rpms
/
nss
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to NSS_3_14_1_RTM 

- added a patch to not compile the softoken/freebl tests
- needed due to upstream changes to coreconf
- to be addjusted or removed if patch to enabled building nss without softoken is accepted upstream
This commit is contained in:
Elio Maldonado 2012-12-16 22:25:51 -08:00
parent edea054ffc
commit 5a0d6572e1
5 changed files with 46 additions and 401 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -5,5 +5,5 @@ blank-cert9.db
blank-key4.db
PayPalEE.cert
/nss-pem-20120811.tar.bz2
/nss-3.14-stripped.tar.bz2
/dummy-sources-for-testing
/nss-3.14.1-stripped.tar.bz2

393
Bug-872124-fix-pk11wrap-locking.patch
View File

@ -1,393 +0,0 @@
Index: ./mozilla/security/nss/lib/cryptohi/keythi.h
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/cryptohi/keythi.h,v
retrieving revision 1.17
diff -u -p -r1.17 keythi.h
--- ./mozilla/security/nss/lib/cryptohi/keythi.h 16 May 2012 12:34:15 -0000 1.17
+++ ./mozilla/security/nss/lib/cryptohi/keythi.h 2 Nov 2012 18:09:53 -0000
@@ -214,7 +214,12 @@ typedef struct SECKEYPublicKeyStr SECKEY
#define SECKEY_HAS_ATTRIBUTE_SET(key,attribute) \
(0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \
(0 != (key->staticflags & SECKEY_##attribute)) : \
- PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute)
+ PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, PR_FALSE)
+
+#define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key,attribute, haslock) \
+ (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \
+ (0 != (key->staticflags & SECKEY_##attribute)) : \
+ PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, haslock)
/*
** A generic key structure
Index: ./mozilla/security/nss/lib/cryptohi/seckey.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/cryptohi/seckey.c,v
retrieving revision 1.68
diff -u -p -r1.68 seckey.c
--- ./mozilla/security/nss/lib/cryptohi/seckey.c 25 Jun 2012 21:48:39 -0000 1.68
+++ ./mozilla/security/nss/lib/cryptohi/seckey.c 2 Nov 2012 18:09:53 -0000
@@ -1918,7 +1918,7 @@ loser:
}
#define SECKEY_CacheAttribute(key, attribute) \
- if (CK_TRUE == PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute)) { \
+ if (CK_TRUE == PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE)) { \
key->staticflags |= SECKEY_##attribute; \
} else { \
key->staticflags &= (~SECKEY_##attribute); \
Index: ./mozilla/security/nss/lib/pk11wrap/pk11akey.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v
retrieving revision 1.36
diff -u -p -r1.36 pk11akey.c
--- ./mozilla/security/nss/lib/pk11wrap/pk11akey.c 25 Apr 2012 14:50:04 -0000 1.36
+++ ./mozilla/security/nss/lib/pk11wrap/pk11akey.c 2 Nov 2012 18:09:54 -0000
@@ -740,7 +740,7 @@ PK11_MakePrivKey(PK11SlotInfo *slot, Key
CK_KEY_TYPE pk11Type = CKK_RSA;
pk11Type = PK11_ReadULongAttribute(slot,privID,CKA_KEY_TYPE);
- isTemp = (PRBool)!PK11_HasAttributeSet(slot,privID,CKA_TOKEN);
+ isTemp = (PRBool)!PK11_HasAttributeSet(slot,privID,CKA_TOKEN,PR_FALSE);
switch (pk11Type) {
case CKK_RSA: keyType = rsaKey; break;
case CKK_DSA: keyType = dsaKey; break;
@@ -754,7 +754,7 @@ PK11_MakePrivKey(PK11SlotInfo *slot, Key
/* if the key is private, make sure we are authenticated to the
