From cb40a0bc4d2ef923dbfa20b0e2d18d83d2f59114 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Aug 25 2014 07:36:09 +0000
Subject: import mod_wsgi-3.4-12.el7_0


---

diff --git a/SOURCES/mod_wsgi-3.4-CVE-2014-0240.patch b/SOURCES/mod_wsgi-3.4-CVE-2014-0240.patch
new file mode 100644
index 0000000..b1d770a
--- /dev/null
+++ b/SOURCES/mod_wsgi-3.4-CVE-2014-0240.patch
@@ -0,0 +1,37 @@
+From d9d5fea585b23991f76532a9b07de7fcd3b649f4 Mon Sep 17 00:00:00 2001
+From: Graham Dumpleton <Graham.Dumpleton@gmail.com>
+Date: Wed, 21 May 2014 16:16:47 +1000
+Subject: [PATCH] Local privilege escalation when using daemon mode.
+ (CVE-2014-0240)
+
+---
+ mod_wsgi.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/mod_wsgi.c b/mod_wsgi.c
+index 32b2903..3ef911b 100644
+--- a/mod_wsgi.c
++++ b/mod_wsgi.c
+@@ -10756,6 +10756,19 @@ static void wsgi_setup_access(WSGIDaemonProcess *daemon)
+         ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
+                      "mod_wsgi (pid=%d): Unable to change to uid=%ld.",
+                      getpid(), (long)daemon->group->uid);
++
++        /*
++         * On true UNIX systems this should always succeed at
++         * this point. With certain Linux kernel versions though
++         * we can get back EAGAIN where the target user had
++         * reached their process limit. In that case will be left
++         * running as wrong user. Just exit on all failures to be
++         * safe. Don't die immediately to avoid a fork bomb.
++         */
++
++        sleep(20);
++
++        exit(-1);
+     }
+ 
+ #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+-- 
+2.0.3
+
diff --git a/SPECS/mod_wsgi.spec b/SPECS/mod_wsgi.spec
index 10edd38..ede9409 100644
--- a/SPECS/mod_wsgi.spec
+++ b/SPECS/mod_wsgi.spec
@@ -7,7 +7,7 @@
 
 Name:           mod_wsgi
 Version:        3.4
-Release:        11%{?dist}
+Release:        12%{?dist}
 Summary:        A WSGI interface for Python web applications in Apache
 Group:          System Environment/Libraries
 License:        ASL 2.0
@@ -17,6 +17,7 @@ Source1:        wsgi.conf
 Patch0:         mod_wsgi-3.4-connsbh.patch
 Patch1:         mod_wsgi-3.4-procexit.patch
 Patch2:         mod_wsgi-3.4-coredump.patch
+Patch3:         mod_wsgi-3.4-CVE-2014-0240.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  httpd-devel, python-devel, autoconf
 Requires: httpd-mmn = %{_httpd_mmn}
@@ -38,6 +39,7 @@ existing WSGI adapters for mod_python or CGI.
 %patch0 -p1 -b .connsbh
 %patch1 -p1 -b .procexit
 %patch2 -p1 -b .coredump
+%patch3 -p1 -b .cve20140240
 
 %build
 # Regenerate configure for -coredump patch change to configure.in
@@ -72,6 +74,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Tue Aug 19 2014 Jan Kaluza <jkaluza@redhat.com> - 3.4-12
+- fix possible privilege escalation in setuid() (CVE-2014-0240)
+
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 3.4-11
 - Mass rebuild 2014-01-24