param name The name (i.e. AP_REG_<name>)
++ * @return The AP_REG_*, or zero if the string is unknown
++ *
++ */
++AP_DECLARE(int) ap_regcomp_default_cflag_by_name(const char *name);
++
+ /**
+ * Compile a regular expression.
+ * @param preg Returned compiled regex
+diff --git a/server/core.c b/server/core.c
+index b3240a0..e073ddf 100644
+--- a/server/core.c
++++ b/server/core.c
+@@ -48,6 +48,7 @@
+ #include "mod_core.h"
+ #include "mod_proxy.h"
+ #include "ap_listen.h"
++#include "ap_regex.h"
+
+ #include "mod_so.h" /* for ap_find_loaded_module_symbol */
+
+@@ -2646,6 +2647,58 @@ static const char *virtualhost_section(cmd_parms *cmd, void *dummy,
+ return errmsg;
+ }
+
++static const char *set_regex_default_options(cmd_parms *cmd,
++ void *dummy,
++ const char *arg)
++{
++ const command_rec *thiscmd = cmd->cmd;
++ int cflags, cflag;
++
++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++ if (err != NULL) {
++ return err;
++ }
++
++ cflags = ap_regcomp_get_default_cflags();
++ while (*arg) {
++ const char *name = ap_getword_conf(cmd->pool, &arg);
++ int how = 0;
++
++ if (strcasecmp(name, "none") == 0) {
++ cflags = 0;
++ continue;
++ }
++
++ if (*name == '+') {
++ name++;
++ how = +1;
++ }
++ else if (*name == '-') {
++ name++;
++ how = -1;
++ }
++
++ cflag = ap_regcomp_default_cflag_by_name(name);
++ if (!cflag) {
++ return apr_psprintf(cmd->pool, "%s: option '%s' unknown",
++ thiscmd->name, name);
++ }
++
++ if (how > 0) {
++ cflags |= cflag;
++ }
++ else if (how < 0) {
++ cflags &= ~cflag;
++ }
++ else {
++ cflags = cflag;
++ }
++ }
++ ap_regcomp_set_default_cflags(cflags);
++
++ return NULL;
++}
++
+ static const char *set_server_alias(cmd_parms *cmd, void *dummy,
+ const char *arg)
+ {
+@@ -4164,6 +4217,9 @@ AP_INIT_TAKE12("RLimitNPROC", no_set_limit, NULL,
+ OR_ALL, "soft/hard limits for max number of processes per uid"),
+ #endif
+
++AP_INIT_RAW_ARGS("RegexDefaultOptions", set_regex_default_options, NULL, RSRC_CONF,
++ "default options for regexes (prefixed by '+' to add, '-' to del)"),
++
+ /* internal recursion stopper */
+ AP_INIT_TAKE12("LimitInternalRecursion", set_recursion_limit, NULL, RSRC_CONF,
+ "maximum recursion depth of internal redirects and subrequests"),
+@@ -4569,6 +4625,8 @@ static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptem
+ apr_pool_cleanup_register(pconf, NULL, reset_config_defines,
+ apr_pool_cleanup_null);
+
++ ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY);
++
+ mpm_common_pre_config(pconf);
+
+ return OK;
+diff --git a/server/util_pcre.c b/server/util_pcre.c
+index 1e83cad..d7df400 100644
+--- a/server/util_pcre.c
++++ b/server/util_pcre.c
+@@ -110,6 +110,38 @@ AP_DECLARE(void) ap_regfree(ap_regex_t *preg)
+ * Compile a regular expression *
+ *************************************************/
+
++static int default_cflags = AP_REG_DOLLAR_ENDONLY;
++
++AP_DECLARE(int) ap_regcomp_get_default_cflags(void)
++{
++ return default_cflags;
++}
++
++AP_DECLARE(void) ap_regcomp_set_default_cflags(int cflags)
++{
++ default_cflags = cflags;
++}
++
++AP_DECLARE(int) ap_regcomp_default_cflag_by_name(const char *name)
++{
++ int cflag = 0;
++
++ if (strcasecmp(name, "ICASE") == 0) {
++ cflag = AP_REG_ICASE;
++ }
++ else if (strcasecmp(name, "DOTALL") == 0) {
++ cflag = AP_REG_DOTALL;
++ }
++ else if (strcasecmp(name, "DOLLAR_ENDONLY") == 0) {
++ cflag = AP_REG_DOLLAR_ENDONLY;
++ }
++ else if (strcasecmp(name, "EXTENDED") == 0) {
