From c40f16fc527a8afd977749e72232e1db137174c4 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Thu, 24 Feb 2011 15:05:17 -0800 Subject: [PATCH] Bug 539183 - Short-term fix for ssl test suites hangs on ipv6 type connections Change selfserv to use a dual-stack IPv6 listening socket, which can accept connections from both IPv4 and IPv6 clients. NSPR's IPv6 sockets have the IPV6_V6ONLY socket option default to false. --- nss-539183.patch | 33 +++++++++++++++++++++++++++++++++ nss.spec | 14 ++++++++++---- 2 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 nss-539183.patch diff --git a/nss-539183.patch b/nss-539183.patch new file mode 100644 index 0000000..d86a705 --- /dev/null +++ b/nss-539183.patch @@ -0,0 +1,33 @@ +Index: mozilla/security/nss/cmd/selfserv/selfserv.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v +retrieving revision 1.94 +diff -p -u -8 -r1.94 selfserv.c +--- mozilla/security/nss/cmd/selfserv/selfserv.c 3 Apr 2010 18:27:27 -0000 1.94 ++++ mozilla/security/nss/cmd/selfserv/selfserv.c 24 Feb 2011 02:28:02 -0000 +@@ -1487,21 +1487,21 @@ PRFileDesc * + getBoundListenSocket(unsigned short port) + { + PRFileDesc * listen_sock; + int listenQueueDepth = 5 + (2 * maxThreads); + PRStatus prStatus; + PRNetAddr addr; + PRSocketOptionData opt; + +- addr.inet.family = PR_AF_INET; +- addr.inet.ip = PR_INADDR_ANY; +- addr.inet.port = PR_htons(port); ++ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { ++ errExit("PR_SetNetAddr"); ++ } + +- listen_sock = PR_NewTCPSocket(); ++ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); + if (listen_sock == NULL) { + errExit("PR_NewTCPSocket"); + } + + opt.option = PR_SockOpt_Nonblocking; + opt.value.non_blocking = PR_FALSE; + prStatus = PR_SetSocketOption(listen_sock, &opt); + if (prStatus < 0) { diff --git a/nss.spec b/nss.spec index 2e5d563..a92f595 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 12%{?dist} +Release: 13%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -47,6 +47,7 @@ Patch12: allow-content-types-beyond-smime.patch Patch13: nss-recurse.patch Patch14: dont-use-cpp-reserved-words.patch Patch15: swap-internal-key-slot.patch +Patch16: nss-539183.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -124,6 +125,7 @@ low level services. %patch13 -p1 -b .recurse %patch14 -p1 -b .676036 %patch15 -p1 -b .jss +%patch16 -p0 -b .539183 %build @@ -271,9 +273,10 @@ cd ./mozilla/security/nss/tests/ # nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr # nss_ssl_run: cov auth stress # -# Disable the ssl test suites until Bug 539183 is resolved -%global nss_ssl_tests " " -%global nss_ssl_run " " +# Uncomment these lines if you need to temporarily +# disable some test suites for faster test builds +# global nss_ssl_tests "normal_fips" +# global nss_ssl_run "cov auth" HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh @@ -516,6 +519,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog +* Wed Feb 24 2011 Elio Maldonado - 3.12.9-13 +- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183) + * Fri Feb 18 2011 Elio Maldonado - 3.12.9-12 - Add a missing requires for pkcs11-devel (#675196)