From 5ed56146a28224ac5d2199f5f09297bc320e6104 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Wed, 21 Jun 2017 17:41:09 +0200 Subject: [PATCH] Rebase to NSS 3.31.0 --- .gitignore | 1 + nss-1328318-v8-3.30.patch | 754 ------------------ nss-gcc7.patch | 12 - ...s-split-v5.patch => nss-gtests-split.patch | 223 +++--- nss-skip-util-gtest.patch | 10 +- nss.spec | 19 +- sources | 2 +- 7 files changed, 138 insertions(+), 883 deletions(-) delete mode 100644 nss-1328318-v8-3.30.patch delete mode 100644 nss-gcc7.patch rename gtests-split-v5.patch => nss-gtests-split.patch (70%) diff --git a/.gitignore b/.gitignore index a6cc36c..0c37ff8 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ TestUser51.cert /nss-3.29.1.tar.gz /nss-3.30.0.tar.gz /nss-3.30.2.tar.gz +/nss-3.31.0.tar.gz diff --git a/nss-1328318-v8-3.30.patch b/nss-1328318-v8-3.30.patch deleted file mode 100644 index af1a6dd..0000000 --- a/nss-1328318-v8-3.30.patch +++ /dev/null @@ -1,754 +0,0 @@ -diff --git a/gtests/nss_bogo_shim/nss_bogo_shim.cc b/gtests/nss_bogo_shim/nss_bogo_shim.cc ---- a/gtests/nss_bogo_shim/nss_bogo_shim.cc -+++ b/gtests/nss_bogo_shim/nss_bogo_shim.cc -@@ -260,16 +260,22 @@ class TestAgent { - if (rv != SECSuccess) return false; - - SSLVersionRange vrange; - if (!GetVersionRange(&vrange, ssl_variant_stream)) return false; - - rv = SSL_VersionRangeSet(ssl_fd_, &vrange); - if (rv != SECSuccess) return false; - -+ SSLVersionRange verify_vrange; -+ rv = SSL_VersionRangeGet(ssl_fd_, &verify_vrange); -+ if (rv != SECSuccess) return false; -+ if (vrange.min != verify_vrange.min || vrange.max != verify_vrange.max) -+ return false; -+ - rv = SSL_OptionSet(ssl_fd_, SSL_NO_CACHE, false); - if (rv != SECSuccess) return false; - - auto alpn = cfg_.get("advertise-alpn"); - if (!alpn.empty()) { - assert(!cfg_.get("server")); - - rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_ALPN, PR_TRUE); -diff --git a/gtests/ssl_gtest/tls_agent.cc b/gtests/ssl_gtest/tls_agent.cc ---- a/gtests/ssl_gtest/tls_agent.cc -+++ b/gtests/ssl_gtest/tls_agent.cc -@@ -20,16 +20,21 @@ extern "C" { - - #define GTEST_HAS_RTTI 0 - #include "gtest/gtest.h" - #include "gtest_utils.h" - #include "scoped_ptrs.h" - - extern std::string g_working_dir_path; - -+static bool SSLVersionRangesAreEqual(SSLVersionRange& vr1, -+ SSLVersionRange& vr2) { -+ return vr1.min == vr2.min && vr1.max == vr2.max; -+} -+ - namespace nss_test { - - const char* TlsAgent::states[] = {"INIT", "CONNECTING", "CONNECTED", "ERROR"}; - - const std::string TlsAgent::kClient = "client"; // both sign and encrypt - const std::string TlsAgent::kRsa2048 = "rsa2048"; // bigger - const std::string TlsAgent::kServerRsa = "rsa"; // both sign and encrypt - const std::string TlsAgent::kServerRsaSign = "rsa_sign"; -@@ -156,16 +161,26 @@ bool TlsAgent::EnsureTlsSetup(PRFileDesc - return false; - } - dummy_fd.release(); // Now subsumed by ssl_fd_. - - SECStatus rv = SSL_VersionRangeSet(ssl_fd(), &vrange_); - EXPECT_EQ(SECSuccess, rv); - if (rv != SECSuccess) return false; - -+ SSLVersionRange verify_vrange; -+ rv = SSL_VersionRangeGet(ssl_fd(), &verify_vrange); -+ EXPECT_EQ(SECSuccess, rv); -+ if (rv != SECSuccess) return false; -+ -+ bool ranges_are_equal = SSLVersionRangesAreEqual(vrange_, verify_vrange); -+ EXPECT_TRUE(ranges_are_equal) -+ << "System policy must not restrict the allowed min/max SSL/TLS range"; -+ if (!ranges_are_equal) return false; -+ - if (role_ == SERVER) { - EXPECT_TRUE(ConfigServerCert(name_, true)); - - rv = SSL_SNISocketConfigHook(ssl_fd(), SniHook, this); - EXPECT_EQ(SECSuccess, rv); - if (rv != SECSuccess) return false; - - ScopedCERTCertList anchors(CERT_NewCertList()); -@@ -400,16 +415,23 @@ void TlsAgent::SetShortHeadersEnabled() - - void TlsAgent::SetVersionRange(uint16_t minver, uint16_t maxver) { - vrange_.min = minver; - vrange_.max = maxver; - - if (ssl_fd()) { - SECStatus rv = SSL_VersionRangeSet(ssl_fd(), &vrange_); - EXPECT_EQ(SECSuccess, rv); -+ -+ SSLVersionRange verify_vrange; -+ rv = SSL_VersionRangeGet(ssl_fd(), &verify_vrange); -+ EXPECT_EQ(SECSuccess, rv); -+ bool ranges_are_equal = SSLVersionRangesAreEqual(vrange_, verify_vrange); -+ EXPECT_TRUE(ranges_are_equal) -+ << "System policy must not restrict the allowed min/max SSL/TLS range"; - } - } - - void TlsAgent::GetVersionRange(uint16_t* minver, uint16_t* maxver) { - *minver = vrange_.min; - *maxver = vrange_.max; - } - -diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c ---- a/lib/ssl/sslsock.c -+++ b/lib/ssl/sslsock.c -@@ -2202,38 +2202,42 @@ ssl3_GetRangePolicy(SSLProtocolVariant p - return SECFailure; /* don't accept an invalid policy */ - } - return SECSuccess; - } - - /* - * Constrain a single protocol variant's range based on the user policy - */ --static SECStatus --ssl3_ConstrainVariantRangeByPolicy(SSLProtocolVariant protocolVariant) -+static void -+ssl3_ConstrainVariantRangeByPolicy(SSLProtocolVariant protocolVariant, -+ SSLVersionRange *rangeParam /* in and out */) - { - SSLVersionRange vrange; - SSLVersionRange pvrange; - SECStatus rv; - -- vrange = *VERSIONS_DEFAULTS(protocolVariant); -+ if (!rangeParam) { -+ return; -+ } -+ -+ vrange = *rangeParam; - rv = ssl3_GetRangePolicy(protocolVariant, &pvrange); - if (rv != SECSuccess) { -- return SECSuccess; /* we