++ cflag = AP_REG_EXTENDED;
++ }
++
++ return cflag;
++}
++
+ /*
+ * Arguments:
+ * preg points to a structure for recording the compiled expression
+@@ -126,12 +158,16 @@ AP_DECLARE(int) ap_regcomp(ap_regex_t * preg, const char *pattern, int cflags)
+ int errcode = 0;
+ int options = 0;
+
++ cflags |= default_cflags;
+ if ((cflags & AP_REG_ICASE) != 0)
+ options |= PCRE_CASELESS;
+ if ((cflags & AP_REG_NEWLINE) != 0)
+ options |= PCRE_MULTILINE;
+ if ((cflags & AP_REG_DOTALL) != 0)
+ options |= PCRE_DOTALL;
++ if ((cflags & AP_REG_DOLLAR_ENDONLY) != 0)
++ options |= PCRE_DOLLAR_ENDONLY;
++
+
+ preg->re_pcre =
+ pcre_compile2(pattern, options, &errcode, &errorptr, &erroffset, NULL);
diff --git a/SOURCES/httpd-2.4.6-CVE-2018-1283.patch b/SOURCES/httpd-2.4.6-CVE-2018-1283.patch
new file mode 100644
index 0000000..c51bb4f
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2018-1283.patch
@@ -0,0 +1,23 @@
+--- a/modules/session/mod_session.c 2018/02/16 13:39:47 1824476
++++ b/modules/session/mod_session.c 2018/02/16 13:41:31 1824477
+@@ -510,12 +510,15 @@
+ */
+ ap_session_load(r, &z);
+
+- if (z && conf->env) {
+- session_identity_encode(r, z);
+- if (z->encoded) {
+- apr_table_set(r->subprocess_env, HTTP_SESSION, z->encoded);
+- z->encoded = NULL;
++ if (conf->env) {
++ if (z) {
++ session_identity_encode(r, z);
++ if (z->encoded) {
++ apr_table_set(r->subprocess_env, HTTP_SESSION, z->encoded);
++ z->encoded = NULL;
++ }
+ }
++ apr_table_unset(r->headers_in, "Session");
+ }
+
+ return OK;
diff --git a/SOURCES/httpd-2.4.6-CVE-2018-1303.patch b/SOURCES/httpd-2.4.6-CVE-2018-1303.patch
new file mode 100644
index 0000000..f0b6bde
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2018-1303.patch
@@ -0,0 +1,12 @@
+--- a/modules/cache/mod_cache_socache.c 2018/02/16 13:32:48 1824474
++++ b/modules/cache/mod_cache_socache.c 2018/02/16 13:34:35 1824475
+@@ -213,7 +213,8 @@
+ "Premature end of cache headers.");
+ return APR_EGENERAL;
+ }
+- while (apr_isspace(buffer[colon])) {
++ /* Do not go past the \r from above as apr_isspace('\r') is true */
++ while (apr_isspace(buffer[colon]) && (colon < *slider)) {
+ colon++;
+ }
+ apr_table_addn(table, apr_pstrndup(r->pool, (const char *) buffer
diff --git a/SOURCES/httpd-2.4.6-CVE-2018-17199.patch b/SOURCES/httpd-2.4.6-CVE-2018-17199.patch
new file mode 100644
index 0000000..70bfea2
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2018-17199.patch
@@ -0,0 +1,46 @@
+diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
+index 7213eb3..3e73c7a 100644
+--- a/modules/session/mod_session.c
++++ b/modules/session/mod_session.c
+@@ -126,15 +126,9 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
+
+ /* found a session that hasn't expired? */
+ now = apr_time_now();
+- if (!zz || (zz->expiry && zz->expiry < now)) {
+-
+- /* no luck, create a blank session */
+- zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
+- zz->pool = r->pool;
+- zz->entries = apr_table_make(zz->pool, 10);
+-
+- }
+- else {
++
++ if (zz){
++ /* load the session attibutes */
+ rv = ap_run_session_decode(r, zz);
+ if (OK != rv) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
+@@ -142,8 +136,22 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
+ "session not loaded: %s", r->uri);
+ return rv;
+ }
++
++ /* invalidate session if session is expired */
++ if (zz && zz->expiry && zz->expiry < now){
++ zz = NULL;
++ }
+ }
+
++ if (!zz || (zz->expiry && zz->expiry < now)) {
