Update to NSS 3.41
This commit is contained in:
parent
fad8bd4953
commit
86f33dd63a
|
@ -31,3 +31,4 @@ TestUser51.cert
|
||||||
/nss-3.38.0.tar.gz
|
/nss-3.38.0.tar.gz
|
||||||
/nss-3.39.tar.gz
|
/nss-3.39.tar.gz
|
||||||
/nss-3.40.1.tar.gz
|
/nss-3.40.1.tar.gz
|
||||||
|
/nss-3.41.tar.gz
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
--- ./nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700
|
--- nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700
|
||||||
+++ ./nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700
|
+++ nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700
|
||||||
@@ -953,23 +953,23 @@
|
@@ -953,23 +953,23 @@
|
||||||
getBoundListenSocket(unsigned short port)
|
getBoundListenSocket(unsigned short port)
|
||||||
{
|
{
|
||||||
|
@ -29,8 +29,8 @@
|
||||||
if (prStatus < 0) {
|
if (prStatus < 0) {
|
||||||
PR_Close(listen_sock);
|
PR_Close(listen_sock);
|
||||||
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
|
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
|
||||||
--- ./nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700
|
--- nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700
|
||||||
+++ ./nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700
|
+++ nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700
|
||||||
@@ -1711,23 +1711,23 @@
|
@@ -1711,23 +1711,23 @@
|
||||||
getBoundListenSocket(unsigned short port)
|
getBoundListenSocket(unsigned short port)
|
||||||
{
|
{
|
||||||
|
|
36
nss.spec
36
nss.spec
|
@ -1,7 +1,6 @@
|
||||||
%global nspr_version 4.20.0
|
%global nspr_version 4.20.0
|
||||||
%global nss_version 3.40.1
|
%global nss_version 3.41.0
|
||||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
|
||||||
%global saved_files_dir %{_libdir}/nss/saved
|
%global saved_files_dir %{_libdir}/nss/saved
|
||||||
%global prelink_conf_dir %{_sysconfdir}/prelink.conf.d/
|
%global prelink_conf_dir %{_sysconfdir}/prelink.conf.d/
|
||||||
%global dracutlibdir %{_prefix}/lib/dracut
|
%global dracutlibdir %{_prefix}/lib/dracut
|
||||||
|
@ -45,9 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: %{nss_version}
|
Version: %{nss_version}
|
||||||
# for Rawhide, please always use release >= 2
|
Release: 1%{?dist}
|
||||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
|
||||||
Release: 1.0%{?dist}
|
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Requires: nspr >= %{nspr_version}
