Update to NSS 3.39
This commit is contained in:
parent
c4a7ff31ec
commit
0bcbceb525
|
@ -29,3 +29,4 @@ TestUser51.cert
|
|||
/nss-3.37.1.tar.gz
|
||||
/nss-3.37.3.tar.gz
|
||||
/nss-3.38.0.tar.gz
|
||||
/nss-3.39.tar.gz
|
||||
|
|
|
@ -1,49 +0,0 @@
|
|||
diff -up nss/lib/pk11wrap/pk11pars.c.check_policy_file nss/lib/pk11wrap/pk11pars.c
|
||||
--- nss/lib/pk11wrap/pk11pars.c.check_policy_file 2017-01-06 13:21:47.002952050 +0100
|
||||
+++ nss/lib/pk11wrap/pk11pars.c 2017-01-06 13:28:18.972536334 +0100
|
||||
@@ -109,6 +109,7 @@ secmod_NewModule(void)
|
||||
*other flags are set */
|
||||
#define SECMOD_FLAG_MODULE_DB_SKIP_FIRST 0x02
|
||||
#define SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB 0x04
|
||||
+#define SECMOD_FLAG_MODULE_DB_POLICY_ONLY 0x08
|
||||
|
||||
/* private flags for internal (field in SECMODModule). */
|
||||
/* The meaing of these flags is as follows:
|
||||
@@ -704,6 +705,9 @@ SECMOD_CreateModuleEx(const char *librar
|
||||
if (NSSUTIL_ArgHasFlag("flags", "defaultModDB", nssc)) {
|
||||
flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB;
|
||||
}
|
||||
+ if (NSSUTIL_ArgHasFlag("flags", "policyOnly", nssc)) {
|
||||
+ flags |= SECMOD_FLAG_MODULE_DB_POLICY_ONLY;
|
||||
+ }
|
||||
/* additional moduleDB flags could be added here in the future */
|
||||
mod->isModuleDB = (PRBool)flags;
|
||||
}
|
||||
@@ -744,6 +748,14 @@ SECMOD_GetDefaultModDBFlag(SECMODModule
|
||||
}
|
||||
|
||||
PRBool
|
||||
+secmod_PolicyOnly(SECMODModule *mod)
|
||||
+{
|
||||
+ char flags = (char) mod->isModuleDB;
|
||||
+
|
||||
+ return (flags & SECMOD_FLAG_MODULE_DB_POLICY_ONLY) ? PR_TRUE : PR_FALSE;
|
||||
+}
|
||||
+
|
||||
+PRBool
|
||||
secmod_IsInternalKeySlot(SECMODModule *mod)
|
||||
{
|
||||
char flags = (char)mod->internal;
|
||||
@@ -1661,6 +1673,12 @@ SECMOD_LoadModule(char *modulespec, SECM
|
||||
if (!module) {
|
||||
goto loser;
|
||||
}
|
||||
+
|
||||
+ /* a policy only stanza doesn't actually get 'loaded'. policy has already
|
||||
+ * been parsed as a side effect of the CreateModuleEx call */
|
||||
+ if (secmod_PolicyOnly(module)) {
|
||||
+ return module;
|
||||
+ }
|
||||
if (parent) {
|
||||
module->parent = SECMOD_ReferenceModule(parent);
|
||||
if (module->internal && secmod_IsInternalKeySlot(parent)) {
|
|
@ -0,0 +1,4 @@
|
|||
name=p11-kit-proxy
|
||||
library=p11-kit-proxy.so
|
||||
|
||||
|
37
nss.spec
37
nss.spec
|
@ -1,12 +1,21 @@
|
|||
%global nspr_version 4.19.0
|
||||
%global nss_util_version 3.38.0
|
||||
%global nss_softokn_version 3.38.0
|
||||
%global nspr_version 4.20.0
|
||||
%global nss_util_version 3.39.0
|
||||
%global nss_softokn_version 3.39.0
|
||||
%global nss_version 3.39.0
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
||||
|
||||
# The upstream omits the trailing ".0", while we need it for
|
||||
# consistency with the pkg-config version:
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1578106
|
||||
%{lua:
|
||||
rpm.define(string.format("nss_archive_version %s",
|
||||
string.gsub(rpm.expand("%nss_version"), "(.*)%.0$", "%1")))
|
||||
}
|
||||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.38.0
|
||||
Version: %{nss_version}
|
||||
# for Rawhide, please always use release >= 2
|
||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||
Release: 1.0%{?dist}
|
||||
|
@ -45,7 +54,7 @@ Conflicts: seamonkey < 2.46-2
|
|||
# https://bugzilla.redhat.com/show_bug.cgi?id=1414987
|
||||
# Conflicts: icecat < 45.5.1-5
|
||||
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
Source0: %{name}-%{nss_archive_version}.tar.gz
|
||||
Source1: nss.pc.in
|
||||
Source2: nss-config.in
|
||||
Source3: blank-cert8.db
|
||||
|
@ -86,9 +95,6 @@ Patch49: nss-skip-bltest-and-fipstest.patch
|
|||
Patch50: iquote.patch
|
||||
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
||||
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
||||
Patch59: nss-check-policy-file.patch
|
||||
Patch60: nss-load-policy-file.patch
|
||||
Patch62: nss-skip-util-gtest.patch
|
||||
|
||||
%description
|
||||
|
@ -159,8 +165,7 @@ low level services.
