Update to NSS 3.39
This commit is contained in:
parent
c4a7ff31ec
commit
0bcbceb525
|
@ -29,3 +29,4 @@ TestUser51.cert
|
||||||
/nss-3.37.1.tar.gz
|
/nss-3.37.1.tar.gz
|
||||||
/nss-3.37.3.tar.gz
|
/nss-3.37.3.tar.gz
|
||||||
/nss-3.38.0.tar.gz
|
/nss-3.38.0.tar.gz
|
||||||
|
/nss-3.39.tar.gz
|
||||||
|
|
|
@ -1,49 +0,0 @@
|
||||||
diff -up nss/lib/pk11wrap/pk11pars.c.check_policy_file nss/lib/pk11wrap/pk11pars.c
|
|
||||||
--- nss/lib/pk11wrap/pk11pars.c.check_policy_file 2017-01-06 13:21:47.002952050 +0100
|
|
||||||
+++ nss/lib/pk11wrap/pk11pars.c 2017-01-06 13:28:18.972536334 +0100
|
|
||||||
@@ -109,6 +109,7 @@ secmod_NewModule(void)
|
|
||||||
*other flags are set */
|
|
||||||
#define SECMOD_FLAG_MODULE_DB_SKIP_FIRST 0x02
|
|
||||||
#define SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB 0x04
|
|
||||||
+#define SECMOD_FLAG_MODULE_DB_POLICY_ONLY 0x08
|
|
||||||
|
|
||||||
/* private flags for internal (field in SECMODModule). */
|
|
||||||
/* The meaing of these flags is as follows:
|
|
||||||
@@ -704,6 +705,9 @@ SECMOD_CreateModuleEx(const char *librar
|
|
||||||
if (NSSUTIL_ArgHasFlag("flags", "defaultModDB", nssc)) {
|
|
||||||
flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB;
|
|
||||||
}
|
|
||||||
+ if (NSSUTIL_ArgHasFlag("flags", "policyOnly", nssc)) {
|
|
||||||
+ flags |= SECMOD_FLAG_MODULE_DB_POLICY_ONLY;
|
|
||||||
+ }
|
|
||||||
/* additional moduleDB flags could be added here in the future */
|
|
||||||
mod->isModuleDB = (PRBool)flags;
|
|
||||||
}
|
|
||||||
@@ -744,6 +748,14 @@ SECMOD_GetDefaultModDBFlag(SECMODModule
|
|
||||||
}
|
|
||||||
|
|
||||||
PRBool
|
|
||||||
+secmod_PolicyOnly(SECMODModule *mod)
|
|
||||||
+{
|
|
||||||
+ char flags = (char) mod->isModuleDB;
|
|
||||||
+
|
|
||||||
+ return (flags & SECMOD_FLAG_MODULE_DB_POLICY_ONLY) ? PR_TRUE : PR_FALSE;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+PRBool
|
|
||||||
secmod_IsInternalKeySlot(SECMODModule *mod)
|
|
||||||
{
|
|
||||||
char flags = (char)mod->internal;
|
|
||||||
@@ -1661,6 +1673,12 @@ SECMOD_LoadModule(char *modulespec, SECM
|
|
||||||
if (!module) {
|
|
||||||
goto loser;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ /* a policy only stanza doesn't actually get 'loaded'. policy has already
|
|
||||||
+ * been parsed as a side effect of the CreateModuleEx call */
|
|
||||||
+ if (secmod_PolicyOnly(module)) {
|
|
||||||
+ return module;
|
|
||||||
+ }
|
|
||||||
if (parent) {
|
|
||||||
module->parent = SECMOD_ReferenceModule(parent);
|
|
||||||
if (module->internal && secmod_IsInternalKeySlot(parent)) {
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
name=p11-kit-proxy
|
||||||
|
library=p11-kit-proxy.so
|
||||||
|
|
||||||
|
|
37
nss.spec
37
nss.spec
|
@ -1,12 +1,21 @@
|
||||||
%global nspr_version 4.19.0
|
%global nspr_version 4.20.0
|
||||||
%global nss_util_version 3.38.0
|
%global nss_util_version 3.39.0
|
||||||
%global nss_softokn_version 3.38.0
|
%global nss_softokn_version 3.39.0
|
||||||
|
%global nss_version 3.39.0
|
||||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
||||||
|
|
||||||
|
# The upstream omits the trailing ".0", while we need it for
|
||||||
|
# consistency with the pkg-config version:
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1578106
|
||||||
|
%{lua:
|
||||||
|
rpm.define(string.format("nss_archive_version %s",
|
||||||
|
string.gsub(rpm.expand("%nss_version"), "(.*)%.0$", "%1")))
|
||||||
|
}
|
||||||
|
|
||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: 3.38.0
|
Version: %{nss_version}
|
||||||
# for Rawhide, please always use release >= 2
|
# for Rawhide, please always use release >= 2
|
||||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||||
Release: 1.0%{?dist}
|
Release: 1.0%{?dist}
|
||||||
|
@ -45,7 +54,7 @@ Conflicts: seamonkey < 2.46-2
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1414987
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1414987
|
||||||
# Conflicts: icecat < 45.5.1-5
|
# Conflicts: icecat < 45.5.1-5
|
||||||
|
|
||||||
Source0: %{name}-%{version}.tar.gz
|
Source0: %{name}-%{nss_archive_version}.tar.gz
|
||||||
Source1: nss.pc.in
|
Source1: nss.pc.in
|
||||||
Source2: nss-config.in
|
Source2: nss-config.in
|
||||||
Source3: blank-cert8.db
|
Source3: blank-cert8.db
|
||||||
|
@ -86,9 +95,6 @@ Patch49: nss-skip-bltest-and-fipstest.patch
|
||||||
Patch50: iquote.patch
|
Patch50: iquote.patch
|
||||||
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
||||||
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
|
||||||
Patch59: nss-check-policy-file.patch
|
|
||||||
Patch60: nss-load-policy-file.patch
|
|
||||||
Patch62: nss-skip-util-gtest.patch
|
Patch62: nss-skip-util-gtest.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
|
@ -159,8 +165,7 @@ low level services.
