| 1 |
Author: hollow |
| 2 |
Date: 2008-06-01 12:09:51 +0000 (Sun, 01 Jun 2008) |
| 3 |
New Revision: 208 |
| 4 |
|
| 5 |
Added: |
| 6 |
trunk/dist/2.2/patches/05_all_mod_ssl_cleanup.patch |
| 7 |
Modified: |
| 8 |
trunk/dist/2.2/init/apache2.initd |
| 9 |
Log: |
| 10 |
add mod_ssl patch wrt security #222643; add configdump to init script |
| 11 |
|
| 12 |
Modified: trunk/dist/2.2/init/apache2.initd |
| 13 |
=================================================================== |
| 14 |
--- trunk/dist/2.2/init/apache2.initd 2008-03-22 15:33:23 UTC (rev 207) |
| 15 |
+++ trunk/dist/2.2/init/apache2.initd 2008-06-01 12:09:51 UTC (rev 208) |
| 16 |
@@ -2,7 +2,7 @@ |
| 17 |
# Copyright 1999-2007 Gentoo Foundation |
| 18 |
# Distributed under the terms of the GNU General Public License v2 |
| 19 |
|
| 20 |
-opts="configtest fullstatus graceful gracefulstop modules reload" |
| 21 |
+opts="configdump configtest fullstatus graceful gracefulstop modules reload" |
| 22 |
|
| 23 |
depend() { |
| 24 |
need net |
| 25 |
@@ -144,4 +144,22 @@ |
| 26 |
fi |
| 27 |
} |
| 28 |
|
| 29 |
+configdump() { |
| 30 |
+ LYNX="${LYNX:-lynx -dump}" |
| 31 |
+ INFOURL="${INFOURL:-http://localhost/server-info}" |
| 32 |
+ |
| 33 |
+ checkconfd || return 1 |
| 34 |
+ |
| 35 |
+ if ! service_started "${SVCNAME}"; then |
| 36 |
+ eerror "${SVCNAME} not started" |
| 37 |
+ elif ! type -p ${LYNX} 2>&1 >/dev/null; then |
| 38 |
+ eerror "lynx not found! you need to emerge www-client/lynx" |
| 39 |
+ else |
| 40 |
+ echo "${APACHE2} started with '${APACHE2_OPTS}'" |
| 41 |
+ for i in config server list; do |
| 42 |
+ ${LYNX} "${INFOURL}/?${i}" | sed '/Apache Server Information/d;/^[[:space:]]\+[_]\+$/Q' |
| 43 |
+ done |
| 44 |
+ fi |
| 45 |
+} |
| 46 |
+ |
| 47 |
# vim: ts=4 filetype=gentoo-init-d |
| 48 |
|
| 49 |
Added: trunk/dist/2.2/patches/05_all_mod_ssl_cleanup.patch |
| 50 |
=================================================================== |
| 51 |
--- trunk/dist/2.2/patches/05_all_mod_ssl_cleanup.patch (rev 0) |
| 52 |
+++ trunk/dist/2.2/patches/05_all_mod_ssl_cleanup.patch 2008-06-01 12:09:51 UTC (rev 208) |
| 53 |
@@ -0,0 +1,26 @@ |
| 54 |
+--- httpd/httpd/trunk/modules/ssl/mod_ssl.c 2008/05/07 14:16:38 654118 |
| 55 |
++++ httpd/httpd/trunk/modules/ssl/mod_ssl.c 2008/05/07 14:17:31 654119 |
| 56 |
+@@ -218,17 +218,18 @@ |
| 57 |
+ #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES |
| 58 |
+ ENGINE_cleanup(); |
| 59 |
+ #endif |
| 60 |
+-#ifdef HAVE_OPENSSL |
| 61 |
+-#if OPENSSL_VERSION_NUMBER >= 0x00907001 |
| 62 |
+- CRYPTO_cleanup_all_ex_data(); |
| 63 |
+-#endif |
| 64 |
+-#endif |
| 65 |
+ ERR_remove_state(0); |
| 66 |
+ |
| 67 |
+ /* Don't call ERR_free_strings here; ERR_load_*_strings only |
| 68 |
+ * actually load the error strings once per process due to static |
| 69 |
+ * variable abuse in OpenSSL. */ |
| 70 |
+ |
| 71 |
++ /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered |
| 72 |
++ * ex_data indices may have been cached in static variables in |
| 73 |
++ * OpenSSL; removing them may cause havoc. Notably, with OpenSSL |
| 74 |
++ * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which |
| 75 |
++ * could result in a per-connection memory leak (!). */ |
| 76 |
++ |
| 77 |
+ /* |
| 78 |
+ * TODO: determine somewhere we can safely shove out diagnostics |
| 79 |
+ * (when enabled) at this late stage in the game: |
| 80 |
|
| 81 |
-- |
| 82 |
gentoo-commits@l.g.o mailing list |
Archives