|
Requires: nspr >= %{nspr_version}
|
||||||
|
@ -94,14 +91,9 @@ Source25: key3.db.xml
|
||||||
Source26: key4.db.xml
|
Source26: key4.db.xml
|
||||||
Source27: secmod.db.xml
|
Source27: secmod.db.xml
|
||||||
Source28: nss-p11-kit.config
|
Source28: nss-p11-kit.config
|
||||||
Source29: PayPalICA.cert
|
|
||||||
Source30: PayPalEE.cert
|
|
||||||
|
|
||||||
Patch1: renegotiate-transitional.patch
|
|
||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
|
||||||
Patch2: nss-539183.patch
|
Patch2: nss-539183.patch
|
||||||
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
|
|
||||||
Patch3: utilwrap-include-templates.patch
|
|
||||||
# This patch uses the GCC -iquote option documented at
|
# This patch uses the GCC -iquote option documented at
|
||||||
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
|
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
|
||||||
# to give the in-tree headers a higher priority over the system headers,
|
# to give the in-tree headers a higher priority over the system headers,
|
||||||
|
@ -114,10 +106,6 @@ Patch3: utilwrap-include-templates.patch
|
||||||
# Once the buildroot aha been bootstrapped the patch may be removed
|
# Once the buildroot aha been bootstrapped the patch may be removed
|
||||||
# but it doesn't hurt to keep it.
|
# but it doesn't hurt to keep it.
|
||||||
Patch4: iquote.patch
|
Patch4: iquote.patch
|
||||||
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
|
||||||
Patch5: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
|
||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1505317
|
|
||||||
Patch6: nss-tests-paypal-certs-v2.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
|
@ -247,15 +235,8 @@ Header and library files for doing development with Network Security Services.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{nss_archive_version}
|
%setup -q -n %{name}-%{nss_archive_version}
|
||||||
|
|
||||||
%patch1 -p0 -b .transitional
|
|
||||||
%patch2 -p0 -b .539183
|
|
||||||
%patch3 -p0 -b .templates
|
|
||||||
%patch4 -p0 -b .iquote
|
|
||||||
%patch5 -p0 -b .1185708_3des
|
|
||||||
pushd nss
|
pushd nss
|
||||||
%patch6 -p1 -b .paypal-certs
|
%autopatch -p1
|
||||||
cp %{SOURCE29} %{SOURCE30} tests/libpkix/certs
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
|
|
||||||
|
@ -467,8 +448,7 @@ fi
|
||||||
MYRAND=`perl -e 'print 9000 + int rand 1000'`; echo $MYRAND ||:
|
MYRAND=`perl -e 'print 9000 + int rand 1000'`; echo $MYRAND ||:
|
||||||
RANDSERV=selfserv_${MYRAND}; echo $RANDSERV ||:
|
RANDSERV=selfserv_${MYRAND}; echo $RANDSERV ||:
|
||||||
DISTBINDIR=`ls -d ./dist/*.OBJ/bin`; echo $DISTBINDIR ||:
|
DISTBINDIR=`ls -d ./dist/*.OBJ/bin`; echo $DISTBINDIR ||:
|
||||||
pushd `pwd`
|
pushd "$DISTBINDIR"
|
||||||
cd $DISTBINDIR
|
|
||||||
ln -s selfserv $RANDSERV
|
ln -s selfserv $RANDSERV
|
||||||
popd
|
popd
|
||||||
# man perlrun, man perlrequick
|
# man perlrun, man perlrequick
|
||||||
|
@ -481,7 +461,7 @@ find ./nss/tests -type f |\
|
||||||
killall $RANDSERV || :
|
killall $RANDSERV || :
|
||||||
|
|
||||||
rm -rf ./tests_results
|
rm -rf ./tests_results
|
||||||
pushd ./nss/tests/
|
pushd nss/tests
|
||||||
# all.sh is the test suite script
|
# all.sh is the test suite script
|
||||||
|
|
||||||
# don't need to run all the tests when testing packaging
|
# don't need to run all the tests when testing packaging
|
||||||
|
@ -498,7 +478,6 @@ pushd ./nss/tests/
|
||||||
# % define nss_ssl_run "cov"
|
# % define nss_ssl_run "cov"
|
||||||
|
|
||||||
HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh
|
HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh
|
||||||
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# Normally, the grep exit status is 0 if selected lines are found and 1 otherwise,
|
# Normally, the grep exit status is 0 if selected lines are found and 1 otherwise,
|
||||||
|
@ -638,7 +617,7 @@ for f in nss-config setup-nsssysinit; do
|
||||||
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
||||||
done
|
done
|
||||||
# Copy the man pages for the nss tools
|
# Copy the man pages for the nss tools
|
||||||
for f in "%{allTools}"; do
|
for f in certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv; do
|
||||||
install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
||||||
done
|
done
|
||||||
%if %{defined rhel}
|
%if %{defined rhel}
|
||||||
|
@ -922,6 +901,9 @@ update-crypto-policies
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Dec 10 2018 Daiki Ueno <dueno@redhat.com> - 3.41.0-1
|
||||||
|
- Update to NSS 3.41
|
||||||
|
|
||||||
* Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-1.0
|
* Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-1.0
|
||||||
- Update to NSS 3.40.1
|
- Update to NSS 3.40.1
|
||||||
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
diff -up nss/lib/ssl/sslsock.c.transitional nss/lib/ssl/sslsock.c
|
|
||||||
--- nss/lib/ssl/sslsock.c.transitional 2018-03-09 13:57:50.615706802 +0100
|
|
||||||
+++ nss/lib/ssl/sslsock.c 2018-03-09 13:58:23.708974970 +0100
|
|
||||||
@@ -67,7 +67,7 @@ static sslOptions ssl_defaults = {
|
|
||||||
.noLocks = PR_FALSE,
|
|
||||||
.enableSessionTickets = PR_FALSE,
|
|
||||||
.enableDeflate = PR_FALSE,
|
|
||||||
- .enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN,
|
|
||||||
+ .enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL,
|
|
||||||
.requireSafeNegotiation = PR_FALSE,
|
|
||||||
.enableFalseStart = PR_FALSE,
|
|
||||||
.cbcRandomIV = PR_TRUE,
|
|
|
@ -1,23 +0,0 @@
|
||||||
--- ./nss/lib/ssl/ssl3con.c.1185708_3des 2016-06-23 21:10:09.765992512 -0400
|
|
||||||
+++ ./nss/lib/ssl/ssl3con.c 2016-06-23 22:58:39.121398601 -0400
|
|
||||||
@@ -118,18 +118,18 @@
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
|
|
||||||
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
{ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
2
sources
2
sources
|
@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
|
||||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||||
SHA512 (nss-3.40.1.tar.gz) = 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
|
SHA512 (nss-3.41.tar.gz) = b5a43fe86ded664002fd714c493d9222a64539cd6139b64720625d1742fec5100712cbe401c90c79196e9cbad9ec07d9b4f0f517ce34e4b207beaa3e01c9e114
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
diff -up nss/lib/nss/config.mk.templates nss/lib/nss/config.mk
|
|
||||||
--- nss/lib/nss/config.mk.templates 2013-06-18 11:32:07.590089155 -0700
|
|
||||||
+++ nss/lib/nss/config.mk 2013-06-18 11:33:28.732763345 -0700
|
|
||||||
@@ -3,6 +3,10 @@
|
|
||||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
||||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
||||||
|
|
||||||
+#ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
|
|
||||||
+INCLUDES += -I/usr/include/nss3/templates
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
# can't do this in manifest.mn because OS_TARGET isn't defined there.
|
|
||||||
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
|
|
||||||
|
|
Loading…
Reference in New Issue