From 1850759856ce02a456b2f4f0b8cbb17016a7d359 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Fri, 4 Feb 2011 15:20:54 -0800 Subject: [PATCH 01/15] - Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships --- nss-recurse.patch | 17 +++++++++++++++++ nss.spec | 11 +++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 nss-recurse.patch diff --git a/nss-recurse.patch b/nss-recurse.patch new file mode 100644 index 0000000..999d906 --- /dev/null +++ b/nss-recurse.patch @@ -0,0 +1,17 @@ +Handle decoding of one CMS structure inside another. Plain data as the +top-level item in a message needs work. + +diff -ur ./mozilla/security/nss/lib/smime/cmsdecode.c ./mozilla/security/nss/lib/smime/cmsdecode.c +--- ./mozilla/security/nss/lib/smime/cmsdecode.c 2010-12-23 13:03:41.000000000 -0500 ++++ ./mozilla/security/nss/lib/smime/cmsdecode.c 2011-01-12 15:22:22.245908999 -0500 +@@ -307,6 +307,9 @@ + if (childp7dcx->content.pointer == NULL) + goto loser; + ++ /* give the parent a copy of the pointer so that it doesn't get lost */ ++ cinfo->content.pointer = childp7dcx->content.pointer; ++ + /* start the child decoder */ + childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer, + template); + diff --git a/nss.spec b/nss.spec index 0ed8a30..17055a3 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 4%{?dist} +Release: 5%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -44,6 +44,7 @@ Patch6: nss-enable-pem.patch Patch7: nsspem-642433.patch Patch11: honor-user-trust-preferences.patch Patch12: allow-content-types-beyond-smime.patch +Patch13: nss-recurse.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -117,6 +118,7 @@ low level services. %patch7 -p0 -b .642433 %patch11 -p1 -b .643134 %patch12 -p1 -b .contenttypes +%patch13 -p1 -b .recurse %build @@ -358,7 +360,8 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoidt.h rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secport.h rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilrename.h -#remove header shipped in nss-softokn-devel +#remove the nss-softokn-devel and nss-softokn-freebl-devel headers +rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/alghmac.h rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/blapit.h rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/ecl-exp.h rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/hasht.h @@ -492,6 +495,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %{_libdir}/libnssckfw.a %changelog +* Fri Feb 04 2011 Elio Maldonado - 3.12.9-5 +- Fix the earlier infinite recursion patch (#499444) +- Remove a header that now nss-softokn-freebl-devel ships + * Tue Feb 01 2011 Elio Maldonado - 3.12.9-4 - Fix infinite recursion when encoding NSS enveloped/digested data (#499444) From 40064d520458e6d59bd992010b8513e149f5b6b0 Mon Sep 17 00:00:00 2001 From: Christopher Aillon Date: Tue, 8 Feb 2011 09:39:11 -0800 Subject: [PATCH 02/15] Revert patches for 499444 since they use a C++ reserved word and cause compilation of Firefox to fail --- nss.spec | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/nss.spec b/nss.spec index 17055a3..38d220e 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 5%{?dist} +Release: 6%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -117,8 +117,8 @@ low level services. %patch6 -p0 -b .libpem %patch7 -p0 -b .642433 %patch11 -p1 -b .643134 -%patch12 -p1 -b .contenttypes -%patch13 -p1 -b .recurse +#%patch12 -p1 -b .contenttypes +#%patch13 -p1 -b .recurse %build @@ -495,6 +495,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %{_libdir}/libnssckfw.a %changelog +* Tue Feb 08 2011 Christopher Aillon - 3.12.9-6 +- Revert patches for 499444 as they use a C++ reserved word and + cause compilation of Firefox to fail + * Fri Feb 04 2011 Elio Maldonado - 3.12.9-5 - Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships From cab275f8b6a72cf64c464d7c751d47d414934d69 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Tue, 8 Feb 2011 11:48:11 -0800 Subject: [PATCH 03/15] - Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444 --- dont-use-cpp-reserved-word.patch | 455 +++++++++++++++++++++++++++++++ nss.spec | 12 +- 2 files changed, 464 insertions(+), 3 deletions(-) create mode 100644 dont-use-cpp-reserved-word.patch diff --git a/dont-use-cpp-reserved-word.patch b/dont-use-cpp-reserved-word.patch new file mode 100644 index 0000000..cbfc9d0 --- /dev/null +++ b/dont-use-cpp-reserved-word.patch @@ -0,0 +1,455 @@ +Index: ./mozilla/security/nss/lib/smime/cmscinfo.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmscinfo.c,v +retrieving revision 1.7.192.2 +diff -u -p -r1.7.192.2 cmscinfo.c +--- ./mozilla/security/nss/lib/smime/cmscinfo.c 1 Feb 2011 00:33:23 -0000 1.7.192.2 ++++ ./mozilla/security/nss/lib/smime/cmscinfo.c 8 Feb 2011 17:12:24 -0000 +@@ -56,27 +56,27 @@ + SECStatus + NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo) + { +- if (cinfo->private) { ++ if (cinfo->privateInfo) { + return SECSuccess; + } +- cinfo->private = PORT_ZNew(NSSCMSContentInfoPrivate); +- return (cinfo->private) ? SECSuccess: SECFailure; ++ cinfo->privateInfo = PORT_ZNew(NSSCMSContentInfoPrivate); ++ return (cinfo->privateInfo) ? SECSuccess: SECFailure; + } + + + static void +-nss_cmsContentInfo_private_destroy(NSSCMSContentInfoPrivate *private) ++nss_cmsContentInfo_private_destroy(NSSCMSContentInfoPrivate *privateInfo) + { +- if (private->digcx) { ++ if (privateInfo->digcx) { + /* must destroy digest objects */ +- NSS_CMSDigestContext_Cancel(private->digcx); +- private->digcx = NULL; ++ NSS_CMSDigestContext_Cancel(privateInfo->digcx); ++ privateInfo->digcx = NULL; + } +- if (private->ciphcx) { +- NSS_CMSCipherContext_Destroy(private->ciphcx); +- private->ciphcx = NULL; ++ if (privateInfo->ciphcx) { ++ NSS_CMSCipherContext_Destroy(privateInfo->ciphcx); ++ privateInfo->ciphcx = NULL; + } +- PORT_Free(private); ++ PORT_Free(privateInfo); + } + + /* +@@ -106,9 +106,9 @@ NSS_CMSContentInfo_Destroy(NSSCMSContent + /* XXX Anything else that needs to be "manually" freed/destroyed? */ + break; + } +- if (cinfo->private) { +- nss_cmsContentInfo_private_destroy(cinfo->private); +- cinfo->private = NULL; ++ if (cinfo->privateInfo) { ++ nss_cmsContentInfo_private_destroy(cinfo->privateInfo); ++ cinfo->privateInfo = NULL; + } + if (cinfo->bulkkey) { + PK11_FreeSymKey(cinfo->bulkkey); +@@ -153,7 +153,7 @@ NSS_CMSContentInfo_GetChildContentInfo(N + } + break; + } +- if (ccinfo && !ccinfo->private) { ++ if (ccinfo && !ccinfo->privateInfo) { + NSS_CMSContentInfo_Private_Init(ccinfo); + } + return ccinfo; +@@ -169,7 +169,7 @@ NSS_CMSContentInfo_SetDontStream(NSSCMSC + /* default is streaming, failure to get ccinfo will not effect this */ + return dontStream ? SECFailure : SECSuccess ; + } +- cinfo->private->dontStream = dontStream; ++ cinfo->privateInfo->dontStream = dontStream; + return SECSuccess; + } + +Index: ./mozilla/security/nss/lib/smime/cmsdecode.