rpms/mod_nss/devel mod_nss-fips.patch, NONE, 1.1 mod_nss.spec, 1.9, 1.10
Robert Crittenden (rcritten)
fedora-extras-commits at redhat.com
Mon Jun 30 20:17:01 UTC 2008
- Previous message (by thread): rpms/libzrtpcpp/devel .cvsignore, NONE, 1.1 Makefile, NONE, 1.1 sources, NONE, 1.1
- Next message (by thread): rpms/clive/devel .cvsignore, 1.2, 1.3 clive.spec, 1.1, 1.2 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rcritten
Update of /cvs/extras/rpms/mod_nss/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24121
Modified Files:
mod_nss.spec
Added Files:
mod_nss-fips.patch
Log Message:
Include patch to fix NSSFips (446851)
mod_nss-fips.patch:
--- NEW FILE mod_nss-fips.patch ---
--- mod_nss-1.0-orig/nss_engine_pphrase.c 22 Feb 2007 16:50:14 -0000 1.10
+++ mod_nss-1.0/nss_engine_pphrase.c 16 May 2008 15:16:02 -0000 1.11
@@ -62,6 +62,13 @@
{
PK11SlotInfo *slot = listEntry->slot;
+ /* This is needed to work around a bug in NSS while in FIPS mode.
+ * The first login will succeed but NSS_Shutdown() isn't cleaning
+ * something up causing subsequent logins to be skipped making
+ * keys and certs unavailable.
+ */
+ PK11_Logout(slot);
+
if (PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) {
if (slot == PK11_GetInternalKeySlot()) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
Index: mod_nss.spec
===================================================================
RCS file: /cvs/extras/rpms/mod_nss/devel/mod_nss.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- mod_nss.spec 28 Apr 2008 18:17:54 -0000 1.9
+++ mod_nss.spec 30 Jun 2008 20:16:15 -0000 1.10
@@ -1,6 +1,6 @@
Name: mod_nss
Version: 1.0.7
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: SSL/TLS module for the Apache HTTP server
Group: System Environment/Daemons
License: Apache Software License
@@ -15,6 +15,7 @@
Patch2: mod_nss-gencert.patch
Patch3: mod_nss-proxy.patch
Patch4: mod_nss-nofork.patch
+Patch5: mod_nss-fips.patch
%description
The mod_nss module provides strong cryptography for the Apache Web
@@ -28,6 +29,7 @@
%patch2 -p1 -b .gencert
%patch3 -p1 -b .proxy
%patch4 -p1 -b .nofork
+%patch5 -p1 -b .fips
# Touch expression parser sources to prevent regenerating it
touch nss_expr_*.[chyl]
@@ -112,6 +114,9 @@
%{_sbindir}/gencert
%changelog
+* Mon Jun 30 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.7-5
+- Include patch to fix NSSFIPS (446851)
+
* Mon Apr 28 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.7-4
- Apply patch so that mod_nss calls NSS_Init() after Apache forks a child
and not before. This is in response to a change in the NSS softtokn code
- Previous message (by thread): rpms/libzrtpcpp/devel .cvsignore, NONE, 1.1 Makefile, NONE, 1.1 sources, NONE, 1.1
- Next message (by thread): rpms/clive/devel .cvsignore, 1.2, 1.3 clive.spec, 1.1, 1.2 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list