* token before we try to use it */
- isPrivate = (PRBool)PK11_HasAttributeSet(slot,privID,CKA_PRIVATE);
+ isPrivate = (PRBool)PK11_HasAttributeSet(slot,privID,CKA_PRIVATE,PR_FALSE);
if (isPrivate) {
rv = PK11_Authenticate(slot, PR_TRUE, wincx);
if (rv != SECSuccess) {
@@ -1432,7 +1432,7 @@ PK11_GenerateKeyPairWithOpFlags(PK11Slot
/* set the ID to the public key so we can find it again */
cka_id = pk11_MakeIDFromPublicKey(*pubKey);
- pubIsToken = (PRBool)PK11_HasAttributeSet(slot,pubID, CKA_TOKEN);
+ pubIsToken = (PRBool)PK11_HasAttributeSet(slot,pubID, CKA_TOKEN,PR_FALSE);
PK11_SETATTRS(&setTemplate, CKA_ID, cka_id->data, cka_id->len);
Index: ./mozilla/security/nss/lib/pk11wrap/pk11auth.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11auth.c,v
retrieving revision 1.16
diff -u -p -r1.16 pk11auth.c
--- ./mozilla/security/nss/lib/pk11wrap/pk11auth.c 16 May 2012 12:34:19 -0000 1.16
+++ ./mozilla/security/nss/lib/pk11wrap/pk11auth.c 2 Nov 2012 18:09:54 -0000
@@ -45,8 +45,9 @@ static struct PK11GlobalStruct {
* Check the user's password. Log into the card if it's correct.
* succeed if the user is already logged in.
*/
-SECStatus
-pk11_CheckPassword(PK11SlotInfo *slot,char *pw,PRBool contextSpecific)
+static SECStatus
+pk11_CheckPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
+ char *pw, PRBool alreadyLocked, PRBool contextSpecific)
{
int len = 0;
CK_RV crv;
@@ -66,13 +67,13 @@ pk11_CheckPassword(PK11SlotInfo *slot,ch
}
do {
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_Login(slot->session,
+ if (!alreadyLocked) PK11_EnterSlotMonitor(slot);
+ crv = PK11_GETTAB(slot)->C_Login(session,
contextSpecific ? CKU_CONTEXT_SPECIFIC : CKU_USER,
(unsigned char *)pw,len);
slot->lastLoginCheck = 0;
mustRetry = PR_FALSE;
- PK11_ExitSlotMonitor(slot);
+ if (!alreadyLocked) PK11_ExitSlotMonitor(slot);
switch (crv) {
/* if we're already logged in, we're good to go */
case CKR_OK:
@@ -91,10 +92,19 @@ pk11_CheckPassword(PK11SlotInfo *slot,ch
* if the token is still there. */
case CKR_SESSION_HANDLE_INVALID:
case CKR_SESSION_CLOSED:
+ if (session != slot->session) {
+ /* don't bother retrying, we were in a middle of an operation,
+ * which is now lost. Just fail. */
+ PORT_SetError(PK11_MapError(crv));
+ rv = SECFailure;
+ break;
+ }
if (retry++ == 0) {
rv = PK11_InitToken(slot,PR_FALSE);
if (rv == SECSuccess) {
if (slot->session != CK_INVALID_SESSION) {
+ session = slot->session; /* we should have
+ * a new session now */
mustRetry = PR_TRUE;
} else {
PORT_SetError(PK11_MapError(crv));
@@ -242,7 +252,8 @@ PK11_HandlePasswordCheck(PK11SlotInfo *s
NeedAuth = PR_TRUE;
}
}
- if (NeedAuth) PK11_DoPassword(slot,PR_TRUE,wincx,PR_FALSE);
+ if (NeedAuth) PK11_DoPassword(slot, slot->session, PR_TRUE,
+ wincx, PR_FALSE, PR_FALSE);
}
void
@@ -301,7 +312,8 @@ pk11_LoginStillRequired(PK11SlotInfo *sl
SECStatus
PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx) {
if (pk11_LoginStillRequired(slot,wincx)) {
- return PK11_DoPassword(slot,loadCerts,wincx,PR_FALSE);
+ return PK11_DoPassword(slot, slot->session, loadCerts, wincx,
+ PR_FALSE, PR_FALSE);
}
return SECSuccess;
}
@@ -532,7 +544,8 @@ PK11_SetIsLoggedInFunc(PK11IsLoggedInFun
* of the PKCS 11 module.
