rpms/mod_nss/F-9 mod_nss-fips.patch,1.1,1.2 mod_nss.spec,1.11,1.12
Robert Crittenden (rcritten)
fedora-extras-commits at redhat.com
Wed Jul 2 14:28:01 UTC 2008
- Previous message (by thread): rpms/openoffice.org/devel workspace.cairo06.patch, NONE, 1.1 openoffice.org-2.0.2.ooo64508.vcl.honourfontconfighinting.patch, 1.20, 1.21 openoffice.org-2.0.3.rh127576.gtkunixprintdialog.patch, 1.47, 1.48 openoffice.org-2.3.1.ooo83878.unopkg.enablelinking.patch, 1.4, 1.5 openoffice.org-3.0.0.ooo88303.vcl.dynamicfontoptions.patch, 1.1, 1.2 openoffice.org.spec, 1.1549, 1.1550 openoffice.org-2.2.0.ooo73863.vcl.imcommit.patch, 1.1, NONE pseudoworkspace.valgrind1.patch, 1.35, NONE
- Next message (by thread): rpms/glib2/F-8 cve-2008-2371.patch,NONE,1.1 glib2.spec,1.145,1.146
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rcritten
Update of /cvs/extras/rpms/mod_nss/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18502
Modified Files:
mod_nss-fips.patch mod_nss.spec
Log Message:
Update the patch for FIPS to include fixes for nss_pcache, enforce
the security policy and properly initialize the FIPS token.
mod_nss-fips.patch:
Index: mod_nss-fips.patch
===================================================================
RCS file: /cvs/extras/rpms/mod_nss/F-9/mod_nss-fips.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- mod_nss-fips.patch 30 Jun 2008 19:46:45 -0000 1.1
+++ mod_nss-fips.patch 2 Jul 2008 14:27:28 -0000 1.2
@@ -1,5 +1,5 @@
---- mod_nss-1.0-orig/nss_engine_pphrase.c 22 Feb 2007 16:50:14 -0000 1.10
-+++ mod_nss-1.0/nss_engine_pphrase.c 16 May 2008 15:16:02 -0000 1.11
+--- mod_nss-1.0-orig/nss_engine_pphrase.c 7 Apr 2006 20:17:12 -0000 1.5
++++ mod_nss-1.0/nss_engine_pphrase.c 2 Jul 2008 03:41:05 -0000
@@ -62,6 +62,13 @@
{
PK11SlotInfo *slot = listEntry->slot;
@@ -14,4 +14,62 @@
if (PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) {
if (slot == PK11_GetInternalKeySlot()) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+@@ -298,7 +305,12 @@
+ fprintf(output, "non-alphabetic characters\n");
+ continue;
+ }
+- return (char*) PORT_Strdup((char*)phrase);
++ if (PK11_IsFIPS() && strlen(phrase) == 0) {
++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
++ "The FIPS security policy requires that a password be set.");
++ nss_die();
++ } else
++ return (char*) PORT_Strdup((char*)phrase);
+ }
+ }
+
+--- mod_nss-1.0-orig/nss_pcache.c 18 Nov 2005 16:10:23 -0000 1.8
++++ mod_nss-1.0/nss_pcache.c 2 Jul 2008 03:41:05 -0000
+@@ -378,7 +378,6 @@
+ if (tokenName && tokenpw) {
+ node = (Node*)malloc(sizeof (Node));
+ if (!node) { err = PIN_NOMEMORY; }
+-
+ node->tokenName = strdup(tokenName);
+ node->store = 0;
+ node->next = 0;
+@@ -410,7 +409,10 @@
+ for (node = pinList; node != NULL; node = node->next) {
+ if (!strcmp(node->tokenName, tokenName)) {
+ if (Pk11StoreGetPin(&pin, node->store) == SECSuccess) {
+- PR_Write(out, pin, strlen(pin));
++ if (strlen(pin) == 0)
++ PR_Write(out, "", 1);
++ else
++ PR_Write(out, pin, strlen(pin));
+ memset(pin, 0, strlen(pin));
+ free(pin);
+ found = PR_TRUE;
+@@ -452,7 +454,7 @@
+ while (*s) {
+ if (*s == '\t' || *peek == '\0') {
+ if (i == el) {
+- if (*peek != '\0')
++ if (*peek != '\0' || *s == '\t')
+ *s = '\0';
+ r = strdup(t);
+ free(work);
+--- mod_nss-1.0.7-orig/nss_engine_init.c 2008-07-02 19:22:11.000000000 -0400
++++ mod_nss-1.0.7/nss_engine_init.c 2008-07-02 19:12:01.000000000 -0400
+@@ -148,9 +148,8 @@
+ const char * ocspurl = NULL;
+ const char * ocspname = NULL;
+
+- sc = mySrvConfig(base_server);
+-
+ for (s = base_server; s; s = s->next) {
++ sc = mySrvConfig(s);
+ if (sc->fips == TRUE) {
+ fipsenabled = TRUE;
+ }
Index: mod_nss.spec
===================================================================
RCS file: /cvs/extras/rpms/mod_nss/F-9/mod_nss.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- mod_nss.spec 30 Jun 2008 19:46:45 -0000 1.11
+++ mod_nss.spec 2 Jul 2008 14:27:28 -0000 1.12
@@ -1,6 +1,6 @@
Name: mod_nss
Version: 1.0.7
-Release: 6%{?dist}
+Release: 7%{?dist}
Summary: SSL/TLS module for the Apache HTTP server
Group: System Environment/Daemons
License: Apache Software License
@@ -114,6 +114,10 @@
%{_sbindir}/gencert
%changelog
+* Wed Jul 2 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.7-7
+- Update the patch for FIPS to include fixes for nss_pcache, enforce
+ the security policy and properly initialize the FIPS token.
+
* Mon Jun 30 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.7-6
- Include patch to fix NSSFIPS (446851)
- Previous message (by thread): rpms/openoffice.org/devel workspace.cairo06.patch, NONE, 1.1 openoffice.org-2.0.2.ooo64508.vcl.honourfontconfighinting.patch, 1.20, 1.21 openoffice.org-2.0.3.rh127576.gtkunixprintdialog.patch, 1.47, 1.48 openoffice.org-2.3.1.ooo83878.unopkg.enablelinking.patch, 1.4, 1.5 openoffice.org-3.0.0.ooo88303.vcl.dynamicfontoptions.patch, 1.1, 1.2 openoffice.org.spec, 1.1549, 1.1550 openoffice.org-2.2.0.ooo73863.vcl.imcommit.patch, 1.1, NONE pseudoworkspace.valgrind1.patch, 1.35, NONE
- Next message (by thread): rpms/glib2/F-8 cve-2008-2371.patch,NONE,1.1 glib2.spec,1.145,1.146
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list