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmsdecode.c,v +retrieving revision 1.9.66.2 +diff -u -p -r1.9.66.2 cmsdecode.c +--- ./mozilla/security/nss/lib/smime/cmsdecode.c 28 Jan 2011 23:08:27 -0000 1.9.66.2 ++++ ./mozilla/security/nss/lib/smime/cmsdecode.c 8 Feb 2011 17:12:24 -0000 +@@ -455,7 +455,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC + goto loser; + } + +- if (cinfo->private && cinfo->private->ciphcx != NULL) { ++ if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) { + /* + * we are decrypting. + * +@@ -469,7 +469,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC + unsigned int buflen; /* length available for decrypted data */ + + /* find out about the length of decrypted data */ +- buflen = NSS_CMSCipherContext_DecryptLength(cinfo->private->ciphcx, len, final); ++ buflen = NSS_CMSCipherContext_DecryptLength(cinfo->privateInfo->ciphcx, len, final); + + /* + * it might happen that we did not provide enough data for a full +@@ -500,7 +500,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC + * any output (see above), but we still need to call NSS_CMSCipherContext_Decrypt to + * keep track of incoming data + */ +- rv = NSS_CMSCipherContext_Decrypt(cinfo->private->ciphcx, buf, &outlen, buflen, ++ rv = NSS_CMSCipherContext_Decrypt(cinfo->privateInfo->ciphcx, buf, &outlen, buflen, + data, len, final); + if (rv != SECSuccess) { + p7dcx->error = PORT_GetError(); +@@ -520,8 +520,8 @@ nss_cms_decoder_work_data(NSSCMSDecoderC + /* + * Update the running digests with plaintext bytes (if we need to). + */ +- if (cinfo->private && cinfo->private->digcx) +- NSS_CMSDigestContext_Update(cinfo->private->digcx, data, len); ++ if (cinfo->privateInfo && cinfo->privateInfo->digcx) ++ NSS_CMSDigestContext_Update(cinfo->privateInfo->digcx, data, len); + + /* at this point, we have the plain decoded & decrypted data + ** which is either more encoded DER (which we need to hand to the child +Index: ./mozilla/security/nss/lib/smime/cmsdigdata.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmsdigdata.c,v +retrieving revision 1.5.192.1 +diff -u -p -r1.5.192.1 cmsdigdata.c +--- ./mozilla/security/nss/lib/smime/cmsdigdata.c 28 Jan 2011 23:08:27 -0000 1.5.192.1 ++++ ./mozilla/security/nss/lib/smime/cmsdigdata.c 8 Feb 2011 17:12:25 -0000 +@@ -143,8 +143,8 @@ NSS_CMSDigestedData_Encode_BeforeData(NS + /* set up the digests */ + if (digd->digestAlg.algorithm.len != 0 && digd->digest.len == 0) { + /* if digest is already there, do nothing */ +- digd->contentInfo.private->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg)); +- if (digd->contentInfo.private->digcx == NULL) ++ digd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg)); ++ if (digd->contentInfo.privateInfo->digcx == NULL) + return SECFailure; + } + return SECSuccess; +@@ -162,12 +162,12 @@ NSS_CMSDigestedData_Encode_AfterData(NSS + { + SECStatus rv = SECSuccess; + /* did we have digest calculation going on? */ +- if (digd->contentInfo.private && digd->contentInfo.private->digcx) { +- rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.private->digcx, ++ if (digd->contentInfo.privateInfo && digd->contentInfo.privateInfo->digcx) { ++ rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.privateInfo->digcx, + digd->cmsg->poolp, + &(digd->digest)); + /* error has been set by NSS_CMSDigestContext_FinishSingle */ +- digd->contentInfo.private->digcx = NULL; ++ digd->contentInfo.privateInfo->digcx = NULL; + } + + return rv; +@@ -194,8 +194,8 @@ NSS_CMSDigestedData_Decode_BeforeData(NS + return SECFailure; + } + +- digd->contentInfo.private->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg)); +- if (digd->contentInfo.private->digcx == NULL) ++ digd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg)); ++ if (digd->contentInfo.privateInfo->digcx == NULL) + return SECFailure; + + return SECSuccess; +@@ -213,12 +213,12 @@ NSS_CMSDigestedData_Decode_AfterData(NSS + { + SECStatus rv = SECSuccess; + /* did we have digest calculation going on? */ +- if (digd->contentInfo.private && digd->contentInfo.private->digcx) { +- rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.private->digcx, ++ if (digd->contentInfo.privateInfo && digd->contentInfo.privateInfo->digcx) { ++ rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.privateInfo->digcx, + digd->cmsg->poolp, + &(digd->cdigest)); + /* error has been set by NSS_CMSDigestContext_FinishSingle */ +- digd->contentInfo.private->digcx = NULL; ++ digd->contentInfo.privateInfo->digcx = NULL; + } + + return rv; +Index: ./mozilla/security/nss/lib/smime/cmsencdata.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmsencdata.c,v +retrieving revision 1.11.56.1 +diff -u -p -r1.11.56.1 cmsencdata.c +--- ./mozilla/security/nss/lib/smime/cmsencdata.c 28 Jan 2011 23:08:27 -0000 1.11.56.1 ++++ ./mozilla/security/nss/lib/smime/cmsencdata.c 8 Feb 2011 17:12:25 -0000 +@@ -200,9 +200,9 @@ NSS_CMSEncryptedData_Encode_BeforeData(N + /* this may modify algid (with IVs generated in a token). + * it is therefore essential that algid is a pointer to the "real" contentEncAlg, + * not just to a copy */ +- cinfo->private->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid); ++ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid); + PK11_FreeSymKey(bulkkey); +- if (cinfo->private->ciphcx == NULL) ++ if (cinfo->privateInfo->ciphcx == NULL) + return SECFailure; + + return SECSuccess; +@@ -214,9 +214,9 @@ NSS_CMSEncryptedData_Encode_BeforeData(N + SECStatus + NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd) + { +- if (encd->contentInfo.private && encd->contentInfo.private->ciphcx) { +- NSS_CMSCipherContext_Destroy(encd->contentInfo.private->ciphcx); +- encd->contentInfo.private->ciphcx = NULL; ++ if (encd->contentInfo.privateInfo && encd->contentInfo.privateInfo->ciphcx) { ++ NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx); ++ encd->contentInfo.privateInfo->ciphcx = NULL; + } + + /* nothing to do after data */ +@@ -255,8 +255,8 @@ NSS_CMSEncryptedData_Decode_BeforeData(N + } + rv = SECFailure; + +- cinfo->private->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg); +- if (cinfo->private->ciphcx == NULL) ++ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg); ++ if (cinfo->privateInfo->ciphcx == NULL) + goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */ + + +@@ -275,9 +275,9 @@ loser: + SECStatus + NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd) + { +- if (encd->contentInfo.private && encd->contentInfo.private->ciphcx) { +- NSS_CMSCipherContext_Destroy(encd->contentInfo.private->ciphcx); +- encd->contentInfo.private->ciphcx = NULL; ++ if (encd->contentInfo.privateInfo && encd->contentInfo.privateInfo->ciphcx) { ++ NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx); ++ encd->contentInfo.privateInfo->ciphcx = NULL; + } + + return SECSuccess; +Index: ./mozilla/security/nss/lib/smime/cmsencode.