rpms/lighttpd/F-8 lighttpd-1.4.19-sslshutdownfix.patch, NONE, 1.1 lighttpd.spec, 1.41, 1.42

Matthias Saou (thias) fedora-extras-commits at redhat.com
Thu Apr 24 15:17:47 UTC 2008 

Author: thias

Update of /cvs/extras/rpms/lighttpd/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26684/F-8

Modified Files:
	lighttpd.spec 
Added Files:
	lighttpd-1.4.19-sslshutdownfix.patch 
Log Message:
Update to 1.4.19 + SSL security fix patch.


lighttpd-1.4.19-sslshutdownfix.patch:

--- NEW FILE lighttpd-1.4.19-sslshutdownfix.patch ---
This is a patch combining changes from changesets 2136 & 2139.
See http://trac.lighttpd.net/trac/ticket/285

--- lighttpd-1.4.x/src/connections.c (revision 2103)
+++ lighttpd-1.4.x/src/connections.c (revision 2136)
@@ -200,4 +200,5 @@
 	/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
 
+	ERR_clear_error();
 	do {
 		if (!con->ssl_error_want_reuse_buffer) {
@@ -1670,4 +1671,5 @@
 			if (srv_sock->is_ssl) {
 				int ret;
+				ERR_clear_error();
 				switch ((ret = SSL_shutdown(con->ssl))) {
 				case 1:
@@ -1675,6 +1677,8 @@
 					break;
 				case 0:
-					SSL_shutdown(con->ssl);
-					break;
+					ERR_clear_error();
+					if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+
+					// fall through
 				default:
 					log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
--- lighttpd-1.4.x/src/network_openssl.c (revision 2084)
+++ lighttpd-1.4.x/src/network_openssl.c (revision 2136)
@@ -86,4 +86,5 @@
 			 */
 
+			ERR_clear_error();
 			if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
 				unsigned long err;
@@ -188,4 +189,5 @@
 				close(ifd);
 
+				ERR_clear_error();
 				if ((r = SSL_write(ssl, s, toSend)) <= 0) {
 					unsigned long err;
--- lighttpd-1.4.x/src/connections.c (revision 2136)
+++ lighttpd-1.4.x/src/connections.c (revision 2139)
@@ -1670,5 +1670,6 @@
 #ifdef USE_OPENSSL
 			if (srv_sock->is_ssl) {
-				int ret;
+				int ret, ssl_r;
+				unsigned long err;
 				ERR_clear_error();
 				switch ((ret = SSL_shutdown(con->ssl))) {
@@ -1678,14 +1679,40 @@
 				case 0:
 					ERR_clear_error();
-					if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+					if (-1 != (ret = SSL_shutdown(con->ssl))) break;
 
 					// fall through
 				default:
-					log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-							SSL_get_error(con->ssl, ret),
-							ERR_error_string(ERR_get_error(), NULL));
-					return -1;
+
+					switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
+					case SSL_ERROR_WANT_WRITE:
+					case SSL_ERROR_WANT_READ:
+						break;
+					case SSL_ERROR_SYSCALL:
+						/* perhaps we have error waiting in our error-queue */
+						if (0 != (err = ERR_get_error())) {
+							do {
+								log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+										ssl_r, ret,
+										ERR_error_string(err, NULL));
+							} while((err = ERR_get_error()));
+						} else {
+							log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
+									ssl_r, r, errno,
+									strerror(errno));
+						}
+	
+						break;
+					default:
+						while((err = ERR_get_error())) {
+							log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+									ssl_r, ret,
+									ERR_error_string(err, NULL));
+						}
+	
+						break;
+					}
 				}
 			}
+			ERR_clear_error();
 #endif
 


Index: lighttpd.spec
===================================================================
RCS file: /cvs/extras/rpms/lighttpd/F-8/lighttpd.spec,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- lighttpd.spec	4 Mar 2008 10:21:57 -0000	1.41
+++ lighttpd.spec	24 Apr 2008 15:17:06 -0000	1.42
@@ -2,8 +2,8 @@
 
 Summary: Lightning fast webserver with light system requirements
 Name: lighttpd
-Version: 1.4.18
-Release: 6%{?dist}
+Version: 1.4.19
+Release: 4%{?dist}
 License: BSD
 Group: System Environment/Daemons
 URL: http://www.lighttpd.net/
@@ -19,14 +19,14 @@
 Patch0: lighttpd-1.4.17-defaultconf.patch
 Patch1: lighttpd-1.4.18-mod_geoip.patch
 # Security fixes
-Patch10: lighttpd-1.4.18-Fix-372-and-1562.patch
-Patch11: lighttpd-1.4.18-mod_cgi-fix.patch
+Patch10: lighttpd-1.4.19-sslshutdownfix.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 Requires: system-logos >= 7.92.1
 Requires(pre): /usr/sbin/useradd
 Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/service, /sbin/chkconfig
 Requires(postun): /sbin/service
+Provides: webserver
 BuildRequires: openssl-devel, pcre-devel, bzip2-devel, zlib-devel
 BuildRequires: /usr/bin/awk
 %{!?_without_ldap:BuildRequires: openldap-devel}
@@ -89,8 +89,7 @@
 %setup -q
 %patch0 -p1 -b .defaultconf
 %patch1 -p1 -b .mod_geoip
-%patch10 -p1 -b .Fix-372-and-1562
-%patch11 -p1 -b .mod_cgi-fix
+%patch10 -p1 -b .sslshutdown
 %{__install} -p -m 0644 %{SOURCE100} src/mod_geoip.c
 %{__install} -p -m 0644 %{SOURCE101} mod_geoip.txt
 
@@ -215,6 +214,18 @@
 
 
 %changelog
+* Thu Apr 24 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-4
+- Merge in second changest from upstream fix for upstream bug #285.
+
+* Thu Mar 27 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-3
+- Include sslshutdown patch, upstream fix to upstream bug #285 (#439066).
+
+* Sat Mar 22 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-2
+- Provide "webserver" (#437884).
+
+* Wed Mar 12 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-1
+- Update to 1.4.19, which includes all previous security fixes + bugfixes.
+
 * Tue Mar  4 2008 Matthias Saou <http://freshrpms.net/> 1.4.18-6
 - Include patch for CVE-2008-0983 (crash when low on file descriptors).
 - Include patch for CVE-2008-1111 (cgi source disclosure).

More information about the fedora-extras-commits mailing list