[nss] Pick up fixes from RHEL
Elio Maldonado
emaldonado at fedoraproject.org
Thu Mar 8 03:05:18 UTC 2012
commit 3ccc11c806bf65fbe3975adcccebdf326c82ae8f
Author: Elio Maldonado <emaldona at redhat.com>
Date: Wed Mar 7 18:39:32 2012 -0800
Pick up fixes from RHEL
- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync
- Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update
- Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections
...ble-to-contact-LDAP-Server-during-winsync.patch | 27 ++++++++++++++++++++
...-that-causes-openswan-to-drop-connections.patch | 15 +++++++++++
...MQP-daemon-fails-to-load-after-nss-update.patch | 15 +++++++++++
nss.spec | 14 +++++++++-
4 files changed, 70 insertions(+), 1 deletions(-)
---
diff --git a/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch b/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
new file mode 100644
index 0000000..2a57ea7
--- /dev/null
+++ b/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
@@ -0,0 +1,27 @@
+diff -up ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 ./mozilla/security/nss/lib/nss/nssinit.c
+--- ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 2011-10-19 17:41:09.148204402 -0700
++++ ./mozilla/security/nss/lib/nss/nssinit.c 2011-10-19 17:42:32.354416861 -0700
+@@ -616,15 +616,19 @@ nss_Init(const char *configdir, const ch
+ passwordRequired = pk11_password_required;
+ }
+
+- /* we always try to initialize the modules */
+- rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
++ /* Skip the module init if we are already initted and we are trying
++ * to init with not noCertDB and noModDB */
++ if (!(isReallyInitted && noCertDB && noModDB)) {
++ /* we always try to initialize the modules */
++ rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
+ updateDir, updCertPrefix, updKeyPrefix, updateID,
+ updateName, configName, configStrings, passwordRequired,
+ readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
+ (initContextPtr != NULL));
+
+- if (rv != SECSuccess) {
+- goto loser;
++ if (rv != SECSuccess) {
++ goto loser;
++ }
+ }
+
+
diff --git a/Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch b/Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch
new file mode 100644
index 0000000..88b1004
--- /dev/null
+++ b/Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch
@@ -0,0 +1,15 @@
+diff -up ./mozilla/security/nss/lib/pk11wrap/pk11skey.c.800676 ./mozilla/security/nss/lib/pk11wrap/pk11skey.c
+--- ./mozilla/security/nss/lib/pk11wrap/pk11skey.c.800676 2012-03-07 18:29:16.679551532 -0800
++++ ./mozilla/security/nss/lib/pk11wrap/pk11skey.c 2012-03-07 18:29:42.338733488 -0800
+@@ -1664,7 +1664,10 @@ PK11_PubDerive(SECKEYPrivateKey *privKey
+
+ keyType = PK11_GetKeyType(target,keySize);
+ key_size = keySize;
+- symKey->size = keySize;
++ /* There's a bug in FreeBL where this size is treated as a max.
++ * if we are using softoken, Don't set that size value here, but
++ * set it to zero we we will query softoken for the size */
++ symKey->size = slot->isInternal ? 0 : keySize;
+ if (key_size == 0) templateCount--;
+
+ mechanism.mechanism = derive;
diff --git a/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch b/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
new file mode 100644
index 0000000..90a7b4a
--- /dev/null
+++ b/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
@@ -0,0 +1,15 @@
+diff -up ./mozilla/security/nss/lib/nss/nssinit.c.800682 ./mozilla/security/nss/lib/nss/nssinit.c
+--- ./mozilla/security/nss/lib/nss/nssinit.c.800682 2012-03-07 17:34:50.846174813 -0800
++++ ./mozilla/security/nss/lib/nss/nssinit.c 2012-03-07 17:36:12.545753433 -0800
+@@ -1151,6 +1151,11 @@ SECStatus
+ NSS_Shutdown(void)
+ {
+ SECStatus rv;
++ /* make sure our lock and condition variable are initialized one and only
++ * one time */
++ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
++ return SECFailure;
++ }
+ PZ_Lock(nssInitLock);
+
+ if (!nssIsInitted) {
diff --git a/nss.spec b/nss.spec
index 2b5b28c..52b8ced 100644
--- a/nss.spec
+++ b/nss.spec
@@ -7,7 +7,7 @@
Summary: Network Security Services
Name: nss
Version: 3.13.3
-Release: 1%{?dist}
+Release: 2%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -75,6 +75,9 @@ Patch30: bz784672-protect-against-calls-before-nss_init.patch
# Fix gcc 4.7 c++ issue in secmodt.h
# http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50917
Patch31: nss-fix-gcc47-secmodt.patch
+Patch32: Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
+Patch33: Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
+Patch34: Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch
%description
@@ -166,6 +169,9 @@ low level services.
#%patch29 -p0 -b .770682
%patch30 -p0 -b .784672
%patch31 -p0 -b .gcc47
+%patch32 -p0 -b .800674
+%patch33 -p0 -b .800682
+%patch34 -p0 -b .800676
%build
@@ -580,6 +586,12 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
+* Thu Mar 08 2012 Elio Maldonado <emaldona at redhat.com> - 3.13.3-2
+- Pick up fixes from RHEL
+- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync
+- Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update
+- Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections
+
* Thu Mar 01 2012 Elio Maldonado <emaldona at redhat.com> - 3.13.3-1
- Update to NSS_3_13_3_RTM
More information about the scm-commits
mailing list