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmsencode.c,v +retrieving revision 1.6.66.4 +diff -u -p -r1.6.66.4 cmsencode.c +--- ./mozilla/security/nss/lib/smime/cmsencode.c 1 Feb 2011 23:27:20 -0000 1.6.66.4 ++++ ./mozilla/security/nss/lib/smime/cmsencode.c 8 Feb 2011 17:12:25 -0000 +@@ -332,7 +332,7 @@ nss_cms_before_data(NSSCMSEncoderContext + * Indicate that we are streaming. We will be streaming until we + * get past the contents bytes. + */ +- if (!cinfo->private || !cinfo->private->dontStream) ++ if (!cinfo->privateInfo || !cinfo->privateInfo->dontStream) + SEC_ASN1EncoderSetStreaming(childp7ecx->ecx); + + /* +@@ -430,23 +430,23 @@ nss_cms_encoder_work_data(NSSCMSEncoderC + } + + /* Update the running digest. */ +- if (len && cinfo->private && cinfo->private->digcx != NULL) +- NSS_CMSDigestContext_Update(cinfo->private->digcx, data, len); ++ if (len && cinfo->privateInfo && cinfo->privateInfo->digcx != NULL) ++ NSS_CMSDigestContext_Update(cinfo->privateInfo->digcx, data, len); + + /* Encrypt this chunk. */ +- if (cinfo->private && cinfo->private->ciphcx != NULL) { ++ if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) { + unsigned int inlen; /* length of data being encrypted */ + unsigned int outlen; /* length of encrypted data */ + unsigned int buflen; /* length available for encrypted data */ + + inlen = len; +- buflen = NSS_CMSCipherContext_EncryptLength(cinfo->private->ciphcx, inlen, final); ++ buflen = NSS_CMSCipherContext_EncryptLength(cinfo->privateInfo->ciphcx, inlen, final); + if (buflen == 0) { + /* + * No output is expected, but the input data may be buffered + * so we still have to call Encrypt. + */ +- rv = NSS_CMSCipherContext_Encrypt(cinfo->private->ciphcx, NULL, NULL, 0, ++ rv = NSS_CMSCipherContext_Encrypt(cinfo->privateInfo->ciphcx, NULL, NULL, 0, + data, inlen, final); + if (final) { + len = 0; +@@ -463,7 +463,7 @@ nss_cms_encoder_work_data(NSSCMSEncoderC + if (buf == NULL) { + rv = SECFailure; + } else { +- rv = NSS_CMSCipherContext_Encrypt(cinfo->private->ciphcx, buf, &outlen, buflen, ++ rv = NSS_CMSCipherContext_Encrypt(cinfo->privateInfo->ciphcx, buf, &outlen, buflen, + data, inlen, final); + data = buf; + len = outlen; +@@ -484,7 +484,7 @@ nss_cms_encoder_work_data(NSSCMSEncoderC + + done: + +- if (cinfo->private && cinfo->private->ciphcx != NULL) { ++ if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) { + if (dest != NULL) { + dest->data = buf; + dest->len = len; +@@ -592,7 +592,7 @@ NSS_CMSEncoder_Start(NSSCMSMessage *cmsg + * Indicate that we are streaming. We will be streaming until we + * get past the contents bytes. + */ +- if (!cinfo->private || !cinfo->private->dontStream) ++ if (!cinfo->privateInfo || !cinfo->privateInfo->dontStream) + SEC_ASN1EncoderSetStreaming(p7ecx->ecx); + + /* +Index: ./mozilla/security/nss/lib/smime/cmsenvdata.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmsenvdata.c,v +retrieving revision 1.11.142.1 +diff -u -p -r1.11.142.1 cmsenvdata.c +--- ./mozilla/security/nss/lib/smime/cmsenvdata.c 28 Jan 2011 23:08:27 -0000 1.11.142.1 ++++ ./mozilla/security/nss/lib/smime/cmsenvdata.c 8 Feb 2011 17:12:26 -0000 +@@ -289,9 +289,9 @@ NSS_CMSEnvelopedData_Encode_BeforeData(N + /* this may modify algid (with IVs generated in a token). + * it is essential that algid is a pointer to the contentEncAlg data, not a + * pointer to a copy! */ +- cinfo->private->ciphcx = NSS_CMSCipherContext_StartEncrypt(envd->cmsg->poolp, bulkkey, algid); ++ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(envd->cmsg->poolp, bulkkey, algid); + PK11_FreeSymKey(bulkkey); +- if (cinfo->private->ciphcx == NULL) ++ if (cinfo->privateInfo->ciphcx == NULL) + return SECFailure; + + return SECSuccess; +@@ -303,9 +303,9 @@ NSS_CMSEnvelopedData_Encode_BeforeData(N + SECStatus + NSS_CMSEnvelopedData_Encode_AfterData(NSSCMSEnvelopedData *envd) + { +- if (envd->contentInfo.private && envd->contentInfo.private->ciphcx) { +- NSS_CMSCipherContext_Destroy(envd->contentInfo.private->ciphcx); +- envd->contentInfo.private->ciphcx = NULL; ++ if (envd->contentInfo.privateInfo && envd->contentInfo.privateInfo->ciphcx) { ++ NSS_CMSCipherContext_Destroy(envd->contentInfo.privateInfo->ciphcx); ++ envd->contentInfo.privateInfo->ciphcx = NULL; + } + + /* nothing else to do after data */ +@@ -338,7 +338,7 @@ NSS_CMSEnvelopedData_Decode_BeforeData(N + } + + /* look if one of OUR cert's issuerSN is on the list of recipients, and if so, */ +- /* get the cert and private key for it right away */ ++ /* get the cert and privateInfo key for it right away */ + recipient_list = nss_cms_recipient_list_create(envd->recipientInfos); + if (recipient_list == NULL) + goto loser; +@@ -390,8 +390,8 @@ NSS_CMSEnvelopedData_Decode_BeforeData(N + goto loser; + } + rv = SECFailure; +- cinfo->private->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg); +- if (cinfo->private->ciphcx == NULL) ++ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg); ++ if (cinfo->privateInfo->ciphcx == NULL) + goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */ + + +@@ -411,9 +411,9 @@ loser: + SECStatus + NSS_CMSEnvelopedData_Decode_AfterData(NSSCMSEnvelopedData *envd) + { +- if (envd && envd->contentInfo.private && envd->contentInfo.private->ciphcx) { +- NSS_CMSCipherContext_Destroy(envd->contentInfo.private->ciphcx); +- envd->contentInfo.private->ciphcx = NULL; ++ if (envd && envd->contentInfo.privateInfo && envd->contentInfo.privateInfo->ciphcx) { ++ NSS_CMSCipherContext_Destroy(envd->contentInfo.privateInfo->ciphcx); ++ envd->contentInfo.privateInfo->ciphcx = NULL; + } + + return SECSuccess; +Index: ./mozilla/security/nss/lib/smime/cmssigdata.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmssigdata.c,v +retrieving revision 1.29.142.1 +diff -u -p -r1.29.142.1 cmssigdata.c +--- ./mozilla/security/nss/lib/smime/cmssigdata.c 28 Jan 2011 23:08:27 -0000 1.29.142.1 ++++ ./mozilla/security/nss/lib/smime/cmssigdata.c 8 Feb 2011 17:12:26 -0000 +@@ -228,11 +228,11 @@ NSS_CMSSignedData_Encode_BeforeData(NSSC + } + /* set up the digests */ + if (sigd->digests && sigd->digests[0]) { +- sigd->contentInfo.private->digcx = NULL; /* don't attempt to make new ones. */ ++ sigd->contentInfo.privateInfo->digcx = NULL; /* don't attempt to make new ones. */ + } else if (sigd->digestAlgorithms != NULL) { +- sigd->contentInfo.private->digcx = ++ sigd->contentInfo.privateInfo->digcx = + NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms); +- if (sigd->contentInfo.private->digcx == NULL) ++ if (sigd->contentInfo.privateInfo->digcx == NULL) + return SECFailure; + } + return SECSuccess; +@@ -272,11 +272,11 @@ NSS_CMSSignedData_Encode_AfterData(NSSCM + cinfo = &(sigd->contentInfo); + + /* did we have digest calculation going on? */ +- if (cinfo->private && cinfo->private->digcx) { +- rv = NSS_CMSDigestContext_FinishMultiple(cinfo->private->digcx, poolp, ++ if (cinfo->privateInfo && cinfo->privateInfo->digcx) { ++ rv = NSS_CMSDigestContext_FinishMultiple(cinfo->privateInfo->digcx, poolp, + &(sigd->digests)); + /* error has been set by NSS_CMSDigestContext_FinishMultiple */ +- cinfo->private->digcx = NULL; ++ cinfo->privateInfo->digcx = NULL; + if (rv != SECSuccess) + goto loser; + } +@@ -409,8 +409,8 @@ NSS_CMSSignedData_Decode_BeforeData(NSSC + /* set up the digests */ + if (sigd->digestAlgorithms != NULL && sigd->digests == NULL) { + /* if digests are already there, do nothing */ +- sigd->contentInfo.private->digcx = NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms); +- if (sigd->contentInfo.private->digcx == NULL) ++ sigd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms); ++ if (sigd->contentInfo.privateInfo->digcx == NULL) + return SECFailure; + } + return SECSuccess; +@@ -431,11 +431,11 @@ NSS_CMSSignedData_Decode_AfterData(NSSCM + } + + /* did we have digest calculation going on? */ +- if (sigd->contentInfo.private && sigd->contentInfo.private->digcx) { +- rv = NSS_CMSDigestContext_FinishMultiple(sigd->contentInfo.private->digcx, ++ if (sigd->contentInfo.privateInfo && sigd->contentInfo.privateInfo->digcx) { ++ rv = NSS_CMSDigestContext_FinishMultiple(sigd->contentInfo.privateInfo->digcx, + sigd->cmsg->poolp, &(sigd->digests)); + /* error set by NSS_CMSDigestContext_FinishMultiple */ +- sigd->contentInfo.private->digcx = NULL; ++ sigd->contentInfo.privateInfo->digcx = NULL; + } + return rv; + } +Index: ./mozilla/security/nss/lib/smime/cmst.h +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmst.h,v +retrieving revision 1.10.142.2 +diff -u -p -r1.10.142.2 cmst.h +--- ./mozilla/security/nss/lib/smime/cmst.h 1 Feb 2011 00:33:23 -0000 1.10.142.2 ++++ ./mozilla/security/nss/lib/smime/cmst.h 8 Feb 2011 17:12:26 -0000 +@@ -182,7 +182,7 @@ struct NSSCMSContentInfoStr { + * (only used by creation code) */ + SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm + * (only used by creation code) */ +- NSSCMSContentInfoPrivate *private; /* place for NSS private info */ ++ NSSCMSContentInfoPrivate *privateInfo; /* place for NSS private info */ + void *reserved; /* keep binary compatibility */ + }; + diff --git a/nss.spec b/nss.spec index 38d220e..7b17367 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 6%{?dist} +Release: 7%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -45,6 +45,7 @@ Patch7: nsspem-642433.patch Patch11: honor-user-trust-preferences.patch Patch12: allow-content-types-beyond-smime.patch Patch13: nss-recurse.patch +Patch14: dont-use-cpp-reserved-word.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -117,8 +118,9 @@ low level services. %patch6 -p0 -b .libpem %patch7 -p0 -b .642433 %patch11 -p1 -b .643134 -#%patch12 -p1 -b .contenttypes -#%patch13 -p1 -b .recurse +%patch12 -p1 -b .contenttypes +%patch13 -p1 -b .recurse +%patch14 -p1 -b .676036 %build @@ -495,6 +497,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %{_libdir}/libnssckfw.a %changelog +* Tue Feb 08 2011 Elio Maldonado - 3.12.9-7 +- Fix cms header to not use c++ reserved word (#676036) +- Reenable patches for bug 499444 + * Tue Feb 08 2011 Christopher Aillon - 3.12.9-6 - Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail From 114f631980178f7a1aa7557f2c3cd0527f3261a8 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Tue, 8 Feb 2011 19:07:37 -0600 Subject: [PATCH 04/15] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --- nss.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index 7b17367..4865cf9 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 7%{?dist} +Release: 8%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -497,6 +497,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %{_libdir}/libnssckfw.a %changelog +* Tue Feb 08 2011 Fedora Release Engineering - 3.12.9-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + * Tue Feb 08 2011 Elio Maldonado - 3.12.9-7 - Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444 From a2f27329116bb73cd1883e8088d3b84c63c04be1 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Tue, 8 Feb 2011 17:26:32 -0800 Subject: [PATCH 05/15] Temorarily revert patches for 499444 until all c++ reserved words are found and extirpated --- nss.spec | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/nss.spec b/nss.spec index 4865cf9..21ecc61 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 8%{?dist} +Release: 9%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -118,9 +118,9 @@ low level services. %patch6 -p0 -b .libpem %patch7 -p0 -b .642433 %patch11 -p1 -b .643134 -%patch12 -p1 -b .contenttypes -%patch13 -p1 -b .recurse -%patch14 -p1 -b .676036 +#%patch12 -p1 -b .contenttypes +#%patch13 -p1 -b .recurse +#%patch14 -p1 -b .676036 %build @@ -497,6 +497,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %{_libdir}/libnssckfw.a %changelog +* Tue Feb 08 2011 Elio Maldonado - 3.12.9-9 +- Revert patches for 499444 until all c++ reserved words are found and extirpated + * Tue Feb 08 2011 Fedora Release Engineering - 3.12.9-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild From 4c53349943b639776bb775bc43b223cafee6ef06 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Thu, 10 Feb 2011 11:58:38 -0800 Subject: [PATCH 06/15] - Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches --- ...patch => dont-use-cpp-reserved-words.patch | 121 +++++++++--------- nss.spec | 14 +- 2 files changed, 70 insertions(+), 65 deletions(-) rename dont-use-cpp-reserved-word.patch => dont-use-cpp-reserved-words.patch (79%) diff --git a/dont-use-cpp-reserved-word.patch b/dont-use-cpp-reserved-words.patch similarity index 79% rename from dont-use-cpp-reserved-word.patch rename to dont-use-cpp-reserved-words.patch index cbfc9d0..8c7d336 100644 --- a/dont-use-cpp-reserved-word.patch +++ b/dont-use-cpp-reserved-words.patch @@ -1,10 +1,6 @@ -Index: ./mozilla/security/nss/lib/smime/cmscinfo.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmscinfo.c,v -retrieving revision 1.7.192.2 -diff -u -p -r1.7.192.2 cmscinfo.c ---- ./mozilla/security/nss/lib/smime/cmscinfo.c 1 Feb 2011 00:33:23 -0000 1.7.192.2 -+++ ./mozilla/security/nss/lib/smime/cmscinfo.c 8 Feb 2011 17:12:24 -0000 +diff -up ./mozilla/security/nss/lib/smime/cmscinfo.c.676036 ./mozilla/security/nss/lib/smime/cmscinfo.c +--- ./mozilla/security/nss/lib/smime/cmscinfo.c.676036 2011-02-09 14:03:55.133296665 -0800 ++++ ./mozilla/security/nss/lib/smime/cmscinfo.c 2011-02-09 14:03:55.151294755 -0800 @@ -56,27 +56,27 @@ SECStatus NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo) @@ -75,14 +71,10 @@ diff -u -p -r1.7.192.2 cmscinfo.c return SECSuccess; } -Index: ./mozilla/security/nss/lib/smime/cmsdecode.