Accepting request 265358 from home:kstreitova:branches:Apache

- added httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_\
  requests.patch to fix flaw in the way mod_headers handled chunked
  requests. Adds "MergeTrailers" directive to restore legacy
  behavior [bnc#871310], [CVE-2013-5704].

- added httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_\
  Require_line.patch that fixes handling of the Require line when
  a LuaAuthzProvider is  used in multiple Require directives with
  different arguments [bnc#909715], [CVE-2014-8109].

OBS-URL: https://build.opensuse.org/request/show/265358
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=424

apache2.spec

@@ -166,6 +166,10 @@ Patch109:       httpd-2.4.3-mod_systemd.patch
 Patch111:       httpd-visibility.patch
 # PATCH-FIX-UPSTREAM bnc#899836 kstreitova@suse.com -- avoid a crash when Content-Type has an empty value
 Patch112:       httpd-2.4.10-check_null_pointer_dereference.patch
+# PATCH-FIX-UPSTREAM bnc#909715 kstreitova@suse.com -- Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments.
+Patch113:       httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch
+# PATCH-FIX-UPSTREAM bnc#871310 kstreitova@suse.com -- Fix the flaw in the way mod_headers handled chunked requests. 
+Patch114:       httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch
 Url:            http://httpd.apache.org/
 Icon:           Apache.xpm
 Summary:        The Apache Web Server Version 2.4
@@ -346,6 +350,8 @@ to administrators of web servers in general.
 %patch109 -p1
 %patch111 -p1
 %patch112 -p1
+%patch113 -p1
+%patch114 -p1
 cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
 # install READMEs
 a=$(basename %{S:22})