diff --git a/nss.spec b/nss.spec index 8ddf88b..b4b4255 100644 --- a/nss.spec +++ b/nss.spec @@ -94,11 +94,11 @@ Patch54: tstclnt-ssl2-off-by-default.patch Patch55: skip_stress_TLS_RC4_128_with_MD5.patch # Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch -# TODO: consolidate the following patches and submit the resultant -# one to the interim usptream project -Patch59: pem-pobject-handle-pemAll.patch -Patch60: pem-rsawrapr-disable-unused-functions.patch -Patch61: pem-remove-unused-variables.patch +# TODO: submit to the interim usptream project +# As of nss-3.21 we compile NSS with -Werror per upstream +# see: https://bugzilla.mozilla.org/show_bug.cgi?id=1182667 +# which requires quite a bit of clean up of the PEM module +Patch59: pem-compile-with-Werror.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -188,9 +188,7 @@ popd %patch54 -p0 -b .ssl2_off %patch55 -p1 -b .skip_stress_tls_rc4_128_with_md5 %patch58 -p0 -b .1185708_3des -%patch59 -p0 -b .pemAll -%patch60 -p0 -b .unused_functions -%patch61 -p0 -b .unused_vars +%patch59 -p0 -b .compile_Werror ######################################################### # Higher-level libraries and test tools need access to diff --git a/pem-remove-unused-variables.patch b/pem-compile-with-Werror.patch similarity index 66% rename from pem-remove-unused-variables.patch rename to pem-compile-with-Werror.patch index d558ace..2b6a556 100644 --- a/pem-remove-unused-variables.patch +++ b/pem-compile-with-Werror.patch @@ -1,6 +1,6 @@ -diff -up nss/lib/ckfw/pem/ckpem.h.unused_vars nss/lib/ckfw/pem/ckpem.h ---- nss/lib/ckfw/pem/ckpem.h.unused_vars 2014-01-23 06:28:18.000000000 -0800 -+++ nss/lib/ckfw/pem/ckpem.h 2015-11-11 17:20:27.564794173 -0800 +diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h +--- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/ckpem.h 2015-11-12 06:59:07.831377167 -0800 @@ -233,7 +233,7 @@ struct pemLOWKEYPrivateKeyStr { }; typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey; @@ -10,9 +10,9 @@ diff -up nss/lib/ckfw/pem/ckpem.h.unused_vars nss/lib/ckfw/pem/ckpem.h const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type); void pem_PopulateModulusExponent(pemInternalObject *io); NSSCKMDObject * pem_CreateObject(NSSCKFWInstance *fwInstance, NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_RV *pError); -diff -up nss/lib/ckfw/pem/pinst.c.unused_vars nss/lib/ckfw/pem/pinst.c ---- nss/lib/ckfw/pem/pinst.c.unused_vars 2014-01-23 06:28:18.000000000 -0800 -+++ nss/lib/ckfw/pem/pinst.c 2015-11-11 17:20:27.564794173 -0800 +diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c +--- ./nss/lib/ckfw/pem/pinst.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/pinst.c 2015-11-12 06:59:07.831377167 -0800 @@ -466,15 +466,17 @@ AddCertificate(char *certfile, char *key { pemInternalObject *o; @@ -48,10 +48,37 @@ diff -up nss/lib/ckfw/pem/pinst.c.unused_vars nss/lib/ckfw/pem/pinst.c error = CKR_GENERAL_ERROR; goto loser; } -diff -up nss/lib/ckfw/pem/pobject.c.unused_vars nss/lib/ckfw/pem/pobject.c ---- nss/lib/ckfw/pem/pobject.c.unused_vars 2015-11-11 17:20:27.562794220 -0800 -+++ nss/lib/ckfw/pem/pobject.c 2015-11-11 17:20:27.565794149 -0800 -@@ -1116,7 +1116,10 @@ pem_CreateObject +diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c +--- ./nss/lib/ckfw/pem/pobject.