*/
SECStatus
-PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx,
+PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
+ PRBool loadCerts, void *wincx, PRBool alreadyLocked,
PRBool contextSpecific)
{
SECStatus rv = SECFailure;
@@ -602,7 +615,8 @@ PK11_DoPassword(PK11SlotInfo *slot, PRBo
break;
}
}
- rv = pk11_CheckPassword(slot,password,contextSpecific);
+ rv = pk11_CheckPassword(slot, session, password,
+ alreadyLocked, contextSpecific);
PORT_Memset(password, 0, PORT_Strlen(password));
PORT_Free(password);
if (rv != SECWouldBlock) break;
Index: ./mozilla/security/nss/lib/pk11wrap/pk11merge.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11merge.c,v
retrieving revision 1.10
diff -u -p -r1.10 pk11merge.c
--- ./mozilla/security/nss/lib/pk11wrap/pk11merge.c 25 Apr 2012 14:50:05 -0000 1.10
+++ ./mozilla/security/nss/lib/pk11wrap/pk11merge.c 2 Nov 2012 18:09:54 -0000
@@ -169,15 +169,15 @@ pk11_getPrivateKeyUsage(PK11SlotInfo *sl
{
unsigned int usage = 0;
- if ((PK11_HasAttributeSet(slot, id, CKA_UNWRAP) ||
- PK11_HasAttributeSet(slot,id, CKA_DECRYPT))) {
+ if ((PK11_HasAttributeSet(slot, id, CKA_UNWRAP,PR_FALSE) ||
+ PK11_HasAttributeSet(slot,id, CKA_DECRYPT,PR_FALSE))) {
usage |= KU_KEY_ENCIPHERMENT;
}
- if (PK11_HasAttributeSet(slot, id, CKA_DERIVE)) {
+ if (PK11_HasAttributeSet(slot, id, CKA_DERIVE, PR_FALSE)) {
usage |= KU_KEY_AGREEMENT;
}
- if ((PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER) ||
- PK11_HasAttributeSet(slot, id, CKA_SIGN))) {
+ if ((PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER, PR_FALSE) ||
+ PK11_HasAttributeSet(slot, id, CKA_SIGN, PR_FALSE))) {
usage |= KU_DIGITAL_SIGNATURE;
}
return usage;
@@ -373,31 +373,31 @@ pk11_getSecretKeyFlags(PK11SlotInfo *slo
{
CK_FLAGS flags = 0;
- if (PK11_HasAttributeSet(slot, id, CKA_UNWRAP)) {
+ if (PK11_HasAttributeSet(slot, id, CKA_UNWRAP, PR_FALSE)) {
flags |= CKF_UNWRAP;
}
- if (PK11_HasAttributeSet(slot, id, CKA_WRAP)) {
+ if (PK11_HasAttributeSet(slot, id, CKA_WRAP, PR_FALSE)) {
flags |= CKF_WRAP;
}
- if (PK11_HasAttributeSet(slot, id, CKA_ENCRYPT)) {
+ if (PK11_HasAttributeSet(slot, id, CKA_ENCRYPT, PR_FALSE)) {
flags |= CKF_ENCRYPT;
}
- if (PK11_HasAttributeSet(slot, id, CKA_DECRYPT)) {
+ if (PK11_HasAttributeSet(slot, id, CKA_DECRYPT, PR_FALSE)) {
flags |= CKF_DECRYPT;
}
- if (PK11_HasAttributeSet(slot, id, CKA_DERIVE)) {
+ if (PK11_HasAttributeSet(slot, id, CKA_DERIVE, PR_FALSE)) {
flags |= CKF_DERIVE;
}
- if (PK11_HasAttributeSet(slot, id, CKA_SIGN)) {
+ if (PK11_HasAttributeSet(slot, id, CKA_SIGN, PR_FALSE)) {
flags |= CKF_SIGN;
}
- if (PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER)) {
+ if (PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER, PR_FALSE)) {
flags |= CKF_SIGN_RECOVER;
}
- if (PK11_HasAttributeSet(slot, id, CKA_VERIFY)) {
+ if (PK11_HasAttributeSet(slot, id, CKA_VERIFY, PR_FALSE)) {
flags |= CKF_VERIFY;
}
- if (PK11_HasAttributeSet(slot, id, CKA_VERIFY_RECOVER)) {
+ if (PK11_HasAttributeSet(slot, id, CKA_VERIFY_RECOVER, PR_FALSE)) {
flags |= CKF_VERIFY_RECOVER;
}
return flags;
Index: ./mozilla/security/nss/lib/pk11wrap/pk11obj.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11obj.c,v
