SUSE’s Apache2 SSL renegotiation fixes hit the repositories

It’s been quite a while since the actual code fix was done, but now the RPMs for SLES11’s Apache2 implementation (SP1 to SP3) have hit the SUSE SLES11 repositories:

somehost:~ # rpm -qi apache2
Name        : apache2                      Relocations: (not relocatable)
Version     : 2.2.12                            Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
Release     : 1.40.1                        Build Date: Tue Jul 30 20:11:40 2013
somehost:~ # rpm -q --changelog apache2|more
* Mon Jul 22 2013
- httpd-2.2.x-bnc815621-PR50481-interrupted_read_discarded_input.diff
make sure that input that has already arrived on the socket is
not discarded during a non-blocking read (read(2) returns 0 and
errno is set to -EAGAIN). [bnc#815621]
- httpd-2.2.x-bnc815621-PR50481-interrupted_read_discarded_input2.diff
make ssl connection not behave as above (this is openssl BIO stuff).
- httpd-2.2.x-bnc815621-PR50481-interrupted_read_discarded_input3.diff
close the connection just before an attempted re-negotiation if
data has been read with pipelining. This is done by resetting the
keepalive status. [bnc#815621] [L3:38943]

We’ll be updating to service pack 3 (SLES11SP3), applying this patch, and implementing  some since-pending changes to the general setup of our affected production server, in one major step. If anything else turns up during that change, I’ll of course let you know.

And for those questions about upstream changes – I’ve been told that of course the changes that were made to the upstream code, will be reported back. After all, this has been a major head-ache not only to us, but to various other folks as well.

My thanks to all involved!

This entry was posted in Linux and tagged , , . Bookmark the permalink.

Leave a Reply