From 3ccc11c806bf65fbe3975adcccebdf326c82ae8f Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Wed, 7 Mar 2012 18:39:32 -0800 Subject: [PATCH] Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections --- ...o-contact-LDAP-Server-during-winsync.patch | 27 +++++++++++++++++++ ...-causes-openswan-to-drop-connections.patch | 15 +++++++++++ ...aemon-fails-to-load-after-nss-update.patch | 15 +++++++++++ nss.spec | 14 +++++++++- 4 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch create mode 100644 Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch create mode 100644 Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch diff --git a/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch b/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch new file mode 100644 index 0000000..2a57ea7 --- /dev/null +++ b/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch @@ -0,0 +1,27 @@ +diff -up ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 ./mozilla/security/nss/lib/nss/nssinit.c +--- ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 2011-10-19 17:41:09.148204402 -0700 ++++ ./mozilla/security/nss/lib/nss/nssinit.c 2011-10-19 17:42:32.354416861 -0700 +@@ -616,15 +616,19 @@ nss_Init(const char *configdir, const ch + passwordRequired = pk11_password_required; + } + +- /* we always try to initialize the modules */ +- rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, ++ /* Skip the module init if we are already initted and we are trying ++ * to init with not noCertDB and noModDB */ ++ if (!(isReallyInitted && noCertDB && noModDB)) { ++ /* we always try to initialize the modules */ ++ rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, + updateDir, updCertPrefix, updKeyPrefix, updateID, + updateName, configName, configStrings, passwordRequired, + readOnly, noCertDB, noModDB, forceOpen, optimizeSpace, + (initContextPtr != NULL)); + +- if (rv != SECSuccess) { +- goto loser; ++ if (rv != SECSuccess) { ++ goto loser; ++ } + } + + diff --git a/Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch b/Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch new file mode 100644 index 0000000..88b1004 --- /dev/null +++ b/Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch @@ -0,0 +1,15 @@ +diff -up ./mozilla/security/nss/lib/pk11wrap/pk11skey.c.800676 ./mozilla/security/nss/lib/pk11wrap/pk11skey.c +--- ./mozilla/security/nss/lib/pk11wrap/pk11skey.c.800676 2012-03-07 18:29:16.679551532 -0800 ++++ ./mozilla/security/nss/lib/pk11wrap/pk11skey.c 2012-03-07 18:29:42.338733488 -0800 +@@ -1664,7 +1664,10 @@ PK11_PubDerive(SECKEYPrivateKey *privKey + + keyType = PK11_GetKeyType(target,keySize); + key_size = keySize; +- symKey->size = keySize; ++ /* There's a bug in FreeBL where this size is treated as a max. ++ * if we are using softoken, Don't set that size value here, but ++ * set it to zero we we will query softoken for the size */ ++ symKey->size = slot->isInternal ? 0 : keySize; + if (key_size == 0) templateCount--; + + mechanism.mechanism = derive; diff --git a/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch b/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch new file mode 100644 index 0000000..90a7b4a --- /dev/null +++ b/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch @@ -0,0 +1,15 @@ +diff -up ./mozilla/security/nss/lib/nss/nssinit.c.800682 ./mozilla/security/nss/lib/nss/nssinit.c +--- ./mozilla/security/nss/lib/nss/nssinit.c.800682 2012-03-07 17:34:50.846174813 -0800 ++++ ./mozilla/security/nss/lib/nss/nssinit.c 2012-03-07 17:36:12.545753433 -0800 +@@ -1151,6 +1151,11 @@ SECStatus + NSS_Shutdown(void) + { + SECStatus rv; ++ /* make sure our lock and condition variable are initialized one and only ++ * one time */ ++ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { ++ return SECFailure; ++ } + PZ_Lock(nssInitLock); + + if (!nssIsInitted) { diff --git a/nss.spec b/nss.spec index 2b5b28c..52b8ced 100644 --- a/nss.spec +++ b/nss.spec @@ -7,7 +7,7 @@ Summary: Network Security Services Name: nss Version: 3.13.3 -Release: 1%{?dist} +Release: 2%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -75,6 +75,9 @@ Patch30: bz784672-protect-against-calls-before-nss_init.patch # Fix gcc 4.7 c++ issue in secmodt.h # http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50917 Patch31: nss-fix-gcc47-secmodt.patch +Patch32: Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch +Patch33: Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch +Patch34: Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch %description @@ -166,6 +169,9 @@ low level services. #%patch29 -p0 -b .770682 %patch30 -p0 -b .784672 %patch31 -p0 -b .gcc47 +%patch32 -p0 -b .800674 +%patch33 -p0 -b .800682 +%patch34 -p0 -b .800676 %build @@ -580,6 +586,12 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog +* Thu Mar 08 2012 Elio Maldonado - 3.13.3-2 +- Pick up fixes from RHEL +- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync +- Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update +- Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections + * Thu Mar 01 2012 Elio Maldonado - 3.13.3-1 - Update to NSS_3_13_3_RTM