rpms
/
nss
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update sources to new version from upstream BUG1168917_BRANCH 

- Includes latest checkin for policy work
- Update several patches on account of the new sources
This commit is contained in:
Elio Maldonado 2015-12-16 16:18:27 -08:00
parent 5a2c8f6060
commit b42c989b2d
4 changed files with 69 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
disableSSL2libssl.patch
View File

@ -1,12 +1,7 @@
diff --git a/lib/ssl/config.mk b/lib/ssl/config.mk
--- a/lib/ssl/config.mk
+++ b/lib/ssl/config.mk
@@ -2,16 +2,20 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
ifdef NISCC_TEST
diff -up ./nss/lib/ssl/config.mk.disableSSL2libssl ./nss/lib/ssl/config.mk
--- ./nss/lib/ssl/config.mk.disableSSL2libssl 2015-12-16 14:41:26.611408723 -0800
+++ ./nss/lib/ssl/config.mk 2015-12-16 14:41:45.048957300 -0800
@@ -7,6 +7,10 @@ ifdef NISCC_TEST
DEFINES += -DNISCC_TEST
endif
@ -17,20 +12,10 @@ diff --git a/lib/ssl/config.mk b/lib/ssl/config.mk
# Allow build-time configuration of TLS 1.3 (Experimental)
ifdef NSS_ENABLE_TLS_1_3
DEFINES += -DNSS_ENABLE_TLS_1_3
endif
ifdef NSS_NO_PKCS11_BYPASS
DEFINES += -DNO_PKCS11_BYPASS
else
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -674,16 +674,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs);
ss->cipherSpecs = NULL;
ss->sizeCipherSpecs = 0;
}
diff -up ./nss/lib/ssl/sslsock.c.disableSSL2libssl ./nss/lib/ssl/sslsock.c
--- ./nss/lib/ssl/sslsock.c.disableSSL2libssl 2015-12-16 14:41:15.573678468 -0800
+++ ./nss/lib/ssl/sslsock.c 2015-12-16 14:57:21.139885163 -0800
@@ -710,6 +710,12 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
break;
case SSL_ENABLE_SSL2:
@ -43,17 +28,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
if (IS_DTLS(ss)) {
if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure; /* not allowed */
}
break;
}
ss->opt.enableSSL2 = on;
@@ -691,52 +697,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
ss->opt.v2CompatibleHello = on;
}
ss->preferredCipher = NULL;
if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs);
@@ -734,6 +740,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
ss->cipherSpecs = NULL;
ss->sizeCipherSpecs = 0;
}
@ -61,15 +36,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
break;
case SSL_NO_CACHE:
ss->opt.noCache = on;
break;
case SSL_ENABLE_FDX:
if (on && ss->opt.noLocks) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
}
ss->opt.fdx = on;
@@ -749,6 +756,12 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
break;
case SSL_V2_COMPATIBLE_HELLO:
@ -82,11 +49,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
if (IS_DTLS(ss)) {
if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure; /* not allowed */
}
break;
}
ss->opt.v2CompatibleHello = on;
@@ -760,6 +773,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
if (!on) {
ss->opt.enableSSL2 = on;
}
@ -94,7 +57,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
break;
case SSL_ROLLBACK_DETECTION:
ss->opt.detectRollBack = on;
@@ -767,9 +781,16 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
break;
case SSL_NO_STEP_DOWN:
@ -111,17 +74,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
break;
case SSL_BYPASS_PKCS11:
if (ss->handshakeBegun) {
PORT_SetError(PR_INVALID_STATE_ERROR);
rv = SECFailure;
} else {
if (PR_FALSE != on) {
@@ -1163,16 +1184,32 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
}
return SECSuccess;
}
/* function tells us if the cipher suite is one that we no longer support. */
@@ -1240,6 +1261,22 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
static PRBool
ssl_IsRemovedCipherSuite(PRInt32 suite)
{
@ -144,8 +97,3 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
switch (suite) {
case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
return PR_TRUE;
default:
return PR_FALSE;
}

