Merge branch 'f18' into f17
- Update to NSS_3_14_RTM - Update the license to MPLv2.0 - Bug 870864 - Add support in NSS for Secure Boot - Bug 871882 - Update the spec file to install sechash.h and also secmodt.h - Bug 806588 - Disable SSL PKCS #11 bypass at build time and return failure on attempts to enable it at runtime - Bug 872124 - nss-3.14 breaks fedpkg new-sources - fix pk11wrap locking to prevent 'fedpkg new-sources' and 'fedpkg update' hangs - Add a dummy source file for testing /preventing fedpkg breakage - Enable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default - Use only -f when removing unwanted headers - Update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - update various patches on account of upstream source updates - remove no longer needed patches
This commit is contained in:
commit
b712fb8528
|
@ -5,4 +5,5 @@ blank-cert9.db
|
|||
blank-key4.db
|
||||
PayPalEE.cert
|
||||
/nss-pem-20120811.tar.bz2
|
||||
/nss-3.13.6-stripped.tar.bz2
|
||||
/nss-3.14-stripped.tar.bz2
|
||||
/dummy-sources-for-testing
|
||||
|
|
|
@ -0,0 +1,168 @@
|
|||
diff -up ./mozilla/security/nss/cmd/certcgi/ca_form.html.870864 ./mozilla/security/nss/cmd/certcgi/ca_form.html
|
||||
--- ./mozilla/security/nss/cmd/certcgi/ca_form.html.870864 2012-03-20 07:46:53.000000000 -0700
|
||||
+++ ./mozilla/security/nss/cmd/certcgi/ca_form.html 2012-11-19 21:32:32.568415831 -0800
|
||||
@@ -167,6 +167,7 @@
|
||||
<input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P>
|
||||
<input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P>
|
||||
<input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P>
|
||||
+ <input type="checkbox" name="extKeyUsage-msCodeSign"> Microsoft Code Signing</P>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
diff -up ./mozilla/security/nss/cmd/certcgi/certcgi.c.870864 ./mozilla/security/nss/cmd/certcgi/certcgi.c
|
||||
--- ./mozilla/security/nss/cmd/certcgi/certcgi.c.870864 2012-04-29 05:52:04.000000000 -0700
|
||||
+++ ./mozilla/security/nss/cmd/certcgi/certcgi.c 2012-11-19 21:32:32.569415846 -0800
|
||||
@@ -21,6 +21,7 @@
|
||||
#include "pk11pqg.h"
|
||||
#include "certxutl.h"
|
||||
#include "nss.h"
|
||||
+#include "secutil.h"
|
||||
|
||||
|
||||
/* #define TEST 1 */
|
||||
@@ -33,6 +34,8 @@
|
||||
|
||||
static char *progName;
|
||||
|
||||
+extern SECOidTag szOID_KP_CTL_USAGE_SIGNING;
|
||||
+
|
||||
typedef struct PairStr Pair;
|
||||
|
||||
struct PairStr {
|
||||
@@ -819,6 +822,10 @@ AddExtKeyUsage(void *extHandle, Pair *da
|
||||
if( SECSuccess != rv ) goto loser;
|
||||
}
|
||||
|
||||
+ if( find_field_bool(data, "extKeyUsage-msCodeSign", PR_TRUE) ) {
|
||||
+ SECU_RegisterDynamicOids();
|
||||
+ }
|
||||
+
|
||||
if( find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE) ) {
|
||||
rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
|
||||
if( SECSuccess != rv ) goto loser;
|
||||
diff -up ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html.870864 ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html
