rpms/lighttpd/F-7 lighttpd-1.4.19-sslshutdownfix.patch, NONE, 1.1 lighttpd.spec, 1.37, 1.38
Matthias Saou (thias)
fedora-extras-commits at redhat.com
Thu Apr 24 15:17:35 UTC 2008
- Previous message (by thread): rpms/dbmail/F-7 .cvsignore, 1.8, 1.9 dbmail.spec, 1.17, 1.18 sources, 1.8, 1.9
- Next message (by thread): rpms/lighttpd/F-8 lighttpd-1.4.19-sslshutdownfix.patch, NONE, 1.1 lighttpd.spec, 1.41, 1.42
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thias
Update of /cvs/extras/rpms/lighttpd/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26684/F-7
Modified Files:
lighttpd.spec
Added Files:
lighttpd-1.4.19-sslshutdownfix.patch
Log Message:
Update to 1.4.19 + SSL security fix patch.
lighttpd-1.4.19-sslshutdownfix.patch:
--- NEW FILE lighttpd-1.4.19-sslshutdownfix.patch ---
This is a patch combining changes from changesets 2136 & 2139.
See http://trac.lighttpd.net/trac/ticket/285
--- lighttpd-1.4.x/src/connections.c (revision 2103)
+++ lighttpd-1.4.x/src/connections.c (revision 2136)
@@ -200,4 +200,5 @@
/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
+ ERR_clear_error();
do {
if (!con->ssl_error_want_reuse_buffer) {
@@ -1670,4 +1671,5 @@
if (srv_sock->is_ssl) {
int ret;
+ ERR_clear_error();
switch ((ret = SSL_shutdown(con->ssl))) {
case 1:
@@ -1675,6 +1677,8 @@
break;
case 0:
- SSL_shutdown(con->ssl);
- break;
+ ERR_clear_error();
+ if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+
+ // fall through
default:
log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
--- lighttpd-1.4.x/src/network_openssl.c (revision 2084)
+++ lighttpd-1.4.x/src/network_openssl.c (revision 2136)
@@ -86,4 +86,5 @@
*/
+ ERR_clear_error();
if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
unsigned long err;
@@ -188,4 +189,5 @@
close(ifd);
+ ERR_clear_error();
if ((r = SSL_write(ssl, s, toSend)) <= 0) {
unsigned long err;
--- lighttpd-1.4.x/src/connections.c (revision 2136)
+++ lighttpd-1.4.x/src/connections.c (revision 2139)
@@ -1670,5 +1670,6 @@
#ifdef USE_OPENSSL
if (srv_sock->is_ssl) {
- int ret;
+ int ret, ssl_r;
+ unsigned long err;
ERR_clear_error();
switch ((ret = SSL_shutdown(con->ssl))) {
@@ -1678,14 +1679,40 @@
case 0:
ERR_clear_error();
- if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+ if (-1 != (ret = SSL_shutdown(con->ssl))) break;
// fall through
default:
- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
- SSL_get_error(con->ssl, ret),
- ERR_error_string(ERR_get_error(), NULL));
- return -1;
+
+ switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ break;
+ case SSL_ERROR_SYSCALL:
+ /* perhaps we have error waiting in our error-queue */
+ if (0 != (err = ERR_get_error())) {
+ do {
+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+ ssl_r, ret,
+ ERR_error_string(err, NULL));
+ } while((err = ERR_get_error()));
+ } else {
+ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
+ ssl_r, r, errno,
+ strerror(errno));
+ }
+
+ break;
+ default:
+ while((err = ERR_get_error())) {
+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+ ssl_r, ret,
+ ERR_error_string(err, NULL));
+ }
+
+ break;
+ }
}
}
+ ERR_clear_error();
#endif
Index: lighttpd.spec
===================================================================
RCS file: /cvs/extras/rpms/lighttpd/F-7/lighttpd.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- lighttpd.spec 4 Mar 2008 11:07:50 -0000 1.37
+++ lighttpd.spec 24 Apr 2008 15:16:57 -0000 1.38
@@ -1,9 +1,9 @@
-%define webroot /srv/www/lighttpd
+%define webroot /var/www/lighttpd
Summary: Lightning fast webserver with light system requirements
Name: lighttpd
-Version: 1.4.18
-Release: 3%{?dist}
+Version: 1.4.19
+Release: 4%{?dist}
License: BSD
Group: System Environment/Daemons
URL: http://www.lighttpd.net/
@@ -12,21 +12,21 @@
Source2: php.d-lighttpd.ini
Source10: index.html
Source11: http://www.lighttpd.net/favicon.ico
-Source12: powered_by_fedora.png
-Source13: http://www.lighttpd.net/light_button.png
-Source14: http://www.lighttpd.net/light_logo.png
+Source12: http://www.lighttpd.net/light_button.png
+Source13: http://www.lighttpd.net/light_logo.png
Source100: lighttpd-mod_geoip.c
