diff --git a/listsuites-do-queries.patch b/listsuites-do-queries.patch new file mode 100644 index 0000000..820f5ed --- /dev/null +++ b/listsuites-do-queries.patch @@ -0,0 +1,111 @@ +--- ./cmd/listsuites/listsuites.c.do_queries 2016-05-17 00:58:45.000000000 -0700 ++++ ./cmd/listsuites/listsuites.c 2016-06-23 09:39:10.563925342 -0700 +@@ -7,19 +7,48 @@ + * + * Try: ./listsuites | grep -v : | sort -b +4rn -5 +1 -2 +2 -3 +3 -4 +5r -6 + */ + + #include + #include + #include "secport.h" + #include "ssl.h" ++#include "plgetopt.h" ++#include "secutil.h" ++#include "utilpars.h" ++#include "nspr.h" ++#include "nss.h" ++ ++static const char *progName = "listsuites"; ++char *ignoreVar; ++ ++static char *policy_file_path(char *path) ++{ ++ return (PR_Access(path, PR_ACCESS_READ_OK) == PR_SUCCESS) ? path : ""; ++} ++ ++static char *ignore_system_policy_value(char *var) ++{ ++ ignoreVar = PR_GetEnvSecure(var); ++ return ignoreVar != NULL ? ignoreVar : ""; ++} ++ ++void Usage(const char *progName) ++{ ++ fprintf(stderr, ++ "\nList cipher suites or parse a policy file or query\n" ++ "Usage: %s [-i policy_file] file to parse (default is list)\n", ++ progName); ++ exit(1); ++} ++ + + int +-main(int argc, char **argv) ++list_suites(void) + { + const PRUint16 *cipherSuites = SSL_ImplementedCiphers; + int i; + int errCount = 0; + + fputs("This version of libSSL supports these cipher suites:\n\n", stdout); + + /* disable all the SSL3 cipher suites */ +@@ -56,8 +85,58 @@ + info.effectiveKeyBits, info.macAlgorithmName, + enabled ? "Enabled" : "Disabled", + info.isFIPS ? "FIPS" : "", + info.isExportable ? "Export" : "Domestic", + info.nonStandard ? "nonStandard" : ""); + } + return errCount; + } ++ ++int ++main(int argc, char **argv) ++{ ++ PLOptState *optstate = NULL; ++ PLOptStatus status; ++ SECStatus rv; ++ FILE *inFile; ++ char *ev, *path; ++ ++ optstate = PL_CreateOptState(argc, argv, "?hi:p:q:lL"); ++ while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { ++ switch (optstate->option) { ++ case '?': ++ case 'h': ++ Usage(progName); ++ break; ++ case 'p': ++ path = (char *)optstate->value; ++ fprintf(stdout, "%s=%s\n", path, policy_file_path(path)); ++ break; ++ case 'q': ++ ev = (char *)optstate->value; ++ fprintf(stdout, "%s=%s\n", ev, ignore_system_policy_value(ev)); ++ break; ++ case 'i': ++ rv = SECSuccess; ++ inFile = fopen(optstate->value, "r"); ++ if (!inFile) { ++ fprintf(stderr, ++ "%s: unable to open \"%s\" for reading\n", ++ progName, optstate->value); ++ return -1; ++ } ++ rv = SECFailure;/*ParseCryptoPolicy(optstate->value);*/ ++ fclose(inFile); ++ return (rv == SECSuccess) ? 0 : 1; ++ break; ++ case 'l': ++ case 'L': ++ return list_suites(); ++ break; ++ default: ++ Usage(progName); ++ break; ++ } ++ } ++ ++ return 0; ++} diff --git a/nss.spec b/nss.spec index d203fe5..465d75f 100644 --- a/nss.spec +++ b/nss.spec @@ -21,7 +21,7 @@ Name: nss Version: 3.25.0 # for Rawhide, please always use release >= 2 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...) -Release: 5%{?dist} +Release: 6%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -100,6 +100,7 @@ Patch60: nss-conditionally-ignore-system-policy.patch Patch62: nss-skip-util-gtest.patch # TODO: file a bug upstream similar to the one for rsaperf Patch70: nss-skip-ecperf.patch +Patch71: listsuites-do-queries.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -185,6 +186,7 @@ pushd nss %patch60 -p1 -b .cond_ignore %patch62 -p0 -b .skip_util_gtest %patch70 -p1 -b .skip_ecperf +%patch71 -p1 -b .do_queries popd ######################################################### @@ -794,6 +796,9 @@ fi %changelog +* Fri Jul 08 2016 Elio Maldonado - 3.25.0-6 +- Add support to listsuites to list ciphers allowed by policy + * Fri Jul 01 2016 Elio Maldonado - 3.25.0-5 - Add support for conditionally ignoring the system policy (#1157720) - Remove unneeded test scripts patches in order to run more tests