rpms/lighttpd/F-7 lighttpd-1.4.19-sslshutdownfix.patch, NONE, 1.1 lighttpd.spec, 1.37, 1.38

Thu Apr 24 15:17:35 UTC 2008

Author: thias

Update of /cvs/extras/rpms/lighttpd/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26684/F-7

Modified Files:
	lighttpd.spec 
Added Files:
	lighttpd-1.4.19-sslshutdownfix.patch 
Log Message:
Update to 1.4.19 + SSL security fix patch.


lighttpd-1.4.19-sslshutdownfix.patch:

--- NEW FILE lighttpd-1.4.19-sslshutdownfix.patch ---
This is a patch combining changes from changesets 2136 & 2139.
See http://trac.lighttpd.net/trac/ticket/285

--- lighttpd-1.4.x/src/connections.c (revision 2103)
+++ lighttpd-1.4.x/src/connections.c (revision 2136)
@@ -200,4 +200,5 @@
 	/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
 
+	ERR_clear_error();
 	do {
 		if (!con->ssl_error_want_reuse_buffer) {
@@ -1670,4 +1671,5 @@
 			if (srv_sock->is_ssl) {
 				int ret;
+				ERR_clear_error();
 				switch ((ret = SSL_shutdown(con->ssl))) {
 				case 1:
@@ -1675,6 +1677,8 @@
 					break;
 				case 0:
-					SSL_shutdown(con->ssl);
-					break;
+					ERR_clear_error();
+					if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+
+					// fall through
 				default:
 					log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
--- lighttpd-1.4.x/src/network_openssl.c (revision 2084)
+++ lighttpd-1.4.x/src/network_openssl.c (revision 2136)
@@ -86,4 +86,5 @@
 			 */
 
+			ERR_clear_error();
 			if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
 				unsigned long err;
@@ -188,4 +189,5 @@
 				close(ifd);
 
+				ERR_clear_error();
 				if ((r = SSL_write(ssl, s, toSend)) <= 0) {
 					unsigned long err;
--- lighttpd-1.4.x/src/connections.c (revision 2136)
+++ lighttpd-1.4.x/src/connections.c (revision 2139)
@@ -1670,5 +1670,6 @@
 #ifdef USE_OPENSSL
 			if (srv_sock->is_ssl) {
-				int ret;
+				int ret, ssl_r;
+				unsigned long err;
 				ERR_clear_error();
 				switch ((ret = SSL_shutdown(con->ssl))) {
@@ -1678,14 +1679,40 @@
 				case 0:
 					ERR_clear_error();
-					if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+					if (-1 != (ret = SSL_shutdown(con->ssl))) break;
 
 					// fall through
 				default:
-					log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-							SSL_get_error(con->ssl, ret),
-							ERR_error_string(ERR_get_error(), NULL));
-					return -1;
+
+					switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
+					case SSL_ERROR_WANT_WRITE:
+					case SSL_ERROR_WANT_READ:
+						break;
+					case SSL_ERROR_SYSCALL:
+						/* perhaps we have error waiting in our error-queue */
+						if (0 != (err = ERR_get_error())) {
+							do {
+								log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+										ssl_r, ret,
+										ERR_error_string(err, NULL));
+							} while((err = ERR_get_error()));
+						} else {
+							log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
+									ssl_r, r, errno,
+									strerror(errno));
+						}
+	
+						break;
+					default:
+						while((err = ERR_get_error())) {
+							log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+									ssl_r, ret,
+									ERR_error_string(err, NULL));
+						}
+	
+						break;
+					}
 				}
 			}
+			ERR_clear_error();
 #endif
 


Index: lighttpd.spec
===================================================================
RCS file: /cvs/extras/rpms/lighttpd/F-7/lighttpd.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- lighttpd.spec	4 Mar 2008 11:07:50 -0000	1.37
+++ lighttpd.spec	24 Apr 2008 15:16:57 -0000	1.38
@@ -1,9 +1,9 @@
-%define webroot /srv/www/lighttpd
+%define webroot /var/www/lighttpd
 
