diff --git a/SOURCES/mod_wsgi-3.4-deadlock.patch b/SOURCES/mod_wsgi-3.4-deadlock.patch
new file mode 100644
index 0000000..8754fc1
--- /dev/null
+++ b/SOURCES/mod_wsgi-3.4-deadlock.patch
@@ -0,0 +1,18 @@
+
+https://github.com/GrahamDumpleton/mod_wsgi/commit/f8b43b2b79fabdcead4410f1a10484a10608ba6a
+
+--- mod_wsgi-3.4/mod_wsgi.c.deadlock
++++ mod_wsgi-3.4/mod_wsgi.c
+@@ -11113,8 +11113,10 @@
+ while (1) {
+ apr_sleep(apr_time_from_sec(1));
+
+- gilstate = PyGILState_Ensure();
+- PyGILState_Release(gilstate);
++ if (!wsgi_daemon_shutdown) {
++ gilstate = PyGILState_Ensure();
++ PyGILState_Release(gilstate);
++ }
+
+ apr_thread_mutex_lock(wsgi_shutdown_lock);
+ wsgi_deadlock_shutdown_time = apr_time_now();
diff --git a/SOURCES/mod_wsgi-3.4-head-to-get.patch b/SOURCES/mod_wsgi-3.4-head-to-get.patch
new file mode 100644
index 0000000..4d2d425
--- /dev/null
+++ b/SOURCES/mod_wsgi-3.4-head-to-get.patch
@@ -0,0 +1,149 @@
+diff --git a/mod_wsgi.c b/mod_wsgi.c
+index c65344e..b32fc5c 100644
+--- a/mod_wsgi.c
++++ b/mod_wsgi.c
+@@ -500,6 +500,7 @@ typedef struct {
+ int script_reloading;
+ int error_override;
+ int chunked_request;
++ int map_head_to_get;
+
+ int enable_sendfile;
+
+@@ -669,6 +670,11 @@ static void *wsgi_merge_server_config(apr_pool_t *p, void *base_conf,
+ else
+ config->chunked_request = parent->chunked_request;
+
++ if (child->map_head_to_get != -1)
++ config->map_head_to_get = child->map_head_to_get;
++ else
++ config->map_head_to_get = parent->map_head_to_get;
++
+ if (child->enable_sendfile != -1)
+ config->enable_sendfile = child->enable_sendfile;
+ else
+@@ -704,6 +710,7 @@ typedef struct {
+ int script_reloading;
+ int error_override;
+ int chunked_request;
++ int map_head_to_get;
+
+ int enable_sendfile;
+
+@@ -737,6 +744,7 @@ static WSGIDirectoryConfig *newWSGIDirectoryConfig(apr_pool_t *p)
+ object->script_reloading = -1;
+ object->error_override = -1;
+ object->chunked_request = -1;
++ object->map_head_to_get = -1;
+
+ object->enable_sendfile = -1;
+
+@@ -820,6 +828,11 @@ static void *wsgi_merge_dir_config(apr_pool_t *p, void *base_conf,
+ else
+ config->chunked_request = parent->chunked_request;
+
++ if (child->map_head_to_get != -1)
++ config->map_head_to_get = child->map_head_to_get;
++ else
++ config->map_head_to_get = parent->map_head_to_get;
++
+ if (child->enable_sendfile != -1)
+ config->enable_sendfile = child->enable_sendfile;
+ else
+@@ -880,6 +893,7 @@ typedef struct {
+ int script_reloading;
+ int error_override;
+ int chunked_request;
++ int map_head_to_get;
+
+ int enable_sendfile;
+
+@@ -1229,6 +1243,14 @@ static WSGIRequestConfig *wsgi_create_req_config(apr_pool_t *p, request_rec *r)
+ config->chunked_request = 0;
+ }
+
++ config->map_head_to_get = dconfig->map_head_to_get;
++
++ if (config->map_head_to_get < 0) {
++ config->map_head_to_get = sconfig->map_head_to_get;
++ if (config->map_head_to_get < 0)
++ config->map_head_to_get = 2;
++ }
++
+ config->enable_sendfile = dconfig->enable_sendfile;
+
+ if (config->enable_sendfile < 0) {
+@@ -7993,6 +8015,40 @@ static const char *wsgi_set_chunked_request(cmd_parms *cmd, void *mconfig,
+ return NULL;
+ }
+
++static const char *wsgi_set_map_head_to_get(cmd_parms *cmd, void *mconfig,
++ const char *f)
++{
++ if (cmd->path) {
++ WSGIDirectoryConfig *dconfig = NULL;
++ dconfig = (WSGIDirectoryConfig *)mconfig;
++
++ if (strcasecmp(f, "Off") == 0)
++ dconfig->map_head_to_get = 0;
++ else if (strcasecmp(f, "On") == 0)
++ dconfig->map_head_to_get = 1;
++ else if (strcasecmp(f, "Auto") == 0)
++ dconfig->map_head_to_get = 2;
++ else
++ return "WSGIMapHEADToGET must be one of: Off | On | Auto";
++ }
++ else {
++ WSGIServerConfig *sconfig = NULL;
++ sconfig = ap_get_module_config(cmd->server->module_config,
++ &wsgi_module);
++
++ if (strcasecmp(f, "Off") == 0)
++ sconfig->map_head_to_get = 0;
++ else if (strcasecmp(f, "On") == 0)
++ sconfig->map_head_to_get = 1;
++ else if (strcasecmp(f, "Auto") == 0)
++ sconfig->map_head_to_get = 2;
++ else
++ return "WSGIMapHEADToGET must be one of: Off | On | Auto";
++ }
++
++ return NULL;
++}
++
+ static const char *wsgi_set_enable_sendfile(cmd_parms *cmd, void *mconfig,
+ const char *f)
+ {
+@@ -8463,14 +8519,15 @@ static void wsgi_build_environment(request_rec *r)
+ * might change the content and/or headers.