retrieving revision 1.27
diff -u -p -r1.27 pk11obj.c
--- ./mozilla/security/nss/lib/pk11wrap/pk11obj.c 29 Jun 2012 17:46:25 -0000 1.27
+++ ./mozilla/security/nss/lib/pk11wrap/pk11obj.c 2 Nov 2012 18:09:54 -0000
@@ -146,7 +146,7 @@ PK11_ReadULongAttribute(PK11SlotInfo *sl
*/
CK_BBOOL
PK11_HasAttributeSet( PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
- CK_ATTRIBUTE_TYPE type )
+ CK_ATTRIBUTE_TYPE type, PRBool haslock )
{
CK_BBOOL ckvalue = CK_FALSE;
CK_ATTRIBUTE theTemplate;
@@ -156,10 +156,10 @@ PK11_HasAttributeSet( PK11SlotInfo *slot
PK11_SETATTRS( &theTemplate, type, &ckvalue, sizeof( CK_BBOOL ) );
/* Retrieve attribute value. */
- PK11_EnterSlotMonitor(slot);
+ if (!haslock) PK11_EnterSlotMonitor(slot);
crv = PK11_GETTAB( slot )->C_GetAttributeValue( slot->session, id,
&theTemplate, 1 );
- PK11_ExitSlotMonitor(slot);
+ if (!haslock) PK11_ExitSlotMonitor(slot);
if( crv != CKR_OK ) {
PORT_SetError( PK11_MapError( crv ) );
return CK_FALSE;
@@ -254,7 +254,7 @@ PK11_GetAttributes(PRArenaPool *arena,PK
PRBool
PK11_IsPermObject(PK11SlotInfo *slot, CK_OBJECT_HANDLE handle)
{
- return (PRBool) PK11_HasAttributeSet(slot, handle, CKA_TOKEN);
+ return (PRBool) PK11_HasAttributeSet(slot, handle, CKA_TOKEN, PR_FALSE);
}
char *
@@ -735,6 +735,7 @@ PK11_Sign(SECKEYPrivateKey *key, SECItem
CK_MECHANISM mech = {0, NULL, 0 };
PRBool owner = PR_TRUE;
CK_SESSION_HANDLE session;
+ PRBool haslock = PR_FALSE;
CK_ULONG len;
CK_RV crv;
@@ -745,24 +746,27 @@ PK11_Sign(SECKEYPrivateKey *key, SECItem
}
session = pk11_GetNewSession(slot,&owner);
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
+ haslock = (!owner || !(slot->isThreadSafe));
+ if (haslock) PK11_EnterSlotMonitor(slot);
crv = PK11_GETTAB(slot)->C_SignInit(session,&mech,key->pkcs11ID);
if (crv != CKR_OK) {
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
+ if (haslock) PK11_ExitSlotMonitor(slot);
pk11_CloseSession(slot,session,owner);
PORT_SetError( PK11_MapError(crv) );
return SECFailure;
}
- /* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
- * do C_Login with CKU_CONTEXT_SPECIFIC
- * between C_SignInit and C_Sign */
- if (SECKEY_HAS_ATTRIBUTE_SET(key,CKA_ALWAYS_AUTHENTICATE)) {
- PK11_DoPassword(slot, PR_FALSE, key->wincx, PR_TRUE);
- }
+
+ /* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
+ * do C_Login with CKU_CONTEXT_SPECIFIC
+ * between C_SignInit and C_Sign */
+ if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) {
+ PK11_DoPassword(slot, session, PR_FALSE, key->wincx, haslock, PR_TRUE);
+ }
+
len = sig->len;
crv = PK11_GETTAB(slot)->C_Sign(session,hash->data,
hash->len, sig->data, &len);
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
+ if (haslock) PK11_ExitSlotMonitor(slot);
pk11_CloseSession(slot,session,owner);
sig->len = len;
if (crv != CKR_OK) {
@@ -788,6 +792,7 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *ke
CK_ULONG out = maxLen;
PRBool owner = PR_TRUE;
CK_SESSION_HANDLE session;
+ PRBool haslock = PR_FALSE;
CK_RV crv;
if (key->keyType != rsaKey) {
@@ -803,23 +808,26 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *ke
PK11_HandlePasswordCheck(slot, key->wincx);
