update to 2.4.39

2019-04-02 10:53:17 +00:00 · 2019-04-02 10:53:17 +00:00 · c30e102180
commit c30e102180
parent b86b48c4a2
3 changed files with 6 additions and 47 deletions
--- a/httpd-2.4.37-fips-segfault.patch
+++ b/httpd-2.4.37-fips-segfault.patch
@ -1,42 +0,0 @@
 diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
 index 37947e7..b50c259 100644
 --- a/modules/ssl/mod_ssl.c
 +++ b/modules/ssl/mod_ssl.c
@@ -331,9 +331,6 @@ static apr_status_t ssl_cleanup_pre_config(void *data)
     /*
      * Try to kill the internals of the SSL library.
      */
 -#ifdef HAVE_FIPS
 -    FIPS_mode_set(0);
 -#endif
     /* Corresponds to OBJ_create()s */
     OBJ_cleanup();
     /* Corresponds to OPENSSL_load_builtin_modules() */
 diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
 index 5063a72..21e41e2 100644
 --- a/modules/ssl/ssl_engine_init.c
 +++ b/modules/ssl/ssl_engine_init.c
@@ -183,6 +183,14 @@ int ssl_is_challenge(conn_rec *c, const char *servername,
     return 0;
 }
 +#ifdef HAVE_FIPS
 +static apr_status_t ssl_fips_cleanup(void *data)
 +{
 +    FIPS_mode_set(0);
 +    return APR_SUCCESS;
 +}
 +#endif
 +
 /*
  *  Per-module initialization
  */
@@ -316,6 +324,8 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
             if (FIPS_mode_set(1)) {
                 ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, APLOGNO(01884)
                              "Operating in SSL FIPS mode");
 +                apr_pool_cleanup_register(p, NULL, ssl_fips_cleanup,
 +                                          apr_pool_cleanup_null);
             }
             else {
                 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01885) "FIPS mode failed");
--- a/httpd.spec
+++ b/httpd.spec
@ -12,8 +12,8 @@
 Summary: Apache HTTP Server
 Name: httpd
-Version: 2.4.38
+Version: 2.4.39
-Release: 6%{?dist}
+Release: 1%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@ -76,7 +76,6 @@ Patch34: httpd-2.4.17-socket-activation.patch
 Patch36: httpd-2.4.38-r1830819+.patch
 Patch38: httpd-2.4.34-sslciphdefault.patch
 Patch39: httpd-2.4.37-sslprotdefault.patch
 Patch40: httpd-2.4.37-fips-segfault.patch
 # Bug fixes
 # https://bugzilla.redhat.com/show_bug.cgi?id=1397243
@ -226,7 +225,6 @@ interface for storing and accessing per-user session data.
 %patch36 -p1 -b .r1830819+
 %patch38 -p1 -b .sslciphdefault
 %patch39 -p1 -b .sslprotdefault
 %patch40 -p1 -b .fipsseg
 %patch58 -p1 -b .r1738878
 %patch60 -p1 -b .enable-sslv3
@ -733,6 +731,9 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 %changelog
 * Tue Apr 02 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.39-1
 - update to 2.4.39
 * Thu Feb 28 2019 Joe Orton <jorton@redhat.com> - 2.4.38-6
 - apachectl: cleanup and replace script wholesale (#1641237)
 * drop "apachectl fullstatus" support
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (httpd-2.4.38.tar.bz2) = 8bdc36fa2bd13fd83feee17fdce4a5316ed8f96c1ac32b636ba106572ba257815438c72068d2d0e900783a3fa25c90a5da34c3f83fc2c04a1dbdbf234f7ad448
+SHA512 (httpd-2.4.39.tar.bz2) = 9742202040b3dc6344b301540f54b2d3f8e36898410d24206a7f8dcecb1bea7d7230fabc7256752724558af249facf64bffe2cf678b8f7cccb64076737abfda7
`@ -1 +1 @@`
	`SHA512 (httpd-2.4.38.tar.bz2) = 8bdc36fa2bd13fd83feee17fdce4a5316ed8f96c1ac32b636ba106572ba257815438c72068d2d0e900783a3fa25c90a5da34c3f83fc2c04a1dbdbf234f7ad448`	`SHA512 (httpd-2.4.39.tar.bz2) = 9742202040b3dc6344b301540f54b2d3f8e36898410d24206a7f8dcecb1bea7d7230fabc7256752724558af249facf64bffe2cf678b8f7cccb64076737abfda7`