Update to NSS 3.52
This commit is contained in:
parent
fc0174ead1
commit
047dc3ed4e
1
.gitignore
vendored
1
.gitignore
vendored
@ -48,3 +48,4 @@ TestUser51.cert
|
|||||||
/nss-3.50.tar.gz
|
/nss-3.50.tar.gz
|
||||||
/nss-3.51.tar.gz
|
/nss-3.51.tar.gz
|
||||||
/nss-3.51.1.tar.gz
|
/nss-3.51.1.tar.gz
|
||||||
|
/nss-3.52.tar.gz
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
diff -up ./lib/softoken/pkcs11.c.ike_fix ./lib/softoken/pkcs11.c
|
|
||||||
--- ./lib/softoken/pkcs11.c.ike_fix 2019-11-04 10:15:08.022176945 -0800
|
|
||||||
+++ ./lib/softoken/pkcs11.c 2019-11-04 10:17:35.396733750 -0800
|
|
||||||
@@ -330,7 +330,7 @@ static const struct mechanismList mechan
|
|
||||||
{ CKM_AES_CTS, { 16, 32, CKF_EN_DE }, PR_TRUE },
|
|
||||||
{ CKM_AES_CTR, { 16, 32, CKF_EN_DE }, PR_TRUE },
|
|
||||||
{ CKM_AES_GCM, { 16, 32, CKF_EN_DE }, PR_TRUE },
|
|
||||||
- { CKM_AES_XCBC_MAC_96, { 16, 16, CKF_SN_VR }, PR_TRUE },
|
|
||||||
+ { CKM_AES_XCBC_MAC_96, { 12, 12, CKF_SN_VR }, PR_TRUE },
|
|
||||||
{ CKM_AES_XCBC_MAC, { 16, 16, CKF_SN_VR }, PR_TRUE },
|
|
||||||
/* ------------------------- Camellia Operations --------------------- */
|
|
||||||
{ CKM_CAMELLIA_KEY_GEN, { 16, 32, CKF_GENERATE }, PR_TRUE },
|
|
||||||
@@ -518,7 +518,8 @@ static const struct mechanismList mechan
|
|
||||||
/* --------------------IPSEC ----------------------- */
|
|
||||||
{ CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE },
|
|
||||||
{ CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE },
|
|
||||||
- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE }
|
|
||||||
+ { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE },
|
|
||||||
+ { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE }
|
|
||||||
};
|
|
||||||
static const CK_ULONG mechanismCount = sizeof(mechanisms) / sizeof(mechanisms[0]);
|
|
||||||
|
|
@ -1,30 +0,0 @@
|
|||||||
Index: nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
|
||||||
===================================================================
|
|
||||||
--- nss.orig/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
|
||||||
+++ nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
|
||||||
@@ -56,7 +56,9 @@ typedef const char *Prims_string;
|
|
||||||
#include <emmintrin.h>
|
|
||||||
typedef __m128i FStar_UInt128_uint128;
|
|
||||||
#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
|
|
||||||
- (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__))
|
|
||||||
+ (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
|
|
||||||
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
|
|
||||||
+ defined(__s390x__))
|
|
||||||
typedef unsigned __int128 FStar_UInt128_uint128;
|
|
||||||
#else
|
|
||||||
typedef struct FStar_UInt128_uint128_s {
|
|
||||||
Index: nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
|
||||||
===================================================================
|
|
||||||
--- nss.orig/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
|
||||||
+++ nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
|
||||||
@@ -25,7 +25,9 @@
|
|
||||||
#include "LowStar_Endianness.h"
|
|
||||||
|
|
||||||
#if !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
|
|
||||||
- (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__))
|
|
||||||
+ (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
|
|
||||||
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
|
|
||||||
+ defined(__s390x__))
|
|
||||||
|
|
||||||
/* GCC + using native unsigned __int128 support */
|
|
||||||
|
|
@ -1,12 +0,0 @@
|
|||||||
diff -up nss/lib/ssl/sslsock.c.tls13-default nss/lib/ssl/sslsock.c
|
|
||||||
--- nss/lib/ssl/sslsock.c.tls13-default 2020-01-27 10:21:44.930830558 +0100
|
|
||||||
+++ nss/lib/ssl/sslsock.c 2020-01-27 10:21:47.419852229 +0100
|
|
||||||
@@ -97,7 +97,7 @@ static sslOptions ssl_defaults = {
|
|
||||||
*/
|
|
||||||
static SSLVersionRange versions_defaults_stream = {
|
|
||||||
SSL_LIBRARY_VERSION_TLS_1_0,
|
|
||||||
- SSL_LIBRARY_VERSION_TLS_1_3
|
|
||||||
+ SSL_LIBRARY_VERSION_TLS_1_2
|
|
||||||
};
|
|
||||||
|
|
||||||
static SSLVersionRange versions_defaults_datagram = {
|
|
16
nss.spec
16
nss.spec
@ -1,5 +1,5 @@
|
|||||||
%global nspr_version 4.25.0
|
%global nspr_version 4.25.0
|
||||||
%global nss_version 3.51.1
|
%global nss_version 3.52.0
|
||||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
%global saved_files_dir %{_libdir}/nss/saved
|
%global saved_files_dir %{_libdir}/nss/saved
|
||||||
%global dracutlibdir %{_prefix}/lib/dracut
|
%global dracutlibdir %{_prefix}/lib/dracut
|
||||||
@ -44,7 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
|||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: %{nss_version}
|
Version: %{nss_version}
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Requires: nspr >= %{nspr_version}
|
Requires: nspr >= %{nspr_version}
|
||||||
@ -106,16 +106,7 @@ Patch2: nss-539183.patch
|
|||||||
# Once the buildroot aha been bootstrapped the patch may be removed
|
# Once the buildroot aha been bootstrapped the patch may be removed
|
||||||
# but it doesn't hurt to keep it.
|
# but it doesn't hurt to keep it.
|
||||||
Patch4: iquote.patch
|
Patch4: iquote.patch
|
||||||
# add missing ike mechanism to softoken
|
|
||||||
Patch10: nss-3.47-ike-fix.patch
|
|
||||||
# To revert the upstream change:
|
|
||||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1573118
|
|
||||||
# as it still doesn't work under FIPS mode because of missing HKDF
|
|
||||||
# support in PKCS #11.
|
|
||||||
Patch11: nss-tls13-default.patch
|
|
||||||
Patch12: nss-signtool-format.patch
|
Patch12: nss-signtool-format.patch
|
||||||
# https://github.com/FStarLang/kremlin/issues/166
|
|
||||||
Patch13: nss-kremlin-ppc64le.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
@ -894,6 +885,9 @@ update-crypto-policies &> /dev/null || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon May 11 2020 Daiki Ueno <dueno@redhat.com> - 3.52.0-1
|
||||||
|
- Update to NSS 3.52
|
||||||
|
|
||||||
* Sat Apr 25 2020 Daiki Ueno <dueno@redhat.com> - 3.51.1-2
|
* Sat Apr 25 2020 Daiki Ueno <dueno@redhat.com> - 3.51.1-2
|
||||||
- Temporarily revert DBM disablement for kernel build failure (#1827902)
|
- Temporarily revert DBM disablement for kernel build failure (#1827902)
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
|
|||||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||||
SHA512 (nss-3.51.1.tar.gz) = 1878780886cc330489a14a60ee5cb67b174f3167d020db256eacdce079652ef8af65813914cd0fb5684457053fa27acc9bff72d0713fbea28795613ca45a6d46
|
SHA512 (nss-3.52.tar.gz) = a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6
|
||||||
|
Loading…
Reference in New Issue
Block a user