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/pobject.c 2015-11-12 06:59:07.831377167 -0800 +@@ -630,6 +630,8 @@ pem_DestroyInternalObject + if (io->u.key.ivstring) + free(io->u.key.ivstring); + break; ++ case pemAll: ++ return; + } + + if (NULL != gobj) +@@ -1044,7 +1046,7 @@ pem_CreateObject + int nobjs = 0; + int i; + int objid; +- pemToken *token; ++ /*pemToken *token = NULL;*/ + int cipher; + char *ivstring = NULL; + pemInternalObject *listObj = NULL; +@@ -1073,7 +1075,7 @@ pem_CreateObject + } + slotID = nssCKFWSlot_GetSlotID(fwSlot); + +- token = (pemToken *) mdToken->etc; ++ /*token = (pemToken *) mdToken->etc;*/ + + /* + * only create keys and certs. +@@ -1114,7 +1116,10 @@ pem_CreateObject } if (objClass == CKO_CERTIFICATE) { @@ -63,7 +90,7 @@ diff -up nss/lib/ckfw/pem/pobject.c.unused_vars nss/lib/ckfw/pem/pobject.c if (nobjs < 1) goto loser; -@@ -1158,11 +1161,14 @@ pem_CreateObject +@@ -1156,11 +1161,14 @@ pem_CreateObject } else if (objClass == CKO_PRIVATE_KEY) { /* Brute force: find the id of the certificate, if any, in this slot */ int i; @@ -79,9 +106,29 @@ diff -up nss/lib/ckfw/pem/pobject.c.unused_vars nss/lib/ckfw/pem/pobject.c if (nobjs < 1) goto loser; -diff -up nss/lib/ckfw/pem/util.c.unused_vars nss/lib/ckfw/pem/util.c ---- nss/lib/ckfw/pem/util.c.unused_vars 2014-01-23 06:28:18.000000000 -0800 -+++ nss/lib/ckfw/pem/util.c 2015-11-11 17:25:34.580452082 -0800 +diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c +--- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/rsawrapr.c 2015-11-12 06:59:07.831377167 -0800 +@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey + return 0; + } + ++/* unused functions */ ++#if 0 + static SHA1Context *SHA1_CloneContext(SHA1Context * original) + { + SHA1Context *clone = NULL; +@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un + + return SECSuccess; + } ++#endif /* unused functions */ + + /* + * Format one block of data for public/private key encryption using +diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c +--- ./nss/lib/ckfw/pem/util.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/util.c 2015-11-12 06:59:07.831377167 -0800 @@ -58,7 +58,7 @@ #include diff --git a/pem-pobject-handle-pemAll.patch b/pem-pobject-handle-pemAll.patch deleted file mode 100644 index 896d7d7..0000000 --- a/pem-pobject-handle-pemAll.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -up ./nss/lib/ckfw/pem/pobject.c.pemAll ./nss/lib/ckfw/pem/pobject.c ---- ./nss/lib/ckfw/pem/pobject.c.pemAll 2014-01-23 06:28:18.000000000 -0800 -+++ ./nss/lib/ckfw/pem/pobject.c 2015-11-11 15:15:16.581569576 -0800 -@@ -630,6 +630,8 @@ pem_DestroyInternalObject - if (io->u.key.ivstring) - free(io->u.key.ivstring); - break; -+ case pemAll: -+ return; - } - - if (NULL != gobj) -@@ -1044,7 +1046,7 @@ pem_CreateObject - int nobjs = 0; - int i; - int objid; -- pemToken *token; -+ /*pemToken *token = NULL;*/ - int cipher; - char *ivstring = NULL; - pemInternalObject *listObj = NULL; -@@ -1073,7 +1075,7 @@ pem_CreateObject - } - slotID = nssCKFWSlot_GetSlotID(fwSlot); - -- token = (pemToken *) mdToken->etc; -+ /*token = (pemToken *) mdToken->etc;*/ - - /* - * only create keys and certs. diff --git a/pem-rsawrapr-disable-unused-functions.patch b/pem-rsawrapr-disable-unused-functions.patch deleted file mode 100644 index 3ec324c..0000000 --- a/pem-rsawrapr-disable-unused-functions.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff -up ./nss/lib/ckfw/pem/rsawrapr.c.unused_functions ./nss/lib/ckfw/pem/rsawrapr.c ---- ./nss/lib/ckfw/pem/rsawrapr.c.unused_functions 2014-01-23 06:28:18.000000000 -0800 -+++ ./nss/lib/ckfw/pem/rsawrapr.c 2015-11-11 15:30:22.097087094 -0800 -@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey - return 0; - } - -+/* unused functions */ -+#if 0 - static SHA1Context *SHA1_CloneContext(SHA1Context * original) - { - SHA1Context *clone = NULL; -@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un - - return SECSuccess; - } -+#endif /* unused functions */ - - /* - * Format one block of data for public/private key encryption using