++
++ /* no luck, create a blank session */
++ zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
++ zz->pool = r->pool;
++ zz->entries = apr_table_make(zz->pool, 10);
++
++ }
++
+ /* make sure the expiry is set, if present */
+ if (!zz->expiry && dconf->maxage) {
+ zz->expiry = now + dconf->maxage * APR_USEC_PER_SEC;
diff --git a/SOURCES/httpd-2.4.6-CVE-2019-10098.patch b/SOURCES/httpd-2.4.6-CVE-2019-10098.patch
new file mode 100644
index 0000000..f8298cc
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2019-10098.patch
@@ -0,0 +1,91 @@
+diff --git a/include/ap_regex.h b/include/ap_regex.h
+index 349ae83..952e77a 100644
+--- a/include/ap_regex.h
++++ b/include/ap_regex.h
+@@ -79,6 +79,12 @@ extern "C" {
+
+ #define AP_REG_DOLLAR_ENDONLY 0x200 /**< '$' matches at end of subject string only */
+
++#define AP_REG_NO_DEFAULT 0x400 /**< Don't implicitely add AP_REG_DEFAULT options */
++
++#define AP_REG_MATCH "MATCH_" /**< suggested prefix for ap_regname */
++
++#define AP_REG_DEFAULT (AP_REG_DOTALL|AP_REG_DOLLAR_ENDONLY)
++
+ /* Error values: */
+ enum {
+ AP_REG_ASSERT = 1, /** internal error ? */
+diff --git a/modules/filters/mod_substitute.c b/modules/filters/mod_substitute.c
+index 15cd8ee..69af111 100644
+--- a/modules/filters/mod_substitute.c
++++ b/modules/filters/mod_substitute.c
+@@ -599,8 +599,10 @@ static const char *set_pattern(cmd_parms *cmd, void *cfg, const char *line)
+
+ /* first see if we can compile the regex */
+ if (!is_pattern) {
+- r = ap_pregcomp(cmd->pool, from, AP_REG_EXTENDED |
+- (ignore_case ? AP_REG_ICASE : 0));
++ int flags = AP_REG_NO_DEFAULT
++ | (ap_regcomp_get_default_cflags() & AP_REG_DOLLAR_ENDONLY)
++ | (ignore_case ? AP_REG_ICASE : 0);
++ r = ap_pregcomp(cmd->pool, from, flags);
+ if (!r)
+ return "Substitute could not compile regex";
+ }
+diff --git a/server/core.c b/server/core.c
+index d4af287..6ae0f5f 100644
+--- a/server/core.c
++++ b/server/core.c
+@@ -4625,7 +4625,7 @@ static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptem
+ apr_pool_cleanup_register(pconf, NULL, reset_config_defines,
+ apr_pool_cleanup_null);
+
+- ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY);
++ ap_regcomp_set_default_cflags(AP_REG_DEFAULT);
+
+ mpm_common_pre_config(pconf);
+
+diff --git a/server/util_pcre.c b/server/util_pcre.c
+index d7df400..f778c75 100644
+--- a/server/util_pcre.c
++++ b/server/util_pcre.c
+@@ -110,7 +110,7 @@ AP_DECLARE(void) ap_regfree(ap_regex_t *preg)
+ * Compile a regular expression *
+ *************************************************/
+
+-static int default_cflags = AP_REG_DOLLAR_ENDONLY;
++static int default_cflags = AP_REG_DEFAULT;
+
+ AP_DECLARE(int) ap_regcomp_get_default_cflags(void)
+ {
+@@ -158,7 +158,8 @@ AP_DECLARE(int) ap_regcomp(ap_regex_t * preg, const char *pattern, int cflags)
+ int errcode = 0;
+ int options = 0;
+
+- cflags |= default_cflags;
++ if ((cflags & AP_REG_NO_DEFAULT) == 0)
++ cflags |= default_cflags;
+ if ((cflags & AP_REG_ICASE) != 0)
+ options |= PCRE_CASELESS;
+ if ((cflags & AP_REG_NEWLINE) != 0)
+diff --git a/server/util_regex.c b/server/util_regex.c
+index 73eccec..5038b99 100644
+--- a/server/util_regex.c
++++ b/server/util_regex.c
+@@ -93,6 +93,7 @@ AP_DECLARE(ap_rxplus_t*) ap_rxplus_compile(apr_pool_t *pool,
+ }
+
+ /* anything after the current delimiter is flags */
++ ret->flags = ap_regcomp_get_default_cflags() & AP_REG_DOLLAR_ENDONLY;
+ while (*++endp) {
