You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2004/08/23 16:59:52 UTC
cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c ssl_scache_shmcb.c
jorton 2004/08/23 07:59:52
Modified: . Tag: APACHE_2_0_BRANCH CHANGES STATUS acinclude.m4
modules/ssl Tag: APACHE_2_0_BRANCH ssl_engine_io.c
ssl_scache_shmcb.c
Log:
Backport from HEAD:
* acinclude.m4: Pick up OpenSSL libs/cflags from pkg-config.
* modules/ssl/ssl_engine_io.c (ssl_io_input_read): Fix potential
infinite loop in ssl_io_input_getline if connection is aborted without
inctx->rc being set.
* modules/ssl/ssl_scache_shmcb.c (ssl_scache_shmcb_init): Use an
anonymous shm segment by default or fall back on name-based shm.
PR: 18989, 21335, 29964
Submitted by: jerenkrantz, jorton
Reviewed by: jerenkrantz, trawick, jorton, nd, minfrin
Revision Changes Path
No revision
No revision
1.988.2.327 +8 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.988.2.326
retrieving revision 1.988.2.327
diff -d -w -u -r1.988.2.326 -r1.988.2.327
--- CHANGES 23 Aug 2004 14:50:25 -0000 1.988.2.326
+++ CHANGES 23 Aug 2004 14:59:50 -0000 1.988.2.327
@@ -1,5 +1,13 @@
Changes with Apache 2.0.51
+ *) mod_ssl: Build on RHEL 3. PR 18989. [Justin Erenkrantz]
+
+ *) SECURITY: CAN-2004-0748 (cve.mitre.org)
+ mod_ssl: Fix a potential infinite loop. PR 29964. [Joe Orton]
+
+ *) mod_ssl: Avoid startup failure after unclean shutdown if using shmcb.
+ PR 18989. [Joe Orton]
+
*) mod_userdir: Ensure that the userdir identity is used for
suexec userdir access in a virtual host which has suexec configured.
PR 18156. [Joshua Slive]
1.751.2.997 +1 -17 httpd-2.0/STATUS
Index: STATUS
===================================================================
RCS file: /home/cvs/httpd-2.0/STATUS,v
retrieving revision 1.751.2.996
retrieving revision 1.751.2.997
diff -d -w -u -r1.751.2.996 -r1.751.2.997
--- STATUS 20 Aug 2004 21:17:39 -0000 1.751.2.996
+++ STATUS 23 Aug 2004 14:59:51 -0000 1.751.2.997
@@ -83,16 +83,6 @@
PR: 30134
+1: jorton
- *) [SECURITY] mod_ssl: Fix potential infinite loop.
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.124&r2=1.125
- PR: 29964
- +1: jorton, nd, jerenkrantz
-
- *) mod_ssl: Use anon shm in shmcb by default.
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_scache_shmcb.c?r1=1.23&r2=1.24
- PR: 21335
- +1: jorton, minfrin, nd
-
*) apachectl: Fix a problem finding envvars if sbindir != bindir.
PR 30723. [Friedrich Haubensak <hsk imb-jena.de>]
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/support/apachectl.in?r1=1.22&r2=1.23
@@ -385,12 +375,6 @@
fixed up as well as putting together a patch for httpd 2.0.next
which integrates the two rounds of changes)
+1 concept: trawick, nd
-
- * Work around RedHat bug 82359 (openssl requires pkg-config):
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=82369
- Patch (2.1 version already committed, 2.0 has diff OpenSSL config logic):
- http://www.apache.org/~jerenkrantz/httpd-openssl-pkgconfig.patch
- +1: jerenkrantz, trawick, jorton
CURRENT RELEASE NOTES:
1.133.2.2 +7 -0 httpd-2.0/acinclude.m4
Index: acinclude.m4
===================================================================
RCS file: /home/cvs/httpd-2.0/acinclude.m4,v
retrieving revision 1.133.2.1
retrieving revision 1.133.2.2
diff -d -w -u -r1.133.2.1 -r1.133.2.2
--- acinclude.m4 29 Nov 2002 11:05:57 -0000 1.133.2.1
+++ acinclude.m4 23 Aug 2004 14:59:51 -0000 1.133.2.2
@@ -489,6 +489,13 @@
fi
fi
APR_ADDTO(LIBS, [-lssl -lcrypto])
+ pkg-config openssl 2> /dev/null
+ if test $? -eq 0; then
+ ap_ssltk_incdep=`pkg-config --cflags-only-I openssl`
+ APR_ADDTO(INCLUDES, $ap_ssltk_incdep)
+ ap_ssltk_libdep=`pkg-config --libs openssl`
+ APR_ADDTO(LIBS, $ap_ssltk_libdep)
+ fi
ap_cv_ssltk="$ap_ssltk_base"
fi
])
No revision
No revision
1.100.2.15 +4 -0 httpd-2.0/modules/ssl/ssl_engine_io.c
Index: ssl_engine_io.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.100.2.14
retrieving revision 1.100.2.15
diff -d -w -u -r1.100.2.14 -r1.100.2.15
--- ssl_engine_io.c 15 Apr 2004 19:41:39 -0000 1.100.2.14
+++ ssl_engine_io.c 23 Aug 2004 14:59:52 -0000 1.100.2.15
@@ -587,6 +587,10 @@
while (1) {
if (!inctx->filter_ctx->pssl) {
+ /* Ensure a non-zero error code is returned */
+ if (inctx->rc == APR_SUCCESS) {
+ inctx->rc = APR_EGENERAL;
+ }
break;
}
1.16.2.6 +13 -4 httpd-2.0/modules/ssl/ssl_scache_shmcb.c
Index: ssl_scache_shmcb.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_shmcb.c,v
retrieving revision 1.16.2.5
retrieving revision 1.16.2.6
diff -d -w -u -r1.16.2.5 -r1.16.2.6
--- ssl_scache_shmcb.c 1 Jun 2004 20:27:11 -0000 1.16.2.5
+++ ssl_scache_shmcb.c 23 Aug 2004 14:59:52 -0000 1.16.2.6
@@ -339,10 +339,19 @@
ssl_die();
}
- if ((rv = apr_shm_create(&(mc->pSessionCacheDataMM),
+ /* Use anonymous shm by default, fall back on name-based. */
+ rv = apr_shm_create(&(mc->pSessionCacheDataMM),
+ mc->nSessionCacheDataSize,
+ NULL, mc->pPool);
+
+ if (APR_STATUS_IS_ENOTIMPL(rv)) {
+ rv = apr_shm_create(&(mc->pSessionCacheDataMM),
mc->nSessionCacheDataSize,
mc->szSessionCacheDataFile,
- mc->pPool)) != APR_SUCCESS) {
+ mc->pPool);
+ }
+
+ if (rv != APR_SUCCESS) {
char buf[100];
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Cannot allocate shared memory: (%d)%s", rv,