From c40f16fc527a8afd977749e72232e1db137174c4 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Thu, 24 Feb 2011 15:05:17 -0800 Subject: [PATCH 1/3] Bug 539183 - Short-term fix for ssl test suites hangs on ipv6 type connections Change selfserv to use a dual-stack IPv6 listening socket, which can accept connections from both IPv4 and IPv6 clients. NSPR's IPv6 sockets have the IPV6_V6ONLY socket option default to false. --- nss-539183.patch | 33 +++++++++++++++++++++++++++++++++ nss.spec | 14 ++++++++++---- 2 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 nss-539183.patch diff --git a/nss-539183.patch b/nss-539183.patch new file mode 100644 index 0000000..d86a705 --- /dev/null +++ b/nss-539183.patch @@ -0,0 +1,33 @@ +Index: mozilla/security/nss/cmd/selfserv/selfserv.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v +retrieving revision 1.94 +diff -p -u -8 -r1.94 selfserv.c +--- mozilla/security/nss/cmd/selfserv/selfserv.c 3 Apr 2010 18:27:27 -0000 1.94 ++++ mozilla/security/nss/cmd/selfserv/selfserv.c 24 Feb 2011 02:28:02 -0000 +@@ -1487,21 +1487,21 @@ PRFileDesc * + getBoundListenSocket(unsigned short port) + { + PRFileDesc * listen_sock; + int listenQueueDepth = 5 + (2 * maxThreads); + PRStatus prStatus; + PRNetAddr addr; + PRSocketOptionData opt; + +- addr.inet.family = PR_AF_INET; +- addr.inet.ip = PR_INADDR_ANY; +- addr.inet.port = PR_htons(port); ++ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { ++ errExit("PR_SetNetAddr"); ++ } + +- listen_sock = PR_NewTCPSocket(); ++ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); + if (listen_sock == NULL) { + errExit("PR_NewTCPSocket"); + } + + opt.option = PR_SockOpt_Nonblocking; + opt.value.non_blocking = PR_FALSE; + prStatus = PR_SetSocketOption(listen_sock, &opt); + if (prStatus < 0) { diff --git a/nss.spec b/nss.spec index 2e5d563..a92f595 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 12%{?dist} +Release: 13%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -47,6 +47,7 @@ Patch12: allow-content-types-beyond-smime.patch Patch13: nss-recurse.patch Patch14: dont-use-cpp-reserved-words.patch Patch15: swap-internal-key-slot.patch +Patch16: nss-539183.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -124,6 +125,7 @@ low level services. %patch13 -p1 -b .recurse %patch14 -p1 -b .676036 %patch15 -p1 -b .jss +%patch16 -p0 -b .539183 %build @@ -271,9 +273,10 @@ cd ./mozilla/security/nss/tests/ # nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr # nss_ssl_run: cov auth stress # -# Disable the ssl test suites until Bug 539183 is resolved -%global nss_ssl_tests " " -%global nss_ssl_run " " +# Uncomment these lines if you need to temporarily +# disable some test suites for faster test builds +# global nss_ssl_tests "normal_fips" +# global nss_ssl_run "cov auth" HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh @@ -516,6 +519,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog +* Wed Feb 24 2011 Elio Maldonado - 3.12.9-13 +- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183) + * Fri Feb 18 2011 Elio Maldonado - 3.12.9-12 - Add a missing requires for pkcs11-devel (#675196) From 0b0026515f9e6c8f3455dee5f02e106c42db24fb Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Wed, 23 Mar 2011 15:13:45 -0700 Subject: [PATCH 2/3] - Update to NSS_3.12.9_WITH_CKPI_1_82_RTM --- nss.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/nss.spec b/nss.spec index a92f595..b6ad7e9 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 13%{?dist} +Release: 14%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -519,6 +519,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog +* Wed Mar 23 2011 Elio Maldonado - 3.12.9-14 +- Update to NSS_3.12.9_WITH_CKPI_1_82_RTM + * Wed Feb 24 2011 Elio Maldonado - 3.12.9-13 - Short-term fix for ssl test suites hangs on ipv6 type connections (#539183) diff --git a/sources b/sources index e8a418a..855e03f 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -b3dda60fc3d22d1b02b2330428a2b759 nss-3.12.9-stripped.tar.bz2 +240c8d61d9c9091e486318e889bc1f2f nss-3.12.9-stripped.tar.bz2 e63cddf74c07f0d818d1052ecc6fbb1f nss-pem-20101125.tar.bz2 a5ae49867124ac75f029a9a33af31bad blank-cert8.db 9315689bbd9f28ceebd47894f99fccbd blank-key3.db From 4a912ae4d0993ad4964baec6ff0524cee9983dcf Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Wed, 23 Mar 2011 15:17:21 -0700 Subject: [PATCH 3/3] Fix the tag name in changelog comment --- nss.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index b6ad7e9..45e1895 100644 --- a/nss.spec +++ b/nss.spec @@ -520,7 +520,7 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog * Wed Mar 23 2011 Elio Maldonado - 3.12.9-14 -- Update to NSS_3.12.9_WITH_CKPI_1_82_RTM +- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM * Wed Feb 24 2011 Elio Maldonado - 3.12.9-13 - Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)