d206ad095d
- use a whitelist approach for keeping directives in the migration script (bsc#961907) * modify mod_nss_migrate.pl - fix test: add NSSPassPhraseDialog, point it to plain file - update to 1.0.13 Update default ciphers to something more modern and secure Check for host and netstat commands in gencert before trying to use them Add server support for DHE ciphers Extract SAN from server/client certificates into env Fix memory leaks and other coding issues caught by clang analyzer Add support for Server Name Indication (SNI) (#1010751) Add support for SNI for reverse proxy connections Add RenegBufferSize? option Add support for TLS Session Tickets (RFC 5077) Fix logical AND support in OpenSSL cipher compatibility Correctly handle disabled ciphers (CVE-2015-5244) Implement a slew more OpenSSL cipher macros Fix a number of illegal memory accesses and memory leaks Support for SHA384 ciphers if they are available in NSS Add compatibility for mod_ssl-style cipher definitions (#862938) Add TLSv1.2-specific ciphers Completely remove support for SSLv2 Add support for sqlite NSS databases (#1057650) Compare subject CN and VS hostname during server start up Add support for enabling TLS v1.2 Don't enable SSL 3 by default (CVE-2014-3566) Fix CVE-2013-4566 Move nss_pcache to /usr/libexec OBS-URL: https://build.opensuse.org/request/show/375069 OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=22
38 lines
1.2 KiB
Diff
38 lines
1.2 KiB
Diff
Index: nss_engine_pphrase.c
|
|
===================================================================
|
|
--- nss_engine_pphrase.c.orig 2016-03-14 12:33:49.139529734 +0100
|
|
+++ nss_engine_pphrase.c 2016-03-14 12:40:42.603094487 +0100
|
|
@@ -228,6 +228,7 @@ static char *nss_get_password(FILE *inpu
|
|
char line[1024];
|
|
unsigned char phrase[200];
|
|
int infd = fileno(input);
|
|
+ int tmpfd;
|
|
int isTTY = isatty(infd);
|
|
|
|
token_name = PK11_GetTokenName(slot);
|
|
@@ -327,6 +328,24 @@ static char *nss_get_password(FILE *inpu
|
|
if (pwdstr)
|
|
return pwdstr;
|
|
|
|
+ /* It happens that stdin is not opened with O_RDONLY. Better make sure
|
|
+ * it is and re-open /dev/tty.
|
|
+ */
|
|
+ close(infd); /* is 0 normally. open(2) will return first available. */
|
|
+ tmpfd = open("/dev/tty", O_RDONLY);
|
|
+ if( tmpfd == -1) {
|
|
+ fprintf(output, "Cannot open /dev/tty for reading the passphrase.\n");
|
|
+ nss_die();
|
|
+ }
|
|
+ if(tmpfd != infd) {
|
|
+ if( dup2(tmpfd, infd) != infd) {
|
|
+ fprintf(output, "Problem duplicating /dev/tty file descriptor.\n");
|
|
+ close(tmpfd);
|
|
+ nss_die();
|
|
+ }
|
|
+ close(tmpfd);
|
|
+ }
|
|
+
|
|
for (;;) {
|
|
/* Prompt for password */
|
|
if (isTTY) {
|