[CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/apache/ apache.spec mod_...

[Ralf S. Engelschall]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   18-Mar-2003 16:08:12
  Branch: OPENPKG_1_2_SOLID                Handle: 2003031815081100

  Added files:              (Branch: OPENPKG_1_2_SOLID)
    openpkg-src/apache      mod_ssl.patch
  Modified files:           (Branch: OPENPKG_1_2_SOLID)
    openpkg-src/apache      apache.spec

  Log:
    apply security bugfix (OpenPKG-SA-2003.020-modssl)

  Summary:
    Revision    Changes     Path
    1.106.2.1.2.3+3  -1      openpkg-src/apache/apache.spec
    1.1.8.1     +18 -0      openpkg-src/apache/mod_ssl.patch
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/apache/apache.spec
  ============================================================================
  $ cvs diff -u -r1.106.2.1.2.2 -r1.106.2.1.2.3 apache.spec
  --- openpkg-src/apache/apache.spec    18 Feb 2003 12:46:03 -0000      1.106.2.1.2.2
  +++ openpkg-src/apache/apache.spec    18 Mar 2003 15:08:11 -0000      1.106.2.1.2.3
  @@ -60,7 +60,7 @@
   Group:        Web
   License:      ASF
   Version:      %{V_apache}
  -Release:      1.2.1
  +Release:      1.2.2
   
   #   package options (additionally used Apache modules; can be enabled without 
thinking)
   %option       with_mod_ssl            no
  @@ -167,6 +167,7 @@
   Source22:     apache.vhost
   Source23:     rc.apache
   Patch0:       http://www.php.net/distributions/php-4.3.0-to-4.3.1.patch.gz
  +Patch1:       mod_ssl.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -280,6 +281,7 @@
       #   unpack optional extension modules
   %if "%{with_mod_ssl}" == "yes"
       %setup1 -q -T -D -a 1
  +    %patch1 -p0
   %endif
   %if "%{with_mod_perl}" == "yes"
       %setup2 -q -T -D -a 2
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/apache/mod_ssl.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1.8.1 mod_ssl.patch
  --- /dev/null 2003-03-18 16:08:12.000000000 +0100
  +++ mod_ssl.patch     2003-03-18 16:08:12.000000000 +0100
  @@ -0,0 +1,18 @@
  +Security bugfix for OpenSSL timing attacks.
  +
  +Index: mod_ssl-2.8.12-1.3.27/pkg.sslmod/ssl_engine_init.c
  +--- mod_ssl-2.8.12-1.3.27/pkg.sslmod/ssl_engine_init.c       4 Oct 2002 13:18:25 
-0000       1.114
  ++++ mod_ssl-2.8.12-1.3.27/pkg.sslmod/ssl_engine_init.c       18 Mar 2003 13:35:10 
-0000      1.115
  +@@ -795,6 +795,12 @@
  +                     cpVHostID);
  +             ssl_die();
  +         }
  ++        if (!RSA_blinding_on(sc->pPrivateKey[SSL_AIDX_RSA]->pkey.rsa, NULL)) {
  ++            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  ++                    "Init: (%s) Unable to enable RSA blinding (probably PRNG 
failure)",
  ++                    cpVHostID);
  ++            ssl_die();
  ++        }
  +         if (SSL_CTX_use_PrivateKey(ctx, sc->pPrivateKey[SSL_AIDX_RSA]) <= 0) {
  +             ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  +                     "Init: (%s) Unable to configure RSA server private key",
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]