Require version of NSS that properly parses base64-encoded certs

There were cases where a base64-encoded cert with no header/footer would not be handled properly and rejected. This was causing the CA install to fail. https://fedorahosted.org/freeipa/ticket/3586
2025-02-25 18:55:28 -06:00 · 2013-04-26 12:36:05 -04:00
parent dfcdd9c403
commit 732d1042a3
1 changed files with 10 additions and 2 deletions
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -95,8 +95,13 @@ Requires: %{name}-admintools = %{version}-%{release}
 Requires: %{name}-server-selinux = %{version}-%{release}
 Requires: 389-ds-base >= 1.3.0.5
 Requires: openldap-clients
-Requires: nss
-Requires: nss-tools
+%if 0%{?fedora} == 18
+Requires: nss >= 3.14.3-2
+Requires: nss-tools >= 3.14.3-2
+%else
+Requires: nss >= 3.14.3-12.0
+Requires: nss-tools >= 3.14.3-12.0
+%endif
 %if 0%{?krb5_dal_version} >= 4
 Requires: krb5-server >= 1.11.2-1
 %else
@@ -794,6 +799,9 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt

 %changelog
+* Thu Apr 25 2013 Rob Crittenden <rcritten@redhat.com> - 3.1.99-7
+- Update nss and nss-tools dependency to fix certutil problem (#872761)
+
 * Mon Apr 15 2013 Martin Kosek <mkosek@redhat.com> - 3.1.99-6
 - Require samba 4.0.5, includes new passdb API
 - Require krb5 1.11.2-1, fixes missing PAC issue