Source101: lighttpd-mod_geoip.txt
Patch0: lighttpd-1.4.17-defaultconf.patch
Patch1: lighttpd-1.4.18-mod_geoip.patch
# Security fixes
-Patch10: lighttpd-1.4.18-Fix-372-and-1562.patch
-Patch11: lighttpd-1.4.18-mod_cgi-fix.patch
+Patch10: lighttpd-1.4.19-sslshutdownfix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+Requires: system-logos >= 7.92.1
Requires(pre): /usr/sbin/useradd
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/service, /sbin/chkconfig
Requires(postun): /sbin/service
+Provides: webserver
BuildRequires: openssl-devel, pcre-devel, bzip2-devel, zlib-devel
BuildRequires: /usr/bin/awk
%{!?_without_ldap:BuildRequires: openldap-devel}
@@ -57,7 +57,7 @@
%package fastcgi
Summary: FastCGI module and spawning helper for lighttpd and PHP configuration
Group: System Environment/Daemons
-Requires: %{name} = %{version}
+Requires: %{name} = %{version}-%{release}
%description fastcgi
This package contains the spawn-fcgi helper for lighttpd's automatic spawning
@@ -68,7 +68,7 @@
%package mod_geoip
Summary: GeoIP module for lighttpd to use for location lookups
Group: System Environment/Daemons
-Requires: %{name} = %{version}
+Requires: %{name} = %{version}-%{release}
BuildRequires: GeoIP-devel
%description mod_geoip
@@ -78,7 +78,7 @@
%package mod_mysql_vhost
Summary: Virtual host module for lighttpd that uses a MySQL database
Group: System Environment/Daemons
-Requires: %{name} = %{version}
+Requires: %{name} = %{version}-%{release}
BuildRequires: mysql-devel
%description mod_mysql_vhost
@@ -89,8 +89,7 @@
%setup -q
%patch0 -p1 -b .defaultconf
%patch1 -p1 -b .mod_geoip
-%patch10 -p1 -b .Fix-372-and-1562
-%patch11 -p1 -b .mod_cgi-fix
+%patch10 -p1 -b .sslshutdown
%{__install} -p -m 0644 %{SOURCE100} src/mod_geoip.c
%{__install} -p -m 0644 %{SOURCE101} mod_geoip.txt
@@ -135,9 +134,12 @@
# Install our own default web page and images
%{__mkdir_p} %{buildroot}%{webroot}
%{__install} -p -m 0644 %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \
- %{SOURCE14} \
%{buildroot}%{webroot}/
+# Symlink for the powered-by-$DISTRO image
+%{__ln_s} %{_datadir}/pixmaps/poweredby.png \
+ %{buildroot}%{webroot}/poweredby.png
+
# Install empty log directory to include
%{__mkdir_p} %{buildroot}%{_var}/log/lighttpd
@@ -212,13 +214,36 @@
%changelog
-* Tue Mar 4 2008 Matthias Saou <http://freshrpms.net/> 1.4.18-3
+* Thu Apr 24 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-4
+- Merge in second changest from upstream fix for upstream bug #285.
+
+* Thu Mar 27 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-3
+- Include sslshutdown patch, upstream fix to upstream bug #285 (#439066).
+
+* Sat Mar 22 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-2
+- Provide "webserver" (#437884).
+
+* Wed Mar 12 2008 Matthias Saou <http://freshrpms.net/> 1.4.19-1
+- Update to 1.4.19, which includes all previous security fixes + bugfixes.
+
+* Tue Mar 4 2008 Matthias Saou <http://freshrpms.net/> 1.4.18-6
- Include patch for CVE-2008-0983 (crash when low on file descriptors).
- Include patch for CVE-2008-1111 (cgi source disclosure).
-* Tue Oct 16 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-2
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org>
+- Autorebuild for GCC 4.3
+
+* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org>
+ - Rebuild for deps
+
+* Wed Oct 31 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-3
+- Update mod_geoip source to fix segfault upon stopping lighttpd.
+
+* Mon Oct 22 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-2
- Include mod_geoip additional source, make it an optional sub-package.
- Reorder sub-packages alphabetically in spec file.
+- Make sub-packages require exact release, just in case.
+- Change default webroot back from /srv to /var.
* Mon Sep 10 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-1
- Update to 1.4.18.
- Previous message (by thread): rpms/dbmail/F-7 .cvsignore, 1.8, 1.9 dbmail.spec, 1.17, 1.18 sources, 1.8, 1.9
- Next message (by thread): rpms/lighttpd/F-8 lighttpd-1.4.19-sslshutdownfix.patch, NONE, 1.1 lighttpd.spec, 1.41, 1.42
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list