+ switch (*endp) {
+ case 'i': ret->flags |= AP_REG_ICASE; break;
+@@ -105,7 +106,7 @@ AP_DECLARE(ap_rxplus_t*) ap_rxplus_compile(apr_pool_t *pool,
+ default: break; /* we should probably be stricter here */
+ }
+ }
+- if (ap_regcomp(&ret->rx, rxstr, ret->flags) == 0) {
++ if (ap_regcomp(&ret->rx, rxstr, AP_REG_NO_DEFAULT | ret->flags) == 0) {
+ apr_pool_cleanup_register(pool, &ret->rx, rxplus_cleanup,
+ apr_pool_cleanup_null);
+ }
diff --git a/SOURCES/httpd-2.4.6-session-expiry-updt-int.patch b/SOURCES/httpd-2.4.6-session-expiry-updt-int.patch
new file mode 100644
index 0000000..56d6c53
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-session-expiry-updt-int.patch
@@ -0,0 +1,194 @@
+diff --git a/docs/manual/mod/mod_session.html.en b/docs/manual/mod/mod_session.html.en
+index 96a61e6..4ecc97d 100644
+--- a/docs/manual/mod/mod_session.html.en
++++ b/docs/manual/mod/mod_session.html.en
+@@ -69,6 +69,7 @@
+ <li><img alt="" src="../images/down.gif" /> <a href="#sessionheader">SessionHeader</a></li>
+ <li><img alt="" src="../images/down.gif" /> <a href="#sessioninclude">SessionInclude</a></li>
+ <li><img alt="" src="../images/down.gif" /> <a href="#sessionmaxage">SessionMaxAge</a></li>
++<li><img alt="" src="../images/down.gif" /> <a href="#sessionexpiryupdateinterval">SessionExpiryUpdateInterval</a></li>
+ </ul>
+ <h3>Topics</h3>
+ <ul id="topics">
+@@ -494,6 +495,37 @@ AuthName realm
+
+ <p>Setting the maxage to zero disables session expiry.</p>
+
++</div>
++<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
++<div class="directive-section"><h2><a name="SessionExpiryUpdateInterval" id="sessionexpiryupdateinterval">SessionExpiryUpdateInterval</a> <a name="sessionexpiryupdateinterval" id="sessionexpiryupdateinterval">Directive</a></h2>
++<table class="directive">
++<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Define the number of seconds a session's expiry may change without the session being updated</td></tr>
++<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionExpiryUpdateInterval <var>interval</var></code></td></tr>
++<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SessionExpiryUpdateInterval 0 (always update)</code></td></tr>
++<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
++<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session</td></tr>
++</table>
++ <p>The <code class="directive">SessionExpiryUpdateInterval</code> directive allows
++ sessions to avoid the cost associated with writing the session each request
++ when only the expiry time has changed. This can be used to make a website
++ more efficient or reduce load on a database when using
++ <module>mod_session_dbd</module>. The session is always written if the data
++ stored in the session has changed or the expiry has changed by more than the
++ configured interval.</p>
++
++ <p>Setting the interval to zero disables this directive, and the session
++ expiry is refreshed for each request.</p>
++
++ <p>This directive only has an effect when combined with <code class="directive"><a href="../mod/mod_session.html#sessionmaxage">SessionMaxAge</a></code> to enable session
++ expiry. Sessions without an expiry are only written when the data stored in
++ the session has changed.</p>
++
++ <div class="warning"><h3>Warning</h3>
++ <p>Because the session expiry may not be refreshed with each request, it's
++ possible for sessions to expire up to <var>interval</var> seconds early.
