rpms
/
nss
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM) 

- Resolves: Bug 1049229 - nss-3.15.4 is available
- Update pem sources to latest from the interim upstream for pem
- Remove no longer needed patches
This commit is contained in:
Elio Maldonado 2014-01-07 06:13:53 -08:00
parent 6ab230bb01
commit aae9602c01
7 changed files with 14 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -7,5 +7,5 @@ PayPalEE.cert
TestCA.ca.cert
TestUser50.cert
TestUser51.cert
/nss-pem-20130828.tar.bz2
/nss-3.15.3.1.tar.gz
/nss-pem-20131226.tar.bz2
/nss-3.15.4.tar.gz

44
Bug-896651-pem-dont-trash-keys-on-failed-login.patch
View File

@ -1,44 +0,0 @@
--- nss/lib/ckfw/pem/psession.c
+++ nss/lib/ckfw/pem/psession.c
@@ -230,6 +230,7 @@ pem_mdSession_Login
unsigned int len = 0;
NSSLOWKEYPrivateKey *lpk = NULL;
PLArenaPool *arena;
+ SECItem plain;
int i;
fwSlot = NSSCKFWToken_GetFWSlot(fwToken);
@@ -306,23 +321,27 @@ pem_mdSession_Login
lpk->keyType = NSSLOWKEYRSAKey;
prepare_low_rsa_priv_key_for_asn1(lpk);
- nss_ZFreeIf(io->u.key.key.privateKey->data);
- io->u.key.key.privateKey->len = len - output[len - 1];
- io->u.key.key.privateKey->data =
- (void *) nss_ZAlloc(NULL, io->u.key.key.privateKey->len);
- memcpy(io->u.key.key.privateKey->data, output, len - output[len - 1]);
/* Decode the resulting blob and see if it is a decodable DER that fits
* our private key template. If so we declare success and move on. If not
* then we return an error.
*/
+ memset(&plain, 0, sizeof(plain));
+ plain.data = output;
+ plain.len = len - output[len - 1];
rv = SEC_QuickDERDecodeItem(arena, lpk, pem_RSAPrivateKeyTemplate,
- io->u.key.key.privateKey);
+ &plain);
pem_DestroyPrivateKey(lpk);
arena = NULL;
if (rv != SECSuccess)
goto loser;
+ nss_ZFreeIf(io->u.key.key.privateKey->data);
+ io->u.key.key.privateKey->len = len - output[len - 1];
+ io->u.key.key.privateKey->data =
+ (void *) nss_ZAlloc(NULL, io->u.key.key.privateKey->len);
+ memcpy(io->u.key.key.privateKey->data, output, len - output[len - 1]);
+
rv = CKR_OK;
loser:

24
certutil_keyOpFlagsFix.patch
View File

@ -1,24 +0,0 @@
diff --git a/doc/certutil.xml b/doc/certutil.xml
--- a/doc/certutil.xml
+++ b/doc/certutil.xml
@@ -655,18 +655,18 @@ of the attribute codes:
<varlistentry>
<term>--keyAttrFlags attrflags</term>
<listitem><para>
PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}</para></listitem>
</varlistentry>
<varlistentry>
- <term>--keyFlagsOn opflags</term>
- <term>--keyFlagsOff opflags</term>
+ <term>--keyOpFlagsOn opflags</term>
+ <term>--keyOpFlagsOff opflags</term>
<listitem><para>
PKCS #11 key Operation Flags.
Comma separated list of one or more of the following:
{token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
</para></listitem>
</varlistentry>
<varlistentry>

9
disable-ocsp-stapling-tests.patch
View File

@ -1,9 +0,0 @@
diff -up nss/tests/ocsp/ocsp.sh.skipoutbound nss/tests/ocsp/ocsp.sh
--- nss/tests/ocsp/ocsp.sh.skipoutbound 2013-04-24 18:04:30.203307355 -0700
+++ nss/tests/ocsp/ocsp.sh 2013-04-24 18:06:27.967176794 -0700
@@ -115,4 +115,4 @@ ocsp_stapling()
################## main #################################################
ocsp_init
ocsp_iopr_run
-ocsp_stapling
+#ocsp_stapling