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmsdecode.c,v -retrieving revision 1.9.66.2 -diff -u -p -r1.9.66.2 cmsdecode.c ---- ./mozilla/security/nss/lib/smime/cmsdecode.c 28 Jan 2011 23:08:27 -0000 1.9.66.2 -+++ ./mozilla/security/nss/lib/smime/cmsdecode.c 8 Feb 2011 17:12:24 -0000 -@@ -455,7 +455,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC +diff -up ./mozilla/security/nss/lib/smime/cmsdecode.c.676036 ./mozilla/security/nss/lib/smime/cmsdecode.c +--- ./mozilla/security/nss/lib/smime/cmsdecode.c.676036 2011-02-09 14:03:55.149294968 -0800 ++++ ./mozilla/security/nss/lib/smime/cmsdecode.c 2011-02-09 14:03:55.152294649 -0800 +@@ -458,7 +458,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC goto loser; } @@ -91,7 +83,7 @@ diff -u -p -r1.9.66.2 cmsdecode.c /* * we are decrypting. * -@@ -469,7 +469,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC +@@ -472,7 +472,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC unsigned int buflen; /* length available for decrypted data */ /* find out about the length of decrypted data */ @@ -100,7 +92,7 @@ diff -u -p -r1.9.66.2 cmsdecode.c /* * it might happen that we did not provide enough data for a full -@@ -500,7 +500,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC +@@ -503,7 +503,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC * any output (see above), but we still need to call NSS_CMSCipherContext_Decrypt to * keep track of incoming data */ @@ -109,7 +101,7 @@ diff -u -p -r1.9.66.2 cmsdecode.c data, len, final); if (rv != SECSuccess) { p7dcx->error = PORT_GetError(); -@@ -520,8 +520,8 @@ nss_cms_decoder_work_data(NSSCMSDecoderC +@@ -523,8 +523,8 @@ nss_cms_decoder_work_data(NSSCMSDecoderC /* * Update the running digests with plaintext bytes (if we need to). */ @@ -120,13 +112,9 @@ diff -u -p -r1.9.66.2 cmsdecode.c /* at this point, we have the plain decoded & decrypted data ** which is either more encoded DER (which we need to hand to the child -Index: ./mozilla/security/nss/lib/smime/cmsdigdata.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmsdigdata.c,v -retrieving revision 1.5.192.1 -diff -u -p -r1.5.192.1 cmsdigdata.c ---- ./mozilla/security/nss/lib/smime/cmsdigdata.c 28 Jan 2011 23:08:27 -0000 1.5.192.1 -+++ ./mozilla/security/nss/lib/smime/cmsdigdata.c 8 Feb 2011 17:12:25 -0000 +diff -up ./mozilla/security/nss/lib/smime/cmsdigdata.c.676036 ./mozilla/security/nss/lib/smime/cmsdigdata.c +--- ./mozilla/security/nss/lib/smime/cmsdigdata.c.676036 2011-02-09 14:03:55.134296559 -0800 ++++ ./mozilla/security/nss/lib/smime/cmsdigdata.c 2011-02-09 14:03:55.152294649 -0800 @@ -143,8 +143,8 @@ NSS_CMSDigestedData_Encode_BeforeData(NS /* set up the digests */ if (digd->digestAlg.algorithm.len != 0 && digd->digest.len == 0) { @@ -181,13 +169,9 @@ diff -u -p -r1.5.192.1 cmsdigdata.c } return rv; -Index: ./mozilla/security/nss/lib/smime/cmsencdata.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmsencdata.c,v -retrieving revision 1.11.56.1 -diff -u -p -r1.11.56.1 cmsencdata.c ---- ./mozilla/security/nss/lib/smime/cmsencdata.c 28 Jan 2011 23:08:27 -0000 1.11.56.1 -+++ ./mozilla/security/nss/lib/smime/cmsencdata.c 8 Feb 2011 17:12:25 -0000 +diff -up ./mozilla/security/nss/lib/smime/cmsencdata.c.676036 ./mozilla/security/nss/lib/smime/cmsencdata.c +--- ./mozilla/security/nss/lib/smime/cmsencdata.c.676036 2011-02-09 14:03:55.135296453 -0800 ++++ ./mozilla/security/nss/lib/smime/cmsencdata.c 2011-02-09 14:03:55.153294543 -0800 @@ -200,9 +200,9 @@ NSS_CMSEncryptedData_Encode_BeforeData(N /* this may modify algid (with IVs generated in a token). * it is therefore essential that algid is a pointer to the "real" contentEncAlg, @@ -237,13 +221,9 @@ diff -u -p -r1.11.56.1 cmsencdata.c } return SECSuccess; -Index: ./mozilla/security/nss/lib/smime/cmsencode.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmsencode.c,v -retrieving revision 1.6.66.4 -diff -u -p -r1.6.66.4 cmsencode.c ---- ./mozilla/security/nss/lib/smime/cmsencode.c 1 Feb 2011 23:27:20 -0000 1.6.66.4 -+++ ./mozilla/security/nss/lib/smime/cmsencode.c 8 Feb 2011 17:12:25 -0000 +diff -up ./mozilla/security/nss/lib/smime/cmsencode.c.676036 ./mozilla/security/nss/lib/smime/cmsencode.c +--- ./mozilla/security/nss/lib/smime/cmsencode.c.676036 2011-02-09 14:03:55.136296347 -0800 ++++ ./mozilla/security/nss/lib/smime/cmsencode.c 2011-02-09 14:03:55.154294437 -0800 @@ -332,7 +332,7 @@ nss_cms_before_data(NSSCMSEncoderContext * Indicate that we are streaming. We will be streaming until we * get past the contents bytes. @@ -309,13 +289,9 @@ diff -u -p -r1.6.66.4 cmsencode.c SEC_ASN1EncoderSetStreaming(p7ecx->ecx); /* -Index: ./mozilla/security/nss/lib/smime/cmsenvdata.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmsenvdata.c,v -retrieving revision 1.11.142.1 -diff -u -p -r1.11.142.1 cmsenvdata.c ---- ./mozilla/security/nss/lib/smime/cmsenvdata.c 28 Jan 2011 23:08:27 -0000 1.11.142.1 -+++ ./mozilla/security/nss/lib/smime/cmsenvdata.c 8 Feb 2011 17:12:26 -0000 +diff -up ./mozilla/security/nss/lib/smime/cmsenvdata.c.676036 ./mozilla/security/nss/lib/smime/cmsenvdata.c +--- ./mozilla/security/nss/lib/smime/cmsenvdata.c.676036 2011-02-09 14:03:55.137296241 -0800 ++++ ./mozilla/security/nss/lib/smime/cmsenvdata.c 2011-02-09 14:03:55.155294331 -0800 @@ -289,9 +289,9 @@ NSS_CMSEnvelopedData_Encode_BeforeData(N /* this may modify algid (with IVs generated in a token). * it is essential that algid is a pointer to the contentEncAlg data, not a @@ -374,13 +350,21 @@ diff -u -p -r1.11.142.1 cmsenvdata.c } return SECSuccess; -Index: ./mozilla/security/nss/lib/smime/cmssigdata.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmssigdata.c,v -retrieving revision 1.29.142.1 -diff -u -p -r1.29.142.1 cmssigdata.c ---- ./mozilla/security/nss/lib/smime/cmssigdata.c 28 Jan 2011 23:08:27 -0000 1.29.142.1 -+++ ./mozilla/security/nss/lib/smime/cmssigdata.c 8 Feb 2011 17:12:26 -0000 +diff -up ./mozilla/security/nss/lib/smime/cms.h.676036 ./mozilla/security/nss/lib/smime/cms.h +--- ./mozilla/security/nss/lib/smime/cms.h.676036 2011-02-09 14:05:46.178513159 -0800 ++++ ./mozilla/security/nss/lib/smime/cms.h 2011-02-09 14:35:29.675010023 -0800 +@@ -1171,7 +1171,7 @@ NSS_CMSDEREncode(NSSCMSMessage *cmsg, SE + * against that data structure. + */ + SECStatus NSS_CMSType_RegisterContentType(SECOidTag type, +- SEC_ASN1Template *template, size_t size, ++ SEC_ASN1Template *asn1Template, size_t size, + NSSCMSGenericWrapperDataDestroy destroy, + NSSCMSGenericWrapperDataCallback decode_before, + NSSCMSGenericWrapperDataCallback decode_after, +diff -up ./mozilla/security/nss/lib/smime/cmssigdata.c.676036 ./mozilla/security/nss/lib/smime/cmssigdata.c +--- ./mozilla/security/nss/lib/smime/cmssigdata.c.676036 2011-02-09 14:03:55.139296029 -0800 ++++ ./mozilla/security/nss/lib/smime/cmssigdata.c 2011-02-09 14:03:55.155294331 -0800 @@ -228,11 +228,11 @@ NSS_CMSSignedData_Encode_BeforeData(NSSC } /* set up the digests */ @@ -437,13 +421,9 @@ diff -u -p -r1.29.142.1 cmssigdata.c } return rv; } -Index: ./mozilla/security/nss/lib/smime/cmst.h -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/smime/cmst.h,v -retrieving revision 1.10.142.2 -diff -u -p -r1.10.142.2 cmst.h ---- ./mozilla/security/nss/lib/smime/cmst.h 1 Feb 2011 00:33:23 -0000 1.10.142.2 -+++ ./mozilla/security/nss/lib/smime/cmst.h 8 Feb 2011 17:12:26 -0000 +diff -up ./mozilla/security/nss/lib/smime/cmst.h.676036 ./mozilla/security/nss/lib/smime/cmst.h +--- ./mozilla/security/nss/lib/smime/cmst.h.676036 2011-02-09 14:03:55.141295816 -0800 ++++ ./mozilla/security/nss/lib/smime/cmst.h 2011-02-09 14:03:55.156294225 -0800 @@ -182,7 +182,7 @@ struct NSSCMSContentInfoStr { * (only used by creation code) */ SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm @@ -453,3 +433,24 @@ diff -u -p -r1.10.142.2 cmst.h void *reserved; /* keep binary compatibility */ }; +diff -up ./mozilla/security/nss/lib/smime/cmsudf.c.676036 ./mozilla/security/nss/lib/smime/cmsudf.c +--- ./mozilla/security/nss/lib/smime/cmsudf.c.676036 