|
|||
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%setup -q -T -D -n %{name}-%{version}
|
||||
%setup -q -n %{name}-%{nss_archive_version}
|
||||
|
||||
%patch2 -p0 -b .relro
|
||||
%patch3 -p0 -b .transitional
|
||||
|
@ -170,8 +175,6 @@ low level services.
|
|||
%patch50 -p0 -b .iquote
|
||||
%patch58 -p0 -b .1185708_3des
|
||||
pushd nss
|
||||
%patch59 -p1 -b .check_policy_file
|
||||
%patch60 -p1 -b .load_policy_file
|
||||
%patch62 -p1 -b .skip_util_gtest
|
||||
popd
|
||||
|
||||
|
@ -532,7 +535,7 @@ do
|
|||
done
|
||||
|
||||
# Copy the binaries we want
|
||||
for file in certutil cmsutil crlutil modutil pk12util signver ssltap
|
||||
for file in certutil cmsutil crlutil modutil nss-policy-check pk12util signver ssltap
|
||||
do
|
||||
%{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
|
||||
done
|
||||
|
@ -587,6 +590,9 @@ for f in cert8.db cert9.db key3.db key4.db secmod.db; do
|
|||
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
|
||||
done
|
||||
|
||||
# Copy the crypto-policies configuration file
|
||||
%{__install} -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
|
||||
|
||||
%triggerpostun -n nss-sysinit -- nss-sysinit < 3.12.8-3
|
||||
# Reverse unwanted disabling of sysinit by faulty preun sysinit scriplet
|
||||
# from previous versions of nss.spec
|
||||
|
@ -634,6 +640,7 @@ done
|
|||
%{_bindir}/cmsutil
|
||||
%{_bindir}/crlutil
|
||||
%{_bindir}/modutil
|
||||
%{_bindir}/nss-policy-check
|
||||
%{_bindir}/pk12util
|
||||
%{_bindir}/signver
|
||||
%{_bindir}/ssltap
|
||||
|
@ -746,6 +753,10 @@ done
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Sep 3 2018 Daiki Ueno <dueno@redhat.com> - 3.39.0-1.0
|
||||
- Update to NSS 3.39
|
||||
- Use the upstream tarball as it is (rhbz#1578106)
|
||||
|
||||
* Tue Jul 3 2018 Daiki Ueno <dueno@redhat.com> - 3.38.0-1.0
|
||||
- Update to NSS 3.38
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
|
|||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||
SHA512 (nss-3.38.0.tar.gz) = eb63f1c44adbbd97dc766e8545c72303f3cb18f1bfb2af67c33cdb1a1a9a1cc432a64afbafabd7a5bb3f08cb36db74ed81e5cfa1fc4bd35ae76e183f3205afed
|
||||
SHA512 (nss-3.39.tar.gz) = 16358c2d8660ca301410b1d39b2eae64fe2ebbbfab797872410e5fcc67f802ef48f4e362edeecb0591626c77013537019094a6a5dfc8d24487b6b6e54564da8f
|
||||
|
|
Loading…
Reference in New Issue