Pick up fixes from RHEL

- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections
2012-03-07 18:39:32 -08:00 · 2012-03-07 18:39:32 -08:00 · 3ccc11c806
commit 3ccc11c806
parent 85a1075a8d
4 changed files with 70 additions and 1 deletions
--- a/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
+++ b/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
@ -0,0 +1,27 @@
+diff -up ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 ./mozilla/security/nss/lib/nss/nssinit.c
+--- ./mozilla/security/nss/lib/nss/nssinit.c.747387part1	2011-10-19 17:41:09.148204402 -0700
+++ ./mozilla/security/nss/lib/nss/nssinit.c	2011-10-19 17:42:32.354416861 -0700
+@@ -616,15 +616,19 @@ nss_Init(const char *configdir, const ch
+ 	passwordRequired = pk11_password_required;
+     }
+ 
+-    /* we always try to initialize the modules */
+-    rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, 
+    /* Skip the module init if we are already initted and we are trying
+     * to init with not noCertDB and noModDB */
+    if (!(isReallyInitted && noCertDB && noModDB)) {
+	/* we always try to initialize the modules */
+	rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, 
+ 		updateDir, updCertPrefix, updKeyPrefix, updateID, 
+ 		updateName, configName, configStrings, passwordRequired,
+ 		readOnly, noCertDB, noModDB, forceOpen, optimizeSpace, 
+ 		(initContextPtr != NULL));
+ 
+-    if (rv != SECSuccess) {
+-	goto loser;
+	if (rv != SECSuccess) {
+	    goto loser;
+	}
+     }
+ 
+ 
--- a/Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch
+++ b/Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch
@ -0,0 +1,15 @@
+diff -up ./mozilla/security/nss/lib/pk11wrap/pk11skey.c.800676 ./mozilla/security/nss/lib/pk11wrap/pk11skey.c
+--- ./mozilla/security/nss/lib/pk11wrap/pk11skey.c.800676	2012-03-07 18:29:16.679551532 -0800
+++ ./mozilla/security/nss/lib/pk11wrap/pk11skey.c	2012-03-07 18:29:42.338733488 -0800
+@@ -1664,7 +1664,10 @@ PK11_PubDerive(SECKEYPrivateKey *privKey
+ 
+ 	    keyType = PK11_GetKeyType(target,keySize);
+ 	    key_size = keySize;
+-	    symKey->size = keySize;
+	    /* There's a bug in FreeBL where this size is treated as a max.
+	     * if we are using softoken, Don't set that size value here, but
+	     * set it to zero we we will query softoken for the size */
+	    symKey->size = slot->isInternal ? 0 : keySize;
+ 	    if (key_size == 0) templateCount--;
+ 
+ 	    mechanism.mechanism = derive;
--- a/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
+++ b/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
@ -0,0 +1,15 @@
+diff -up ./mozilla/security/nss/lib/nss/nssinit.c.800682 ./mozilla/security/nss/lib/nss/nssinit.c
+--- ./mozilla/security/nss/lib/nss/nssinit.c.800682	2012-03-07 17:34:50.846174813 -0800
+++ ./mozilla/security/nss/lib/nss/nssinit.c	2012-03-07 17:36:12.545753433 -0800
+@@ -1151,6 +1151,11 @@ SECStatus
+ NSS_Shutdown(void)
+ {
+     SECStatus rv;
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */ 
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+	return SECFailure;
+    }
+     PZ_Lock(nssInitLock);
+ 
+     if (!nssIsInitted) {
--- a/nss.spec
+++ b/nss.spec
@ -7,7 +7,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.13.3
-Release:          1%{?dist}
+Release:          2%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@ -75,6 +75,9 @@ Patch30:          bz784672-protect-against-calls-before-nss_init.patch
 # Fix gcc 4.7 c++ issue in secmodt.h
 # http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50917
 Patch31:          nss-fix-gcc47-secmodt.patch
+Patch32:          Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
+Patch33:          Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
+Patch34:          Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch


 %description
@ -166,6 +169,9 @@ low level services.
 #%patch29 -p0 -b .770682
 %patch30 -p0 -b .784672
 %patch31 -p0 -b .gcc47
+%patch32 -p0 -b .800674
+%patch33 -p0 -b .800682
+%patch34 -p0 -b .800676


 %build
@ -580,6 +586,12 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h


 %changelog
+* Thu Mar 08 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.3-2
+- Pick up fixes from RHEL
+- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync
+- Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update
+- Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections
+
 * Thu Mar 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.3-1
 - Update to NSS_3_13_3_RTM