|
||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q -n %{name}-%{nss_archive_version}
|
||||||
%setup -q -T -D -n %{name}-%{version}
|
|
||||||
|
|
||||||
%patch2 -p0 -b .relro
|
%patch2 -p0 -b .relro
|
||||||
%patch3 -p0 -b .transitional
|
%patch3 -p0 -b .transitional
|
||||||
|
@ -170,8 +175,6 @@ low level services.
|
||||||
%patch50 -p0 -b .iquote
|
%patch50 -p0 -b .iquote
|
||||||
%patch58 -p0 -b .1185708_3des
|
%patch58 -p0 -b .1185708_3des
|
||||||
pushd nss
|
pushd nss
|
||||||
%patch59 -p1 -b .check_policy_file
|
|
||||||
%patch60 -p1 -b .load_policy_file
|
|
||||||
%patch62 -p1 -b .skip_util_gtest
|
%patch62 -p1 -b .skip_util_gtest
|
||||||
popd
|
popd
|
||||||
|
|
||||||
|
@ -532,7 +535,7 @@ do
|
||||||
done
|
done
|
||||||
|
|
||||||
# Copy the binaries we want
|
# Copy the binaries we want
|
||||||
for file in certutil cmsutil crlutil modutil pk12util signver ssltap
|
for file in certutil cmsutil crlutil modutil nss-policy-check pk12util signver ssltap
|
||||||
do
|
do
|
||||||
%{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
|
%{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
|
||||||
done
|
done
|
||||||
|
@ -587,6 +590,9 @@ for f in cert8.db cert9.db key3.db key4.db secmod.db; do
|
||||||
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
|
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Copy the crypto-policies configuration file
|
||||||
|
%{__install} -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
|
||||||
|
|
||||||
%triggerpostun -n nss-sysinit -- nss-sysinit < 3.12.8-3
|
%triggerpostun -n nss-sysinit -- nss-sysinit < 3.12.8-3
|
||||||
# Reverse unwanted disabling of sysinit by faulty preun sysinit scriplet
|
# Reverse unwanted disabling of sysinit by faulty preun sysinit scriplet
|
||||||
# from previous versions of nss.spec
|
# from previous versions of nss.spec
|
||||||
|
@ -634,6 +640,7 @@ done
|
||||||
%{_bindir}/cmsutil
|
%{_bindir}/cmsutil
|
||||||
%{_bindir}/crlutil
|
%{_bindir}/crlutil
|
||||||
%{_bindir}/modutil
|
%{_bindir}/modutil
|
||||||
|
%{_bindir}/nss-policy-check
|
||||||
%{_bindir}/pk12util
|
%{_bindir}/pk12util
|
||||||
%{_bindir}/signver
|
%{_bindir}/signver
|
||||||
%{_bindir}/ssltap
|
%{_bindir}/ssltap
|
||||||
|
@ -746,6 +753,10 @@ done
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Sep 3 2018 Daiki Ueno <dueno@redhat.com> - 3.39.0-1.0
|
||||||
|
- Update to NSS 3.39
|
||||||
|
- Use the upstream tarball as it is (rhbz#1578106)
|
||||||
|
|
||||||
* Tue Jul 3 2018 Daiki Ueno <dueno@redhat.com> - 3.38.0-1.0
|
* Tue Jul 3 2018 Daiki Ueno <dueno@redhat.com> - 3.38.0-1.0
|
||||||
- Update to NSS 3.38
|
- Update to NSS 3.38
|
||||||
|
|
||||||
|
|
2
sources
2
sources
|
@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
|
||||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||||
SHA512 (nss-3.38.0.tar.gz) = eb63f1c44adbbd97dc766e8545c72303f3cb18f1bfb2af67c33cdb1a1a9a1cc432a64afbafabd7a5bb3f08cb36db74ed81e5cfa1fc4bd35ae76e183f3205afed
|
SHA512 (nss-3.39.tar.gz) = 16358c2d8660ca301410b1d39b2eae64fe2ebbbfab797872410e5fcc67f802ef48f4e362edeecb0591626c77013537019094a6a5dfc8d24487b6b6e54564da8f
|
||||||
|
|
Loading…
Reference in New Issue