24
disableSSL2tests.patch
View File

@ -1,6 +1,6 @@
diff -up ./tests/ssl/ssl.sh.disableSSL2tests ./tests/ssl/ssl.sh
--- ./tests/ssl/ssl.sh.disableSSL2tests 2015-12-12 12:03:41.000000000 -0800
+++ ./tests/ssl/ssl.sh 2015-12-12 12:25:30.310865617 -0800
diff -up ./nss/tests/ssl/ssl.sh.disableSSL2tests ./nss/tests/ssl/ssl.sh
--- ./nss/tests/ssl/ssl.sh.disableSSL2tests 2015-12-16 13:32:08.000000000 -0800
+++ ./nss/tests/ssl/ssl.sh 2015-12-16 15:15:48.353748930 -0800
@@ -62,9 +62,14 @@ ssl_init()
NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run}
@ -15,34 +15,36 @@ diff -up ./tests/ssl/ssl.sh.disableSSL2tests ./tests/ssl/ssl.sh
+ fi
SSLAUTH=${QADIR}/ssl/sslauth.txt
- SSLSTRESS=${QADIR}/ssl/sslstress.txt
SSLPOLICY=${QADIR}/ssl/sslpolicy.txt
REQUEST_FILE=${QADIR}/ssl/sslreq.dat
#temparary files
@@ -120,7 +125,11 @@ is_selfserv_alive()
@@ -121,7 +126,11 @@ is_selfserv_alive()
fi
echo "kill -0 ${PID} >/dev/null 2>/dev/null"
- kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable"
+ if [ "${NSS_NO_SSL2_NO_EXPORT}" = "1" ] && [ ${EXP} -eq 0 -o ${SSL2} -eq 0 ]; then
+ echo "No server to kill"
+ echo "No server to kill"
+ else
kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable"
+ kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable"
+ fi
echo "selfserv with PID ${PID} found at `date`"
}
@@ -143,7 +152,11 @@ wait_for_selfserv()
@@ -144,7 +153,11 @@ wait_for_selfserv()
${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
-d ${P_R_CLIENTDIR} -v < ${REQUEST_FILE}
if [ $? -ne 0 ]; then
- html_failed "Waiting for Server"
+ if [ "${NSS_NO_SSL2_NO_EXPORT}" = "1" ] && [ ${EXP} -eq 0 -o ${SSL2} -eq 0 ]; then
+ html_passed "Server never started"
+ else
html_failed "Waiting for Server"
+ html_failed "Waiting for Server"
+ fi
fi
fi
is_selfserv_alive
@@ -214,15 +227,16 @@ start_selfserv()
@@ -215,15 +228,16 @@ start_selfserv()
echo "selfserv starting at `date`"
echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
echo " ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID}\\"
@ -62,7 +64,7 @@ diff -up ./tests/ssl/ssl.sh.disableSSL2tests ./tests/ssl/ssl.sh
RET=$?
fi
@@ -279,6 +293,12 @@ ssl_cov()
@@ -280,6 +294,12 @@ ssl_cov()
echo "${testname}" | grep "SSL2" > /dev/null
SSL2=$?

