update to 2.2.15 (#572404, #579311)httpd-2_2_15-1_fc13

6 files changed, 23 insertions, 298 deletions

diff --git a/.cvsignore b/.cvsignore
index a59898a..ec480fa 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-httpd-2.2.14.tar.gz
+httpd-2.2.15.tar.gz
diff --git a/httpd-2.2.14-CVE-2009-3555.patch b/httpd-2.2.14-CVE-2009-3555.patch
deleted file mode 100644
index 60f5763..0000000
--- a/httpd-2.2.14-CVE-2009-3555.patch
+++ /dev/null
@@ -1,284 +0,0 @@
---- httpd-2.2.14/modules/ssl/ssl_engine_init.c.cve3555
-+++ httpd-2.2.14/modules/ssl/ssl_engine_init.c
-@@ -501,10 +501,7 @@ static void ssl_init_ctx_callbacks(serve
-     SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
-     SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
- 
--    if (s->loglevel >= APLOG_DEBUG) {
--        /* this callback only logs if LogLevel >= info */
--        SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState);
--    }
-+    SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
- }
- 
- static void ssl_init_ctx_verify(server_rec *s,
---- httpd-2.2.14/modules/ssl/ssl_engine_io.c.cve3555
-+++ httpd-2.2.14/modules/ssl/ssl_engine_io.c
-@@ -103,6 +103,7 @@ typedef struct {
-     ap_filter_t        *pInputFilter;
-     ap_filter_t        *pOutputFilter;
-     int                nobuffer; /* non-zero to prevent buffering */
-+    SSLConnRec         *config;
- } ssl_filter_ctx_t;
- 
- typedef struct {
-@@ -193,7 +194,13 @@ static int bio_filter_out_read(BIO *bio,
- static int bio_filter_out_write(BIO *bio, const char *in, int inl)
- {
-     bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr);
--
-+    
-+    /* Abort early if the client has initiated a renegotiation. */
-+    if (outctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
-+        outctx->rc = APR_ECONNABORTED;
-+        return -1;
-+    }
-+    
-     /* when handshaking we'll have a small number of bytes.
-      * max size SSL will pass us here is about 16k.
-      * (16413 bytes to be exact)
-@@ -466,6 +473,12 @@ static int bio_filter_in_read(BIO *bio, 
-     if (!in)
-         return 0;
- 
-+    /* Abort early if the client has initiated a renegotiation. */
-+    if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
-+        inctx->rc = APR_ECONNABORTED;
-+        return -1;
-+    }
-+
-     /* XXX: flush here only required for SSLv2;
-      * OpenSSL calls BIO_flush() at the appropriate times for
-      * the other protocols.
-@@ -1724,6 +1737,8 @@ void ssl_io_filter_init(conn_rec *c, SSL
- 
-     filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
- 
-+    filter_ctx->config          = myConnConfig(c);
-+
-     filter_ctx->nobuffer        = 0;
-     filter_ctx->pOutputFilter   = ap_add_output_filter(ssl_io_filter,
-                                                    filter_ctx, NULL, c);
---- httpd-2.2.14/modules/ssl/ssl_engine_kernel.c.cve3555
-+++ httpd-2.2.14/modules/ssl/ssl_engine_kernel.c
-@@ -729,6 +729,10 @@ int ssl_hook_Access(request_rec *r)
-                                        (unsigned char *)&id,
-                                        sizeof(id));
- 
-+            /* Toggle the renegotiation state to allow the new
-+             * handshake to proceed. */
-+            sslconn->reneg_state = RENEG_ALLOW;
-+            
-             SSL_renegotiate(ssl);
-             SSL_do_handshake(ssl);
- 
-@@ -750,6 +754,8 @@ int ssl_hook_Access(request_rec *r)
-             SSL_set_state(ssl, SSL_ST_ACCEPT);
-             SSL_do_handshake(ssl);
- 
-+            sslconn->reneg_state = RENEG_REJECT;
-+
-             if (SSL_get_state(ssl) != SSL_ST_OK) {
-                 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                               "Re-negotiation handshake failed: "
-@@ -1844,76 +1850,55 @@ void ssl_callback_DelSessionCacheEntry(S
-     return;
- }
- 
--/*
-- * This callback function is executed while OpenSSL processes the
-- * SSL handshake and does SSL record layer stuff. We use it to
-- * trace OpenSSL's processing in out SSL logfile.
-- */
--void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc)
-+/* Dump debugginfo trace to the log file. */
-+static void log_tracing_state(MODSSL_INFO_CB_ARG_TYPE ssl, conn_rec *c, 
-+                              server_rec *s, int where, int rc)
- {
--    conn_rec *c;
--    server_rec *s;
--    SSLSrvConfigRec *sc;
--
--    /*
--     * find corresponding server
--     */
--    if (!(c = (conn_rec *)SSL_get_app_data((SSL *)ssl))) {
--        return;
--    }
--
--    s = mySrvFromConn(c);
--    if (!(sc = mySrvConfig(s))) {
--        return;
--    }
--
-     /*
-      * create the various trace messages
-      */
--    if (s->loglevel >= APLOG_DEBUG) {
--        if (where & SSL_CB_HANDSHAKE_START) {
--            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
--                         "%s: Handshake: start", SSL_LIBRARY_NAME);
--        }
--        else if (where & SSL_CB_HANDSHAKE_DONE) {
--            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
--                         "%s: Handshake: done", SSL_LIBRARY_NAME);
--        }
--        else if (where & SSL_CB_LOOP) {
--            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
--                         "%s: Loop: %s",
--                         SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
--        }
--        else if (where & SSL_CB_READ) {
-+    if (where & SSL_CB_HANDSHAKE_START) {
-+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+                     "%s: Handshake: start", SSL_LIBRARY_NAME);
-+    }
-+    else if (where & SSL_CB_HANDSHAKE_DONE) {
-+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+                     "%s: Handshake: done", SSL_LIBRARY_NAME);
-+    }
-+    else if (where & SSL_CB_LOOP) {
-+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+                     "%s: Loop: %s",
-+                     SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-+    }
-+    else if (where & SSL_CB_READ) {
-+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+                     "%s: Read: %s",
-+                     SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-+    }
-+    else if (where & SSL_CB_WRITE) {
-+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+                     "%s: Write: %s",
-+                     SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-+    }
-+    else if (where & SSL_CB_ALERT) {
-+        char *str = (where & SSL_CB_READ) ? "read" : "write";