}
session = pk11_GetNewSession(slot,&owner);
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
+ haslock = (!owner || !(slot->isThreadSafe));
+ if (haslock) PK11_EnterSlotMonitor(slot);
crv = PK11_GETTAB(slot)->C_DecryptInit(session, mech, key->pkcs11ID);
if (crv != CKR_OK) {
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
+ if (haslock) PK11_ExitSlotMonitor(slot);
pk11_CloseSession(slot,session,owner);
PORT_SetError( PK11_MapError(crv) );
return SECFailure;
}
- /* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
- * do C_Login with CKU_CONTEXT_SPECIFIC
- * between C_DecryptInit and C_Decrypt */
- /* But see note above about servers */
- if (SECKEY_HAS_ATTRIBUTE_SET(key,CKA_ALWAYS_AUTHENTICATE)) {
- PK11_DoPassword(slot, PR_FALSE, key->wincx, PR_TRUE);
- }
+
+ /* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
+ * do C_Login with CKU_CONTEXT_SPECIFIC
+ * between C_DecryptInit and C_Decrypt
+ * ... But see note above about servers */
+ if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) {
+ PK11_DoPassword(slot, session, PR_FALSE, key->wincx, haslock, PR_TRUE);
+ }
+
crv = PK11_GETTAB(slot)->C_Decrypt(session,enc, encLen, data, &out);
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
+ if (haslock) PK11_ExitSlotMonitor(slot);
pk11_CloseSession(slot,session,owner);
*outLen = out;
if (crv != CKR_OK) {
Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
retrieving revision 1.18
diff -u -p -r1.18 pk11priv.h
--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 16 May 2012 12:34:20 -0000 1.18
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 2 Nov 2012 18:09:55 -0000
@@ -59,8 +59,9 @@ void PK11_CleanKeyList(PK11SlotInfo *slo
/************************************************************
* Slot Password Management
************************************************************/
-SECStatus PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx,
- PRBool contextSpecific);
+SECStatus PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
+ PRBool loadCerts, void *wincx, PRBool alreadyLocked,
+ PRBool contextSpecific);
SECStatus PK11_VerifyPW(PK11SlotInfo *slot,char *pw);
void PK11_HandlePasswordCheck(PK11SlotInfo *slot,void *wincx);
void PK11_SetVerifyPasswordFunc(PK11VerifyPasswordFunc func);
@@ -121,7 +122,8 @@ CK_OBJECT_HANDLE PK11_MatchItem(PK11Slot
CK_OBJECT_CLASS o_class);
CK_BBOOL PK11_HasAttributeSet( PK11SlotInfo *slot,
CK_OBJECT_HANDLE id,
- CK_ATTRIBUTE_TYPE type );
+ CK_ATTRIBUTE_TYPE type,
+ PRBool haslock );
CK_RV PK11_GetAttributes(PLArenaPool *arena,PK11SlotInfo *slot,
CK_OBJECT_HANDLE obj,CK_ATTRIBUTE *attr, int count);
int PK11_NumberCertsForCertSubject(CERTCertificate *cert);

35
no-softoken-freebl-tests.patch Normal file
View File

@ -0,0 +1,35 @@
diff -up ./mozilla/security/nss/cmd/Makefile.nosoftokentests ./mozilla/security/nss/cmd/Makefile
--- ./mozilla/security/nss/cmd/Makefile.nosoftokentests 2012-12-16 21:47:35.412350822 -0800
+++ ./mozilla/security/nss/cmd/Makefile 2012-12-16 21:49:13.138963897 -0800
@@ -19,6 +19,10 @@ ifeq ($(FREEBL_LOWHASH),1)
LOWHASHTEST_SRCDIR = lowhashtest # Add the lowhashtest directory to DIRS.
