diff --git a/PayPalEE.cert b/PayPalEE.cert new file mode 100644 index 0000000..6e7f755 Binary files /dev/null and b/PayPalEE.cert differ diff --git a/PayPalICA.cert b/PayPalICA.cert new file mode 100644 index 0000000..459373b Binary files /dev/null and b/PayPalICA.cert differ diff --git a/nss-bug488646.patch b/nss-bug488646.patch new file mode 100644 index 0000000..f17c5a4 --- /dev/null +++ b/nss-bug488646.patch @@ -0,0 +1,66 @@ +diff -up ./mozilla/security/nss/tests/chains/chains.sh.bug488646 ./mozilla/security/nss/tests/chains/chains.sh +--- ./mozilla/security/nss/tests/chains/chains.sh.bug488646 2009-05-08 21:37:48.000000000 +0200 ++++ ./mozilla/security/nss/tests/chains/chains.sh 2009-05-08 21:38:03.000000000 +0200 +@@ -695,6 +695,37 @@ verify_cert() + fi + } + ++ ++check_ocsp() ++{ ++ OCSP_CERT=$1 ++ ++ CERT_NICK=`echo ${OCSP_CERT} | cut -d: -f1` ++ CERT_ISSUER=`echo ${OCSP_CERT} | cut -d: -f2` ++ ++ if [ "${CERT_ISSUER}" = "x" ]; then ++ CERT_ISSUER= ++ CERT=${CERT_NICK}.cert ++ CERT_FILE="${QADIR}/libpkix/certs/${CERT}" ++ else ++ CERT=${CERT_NICK}${CERT_ISSUER}.der ++ CERT_FILE=${CERT} ++ fi ++ ++ OCSP_HOST=$(${BINDIR}/pp -t certificate -i ${CERT_FILE} | grep URI | sed "s/.*:\/\///" | sed "s/:.*//") ++ ++ if [ "${OS_ARCH}" = "WINNT" ]; then ++ ping -n 1 ${OCSP_HOST} ++ return $? ++ elif [ "${OS_ARCH}" = "HP-UX" ]; then ++ ping ${OCSP_HOST} -c 1 ++ return $? ++ else ++ ping -c 1 ${OCSP_HOST} ++ return $? ++ fi ++} ++ + ############################ parse_result ############################## + # local shell function to process expected result value + # this function was created for case that expected result depends on +@@ -865,6 +896,13 @@ parse_config() + "break") + break + ;; ++ "check_ocsp") ++ check_ocsp ${VALUE} ++ if [ $? -ne 0 ]; then ++ echo "OCSP server not accessible, skipping OCSP tests" ++ break; ++ fi ++ ;; + "") + if [ -n "${ENTITY}" ]; then + if [ -z "${DB}" ]; then +diff -up ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg.bug488646 ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg +--- ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg.bug488646 2009-05-08 21:37:58.000000000 +0200 ++++ ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg 2009-05-08 21:38:03.000000000 +0200 +@@ -1,5 +1,7 @@ + scenario OCSP + ++check_ocsp OCSPEE11:x ++ + db OCSPRoot + import OCSPRoot:x:CT,C,C + diff --git a/nss.spec b/nss.spec index 274bda6..b970566 100644 --- a/nss.spec +++ b/nss.spec @@ -4,7 +4,7 @@ Summary: Network Security Services Name: nss Version: 3.12.3 -Release: 6%{?dist} +Release: 7%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -29,6 +29,8 @@ Source4: blank-key3.db Source5: blank-secmod.db Source8: nss-prelink.conf Source12: %{name}-pem-20080124.tar.bz2 +Source13: PayPalEE.cert +Source14: PayPalICA.cert Patch1: nss-no-rpath.patch Patch2: nss-nolocalsql.patch @@ -37,6 +39,7 @@ Patch5: nss-pem-bug429175.patch Patch6: nss-enable-pem.patch Patch7: nss-disable-freebl-execstack.patch Patch8: nss-freebl-kernelfipsmode +Patch9: nss-bug488646.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -110,6 +113,11 @@ low level services. %patch6 -p0 -b .libpem %patch7 -p1 %patch8 -p1 +%patch9 -p1 -b .bug488646 + +#need newer certs to make test suite work +#remove once we update to NSS 3.12.4 +cp %{SOURCE13} %{SOURCE14} mozilla/security/nss/tests/libpkix/certs %build @@ -476,8 +484,10 @@ done %changelog -* Thu May 07 2009 Kai Engert - 3.12.3-6 +* Thu May 07 2009 Kai Engert - 3.12.3-7 - re-enable test suite +- add patch for upstream bug 488646 and add newer paypal + certs in order to make the test suite pass * Wed May 06 2009 Kai Engert - 3.12.3-4 - add conflicts info in order to fix bug 499436 * Tue Apr 14 2009 Kai Engert - 3.12.3-3