don't have any policy */ -+ return; /* we don't have any policy */ - } - vrange.min = PR_MAX(vrange.min, pvrange.min); - vrange.max = PR_MIN(vrange.max, pvrange.max); - if (vrange.max >= vrange.min) { -- *VERSIONS_DEFAULTS(protocolVariant) = vrange; -+ *rangeParam = vrange; - } else { - /* there was no overlap, turn off range altogether */ - pvrange.min = pvrange.max = SSL_LIBRARY_VERSION_NONE; -- *VERSIONS_DEFAULTS(protocolVariant) = pvrange; -+ *rangeParam = pvrange; - } -- return SECSuccess; - } - - static PRBool - ssl_VersionIsSupportedByPolicy(SSLProtocolVariant protocolVariant, - SSL3ProtocolVersion version) - { - SSLVersionRange pvrange; - SECStatus rv; -@@ -2249,60 +2253,59 @@ ssl_VersionIsSupportedByPolicy(SSLProtoc - - /* - * This is called at SSL init time to constrain the existing range based - * on user supplied policy. - */ - SECStatus - ssl3_ConstrainRangeByPolicy(void) - { -- SECStatus rv; -- rv = ssl3_ConstrainVariantRangeByPolicy(ssl_variant_stream); -- if (rv != SECSuccess) { -- return rv; -+ ssl3_ConstrainVariantRangeByPolicy(ssl_variant_stream, -+ VERSIONS_DEFAULTS(ssl_variant_stream)); -+ ssl3_ConstrainVariantRangeByPolicy(ssl_variant_datagram, -+ VERSIONS_DEFAULTS(ssl_variant_datagram)); -+ return SECSuccess; -+} -+ -+PRBool -+ssl3_VersionIsSupportedByCode(SSLProtocolVariant protocolVariant, -+ SSL3ProtocolVersion version) -+{ -+ switch (protocolVariant) { -+ case ssl_variant_stream: -+ return (version >= SSL_LIBRARY_VERSION_3_0 && -+ version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); -+ case ssl_variant_datagram: -+ return (version >= SSL_LIBRARY_VERSION_TLS_1_1 && -+ version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); - } -- rv = ssl3_ConstrainVariantRangeByPolicy(ssl_variant_datagram); -- if (rv != SECSuccess) { -- return rv; -- } -- return SECSuccess; -+ -+ /* Can't get here */ -+ PORT_Assert(PR_FALSE); -+ return PR_FALSE; - } - - PRBool - ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, - SSL3ProtocolVersion version) - { - if (!ssl_VersionIsSupportedByPolicy(protocolVariant, version)) { - return PR_FALSE; - } -- switch (protocolVariant) { -- case ssl_variant_stream: -- return (version >= SSL_LIBRARY_VERSION_3_0 && -- version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); -- case ssl_variant_datagram: -- return (version >= SSL_LIBRARY_VERSION_TLS_1_1 && -- version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); -- default: -- /* Can't get here */ -- PORT_Assert(PR_FALSE); -- return PR_FALSE; -- } -+ return ssl3_VersionIsSupportedByCode(protocolVariant, version); - } - --/* Returns PR_TRUE if the given version range is valid and --** fully supported; otherwise, returns PR_FALSE. --*/ - static PRBool - ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant, - const SSLVersionRange *vrange) - { - return vrange && - vrange->min <= vrange->max && -- ssl3_VersionIsSupported(protocolVariant, vrange->min) && -- ssl3_VersionIsSupported(protocolVariant, vrange->max) && -+ ssl3_VersionIsSupportedByCode(protocolVariant, vrange->min) && -+ ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max) && - (vrange->min > SSL_LIBRARY_VERSION_3_0 || - vrange->max < SSL_LIBRARY_VERSION_TLS_1_3); - } - - const SECItem * - SSL_PeerSignedCertTimestamps(PRFileDesc *fd) - { - sslSocket *ss = ssl_FindSocket(fd); -@@ -2329,60 +2332,116 @@ SSL_VersionRangeGetSupported(SSLProtocol - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch (protocolVariant) { - case ssl_variant_stream: - vrange->min = SSL_LIBRARY_VERSION_3_0; - vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; -- // We don't allow SSLv3 and TLSv1.3 together. -- if (vrange->max == SSL_LIBRARY_VERSION_TLS_1_3) { -- vrange->min = SSL_LIBRARY_VERSION_TLS_1_0; -- } -+ /* We don't allow SSLv3 and TLSv1.3 together. -+ * However, don't check yet, apply the policy first. -+ * Because if the effective supported range doesn't use TLS 1.3, -+ * then we don't need to increase the minimum. */ - break; - case ssl_variant_datagram: - vrange->min = SSL_LIBRARY_VERSION_TLS_1_1; - vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; - break; - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - -+ ssl3_ConstrainVariantRangeByPolicy(protocolVariant, vrange); -+ if (vrange->min == SSL_LIBRARY_VERSION_NONE) { -+ /* Library default and policy don't overlap. */ -+ return SECFailure; -+ } -+ -+ if (protocolVariant == ssl_variant_stream) { -+ /* We don't allow SSLv3 and TLSv1.3 together */ -+ if (vrange->max == SSL_LIBRARY_VERSION_TLS_1_3) { -+ vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); -+ } -+ } -+ - return SECSuccess; - } - - SECStatus - SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant, - SSLVersionRange *vrange) - { - if ((protocolVariant != ssl_variant_stream && - protocolVariant != ssl_variant_datagram) || - !vrange) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - *vrange = *VERSIONS_DEFAULTS(protocolVariant); -+ ssl3_ConstrainVariantRangeByPolicy(protocolVariant, vrange); -+ -+ if (vrange->min == SSL_LIBRARY_VERSION_NONE) { -+ /* Library default and policy don't overlap. */ -+ return SECFailure; -+ } - - return SECSuccess; - } - --SECStatus --SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant, -- const SSLVersionRange *vrange) -+static SECStatus -+ssl3_CheckRangeValidAndConstrainByPolicy(SSLProtocolVariant protocolVariant, -+ SSLVersionRange *vrange) - { - if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) { - PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); - return SECFailure; - } - -- *VERSIONS_DEFAULTS(protocolVariant) = *vrange; -- -+ /* Try to adjust the received range using our policy. -+ * If there's overlap, we'll use the (possibly reduced) range. -+ * If there isn't overlap, it's failure. */ -+ -+ ssl3_ConstrainVariantRangeByPolicy(protocolVariant, vrange); -+ if (vrange->min == SSL_LIBRARY_VERSION_NONE) { -+ return SECFailure; -+ } -+ -+ if (protocolVariant == ssl_variant_stream) { -+ /* We don't allow SSLv3 and TLSv1.3 together */ -+ if (vrange->max == SSL_LIBRARY_VERSION_TLS_1_3) { -+ vrange->min = -+ PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); -+ } -+ } -+ -+ return SECSuccess; -+} -+ -+SECStatus -+SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant, -+ const SSLVersionRange *vrange) -+{ -+ SSLVersionRange constrainedRange; -+ SECStatus rv; -+ -+ if (!vrange) { -+ PORT_SetError(SEC_ERROR_INVALID_ARGS); -+ return SECFailure; -+ } -+ -+ constrainedRange = *vrange; -+ rv = ssl3_CheckRangeValidAndConstrainByPolicy(protocolVariant, -+ &constrainedRange); -+ if (rv != SECSuccess) -+ return rv; -+ -+ *VERSIONS_DEFAULTS(protocolVariant) = constrainedRange; - return SECSuccess; - } - - SECStatus - SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange) - { - sslSocket *ss = ssl_FindSocket(fd); - -@@ -2406,41 +2465,50 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLV - ssl_Release1stHandshakeLock(ss); - - return SECSuccess; - } - - SECStatus - SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) - { -- sslSocket *ss = ssl_FindSocket(fd); -- -+ SSLVersionRange constrainedRange; -+ sslSocket *ss; -+ SECStatus rv; -+ -+ if (!vrange) { -+ PORT_SetError(SEC_ERROR_INVALID_ARGS); -+ return SECFailure; -+ } -+ -+ ss = ssl_FindSocket(fd); - if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_VersionRangeSet", - SSL_GETPID(), fd)); - return SECFailure; - } - -- if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) { -- PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); -- return SECFailure; -- } -+ constrainedRange = *vrange; -+ rv = ssl3_CheckRangeValidAndConstrainByPolicy(ss->protocolVariant, -+ &constrainedRange); -+ if (rv != SECSuccess) -+ return rv; - - ssl_Get1stHandshakeLock(ss); - ssl_GetSSL3HandshakeLock(ss); - - if (ss->ssl3.downgradeCheckVersion && - ss->vrange.max > ss->ssl3.downgradeCheckVersion) { - PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); - ssl_ReleaseSSL3HandshakeLock(ss); - ssl_Release1stHandshakeLock(ss); - return SECFailure; - } - -- ss->vrange = *vrange; -+ ss->vrange = constrainedRange; - - ssl_ReleaseSSL3HandshakeLock(ss); - ssl_Release1stHandshakeLock(ss); - - return SECSuccess; - } - - SECStatus -diff --git a/gtests/ssl_gtest/Makefile b/gtests/ssl_gtest/Makefile ---- a/gtests/ssl_gtest/Makefile -+++ b/gtests/ssl_gtest/Makefile -@@ -32,16 +32,18 @@ CFLAGS += -I$(CORE_DEPTH)/lib/ssl - ifdef NSS_SSL_ENABLE_ZLIB - include $(CORE_DEPTH)/coreconf/zlib.mk - endif - - ifdef NSS_DISABLE_TLS_1_3 - NSS_DISABLE_TLS_1_3=1 - # Run parameterized tests only, for which we can easily exclude TLS 1.3 - CPPSRCS := $(filter-out $(shell grep -l '^TEST_F' $(CPPSRCS)), $(CPPSRCS)) -+# But always include ssl_versionpolicy_unittest.cc -+CPPSRCS += ssl_versionpolicy_unittest.cc - CFLAGS += -DNSS_DISABLE_TLS_1_3 - endif - - ####################################################################### - # (5) Execute "global" rules. (OPTIONAL) # - ####################################################################### - - include $(CORE_DEPTH)/coreconf/rules.mk -diff --git a/gtests/ssl_gtest/manifest.mn b/gtests/ssl_gtest/manifest.mn ---- a/gtests/ssl_gtest/manifest.mn -+++ b/gtests/ssl_gtest/manifest.mn -@@ -33,16 +33,17 @@ CPPSRCS = \ - ssl_hrr_unittest.cc \ - ssl_loopback_unittest.cc \ - ssl_record_unittest.cc \ - ssl_resumption_unittest.cc \ - ssl_skip_unittest.cc \ - ssl_staticrsa_unittest.cc \ - ssl_v2_client_hello_unittest.cc \ - ssl_version_unittest.cc \ -+ ssl_versionpolicy_unittest.cc \ - test_io.cc \ - tls_agent.cc \ - tls_connect.cc \ - tls_hkdf_unittest.cc \ - tls_filter.cc \ - tls_parser.cc \ - tls_protect.cc \ - $(NULL) -diff --git a/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc b/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc -new file mode 100644 ---- /dev/null -+++ b/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc -@@ -0,0 +1,281 @@ -+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -+/* vim: set ts=2 et sw=2 tw=80: */ -+/* This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this file, -+ * You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -+#include "nss.h" -+#include "secerr.h" -+#include "ssl.h" -+#include "ssl3prot.h" -+#include "sslerr.h" -+#include "sslproto.h" -+ -+#include "gtest_utils.h" -+#include "scoped_ptrs.h" -+#include "tls_connect.h" -+#include "tls_filter.h" -+#include "tls_parser.h" -+ -+static bool SSLVersionRangesAreEqual(SSLVersionRange &vr1, -+ SSLVersionRange &vr2) { -+ return vr1.min == vr2.min && vr1.max == vr2.max; -+} -+ -+namespace nss_test { -+ -+class TestVersionRangePolicy : public ::testing::Test { -+ protected: -+ PRInt32 savedMinTLS; -+ PRInt32 savedMaxTLS; -+ PRInt32 savedMinDTLS; -+ PRInt32 savedMaxDTLS; -+ PRUint32 savedAlgorithmPolicy; -+ -+ public: -+ void SaveOriginalPolicy() { -+ NSS_OptionGet(NSS_TLS_VERSION_MIN_POLICY, &savedMinTLS); -+ NSS_OptionGet(NSS_TLS_VERSION_MAX_POLICY, &savedMaxTLS); -+ NSS_OptionGet(NSS_DTLS_VERSION_MIN_POLICY, &savedMinDTLS); -+ NSS_OptionGet(NSS_DTLS_VERSION_MAX_POLICY, &savedMaxDTLS); -+ NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, &savedAlgorithmPolicy); -+ } -+ void SetUsePolicyInSSL() { -+ NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, 0); -+ } -+ void RestoreOriginalPolicy() { -+ NSS_OptionSet(NSS_TLS_VERSION_MIN_POLICY, savedMinTLS); -+ NSS_OptionSet(NSS_TLS_VERSION_MAX_POLICY, savedMaxTLS); -+ NSS_OptionSet(NSS_DTLS_VERSION_MIN_POLICY, savedMinDTLS); -+ NSS_OptionSet(NSS_DTLS_VERSION_MAX_POLICY, savedMaxDTLS); -+ /* If it wasn't set initially, clear the bit that we set. */ -+ if (!(savedAlgorithmPolicy & NSS_USE_POLICY_IN_SSL)) { -+ NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, 0, -+ NSS_USE_POLICY_IN_SSL); -+ } -+ } -+ void SetTLSPolicy(SSLVersionRange &policy) { -+ NSS_OptionSet(NSS_TLS_VERSION_MIN_POLICY, policy.min); -+ NSS_OptionSet(NSS_TLS_VERSION_MAX_POLICY, policy.max); -+ } -+ void SetDTLSPolicy(SSLVersionRange &policy) { -+ /* SSL3 isn't allowed for DTLS, but isn't a problem to allow by policy */ -+ NSS_OptionSet(NSS_DTLS_VERSION_MIN_POLICY, policy.min); -+ NSS_OptionSet(NSS_DTLS_VERSION_MAX_POLICY, policy.max); -+ } -+ std::string version_to_string(PRInt32 v) { -+ switch (v) { -+ case SSL_LIBRARY_VERSION_3_0: -+ return "ssl3"; -+ case SSL_LIBRARY_VERSION_TLS_1_0: -+ return "tls1.0"; -+ case SSL_LIBRARY_VERSION_TLS_1_1: -+ return "tls1.1"; -+ case SSL_LIBRARY_VERSION_TLS_1_2: -+ return "tls1.2"; -+ case SSL_LIBRARY_VERSION_TLS_1_3: -+ return "tls1.3"; -+ case SSL_LIBRARY_VERSION_NONE: -+ return "NONE"; -+ } -+ return "undefined???"; -+ } -+ std::string info_str(const SSLVersionRange &policy, -+ const SSLVersionRange &vrange, -+ const SSLVersionRange *expectation, -+ const SSLVersionRange *result, bool testDTLS) { -+ return std::string(testDTLS ? "DTLS" : "TLS") + std::string(" policy: ") + -+ version_to_string(policy.min) + std::string(",") + -+ version_to_string(policy.max) + std::string(" input: ") + -+ version_to_string(vrange.min) + std::string(",") + -+ version_to_string(vrange.max) + -+ (expectation -+ ? (std::string(" expected: ") + -+ version_to_string(expectation->min) + std::string(",") + -+ version_to_string(expectation->max)) -+ : std::string()) + -+ (result -+ ? (std::string(" result: ") + version_to_string(result->min) + -+ std::string(",") + version_to_string(result->max)) -+ : std::string()); -+ } -+ void TestPolicyRangeExpectation(SSLVersionRange &policy, -+ SSLVersionRange &vrange, -+ SSLVersionRange &expectation, bool testDTLS) { -+ SECStatus rv; -+ -+ SetTLSPolicy(policy); -+ rv = SSL_VersionRangeSetDefault(ssl_variant_stream, &vrange); -+ EXPECT_EQ(SECSuccess, rv) -+ << "expected successful return from SSL_VersionRangeSetDefault with: " -+ << info_str(policy, vrange, &expectation, NULL, false); -+ -+ SSLVersionRange result; -+ rv = SSL_VersionRangeGetDefault(ssl_variant_stream, &result); -+ EXPECT_EQ(SECSuccess, rv) -+ << "expected successful return from SSL_VersionRangeGetDefault: " -+ << info_str(policy, vrange, &expectation, NULL, false); -+ -+ EXPECT_EQ(true, SSLVersionRangesAreEqual(result, expectation)) -+ << "range returned by SSL_VersionRangeGetDefault doesn't match " -+ "expectation: " -+ << info_str(policy, vrange, &expectation, &result, false); -+ -+ if (testDTLS) { -+ SetDTLSPolicy(policy); -+ rv = SSL_VersionRangeSetDefault(ssl_variant_datagram, &vrange); -+ EXPECT_EQ(SECSuccess, rv) -+ << "expected successful return from SSL_VersionRangeSetDefault with: " -+ << info_str(policy, vrange, &expectation, NULL, true); -+ -+ SSLVersionRange result; -+ rv = SSL_VersionRangeGetDefault(ssl_variant_datagram, &result); -+ EXPECT_EQ(SECSuccess, rv) -+ << "expected successful return from SSL_VersionRangeGetDefault: " -+ << info_str(policy, vrange, &expectation, NULL, true); -+ -+ EXPECT_EQ(true, SSLVersionRangesAreEqual(result, expectation)) -+ << "range returned by SSL_VersionRangeGetDefault doesn't match " -+ "expectation: " -+ << info_str(policy, vrange, &expectation, &result, true); -+ } -+ } -+ void TestPolicyRangeFailure(SSLVersionRange &policy, SSLVersionRange &vrange, -+ bool testDTLS) { -+ SECStatus rv; -+ -+ SetTLSPolicy(policy); -+ rv = SSL_VersionRangeSetDefault(ssl_variant_stream, &vrange); -+ EXPECT_EQ(SECFailure, rv) -+ << "expected failure return from SSL_VersionRangeSetDefault with: " -+ << info_str(policy, vrange, NULL, NULL, false); -+ -+ if (testDTLS) { -+ SetDTLSPolicy(policy); -+ rv = SSL_VersionRangeSetDefault(ssl_variant_datagram, &vrange); -+ EXPECT_EQ(SECFailure, rv) -+ << "expected failure return from SSL_VersionRangeSetDefault with: " -+ << info_str(policy, vrange, NULL, NULL, true); -+ } -+ } -+ void Run() { -+ SaveOriginalPolicy(); -+ SetUsePolicyInSSL(); -+ -+#ifndef NSS_DISABLE_TLS_1_3 -+ SSLVersionRange range3to13{SSL_LIBRARY_VERSION_3_0, -+ SSL_LIBRARY_VERSION_TLS_1_3}; -+ SSLVersionRange