From 6887e03df9ba17a976e5244a6f92cacc0fd2145c Mon Sep 17 00:00:00 2001 From: Kai Engert Date: Fri, 25 Jan 2008 12:29:12 +0000 Subject: [PATCH] NSS 3.12 Beta 1 --- .cvsignore | 5 +- nss-config.in | 8 ++ nss-create-obj.patch | 173 ------------------------------------------- nss-unix_rand.patch | 64 ---------------- nss.pc.in | 2 +- nss.spec | 30 +++----- sources | 4 +- 7 files changed, 23 insertions(+), 263 deletions(-) delete mode 100644 nss-create-obj.patch delete mode 100644 nss-unix_rand.patch diff --git a/.cvsignore b/.cvsignore index 1a4c968..0c536eb 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,3 +1,2 @@ -nss-3.11.99.2-stripped.tar.bz2 -nss-pem.tar.gz -nss-3.11.99.2b-stripped.tar.bz2 +nss-3.11.99.3-stripped.tar.bz2 +nss-pem-20080124.tar.bz2 diff --git a/nss-config.in b/nss-config.in index 51fb056..f8f893e 100644 --- a/nss-config.in +++ b/nss-config.in @@ -20,6 +20,7 @@ Options: [--cflags] Dynamic Libraries: nss + nssutil ssl smime EOF @@ -33,6 +34,7 @@ fi lib_ssl=yes lib_smime=yes lib_nss=yes +lib_nssutil=yes while test $# -gt 0; do case "$1" in @@ -83,6 +85,9 @@ while test $# -gt 0; do nss) lib_nss=yes ;; + nssutil) + lib_nssutil=yes + ;; *) usage 1 1>&2 ;; @@ -132,6 +137,9 @@ if test "$echo_libs" = "yes"; then if test -n "$lib_nss"; then libdirs="$libdirs -lnss${major_version}" fi + if test -n "$lib_nssutil"; then + libdirs="$libdirs -lnssutil${major_version}" + fi echo $libdirs fi diff --git a/nss-create-obj.patch b/nss-create-obj.patch deleted file mode 100644 index 537e9a1..0000000 --- a/nss-create-obj.patch +++ /dev/null @@ -1,173 +0,0 @@ -diff -up mozilla/security/nss/lib/nss/nss.def.createobj mozilla/security/nss/lib/nss/nss.def ---- mozilla/security/nss/lib/nss/nss.def.createobj 2007-11-06 14:11:40.000000000 +0100 -+++ mozilla/security/nss/lib/nss/nss.def 2007-11-06 14:11:59.000000000 +0100 -@@ -913,8 +913,10 @@ CERT_FindCRLEntryReasonExten; - CERT_FindCRLNumberExten; - CERT_FindNameConstraintsExten; - CERT_PKIXVerifyCert; -+PK11_CreateGenericObject; - PK11_GenerateKeyPairWithOpFlags; - PK11_GetAllSlotsForCert; -+PK11_WriteRawAttribute; - SECKEY_ECParamsToBasePointOrderLen; - SECKEY_ECParamsToKeySize; - SECMOD_DeleteModuleEx; -Index: mozilla/security/nss/lib/pk11wrap/pk11obj.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11obj.c,v -retrieving revision 1.11.2.3 -diff -u -r1.11.2.3 pk11obj.c ---- mozilla/security/nss/lib/pk11wrap/pk11obj.c 5 Jan 2007 09:44:05 -0000 1.11.2.3 -+++ mozilla/security/nss/lib/pk11wrap/pk11obj.c 9 May 2007 20:58:17 -0000 -@@ -388,7 +388,7 @@ - - SECStatus - PK11_CreateNewObject(PK11SlotInfo *slot, CK_SESSION_HANDLE session, -- CK_ATTRIBUTE *theTemplate, int count, -+ const CK_ATTRIBUTE *theTemplate, int count, - PRBool token, CK_OBJECT_HANDLE *objectID) - { - CK_SESSION_HANDLE rwsession; -@@ -1306,7 +1306,7 @@ - PK11_DestroyGenericObject(objects); - } - /* delete all the objects before it in the list */ -- for (objects = prevObject; objects; objects = nextObject) { -+ for (objects = prevObject; objects; objects = prevObject) { - prevObject = objects->prev; - PK11_DestroyGenericObject(objects); - } -@@ -1314,6 +1314,96 @@ - } - - -+/* -+ * Hand Create a new object and return the Generic object for our new object. -+ */ -+PK11GenericObject * -+PK11_CreateGenericObject(PK11SlotInfo *slot, const CK_ATTRIBUTE *template_, -+ int count, PRBool token) -+{ -+ CK_OBJECT_HANDLE objectID; -+ PK11GenericObject *obj; -+ CK_RV crv; -+ -+ PK11_EnterSlotMonitor(slot); -+ crv = PK11_CreateNewObject(slot, slot->session, template_, count, -+ token, &objectID); -+ PK11_ExitSlotMonitor(slot); -+ if (crv != CKR_OK) { -+ PORT_SetError(PK11_MapError(crv)); -+ return NULL; -+ } -+ -+ obj = PORT_New(PK11GenericObject); -+ if ( !obj ) { -+ /* error set by PORT_New */ -+ return NULL; -+ } -+ -+ /* initialize it */ -+ obj->slot = PK11_ReferenceSlot(slot); -+ obj->objectID = objectID; -+ obj->next = NULL; -+ obj->prev = NULL; -+ return obj; -+} -+ -+/* -+ * Change an attribute on a raw object -+ */ -+SECStatus -+PK11_WriteRawAttribute(PK11ObjectType objType, void *objSpec, -+ CK_ATTRIBUTE_TYPE attrType, SECItem *item) -+{ -+ PK11SlotInfo *slot = NULL; -+ CK_OBJECT_HANDLE handle; -+ CK_ATTRIBUTE setTemplate; -+ CK_RV crv; -+ CK_SESSION_HANDLE rwsession; -+ -+ switch (objType) { -+ case PK11_TypeGeneric: -+ slot = ((PK11GenericObject *)objSpec)->slot; -+ handle = ((PK11GenericObject *)objSpec)->objectID; -+ break; -+ case PK11_TypePrivKey: -+ slot = ((SECKEYPrivateKey *)objSpec)->pkcs11Slot; -+ handle = ((SECKEYPrivateKey *)objSpec)->pkcs11ID; -+ break; -+ case PK11_TypePubKey: -+ slot = ((SECKEYPublicKey *)objSpec)->pkcs11Slot; -+ handle = ((SECKEYPublicKey *)objSpec)->pkcs11ID; -+ break; -+ case PK11_TypeSymKey: -+ slot = ((PK11SymKey *)objSpec)->slot; -+ handle = ((PK11SymKey *)objSpec)->objectID; -+ break; -+ case PK11_TypeCert: /* don't handle cert case for now */ -+ default: -+ break; -+ } -+ if (slot == NULL) { -+ PORT_SetError(SEC_ERROR_UNKNOWN_OBJECT_TYPE); -+ return SECFailure; -+ } -+ -+ PK11_SETATTRS(&setTemplate, attrType, (CK_CHAR *) item->data, item->len); -+ rwsession = PK11_GetRWSession(slot); -+ if (rwsession == CK_INVALID_SESSION) { -+ PORT_SetError(SEC_ERROR_BAD_DATA); -+ return SECFailure; -+ } -+ crv = PK11_GETTAB(slot)->C_SetAttributeValue(rwsession, handle, -+ &setTemplate, 1); -+ PK11_RestoreROSession(slot, rwsession); -+ if (crv != CKR_OK) { -+ PORT_SetError(PK11_MapError(crv)); -+ return SECFailure; -+ } -+ return SECSuccess; -+} -+ -+ - SECStatus - PK11_ReadRawAttribute(PK11ObjectType objType, void *objSpec, - CK_ATTRIBUTE_TYPE attrType, SECItem *item) -Index: mozilla/security/nss/lib/pk11wrap/pk11pub.h -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11pub.h,v -retrieving revision 1.14.2.1 -diff -u -r1.14.2.1 pk11pub.h ---- mozilla/security/nss/lib/pk11wrap/pk11pub.h 2 Mar 2006 00:12:27 -0000 1.14.2.1 -+++ mozilla/security/nss/lib/pk11wrap/pk11pub.h 9 May 2007 20:58:17 -0000 -@@ -688,8 +688,13 @@ - PK11GenericObject *object); - SECStatus PK11_DestroyGenericObjects(PK11GenericObject *object); - SECStatus