From ba1b06671ad673702c0f2bce3ebd6f016cb0ca61 Mon Sep 17 00:00:00 2001 From: rcritten Date: Jun 30 2008 20:16:15 +0000 Subject: Include patch to fix NSSFips (446851) --- diff --git a/mod_nss-fips.patch b/mod_nss-fips.patch new file mode 100644 index 0000000..042b6ca --- /dev/null +++ b/mod_nss-fips.patch @@ -0,0 +1,17 @@ +--- mod_nss-1.0-orig/nss_engine_pphrase.c 22 Feb 2007 16:50:14 -0000 1.10 ++++ mod_nss-1.0/nss_engine_pphrase.c 16 May 2008 15:16:02 -0000 1.11 +@@ -62,6 +62,13 @@ + { + PK11SlotInfo *slot = listEntry->slot; + ++ /* This is needed to work around a bug in NSS while in FIPS mode. ++ * The first login will succeed but NSS_Shutdown() isn't cleaning ++ * something up causing subsequent logins to be skipped making ++ * keys and certs unavailable. ++ */ ++ PK11_Logout(slot); ++ + if (PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) { + if (slot == PK11_GetInternalKeySlot()) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + diff --git a/mod_nss.spec b/mod_nss.spec index 8a35506..43b94c1 100644 --- a/mod_nss.spec +++ b/mod_nss.spec @@ -1,6 +1,6 @@ Name: mod_nss Version: 1.0.7 -Release: 4%{?dist} +Release: 5%{?dist} Summary: SSL/TLS module for the Apache HTTP server Group: System Environment/Daemons License: Apache Software License @@ -15,6 +15,7 @@ Patch1: mod_nss-conf.patch Patch2: mod_nss-gencert.patch Patch3: mod_nss-proxy.patch Patch4: mod_nss-nofork.patch +Patch5: mod_nss-fips.patch %description The mod_nss module provides strong cryptography for the Apache Web @@ -28,6 +29,7 @@ security library. %patch2 -p1 -b .gencert %patch3 -p1 -b .proxy %patch4 -p1 -b .nofork +%patch5 -p1 -b .fips # Touch expression parser sources to prevent regenerating it touch nss_expr_*.[chyl] @@ -112,6 +114,9 @@ fi %{_sbindir}/gencert %changelog +* Mon Jun 30 2008 Rob Crittenden - 1.0.7-5 +- Include patch to fix NSSFIPS (446851) + * Mon Apr 28 2008 Rob Crittenden - 1.0.7-4 - Apply patch so that mod_nss calls NSS_Init() after Apache forks a child and not before. This is in response to a change in the NSS softtokn code