From b42c989b2dad1efeadec4ab5522c9ec6350197c2 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Wed, 16 Dec 2015 16:18:27 -0800 Subject: [PATCH] Update sources to new version from upstream BUG1168917_BRANCH - Includes latest checkin for policy work - Update several patches on account of the new sources --- disableSSL2libssl.patch | 78 +++++++--------------------------------- disableSSL2tests.patch | 24 +++++++------ iquote.patch | 80 +++++++++++++++++++++-------------------- nss.spec | 6 ++-- 4 files changed, 69 insertions(+), 119 deletions(-) diff --git a/disableSSL2libssl.patch b/disableSSL2libssl.patch index 10e583a..0a844bf 100644 --- a/disableSSL2libssl.patch +++ b/disableSSL2libssl.patch @@ -1,12 +1,7 @@ -diff --git a/lib/ssl/config.mk b/lib/ssl/config.mk ---- a/lib/ssl/config.mk -+++ b/lib/ssl/config.mk -@@ -2,16 +2,20 @@ - # This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - - ifdef NISCC_TEST +diff -up ./nss/lib/ssl/config.mk.disableSSL2libssl ./nss/lib/ssl/config.mk +--- ./nss/lib/ssl/config.mk.disableSSL2libssl 2015-12-16 14:41:26.611408723 -0800 ++++ ./nss/lib/ssl/config.mk 2015-12-16 14:41:45.048957300 -0800 +@@ -7,6 +7,10 @@ ifdef NISCC_TEST DEFINES += -DNISCC_TEST endif @@ -17,20 +12,10 @@ diff --git a/lib/ssl/config.mk b/lib/ssl/config.mk # Allow build-time configuration of TLS 1.3 (Experimental) ifdef NSS_ENABLE_TLS_1_3 DEFINES += -DNSS_ENABLE_TLS_1_3 - endif - - ifdef NSS_NO_PKCS11_BYPASS - DEFINES += -DNO_PKCS11_BYPASS - else -diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c ---- a/lib/ssl/sslsock.c -+++ b/lib/ssl/sslsock.c -@@ -674,16 +674,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh - if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; - } +diff -up ./nss/lib/ssl/sslsock.c.disableSSL2libssl ./nss/lib/ssl/sslsock.c +--- ./nss/lib/ssl/sslsock.c.disableSSL2libssl 2015-12-16 14:41:15.573678468 -0800 ++++ ./nss/lib/ssl/sslsock.c 2015-12-16 14:57:21.139885163 -0800 +@@ -710,6 +710,12 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh break; case SSL_ENABLE_SSL2: @@ -43,17 +28,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c if (IS_DTLS(ss)) { if (on) { PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ss->opt.enableSSL2 = on; -@@ -691,52 +697,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh - ss->opt.v2CompatibleHello = on; - } - ss->preferredCipher = NULL; - if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); +@@ -734,6 +740,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh ss->cipherSpecs = NULL; ss->sizeCipherSpecs = 0; } @@ -61,15 +36,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c break; case SSL_NO_CACHE: - ss->opt.noCache = on; - break; - - case SSL_ENABLE_FDX: - if (on && ss->opt.noLocks) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - } - ss->opt.fdx = on; +@@ -749,6 +756,12 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh break; case SSL_V2_COMPATIBLE_HELLO: @@ -82,11 +49,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c if (IS_DTLS(ss)) { if (on) { PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ss->opt.v2CompatibleHello = on; +@@ -760,6 +773,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh if (!on) { ss->opt.enableSSL2 = on; } @@ -94,7 +57,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c break; case SSL_ROLLBACK_DETECTION: - ss->opt.detectRollBack = on; +@@ -767,9 +781,16 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh break; case SSL_NO_STEP_DOWN: @@ -111,17 +74,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c break; case SSL_BYPASS_PKCS11: - if (ss->handshakeBegun) { - PORT_SetError(PR_INVALID_STATE_ERROR); - rv = SECFailure; - } else { - if (PR_FALSE != on) { -@@ -1163,16 +1184,32 @@ SSL_OptionSetDefault(PRInt32 which, PRBo - } - return SECSuccess; - } - - /* function tells us if the cipher suite is one that we no longer support. */ +@@ -1240,6 +1261,22 @@ SSL_OptionSetDefault(PRInt32 which, PRBo