range10to13{SSL_LIBRARY_VERSION_TLS_1_0, -+ SSL_LIBRARY_VERSION_TLS_1_3}; -+ SSLVersionRange range11to13{SSL_LIBRARY_VERSION_TLS_1_1, -+ SSL_LIBRARY_VERSION_TLS_1_3}; -+ SSLVersionRange range12to13{SSL_LIBRARY_VERSION_TLS_1_2, -+ SSL_LIBRARY_VERSION_TLS_1_3}; -+ SSLVersionRange range13to13{SSL_LIBRARY_VERSION_TLS_1_3, -+ SSL_LIBRARY_VERSION_TLS_1_3}; -+#endif -+ -+ SSLVersionRange range3to12{SSL_LIBRARY_VERSION_3_0, -+ SSL_LIBRARY_VERSION_TLS_1_2}; -+ SSLVersionRange range10to12{SSL_LIBRARY_VERSION_TLS_1_0, -+ SSL_LIBRARY_VERSION_TLS_1_2}; -+ SSLVersionRange range11to12{SSL_LIBRARY_VERSION_TLS_1_1, -+ SSL_LIBRARY_VERSION_TLS_1_2}; -+ SSLVersionRange range12to12{SSL_LIBRARY_VERSION_TLS_1_2, -+ SSL_LIBRARY_VERSION_TLS_1_2}; -+ -+ SSLVersionRange range3to11{SSL_LIBRARY_VERSION_3_0, -+ SSL_LIBRARY_VERSION_TLS_1_1}; -+ SSLVersionRange range10to11{SSL_LIBRARY_VERSION_TLS_1_0, -+ SSL_LIBRARY_VERSION_TLS_1_1}; -+ SSLVersionRange range11to11{SSL_LIBRARY_VERSION_TLS_1_1, -+ SSL_LIBRARY_VERSION_TLS_1_1}; -+ -+ SSLVersionRange range3to10{SSL_LIBRARY_VERSION_3_0, -+ SSL_LIBRARY_VERSION_TLS_1_0}; -+ SSLVersionRange range10to10{SSL_LIBRARY_VERSION_TLS_1_0, -+ SSL_LIBRARY_VERSION_TLS_1_0}; -+ -+ SSLVersionRange range3to3{SSL_LIBRARY_VERSION_3_0, SSL_LIBRARY_VERSION_3_0}; -+ -+// When testing SSL3 or TLS1.0, we set "test DTLS" to false. -+ -+#ifndef NSS_DISABLE_TLS_1_3 -+ // Invalid range input (cannot enable both SSL3 and TLS1.3) -+ TestPolicyRangeFailure(range3to13, range3to13, false); -+#endif -+ -+ // No overlap between policy and range input -+ TestPolicyRangeFailure(range11to11, range10to10, false); -+ TestPolicyRangeFailure(range11to11, range12to12, true); -+ TestPolicyRangeFailure(range10to12, range3to3, false); -+#ifndef NSS_DISABLE_TLS_1_3 -+ TestPolicyRangeFailure(range10to12, range13to13, true); -+#endif -+ -+ // straightforward overlap tests -+ -+ TestPolicyRangeExpectation(range3to11, range10to12, range10to11, false); -+ TestPolicyRangeExpectation(range10to12, range10to12, range10to12, false); -+ -+ TestPolicyRangeExpectation(range11to12, range10to12, range11to12, false); -+ TestPolicyRangeExpectation(range11to12, range11to12, range11to12, true); -+ -+ TestPolicyRangeExpectation(range12to12, range10to12, range12to12, false); -+ -+ TestPolicyRangeExpectation(range3to12, range3to3, range3to3, false); -+ TestPolicyRangeExpectation(range3to12, range3to10, range3to10, false); -+ TestPolicyRangeExpectation(range3to12, range3to11, range3to11, false); -+ TestPolicyRangeExpectation(range3to12, range3to12, range3to12, false); -+ TestPolicyRangeExpectation(range3to12, range10to10, range10to10, false); -+ TestPolicyRangeExpectation(range3to12, range10to11, range10to11, false); -+ TestPolicyRangeExpectation(range3to12, range10to12, range10to12, false); -+ TestPolicyRangeExpectation(range3to12, range11to11, range11to11, true); -+ TestPolicyRangeExpectation(range3to12, range11to12, range11to12, true); -+ TestPolicyRangeExpectation(range3to12, range12to12, range12to12, true); -+ -+ TestPolicyRangeExpectation(range10to12, range3to10, range10to10, false); -+ TestPolicyRangeExpectation(range10to12, range3to11, range10to11, false); -+ TestPolicyRangeExpectation(range10to12, range3to12, range10to12, false); -+ TestPolicyRangeExpectation(range10to12, range10to10, range10to10, false); -+ TestPolicyRangeExpectation(range10to12, range10to11, range10to11, false); -+ TestPolicyRangeExpectation(range10to12, range10to12, range10to12, false); -+ TestPolicyRangeExpectation(range10to12, range11to11, range11to11, true); -+ TestPolicyRangeExpectation(range10to12, range11to12, range11to12, true); -+ TestPolicyRangeExpectation(range10to12, range12to12, range12to12, true); -+ -+#ifndef NSS_DISABLE_TLS_1_3 -+ TestPolicyRangeExpectation(range3to12, range10to13, range10to12, false); -+ TestPolicyRangeExpectation(range10to13, range10to13, range10to13, false); -+ -+ TestPolicyRangeExpectation(range11to13, range10to13, range11to13, false); -+ TestPolicyRangeExpectation(range11to13, range11to13, range11to13, true); -+ -+ TestPolicyRangeExpectation(range12to13, range10to13, range12to13, false); -+ TestPolicyRangeExpectation(range12to13, range11to13, range12to13, true); -+ TestPolicyRangeExpectation(range12to13, range12to13, range12to13, true); -+ -+ TestPolicyRangeExpectation(range3to13, range3to3, range3to3, false); -+ TestPolicyRangeExpectation(range3to13, range3to10, range3to10, false); -+ TestPolicyRangeExpectation(range3to13, range3to11, range3to11, false); -+ TestPolicyRangeExpectation(range3to13, range3to12, range3to12, false); -+ TestPolicyRangeExpectation(range3to13, range10to10, range10to10, false); -+ TestPolicyRangeExpectation(range3to13, range10to11, range10to11, false); -+ TestPolicyRangeExpectation(range3to13, range10to12, range10to12, false); -+ TestPolicyRangeExpectation(range3to13, range10to13, range10to13, false); -+ TestPolicyRangeExpectation(range3to13, range11to11, range11to11, true); -+ TestPolicyRangeExpectation(range3to13, range11to12, range11to12, true); -+ TestPolicyRangeExpectation(range3to13, range12to12, range12to12, true); -+ TestPolicyRangeExpectation(range3to13, range12to13, range12to13, true); -+ TestPolicyRangeExpectation(range3to13, range13to13, range13to13, true); -+#endif -+ -+ RestoreOriginalPolicy(); -+ } -+}; -+ -+TEST_F(TestVersionRangePolicy, TestVersionRangesAndCryptoPolicyInteraction) { -+ Run(); -+} -+ -+} // namespace nss_test diff --git a/nss-gcc7.patch b/nss-gcc7.patch deleted file mode 100644 index a224c35..0000000 --- a/nss-gcc7.