Update to NSS 3.28.1
This commit is contained in:
Daiki Ueno
parent
26f0f90d8b
commit
055e0fecf1
1
.gitignore
vendored
1
.gitignore
vendored
@ -12,3 +12,4 @@ TestUser51.cert
|
||||
/nss-3.25.0.tar.gz
|
||||
/nss-3.26.0.tar.gz
|
||||
/nss-3.27.0.tar.gz
|
||||
/nss-3.28.1.tar.gz
|
||||
|
||||
12
iquote.patch
12
iquote.patch
@ -125,9 +125,9 @@ diff -up ./nss/coreconf/location.mk.iquote ./nss/coreconf/location.mk
|
||||
endif
|
||||
|
||||
ifndef NSS_LIB_DIR
|
||||
diff -up ./nss/external_tests/pk11_gtest/Makefile.iquote ./nss/external_tests/pk11_gtest/Makefile
|
||||
--- ./nss/external_tests/pk11_gtest/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/external_tests/pk11_gtest/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
diff -up ./nss/gtests/pk11_gtest/Makefile.iquote ./nss/gtests/pk11_gtest/Makefile
|
||||
--- ./nss/gtests/pk11_gtest/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/gtests/pk11_gtest/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
@ -136,9 +136,9 @@ diff -up ./nss/external_tests/pk11_gtest/Makefile.iquote ./nss/external_tests/pk
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/external_tests/ssl_gtest/Makefile.iquote ./nss/external_tests/ssl_gtest/Makefile
|
||||
--- ./nss/external_tests/ssl_gtest/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/external_tests/ssl_gtest/Makefile 2016-03-05 12:05:17.208082475 -0800
|
||||
diff -up ./nss/gtests/ssl_gtest/Makefile.iquote ./nss/gtests/ssl_gtest/Makefile
|
||||
--- ./nss/gtests/ssl_gtest/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/gtests/ssl_gtest/Makefile 2016-03-05 12:05:17.208082475 -0800
|
||||
@@ -43,6 +43,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
@ -1,50 +1,25 @@
|
||||
diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c
|
||||
--- a/lib/pk11wrap/pk11pars.c
|
||||
+++ b/lib/pk11wrap/pk11pars.c
|
||||
@@ -105,16 +105,17 @@ secmod_NewModule(void)
|
||||
* This allows system NSS to delegate those changes to the user's module DB,
|
||||
* preserving the user's ability to load new PKCS #11 modules (which only
|
||||
* affect him), from existing applications like Firefox.
|
||||
*/
|
||||
#define SECMOD_FLAG_MODULE_DB_IS_MODULE_DB 0x01 /* must be set if any of the
|
||||
*other flags are set */
|
||||
#define SECMOD_FLAG_MODULE_DB_SKIP_FIRST 0x02
|
||||
diff -up nss/lib/pk11wrap/pk11pars.c.check_policy_file nss/lib/pk11wrap/pk11pars.c
|
||||
--- nss/lib/pk11wrap/pk11pars.c.check_policy_file 2017-01-06 13:21:47.002952050 +0100
|
||||
+++ nss/lib/pk11wrap/pk11pars.c 2017-01-06 13:28:18.972536334 +0100
|
||||
@@ -109,6 +109,7 @@ secmod_NewModule(void)
|
||||
*other flags are set */
|
||||
#define SECMOD_FLAG_MODULE_DB_SKIP_FIRST 0x02
|
||||
#define SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB 0x04
|
||||
+#define SECMOD_FLAG_MODULE_DB_POLICY_ONLY 0x08
|
||||
|
||||
+#define SECMOD_FLAG_MODULE_DB_POLICY_ONLY 0x08
|
||||
|
||||
/* private flags for internal (field in SECMODModule). */
|
||||
/* The meaing of these flags is as follows:
|
||||
*
|
||||
* SECMOD_FLAG_INTERNAL_IS_INTERNAL - This is a marks the the module is
|
||||
* the internal module (that is, softoken). This bit is the same as the
|
||||
* already existing meaning of internal = PR_TRUE. None of the other
|
||||
@@ -699,16 +700,19 @@ SECMOD_CreateModuleEx(const char *librar
|
||||
if (mod->isModuleDB) {
|
||||
char flags = SECMOD_FLAG_MODULE_DB_IS_MODULE_DB;
|
||||
if (NSSUTIL_ArgHasFlag("flags","skipFirst",nssc)) {
