rpms
/
nss
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update test patch to run more tests

This commit is contained in:
Elio Maldonado 2014-07-12 09:38:11 -07:00
parent f2b8284caa
commit 5b04337f78
2 changed files with 67 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
disable-sslv2-libssl.patch
View File

@ -13,63 +13,63 @@ diff -up ./nss/lib/ssl/config.mk.disableSSL2 ./nss/lib/ssl/config.mk
DEFINES += -DNO_PKCS11_BYPASS DEFINES += -DNO_PKCS11_BYPASS
else else
diff -up ./nss/lib/ssl/sslsock.c.disableSSL2 ./nss/lib/ssl/sslsock.c diff -up ./nss/lib/ssl/sslsock.c.disableSSL2 ./nss/lib/ssl/sslsock.c
--- ./nss/lib/ssl/sslsock.c.disableSSL2 2013-11-05 16:09:47.419727310 -0800 --- ./nss/lib/ssl/sslsock.c.disableSSL2 2014-07-10 18:45:18.756370281 -0700
+++ ./nss/lib/ssl/sslsock.c 2013-11-05 16:09:47.461727980 -0800 +++ ./nss/lib/ssl/sslsock.c 2014-07-10 18:47:55.956392803 -0700
@@ -639,6 +639,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh @@ -653,6 +653,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
break; break;
case SSL_ENABLE_SSL2: case SSL_ENABLE_SSL2:
+#ifdef NSS_NO_SSL2 +#ifdef NSS_NO_SSL2
+ if (on) { +if (on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED); + PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */ + rv = SECFailure; /* not allowed */
+ } + }
+ break; + break;
+ ss->opt.enableSSL2 = on; + ss->opt.enableSSL2 = on;
+#else +#else
if (IS_DTLS(ss)) { if (IS_DTLS(ss)) {
if (on) { if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS); PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -650,6 +658,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh @@ -664,6 +672,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
if (on) { if (on) {
ss->opt.v2CompatibleHello = on; ss->opt.v2CompatibleHello = on;
} }
+#endif +#endif
ss->preferredCipher = NULL; ss->preferredCipher = NULL;
if (ss->cipherSpecs) { if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs); PORT_Free(ss->cipherSpecs);
@@ -671,6 +680,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh @@ -685,6 +694,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
break; break;
case SSL_V2_COMPATIBLE_HELLO: case SSL_V2_COMPATIBLE_HELLO:
+#ifdef NSS_NO_SSL2 +#ifdef NSS_NO_SSL2
+ if (on) { + if (on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED); + PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */ + rv = SECFailure; /* not allowed */
+ break; + break;
+ } + }
+#else +#else
if (IS_DTLS(ss)) { if (IS_DTLS(ss)) {
if (on) { if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS); PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -678,6 +694,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh @@ -692,6 +708,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
} }
break; break;
} }
+#endif +#endif
ss->opt.v2CompatibleHello = on; ss->opt.v2CompatibleHello = on;
if (!on) { if (!on) {
ss->opt.enableSSL2 = on; ss->opt.enableSSL2 = on;
@@ -1112,7 +1129,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt @@ -1146,7 +1163,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt
if (ssl_IsRemovedCipherSuite(which)) { if (ssl_IsRemovedCipherSuite(which)) {
rv = SECSuccess; rv = SECSuccess;
} else if (SSL_IS_SSL2_CIPHER(which)) { } else if (SSL_IS_SSL2_CIPHER(which)) {
+#ifdef NSS_NO_SSL2 +#ifdef NSS_NO_SSL2
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED); + PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */ + rv = SECFailure; /* not allowed */
+#else +#else
rv = ssl2_SetPolicy(which, policy); rv = ssl2_SetPolicy(which, policy);
+#endif +#endif
} else { } else {
rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
} }