80
iquote.patch
View File

@ -1,17 +1,6 @@
diff -up nss/cmd/bltest/Makefile.iquote nss/cmd/bltest/Makefile
--- nss/cmd/bltest/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/bltest/Makefile 2014-05-06 07:15:41.173387799 -0700
@@ -45,6 +45,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
+INCLUDES += -iquote $(DIST)/../private/nss
#######################################################################
diff -up nss/cmd/certcgi/Makefile.iquote nss/cmd/certcgi/Makefile
--- nss/cmd/certcgi/Makefile.iquote 2014-08-19 10:18:35.713017904 -0700
+++ nss/cmd/certcgi/Makefile 2014-08-19 10:19:36.106528087 -0700
--- nss/cmd/certcgi/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/cmd/certcgi/Makefile 2015-12-16 15:49:56.207064745 -0800
@@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -23,8 +12,8 @@ diff -up nss/cmd/certcgi/Makefile.iquote nss/cmd/certcgi/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/certutil/Makefile.iquote nss/cmd/certutil/Makefile
--- nss/cmd/certutil/Makefile.iquote 2014-08-19 10:23:39.697585905 -0700
+++ nss/cmd/certutil/Makefile 2014-08-19 10:24:31.060019803 -0700
--- nss/cmd/certutil/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/cmd/certutil/Makefile 2015-12-16 15:49:56.207064745 -0800
@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -36,8 +25,8 @@ diff -up nss/cmd/certutil/Makefile.iquote nss/cmd/certutil/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/lib/Makefile.iquote nss/cmd/lib/Makefile
--- nss/cmd/lib/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/lib/Makefile 2014-05-06 07:15:41.174387806 -0700
--- nss/cmd/lib/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/cmd/lib/Makefile 2015-12-16 15:49:56.207064745 -0800
@@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -49,8 +38,8 @@ diff -up nss/cmd/lib/Makefile.iquote nss/cmd/lib/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/modutil/Makefile.iquote nss/cmd/modutil/Makefile
--- nss/cmd/modutil/Makefile.iquote 2014-05-06 07:34:30.055124213 -0700
+++ nss/cmd/modutil/Makefile 2014-05-06 07:35:36.016602770 -0700
--- nss/cmd/modutil/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/cmd/modutil/Makefile 2015-12-16 15:49:56.207064745 -0800
@@ -41,6 +41,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -60,8 +49,8 @@ diff -up nss/cmd/modutil/Makefile.iquote nss/cmd/modutil/Makefile
#######################################################################
diff -up nss/cmd/selfserv/Makefile.iquote nss/cmd/selfserv/Makefile
--- nss/cmd/selfserv/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/selfserv/Makefile 2014-05-06 07:15:41.175387813 -0700
--- nss/cmd/selfserv/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/cmd/selfserv/Makefile 2015-12-16 15:49:56.207064745 -0800
@@ -35,7 +35,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -73,8 +62,8 @@ diff -up nss/cmd/selfserv/Makefile.iquote nss/cmd/selfserv/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/ssltap/Makefile.iquote nss/cmd/ssltap/Makefile
--- nss/cmd/ssltap/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/ssltap/Makefile 2014-05-06 07:15:41.176387820 -0700
--- nss/cmd/ssltap/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/cmd/ssltap/Makefile 2015-12-16 15:49:56.208064721 -0800
@@ -39,7 +39,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -86,8 +75,8 @@ diff -up nss/cmd/ssltap/Makefile.iquote nss/cmd/ssltap/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/strsclnt/Makefile.iquote nss/cmd/strsclnt/Makefile
--- nss/cmd/strsclnt/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/strsclnt/Makefile 2014-05-06 07:15:41.177387827 -0700
--- nss/cmd/strsclnt/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/cmd/strsclnt/Makefile 2015-12-16 15:49:56.208064721 -0800
@@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -99,8 +88,8 @@ diff -up nss/cmd/strsclnt/Makefile.iquote nss/cmd/strsclnt/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/tstclnt/Makefile.iquote nss/cmd/tstclnt/Makefile
--- nss/cmd/tstclnt/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/tstclnt/Makefile 2014-05-06 07:15:41.178387834 -0700