25
document-certutil-email-option.patch
View File

@ -1,25 +0,0 @@
diff --git a/doc/certutil.xml b/doc/certutil.xml
--- a/doc/certutil.xml
+++ b/doc/certutil.xml
@@ -204,16 +204,21 @@ If this option is not used, the validity
</varlistentry>
<varlistentry>
<term>-e </term>
<listitem><para>Check a certificate's signature during the process of validating a certificate.</para></listitem>
</varlistentry>
<varlistentry>
+ <term>--email email-address</term>
+ <listitem><para>Specify the email address, used with the -L command option to print a single named certificate.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-f password-file</term>
<listitem><para>Specify a file that will automatically supply the password to include in a certificate
or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent
unauthorized access to this file.</para></listitem>
</varlistentry>
<varlistentry>
<term>-g keysize</term>

29
nss.spec
View File

@ -1,7 +1,6 @@
%global nspr_version 4.10.2
%global nss_util_version 3.15.3
%global nss_softokn_fips_version 3.13.5
%global nss_softokn_version 3.15.3
%global nss_util_version 3.15.4
%global nss_softokn_version 3.15.4
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
@ -19,7 +18,7 @@
Summary: Network Security Services
Name: nss
Version: 3.15.3.1
Version: 3.15.4
Release: 1%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
@ -58,7 +57,7 @@ Source7: blank-key4.db
Source8: system-pkcs11.txt
Source9: setup-nsssysinit.sh
Source10: PayPalEE.cert
Source12: %{name}-pem-20130828.tar.bz2
Source12: %{name}-pem-20131226.tar.bz2
Source17: TestCA.ca.cert
Source18: TestUser50.cert
Source19: TestUser51.cert
@ -82,10 +81,6 @@ Patch25: nsspem-use-system-freebl.patch
# TODO: Remove this patch when the ocsp test are fixed
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
Patch44: 0001-sync-up-with-upstream-softokn-changes.patch
Patch45: Bug-896651-pem-dont-trash-keys-on-failed-login.patch
# The ocsp stapling tests currently require access to the
# kuix.de test server but koji forbids outbount connections
Patch46: disable-ocsp-stapling-tests.patch
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
Patch47: utilwrap-include-templates.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=902171
@ -93,10 +88,6 @@ Patch48: nss-versus-softoken-tests.patch
# TODO remove when we switch to building nss without softoken
Patch49: nss-skip-bltest-and-fipstest.patch
Patch50: iquote.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=932001
Patch54: document-certutil-email-option.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=937677
Patch57: certutil_keyOpFlagsFix.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@ -182,16 +173,10 @@ low level services.
%patch25 -p0 -b .systemfreebl
%patch40 -p0 -b .noocsptest
%patch44 -p1 -b .syncupwithupstream
%patch45 -p0 -b .notrash
%patch46 -p0 -b .skipoutbound
%patch47 -p0 -b .templates
%patch48 -p0 -b .crypto
%patch49 -p0 -b .skipthem
%patch50 -p0 -b .iquote
pushd nss
%patch54 -p1 -b .948495
%patch57 -p1 -b .948495
popd
#########################################################
# Higher-level libraries and test tools need access to
@ -749,6 +734,12 @@ fi
%changelog
* Tue Jan 07 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-1
- Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM)
- Resolves: Bug 1049229 - nss-3.15.4 is available
- Update pem sources to latest from the interim upstream for pem
- Remove no longer needed patches
* Wed Dec 11 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3.1-1
- Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM)
- Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117)

4
sources
View File

@ -7,5 +7,5 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
f998b70c1be25e8bb9f5fdb5d50eb6f2 TestCA.ca.cert
1b7b6808cd77d5df29bf5bb9e5fac967 TestUser50.cert
ab0b56dd505a995425c03e5266f7c8d6 TestUser51.cert
e82dd2b9520f9d0f5d101e7710d59656 nss-pem-20130828.tar.bz2
1d444fffdb1f890a000003b50295b5aa nss-3.15.3.1.tar.gz
cb247307632f7673b32c71009ba7b660 nss-pem-20131226.tar.bz2
74738d89615665e3547dc2c0602ab0e6 nss-3.15.4.tar.gz