52
nss.spec
View File

@ -1,6 +1,6 @@
%global nspr_version 4.10.5 %global nspr_version 4.10.6
%global nss_util_version 3.16.1 %global nss_util_version 3.16.2
%global nss_softokn_version 3.16.1 %global nss_softokn_version 3.16.2
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv" %global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
@ -18,8 +18,8 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.16.1 Version: 3.16.2
Release: 2.1%{?dist}.ssl2disabled.1 Release: 2%{?dist}
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -82,8 +82,6 @@ Patch25: nsspem-use-system-freebl.patch
Patch40: nss-3.14.0.0-disble-ocsp-test.patch Patch40: nss-3.14.0.0-disble-ocsp-test.patch
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator # Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
Patch47: utilwrap-include-templates.patch Patch47: utilwrap-include-templates.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=902171
Patch48: nss-versus-softoken-tests.patch
# TODO remove when we switch to building nss without softoken # TODO remove when we switch to building nss without softoken
Patch49: nss-skip-bltest-and-fipstest.patch Patch49: nss-skip-bltest-and-fipstest.patch
# This patch uses the gcc-iquote dir option documented at # This patch uses the gcc-iquote dir option documented at
@ -96,8 +94,6 @@ Patch50: iquote.patch
Patch51: disable-sslv2-libssl.patch Patch51: disable-sslv2-libssl.patch
Patch52: disable-sslv2-tests.patch Patch52: disable-sslv2-tests.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1007126
Patch70: manfixes.patch
%description %description
Network Security Services (NSS) is a set of libraries designed to Network Security Services (NSS) is a set of libraries designed to
@ -183,12 +179,10 @@ low level services.
%patch25 -p0 -b .systemfreebl %patch25 -p0 -b .systemfreebl
%patch40 -p0 -b .noocsptest %patch40 -p0 -b .noocsptest
%patch47 -p0 -b .templates %patch47 -p0 -b .templates
%patch48 -p0 -b .crypto
%patch49 -p0 -b .skipthem %patch49 -p0 -b .skipthem
%patch50 -p0 -b .iquote %patch50 -p0 -b .iquote
%patch51 -p0 -b .disableSSL2 %patch51 -p0 -b .disableSSL2
%patch52 -p0 -b .disableSSL2 %patch52 -p0 -b .disableSSL2
%patch70 -p0 -b .cleanup
######################################################### #########################################################
# Higher-level libraries and test tools need access to # Higher-level libraries and test tools need access to
@ -206,6 +200,16 @@ done
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf %{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf %{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
##### Remove util/freebl/softoken and low level tools
######## Remove freebl, softoken and util
%{__rm} -rf ./nss/lib/freebl
%{__rm} -rf ./nss/lib/softoken
%{__rm} -rf ./nss/lib/util
######## Remove nss-softokn test tools as we already ran
# the cipher test suite as part of the nss-softokn build
%{__rm} -rf ./nss/cmd/bltest
%{__rm} -rf ./nss/cmd/fipstest
%{__rm} -rf ./nss/cmd/rsaperf_low
%build %build
@ -274,17 +278,6 @@ export USE_64
# uncomment if the iquote patch is activated # uncomment if the iquote patch is activated
export IN_TREE_FREEBL_HEADERS_FIRST=1 export IN_TREE_FREEBL_HEADERS_FIRST=1
##### phase 1: remove util/freebl/softoken and low level tools
#
######## Remove freebl, softoken and util
%{__rm} -rf ./mozilla/security/nss/lib/freebl
%{__rm} -rf ./mozilla/security/nss/lib/softoken
%{__rm} -rf ./mozilla/security/nss/lib/util
######## Remove nss-softokn test tools
%{__rm} -rf ./mozilla/security/nss/cmd/bltest
%{__rm} -rf ./mozilla/security/nss/cmd/fipstest
%{__rm} -rf ./mozilla/security/nss/cmd/rsaperf_low
##### phase 2: build the rest of nss ##### phase 2: build the rest of nss
# nss supports pluggable ecc with more than suite-b # nss supports pluggable ecc with more than suite-b
NSS_ECC_MORE_THAN_SUITE_B=1 NSS_ECC_MORE_THAN_SUITE_B=1
@ -436,7 +429,7 @@ pushd ./nss/tests/
# don't need to run all the tests when testing packaging # don't need to run all the tests when testing packaging
# nss_cycles: standard pkix upgradedb sharedb # nss_cycles: standard pkix upgradedb sharedb
nss_tests="cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains" nss_tests="libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains"
# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr # nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
# nss_ssl_run: cov auth stress # nss_ssl_run: cov auth stress
# #
@ -769,11 +762,18 @@ fi
%changelog %changelog
* Mon Jun 02 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-2.1.ssl2disabled.1 * Thu Jul 10 2014 Elio Maldonado <emaldona@redhat.com> -3.16.1-2
- rebuilt with ssl2 disabled - rebuilt with ssl2 disabled
* Mon Jun 02 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-2.1.ssl2allowed.1 * Sun Jun 29 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.2-1
- Add option to disable SSL2, SSL2 enabled by default - Update to nss-3.16.2
* Sun Jun 15 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-4
- Remove unwanted source directories at end of %%prep so it truly does it
- Skip the cipher suite already run as part of the nss-softokn build
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.16.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon May 12 2014 Jaromir Capik <jcapik@redhat.com> - 3.16.1-2 * Mon May 12 2014 Jaromir Capik <jcapik@redhat.com> - 3.16.1-2
- Replacing ppc64 and ppc64le with the power64 macro - Replacing ppc64 and ppc64le with the power64 macro