2011-02-09 14:08:23.907775957 -0800 ++++ ./mozilla/security/nss/lib/smime/cmsudf.c 2011-02-09 14:36:56.043841454 -0800 +@@ -435,7 +435,7 @@ NSS_CMSGenericWrapperData_Encode_AfterDa + + SECStatus + NSS_CMSType_RegisterContentType(SECOidTag type, +- SEC_ASN1Template *template, size_t size, ++ SEC_ASN1Template *asn1Template, size_t size, + NSSCMSGenericWrapperDataDestroy destroy, + NSSCMSGenericWrapperDataCallback decode_before, + NSSCMSGenericWrapperDataCallback decode_after, +@@ -465,7 +465,7 @@ NSS_CMSType_RegisterContentType(SECOidTa + typeInfo->type =type; + typeInfo->size = size; + typeInfo->isData = isData; +- typeInfo->template = template; ++ typeInfo->template = asn1Template; + typeInfo->destroy = destroy; + typeInfo->decode_before = decode_before; + typeInfo->decode_after = decode_after; diff --git a/nss.spec b/nss.spec index 21ecc61..7c4f4b4 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 9%{?dist} +Release: 10%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -45,7 +45,7 @@ Patch7: nsspem-642433.patch Patch11: honor-user-trust-preferences.patch Patch12: allow-content-types-beyond-smime.patch Patch13: nss-recurse.patch -Patch14: dont-use-cpp-reserved-word.patch +Patch14: dont-use-cpp-reserved-words.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -118,9 +118,9 @@ low level services. %patch6 -p0 -b .libpem %patch7 -p0 -b .642433 %patch11 -p1 -b .643134 -#%patch12 -p1 -b .contenttypes -#%patch13 -p1 -b .recurse -#%patch14 -p1 -b .676036 +%patch12 -p1 -b .contenttypes +%patch13 -p1 -b .recurse +%patch14 -p1 -b .676036 %build @@ -497,6 +497,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %{_libdir}/libnssckfw.a %changelog +* Thu Feb 10 2011 Elio Maldonado - 3.12.9-10 +- Fix cms headers to not use c++ reserved words (#676036) +- Reenabling Bug 499444 patches + * Tue Feb 08 2011 Elio Maldonado - 3.12.9-9 - Revert patches for 499444 until all c++ reserved words are found and extirpated From 882fcb9fcf0e440b8d614257d78749fc10f3fd74 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Fri, 11 Feb 2011 07:56:25 -0800 Subject: [PATCH 07/15] Fix fips mode switch handling bug detected while running JSS tests Fix NSS to swap the internal key slot on fips mode switches Fix white space usage in cpp reserved words patch per reviewer request --- dont-use-cpp-reserved-words.patch | 2 +- nss.spec | 3 + swap-internal-key-slot.patch | 97 +++++++++++++++++++++++++++++++ 3 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 swap-internal-key-slot.patch diff --git a/dont-use-cpp-reserved-words.patch b/dont-use-cpp-reserved-words.patch index 8c7d336..c476494 100644 --- a/dont-use-cpp-reserved-words.patch +++ b/dont-use-cpp-reserved-words.patch @@ -12,7 +12,7 @@ diff -up ./mozilla/security/nss/lib/smime/cmscinfo.c.676036 ./mozilla/security/n - cinfo->private = PORT_ZNew(NSSCMSContentInfoPrivate); - return (cinfo->private) ? SECSuccess: SECFailure; + cinfo->privateInfo = PORT_ZNew(NSSCMSContentInfoPrivate); -+ return (cinfo->privateInfo) ? SECSuccess: SECFailure; ++ return (cinfo->privateInfo) ? SECSuccess : SECFailure; } diff --git a/nss.spec b/nss.spec index 7c4f4b4..afcb629 100644 --- a/nss.spec +++ b/nss.spec @@ -46,6 +46,7 @@ Patch11: honor-user-trust-preferences.patch Patch12: allow-content-types-beyond-smime.patch Patch13: nss-recurse.patch Patch14: dont-use-cpp-reserved-words.patch +Patch15: swap-internal-key-slot.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -121,6 +122,7 @@ low level services. %patch12 -p1 -b .contenttypes %patch13 -p1 -b .recurse %patch14 -p1 -b .676036 +%patch15 -p1 -b .jss %build @@ -500,6 +502,7 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h * Thu Feb 10 2011 Elio Maldonado - 3.12.9-10 - Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches +- Fix to swap internal key slot on fips mode switches * Tue Feb 08 2011 Elio Maldonado - 3.12.9-9 - Revert patches for 499444 until all c++ reserved words are found and extirpated diff --git a/swap-internal-key-slot.patch b/swap-internal-key-slot.patch new file mode 100644 index 0000000..ead072e --- /dev/null +++ b/swap-internal-key-slot.patch @@ -0,0 +1,97 @@ +diff -up ./mozilla/security/nss/lib/pk11wrap/pk11pars.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11pars.c +--- ./mozilla/security/nss/lib/pk11wrap/pk11pars.c.jss 2011-02-11 07:45:38.324083242 -0800 ++++ ./mozilla/security/nss/lib/pk11wrap/pk11pars.c 2011-02-11 07:48:14.514166538 -0800 +@@ -258,6 +258,19 @@ secmod_IsInternalKeySlot(SECMODModule *m + return (flags & SECMOD_FLAG_INTERNAL_KEY_SLOT) ? PR_TRUE : PR_FALSE; + } + ++void ++secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val) ++{ ++ char flags = (char) mod->internal; ++ ++ if (val) { ++ flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT; ++ } else { ++ flags &= ~SECMOD_FLAG_INTERNAL_KEY_SLOT; ++ } ++ mod->internal = flags; ++} ++ + /* forward declarations */ + static int secmod_escapeSize(const char *string, char quote); + static char *secmod_addEscape(const char *string, char quote); +diff -up ./mozilla/security/nss/lib/pk11wrap/pk11priv.h.jss ./mozilla/security/nss/lib/pk11wrap/pk11priv.h +--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h.jss 2011-02-11 07:47:45.037226877 -0800 ++++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 2011-02-11 07:48:28.854164207 -0800 +@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_ + PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot); + SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot); + void pk11_SetInternalKeySlot(PK11SlotInfo *slot); ++PK11SlotInfo *pk11_SwapInternalKeySlot(PK11SlotInfo *slot); + void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot); + + /********************************************************************* +diff -up ./mozilla/security/nss/lib/pk11wrap/pk11slot.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11slot.c +--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c.jss 2011-02-11 07:41:11.258746774 -0800 ++++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 2011-02-11 07:48:51.291595867 -0800 +@@ -1755,6 +1755,18 @@ pk11_SetInternalKeySlotIfFirst(PK11SlotI + pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL; + } + ++/* ++ * Swap out a default internal keyslot. Caller owns the Slot Reference ++ */ ++PK11SlotInfo * ++pk11_SwapInternalKeySlot(PK11SlotInfo *slot) ++{ ++ PK11SlotInfo *swap = pk11InternalKeySlot; ++ ++ pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL; ++ return swap; ++} ++ + + /* get the internal key slot. FIPS has only one slot for both key slots and + * default slots */ +diff -up ./mozilla/security/nss/lib/pk11wrap/pk11util.