rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

segmentation fault fix (FIPS)

Browse Source
This commit is contained in:
Lubos Uhliarik 2019-02-05 12:39:17 +00:00
parent 80cf4174c6
commit 9e462af294
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
httpd-2.4.37-fips-segfault.patch Normal file
View File

@ -0,0 +1,42 @@
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 37947e7..b50c259 100644
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -331,9 +331,6 @@ static apr_status_t ssl_cleanup_pre_config(void *data)
/*
* Try to kill the internals of the SSL library.
*/
-#ifdef HAVE_FIPS
- FIPS_mode_set(0);
-#endif
/* Corresponds to OBJ_create()s */
OBJ_cleanup();
/* Corresponds to OPENSSL_load_builtin_modules() */
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 5063a72..21e41e2 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -183,6 +183,14 @@ int ssl_is_challenge(conn_rec *c, const char *servername,
return 0;
}
+#ifdef HAVE_FIPS
+static apr_status_t ssl_fips_cleanup(void *data)
+{
+ FIPS_mode_set(0);
+ return APR_SUCCESS;
+}
+#endif
+
/*
* Per-module initialization
*/
@@ -316,6 +324,8 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
if (FIPS_mode_set(1)) {
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, APLOGNO(01884)
"Operating in SSL FIPS mode");
+ apr_pool_cleanup_register(p, NULL, ssl_fips_cleanup,
+ apr_pool_cleanup_null);
}
else {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01885) "FIPS mode failed");

7
httpd.spec
View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.38 Version: 2.4.38
Release: 4%{?dist} Release: 5%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html Source1: index.html
@ -78,6 +78,7 @@ Patch34: httpd-2.4.17-socket-activation.patch
Patch36: httpd-2.4.38-r1830819+.patch Patch36: httpd-2.4.38-r1830819+.patch
Patch38: httpd-2.4.34-sslciphdefault.patch Patch38: httpd-2.4.34-sslciphdefault.patch
Patch39: httpd-2.4.37-sslprotdefault.patch Patch39: httpd-2.4.37-sslprotdefault.patch
Patch40: httpd-2.4.37-fips-segfault.patch
# Bug fixes # Bug fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243 # https://bugzilla.redhat.com/show_bug.cgi?id=1397243
@ -229,6 +230,7 @@ interface for storing and accessing per-user session data.
%patch36 -p1 -b .r1830819+ %patch36 -p1 -b .r1830819+
%patch38 -p1 -b .sslciphdefault %patch38 -p1 -b .sslciphdefault
%patch39 -p1 -b .sslprotdefault %patch39 -p1 -b .sslprotdefault
%patch40 -p1 -b .fipsseg
%patch58 -p1 -b .r1738878 %patch58 -p1 -b .r1738878
%patch60 -p1 -b .enable-sslv3 %patch60 -p1 -b .enable-sslv3
@ -734,6 +736,9 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Tue Feb 05 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.38-5
- segmentation fault fix (FIPS)
* Tue Feb 5 2019 Joe Orton <jorton@redhat.com> - 2.4.38-4 * Tue Feb 5 2019 Joe Orton <jorton@redhat.com> - 2.4.38-4
- use serverroot-relative statedir, rundir by default - use serverroot-relative statedir, rundir by default