1 |
Author: hollow |
2 |
Date: 2008-06-01 12:09:51 +0000 (Sun, 01 Jun 2008) |
3 |
New Revision: 208 |
4 |
|
5 |
Added: |
6 |
trunk/dist/2.2/patches/05_all_mod_ssl_cleanup.patch |
7 |
Modified: |
8 |
trunk/dist/2.2/init/apache2.initd |
9 |
Log: |
10 |
add mod_ssl patch wrt security #222643; add configdump to init script |
11 |
|
12 |
Modified: trunk/dist/2.2/init/apache2.initd |
13 |
=================================================================== |
14 |
--- trunk/dist/2.2/init/apache2.initd 2008-03-22 15:33:23 UTC (rev 207) |
15 |
+++ trunk/dist/2.2/init/apache2.initd 2008-06-01 12:09:51 UTC (rev 208) |
16 |
@@ -2,7 +2,7 @@ |
17 |
# Copyright 1999-2007 Gentoo Foundation |
18 |
# Distributed under the terms of the GNU General Public License v2 |
19 |
|
20 |
-opts="configtest fullstatus graceful gracefulstop modules reload" |
21 |
+opts="configdump configtest fullstatus graceful gracefulstop modules reload" |
22 |
|
23 |
depend() { |
24 |
need net |
25 |
@@ -144,4 +144,22 @@ |
26 |
fi |
27 |
} |
28 |
|
29 |
+configdump() { |
30 |
+ LYNX="${LYNX:-lynx -dump}" |
31 |
+ INFOURL="${INFOURL:-http://localhost/server-info}" |
32 |
+ |
33 |
+ checkconfd || return 1 |
34 |
+ |
35 |
+ if ! service_started "${SVCNAME}"; then |
36 |
+ eerror "${SVCNAME} not started" |
37 |
+ elif ! type -p ${LYNX} 2>&1 >/dev/null; then |
38 |
+ eerror "lynx not found! you need to emerge www-client/lynx" |
39 |
+ else |
40 |
+ echo "${APACHE2} started with '${APACHE2_OPTS}'" |
41 |
+ for i in config server list; do |
42 |
+ ${LYNX} "${INFOURL}/?${i}" | sed '/Apache Server Information/d;/^[[:space:]]\+[_]\+$/Q' |
43 |
+ done |
44 |
+ fi |
45 |
+} |
46 |
+ |
47 |
# vim: ts=4 filetype=gentoo-init-d |
48 |
|
49 |
Added: trunk/dist/2.2/patches/05_all_mod_ssl_cleanup.patch |
50 |
=================================================================== |
51 |
--- trunk/dist/2.2/patches/05_all_mod_ssl_cleanup.patch (rev 0) |
52 |
+++ trunk/dist/2.2/patches/05_all_mod_ssl_cleanup.patch 2008-06-01 12:09:51 UTC (rev 208) |
53 |
@@ -0,0 +1,26 @@ |
54 |
+--- httpd/httpd/trunk/modules/ssl/mod_ssl.c 2008/05/07 14:16:38 654118 |
55 |
++++ httpd/httpd/trunk/modules/ssl/mod_ssl.c 2008/05/07 14:17:31 654119 |
56 |
+@@ -218,17 +218,18 @@ |
57 |
+ #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES |
58 |
+ ENGINE_cleanup(); |
59 |
+ #endif |
60 |
+-#ifdef HAVE_OPENSSL |
61 |
+-#if OPENSSL_VERSION_NUMBER >= 0x00907001 |
62 |
+- CRYPTO_cleanup_all_ex_data(); |
63 |
+-#endif |
64 |
+-#endif |
65 |
+ ERR_remove_state(0); |
66 |
+ |
67 |
+ /* Don't call ERR_free_strings here; ERR_load_*_strings only |
68 |
+ * actually load the error strings once per process due to static |
69 |
+ * variable abuse in OpenSSL. */ |
70 |
+ |
71 |
++ /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered |
72 |
++ * ex_data indices may have been cached in static variables in |
73 |
++ * OpenSSL; removing them may cause havoc. Notably, with OpenSSL |
74 |
++ * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which |
75 |
++ * could result in a per-connection memory leak (!). */ |
76 |
++ |
77 |
+ /* |
78 |
+ * TODO: determine somewhere we can safely shove out diagnostics |
79 |
+ * (when enabled) at this late stage in the game: |
80 |
|
81 |
-- |
82 |
gentoo-commits@l.g.o mailing list |