--- nss/cmd/tstclnt/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/cmd/tstclnt/Makefile 2015-12-16 15:49:56.208064721 -0800
@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
@ -111,8 +100,8 @@ diff -up nss/cmd/tstclnt/Makefile.iquote nss/cmd/tstclnt/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/vfyserv/Makefile.iquote nss/cmd/vfyserv/Makefile
--- nss/cmd/vfyserv/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/vfyserv/Makefile 2014-05-06 07:15:41.179387841 -0700
--- nss/cmd/vfyserv/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/cmd/vfyserv/Makefile 2015-12-16 15:49:56.208064721 -0800
@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
@ -123,8 +112,8 @@ diff -up nss/cmd/vfyserv/Makefile.iquote nss/cmd/vfyserv/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
--- nss/coreconf/location.mk.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/coreconf/location.mk 2014-05-06 07:15:41.180387848 -0700
--- nss/coreconf/location.mk.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/coreconf/location.mk 2015-12-16 15:49:56.208064721 -0800
@@ -45,6 +45,10 @@ endif
ifdef NSS_INCLUDE_DIR
@ -137,8 +126,8 @@ diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
ifndef NSS_LIB_DIR
diff -up nss/lib/certhigh/Makefile.iquote nss/lib/certhigh/Makefile
--- nss/lib/certhigh/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/lib/certhigh/Makefile 2014-05-06 07:15:41.181387855 -0700
--- nss/lib/certhigh/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/lib/certhigh/Makefile 2015-12-16 15:49:56.208064721 -0800
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -149,8 +138,8 @@ diff -up nss/lib/certhigh/Makefile.iquote nss/lib/certhigh/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/lib/cryptohi/Makefile.iquote nss/lib/cryptohi/Makefile
--- nss/lib/cryptohi/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/lib/cryptohi/Makefile 2014-05-06 07:15:41.182387862 -0700
--- nss/lib/cryptohi/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/lib/cryptohi/Makefile 2015-12-16 15:49:56.208064721 -0800
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -161,12 +150,25 @@ diff -up nss/lib/cryptohi/Makefile.iquote nss/lib/cryptohi/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/lib/nss/Makefile.iquote nss/lib/nss/Makefile
--- nss/lib/nss/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/lib/nss/Makefile 2014-05-06 07:15:41.183387869 -0700
--- nss/lib/nss/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/lib/nss/Makefile 2015-12-16 15:49:56.208064721 -0800
@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
-
+INCLUDES += -iquote $(DIST)/../public/nss
+INCLUDES += -iquote $(DIST)/../private/nss
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/lib/pk11wrap/Makefile.iquote nss/lib/pk11wrap/Makefile
--- nss/lib/pk11wrap/Makefile.iquote 2015-12-16 15:51:35.959591267 -0800
+++ nss/lib/pk11wrap/Makefile 2015-12-16 15:52:25.749356673 -0800
@@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
-
+INCLUDES += -iquote $(DIST)/../public/nss
+INCLUDES += -iquote $(DIST)/../private/nss
@ -174,8 +176,8 @@ diff -up nss/lib/nss/Makefile.iquote nss/lib/nss/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/lib/ssl/Makefile.iquote nss/lib/ssl/Makefile
--- nss/lib/ssl/Makefile.iquote 2015-11-13 09:23:41.653738563 -0800
+++ nss/lib/ssl/Makefile 2015-11-13 09:25:25.121415348 -0800
--- nss/lib/ssl/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800
+++ nss/lib/ssl/Makefile 2015-12-16 15:49:56.209064696 -0800
@@ -49,7 +49,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################

6
nss.spec
View File

@ -187,14 +187,12 @@ low level services.
%patch47 -p0 -b .templates
%patch49 -p0 -b .skipthem
%patch50 -p0 -b .iquote
pushd nss
%patch52 -p1 -b .disableSSL2libssl
%patch53 -p1 -b .disableSSL2tests
popd
%patch54 -p0 -b .ssl2_off
%patch55 -p1 -b .skip_stress_tls_rc4_128_with_md5
%patch58 -p0 -b .1185708_3des
%patch59 -p0 -b .compile_Werror
%patch52 -p0 -b .disableSSL2libssl
%patch53 -p1 -b .disableSSL2tests
#########################################################
# Higher-level libraries and test tools need access to