static PRBool ssl_IsRemovedCipherSuite(PRInt32 suite) { @@ -144,8 +97,3 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c switch (suite) { case SSL_FORTEZZA_DMS_WITH_NULL_SHA: case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: - case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA: - return PR_TRUE; - default: - return PR_FALSE; - } diff --git a/disableSSL2tests.patch b/disableSSL2tests.patch index 78e468e..a7b338a 100644 --- a/disableSSL2tests.patch +++ b/disableSSL2tests.patch @@ -1,6 +1,6 @@ -diff -up ./tests/ssl/ssl.sh.disableSSL2tests ./tests/ssl/ssl.sh ---- ./tests/ssl/ssl.sh.disableSSL2tests 2015-12-12 12:03:41.000000000 -0800 -+++ ./tests/ssl/ssl.sh 2015-12-12 12:25:30.310865617 -0800 +diff -up ./nss/tests/ssl/ssl.sh.disableSSL2tests ./nss/tests/ssl/ssl.sh +--- ./nss/tests/ssl/ssl.sh.disableSSL2tests 2015-12-16 13:32:08.000000000 -0800 ++++ ./nss/tests/ssl/ssl.sh 2015-12-16 15:15:48.353748930 -0800 @@ -62,9 +62,14 @@ ssl_init() NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run} @@ -15,34 +15,36 @@ diff -up ./tests/ssl/ssl.sh.disableSSL2tests ./tests/ssl/ssl.sh + fi SSLAUTH=${QADIR}/ssl/sslauth.txt - SSLSTRESS=${QADIR}/ssl/sslstress.txt + SSLPOLICY=${QADIR}/ssl/sslpolicy.txt REQUEST_FILE=${QADIR}/ssl/sslreq.dat - #temparary files -@@ -120,7 +125,11 @@ is_selfserv_alive() +@@ -121,7 +126,11 @@ is_selfserv_alive() fi echo "kill -0 ${PID} >/dev/null 2>/dev/null" +- kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable" + if [ "${NSS_NO_SSL2_NO_EXPORT}" = "1" ] && [ ${EXP} -eq 0 -o ${SSL2} -eq 0 ]; then -+ echo "No server to kill" ++ echo "No server to kill" + else - kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable" ++ kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable" + fi echo "selfserv with PID ${PID} found at `date`" } -@@ -143,7 +152,11 @@ wait_for_selfserv() +@@ -144,7 +153,11 @@ wait_for_selfserv() ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \ -d ${P_R_CLIENTDIR} -v < ${REQUEST_FILE} if [ $? -ne 0 ]; then +- html_failed "Waiting for Server" + if [ "${NSS_NO_SSL2_NO_EXPORT}" = "1" ] && [ ${EXP} -eq 0 -o ${SSL2} -eq 0 ]; then + html_passed "Server never started" + else - html_failed "Waiting for Server" ++ html_failed "Waiting for Server" + fi fi fi is_selfserv_alive -@@ -214,15 +227,16 @@ start_selfserv() +@@ -215,15 +228,16 @@ start_selfserv() echo "selfserv starting at `date`" echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\" echo " ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID}\\" @@ -62,7 +64,7 @@ diff -up ./tests/ssl/ssl.sh.disableSSL2tests ./tests/ssl/ssl.sh RET=$? fi -@@ -279,6 +293,12 @@ ssl_cov() +@@ -280,6 +294,12 @@ ssl_cov() echo "${testname}" | grep "SSL2" > /dev/null SSL2=$? diff --git a/iquote.patch b/iquote.patch index 0c9e4cf..72de200 100644 --- a/iquote.patch +++ b/iquote.patch @@ -1,17 +1,6 @@ -diff -up nss/cmd/bltest/Makefile.iquote nss/cmd/bltest/Makefile ---- nss/cmd/bltest/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700 -+++ nss/cmd/bltest/Makefile 2014-05-06 07:15:41.173387799 -0700 -@@ -45,6 +45,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk - # (6) Execute "component" rules. (OPTIONAL) # - ####################################################################### - -+INCLUDES += -iquote $(DIST)/../private/nss - - - ####################################################################### diff -up nss/cmd/certcgi/Makefile.iquote nss/cmd/certcgi/Makefile ---- nss/cmd/certcgi/Makefile.iquote 2014-08-19 10:18:35.713017904 -0700 -+++ nss/cmd/certcgi/Makefile 2014-08-19 10:19:36.106528087 -0700 +--- nss/cmd/certcgi/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/cmd/certcgi/Makefile 2015-12-16 15:49:56.207064745 -0800 @@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -23,8 +12,8 @@ diff -up nss/cmd/certcgi/Makefile.iquote nss/cmd/certcgi/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up nss/cmd/certutil/Makefile.iquote