++ Using a small interval usually provides sufficient savings while having a
++ minimal effect on expiry resolution.</p></div>
++
+ </div>
+ </div>
+ <div class="bottomlang">
+diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
+index 3e73c7a..83bf3fc 100644
+--- a/modules/session/mod_session.c
++++ b/modules/session/mod_session.c
+@@ -177,6 +177,7 @@ static apr_status_t ap_session_save(request_rec * r, session_rec * z)
+ {
+ if (z) {
+ apr_time_t now = apr_time_now();
++ apr_time_t initialExpiry = z->expiry;
+ int rv = 0;
+
+ session_dir_conf *dconf = ap_get_module_config(r->per_dir_config,
+@@ -202,6 +203,17 @@ static apr_status_t ap_session_save(request_rec * r, session_rec * z)
+ z->maxage = dconf->maxage;
+ }
+
++ /* don't save if the only change is the expiry by a small amount */
++ if (!z->dirty && dconf->expiry_update_time
++ && (z->expiry - initialExpiry < dconf->expiry_update_time)) {
++ return APR_SUCCESS;
++ }
++
++ /* also don't save sessions that didn't change at all */
++ if (!z->dirty && !z->maxage) {
++ return APR_SUCCESS;
++ }
++
+ /* encode the session */
+ rv = ap_run_session_encode(r, z);
+ if (OK != rv) {
+@@ -544,6 +556,10 @@ static void *merge_session_dir_config(apr_pool_t * p, void *basev, void *addv)
+ new->env_set = add->env_set || base->env_set;
+ new->includes = apr_array_append(p, base->includes, add->includes);
+ new->excludes = apr_array_append(p, base->excludes, add->excludes);
++ new->expiry_update_time = (add->expiry_update_set == 0)
++ ? base->expiry_update_time
++ : add->expiry_update_time;
++ new->expiry_update_set = add->expiry_update_set || base->expiry_update_set;
+
+ return new;
+ }
+@@ -613,6 +629,21 @@ static const char *add_session_exclude(cmd_parms * cmd, void *dconf, const char
+ return NULL;
+ }
+
++static const char *
++ set_session_expiry_update(cmd_parms * parms, void *dconf, const char *arg)
++{
++ session_dir_conf *conf = dconf;
++
++ conf->expiry_update_time = atoi(arg);
++ if (conf->expiry_update_time < 0) {
++ return "SessionExpiryUpdateInterval must be positive or nul";
++ }
++ conf->expiry_update_time = apr_time_from_sec(conf->expiry_update_time);
++ conf->expiry_update_set = 1;
++
++ return NULL;
++}
++
+
+ static const command_rec session_cmds[] =
+ {
+@@ -628,6 +659,9 @@ static const command_rec session_cmds[] =
+ "URL prefixes to include in the session. Defaults to all URLs"),
+ AP_INIT_TAKE1("SessionExclude", add_session_exclude, NULL, RSRC_CONF|OR_AUTHCFG,
+ "URL prefixes to exclude from the session. Defaults to no URLs"),
++ AP_INIT_TAKE1("SessionExpiryUpdateInterval", set_session_expiry_update, NULL, RSRC_CONF|OR_AUTHCFG,
++ "time interval for which a session's expiry time may change "
++ "without having to be rewritten. Zero to disable"),
+ {NULL}
+ };
+
+diff --git a/modules/session/mod_session.h b/modules/session/mod_session.h
+index a6dd5e9..bdeb532 100644
+--- a/modules/session/mod_session.h
++++ b/modules/session/mod_session.h
+@@ -115,6 +115,9 @@ typedef struct {
+ * URLs included if empty */
+ apr_array_header_t *excludes; /* URL prefixes to be excluded. No
+ * URLs excluded if empty */
++ apr_time_t expiry_update_time; /* seconds the session expiry may change and
++ * not have to be rewritten */
++ int expiry_update_set;
+ } session_dir_conf;
+
+ /**
+diff --git a/modules/session/mod_session_cookie.c b/modules/session/mod_session_cookie.c
+index 6a02322..4aa75e4 100644
+--- a/modules/session/mod_session_cookie.c
++++ b/modules/session/mod_session_cookie.c
+@@ -60,9 +60,6 @@ static apr_status_t session_cookie_save(request_rec * r, session_rec * z)
+ session_cookie_dir_conf *conf = ap_get_module_config(r->per_dir_config,
+ &session_cookie_module);
+
+- /* don't cache auth protected pages */
+- apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
+-
+ /* create RFC2109 compliant cookie */
+ if (conf->name_set) {
+ if (z->encoded && z->encoded[0]) {
+@@ -162,6 +159,9 @@ static apr_status_t session_cookie_load(request_rec * r, session_rec ** z)
+ /* put the session in the notes so we don't have to parse it again */
+ apr_table_setn(m->notes, note, (char *)zz);
+
++ /* don't cache auth protected pages */
++ apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private");
++
+ return OK;
+
+ }
+diff --git a/modules/session/mod_session_dbd.c b/modules/session/mod_session_dbd.c
+index cf65e5a..20ef72e 100644
+--- a/modules/session/mod_session_dbd.c
++++ b/modules/session/mod_session_dbd.c
+@@ -243,6 +243,9 @@ static apr_status_t session_dbd_load(request_rec * r, session_rec ** z)
+ /* put the session in the notes so we don't have to parse it again */
+ apr_table_setn(m->notes, note, (char *)zz);
+
++ /* don't cache pages with a session */
++ apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private");
++
+ return OK;
+
+ }
+@@ -407,9 +410,6 @@ static apr_status_t session_dbd_save(request_rec * r, session_rec * z)
+ if (conf->name_set || conf->name2_set) {
+ char *oldkey = NULL, *newkey = NULL;
+
+- /* don't cache pages with a session */
+- apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
+-
+ /* if the session is new or changed, make a new session ID */
+ if (z->uuid) {
+ oldkey = apr_pcalloc(r->pool, APR_UUID_FORMATTED_LENGTH + 1);
+@@ -456,7 +456,7 @@ static apr_status_t session_dbd_save(request_rec * r, session_rec * z)
+ else if (conf->peruser) {
+
+ /* don't cache pages with a session */
+- apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
++ apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private");
+
+ if (r->user) {
+ ret = dbd_save(r, r->user, r->user, z->encoded, z->expiry);
diff --git a/SOURCES/httpd-2.4.6-ssl-close-notify-client.patch b/SOURCES/httpd-2.4.6-ssl-close-notify-client.patch
new file mode 100644
index 0000000..04afef3
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-ssl-close-notify-client.patch
@@ -0,0 +1,161 @@
+diff --git a/include/http_connection.h b/include/http_connection.h
+index 2192507..924ddda 100644
+--- a/include/http_connection.h
++++ b/include/http_connection.h
+@@ -47,9 +47,18 @@ extern "C" {
+ */
+ AP_CORE_DECLARE(void) ap_process_connection(conn_rec *c, void *csd);
+
++/**
++ * Shutdown the connection for writing.
