Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.8.git;a=commitdiff;h=6e756e86765b48c87dc555e029d59cd4cfabc3bf
commit 6e756e86765b48c87dc555e029d59cd4cfabc3bf
Author: Miklos Vajna <[EMAIL PROTECTED]>
Date: Sat Apr 12 15:31:39 2008 +0200
lighttpd-1.4.19-1kalgan2-i686
- added CVE-2008-1531.patch
- closes #2922
diff --git a/source/network-extra/lighttpd/CVE-2008-1531.patch
b/source/network-extra/lighttpd/CVE-2008-1531.patch
new file mode 100644
index 0000000..f26e9ce
--- /dev/null
+++ b/source/network-extra/lighttpd/CVE-2008-1531.patch
@@ -0,0 +1,100 @@
+diff -Naur lighttpd-1.4.19/NEWS lighttpd-1.4.19-p/NEWS
+--- lighttpd-1.4.19/NEWS 2008-03-10 22:28:30.000000000 +0100
++++ lighttpd-1.4.19-p/NEWS 2008-04-02 21:38:01.000000000 +0200
+@@ -8,6 +8,7 @@
+ * added support for If-Range: <date> (#1346)
+ * added support for matching $HTTP["scheme"] in configs
+ * fixed initgroups() called after chroot (#1384)
++ * Fix #285 again: read error after SSL_shutdown (thx [EMAIL PROTECTED]) and
clear the error queue before some other calls
+ * fixed case-sensitive check for Auth-Method (#1456)
+ * execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428)
+ * fixed a bug that made /-prefixed extensions being handled also when
+diff -Naur lighttpd-1.4.19/src/connections.c
lighttpd-1.4.19-p/src/connections.c
+--- lighttpd-1.4.19/src/connections.c 2008-02-28 00:41:35.000000000 +0100
++++ lighttpd-1.4.19-p/src/connections.c 2008-04-02 21:42:57.000000000
+0200
+@@ -199,6 +199,7 @@
+
+ /* don't resize the buffer if we were in SSL_ERROR_WANT_* */
+
++ ERR_clear_error();
+ do {
+ if (!con->ssl_error_want_reuse_buffer) {
+ b = buffer_init();
+@@ -1668,21 +1669,51 @@
+ }
+ #ifdef USE_OPENSSL
+ if (srv_sock->is_ssl) {
+- int ret;
++ int ret, ssl_r;
++ unsigned long err;
++ ERR_clear_error();
+ switch ((ret = SSL_shutdown(con->ssl))) {
+ case 1:
+ /* ok */
+ break;
+ case 0:
+- SSL_shutdown(con->ssl);
+- break;
++ ERR_clear_error();
++ if (-1 != (ret =
SSL_shutdown(con->ssl))) break;
++
++ // fall through
+ default:
+- log_error_write(srv, __FILE__,
__LINE__, "sds", "SSL:",
+- SSL_get_error(con->ssl,
ret),
+-
ERR_error_string(ERR_get_error(), NULL));
+- return -1;
++
++ switch ((ssl_r =
SSL_get_error(con->ssl, ret))) {
++ case SSL_ERROR_WANT_WRITE:
++ case SSL_ERROR_WANT_READ:
++ break;
++ case SSL_ERROR_SYSCALL:
++ /* perhaps we have error
waiting in our error-queue */
++ if (0 != (err =
ERR_get_error())) {
++ do {
++
log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
++
ssl_r, ret,
++
ERR_error_string(err, NULL));
++ } while((err =
ERR_get_error()));
++ } else {
++ log_error_write(srv,
__FILE__, __LINE__, "sddds", "SSL (error):",
++ ssl_r,
r, errno,
++
strerror(errno));
++ }
++
++ break;
++ default:
++ while((err = ERR_get_error())) {
++ log_error_write(srv,
__FILE__, __LINE__, "sdds", "SSL:",
++ ssl_r,
ret,
++
ERR_error_string(err, NULL));
++ }
++
++ break;
++ }
+ }
+ }
++ ERR_clear_error();
+ #endif
+
+ switch(con->mode) {
+diff -Naur lighttpd-1.4.19/src/network_openssl.c
lighttpd-1.4.19-p/src/network_openssl.c
+--- lighttpd-1.4.19/src/network_openssl.c 2008-02-26 17:20:26.000000000
+0100
++++ lighttpd-1.4.19-p/src/network_openssl.c 2008-04-02 21:38:01.000000000
+0200
+@@ -85,6 +85,7 @@
+ *
+ */
+
++ ERR_clear_error();
+ if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
+ unsigned long err;
+
+@@ -187,6 +188,7 @@
+
+ close(ifd);
+
++ ERR_clear_error();
+ if ((r = SSL_write(ssl, s, toSend)) <= 0) {
+ unsigned long err;
+
diff --git a/source/network-extra/lighttpd/FrugalBuild
b/source/network-extra/lighttpd/FrugalBuild
index b79ded1..b58ce91 100644
--- a/source/network-extra/lighttpd/FrugalBuild
+++ b/source/network-extra/lighttpd/FrugalBuild
@@ -4,14 +4,15 @@
pkgname=lighttpd
pkgver=1.4.19
-pkgrel=1kalgan1
+pkgrel=1kalgan2
pkgdesc="A webserver designed and optimized for high performance environments."
url="http://www.lighttpd.net/";
license="BSD"
up2date="lynx -dump http://www.lighttpd.net/download|grep -om1
'lighttpd-\(.*\).tar.bz2'|sed 's/.*-\(.*\).t.*/\1/'"
source=($url/download/$pkgname-$pkgver.tar.bz2 \
$pkgname.conf rc.$pkgname index.html \
- http://frugalware.org/images/frugalware.png)
+ http://frugalware.org/images/frugalware.png \
+ CVE-2008-1531.patch)
groups=('network-extra')
archs=('i686' 'x86_64')
depends=('libmysqlclient' 'bzip2' 'lua' 'pcre' 'xfsprogs-attr' 'libldap'
'openssl')
@@ -21,7 +22,8 @@ sha1sums=('fd4450e7faae55ebe0905114722995b0c57397cc' \
'1a1d742bba61f24b42a4aea99623ceabbd345d3e' \
'f30cb68ad73467a43317afabe0f4a90472df222e' \
'd6c2577965670f3e116d9358551cdc2f4b10b4b4' \
- '62fdfe9e07b2b55be660bd107bb6e1c742d90a3e')
+ '62fdfe9e07b2b55be660bd107bb6e1c742d90a3e' \
+ 'fc6058fc40b2ac32d1aa82978757b236ebb76590')
build()
{
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git