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11util.c +--- ./mozilla/security/nss/lib/pk11wrap/pk11util.c.jss 2011-02-11 07:40:23.748066635 -0800 ++++ ./mozilla/security/nss/lib/pk11wrap/pk11util.c 2011-02-11 07:49:19.674611909 -0800 +@@ -483,13 +483,25 @@ SECMOD_DeleteInternalModule(const char * + NULL, SECMOD_FIPS_FLAGS); + } + if (newModule) { ++ PK11SlotInfo *slot; + newModule->libraryParams = + PORT_ArenaStrdup(newModule->arena,mlp->module->libraryParams); ++ /* if an explicit internal key slot has been set, reset it */ ++ slot = pk11_SwapInternalKeySlot(NULL); ++ if (slot) { ++ secmod_SetInternalKeySlotFlag(newModule, PR_TRUE); ++ } + rv = SECMOD_AddModule(newModule); + if (rv != SECSuccess) { ++ /* load failed, restore the internal key slot */ ++ pk11_SetInternalKeySlot(slot); + SECMOD_DestroyModule(newModule); + newModule = NULL; + } ++ /* free the old explicit internal key slot, we now have a new one */ ++ if (slot) { ++ PK11_FreeSlot(slot); ++ } + } + if (newModule == NULL) { + SECMODModuleList *last = NULL,*mlp2; +diff -up ./mozilla/security/nss/lib/pk11wrap/secmodi.h.jss ./mozilla/security/nss/lib/pk11wrap/secmodi.h +--- ./mozilla/security/nss/lib/pk11wrap/secmodi.h.jss 2011-02-11 07:39:04.685590962 -0800 ++++ ./mozilla/security/nss/lib/pk11wrap/secmodi.h 2011-02-11 07:49:28.120021571 -0800 +@@ -90,6 +90,8 @@ SECStatus secmod_LoadPKCS11Module(SECMOD + SECStatus SECMOD_UnloadModule(SECMODModule *); + void SECMOD_SetInternalModule(SECMODModule *); + PRBool secmod_IsInternalKeySlot(SECMODModule *); ++void secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val); ++ + + /* tools for checking if we are loading the same database twice */ + typedef struct SECMODConfigListStr SECMODConfigList; From a8a5670437fd5987cbe0f2e4fb1eba198dab9afc Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Fri, 11 Feb 2011 08:24:23 -0800 Subject: [PATCH 08/15] Don't rename private when it is in a comment --- dont-use-cpp-reserved-words.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dont-use-cpp-reserved-words.patch b/dont-use-cpp-reserved-words.patch index c476494..a27eb6c 100644 --- a/dont-use-cpp-reserved-words.patch +++ b/dont-use-cpp-reserved-words.patch @@ -322,7 +322,7 @@ diff -up ./mozilla/security/nss/lib/smime/cmsenvdata.c.676036 ./mozilla/security /* look if one of OUR cert's issuerSN is on the list of recipients, and if so, */ - /* get the cert and private key for it right away */ -+ /* get the cert and privateInfo key for it right away */ ++ /* get the cert and private key for it right away */ recipient_list = nss_cms_recipient_list_create(envd->recipientInfos); if (recipient_list == NULL) goto loser; From 4847c439c7e41f9a1777eb75dde29a142b4bc60d Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Fri, 11 Feb 2011 08:49:38 -0800 Subject: [PATCH 09/15] Synch. up with upstream patch, fixes a missing space. --- dont-use-cpp-reserved-words.patch | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/dont-use-cpp-reserved-words.patch b/dont-use-cpp-reserved-words.patch index a27eb6c..8a8939e 100644 --- a/dont-use-cpp-reserved-words.patch +++ b/dont-use-cpp-reserved-words.patch @@ -445,8 +445,12 @@ diff -up ./mozilla/security/nss/lib/smime/cmsudf.c.676036 ./mozilla/security/nss NSSCMSGenericWrapperDataDestroy destroy, NSSCMSGenericWrapperDataCallback decode_before, NSSCMSGenericWrapperDataCallback decode_after, -@@ -465,7 +465,7 @@ NSS_CMSType_RegisterContentType(SECOidTa - typeInfo->type =type; +@@ -462,10 +462,10 @@ NSS_CMSType_RegisterContentType(SECOidTa + return SECSuccess; + } + typeInfo = PORT_ArenaNew(nsscmstypeArena, nsscmstypeInfo); +- typeInfo->type =type; ++ typeInfo->type = type; typeInfo->size = size; typeInfo->isData = isData; - typeInfo->template = template; From 87fcbd47067476e18dddb2a70676da3b7b259c49 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Tue, 15 Feb 2011 20:20:54 -0800 Subject: [PATCH 10/15] - Run the test suites in the check section (#677809) --- nss.spec | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/nss.spec b/nss.spec index afcb629..753ee39 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 10%{?dist} +Release: 11%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -210,6 +210,21 @@ chmod 755 ./mozilla/dist/pkgconfig/nss-config %{__cat} %{SOURCE9} > ./mozilla/dist/pkgconfig/setup-nsssysinit.sh chmod 755 ./mozilla/dist/pkgconfig/setup-nsssysinit.sh +%check + +# Begin -- copied from the build section +FREEBL_NO_DEPEND=1 +export FREEBL_NO_DEPEND + +BUILD_OPT=1 +export BUILD_OPT + +%ifarch x86_64 ppc64 ia64 s390x sparc64 +USE_64=1 +export USE_64 +%endif +# End -- copied from the build section + # enable the following line to force a test failure # find ./mozilla -name \*.chk | xargs rm -f @@ -225,7 +240,7 @@ chmod 755 ./mozilla/dist/pkgconfig/setup-nsssysinit.sh # avoid weird quoting we'll require that no spaces are being used. SPACEISBAD=`find ./mozilla/security/nss/tests | grep -c ' '` ||: -if [ SPACEISBAD -ne 0 ]; then +if [ $SPACEISBAD -ne 0 ]; then echo "error: filenames containing space are not supported (xargs)" exit 1 fi @@ -499,6 +514,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %{_libdir}/libnssckfw.a %changelog +* Tue Feb 15 2011 Elio Maldonado - 3.12.9-11 +- Run the test suites in the check section (#677809) + * Thu Feb 10 2011 Elio Maldonado - 3.12.9-10 - Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches From ab4de6fd80180d08b80ee51b20c0800c83b86b8c Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Fri, 18 Feb 2011 13:09:28 -0800 Subject: [PATCH 11/15] - Add to pkcs11-devel a requires on nss-softokn-freebl-freebl (#675196) - This is needed because the latter now owns headers that pkcs11-devel depends on. --- nss.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index 753ee39..2e5d563 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 11%{?dist} +Release: 12%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -104,6 +104,7 @@ Summary: Development libraries for PKCS #11 (Cryptoki) using NSS Group: Development/Libraries Provides: nss-pkcs11-devel-static = %{version}-%{release} Requires: nss-devel = %{version}-%{release} +Requires: nss-softokn-freebl-devel = %{nss_softokn_version} %description pkcs11-devel Library files for developing PKCS #11 modules using basic NSS @@ -513,7 +514,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %{_libdir}/libnssb.a %{_libdir}/libnssckfw.a + %changelog +* Fri Feb 18 2011 Elio Maldonado - 3.12.9-12 +- Add a missing requires for pkcs11-devel (#675196) + * Tue Feb 15 2011 Elio Maldonado - 3.12.9-11 - Run the test suites in the check section (#677809) From c40f16fc527a8afd977749e72232e1db137174c4 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Thu, 24 Feb 2011 15:05:17 -0800 Subject: [PATCH 12/15] Bug 539183 - Short-term fix for ssl test suites hangs on ipv6 type connections Change selfserv to use a dual-stack IPv6 listening socket, which can accept connections from both IPv4 and IPv6 clients. NSPR's IPv6 sockets have the IPV6_V6ONLY socket option default to false. --- nss-539183.patch | 33 +++++++++++++++++++++++++++++++++ nss.spec | 14 ++++++++++---- 2 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 nss-539183.patch diff --git a/nss-539183.patch b/nss-539183.patch new file mode 100644 index 0000000..d86a705 --- /dev/null +++ b/nss-539183.patch @@ -0,0 +1,33 @@ +Index: mozilla/security/nss/cmd/selfserv/selfserv.