+ */
+
+-#if AP_SERVER_MAJORVERSION_NUMBER >= 2
+- if (r->method_number == M_GET && r->header_only &&
+- r->output_filters->frec->ftype < AP_FTYPE_PROTOCOL)
+- apr_table_setn(r->subprocess_env, "REQUEST_METHOD", "GET");
+-#else
+- if (r->method_number == M_GET && r->header_only)
+- apr_table_setn(r->subprocess_env, "REQUEST_METHOD", "GET");
+-#endif
++ if (config->map_head_to_get == 2) {
++ if (r->method_number == M_GET && r->header_only &&
++ r->output_filters->frec->ftype < AP_FTYPE_PROTOCOL)
++ apr_table_setn(r->subprocess_env, "REQUEST_METHOD", "GET");
++ }
++ else if (config->map_head_to_get == 1) {
++ if (r->method_number == M_GET)
++ apr_table_setn(r->subprocess_env, "REQUEST_METHOD", "GET");
++ }
+
+ /* Determine whether connection uses HTTPS protocol. */
+
+@@ -15856,6 +15913,8 @@ static const command_rec wsgi_commands[] =
+ NULL, OR_FILEINFO, "Enable/Disable overriding of error pages."),
+ AP_INIT_TAKE1("WSGIChunkedRequest", wsgi_set_chunked_request,
+ NULL, OR_FILEINFO, "Enable/Disable support for chunked requests."),
++ AP_INIT_TAKE1("WSGIMapHEADToGET", wsgi_set_map_head_to_get,
++ NULL, OR_FILEINFO, "Enable/Disable mapping of HEAD to GET."),
+
+ #ifndef WIN32
+ #if AP_SERVER_MAJORVERSION_NUMBER >= 2
diff --git a/SPECS/mod_wsgi.spec b/SPECS/mod_wsgi.spec
index ede9409..2f38e31 100644
--- a/SPECS/mod_wsgi.spec
+++ b/SPECS/mod_wsgi.spec
@@ -7,7 +7,7 @@
Name: mod_wsgi
Version: 3.4
-Release: 12%{?dist}
+Release: 13%{?dist}.1
Summary: A WSGI interface for Python web applications in Apache
Group: System Environment/Libraries
License: ASL 2.0
@@ -18,6 +18,8 @@ Patch0: mod_wsgi-3.4-connsbh.patch
Patch1: mod_wsgi-3.4-procexit.patch
Patch2: mod_wsgi-3.4-coredump.patch
Patch3: mod_wsgi-3.4-CVE-2014-0240.patch
+Patch4: mod_wsgi-3.4-deadlock.patch
+Patch5: mod_wsgi-3.4-head-to-get.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: httpd-devel, python-devel, autoconf
Requires: httpd-mmn = %{_httpd_mmn}
@@ -40,6 +42,8 @@ existing WSGI adapters for mod_python or CGI.
%patch1 -p1 -b .procexit
%patch2 -p1 -b .coredump
%patch3 -p1 -b .cve20140240
+%patch4 -p1 -b .deadlock
+%patch5 -p1 -b .headtoget
%build
# Regenerate configure for -coredump patch change to configure.in
@@ -74,6 +78,12 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Thu Aug 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 3.4-13.1
+- mod_wsgi forces HEAD to GET (#1623666)
+
+* Thu Dec 14 2017 Joe Orton <jorton@redhat.com> - 3.4-13
+- reduce chance of deadlock at process shutdown (#1493429)
+
* Tue Aug 19 2014 Jan Kaluza <jkaluza@redhat.com> - 3.4-12
- fix possible privilege escalation in setuid() (CVE-2014-0240)