From 5b04337f7843a9a967398e2398ebd2cbb0ca704c Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Sat, 12 Jul 2014 09:38:11 -0700 Subject: [PATCH] Update test patch to run more tests --- disable-sslv2-libssl.patch | 82 +++++++++++++++++++------------------- nss.spec | 52 ++++++++++++------------ 2 files changed, 67 insertions(+), 67 deletions(-) diff --git a/disable-sslv2-libssl.patch b/disable-sslv2-libssl.patch index a9bc128..4b18eb3 100644 --- a/disable-sslv2-libssl.patch +++ b/disable-sslv2-libssl.patch @@ -13,63 +13,63 @@ diff -up ./nss/lib/ssl/config.mk.disableSSL2 ./nss/lib/ssl/config.mk DEFINES += -DNO_PKCS11_BYPASS else diff -up ./nss/lib/ssl/sslsock.c.disableSSL2 ./nss/lib/ssl/sslsock.c ---- ./nss/lib/ssl/sslsock.c.disableSSL2 2013-11-05 16:09:47.419727310 -0800 -+++ ./nss/lib/ssl/sslsock.c 2013-11-05 16:09:47.461727980 -0800 -@@ -639,6 +639,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh - break; +--- ./nss/lib/ssl/sslsock.c.disableSSL2 2014-07-10 18:45:18.756370281 -0700 ++++ ./nss/lib/ssl/sslsock.c 2014-07-10 18:47:55.956392803 -0700 +@@ -653,6 +653,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh + break; case SSL_ENABLE_SSL2: +#ifdef NSS_NO_SSL2 -+ if (on) { -+ PORT_SetError(SSL_ERROR_SSL2_DISABLED); -+ rv = SECFailure; /* not allowed */ -+ } -+ break; -+ ss->opt.enableSSL2 = on; ++if (on) { ++ PORT_SetError(SSL_ERROR_SSL2_DISABLED); ++ rv = SECFailure; /* not allowed */ ++ } ++ break; ++ ss->opt.enableSSL2 = on; +#else if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); -@@ -650,6 +658,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh - if (on) { - ss->opt.v2CompatibleHello = on; - } + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); +@@ -664,6 +672,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh + if (on) { + ss->opt.v2CompatibleHello = on; + } +#endif - ss->preferredCipher = NULL; - if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); -@@ -671,6 +680,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh - break; + ss->preferredCipher = NULL; + if (ss->cipherSpecs) { + PORT_Free(ss->cipherSpecs); +@@ -685,6 +694,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh + break; case SSL_V2_COMPATIBLE_HELLO: +#ifdef NSS_NO_SSL2 -+ if (on) { -+ PORT_SetError(SSL_ERROR_SSL2_DISABLED); -+ rv = SECFailure; /* not allowed */ -+ break; -+ } ++ if (on) { ++ PORT_SetError(SSL_ERROR_SSL2_DISABLED); ++ rv = SECFailure; /* not allowed */ ++ break; ++ } +#else if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); -@@ -678,6 +694,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh - } - break; - } + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); +@@ -692,6 +708,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh + } + break; + } +#endif - ss->opt.v2CompatibleHello = on; - if (!on) { - ss->opt.enableSSL2 = on; -@@ -1112,7 +1129,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt + ss->opt.v2CompatibleHello = on; + if (!on) { + ss->opt.enableSSL2 = on; +@@ -1146,7 +1163,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt if (ssl_IsRemovedCipherSuite(which)) { - rv = SECSuccess; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { +#ifdef NSS_NO_SSL2 -+ PORT_SetError(SSL_ERROR_SSL2_DISABLED); -+ rv = SECFailure; /* not allowed */ ++ PORT_SetError(SSL_ERROR_SSL2_DISABLED); ++ rv = SECFailure; /* not allowed */ +#else - rv = ssl2_SetPolicy(which, policy); + rv = ssl2_SetPolicy(which, policy); +#endif } else { - rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); + rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); } diff --git a/nss.spec b/nss.spec index 97fd054..27e903a 100644 --- a/nss.spec +++ b/nss.spec @@ -1,6 +1,6 @@ -%global nspr_version 4.10.5 -%global nss_util_version 3.16.1 -%global nss_softokn_version 3.16.1 +%global nspr_version 4.10.6 +%global nss_util_version 3.16.2 +%global nss_softokn_version 3.16.2 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv" @@ -18,8 +18,8 @@ Summary: Network Security Services Name: nss -Version: 3.16.1 -Release: 2.1%{?dist}.ssl2disabled.1 +Version: 3.16.2 +Release: 2%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -82,8 +82,6 @@ Patch25: nsspem-use-system-freebl.patch Patch40: nss-3.14.0.0-disble-ocsp-test.patch # Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator Patch47: utilwrap-include-templates.