rpms/mod_nss/F-8 mod_nss-fips.patch,NONE,1.1 mod_nss.spec,1.9,1.10
Robert Crittenden (rcritten)
fedora-extras-commits at redhat.com
Mon Jun 30 19:59:56 UTC 2008
- Previous message: rpms/libibcommon/F-8 libibcommon.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message: rpms/xorg-x11-server-utils/F-9 import.log, NONE, 1.1 .cvsignore, 1.12, 1.13 sources, 1.12, 1.13 xorg-x11-server-utils.spec, 1.34, 1.35 xset-1.0.2-spurious-xprint.patch, 1.2, 1.3 xrandr-1.2.2-reset-other-outputs-using-best-crtc.patch, 1.1, NONE xrandr-1.2.2-verify-crtc-against-prev-config.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rcritten
Update of /cvs/extras/rpms/mod_nss/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16510
Modified Files:
mod_nss.spec
Added Files:
mod_nss-fips.patch
Log Message:
Include patch to fix NSSFips (446851)
mod_nss-fips.patch:
--- NEW FILE mod_nss-fips.patch ---
--- mod_nss-1.0-orig/nss_engine_pphrase.c 22 Feb 2007 16:50:14 -0000 1.10
+++ mod_nss-1.0/nss_engine_pphrase.c 16 May 2008 15:16:02 -0000 1.11
@@ -62,6 +62,13 @@
{
PK11SlotInfo *slot = listEntry->slot;
+ /* This is needed to work around a bug in NSS while in FIPS mode.
+ * The first login will succeed but NSS_Shutdown() isn't cleaning
+ * something up causing subsequent logins to be skipped making
+ * keys and certs unavailable.
+ */
+ PK11_Logout(slot);
+
if (PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) {
if (slot == PK11_GetInternalKeySlot()) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
Index: mod_nss.spec
===================================================================
RCS file: /cvs/extras/rpms/mod_nss/F-8/mod_nss.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- mod_nss.spec 19 Jun 2008 02:44:51 -0000 1.9
+++ mod_nss.spec 30 Jun 2008 19:59:09 -0000 1.10
@@ -1,6 +1,6 @@
Name: mod_nss
Version: 1.0.7
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: SSL/TLS module for the Apache HTTP server
Group: System Environment/Daemons
License: Apache Software License
@@ -15,6 +15,7 @@
Patch2: mod_nss-gencert.patch
Patch3: mod_nss-proxy.patch
Patch4: mod_nss-nofork.patch
+Patch5: mod_nss-fips.patch
%description
The mod_nss module provides strong cryptography for the Apache Web
@@ -28,6 +29,7 @@
%patch2 -p1 -b .gencert
%patch3 -p1 -b .proxy
%patch4 -p1 -b .nofork
+%patch5 -p1 -b .fips
# Touch expression parser sources to prevent regenerating it
touch nss_expr_*.[chyl]
@@ -112,6 +114,9 @@
%{_sbindir}/gencert
%changelog
+* Mon Jun 30 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.7-5
+- Include patch to fix NSSFIPS (446851)
+
* Wed Jun 18 2008 Rob Crittenden <rcritten at redhat.com> 1.0.7-4
- Need to fix ownership and permissions of the NSS database as well so
init after fork will work.
- Previous message: rpms/libibcommon/F-8 libibcommon.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message: rpms/xorg-x11-server-utils/F-9 import.log, NONE, 1.1 .cvsignore, 1.12, 1.13 sources, 1.12, 1.13 xorg-x11-server-utils.spec, 1.34, 1.35 xset-1.0.2-spurious-xprint.patch, 1.2, 1.3 xrandr-1.2.2-reset-other-outputs-using-best-crtc.patch, 1.1, NONE xrandr-1.2.2-verify-crtc-against-prev-config.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list