rpms/lighttpd/F-8 lighttpd-1.4.19-sslshutdownfix.patch, NONE, 1.1 lighttpd.spec, 1.41, 1.42
Matthias Saou (thias)
fedora-extras-commits at redhat.com
Thu Apr 24 15:17:47 UTC 2008
Author: thias
Update of /cvs/extras/rpms/lighttpd/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26684/F-8
Modified Files:
lighttpd.spec
Added Files:
lighttpd-1.4.19-sslshutdownfix.patch
Log Message:
Update to 1.4.19 + SSL security fix patch.
lighttpd-1.4.19-sslshutdownfix.patch:
--- NEW FILE lighttpd-1.4.19-sslshutdownfix.patch ---
This is a patch combining changes from changesets 2136 & 2139.
See http://trac.lighttpd.net/trac/ticket/285
--- lighttpd-1.4.x/src/connections.c (revision 2103)
+++ lighttpd-1.4.x/src/connections.c (revision 2136)
@@ -200,4 +200,5 @@
/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
+ ERR_clear_error();
do {
if (!con->ssl_error_want_reuse_buffer) {
@@ -1670,4 +1671,5 @@
if (srv_sock->is_ssl) {
int ret;
+ ERR_clear_error();
switch ((ret = SSL_shutdown(con->ssl))) {
case 1:
@@ -1675,6 +1677,8 @@
break;
case 0:
- SSL_shutdown(con->ssl);
- break;
+ ERR_clear_error();
+ if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+
+ // fall through
default:
log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
--- lighttpd-1.4.x/src/network_openssl.c (revision 2084)
+++ lighttpd-1.4.x/src/network_openssl.c (revision 2136)
@@ -86,4 +86,5 @@
*/
+ ERR_clear_error();
if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
unsigned long err;
@@ -188,4 +189,5 @@
close(ifd);
+ ERR_clear_error();
if ((r = SSL_write(ssl, s, toSend)) <= 0) {
unsigned long err;
--- lighttpd-1.4.x/src/connections.c (revision 2136)
+++ lighttpd-1.4.x/src/connections.c (revision 2139)
@@ -1670,5 +1670,6 @@
#ifdef USE_OPENSSL
if (srv_sock->is_ssl) {
- int ret;
+ int ret, ssl_r;
+ unsigned long err;
ERR_clear_error();
switch ((ret = SSL_shutdown(con->ssl))) {
@@ -1678,14 +1679,40 @@
case 0:
ERR_clear_error();
- if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+ if (-1 != (ret = SSL_shutdown(con->ssl))) break;
// fall through
default:
- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
- SSL_get_error(con->ssl, ret),
- ERR_error_string(ERR_get_error(), NULL));
- return -1;
+
+ switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ break;
+ case SSL_ERROR_SYSCALL:
+ /* perhaps we have error waiting in our error-queue */
+ if (0 != (err = ERR_get_error())) {
+ do {
+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+ ssl_r, ret,
+ ERR_error_string(err, NULL));
+ } while((err = ERR_get_error()));
+ } else {
+ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
+ ssl_r, r, errno,
+ strerror(errno));
+ }
+
+ break;
+ default:
+ while((err = ERR_get_error())) {
+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+ ssl_r, ret,
+ ERR_error_string(err, NULL));
+ }
+
+ break;
+ }
}
}
+ ERR_clear_error();
#endif
Index: lighttpd.spec
===================================================================
RCS file: /cvs/extras/rpms/lighttpd/F-8/lighttpd.spec,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- lighttpd.spec 4 Mar 2008 10:21:57 -0000 1.41
+++ lighttpd.spec 24 Apr 2008 15:17:06 -0000 1.42
@@ -2,8 +2,8 @@
Summary: Lightning fast webserver with light system requirements
Name: lighttpd
-Version: 1.4.18
-Release: 6%{?dist}
+Version: 1.4.19
+Release: 4%{?dist}
License: BSD
Group: System Environment/Daemons
URL: http://www.lighttpd.net/
@@ -19,14 +19,14 @@
Patch0: lighttpd-1.4.17-defaultconf.patch
Patch1: lighttpd-1.4.18-mod_geoip.patch
# Security fixes
-Patch10: lighttpd-1.4.18-Fix-372-and-1562.patch
-Patch11: lighttpd-1.4.18-mod_cgi-fix.patch
+Patch10: lighttpd-1.4.19-sslshutdownfix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Requires: system-logos >= 7.92.1
Requires(pre): /usr/sbin/useradd
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/service, /sbin/chkconfig
Requires(postun): /sbin/service
+Provides: webserver
BuildRequires: openssl-devel, pcre-devel, bzip2-devel, zlib-devel
BuildRequires: /usr/bin/awk
%{!?_without_ldap:BuildRequires: openldap-devel}
@@ -89,8 +89,7 @@
%setup -q
%patch0 -p1 -b .defaultconf
%patch1 -p1 -b .mod_geoip
-%patch10 -p1 -b .Fix-372-and-1562
-%patch11 -p1 -b .mod_cgi-fix
+%patch10 -p1 -b .sslshutdown
%{__install} -p -m 0644 %{SOURCE100} src/mod_geoip.c
%{__install} -p -m 0644 %{SOURCE101} mod_geoip.txt
@@ -215,6 +214,18 @@
%changelog
+* Thu Apr 24 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-4
+- Merge in second changest from upstream fix for upstream bug #285.
+
+* Thu Mar 27 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-3
+- Include sslshutdown patch, upstream fix to upstream bug #285 (#439066).
+
+* Sat Mar 22 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-2
+- Provide "webserver" (#437884).
+
+* Wed Mar 12 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-1
+- Update to 1.4.19, which includes all previous security fixes + bugfixes.
+
* Tue Mar 4 2008 Matthias Saou <http://freshrpms.net/> 1.4.18-6
- Include patch for CVE-2008-0983 (crash when low on file descriptors).
- Include patch for CVE-2008-1111 (cgi source disclosure).
More information about the fedora-extras-commits
mailing list