From 951efc68a1ceaaf5fee4edc35582fc726140f65e5d2135469224bc4d2672df1f Mon Sep 17 00:00:00 2001
From: Roman Drahtmueller <draht@schaltsekun.de>
Date: Fri, 7 Nov 2014 16:56:25 +0000
Subject: [PATCH] Accepting request 260263 from home:kstreitova:branches:Apache

- added httpd-2.4.10-check_null_pointer_dereference.patch to avoid
  a crash when Content-Type has an empty value [bnc#899836],
  CVE-2014-3581

OBS-URL: https://build.opensuse.org/request/show/260263
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=418
---
 apache2.changes                               |  7 +++++
 apache2.spec                                  |  3 ++
 ....4.10-check_null_pointer_dereference.patch | 31 +++++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 httpd-2.4.10-check_null_pointer_dereference.patch

diff --git a/apache2.changes b/apache2.changes
index 4ceb8b2..88098d0 100644
--- a/apache2.changes
+++ b/apache2.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Nov  7 15:52:47 UTC 2014 - kstreitova@suse.com
+
+- added httpd-2.4.10-check_null_pointer_dereference.patch to avoid
+  a crash when Content-Type has an empty value [bnc#899836], 
+  CVE-2014-3581
+
 -------------------------------------------------------------------
 Fri Oct 31 16:04:15 UTC 2014 - crrodriguez@opensuse.org
 
diff --git a/apache2.spec b/apache2.spec
index c0a70c7..63ef586 100644
--- a/apache2.spec
+++ b/apache2.spec
@@ -164,6 +164,8 @@ Patch71:        httpd-event-deadlock.patch
 # PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodriguez@opensuse.org simple module provides systemd integration.
 Patch109:       httpd-2.4.3-mod_systemd.patch
 Patch111:       httpd-visibility.patch
+# PATCH-FIX-UPSTREAM bnc#899836 kstreitova@suse.com -- avoid a crash when Content-Type has an empty value
+Patch112:       httpd-2.4.10-check_null_pointer_dereference.patch
 Url:            http://httpd.apache.org/
 Icon:           Apache.xpm
 Summary:        The Apache Web Server Version 2.4
@@ -343,6 +345,7 @@ to administrators of web servers in general.
 #%patch108 -p1
 %patch109 -p1
 %patch111 -p1
+%patch112 -p1
 cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
 # install READMEs
 a=$(basename %{S:22})
diff --git a/httpd-2.4.10-check_null_pointer_dereference.patch b/httpd-2.4.10-check_null_pointer_dereference.patch
new file mode 100644
index 0000000..023422b
--- /dev/null
+++ b/httpd-2.4.10-check_null_pointer_dereference.patch
@@ -0,0 +1,31 @@
+Index: httpd-2.4.10/CHANGES
+===================================================================
+--- httpd-2.4.10.orig/CHANGES
++++ httpd-2.4.10/CHANGES
+@@ -1,6 +1,9 @@
+                                                          -*- coding: utf-8 -*-
+ 
+ Changes with Apache 2.4.10
++  *) SECURITY: CVE-2014-3581 (cve.mitre.org)
++     mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
++     [Mark Montague <mark catseye.org>, Jan Kaluza]
+ 
+   *) SECURITY: CVE-2014-0117 (cve.mitre.org)
+      mod_proxy: Fix crash in Connection header handling which 
+Index: httpd-2.4.10/modules/cache/cache_util.c
+===================================================================
+--- httpd-2.4.10.orig/modules/cache/cache_util.c
++++ httpd-2.4.10/modules/cache/cache_util.c
+@@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(req
+ 
+     if (r->content_type
+             && !apr_table_get(headers_out, "Content-Type")) {
+-        apr_table_setn(headers_out, "Content-Type",
+-                       ap_make_content_type(r, r->content_type));
++        const char *ctype = ap_make_content_type(r, r->content_type);
++        if (ctype) {
++			apr_table_setn(headers_out, "Content-Type", ctype);
++		}
+     }
+ 
+     if (r->content_encoding