PK11_DestroyGenericObject(PK11GenericObject *object); -+PK11GenericObject *PK11_CreateGenericObject(PK11SlotInfo *slot, -+ const CK_ATTRIBUTE *template_, -+ int count, PRBool token); - SECStatus PK11_ReadRawAttribute(PK11ObjectType type, void *object, - CK_ATTRIBUTE_TYPE attr, SECItem *item); -+SECStatus PK11_WriteRawAttribute(PK11ObjectType type, void *object, -+ CK_ATTRIBUTE_TYPE attr, SECItem *item); - - - /********************************************************************** -Index: mozilla/security/nss/lib/pk11wrap/secmodi.h -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/secmodi.h,v -retrieving revision 1.23 -diff -u -r1.23 secmodi.h ---- mozilla/security/nss/lib/pk11wrap/secmodi.h 9 Sep 2005 02:03:57 -0000 1.23 -+++ mozilla/security/nss/lib/pk11wrap/secmodi.h 9 May 2007 20:58:17 -0000 -@@ -105,7 +105,7 @@ - #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ - (x)->pValue=(v); (x)->ulValueLen = (l); - SECStatus PK11_CreateNewObject(PK11SlotInfo *slot, CK_SESSION_HANDLE session, -- CK_ATTRIBUTE *theTemplate, int count, -+ const CK_ATTRIBUTE *theTemplate, int count, - PRBool token, CK_OBJECT_HANDLE *objectID); - - SECStatus pbe_PK11AlgidToParam(SECAlgorithmID *algid,SECItem *mech); diff --git a/nss-unix_rand.patch b/nss-unix_rand.patch deleted file mode 100644 index d215d09..0000000 --- a/nss-unix_rand.patch +++ /dev/null @@ -1,64 +0,0 @@ -Index: mozilla/security/nss/lib/freebl/unix_rand.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/freebl/unix_rand.c,v -retrieving revision 1.25 -retrieving revision 1.28 -diff -u -r1.25 -r1.28 ---- mozilla/security/nss/lib/freebl/unix_rand.c 25 Jul 2007 22:54:35 -0000 1.25 -+++ mozilla/security/nss/lib/freebl/unix_rand.c 3 Dec 2007 21:07:01 -0000 1.28 -@@ -866,7 +866,8 @@ - /* if the child hasn't exited, kill it -- we're done with its output */ - while ((rv = waitpid(pid, &status, WNOHANG)) == -1 && errno == EINTR) - ; -- if (rv == 0 && kill(pid, SIGKILL) == 0) { -+ if (rv == 0) { -+ kill(pid, SIGKILL); - while ((rv = waitpid(pid, &status, 0)) == -1 && errno == EINTR) - ; - } -@@ -921,15 +922,6 @@ - }; - #endif - --#ifdef DO_PS --For now it is considered that it is too expensive to run the ps command --for the small amount of entropy it provides. --#if defined(__sun) && (!defined(__svr4) && !defined(SVR4)) || defined(bsdi) || defined(LINUX) -- static char ps_cmd[] = "ps aux"; --#else -- static char ps_cmd[] = "ps -el"; --#endif --#endif /* DO_PS */ - #if defined(BSDI) - static char netstat_ni_cmd[] = "netstat -nis"; - #else -@@ -980,9 +972,12 @@ - * in a pthreads environment. Therefore, we call safe_popen last and on - * BSD/OS we do not call safe_popen when we succeeded in getting data - * from /dev/urandom. -+ * -+ * Bug 174993: LINUX provides /dev/urandom, don't fork netstat -+ * if data has been gathered successfully - */ - --#ifdef BSDI -+#if defined(BSDI) || defined(LINUX) - if (bytes) - return; - #endif -@@ -1010,15 +1005,6 @@ - } - #endif - --#ifdef DO_PS -- fp = safe_popen(ps_cmd); -- if (fp != NULL) { -- while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0) -- RNG_RandomUpdate(buf, bytes); -- safe_pclose(fp); -- } --#endif -- - #ifdef DO_NETSTAT - fp = safe_popen(netstat_ni_cmd); - if (fp != NULL) { diff --git a/nss.pc.in b/nss.pc.in index dddf868..d47b9e1 100644 --- a/nss.pc.in +++ b/nss.pc.in @@ -7,5 +7,5 @@ Name: NSS Description: Network Security Services Version: %NSS_VERSION% Requires: nspr >= %NSPR_VERSION% -Libs: -lssl3 -lsmime3 -lnss3 +Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3 Cflags: -I${includedir} diff --git a/nss.spec b/nss.spec index 25384d1..75e3ab2 100644 --- a/nss.spec +++ b/nss.spec @@ -3,8 +3,8 @@ Summary: Network Security Services Name: nss -Version: 3.11.99.2b -Release: 3%{?dist} +Version: 3.11.99.3 +Release: 1%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -26,13 +26,11 @@ Source3: blank-cert8.db Source4: blank-key3.db Source5: blank-secmod.db Source8: nss-prelink.conf -Source12: %{name}-pem.tar.gz +Source12: %{name}-pem-20080124.tar.bz2 Patch1: nss-no-rpath.patch Patch2: nss-nolocalsql.patch -Patch3: nss-unix_rand.patch Patch6: nss-enable-pem.patch -Patch7: nss-create-obj.patch %description @@ -87,9 +85,7 @@ low level services. %patch1 -p0 %patch2 -p0 -%patch3 -p0 %patch6 -p0 -b .libpem -%patch7 -p0 -b .create-obj %build @@ -170,7 +166,8 @@ chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config %{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory} # Copy the binary libraries we want -for file in libsoftokn3.so libfreebl3.so libnss3.so libssl3.so libsmime3.so libnssckbi.so libnsspem.so libnssdbm3.so +for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \ + libssl3.so libsmime3.so libnssckbi.so libnsspem.so libnssdbm3.so do %{__install} -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_lib} done @@ -205,18 +202,6 @@ do %{__install} -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} done -# For now, we don't want any pkix files to be public -for file in mozilla/dist/public/nss/pkix*.h -do - rm $file -done - -# For now, we don't want these files to be public -for file in sdb.h sftkdbt.h -do - rm mozilla/dist/public/nss/$file -done - # Copy the include files we want for file in mozilla/dist/public/nss/*.h do @@ -241,6 +226,7 @@ done %files %defattr(-,root,root) /%{_lib}/libnss3.so +/%{_lib}/libnssutil3.so /%{_lib}/libnssdbm3.so /%{_lib}/libssl3.so /%{_lib}/libsmime3.so @@ -368,6 +354,7 @@ done %{_includedir}/nss3/sslerr.h %{_includedir}/nss3/sslproto.h %{_includedir}/nss3/sslt.h +%{_includedir}/nss3/utilrename.h %{_includedir}/nss3/watcomfx.h @@ -388,6 +375,9 @@ done %changelog +* Thu Jan 24 2008 Kai Engert - 3.11.99.3-1 +* NSS 3.12 Beta 1 + * Mon Jan 07 2008 Kai Engert - 3.11.99.2b-3 - move .so files to /lib diff --git a/sources b/sources index c6d228b..56c2b2f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -d656d49b02fe756bae4942acc90f61a4 nss-pem.tar.gz -0c946e2c95e6896e9f9792a9596afeb6 nss-3.11.99.2b-stripped.tar.bz2 +8edfbf85d062c648da0acd146b45db0a nss-3.11.99.3-stripped.tar.bz2 +084675e4f793ed82e1ba78f76745ada8 nss-pem-20080124.tar.bz2