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v +retrieving revision 1.94 +diff -p -u -8 -r1.94 selfserv.c +--- mozilla/security/nss/cmd/selfserv/selfserv.c 3 Apr 2010 18:27:27 -0000 1.94 ++++ mozilla/security/nss/cmd/selfserv/selfserv.c 24 Feb 2011 02:28:02 -0000 +@@ -1487,21 +1487,21 @@ PRFileDesc * + getBoundListenSocket(unsigned short port) + { + PRFileDesc * listen_sock; + int listenQueueDepth = 5 + (2 * maxThreads); + PRStatus prStatus; + PRNetAddr addr; + PRSocketOptionData opt; + +- addr.inet.family = PR_AF_INET; +- addr.inet.ip = PR_INADDR_ANY; +- addr.inet.port = PR_htons(port); ++ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { ++ errExit("PR_SetNetAddr"); ++ } + +- listen_sock = PR_NewTCPSocket(); ++ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); + if (listen_sock == NULL) { + errExit("PR_NewTCPSocket"); + } + + opt.option = PR_SockOpt_Nonblocking; + opt.value.non_blocking = PR_FALSE; + prStatus = PR_SetSocketOption(listen_sock, &opt); + if (prStatus < 0) { diff --git a/nss.spec b/nss.spec index 2e5d563..a92f595 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 12%{?dist} +Release: 13%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -47,6 +47,7 @@ Patch12: allow-content-types-beyond-smime.patch Patch13: nss-recurse.patch Patch14: dont-use-cpp-reserved-words.patch Patch15: swap-internal-key-slot.patch +Patch16: nss-539183.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -124,6 +125,7 @@ low level services. %patch13 -p1 -b .recurse %patch14 -p1 -b .676036 %patch15 -p1 -b .jss +%patch16 -p0 -b .539183 %build @@ -271,9 +273,10 @@ cd ./mozilla/security/nss/tests/ # nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr # nss_ssl_run: cov auth stress # -# Disable the ssl test suites until Bug 539183 is resolved -%global nss_ssl_tests " " -%global nss_ssl_run " " +# Uncomment these lines if you need to temporarily +# disable some test suites for faster test builds +# global nss_ssl_tests "normal_fips" +# global nss_ssl_run "cov auth" HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh @@ -516,6 +519,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog +* Wed Feb 24 2011 Elio Maldonado - 3.12.9-13 +- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183) + * Fri Feb 18 2011 Elio Maldonado - 3.12.9-12 - Add a missing requires for pkcs11-devel (#675196) From 0cac4288f2a127c6b03cb3f9318c504ae10c794c Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Thu, 24 Feb 2011 15:05:17 -0800 Subject: [PATCH 13/15] Bug 539183 - Short-term fix for ssl test suites hangs on ipv6 type connections Change selfserv to use a dual-stack IPv6 listening socket, which can accept connections from both IPv4 and IPv6 clients. NSPR's IPv6 sockets have the IPV6_V6ONLY socket option default to false. --- nss-539183.patch | 33 +++++++++++++++++++++++++++++++++ nss.spec | 14 ++++++++++---- 2 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 nss-539183.patch diff --git a/nss-539183.patch b/nss-539183.patch new file mode 100644 index 0000000..d86a705 --- /dev/null +++ b/nss-539183.patch @@ -0,0 +1,33 @@ +Index: mozilla/security/nss/cmd/selfserv/selfserv.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v +retrieving revision 1.94 +diff -p -u -8 -r1.94 selfserv.c +--- mozilla/security/nss/cmd/selfserv/selfserv.c 3 Apr 2010 18:27:27 -0000 1.94 ++++ mozilla/security/nss/cmd/selfserv/selfserv.c 24 Feb 2011 02:28:02 -0000 +@@ -1487,21 +1487,21 @@ PRFileDesc * + getBoundListenSocket(unsigned short port) + { + PRFileDesc * listen_sock; + int listenQueueDepth = 5 + (2 * maxThreads); + PRStatus prStatus; + PRNetAddr addr; + PRSocketOptionData opt; + +- addr.inet.family = PR_AF_INET; +- addr.inet.ip = PR_INADDR_ANY; +- addr.inet.port = PR_htons(port); ++ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { ++ errExit("PR_SetNetAddr"); ++ } + +- listen_sock = PR_NewTCPSocket(); ++ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); + if (listen_sock == NULL) { + errExit("PR_NewTCPSocket"); + } + + opt.option = PR_SockOpt_Nonblocking; + opt.value.non_blocking = PR_FALSE; + prStatus = PR_SetSocketOption(listen_sock, &opt); + if (prStatus < 0) { diff --git a/nss.spec b/nss.spec index 2e5d563..a92f595 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 12%{?dist} +Release: 13%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -47,6 +47,7 @@ Patch12: allow-content-types-beyond-smime.patch Patch13: nss-recurse.patch Patch14: dont-use-cpp-reserved-words.patch Patch15: swap-internal-key-slot.patch +Patch16: nss-539183.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -124,6 +125,7 @@ low level services. %patch13 -p1 -b .recurse %patch14 -p1 -b .676036 %patch15 -p1 -b .jss +%patch16 -p0 -b .539183 %build @@ -271,9 +273,10 @@ cd ./mozilla/security/nss/tests/ # nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr # nss_ssl_run: cov auth stress # -# Disable the ssl test suites until Bug 539183 is resolved -%global nss_ssl_tests " " -%global nss_ssl_run " " +# Uncomment these lines if you need to temporarily +# disable some test suites for faster test builds +# global nss_ssl_tests "normal_fips" +# global nss_ssl_run "cov auth" HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh @@ -516,6 +519,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog +* Wed Feb 24 2011 Elio Maldonado - 3.12.9-13 +- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183) + * Fri Feb 18 2011 Elio Maldonado - 3.12.9-12 - Add a missing requires for pkcs11-devel (#675196) From 0b0026515f9e6c8f3455dee5f02e106c42db24fb Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Wed, 23 Mar 2011 15:13:45 -0700 Subject: [PATCH 14/15] - Update to NSS_3.12.9_WITH_CKPI_1_82_RTM --- nss.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/nss.spec b/nss.spec index a92f595..b6ad7e9 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 13%{?dist} +Release: 14%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -519,6 +519,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog +* Wed Mar 23 2011 Elio Maldonado - 3.12.9-14 +- Update to NSS_3.12.9_WITH_CKPI_1_82_RTM + * Wed Feb 24 2011 Elio Maldonado - 3.12.9-13 - Short-term fix for ssl test suites hangs on ipv6 type connections (#539183) diff --git a/sources b/sources index e8a418a..855e03f 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -b3dda60fc3d22d1b02b2330428a2b759 nss-3.12.9-stripped.tar.bz2 +240c8d61d9c9091e486318e889bc1f2f nss-3.12.9-stripped.tar.bz2 e63cddf74c07f0d818d1052ecc6fbb1f nss-pem-20101125.tar.bz2 a5ae49867124ac75f029a9a33af31bad blank-cert8.db 9315689bbd9f28ceebd47894f99fccbd blank-key3.db From 4a912ae4d0993ad4964baec6ff0524cee9983dcf Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Wed, 23 Mar 2011 15:17:21 -0700 Subject: [PATCH 15/15] Fix the tag name in changelog comment --- nss.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index b6ad7e9..45e1895 100644 --- a/nss.spec +++ b/nss.spec @@ -520,7 +520,7 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog * Wed Mar 23 2011 Elio Maldonado - 3.12.9-14 -- Update to NSS_3.12.9_WITH_CKPI_1_82_RTM +- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM * Wed Feb 24 2011 Elio Maldonado - 3.12.9-13 - Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)