|
||||
flags |= SECMOD_FLAG_MODULE_DB_SKIP_FIRST;
|
||||
}
|
||||
if (NSSUTIL_ArgHasFlag("flags","defaultModDB",nssc)) {
|
||||
flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB;
|
||||
}
|
||||
@@ -704,6 +705,9 @@ SECMOD_CreateModuleEx(const char *librar
|
||||
if (NSSUTIL_ArgHasFlag("flags", "defaultModDB", nssc)) {
|
||||
flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB;
|
||||
}
|
||||
+ if (NSSUTIL_ArgHasFlag("flags", "policyOnly", nssc)) {
|
||||
+ flags |= SECMOD_FLAG_MODULE_DB_POLICY_ONLY;
|
||||
+ }
|
||||
/* additional moduleDB flags could be added here in the future */
|
||||
mod->isModuleDB = (PRBool) flags;
|
||||
/* additional moduleDB flags could be added here in the future */
|
||||
mod->isModuleDB = (PRBool)flags;
|
||||
}
|
||||
|
||||
if (mod->internal) {
|
||||
char flags = SECMOD_FLAG_INTERNAL_IS_INTERNAL;
|
||||
|
||||
if (NSSUTIL_ArgHasFlag("flags", "internalKeySlot", nssc)) {
|
||||
@@ -738,16 +742,24 @@ PRBool
|
||||
SECMOD_GetDefaultModDBFlag(SECMODModule *mod)
|
||||
{
|
||||
char flags = (char) mod->isModuleDB;
|
||||
|
||||
return (flags & SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB) ? PR_TRUE : PR_FALSE;
|
||||
@@ -744,6 +748,14 @@ SECMOD_GetDefaultModDBFlag(SECMODModule
|
||||
}
|
||||
|
||||
PRBool
|
||||
@ -58,20 +33,10 @@ diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c
|
||||
+PRBool
|
||||
secmod_IsInternalKeySlot(SECMODModule *mod)
|
||||
{
|
||||
char flags = (char) mod->internal;
|
||||
|
||||
return (flags & SECMOD_FLAG_INTERNAL_KEY_SLOT) ? PR_TRUE : PR_FALSE;
|
||||
}
|
||||
|
||||
void
|
||||
@@ -1521,16 +1533,22 @@ SECMOD_LoadModule(char *modulespec,SECMO
|
||||
if (library) PORT_Free(library);
|
||||
if (moduleName) PORT_Free(moduleName);
|
||||
if (parameters) PORT_Free(parameters);
|
||||
if (nss) PORT_Free(nss);
|
||||
if (config) PORT_Free(config);
|
||||
char flags = (char)mod->internal;
|
||||
@@ -1661,6 +1673,12 @@ SECMOD_LoadModule(char *modulespec, SECM
|
||||
if (!module) {
|
||||
goto loser;
|
||||
goto loser;
|
||||
}
|
||||
+
|
||||
+ /* a policy only stanza doesn't actually get 'loaded'. policy has already
|
||||
@ -80,10 +45,5 @@ diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c
|
||||
+ return module;
|
||||
+ }
|
||||
if (parent) {
|
||||
module->parent = SECMOD_ReferenceModule(parent);
|
||||
if (module->internal && secmod_IsInternalKeySlot(parent)) {
|
||||
module->internal = parent->internal;
|
||||
}
|
||||
}
|
||||
|
||||
/* load it */
|
||||
module->parent = SECMOD_ReferenceModule(parent);
|
||||
if (module->internal && secmod_IsInternalKeySlot(parent)) {
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile
|
||||
--- ./nss/cmd/Makefile.skipthem 2016-09-29 12:02:16.143413684 +0200
|
||||
+++ ./nss/cmd/Makefile 2016-09-29 12:03:58.776522901 +0200
|
||||
--- ./nss/cmd/Makefile.skipthem 2017-01-06 13:17:27.477848351 +0100
|
||||
+++ ./nss/cmd/Makefile 2017-01-06 13:19:30.244586100 +0100
|
||||
@@ -19,7 +19,11 @@ BLTEST_SRCDIR =
|
||||
ECPERF_SRCDIR =
|
||||
ECTEST_SRCDIR =
|
||||
FREEBL_ECTEST_SRCDIR =
|
||||
FIPSTEST_SRCDIR =
|
||||
+ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1)
|
||||
+SHLIBSIGN_SRCDIR = shlibsign
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -up ./external_tests/manifest.mn.skip_util_gtest ./external_tests/manifest.mn
|
||||
--- ./external_tests/manifest.mn.skip_util_gtest 2016-09-29 12:05:28.858019733 +0200
|
||||
+++ ./external_tests/manifest.mn 2016-09-29 12:06:17.298681765 +0200