|
||||
--- ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html.870864 2012-03-20 07:46:53.000000000 -0700
|
||||
+++ ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html 2012-11-19 21:32:32.570415861 -0800
|
||||
@@ -34,6 +34,7 @@
|
||||
<input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P>
|
||||
<input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P>
|
||||
<input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P>
|
||||
+ <input type="checkbox" name="extKeyUsage-msCodeSign"> Microsoft Code Signing</P>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
diff -up ./mozilla/security/nss/cmd/certutil/certext.c.870864 ./mozilla/security/nss/cmd/certutil/certext.c
|
||||
--- ./mozilla/security/nss/cmd/certutil/certext.c.870864 2012-03-20 07:46:54.000000000 -0700
|
||||
+++ ./mozilla/security/nss/cmd/certutil/certext.c 2012-11-19 21:32:32.571415876 -0800
|
||||
@@ -18,6 +18,9 @@
|
||||
#endif
|
||||
|
||||
#include "secutil.h"
|
||||
+/* #include "secoidt.h" */ /* For when we update nss */
|
||||
+
|
||||
+extern SECOidTag szOID_KP_CTL_USAGE_SIGNING;
|
||||
|
||||
#if defined(XP_UNIX)
|
||||
#include <unistd.h>
|
||||
@@ -483,6 +486,7 @@ extKeyUsageKeyWordArray[] = { "serverAut
|
||||
"timeStamp",
|
||||
"ocspResponder",
|
||||
"stepUp",
|
||||
+ "msCodeSigning",
|
||||
NULL};
|
||||
|
||||
static SECStatus
|
||||
@@ -554,6 +558,9 @@ AddExtKeyUsage (void *extHandle, const c
|
||||
case 6:
|
||||
rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
|
||||
break;
|
||||
+ case 7:
|
||||
+ rv = AddOidToSequence(os, szOID_KP_CTL_USAGE_SIGNING);
|
||||
+ break;
|
||||
default:
|
||||
goto endloop;
|
||||
}
|
||||
diff -up ./mozilla/security/nss/cmd/certutil/certutil.c.870864 ./mozilla/security/nss/cmd/certutil/certutil.c
|
||||
--- ./mozilla/security/nss/cmd/certutil/certutil.c.870864 2012-03-20 07:46:54.000000000 -0700
|
||||
+++ ./mozilla/security/nss/cmd/certutil/certutil.c 2012-11-19 21:32:32.573415906 -0800
|
||||
@@ -46,6 +46,8 @@
|
||||
|
||||
char *progName;
|
||||
|
||||
+extern SECOidTag szOID_KP_CTL_USAGE_SIGNING;
|
||||
+
|
||||
static CERTCertificateRequest *
|
||||
GetCertRequest(PRFileDesc *inFile, PRBool ascii)
|
||||
{
|
||||
@@ -1145,6 +1147,7 @@ static void luC(enum usage_level ul, con
|
||||
"%-20s \"emailProtection\", \"timeStamp\",\"ocspResponder\",\n"
|
||||
"%-20s \"stepUp\", \"critical\"\n",
|
||||
" -6 | --extKeyUsage keyword,keyword,...", "", "", "", "");
|
||||
+ "%-20s \"stepUp\", \"msCodeSign\", \"critical\"\n",
|
||||
FPS "%-20s Create an email subject alt name extension\n",
|
||||
" -7 emailAddrs");
|
||||
FPS "%-20s Create an dns subject alt name extension\n",
|
||||
diff -up ./mozilla/security/nss/cmd/lib/moreoids.c.870864 ./mozilla/security/nss/cmd/lib/moreoids.c
|
||||
--- ./mozilla/security/nss/cmd/lib/moreoids.c.870864 2012-03-20 07:46:59.000000000 -0700
|
||||
+++ ./mozilla/security/nss/cmd/lib/moreoids.c 2012-11-19 21:36:23.782925556 -0800
|
||||