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=902171 -Patch48: nss-versus-softoken-tests.patch # TODO remove when we switch to building nss without softoken Patch49: nss-skip-bltest-and-fipstest.patch # This patch uses the gcc-iquote dir option documented at @@ -96,8 +94,6 @@ Patch50: iquote.patch Patch51: disable-sslv2-libssl.patch Patch52: disable-sslv2-tests.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1007126 -Patch70: manfixes.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -183,12 +179,10 @@ low level services. %patch25 -p0 -b .systemfreebl %patch40 -p0 -b .noocsptest %patch47 -p0 -b .templates -%patch48 -p0 -b .crypto %patch49 -p0 -b .skipthem %patch50 -p0 -b .iquote %patch51 -p0 -b .disableSSL2 %patch52 -p0 -b .disableSSL2 -%patch70 -p0 -b .cleanup ######################################################### # Higher-level libraries and test tools need access to @@ -206,6 +200,16 @@ done %{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf %{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf +##### Remove util/freebl/softoken and low level tools +######## Remove freebl, softoken and util +%{__rm} -rf ./nss/lib/freebl +%{__rm} -rf ./nss/lib/softoken +%{__rm} -rf ./nss/lib/util +######## Remove nss-softokn test tools as we already ran +# the cipher test suite as part of the nss-softokn build +%{__rm} -rf ./nss/cmd/bltest +%{__rm} -rf ./nss/cmd/fipstest +%{__rm} -rf ./nss/cmd/rsaperf_low %build @@ -274,17 +278,6 @@ export USE_64 # uncomment if the iquote patch is activated export IN_TREE_FREEBL_HEADERS_FIRST=1 -##### phase 1: remove util/freebl/softoken and low level tools -# -######## Remove freebl, softoken and util -%{__rm} -rf ./mozilla/security/nss/lib/freebl -%{__rm} -rf ./mozilla/security/nss/lib/softoken -%{__rm} -rf ./mozilla/security/nss/lib/util -######## Remove nss-softokn test tools -%{__rm} -rf ./mozilla/security/nss/cmd/bltest -%{__rm} -rf ./mozilla/security/nss/cmd/fipstest -%{__rm} -rf ./mozilla/security/nss/cmd/rsaperf_low - ##### phase 2: build the rest of nss # nss supports pluggable ecc with more than suite-b NSS_ECC_MORE_THAN_SUITE_B=1 @@ -436,7 +429,7 @@ pushd ./nss/tests/ # don't need to run all the tests when testing packaging # nss_cycles: standard pkix upgradedb sharedb -nss_tests="cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains" +nss_tests="libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains" # nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr # nss_ssl_run: cov auth stress # @@ -769,11 +762,18 @@ fi %changelog -* Mon Jun 02 2014 Elio Maldonado - 3.16.1-2.1.ssl2disabled.1 +* Thu Jul 10 2014 Elio Maldonado -3.16.1-2 - rebuilt with ssl2 disabled -* Mon Jun 02 2014 Elio Maldonado - 3.16.1-2.1.ssl2allowed.1 -- Add option to disable SSL2, SSL2 enabled by default +* Sun Jun 29 2014 Elio Maldonado - 3.16.2-1 +- Update to nss-3.16.2 + +* Sun Jun 15 2014 Elio Maldonado - 3.16.1-4 +- Remove unwanted source directories at end of %%prep so it truly does it +- Skip the cipher suite already run as part of the nss-softokn build + +* Sat Jun 07 2014 Fedora Release Engineering - 3.16.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Mon May 12 2014 Jaromir Capik - 3.16.1-2 - Replacing ppc64 and ppc64le with the power64 macro