++ * @param c The connection to shutdown
++ * @param flush Whether or not to flush pending data before
++ * @return APR_SUCCESS or the underlying error
++ */
++AP_CORE_DECLARE(apr_status_t) ap_shutdown_conn(conn_rec *c, int flush);
++
+ /**
+ * Flushes all remain data in the client send buffer
+ * @param c The connection to flush
++ * @remark calls ap_shutdown_conn(c, 1)
+ */
+ AP_CORE_DECLARE(void) ap_flush_conn(conn_rec *c);
+
+diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
+index 8be833a..6c79a1a 100644
+--- a/modules/proxy/proxy_util.c
++++ b/modules/proxy/proxy_util.c
+@@ -2886,6 +2886,33 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,
+ }
+ }
+
++static apr_status_t connection_shutdown(void *theconn)
++{
++ proxy_conn_rec *conn = (proxy_conn_rec *)theconn;
++ conn_rec *c = conn->connection;
++ if (c) {
++ if (!c->aborted) {
++ apr_interval_time_t saved_timeout = 0;
++ apr_socket_timeout_get(conn->sock, &saved_timeout);
++ if (saved_timeout) {
++ apr_socket_timeout_set(conn->sock, 0);
++ }
++
++ (void)ap_shutdown_conn(c, 0);
++ c->aborted = 1;
++
++ if (saved_timeout) {
++ apr_socket_timeout_set(conn->sock, saved_timeout);
++ }
++ }
++
++ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02642)
++ "proxy: connection shutdown");
++ }
++ return APR_SUCCESS;
++}
++
++
+ PROXY_DECLARE(int) ap_proxy_connection_create(const char *proxy_function,
+ proxy_conn_rec *conn,
+ conn_rec *c,
+@@ -2958,6 +2985,11 @@ PROXY_DECLARE(int) ap_proxy_connection_create(const char *proxy_function,
+ }
+ apr_socket_timeout_set(conn->sock, current_timeout);
+
++ /* Shutdown the connection before closing it (eg. SSL connections
++ * need to be close-notify-ed).
++ */
++ apr_pool_pre_cleanup_register(conn->scpool, conn, connection_shutdown);
++
+ return OK;
+ }
+
+diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
+index fbd701f..a8778d4 100644
+--- a/modules/ssl/ssl_util_ssl.c
++++ b/modules/ssl/ssl_util_ssl.c
+@@ -166,6 +166,7 @@ int SSL_smart_shutdown(SSL *ssl)
+ {
+ int i;
+ int rc;
++ int flush;
+
+ /*
+ * Repeat the calls, because SSL_shutdown internally dispatches through a
+@@ -175,8 +176,20 @@ int SSL_smart_shutdown(SSL *ssl)
+ * connection and OpenSSL cannot recognize it.
+ */
+ rc = 0;
++ flush = !(SSL_get_shutdown(ssl) & SSL_SENT_SHUTDOWN);
+ for (i = 0; i < 4 /* max 2x pending + 2x data = 4 */; i++) {
+- if ((rc = SSL_shutdown(ssl)))
++ rc = SSL_shutdown(ssl);
++ if (rc >= 0 && flush && (SSL_get_shutdown(ssl) & SSL_SENT_SHUTDOWN)) {
++ /* Once the close notity is sent through the output filters,
++ * ensure it is flushed through the socket.
