pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q1]: pkgsrc/www/lighttpd Pullup ticket 2391 - requested by...
details: https://anonhg.NetBSD.org/pkgsrc/rev/9cfd7243280a
branches: pkgsrc-2008Q1
changeset: 540364:9cfd7243280a
user: tron <tron%pkgsrc.org@localhost>
date: Wed May 21 13:01:02 2008 +0000
description:
Pullup ticket 2391 - requested by joerg
Security fix for lighttpd
Revisions pulled up:
- www/lighttpd/Makefile 1.21
- www/lighttpd/distinfo 1.14
- www/lighttpd/patches/patch-aa 1.9
- www/lighttpd/patches/patch-ac 1.5
Module Name: pkgsrc
Committed By: joerg
Date: Fri Apr 25 19:58:17 UTC 2008
Modified Files:
pkgsrc/www/lighttpd: distinfo
Added Files:
pkgsrc/www/lighttpd/patches: patch-aa patch-ac
Log Message:
Fix a potential DOS when using SSL. Bump revision.
---
Module Name: pkgsrc
Committed By: joerg
Date: Tue May 20 14:22:50 UTC 2008
Modified Files:
pkgsrc/www/lighttpd: Makefile
Log Message:
Belatedly bump revision for CVE-2008-1531 fix.
diffstat:
www/lighttpd/Makefile | 3 +-
www/lighttpd/distinfo | 4 +-
www/lighttpd/patches/patch-aa | 69 +++++++++++++++++++++++++++++++++++++++++++
www/lighttpd/patches/patch-ac | 22 +++++++++++++
4 files changed, 96 insertions(+), 2 deletions(-)
diffs (124 lines):
diff -r 0b0e7ed7c3c0 -r 9cfd7243280a www/lighttpd/Makefile
--- a/www/lighttpd/Makefile Mon May 19 17:39:20 2008 +0000
+++ b/www/lighttpd/Makefile Wed May 21 13:01:02 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.20 2008/03/15 10:53:50 joerg Exp $
+# $NetBSD: Makefile,v 1.20.2.1 2008/05/21 13:01:02 tron Exp $
DISTNAME= lighttpd-1.4.19
+PKGREVISION= 1
CATEGORIES= www
MASTER_SITES= http://www.lighttpd.net/download/
diff -r 0b0e7ed7c3c0 -r 9cfd7243280a www/lighttpd/distinfo
--- a/www/lighttpd/distinfo Mon May 19 17:39:20 2008 +0000
+++ b/www/lighttpd/distinfo Wed May 21 13:01:02 2008 +0000
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.13 2008/03/15 10:53:50 joerg Exp $
+$NetBSD: distinfo,v 1.13.2.1 2008/05/21 13:01:02 tron Exp $
SHA1 (lighttpd-1.4.19.tar.gz) = 79e2d61dd9017c3c50c0fe98b2289cae5c1255ee
RMD160 (lighttpd-1.4.19.tar.gz) = 7dbe2a22051e18f4037b48ee4811e2c9738d20cf
Size (lighttpd-1.4.19.tar.gz) = 815568 bytes
+SHA1 (patch-aa) = 4e3a6bf761bc0e0b8b2ff75fbec739d2cad145ab
SHA1 (patch-ab) = b02003db1b2ac978846eb0f7be178b91f59fc176
+SHA1 (patch-ac) = eca334f430362b2095727e28b9cc15f757fd440d
diff -r 0b0e7ed7c3c0 -r 9cfd7243280a www/lighttpd/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lighttpd/patches/patch-aa Wed May 21 13:01:02 2008 +0000
@@ -0,0 +1,69 @@
+$NetBSD: patch-aa,v 1.8.2.1 2008/05/21 13:01:02 tron Exp $
+
+From SVN: Fix potential DOS by clearing SSL error queue.
+
+--- src/connections.c.orig 2008-04-25 18:28:26.000000000 +0200
++++ src/connections.c
+@@ -199,6 +199,7 @@ static int connection_handle_read_ssl(se
+
+ /* don't resize the buffer if we were in SSL_ERROR_WANT_* */
+
++ ERR_clear_error();
+ do {
+ if (!con->ssl_error_want_reuse_buffer) {
+ b = buffer_init();
+@@ -1668,19 +1669,47 @@ int connection_state_machine(server *srv
+ }
+ #ifdef USE_OPENSSL
+ if (srv_sock->is_ssl) {
+- int ret;
++ int ret, ssl_r;
++ unsigned long err;
++ ERR_clear_error();
+ switch ((ret = SSL_shutdown(con->ssl))) {
+ case 1:
+ /* ok */
+ break;
+ case 0:
+- SSL_shutdown(con->ssl);
+- break;
++ ERR_clear_error();
++ if (-1 != (ret = SSL_shutdown(con->ssl))) break;
++
++ // fall through
+ default:
+- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
+- SSL_get_error(con->ssl, ret),
+- ERR_error_string(ERR_get_error(), NULL));
+- return -1;
++
++ switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
++ case SSL_ERROR_WANT_WRITE:
++ case SSL_ERROR_WANT_READ:
++ break;
++ case SSL_ERROR_SYSCALL:
++ /* perhaps we have error waiting in our error-queue */
++ if (0 != (err = ERR_get_error())) {
++ do {
++ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
++ ssl_r, ret,
++ ERR_error_string(err, NULL));
++ } while ((err = ERR_get_error()));
++ } else {
++ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
++ ssl_r, r, errno,
++ strerror(errno));
++ }
++ break;
++
++ default:
++ while ((err = ERR_get_error())) {
++ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
++ ssl_r, ret,
++ ERR_error_string(err, NULL));
++ }
++ break;
++ }
+ }
+ }
+ #endif
diff -r 0b0e7ed7c3c0 -r 9cfd7243280a www/lighttpd/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lighttpd/patches/patch-ac Wed May 21 13:01:02 2008 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ac,v 1.4.2.1 2008/05/21 13:01:02 tron Exp $
+
+From SVN: Fix potential DOS by clearing SSL error queue.
+
+--- src/network_openssl.c.orig 2008-04-25 18:29:42.000000000 +0200
++++ src/network_openssl.c
+@@ -85,6 +85,7 @@ int network_write_chunkqueue_openssl(ser
+ *
+ */
+
++ ERR_clear_error();
+ if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
+ unsigned long err;
+
+@@ -187,6 +188,7 @@ int network_write_chunkqueue_openssl(ser
+
+ close(ifd);
+
++ ERR_clear_error();
+ if ((r = SSL_write(ssl, s, toSend)) <= 0) {
+ unsigned long err;
+
Home |
Main Index |
Thread Index |
Old Index