rpms
/
nss
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update test patch to run more tests

This commit is contained in:
Elio Maldonado 2014-07-12 09:38:11 -07:00
parent f2b8284caa
commit 5b04337f78
2 changed files with 67 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
disable-sslv2-libssl.patch
View File

@ -13,63 +13,63 @@ diff -up ./nss/lib/ssl/config.mk.disableSSL2 ./nss/lib/ssl/config.mk
DEFINES += -DNO_PKCS11_BYPASS
else
diff -up ./nss/lib/ssl/sslsock.c.disableSSL2 ./nss/lib/ssl/sslsock.c
--- ./nss/lib/ssl/sslsock.c.disableSSL2 2013-11-05 16:09:47.419727310 -0800
+++ ./nss/lib/ssl/sslsock.c 2013-11-05 16:09:47.461727980 -0800
@@ -639,6 +639,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
break;
--- ./nss/lib/ssl/sslsock.c.disableSSL2 2014-07-10 18:45:18.756370281 -0700
+++ ./nss/lib/ssl/sslsock.c 2014-07-10 18:47:55.956392803 -0700
@@ -653,6 +653,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
break;
case SSL_ENABLE_SSL2:
+#ifdef NSS_NO_SSL2
+ if (on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ }
+ break;
+ ss->opt.enableSSL2 = on;
+if (on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ }
+ break;
+ ss->opt.enableSSL2 = on;
+#else
if (IS_DTLS(ss)) {
if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -650,6 +658,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
if (on) {
ss->opt.v2CompatibleHello = on;
}
if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -664,6 +672,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
if (on) {
ss->opt.v2CompatibleHello = on;
}
+#endif
ss->preferredCipher = NULL;
if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs);
@@ -671,6 +680,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
break;
ss->preferredCipher = NULL;
if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs);
@@ -685,6 +694,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
break;
case SSL_V2_COMPATIBLE_HELLO:
+#ifdef NSS_NO_SSL2
+ if (on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ break;
+ }
+ if (on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ break;
+ }
+#else
if (IS_DTLS(ss)) {
if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -678,6 +694,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
}
break;
}
if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -692,6 +708,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
}
break;
}
+#endif
ss->opt.v2CompatibleHello = on;
if (!on) {
ss->opt.enableSSL2 = on;
@@ -1112,7 +1129,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt
ss->opt.v2CompatibleHello = on;
if (!on) {
ss->opt.enableSSL2 = on;
@@ -1146,7 +1163,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt
if (ssl_IsRemovedCipherSuite(which)) {
rv = SECSuccess;
rv = SECSuccess;
} else if (SSL_IS_SSL2_CIPHER(which)) {
+#ifdef NSS_NO_SSL2
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+#else
rv = ssl2_SetPolicy(which, policy);
rv = ssl2_SetPolicy(which, policy);
+#endif
} else {
rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
}

52
nss.spec
View File

@ -1,6 +1,6 @@
%global nspr_version 4.10.5
%global nss_util_version 3.16.1
%global nss_softokn_version 3.16.1
%global nspr_version 4.10.6
%global nss_util_version 3.16.2
%global nss_softokn_version 3.16.2
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
@ -18,8 +18,8 @@
Summary: Network Security Services
Name: nss
Version: 3.16.1
Release: 2.1%{?dist}.ssl2disabled.1
Version: 3.16.2
Release: 2%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@ -82,8 +82,6 @@ Patch25: nsspem-use-system-freebl.patch
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
Patch47: utilwrap-include-templates.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=902171
Patch48: nss-versus-softoken-tests.patch
# TODO remove when we switch to building nss without softoken
Patch49: nss-skip-bltest-and-fipstest.patch
# This patch uses the gcc-iquote dir option documented at
@ -96,8 +94,6 @@ Patch50: iquote.patch
Patch51: disable-sslv2-libssl.patch
Patch52: disable-sslv2-tests.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1007126
Patch70: manfixes.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@ -183,12 +179,10 @@ low level services.
%patch25 -p0 -b .systemfreebl
%patch40 -p0 -b .noocsptest
%patch47 -p0 -b .templates
%patch48 -p0 -b .crypto
%patch49 -p0 -b .skipthem
%patch50 -p0 -b .iquote
%patch51 -p0 -b .disableSSL2
%patch52 -p0 -b .disableSSL2
%patch70 -p0 -b .cleanup
#########################################################
# Higher-level libraries and test tools need access to
@ -206,6 +200,16 @@ done
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
##### Remove util/freebl/softoken and low level tools
######## Remove freebl, softoken and util
%{__rm} -rf ./nss/lib/freebl
%{__rm} -rf ./nss/lib/softoken
%{__rm} -rf ./nss/lib/util
######## Remove nss-softokn test tools as we already ran
# the cipher test suite as part of the nss-softokn build
%{__rm} -rf ./nss/cmd/bltest
%{__rm} -rf ./nss/cmd/fipstest
%{__rm} -rf ./nss/cmd/rsaperf_low
%build
@ -274,17 +278,6 @@ export USE_64
# uncomment if the iquote patch is activated
export IN_TREE_FREEBL_HEADERS_FIRST=1
##### phase 1: remove util/freebl/softoken and low level tools
#
######## Remove freebl, softoken and util
%{__rm} -rf ./mozilla/security/nss/lib/freebl
%{__rm} -rf ./mozilla/security/nss/lib/softoken
%{__rm} -rf ./mozilla/security/nss/lib/util
######## Remove nss-softokn test tools
%{__rm} -rf ./mozilla/security/nss/cmd/bltest
%{__rm} -rf ./mozilla/security/nss/cmd/fipstest
%{__rm} -rf ./mozilla/security/nss/cmd/rsaperf_low
##### phase 2: build the rest of nss
# nss supports pluggable ecc with more than suite-b
NSS_ECC_MORE_THAN_SUITE_B=1
@ -436,7 +429,7 @@ pushd ./nss/tests/
# don't need to run all the tests when testing packaging
# nss_cycles: standard pkix upgradedb sharedb
nss_tests="cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains"
nss_tests="libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains"
# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
# nss_ssl_run: cov auth stress
#
@ -769,11 +762,18 @@ fi
%changelog
* Mon Jun 02 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-2.1.ssl2disabled.1
* Thu Jul 10 2014 Elio Maldonado <emaldona@redhat.com> -3.16.1-2
- rebuilt with ssl2 disabled
* Mon Jun 02 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-2.1.ssl2allowed.1
- Add option to disable SSL2, SSL2 enabled by default
* Sun Jun 29 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.2-1
- Update to nss-3.16.2
* Sun Jun 15 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-4
- Remove unwanted source directories at end of %%prep so it truly does it
- Skip the cipher suite already run as part of the nss-softokn build
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.16.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon May 12 2014 Jaromir Capik <jcapik@redhat.com> - 3.16.1-2
- Replacing ppc64 and ppc64le with the power64 macro