Update to NSS 3.50
This commit is contained in:
parent
c9d26fb099
commit
7ea65d900e
30
nss-kremlin-ppc64le.patch
Normal file
30
nss-kremlin-ppc64le.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
Index: nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||||
|
===================================================================
|
||||||
|
--- nss.orig/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||||
|
+++ nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||||
|
@@ -56,7 +56,9 @@ typedef const char *Prims_string;
|
||||||
|
#include <emmintrin.h>
|
||||||
|
typedef __m128i FStar_UInt128_uint128;
|
||||||
|
#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
|
||||||
|
- (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__))
|
||||||
|
+ (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
|
||||||
|
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
|
||||||
|
+ defined(__s390x__))
|
||||||
|
typedef unsigned __int128 FStar_UInt128_uint128;
|
||||||
|
#else
|
||||||
|
typedef struct FStar_UInt128_uint128_s {
|
||||||
|
Index: nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||||
|
===================================================================
|
||||||
|
--- nss.orig/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||||
|
+++ nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||||
|
@@ -25,7 +25,9 @@
|
||||||
|
#include "LowStar_Endianness.h"
|
||||||
|
|
||||||
|
#if !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
|
||||||
|
- (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__))
|
||||||
|
+ (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
|
||||||
|
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
|
||||||
|
+ defined(__s390x__))
|
||||||
|
|
||||||
|
/* GCC + using native unsigned __int128 support */
|
||||||
|
|
94
nss-signtool-format.patch
Normal file
94
nss-signtool-format.patch
Normal file
@ -0,0 +1,94 @@
|
|||||||
|
diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c
|
||||||
|
--- a/cmd/modutil/install.c
|
||||||
|
+++ b/cmd/modutil/install.c
|
||||||
|
@@ -825,17 +825,20 @@ rm_dash_r(char *path)
|
||||||
|
|
||||||
|
dir = PR_OpenDir(path);
|
||||||
|
if (!dir) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Recursively delete all entries in the directory */
|
||||||
|
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
|
||||||
|
- sprintf(filename, "%s/%s", path, entry->name);
|
||||||
|
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
|
||||||
|
+ PR_CloseDir(dir);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
if (rm_dash_r(filename)) {
|
||||||
|
PR_CloseDir(dir);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (PR_CloseDir(dir) != PR_SUCCESS) {
|
||||||
|
return -1;
|
||||||
|
diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c
|
||||||
|
--- a/cmd/signtool/util.c
|
||||||
|
+++ b/cmd/signtool/util.c
|
||||||
|
@@ -132,17 +132,20 @@ rm_dash_r(char *path)
|
||||||
|
if (!dir) {
|
||||||
|
PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
|
||||||
|
errorCount++;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Recursively delete all entries in the directory */
|
||||||
|
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
|
||||||
|
- sprintf(filename, "%s/%s", path, entry->name);
|
||||||
|
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
|
||||||
|
+ errorCount++;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
if (rm_dash_r(filename))
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (PR_CloseDir(dir) != PR_SUCCESS) {
|
||||||
|
PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
|
||||||
|
errorCount++;
|
||||||
|
return -1;
|
||||||
|
diff --git a/lib/libpkix/pkix/util/pkix_list.c b/lib/libpkix/pkix/util/pkix_list.c
|
||||||
|
--- a/lib/libpkix/pkix/util/pkix_list.c
|
||||||
|
+++ b/lib/libpkix/pkix/util/pkix_list.c
|
||||||
|
@@ -1530,17 +1530,17 @@ cleanup:
|
||||||
|
*/
|
||||||
|
PKIX_Error *
|
||||||
|
PKIX_List_SetItem(
|
||||||
|
PKIX_List *list,
|
||||||
|
PKIX_UInt32 index,
|
||||||
|
PKIX_PL_Object *item,
|
||||||
|
void *plContext)
|
||||||
|
{
|
||||||
|
- PKIX_List *element;
|
||||||
|
+ PKIX_List *element = NULL;
|
||||||
|
|
||||||
|
PKIX_ENTER(LIST, "PKIX_List_SetItem");
|
||||||
|
PKIX_NULLCHECK_ONE(list);
|
||||||
|
|
||||||
|
if (list->immutable){
|
||||||
|
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
|
||||||
|
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
|
||||||
|
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
|
||||||
|
@@ -102,17 +102,17 @@ cleanup:
|
||||||
|
*/
|
||||||
|
static PKIX_Error *
|
||||||
|
pkix_pl_OID_Equals(
|
||||||
|
PKIX_PL_Object *first,
|
||||||
|
PKIX_PL_Object *second,
|
||||||
|
PKIX_Boolean *pResult,
|
||||||
|
void *plContext)
|
||||||
|
{
|
||||||
|
- PKIX_Int32 cmpResult;
|
||||||
|
+ PKIX_Int32 cmpResult = 0;
|
||||||
|
|
||||||
|
PKIX_ENTER(OID, "pkix_pl_OID_Equals");
|
||||||
|
PKIX_NULLCHECK_THREE(first, second, pResult);
|
||||||
|
|
||||||
|
PKIX_CHECK(pkix_pl_OID_Comparator
|
||||||
|
(first, second, &cmpResult, plContext),
|
||||||
|
PKIX_OIDCOMPARATORFAILED);
|
||||||
|
|
10
nss.spec
10
nss.spec
@ -1,5 +1,5 @@
|
|||||||
%global nspr_version 4.24.0
|
%global nspr_version 4.25.0
|
||||||
%global nss_version 3.49.2
|
%global nss_version 3.50.0
|
||||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
%global saved_files_dir %{_libdir}/nss/saved
|
%global saved_files_dir %{_libdir}/nss/saved
|
||||||
%global dracutlibdir %{_prefix}/lib/dracut
|
%global dracutlibdir %{_prefix}/lib/dracut
|
||||||
@ -112,6 +112,9 @@ Patch10: nss-3.47-ike-fix.patch
|
|||||||
# as it still doesn't work under FIPS mode because of missing HKDF
|
# as it still doesn't work under FIPS mode because of missing HKDF
|
||||||
# support in PKCS #11.
|
# support in PKCS #11.
|
||||||
Patch11: nss-tls13-default.patch
|
Patch11: nss-tls13-default.patch
|
||||||
|
Patch12: nss-signtool-format.patch
|
||||||
|
# https://github.com/FStarLang/kremlin/issues/166
|
||||||
|
Patch13: nss-kremlin-ppc64le.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
@ -878,6 +881,9 @@ update-crypto-policies &> /dev/null || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 17 2020 Daiki Ueno <dueno@redhat.com> - 3.50.0-1
|
||||||
|
- Update to NSS 3.50
|
||||||
|
|
||||||
* Mon Jan 27 2020 Daiki Ueno <dueno@redhat.com> - 3.49.2-1
|
* Mon Jan 27 2020 Daiki Ueno <dueno@redhat.com> - 3.49.2-1
|
||||||
- Update to NSS 3.49.2
|
- Update to NSS 3.49.2
|
||||||
- Don't enable TLS 1.3 by default (#1794814)
|
- Don't enable TLS 1.3 by default (#1794814)
|
||||||
|
Loading…
Reference in New Issue
Block a user