From 83e6b23140c18ed80f0c65ef81bcfa3de58813db Mon Sep 17 00:00:00 2001 From: Frantisek Krenzelok Date: Mon, 5 Jun 2023 11:01:36 +0200 Subject: [PATCH] Update NSS to 3.90.0 Signed-off-by: Frantisek Krenzelok --- .gitignore | 1 + nss-signtool-format.patch | 4 ++-- nss.spec | 7 +++++-- sources | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index d85a5a4..9550e81 100644 --- a/.gitignore +++ b/.gitignore @@ -80,3 +80,4 @@ TestUser51.cert /nss-3.88.1.tar.gz /nss-3.89.tar.gz /nss-3.89-with-nspr-4.35.tar.gz +/nss-3.90-with-nspr-4.35.tar.gz diff --git a/nss-signtool-format.patch b/nss-signtool-format.patch index 5f146f1..f81d35c 100644 --- a/nss-signtool-format.patch +++ b/nss-signtool-format.patch @@ -10,7 +10,7 @@ diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c /* Recursively delete all entries in the directory */ while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { -- sprintf(filename, "%s/%s", path, entry->name); +- snprintf(filename, sizeof(filename), "%s/%s", path, entry->name); + if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) { + PR_CloseDir(dir); + return -1; @@ -29,7 +29,7 @@ diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c @@ -138,6 +138,12 @@ rm_dash_r(char *path) /* Recursively delete all entries in the directory */ while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { - sprintf(filename, "%s/%s", path, entry->name); + snprintf(filename, sizeof(filename), "%s/%s", path, entry->name); + if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name +) >= sizeof(filename)) { + errorCount++; diff --git a/nss.spec b/nss.spec index 580ac12..31bcc99 100644 --- a/nss.spec +++ b/nss.spec @@ -1,5 +1,5 @@ %global nspr_version 4.35.0 -%global nss_version 3.89.0 +%global nss_version 3.90.0 # NOTE: To avoid NVR clashes of nspr* packages: # - reset %%{nspr_release} to 1, when updating %%{nspr_version} # - increment %%{nspr_version}, when updating the NSS part only @@ -7,7 +7,7 @@ %global nss_release %baserelease # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when # release number between nss and nspr are different. -%global nspr_release %[%baserelease+4] +%global nspr_release %[%baserelease+0] # only need to update this as we added new # algorithms under nss policy control %global crypto_policies_version 20210118 @@ -1088,6 +1088,9 @@ update-crypto-policies &> /dev/null || : %changelog +* Mon Jun 5 2023 Frantisek Krenzelok - 3.90.0-1 +- Update NSS to 3.90.0 + * Fri May 5 2023 Frantisek Krenzelok - 3.89.0-1 - combine nss and nspr source togeather diff --git a/sources b/sources index 90039d1..126d634 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7 -SHA512 (nss-3.89-with-nspr-4.35.tar.gz) = 3c7fc3062baf577473001f6a2724bae14c809d725c4ae8d90a6de1ef84c6d1c2276efe09f4112241d7b3c32b0c6d529eb87739ca02b8002e3bed3081f06cdff4 +SHA512 (nss-3.90-with-nspr-4.35.tar.gz) = cbc75af3d3e1bf084011d435f0957d134cb3d3d66dcee45f9712ed22b470035ba1e808fc6457e8dc0d8d8e168d77d1117a4373d42905130f76ea58217ff88e30