rpms/mod_nss/F-8 mod_nss-inherit.patch, NONE, 1.1 mod_nss.spec, 1.11, 1.12
Robert Crittenden (rcritten)
fedora-extras-commits at redhat.com
Fri Jul 11 12:44:18 UTC 2008
- Previous message: rpms/libsepol/F-9 libsepol-rhat.patch, 1.17, 1.18 libsepol.spec, 1.179, 1.180 sources, 1.135, 1.136
- Next message: rpms/php-pecl-zip/EL-4 php-pecl-zip.spec, 1.9, 1.10 sources, 1.9, 1.10 xml2changelog, 1.2, 1.3 dead.package, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rcritten
Update of /cvs/extras/rpms/mod_nss/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22255
Modified Files:
mod_nss.spec
Added Files:
mod_nss-inherit.patch
Log Message:
- Don't inherit the MP cache in multi-threaded mode
- Don't initialize NSS in each child if SSL isn't configured
Resolves: #454701
mod_nss-inherit.patch:
--- NEW FILE mod_nss-inherit.patch ---
--- mod_nss-1.0.7-orig/nss_engine_init.c 16 May 2008 15:16:02 -0000 1.32
+++ mod_nss-1.0.7/nss_engine_init.c 9 Jul 2008 22:22:46 -0000
@@ -1079,23 +1079,54 @@
}
}
void nss_init_Child(apr_pool_t *p, server_rec *base_server)
{
SSLModConfigRec *mc = myModConfig(base_server);
SSLSrvConfigRec *sc;
server_rec *s;
+ int threaded = 0;
+ int sslenabled = FALSE;
mc->pid = getpid(); /* only call getpid() once per-process */
- if (SSL_InheritMPServerSIDCache(NULL) != SECSuccess) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "SSL_InheritMPServerSIDCache failed");
- nss_log_nss_error(APLOG_MARK, APLOG_ERR, NULL);
+ /*
+ * First, see if ssl is enabled at all
+ */
+ for (s = base_server; s; s = s->next) {
+ sc = mySrvConfig(s);
+ /* If any servers have SSL, we want sslenabled set so we
+ * can perform further initialization
+ */
+
+ if (sc->enabled == UNSET) {
+ sc->enabled = FALSE;
+ }
+
+ if (sc->proxy_enabled == UNSET) {
+ sc->proxy_enabled = FALSE;
+ }
+
+ if ((sc->enabled == TRUE) || (sc->proxy_enabled == TRUE)) {
+ sslenabled = TRUE;
+ }
+ }
+
+ if (sslenabled == FALSE) { /* we are not an SSL/TLS server */
+ return;
+ }
+
+ ap_mpm_query(AP_MPMQ_MAX_THREADS, &threaded);
+ if (!threaded) {
+ if (SSL_InheritMPServerSIDCache(NULL) != SECSuccess) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
+ "SSL_InheritMPServerSIDCache failed");
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, NULL);
+ }
}
nss_init_SSLLibrary(base_server);
/* Configure all virtual servers */
for (s = base_server; s; s = s->next) {
sc = mySrvConfig(s);
if (sc->server->servercert == NULL && NSS_IsInitialized())
Index: mod_nss.spec
===================================================================
RCS file: /cvs/extras/rpms/mod_nss/F-8/mod_nss.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- mod_nss.spec 2 Jul 2008 14:44:53 -0000 1.11
+++ mod_nss.spec 11 Jul 2008 12:43:22 -0000 1.12
@@ -1,6 +1,6 @@
Name: mod_nss
Version: 1.0.7
-Release: 6%{?dist}
+Release: 7%{?dist}
Summary: SSL/TLS module for the Apache HTTP server
Group: System Environment/Daemons
License: Apache Software License
@@ -16,6 +16,7 @@
Patch3: mod_nss-proxy.patch
Patch4: mod_nss-nofork.patch
Patch5: mod_nss-fips.patch
+Patch6: mod_nss-inherit.patch
%description
The mod_nss module provides strong cryptography for the Apache Web
@@ -30,6 +31,7 @@
%patch3 -p1 -b .proxy
%patch4 -p1 -b .nofork
%patch5 -p1 -b .fips
+%patch6 -p1 -b .inherit
# Touch expression parser sources to prevent regenerating it
touch nss_expr_*.[chyl]
@@ -114,6 +116,10 @@
%{_sbindir}/gencert
%changelog
+* Thu Jul 10 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.7-7
+- Don't inherit the MP cache in multi-threaded mode (454701)
+- Don't initialize NSS in each child if SSL isn't configured
+
* Wed Jul 2 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.7-6
- Update the patch for FIPS to include fixes for nss_pcache, enforce
the security policy and properly initialize the FIPS token.
- Previous message: rpms/libsepol/F-9 libsepol-rhat.patch, 1.17, 1.18 libsepol.spec, 1.179, 1.180 sources, 1.135, 1.136
- Next message: rpms/php-pecl-zip/EL-4 php-pecl-zip.spec, 1.9, 1.10 sources, 1.9, 1.10 xml2changelog, 1.2, 1.3 dead.package, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list