endif
+# These test were compiled as part of the nss-softoken build
+BLTEST_SRCDIR=
+FIPSTEST_SRCDIR=
+
INCLUDES += \
-I$(DIST)/../public/security \
-I./include \
diff -up ./mozilla/security/nss/cmd/manifest.mn.nosoftokentests ./mozilla/security/nss/cmd/manifest.mn
--- ./mozilla/security/nss/cmd/manifest.mn.nosoftokentests 2012-12-16 21:45:18.693489564 -0800
+++ ./mozilla/security/nss/cmd/manifest.mn 2012-12-16 21:47:15.443225712 -0800
@@ -11,7 +11,7 @@ REQUIRES = nss nspr libdbm
DIRS = lib \
addbuiltin \
atob \
- bltest \
+ $(BLTEST_SRCDIR) \
btoa \
certcgi \
certutil \
@@ -23,7 +23,7 @@ DIRS = lib \
derdump \
digest \
httpserv \
- fipstest \
+ $(FIPSTEST_SRCDIR) \
$(LOWHASHTEST_SRCDIR) \
listsuites \
makepqg \

15
nss.spec
View File

@ -6,8 +6,8 @@
Summary: Network Security Services
Name: nss
Version: 3.14
Release: 12%{?dist}
Version: 3.14.1
Release: 1%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@ -69,11 +69,11 @@ Patch39: nss-ssl-enforce-no-pkcs11-bypass.path
# TODO: Remove this patch when the ocsp test are fixed
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=357025
Patch41: Bug-872124-fix-pk11wrap-locking.patch
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=807890
Patch42: 0001-Add-extended-key-usage-for-MS-Authenticode-Code-Sign.patch
Patch43: no-softoken-freebl-tests.patch
%description
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
@ -150,14 +150,14 @@ low level services.
%patch6 -p0 -b .libpem
%patch16 -p0 -b .539183
%patch18 -p0 -b .646045
# link pem against buildroot's freebl, esential wen mixing and matching
# link pem against buildroot's freebl, essential when mixing and matching
%patch25 -p0 -b .systemfreebl
# activate for stable and beta branches
#%patch29 -p0 -b .770682
%patch39 -p1 -b .nobypass
%patch40 -p1 -b .noocsptest
%patch41 -p0 -b .872124
%patch42 -p0 -b .870864
%patch43 -p0 -b .nosoftokentests
%build
@ -603,6 +603,9 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
* Mon Dec 17 2012 Elio Maldonado <emaldona@redhat.com> - 3.14.1-1
- Update to NSS_3_14_1_RTM
* Wed Dec 12 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-12
- Bug 879978 - Install the nssck.api header template where mod_revocator can access it
- Install nssck.api in /usr/includes/nss3/templates

2
sources
View File

@ -5,5 +5,5 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
bf47cecad861efa77d1488ad4a73cb5b PayPalEE.cert
2a06bf7b815d1a666cc3587b895506ce nss-pem-20120811.tar.bz2
2844d502638ac84097d5a9affa6d1c3a nss-3.14-stripped.tar.bz2
0be54f196b5da7e9008eb13a71bc2cb0 dummy-sources-for-testing
78b4c196af29ef5e7851447029f947c0 nss-3.14.1-stripped.tar.bz2