|
||||
diff -up ./gtests/manifest.mn.skip_util_gtest ./gtests/manifest.mn
|
||||
--- ./gtests/manifest.mn.skip_util_gtest 2016-09-29 12:05:28.858019733 +0200
|
||||
+++ ./gtests/manifest.mn 2016-09-29 12:06:17.298681765 +0200
|
||||
@@ -9,8 +9,5 @@ DIRS = \
|
||||
google_test \
|
||||
common \
|
||||
|
||||
24
nss.spec
24
nss.spec
@ -18,10 +18,10 @@
|
||||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.27.0
|
||||
Version: 3.28.1
|
||||
# for Rawhide, please always use release >= 2
|
||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||
Release: 1.3%{?dist}
|
||||
Release: 1.0%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
@ -99,7 +99,6 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||
Patch59: nss-check-policy-file.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1280846
|
||||
Patch62: nss-skip-util-gtest.patch
|
||||
Patch70: nss-check-pss.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
@ -183,7 +182,6 @@ low level services.
|
||||
pushd nss
|
||||
%patch59 -p1 -b .check_policy_file
|
||||
%patch62 -p0 -b .skip_util_gtest
|
||||
%patch70 -p1 -b .check_pss
|
||||
popd
|
||||
|
||||
#########################################################
|
||||
@ -286,16 +284,7 @@ export NSS_ECC_MORE_THAN_SUITE_B=1
|
||||
|
||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
|
||||
# NSS 3.27 enabled TLS 1.3 by default, disable it for now.
|
||||
#
|
||||
# The rationale is, while the maximum TLS version enabled by default
|
||||
# is TLS 1.2, some applications query the maximum TLS version and
|
||||
# enable it. That prevents those applications from connecting to
|
||||
# servers which are not tolerant ot TLS versions.
|
||||
#
|
||||
# Note that this is a temporary solution and should be removed when
|
||||
# packaging the next upstream release.
|
||||
export NSS_DISABLE_TLS_1_3=1
|
||||
export NSS_ENABLE_TLS_1_3=1
|
||||
|
||||
%{__make} -C ./nss/coreconf
|
||||
%{__make} -C ./nss/lib/dbm
|
||||
@ -405,7 +394,7 @@ export USE_64
|
||||
|
||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
|
||||
export NSS_DISABLE_TLS_1_3=1
|
||||
export NSS_ENABLE_TLS_1_3=1
|
||||
|
||||
# needed for the fips mangling test
|
||||
export SOFTOKEN_LIB_DIR=%{_libdir}
|
||||
@ -804,6 +793,11 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Jan 12 2017 Daiki Ueno <dueno@redhat.com> - 3.28.1-1.0
|
||||
- Rebase to NSS 3.28.1
|
||||
- Remove upstreamed patch for disabling RSA-PSS
|
||||
- Re-enable TLS 1.3
|
||||
|
||||
* Tue Nov 15 2016 Daiki Ueno <dueno@redhat.com> - 3.27.0-1.3
|
||||
- Revert the previous fix for RSA-PSS and use the upstream fix instead
|
||||
|
||||
|
||||
12
sources
12
sources
@ -1,6 +1,6 @@
|
||||
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
||||
9315689bbd9f28ceebd47894f99fccbd blank-key3.db
|
||||
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
|
||||
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
|
||||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
||||
e980f7c3bb70ca122e0f6f5e914ec29a nss-3.27.0.tar.gz
|
||||
SHA512 (blank-cert8.db) = ac131d15708c5f1b5e467831f919f4fc4ba13b60a4bb5fe260c845fa9afcd899a588d21ed52060abaa1bbb29f2b53af8b495d28407183cb03aff1974f95f1d3d
|
||||
SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
|
||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||
SHA512 (nss-3.28.1.tar.gz) = f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b
|
||||
|
||||
Loading…
Reference in New Issue
Block a user