rpms/mod_nss/devel mod_nss-fips.patch, 1.1, 1.2 mod_nss.spec, 1.10, 1.11
Robert Crittenden (rcritten)
fedora-extras-commits at redhat.com
Wed Jul 2 15:26:13 UTC 2008
Author: rcritten
Update of /cvs/extras/rpms/mod_nss/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27454
Modified Files:
mod_nss-fips.patch mod_nss.spec
Log Message:
Update the patch for FIPS to include fixes for nss_pcache, enforce
the security policy and properly initialize the FIPS token.
mod_nss-fips.patch:
Index: mod_nss-fips.patch
===================================================================
RCS file: /cvs/extras/rpms/mod_nss/devel/mod_nss-fips.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- mod_nss-fips.patch 30 Jun 2008 20:16:15 -0000 1.1
+++ mod_nss-fips.patch 2 Jul 2008 15:25:41 -0000 1.2
@@ -1,5 +1,5 @@
---- mod_nss-1.0-orig/nss_engine_pphrase.c 22 Feb 2007 16:50:14 -0000 1.10
-+++ mod_nss-1.0/nss_engine_pphrase.c 16 May 2008 15:16:02 -0000 1.11
+--- mod_nss-1.0-orig/nss_engine_pphrase.c 7 Apr 2006 20:17:12 -0000 1.5
++++ mod_nss-1.0/nss_engine_pphrase.c 2 Jul 2008 03:41:05 -0000
@@ -62,6 +62,13 @@
{
PK11SlotInfo *slot = listEntry->slot;
@@ -14,4 +14,62 @@
if (PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) {
if (slot == PK11_GetInternalKeySlot()) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+@@ -298,7 +305,12 @@
+ fprintf(output, "non-alphabetic characters\n");
+ continue;
+ }
+- return (char*) PORT_Strdup((char*)phrase);
++ if (PK11_IsFIPS() && strlen(phrase) == 0) {
++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
++ "The FIPS security policy requires that a password be set.");
++ nss_die();
++ } else
++ return (char*) PORT_Strdup((char*)phrase);
+ }
+ }
+
+--- mod_nss-1.0-orig/nss_pcache.c 18 Nov 2005 16:10:23 -0000 1.8
++++ mod_nss-1.0/nss_pcache.c 2 Jul 2008 03:41:05 -0000
+@@ -378,7 +378,6 @@
+ if (tokenName && tokenpw) {
+ node = (Node*)malloc(sizeof (Node));
+ if (!node) { err = PIN_NOMEMORY; }
+-
+ node->tokenName = strdup(tokenName);
+ node->store = 0;
+ node->next = 0;
+@@ -410,7 +409,10 @@
+ for (node = pinList; node != NULL; node = node->next) {
+ if (!strcmp(node->tokenName, tokenName)) {
+ if (Pk11StoreGetPin(&pin, node->store) == SECSuccess) {
+- PR_Write(out, pin, strlen(pin));
++ if (strlen(pin) == 0)
++ PR_Write(out, "", 1);
++ else
++ PR_Write(out, pin, strlen(pin));
+ memset(pin, 0, strlen(pin));
+ free(pin);
+ found = PR_TRUE;
+@@ -452,7 +454,7 @@
+ while (*s) {
+ if (*s == '\t' || *peek == '\0') {
+ if (i == el) {
+- if (*peek != '\0')
++ if (*peek != '\0' || *s == '\t')
+ *s = '\0';
+ r = strdup(t);
+ free(work);
+--- mod_nss-1.0.7-orig/nss_engine_init.c 2008-07-02 19:22:11.000000000 -0400
++++ mod_nss-1.0.7/nss_engine_init.c 2008-07-02 19:12:01.000000000 -0400
+@@ -148,9 +148,8 @@
+ const char * ocspurl = NULL;
+ const char * ocspname = NULL;
+
+- sc = mySrvConfig(base_server);
+-
+ for (s = base_server; s; s = s->next) {
++ sc = mySrvConfig(s);
+ if (sc->fips == TRUE) {
+ fipsenabled = TRUE;
+ }
Index: mod_nss.spec
===================================================================
RCS file: /cvs/extras/rpms/mod_nss/devel/mod_nss.spec,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- mod_nss.spec 30 Jun 2008 20:16:15 -0000 1.10
+++ mod_nss.spec 2 Jul 2008 15:25:41 -0000 1.11
@@ -1,6 +1,6 @@
Name: mod_nss
Version: 1.0.7
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: SSL/TLS module for the Apache HTTP server
Group: System Environment/Daemons
License: Apache Software License
@@ -114,6 +114,10 @@
%{_sbindir}/gencert
%changelog
+* Wed Jul 2 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.7-6
+- Update the patch for FIPS to include fixes for nss_pcache, enforce
+ the security policy and properly initialize the FIPS token.
+
* Mon Jun 30 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.7-5
- Include patch to fix NSSFIPS (446851)
More information about the fedora-extras-commits
mailing list