 Summary: Lightning fast webserver with light system requirements
 Name: lighttpd
-Version: 1.4.18
-Release: 3%{?dist}
+Version: 1.4.19
+Release: 4%{?dist}
 License: BSD
 Group: System Environment/Daemons
 URL: http://www.lighttpd.net/
@@ -12,21 +12,21 @@
 Source2: php.d-lighttpd.ini
 Source10: index.html
 Source11: http://www.lighttpd.net/favicon.ico
-Source12: powered_by_fedora.png
-Source13: http://www.lighttpd.net/light_button.png
-Source14: http://www.lighttpd.net/light_logo.png
+Source12: http://www.lighttpd.net/light_button.png
+Source13: http://www.lighttpd.net/light_logo.png
 Source100: lighttpd-mod_geoip.c
 Source101: lighttpd-mod_geoip.txt
 Patch0: lighttpd-1.4.17-defaultconf.patch
 Patch1: lighttpd-1.4.18-mod_geoip.patch
 # Security fixes
-Patch10: lighttpd-1.4.18-Fix-372-and-1562.patch
-Patch11: lighttpd-1.4.18-mod_cgi-fix.patch
+Patch10: lighttpd-1.4.19-sslshutdownfix.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+Requires: system-logos >= 7.92.1
 Requires(pre): /usr/sbin/useradd
 Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/service, /sbin/chkconfig
 Requires(postun): /sbin/service
+Provides: webserver
 BuildRequires: openssl-devel, pcre-devel, bzip2-devel, zlib-devel
 BuildRequires: /usr/bin/awk
 %{!?_without_ldap:BuildRequires: openldap-devel}
@@ -57,7 +57,7 @@
 %package fastcgi
 Summary: FastCGI module and spawning helper for lighttpd and PHP configuration
 Group: System Environment/Daemons
-Requires: %{name} = %{version}
+Requires: %{name} = %{version}-%{release}
 
 %description fastcgi
 This package contains the spawn-fcgi helper for lighttpd's automatic spawning
@@ -68,7 +68,7 @@
 %package mod_geoip
 Summary: GeoIP module for lighttpd to use for location lookups
 Group: System Environment/Daemons
-Requires: %{name} = %{version}
+Requires: %{name} = %{version}-%{release}
 BuildRequires: GeoIP-devel
 
 %description mod_geoip
@@ -78,7 +78,7 @@
 %package mod_mysql_vhost
 Summary: Virtual host module for lighttpd that uses a MySQL database
 Group: System Environment/Daemons
-Requires: %{name} = %{version}
+Requires: %{name} = %{version}-%{release}
 BuildRequires: mysql-devel
 
 %description mod_mysql_vhost
@@ -89,8 +89,7 @@
 %setup -q
 %patch0 -p1 -b .defaultconf
 %patch1 -p1 -b .mod_geoip
-%patch10 -p1 -b .Fix-372-and-1562
-%patch11 -p1 -b .mod_cgi-fix
+%patch10 -p1 -b .sslshutdown
 %{__install} -p -m 0644 %{SOURCE100} src/mod_geoip.c
 %{__install} -p -m 0644 %{SOURCE101} mod_geoip.txt
 
@@ -135,9 +134,12 @@
 # Install our own default web page and images
 %{__mkdir_p} %{buildroot}%{webroot}
 %{__install} -p -m 0644 %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \
-    %{SOURCE14} \
     %{buildroot}%{webroot}/
 
+# Symlink for the powered-by-$DISTRO image
+%{__ln_s} %{_datadir}/pixmaps/poweredby.png \
+    %{buildroot}%{webroot}/poweredby.png
+
 # Install empty log directory to include
 %{__mkdir_p} %{buildroot}%{_var}/log/lighttpd
 
@@ -212,13 +214,36 @@
 
 
 %changelog
-* Tue Mar  4 2008 Matthias Saou <http://freshrpms.net/> 1.4.18-3
+* Thu Apr 24 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-4
+- Merge in second changest from upstream fix for upstream bug #285.
+
+* Thu Mar 27 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-3
+- Include sslshutdown patch, upstream fix to upstream bug #285 (#439066).
+
+* Sat Mar 22 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-2
+- Provide "webserver" (#437884).
+
+* Wed Mar 12 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-1
+- Update to 1.4.19, which includes all previous security fixes + bugfixes.
+
+* Tue Mar  4 2008 Matthias Saou <http://freshrpms.net/> 1.4.18-6
 - Include patch for CVE-2008-0983 (crash when low on file descriptors).
 - Include patch for CVE-2008-1111 (cgi source disclosure).
 
-* Tue Oct 16 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-2
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org>
+- Autorebuild for GCC 4.3
+
+* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org>
+ - Rebuild for deps
+
+* Wed Oct 31 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-3
+- Update mod_geoip source to fix segfault upon stopping lighttpd.
+
+* Mon Oct 22 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-2
 - Include mod_geoip additional source, make it an optional sub-package.
 - Reorder sub-packages alphabetically in spec file.
+- Make sub-packages require exact release, just in case.
+- Change default webroot back from /srv to /var.
 
 * Mon Sep 10 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-1
 - Update to 1.4.18.


