apache.spec mod_...

Ralf S. Engelschall Tue, 18 Mar 2003 07:02:44 -0800

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________


  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   18-Mar-2003 16:04:22
  Branch: OPENPKG_1_1_SOLID                Handle: 2003031815042200

  Modified files:           (Branch: OPENPKG_1_1_SOLID)
    openpkg-src/apache      apache.spec mod_ssl.patch

  Log:
    apply security bugfix (OpenPKG-SA-2003.020-modssl)

  Summary:
    Revision    Changes     Path
    1.81.2.6    +1  -1      openpkg-src/apache/apache.spec
    1.1.2.2     +19 -0      openpkg-src/apache/mod_ssl.patch
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/apache/apache.spec
  ============================================================================
  $ cvs diff -u -r1.81.2.5 -r1.81.2.6 apache.spec
  --- openpkg-src/apache/apache.spec    22 Jan 2003 12:22:27 -0000      1.81.2.5
  +++ openpkg-src/apache/apache.spec    18 Mar 2003 15:04:22 -0000      1.81.2.6
  @@ -143,7 +143,7 @@
   Group:        Web
   License:      ASF
   Version:      %{V_apache}
  -Release:      1.1.3
  +Release:      1.1.4
   
   #   list of sources
   Source0:      http://www.apache.org/dist/httpd/apache_%{V_apache}.tar.gz
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/apache/mod_ssl.patch
  ============================================================================
  $ cvs diff -u -r1.1.2.1 -r1.1.2.2 mod_ssl.patch
  --- openpkg-src/apache/mod_ssl.patch  23 Oct 2002 09:26:27 -0000      1.1.2.1
  +++ openpkg-src/apache/mod_ssl.patch  18 Mar 2003 15:04:22 -0000      1.1.2.2
  @@ -15,3 +15,22 @@
            ap_table_setn(r->notes, "error-notes", ap_psprintf(r->pool,
                          "Reason: You're speaking plain HTTP to an SSL-enabled server 
port.<BR>\n"
   
  +
  +Security bugfix for OpenSSL timing attacks.
  +
  +Index: mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_init.c
  +--- mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_init.c       4 Oct 2002 13:18:25 
-0000       1.114
  ++++ mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_init.c       18 Mar 2003 13:35:10 
-0000      1.115
  +@@ -795,6 +795,12 @@
  +                     cpVHostID);
  +             ssl_die();
  +         }
  ++        if (!RSA_blinding_on(sc->pPrivateKey[SSL_AIDX_RSA]->pkey.rsa, NULL)) {
  ++            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  ++                    "Init: (%s) Unable to enable RSA blinding (probably PRNG 
failure)",
  ++                    cpVHostID);
  ++            ssl_die();
  ++        }
  +         if (SSL_CTX_use_PrivateKey(ctx, sc->pPrivateKey[SSL_AIDX_RSA]) <= 0) {
  +             ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  +                     "Init: (%s) Unable to configure RSA server private key",
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

[CVS] OpenPKG: OPENPKG_1_1_SOLID: openpkg-src/apache/ apache.spec mod_...

Reply via email to