++ */
++ if (BIO_flush(SSL_get_wbio(ssl)) <= 0) {
++ rc = -1;
++ break;
++ }
++ flush = 0;
++ }
++ if (rc != 0)
+ break;
+ }
+ return rc;
+diff --git a/server/connection.c b/server/connection.c
+index 6e4495f..4942c77 100644
+--- a/server/connection.c
++++ b/server/connection.c
+@@ -64,22 +64,32 @@ AP_IMPLEMENT_HOOK_RUN_ALL(int,pre_connection,(conn_rec *c, void *csd),(c, csd),O
+ #define MAX_SECS_TO_LINGER 30
+ #endif
+
+-AP_CORE_DECLARE(void) ap_flush_conn(conn_rec *c)
++AP_CORE_DECLARE(apr_status_t) ap_shutdown_conn(conn_rec *c, int flush)
+ {
++ apr_status_t rv;
+ apr_bucket_brigade *bb;
+ apr_bucket *b;
+
+ bb = apr_brigade_create(c->pool, c->bucket_alloc);
+
+- /* FLUSH bucket */
+- b = apr_bucket_flush_create(c->bucket_alloc);
+- APR_BRIGADE_INSERT_TAIL(bb, b);
++ if (flush) {
++ /* FLUSH bucket */
++ b = apr_bucket_flush_create(c->bucket_alloc);
++ APR_BRIGADE_INSERT_TAIL(bb, b);
++ }
+
+ /* End Of Connection bucket */
+ b = ap_bucket_eoc_create(c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, b);
+
+- ap_pass_brigade(c->output_filters, bb);
++ rv = ap_pass_brigade(c->output_filters, bb);
++ apr_brigade_destroy(bb);
++ return rv;
++}
++
++AP_CORE_DECLARE(void) ap_flush_conn(conn_rec *c)
++{
++ (void)ap_shutdown_conn(c, 1);
+ }
+
+ /* we now proceed to read from the client until we get EOF, or until
+diff --git a/server/mpm/event/event.c b/server/mpm/event/event.c
+index 5852685..defa109 100644
+--- a/server/mpm/event/event.c
++++ b/server/mpm/event/event.c
+@@ -841,6 +841,7 @@ static int start_lingering_close_nonblocking(event_conn_state_t *cs)
+ apr_socket_t *csd = cs->pfd.desc.s;
+
+ if (c->aborted
++ || ap_shutdown_conn(c, 0) != APR_SUCCESS || c->aborted
+ || apr_socket_shutdown(csd, APR_SHUTDOWN_WRITE) != APR_SUCCESS) {
+ apr_socket_close(csd);
+ apr_pool_clear(cs->p);
diff --git a/SOURCES/welcome.conf b/SOURCES/welcome.conf
index c1b6c11..5d1e452 100644
--- a/SOURCES/welcome.conf
+++ b/SOURCES/welcome.conf
@@ -16,7 +16,3 @@
</Directory>
Alias /.noindex.html /usr/share/httpd/noindex/index.html
-Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
diff --git a/SPECS/httpd.spec b/SPECS/httpd.spec
index b7a3ffd..87cfd6d 100644
--- a/SPECS/httpd.spec
+++ b/SPECS/httpd.spec
@@ -4,7 +4,7 @@
%define mmn 20120211
%define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
-%define vstring CentOS
+%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
# Drop automatic provides for module DSOs
%{?filter_setup:
@@ -15,10 +15,10 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.6
-Release: 92%{?dist}
+Release: 94%{?dist}
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source1: centos-noindex.tar.gz
+Source1: index.html
Source2: httpd.logrotate
Source3: httpd.sysconf
Source4: httpd-ssl-pass-dialog
@@ -72,6 +72,9 @@ Patch37: httpd-2.4.6-uds.patch
Patch38: httpd-2.4.6-upn.patch
Patch39: httpd-2.4.6-r1664565.patch
Patch40: httpd-2.4.6-r1861793+.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1715981
+Patch41: httpd-2.4.6-session-expiry-updt-int.patch
+
# Bug fixes
Patch51: httpd-2.4.3-sslsninotreq.patch
Patch55: httpd-2.4.4-malformed-host.patch
@@ -196,6 +199,8 @@ Patch140: httpd-2.4.6-r1833014.patch
Patch141: httpd-2.4.6-r1583175.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1649470
Patch142: httpd-2.4.6-r1862604.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1724879
+Patch143: httpd-2.4.6-ssl-close-notify-client.patch
# Security fixes
Patch200: httpd-2.4.6-CVE-2013-6438.patch
@@ -224,6 +229,11 @@ Patch222: httpd-2.4.6-CVE-2019-0217.patch