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c.gcc7 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c ---- nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c.gcc7 2017-02-08 14:34:04.212655936 +0100 -+++ nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c 2017-02-08 14:37:33.326388891 +0100 -@@ -89,7 +89,7 @@ pkix_pl_OcspRequest_Hashcode( - PKIX_HASHCODE(ocspRq->signerCert, &signerHash, plContext, - PKIX_CERTHASHCODEFAILED); - -- *pHashcode = (((((extensionHash << 8) || certHash) << 8) || -+ *pHashcode = ((PKIX_UInt32)(((PKIX_UInt32)((extensionHash << 8) || certHash) << 8) || - dateHash) << 8) || signerHash; - - cleanup: diff --git a/gtests-split-v5.patch b/nss-gtests-split.patch similarity index 70% rename from gtests-split-v5.patch rename to nss-gtests-split.patch index e8e9f85..6c6e04e 100644 --- a/gtests-split-v5.patch +++ b/nss-gtests-split.patch @@ -1,6 +1,14 @@ -diff -up nss/cmd/platlibs.mk.gtests-split nss/cmd/platlibs.mk ---- nss/cmd/platlibs.mk.gtests-split 2017-06-02 10:47:41.000000000 +0200 -+++ nss/cmd/platlibs.mk 2017-06-02 10:54:18.707290028 +0200 +# HG changeset patch +# User Daiki Ueno +# Date 1496306850 -7200 +# Thu Jun 01 10:47:30 2017 +0200 +# Node ID a15755b99b544dc9643f6e3e7c3b36825112c5b2 +# Parent d20ee6560caf7c8ed6640583791700451fe06921 +Bug 1280846 - tests: adjust gtests to compile under modular builds, r=franziskus + +diff --git a/cmd/platlibs.mk b/cmd/platlibs.mk +--- a/cmd/platlibs.mk ++++ b/cmd/platlibs.mk @@ -32,6 +32,12 @@ else DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) endif @@ -79,43 +87,11 @@ diff -up nss/cmd/platlibs.mk.gtests-split nss/cmd/platlibs.mk ifdef SOFTOKEN_LIB_DIR ifdef NSS_USE_SYSTEM_FREEBL -diff -up nss/cpputil/scoped_ptrs_base.h.gtests-split nss/cpputil/scoped_ptrs_base.h ---- nss/cpputil/scoped_ptrs_base.h.gtests-split 2017-06-02 10:54:18.707290028 +0200 -+++ nss/cpputil/scoped_ptrs_base.h 2017-06-02 10:54:18.707290028 +0200 -@@ -0,0 +1,29 @@ -+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -+/* vim: set ts=2 et sw=2 tw=80: */ -+/* This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this file, -+ * You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -+#ifndef scoped_ptrs_base_h__ -+#define scoped_ptrs_base_h__ -+ -+#include -+ -+template -+struct ScopedDelete { -+ void operator()(T*); -+}; -+ -+template -+struct ScopedMaybeDelete { -+ void operator()(T* ptr) { -+ if (ptr) { -+ ScopedDelete del; -+ del(ptr); -+ } -+ } -+}; -+ -+#define SCOPED(x) typedef std::unique_ptr > Scoped##x -+ -+#endif // scoped_ptrs_base_h__ -diff -up nss/cpputil/scoped_ptrs_util.h.gtests-split nss/cpputil/scoped_ptrs_util.h ---- nss/cpputil/scoped_ptrs_util.h.gtests-split 2017-06-02 10:54:18.707290028 +0200 -+++ nss/cpputil/scoped_ptrs_util.h 2017-06-02 11:03:10.361102513 +0200 -@@ -0,0 +1,41 @@ +diff --git a/cpputil/scoped_ptrs_util.h b/cpputil/scoped_ptrs_util.h +new file mode 100644 +--- /dev/null ++++ b/cpputil/scoped_ptrs_util.h +@@ -0,0 +1,39 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public @@ -125,41 +101,55 @@ diff -up nss/cpputil/scoped_ptrs_util.h.gtests-split nss/cpputil/scoped_ptrs_uti +#ifndef scoped_ptrs_util_h__ +#define scoped_ptrs_util_h__ + -+#include "scoped_ptrs_base.h" -+ -+#include "nspr.h" -+#include "secitem.h" ++#include ++#include "pkcs11uri.h" +#include "secoid.h" + -+template <> -+struct ScopedDelete { -+ void operator()(PRFileDesc* fd) { PR_Close(fd); } -+}; -+ -+template <> -+struct ScopedDelete { -+ void operator()(SECItem* item) { SECITEM_FreeItem(item, true); } -+}; -+ -+template <> -+struct ScopedDelete { ++struct ScopedDelete { + void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); } -+}; -+ -+template <> -+struct ScopedDelete { ++ void operator()(SECItem* item) { SECITEM_FreeItem(item, true); } ++ void operator()(PK11URI* uri) { PK11URI_DestroyURI(uri); } + void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); } +}; + -+SCOPED(PRFileDesc); -+SCOPED(SECItem); ++template ++struct ScopedMaybeDelete { ++ void operator()(T* ptr) { ++ if (ptr) { ++ ScopedDelete del; ++ del(ptr); ++ } ++ } ++}; ++ ++#define SCOPED(x) typedef std::unique_ptr > Scoped##x ++ +SCOPED(SECAlgorithmID); -+SCOPED(PLArenaPool); ++SCOPED(SECItem); ++SCOPED(PK11URI); ++ ++#undef SCOPED + +#endif // scoped_ptrs_util_h__ -diff -up nss/gtests/common/gtests-util.cc.gtests-split nss/gtests/common/gtests-util.cc ---- nss/gtests/common/gtests-util.cc.gtests-split 2017-06-02 10:54:18.707290028 +0200 -+++ nss/gtests/common/gtests-util.cc 2017-06-02 10:54:18.707290028 +0200 +diff --git a/gtests/certhigh_gtest/manifest.mn b/gtests/certhigh_gtest/manifest.mn +--- a/gtests/certhigh_gtest/manifest.mn ++++ b/gtests/certhigh_gtest/manifest.mn +@@ -14,9 +14,9 @@ INCLUDES += -I$(CORE_DEPTH)/gtests/googl + -I$(CORE_DEPTH)/gtests/common \ + -I$(CORE_DEPTH)/cpputil + +-REQUIRES = nspr nss libdbm gtest ++REQUIRES = nspr gtest + + PROGRAM = certhigh_gtest + + EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \ +- ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX) ++ $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) +diff --git a/gtests/common/gtests-util.cc b/gtests/common/gtests-util.cc +new file mode 100644 +--- /dev/null ++++ b/gtests/common/gtests-util.cc @@ -0,0 +1,26 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, @@ -187,9 +177,9 @@ diff -up nss/gtests/common/gtests-util.cc.gtests-split nss/gtests/common/gtests- + + return rv; +} -diff -up nss/gtests/common/manifest.mn.gtests-split nss/gtests/common/manifest.mn ---- nss/gtests/common/manifest.mn.gtests-split 2017-04-20 16:25:50.000000000 +0200 -+++ nss/gtests/common/manifest.mn 2017-06-02 10:54:18.707290028 +0200 +diff --git a/gtests/common/manifest.mn b/gtests/common/manifest.mn +--- a/gtests/common/manifest.mn ++++ b/gtests/common/manifest.mn @@ -6,9 +6,13 @@ CORE_DEPTH = ../.. DEPTH = ../.. MODULE = nss @@ -214,9 +204,9 @@ diff -up nss/gtests/common/manifest.mn.gtests-split nss/gtests/common/manifest.m - -# NOTE: this is not actually used but required to build gtests.o -PROGRAM = gtests -diff -up nss/gtests/der_gtest/der_getint_unittest.cc.gtests-split nss/gtests/der_gtest/der_getint_unittest.cc ---- nss/gtests/der_gtest/der_getint_unittest.cc.gtests-split 2017-04-20 16:25:50.000000000 +0200 -+++ nss/gtests/der_gtest/der_getint_unittest.cc 2017-06-02 10:54:18.708290005 +0200 +diff --git a/gtests/der_gtest/der_getint_unittest.cc b/gtests/der_gtest/der_getint_unittest.cc +--- a/gtests/der_gtest/der_getint_unittest.cc ++++ b/gtests/der_gtest/der_getint_unittest.cc @@ -4,14 +4,13 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ @@ -235,28 +225,46 @@ diff -up nss/gtests/der_gtest/der_getint_unittest.cc.gtests-split nss/gtests/der namespace nss_test { -diff -up nss/gtests/der_gtest/der_gtest.gyp.gtests-split nss/gtests/der_gtest/der_gtest.gyp ---- nss/gtests/der_gtest/der_gtest.gyp.gtests-split 2017-06-02 10:54:18.708290005 +0200 -+++ nss/gtests/der_gtest/der_gtest.gyp 2017-06-02 11:03:35.778519718 +0200 +diff --git a/gtests/der_gtest/der_gtest.gyp b/gtests/der_gtest/der_gtest.gyp +--- a/gtests/der_gtest/der_gtest.gyp ++++ b/gtests/der_gtest/der_gtest.gyp @@ -12,7 +12,6 @@ 'type': 'executable', 'sources': [ 'der_getint_unittest.cc', - 'der_private_key_import_unittest.cc', + 'der_quickder_unittest.cc', '<(DEPTH)/gtests/common/gtests.cc' ], - 'dependencies': [ -diff -up nss/gtests/der_gtest/manifest.mn.gtests-split nss/gtests/der_gtest/manifest.mn ---- nss/gtests/der_gtest/manifest.mn.gtests-split 2017-04-20 16:25:50.000000000 +0200 -+++ nss/gtests/der_gtest/manifest.mn 2017-06-02 11:03:55.137075847 +0200 -@@ -8,16 +8,15 @@ MODULE = nss +diff --git a/gtests/der_gtest/der_quickder_unittest.cc b/gtests/der_gtest/der_quickder_unittest.cc +--- a/gtests/der_gtest/der_quickder_unittest.cc ++++ b/gtests/der_gtest/der_quickder_unittest.cc +@@ -7,11 +7,12 @@ + #include + + #include "gtest/gtest.h" +-#include "scoped_ptrs.h" ++#include "scoped_ptrs_util.h" + + #include "nss.h" + #include "prerror.h" + #include "secasn1.h" ++#include "secder.h" + #include "secerr.h" + #include "secitem.h" + +diff --git a/gtests/der_gtest/manifest.mn b/gtests/der_gtest/manifest.mn +--- a/gtests/der_gtest/manifest.mn ++++ b/gtests/der_gtest/manifest.mn +@@ -8,7 +8,6 @@ MODULE = nss CPPSRCS = \ der_getint_unittest.cc \ - der_private_key_import_unittest.cc \ + der_quickder_unittest.cc \ $(NULL) - INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ +@@ -16,9 +15,9 @@ INCLUDES += -I$(CORE_DEPTH)/gtests/googl -I$(CORE_DEPTH)/gtests/common \ -I$(CORE_DEPTH)/cpputil @@ -268,9 +276,9 @@ diff -up nss/gtests/der_gtest/manifest.mn.gtests-split nss/gtests/der_gtest/mani EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \ - ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX) + $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) -diff -up nss/gtests/pk11_gtest/manifest.mn.gtests-split nss/gtests/pk11_gtest/manifest.mn ---- nss/gtests/pk11_gtest/manifest.mn.gtests-split 2017-04-20 16:25:50.000000000 +0200 -+++ nss/gtests/pk11_gtest/manifest.mn 2017-06-02 10:54:18.708290005 +0200 +diff --git a/gtests/pk11_gtest/manifest.mn b/gtests/pk11_gtest/manifest.mn +--- a/gtests/pk11_gtest/manifest.mn ++++ b/gtests/pk11_gtest/manifest.mn @@ -16,6 +16,7 @@ CPPSRCS = \ pk11_prf_unittest.cc \ pk11_prng_unittest.cc \ @@ -286,9 +294,10 @@ diff -up nss/gtests/pk11_gtest/manifest.mn.gtests-split nss/gtests/pk11_gtest/ma - ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX) + $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) -diff -up nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc.gtests-split nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc ---- nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc.gtests-split 2017-06-02 10:54:18.708290005 +0200 -+++ nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc 2017-06-02 10:54:18.708290005 +0200 +diff --git a/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc b/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc +new file mode 100644 +--- /dev/null ++++ b/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc @@ -0,0 +1,110 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ @@ -400,10 +409,10 @@ diff -up nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc.gtests-sp +} + +} // namespace