-+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+                     "%s: Alert: %s:%s:%s",
-+                     SSL_LIBRARY_NAME, str,
-+                     SSL_alert_type_string_long(rc),
-+                     SSL_alert_desc_string_long(rc));
-+    }
-+    else if (where & SSL_CB_EXIT) {
-+        if (rc == 0) {
-             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
--                         "%s: Read: %s",
-+                         "%s: Exit: failed in %s",
-                          SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-         }
--        else if (where & SSL_CB_WRITE) {
-+        else if (rc < 0) {
-             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
--                         "%s: Write: %s",
-+                         "%s: Exit: error in %s",
-                          SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-         }
--        else if (where & SSL_CB_ALERT) {
--            char *str = (where & SSL_CB_READ) ? "read" : "write";
--            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
--                         "%s: Alert: %s:%s:%s",
--                         SSL_LIBRARY_NAME, str,
--                         SSL_alert_type_string_long(rc),
--                         SSL_alert_desc_string_long(rc));
--        }
--        else if (where & SSL_CB_EXIT) {
--            if (rc == 0) {
--                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
--                             "%s: Exit: failed in %s",
--                             SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
--            }
--            else if (rc < 0) {
--                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
--                             "%s: Exit: error in %s",
--                             SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
--            }
--        }
-     }
- 
-     /*
-@@ -1933,6 +1918,52 @@ void ssl_callback_LogTracingState(MODSSL
-     }
- }
- 
-+/*
-+ * This callback function is executed while OpenSSL processes the SSL
-+ * handshake and does SSL record layer stuff.  It's used to trap
-+ * client-initiated renegotiations, and for dumping everything to the
-+ * log.
-+ */
-+void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc)
-+{
-+    conn_rec *c;
-+    server_rec *s;
-+    SSLConnRec *scr;
-+
-+    /* Retrieve the conn_rec and the associated SSLConnRec. */
-+    if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
-+        return;
-+    }
-+
-+    if ((scr = myConnConfig(c)) == NULL) {
-+        return;
-+    }
-+
-+    /* If the reneg state is to reject renegotiations, check the SSL
-+     * state machine and move to ABORT if a Client Hello is being
-+     * read. */
-+    if ((where & SSL_CB_ACCEPT_LOOP) && scr->reneg_state == RENEG_REJECT) {
-+        int state = SSL_get_state(ssl);
-+        
-+        if (state == SSL3_ST_SR_CLNT_HELLO_A 
-+            || state == SSL23_ST_SR_CLNT_HELLO_A) {
-+            scr->reneg_state = RENEG_ABORT;
-+            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
-+                          "rejecting client initiated renegotiation");
-+        }
-+    }
-+    /* If the first handshake is complete, change state to reject any
-+     * subsequent client-initated renegotiation. */
-+    else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_INIT) {
-+        scr->reneg_state = RENEG_REJECT;
-+    }
-+
-+    s = mySrvFromConn(c);
-+    if (s && s->loglevel >= APLOG_DEBUG) {
-+        log_tracing_state(ssl, c, s, where, rc);
-+    }
-+}
-+
- #ifndef OPENSSL_NO_TLSEXT
- /*
-  * This callback function is executed when OpenSSL encounters an extended
---- httpd-2.2.14/modules/ssl/ssl_private.h.cve3555
-+++ httpd-2.2.14/modules/ssl/ssl_private.h
-@@ -356,6 +356,20 @@ typedef struct {
-     int is_proxy;
-     int disabled;
-     int non_ssl_request;
-+
-+    /* Track the handshake/renegotiation state for the connection so
-+     * that all client-initiated renegotiations can be rejected, as a
-+     * partial fix for CVE-2009-3555. */
-+    enum { 
-+        RENEG_INIT = 0, /* Before initial handshake */
-+        RENEG_REJECT, /* After initial handshake; any client-initiated
-+                       * renegotiation should be rejected */
-+        RENEG_ALLOW, /* A server-initated renegotiation is taking
-+                      * place (as dictated by configuration) */
-+        RENEG_ABORT /* Renegotiation initiated by client, abort the
-+                     * connection */
-+    } reneg_state;
-+    
-     server_rec *server;
- } SSLConnRec;
- 
-@@ -574,7 +588,7 @@ int          ssl_callback_proxy_cert(SSL
- int          ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
- SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
- void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
--void         ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int);
-+void         ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE, int, int);
- #ifndef OPENSSL_NO_TLSEXT
- int          ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
- #endif
diff --git a/httpd-2.2.14.tar.gz.asc b/httpd-2.2.14.tar.gz.asc
deleted file mode 100644
index 12a09ea..0000000
--- a/httpd-2.2.14.tar.gz.asc
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.9 (Darwin)
-
-iD8DBQBKuq+ENEqETXUdfycRAt+lAKCBA8IJnjaV416wdym0//EHlOjO8ACdFLOD
-K4ODFOVg9S1rvewVwER0VM4=
-=R/uW
------END PGP SIGNATURE-----
diff --git a/httpd-2.2.15.tar.gz.asc b/httpd-2.2.15.tar.gz.asc
new file mode 100644
index 0000000..4e1df5b
--- /dev/null
+++ b/httpd-2.2.15.tar.gz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iQIcBAABAgAGBQJLjKhHAAoJEKNIuYR/chSnvFwQAIheRJjDn/F3zCS9MW/oxXe2
+goBaTuOnmBCGsdaiGJ/uk3Okxgsjlul3OR6NGQwA1agHwZCosXidCWFptGutFi++
+Joxb0iZPM6H8nuThaZUHIgu35P2IOtZNdwGlw/dgB3zSA2srW6TbIzskFsazozd/
+xplcbgZ+7mCtK076XUUT7COfF5erwTsfwzI1MUGFugKtmP/0ScOU8HeeRECf+ERk
+G0xQbizdJITN9ZFNPH6GIx9WxPUB8PZaZ8gBO8arMQxZ6N2TMBldlbbb+gTIJDk6
+PbFeMgbjFHj+XMUmKZ53V5UJTga58clEGAhVLMckkres7iqatoR4c6e6WjRcvbjW
+jtcm4Fx79H73gc9xDIQTa7cpapsId+agVMXIZ5EUMe5ykq7oEjONq7sGhaYrlNMj
+illZEMLWaKXa+JdKcc3FbxYYhpzlNkR/8oWYjygu3IBkgPM0X3wD7YIOGNRZOe7b
+llufYS2g3grFO1pWu/hnX7AfzSVxwjyXBS/7PXvyAaG3iR/62rhmuyVZKxeTYq92
+ooJNeJoObisOfAgyapNV9mGzGR1T6E+bRLuubqIM3aDJ2TYNp71VqAyQFUyPGRTR
+ax7nfoAp7QosAmVOzrMj4xSMe8RLhlKrVDs9YaFu4MkNzAXPmHESyA/ZELakufuZ
+1gizsJGUooQ7o/xU99HG
+=QhkM
+-----END PGP SIGNATURE-----
diff --git a/httpd.spec b/httpd.spec
index d99c487..258040d 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -6,7 +6,7 @@
 