Patch223: httpd-2.4.6-CVE-2019-0220.patch
Patch224: httpd-2.4.6-CVE-2017-15710.patch
Patch225: httpd-2.4.6-CVE-2018-1301.patch
+Patch226: httpd-2.4.6-CVE-2018-17199.patch
+Patch227: httpd-2.4.6-CVE-2017-15715.patch
+Patch228: httpd-2.4.6-CVE-2019-10098.patch
+Patch229: httpd-2.4.6-CVE-2018-1303.patch
+Patch230: httpd-2.4.6-CVE-2018-1283.patch
License: ASL 2.0
Group: System Environment/Daemons
@@ -360,6 +370,7 @@ rm modules/ssl/ssl_engine_dh.c
%patch38 -p1 -b .upn
%patch39 -p1 -b .r1664565
%patch40 -p1 -b .r1861793+
+%patch41 -p1 -b .session-expiry
%patch51 -p1 -b .sninotreq
%patch55 -p1 -b .malformedhost
@@ -448,8 +459,8 @@ rm modules/ssl/ssl_engine_dh.c
%patch139 -p1 -b .r1824872
%patch140 -p1 -b .r1833014
%patch141 -p1 -b .r1583175
-%patch142 -p1 -b .1862604
-
+%patch142 -p1 -b .r1862604
+%patch143 -p1 -b .ssl-close-notify-client
%patch200 -p1 -b .cve6438
%patch201 -p1 -b .cve0098
@@ -477,6 +488,11 @@ rm modules/ssl/ssl_engine_dh.c
%patch223 -p1 -b .cve0220
%patch224 -p1 -b .cve15710
%patch225 -p1 -b .cve1301
+%patch226 -p1 -b .cve17199
+%patch227 -p1 -b .cve15715
+%patch228 -p1 -b .cve10098
+%patch229 -p1 -b .cve1303
+%patch230 -p1 -b .cve1283
# Patch in the vendor string and the release string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -630,10 +646,8 @@ EOF
# Handle contentdir
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
-tar xzf $RPM_SOURCE_DIR/centos-noindex.tar.gz \
- -C $RPM_BUILD_ROOT%{contentdir}/noindex/ \
- --strip-components=1
-
+install -m 644 -p $RPM_SOURCE_DIR/index.html \
+ $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
rm -rf %{contentdir}/htdocs
# remove manual sources
@@ -656,7 +670,7 @@ rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
$RPM_BUILD_ROOT%{docroot}/cgi-bin/*
# Symlink for the powered-by-$DISTRO image:
-ln -s ../noindex/images/poweredby.png \
+ln -s ../../pixmaps/poweredby.png \
$RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
# symlinks for /etc/httpd
@@ -842,7 +856,7 @@ rm -rf $RPM_BUILD_ROOT
%{contentdir}/error/README
%{contentdir}/error/*.var
%{contentdir}/error/include/*.html
-%{contentdir}/noindex/*
+%{contentdir}/noindex/index.html
%dir %{docroot}
%dir %{docroot}/cgi-bin
@@ -908,11 +922,21 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/rpm/macros.httpd
%changelog
-* Tue Oct 29 2019 CentOS Sources <bugs@centos.org> - 2.4.6-92.el7.centos
-- Remove index.html, add centos-noindex.tar.gz
-- change vstring
-- change symlink for poweredby.png
-- update welcome.conf with proper aliases
+* Thu Mar 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-94
+- Resolves: #1565491 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing
+ newline in the file name
+- Resolves: #1747283 - CVE-2019-10098 httpd: mod_rewrite potential open redirect
+- Resolves: #1724879 - httpd terminates all SSL connections using an abortive
+ shutdown
+- Resolves: #1715981 - Backport of SessionExpiryUpdateInterval directive
+- Resolves: #1565457 - CVE-2018-1303 httpd: Out of bounds read in
+ mod_cache_socache can allow a remote attacker to cause a denial of service
+- Resolves: #1566531 - CVE-2018-1283 httpd: Improper handling of headers in
+ mod_session can allow a remote user to modify session data for CGI applications
+
+* Tue Oct 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-93
+- Resolves: #1677496 - CVE-2018-17199 httpd: mod_session_cookie does not respect
+ expiry time
* Thu Aug 22 2019 Joe Orton <jorton@redhat.com> - 2.4.6-92
- htpasswd: add SHA-2 crypt() support (#1486889)