nss/cmd/certutil/Makefile ---- nss/cmd/certutil/Makefile.iquote 2014-08-19 10:23:39.697585905 -0700 -+++ nss/cmd/certutil/Makefile 2014-08-19 10:24:31.060019803 -0700 +--- nss/cmd/certutil/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/cmd/certutil/Makefile 2015-12-16 15:49:56.207064745 -0800 @@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -36,8 +25,8 @@ diff -up nss/cmd/certutil/Makefile.iquote nss/cmd/certutil/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up nss/cmd/lib/Makefile.iquote nss/cmd/lib/Makefile ---- nss/cmd/lib/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700 -+++ nss/cmd/lib/Makefile 2014-05-06 07:15:41.174387806 -0700 +--- nss/cmd/lib/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/cmd/lib/Makefile 2015-12-16 15:49:56.207064745 -0800 @@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -49,8 +38,8 @@ diff -up nss/cmd/lib/Makefile.iquote nss/cmd/lib/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up nss/cmd/modutil/Makefile.iquote nss/cmd/modutil/Makefile ---- nss/cmd/modutil/Makefile.iquote 2014-05-06 07:34:30.055124213 -0700 -+++ nss/cmd/modutil/Makefile 2014-05-06 07:35:36.016602770 -0700 +--- nss/cmd/modutil/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/cmd/modutil/Makefile 2015-12-16 15:49:56.207064745 -0800 @@ -41,6 +41,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -60,8 +49,8 @@ diff -up nss/cmd/modutil/Makefile.iquote nss/cmd/modutil/Makefile ####################################################################### diff -up nss/cmd/selfserv/Makefile.iquote nss/cmd/selfserv/Makefile ---- nss/cmd/selfserv/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700 -+++ nss/cmd/selfserv/Makefile 2014-05-06 07:15:41.175387813 -0700 +--- nss/cmd/selfserv/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/cmd/selfserv/Makefile 2015-12-16 15:49:56.207064745 -0800 @@ -35,7 +35,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -73,8 +62,8 @@ diff -up nss/cmd/selfserv/Makefile.iquote nss/cmd/selfserv/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up nss/cmd/ssltap/Makefile.iquote nss/cmd/ssltap/Makefile ---- nss/cmd/ssltap/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700 -+++ nss/cmd/ssltap/Makefile 2014-05-06 07:15:41.176387820 -0700 +--- nss/cmd/ssltap/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/cmd/ssltap/Makefile 2015-12-16 15:49:56.208064721 -0800 @@ -39,7 +39,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -86,8 +75,8 @@ diff -up nss/cmd/ssltap/Makefile.iquote nss/cmd/ssltap/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up nss/cmd/strsclnt/Makefile.iquote nss/cmd/strsclnt/Makefile ---- nss/cmd/strsclnt/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700 -+++ nss/cmd/strsclnt/Makefile 2014-05-06 07:15:41.177387827 -0700 +--- nss/cmd/strsclnt/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/cmd/strsclnt/Makefile 2015-12-16 15:49:56.208064721 -0800 @@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -99,8 +88,8 @@ diff -up nss/cmd/strsclnt/Makefile.iquote nss/cmd/strsclnt/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up nss/cmd/tstclnt/Makefile.iquote nss/cmd/tstclnt/Makefile ---- nss/cmd/tstclnt/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700 -+++ nss/cmd/tstclnt/Makefile 2014-05-06 07:15:41.178387834 -0700 +--- nss/cmd/tstclnt/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/cmd/tstclnt/Makefile 2015-12-16 15:49:56.208064721 -0800 @@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### @@ -111,8 +100,8 @@ diff -up nss/cmd/tstclnt/Makefile.iquote nss/cmd/tstclnt/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up nss/cmd/vfyserv/Makefile.iquote nss/cmd/vfyserv/Makefile ---- nss/cmd/vfyserv/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700 -+++ nss/cmd/vfyserv/Makefile 2014-05-06 07:15:41.179387841 -0700 +--- nss/cmd/vfyserv/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/cmd/vfyserv/Makefile 2015-12-16 15:49:56.208064721 -0800 @@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### @@ -123,8 +112,8 @@ diff -up nss/cmd/vfyserv/Makefile.iquote nss/cmd/vfyserv/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk ---- nss/coreconf/location.mk.iquote 2014-05-01 20:27:18.000000000 -0700 -+++ nss/coreconf/location.mk 2014-05-06 07:15:41.180387848 -0700 +--- nss/coreconf/location.mk.