 Summary: Apache HTTP Server
 Name: httpd
-Version: 2.2.14
+Version: 2.2.15
 Release: 1%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
@@ -37,8 +37,6 @@ Patch25: httpd-2.2.11-selinux.patch
 Patch26: httpd-2.2.9-suenable.patch
 # Bug fixes
 Patch54: httpd-2.2.0-authnoprov.patch
-# Security fixes
-Patch90: httpd-2.2.14-CVE-2009-3555.patch
 License: ASL 2.0
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -129,8 +127,6 @@ Security (TLS) protocols.
 
 %patch54 -p1 -b .authnoprov
 
-%patch90 -p1 -b .cve3555
-
 # Patch in vendor/release string
 sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
 
@@ -489,6 +485,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/httpd/build/*.sh
 
 %changelog
+* Sun Apr 04 2010 Robert Scheck <robert@fedoraproject.org> - 2.2.15-1
+- update to 2.2.15 (#572404, #579311)
+
 * Thu Dec  3 2009 Joe Orton <jorton@redhat.com> - 2.2.14-1
 - update to 2.2.14
 - relax permissions on /var/run/httpd (#495780)
diff --git a/sources b/sources
index 10a5750..6b3f591 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-2c1e3c7ba00bcaa0163da7b3e66aaa1e  httpd-2.2.14.tar.gz
+31fa022dc3c0908c6eaafe73c81c65df  httpd-2.2.15.tar.gz