rpms/mod_nss/F-9 mod_nss-fips.patch, NONE, 1.1 mod_nss.spec, 1.10, 1.11
Robert Crittenden (rcritten)
fedora-extras-commits at redhat.com
Mon Jun 30 19:47:54 UTC 2008
- Previous message: rpms/libcxgb3/F-8 libcxgb3-modprobe.conf, NONE, 1.1 libcxgb3.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message: rpms/libibcommon/devel libibcommon.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rcritten
Update of /cvs/extras/rpms/mod_nss/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15590
Modified Files:
mod_nss.spec
Added Files:
mod_nss-fips.patch
Log Message:
Include patch to fix NSSFips (446851)
mod_nss-fips.patch:
--- NEW FILE mod_nss-fips.patch ---
--- mod_nss-1.0-orig/nss_engine_pphrase.c 22 Feb 2007 16:50:14 -0000 1.10
+++ mod_nss-1.0/nss_engine_pphrase.c 16 May 2008 15:16:02 -0000 1.11
@@ -62,6 +62,13 @@
{
PK11SlotInfo *slot = listEntry->slot;
+ /* This is needed to work around a bug in NSS while in FIPS mode.
+ * The first login will succeed but NSS_Shutdown() isn't cleaning
+ * something up causing subsequent logins to be skipped making
+ * keys and certs unavailable.
+ */
+ PK11_Logout(slot);
+
if (PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) {
if (slot == PK11_GetInternalKeySlot()) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
Index: mod_nss.spec
===================================================================
RCS file: /cvs/extras/rpms/mod_nss/F-9/mod_nss.spec,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- mod_nss.spec 28 Apr 2008 15:19:02 -0000 1.10
+++ mod_nss.spec 30 Jun 2008 19:46:45 -0000 1.11
@@ -1,6 +1,6 @@
Name: mod_nss
Version: 1.0.7
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: SSL/TLS module for the Apache HTTP server
Group: System Environment/Daemons
License: Apache Software License
@@ -15,6 +15,7 @@
Patch2: mod_nss-gencert.patch
Patch3: mod_nss-proxy.patch
Patch4: mod_nss-nofork.patch
+Patch5: mod_nss-fips.patch
%description
The mod_nss module provides strong cryptography for the Apache Web
@@ -28,6 +29,7 @@
%patch2 -p1 -b .gencert
%patch3 -p1 -b .proxy
%patch4 -p1 -b .nofork
+%patch5 -p1 -b .fips
# Touch expression parser sources to prevent regenerating it
touch nss_expr_*.[chyl]
@@ -112,6 +114,9 @@
%{_sbindir}/gencert
%changelog
+* Mon Jun 30 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.7-6
+- Include patch to fix NSSFIPS (446851)
+
* Mon Apr 28 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.7-5
- New fork patch that more gracefully handles errors
- The location of libnssckbi moved from /usr/lib[64] to /lib[64]
- Previous message: rpms/libcxgb3/F-8 libcxgb3-modprobe.conf, NONE, 1.1 libcxgb3.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message: rpms/libibcommon/devel libibcommon.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list