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/coreconf/location.mk 2015-12-16 15:49:56.208064721 -0800 @@ -45,6 +45,10 @@ endif ifdef NSS_INCLUDE_DIR @@ -137,8 +126,8 @@ diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk ifndef NSS_LIB_DIR diff -up nss/lib/certhigh/Makefile.iquote nss/lib/certhigh/Makefile ---- nss/lib/certhigh/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700 -+++ nss/lib/certhigh/Makefile 2014-05-06 07:15:41.181387855 -0700 +--- nss/lib/certhigh/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/lib/certhigh/Makefile 2015-12-16 15:49:56.208064721 -0800 @@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -149,8 +138,8 @@ diff -up nss/lib/certhigh/Makefile.iquote nss/lib/certhigh/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up nss/lib/cryptohi/Makefile.iquote nss/lib/cryptohi/Makefile ---- nss/lib/cryptohi/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700 -+++ nss/lib/cryptohi/Makefile 2014-05-06 07:15:41.182387862 -0700 +--- nss/lib/cryptohi/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/lib/cryptohi/Makefile 2015-12-16 15:49:56.208064721 -0800 @@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -161,12 +150,25 @@ diff -up nss/lib/cryptohi/Makefile.iquote nss/lib/cryptohi/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up nss/lib/nss/Makefile.iquote nss/lib/nss/Makefile ---- nss/lib/nss/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700 -+++ nss/lib/nss/Makefile 2014-05-06 07:15:41.183387869 -0700 +--- nss/lib/nss/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/lib/nss/Makefile 2015-12-16 15:49:56.208064721 -0800 @@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### +- ++INCLUDES += -iquote $(DIST)/../public/nss ++INCLUDES += -iquote $(DIST)/../private/nss + + ####################################################################### + # (7) Execute "local" rules. (OPTIONAL). # +diff -up nss/lib/pk11wrap/Makefile.iquote nss/lib/pk11wrap/Makefile +--- nss/lib/pk11wrap/Makefile.iquote 2015-12-16 15:51:35.959591267 -0800 ++++ nss/lib/pk11wrap/Makefile 2015-12-16 15:52:25.749356673 -0800 +@@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk + # (6) Execute "component" rules. (OPTIONAL) # + ####################################################################### + - +INCLUDES += -iquote $(DIST)/../public/nss +INCLUDES += -iquote $(DIST)/../private/nss @@ -174,8 +176,8 @@ diff -up nss/lib/nss/Makefile.iquote nss/lib/nss/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up nss/lib/ssl/Makefile.iquote nss/lib/ssl/Makefile ---- nss/lib/ssl/Makefile.iquote 2015-11-13 09:23:41.653738563 -0800 -+++ nss/lib/ssl/Makefile 2015-11-13 09:25:25.121415348 -0800 +--- nss/lib/ssl/Makefile.iquote 2015-12-16 13:32:08.000000000 -0800 ++++ nss/lib/ssl/Makefile 2015-12-16 15:49:56.209064696 -0800 @@ -49,7 +49,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### diff --git a/nss.spec b/nss.spec index b68a714..a1e923b 100644 --- a/nss.spec +++ b/nss.spec @@ -187,14 +187,12 @@ low level services. %patch47 -p0 -b .templates %patch49 -p0 -b .skipthem %patch50 -p0 -b .iquote -pushd nss -%patch52 -p1 -b .disableSSL2libssl -%patch53 -p1 -b .disableSSL2tests -popd %patch54 -p0 -b .ssl2_off %patch55 -p1 -b .skip_stress_tls_rc4_128_with_md5 %patch58 -p0 -b .1185708_3des %patch59 -p0 -b .compile_Werror +%patch52 -p0 -b .disableSSL2libssl +%patch53 -p1 -b .disableSSL2tests ######################################################### # Higher-level libraries and test tools need access to