nss_test -diff -up nss/gtests/pk11_gtest/pk11_gtest.gyp.gtests-split nss/gtests/pk11_gtest/pk11_gtest.gyp ---- nss/gtests/pk11_gtest/pk11_gtest.gyp.gtests-split 2017-04-20 16:25:50.000000000 +0200 -+++ nss/gtests/pk11_gtest/pk11_gtest.gyp 2017-06-02 10:54:18.708290005 +0200 -@@ -19,6 +19,7 @@ +diff --git a/gtests/pk11_gtest/pk11_gtest.gyp b/gtests/pk11_gtest/pk11_gtest.gyp +--- a/gtests/pk11_gtest/pk11_gtest.gyp ++++ b/gtests/pk11_gtest/pk11_gtest.gyp +@@ -20,6 +20,7 @@ 'pk11_prf_unittest.cc', 'pk11_prng_unittest.cc', 'pk11_rsapss_unittest.cc', @@ -411,19 +420,19 @@ diff -up nss/gtests/pk11_gtest/pk11_gtest.gyp.gtests-split nss/gtests/pk11_gtest '<(DEPTH)/gtests/common/gtests.cc' ], 'dependencies': [ -diff -up nss/gtests/util_gtest/manifest.mn.gtests-split nss/gtests/util_gtest/manifest.mn ---- nss/gtests/util_gtest/manifest.mn.gtests-split 2017-04-20 16:25:50.000000000 +0200 -+++ nss/gtests/util_gtest/manifest.mn 2017-06-02 10:54:18.708290005 +0200 -@@ -24,5 +24,5 @@ PROGRAM = util_gtest +diff --git a/gtests/util_gtest/manifest.mn b/gtests/util_gtest/manifest.mn +--- a/gtests/util_gtest/manifest.mn ++++ b/gtests/util_gtest/manifest.mn +@@ -25,5 +25,5 @@ PROGRAM = util_gtest EXTRA_LIBS = \ $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \ $(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \ - ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \ $(NULL) -diff -up nss/gtests/util_gtest/util_b64_unittest.cc.gtests-split nss/gtests/util_gtest/util_b64_unittest.cc ---- nss/gtests/util_gtest/util_b64_unittest.cc.gtests-split 2017-04-20 16:25:50.000000000 +0200 -+++ nss/gtests/util_gtest/util_b64_unittest.cc 2017-06-02 10:54:18.708290005 +0200 +diff --git a/gtests/util_gtest/util_b64_unittest.cc b/gtests/util_gtest/util_b64_unittest.cc +--- a/gtests/util_gtest/util_b64_unittest.cc ++++ b/gtests/util_gtest/util_b64_unittest.cc @@ -9,7 +9,7 @@ #include "nssb64.h" @@ -433,9 +442,21 @@ diff -up nss/gtests/util_gtest/util_b64_unittest.cc.gtests-split nss/gtests/util namespace nss_test { -diff -up nss/tests/gtests/gtests.sh.gtests-split nss/tests/gtests/gtests.sh ---- nss/tests/gtests/gtests.sh.gtests-split 2017-04-20 16:25:50.000000000 +0200 -+++ nss/tests/gtests/gtests.sh 2017-06-02 10:54:18.708290005 +0200 +diff --git a/gtests/util_gtest/util_pkcs11uri_unittest.cc b/gtests/util_gtest/util_pkcs11uri_unittest.cc +--- a/gtests/util_gtest/util_pkcs11uri_unittest.cc ++++ b/gtests/util_gtest/util_pkcs11uri_unittest.cc +@@ -9,7 +9,7 @@ + #include "pkcs11uri.h" + + #include "gtest/gtest.h" +-#include "scoped_ptrs.h" ++#include "scoped_ptrs_util.h" + + namespace nss_test { + +diff --git a/tests/gtests/gtests.sh b/tests/gtests/gtests.sh +--- a/tests/gtests/gtests.sh ++++ b/tests/gtests/gtests.sh @@ -24,7 +24,7 @@ gtest_init() { cd "$(dirname "$1")" diff --git a/nss-skip-util-gtest.patch b/nss-skip-util-gtest.patch index 8858f4d..5a14a44 100644 --- a/nss-skip-util-gtest.patch +++ b/nss-skip-util-gtest.patch @@ -1,10 +1,10 @@ diff -up nss/gtests/manifest.mn.skip_util_gtest nss/gtests/manifest.mn ---- nss/gtests/manifest.mn.skip_util_gtest 2017-04-20 16:25:50.000000000 +0200 -+++ nss/gtests/manifest.mn 2017-06-02 12:36:48.278269769 +0200 -@@ -8,8 +8,6 @@ DEPTH = .. - DIRS = \ - google_test \ +--- nss/gtests/manifest.mn.skip_util_gtest 2017-06-21 17:40:39.997865113 +0200 ++++ nss/gtests/manifest.mn 2017-06-21 17:40:52.554579498 +0200 +@@ -10,8 +10,6 @@ DIRS = \ common \ + certdb_gtest \ + certhigh_gtest \ - der_gtest \ - util_gtest \ pk11_gtest \ diff --git a/nss.spec b/nss.spec index 0721835..7d1f14b 100644 --- a/nss.spec +++ b/nss.spec @@ -1,6 +1,6 @@ -%global nspr_version 4.14.0 -%global nss_util_version 3.30.2 -%global nss_softokn_version 3.30.2 +%global nspr_version 4.15.0 +%global nss_util_version 3.31.0 +%global nss_softokn_version 3.31.0 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv" @@ -18,10 +18,10 @@ Summary: Network Security Services Name: nss -Version: 3.30.2 +Version: 3.31.0 # for Rawhide, please always use release >= 2 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...) -Release: 3%{?dist} +Release: 2%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -111,9 +111,7 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520 Patch59: nss-check-policy-file.patch Patch62: nss-skip-util-gtest.patch -Patch63: nss-gcc7.patch -Patch65: nss-1328318-v8-3.30.patch -Patch66: gtests-split-v5.patch +Patch66: nss-gtests-split.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -197,8 +195,6 @@ low level services. pushd nss %patch59 -p1 -b .check_policy_file %patch62 -p1 -b .skip_util_gtest -%patch63 -p1 -b .gcc7 -%patch65 -p1 -b .1328318 %patch66 -p1 -b .gtests-split popd @@ -801,6 +797,9 @@ fi %changelog +* Wed Jun 21 2017 Daiki Ueno - 3.31.0-2 +- Rebase to NSS 3.31.0 + * Fri Jun 2 2017 Daiki Ueno - 3.30.2-3 - Enable gtests diff --git a/sources b/sources index c8ab401..e86c29f 100644 --- a/sources +++ b/sources @@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403 SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310 -SHA512 (nss-3.30.2.tar.gz) = 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500 +SHA512 (nss-3.31.0.tar.gz) = 9f59c5013021c2718b7132b47610a63414e53ccc99054a405383e7d980c4e03634daea6e9cb04424ba7c1e52dc416f651059d2909c232cccefc85c54c38994ad