@@ -41,6 +41,18 @@ OIDT mKPSCL[] = { MICROSOFT, 20, 2, 2 }
|
||||
OIDT mNTPN [] = { MICROSOFT, 20, 2, 3 }; /* NT Principal Name */
|
||||
OIDT mCASRV[] = { MICROSOFT, 21, 1 }; /* CertServ CA version */
|
||||
|
||||
+#define _TO_ITEM(x) {siDEROID, (unsigned char *)(x), sizeof(x) }
|
||||
+
|
||||
+SECOidTag szOID_KP_CTL_USAGE_SIGNING = SEC_OID_UNKNOWN;
|
||||
+/* { 1.3.6.1.4.1.311 } */
|
||||
+static const unsigned char msExtendedKeyUsageCodeSigning[] =
|
||||
+ { 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37, 0xa, 3, 1 };
|
||||
+
|
||||
+static const SECOidData microsoftAuthenticodeSigning_Entry =
|
||||
+ { _TO_ITEM(msExtendedKeyUsageCodeSigning), SEC_OID_UNKNOWN,
|
||||
+ "Microsoft Authenticode Signing", CKM_INVALID_MECHANISM,
|
||||
+ INVALID_CERT_EXTENSION };
|
||||
+
|
||||
/* AOL OIDs (1 3 6 1 4 1 1066 ... ) */
|
||||
#define AOL 0x2B, 0x06, 0x01, 0x04, 0x01, 0x88, 0x2A
|
||||
|
||||
@@ -127,6 +139,18 @@ static const SECOidData oids[] = {
|
||||
|
||||
static const unsigned int numOids = (sizeof oids) / (sizeof oids[0]);
|
||||
|
||||
+/* register the oid if we haven't already */
|
||||
+void
|
||||
+SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src)
|
||||
+{
|
||||
+ if (*data == SEC_OID_UNKNOWN) {
|
||||
+ /* AddEntry does the right thing if someone else has already
|
||||
+ * added the oid. (that is return that oid tag) */
|
||||
+ *data = SECOID_AddEntry(src);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+
|
||||
SECStatus
|
||||
SECU_RegisterDynamicOids(void)
|
||||
{
|
||||
@@ -144,5 +168,10 @@ SECU_RegisterDynamicOids(void)
|
||||
#endif
|
||||
}
|
||||
}
|
||||
+
|
||||
+ /* Fetch and register the oid on behalf of the tools. */
|
||||
+ SECU_cert_fetchOID(&szOID_KP_CTL_USAGE_SIGNING,
|
||||
+ µsoftAuthenticodeSigning_Entry);
|
||||
+
|
||||
return rv;
|
||||
}
|
||||
diff -up ./mozilla/security/nss/cmd/lib/secutil.h.870864 ./mozilla/security/nss/cmd/lib/secutil.h
|
||||
--- ./mozilla/security/nss/cmd/lib/secutil.h.870864 2012-09-27 10:13:33.000000000 -0700
|
||||
+++ ./mozilla/security/nss/cmd/lib/secutil.h 2012-11-19 21:32:32.575415936 -0800
|
||||
@@ -293,6 +293,8 @@ extern SECStatus DER_PrettyPrint(FILE *o
|
||||
|
||||
extern char *SECU_SECModDBName(void);
|
||||
|
||||
+extern void SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src);
|
||||
+
|
||||
extern SECStatus SECU_RegisterDynamicOids(void);
|
||||
|
||||
/* Identifies hash algorithm tag by its string representation. */
|
|
@ -1,27 +0,0 @@
|
|||
From ea14b3279da63a344dcaf3466592c2619025ac28 Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Mon, 9 Jan 2012 14:10:07 +0100
|
||||
Subject: [PATCH] nss - rhbz #772628 (fix a memory leak in nssinit.c) V2
|
||||
|
||||
---
|
||||
mozilla/security/nss/lib/nss/nssinit.c | 4 ++++
|
||||
1 files changed, 4 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/mozilla/security/nss/lib/nss/nssinit.c b/mozilla/security/nss/lib/nss/nssinit.c
|
||||
index f1c0327..9fbbab7 100644
|
||||
--- a/mozilla/security/nss/lib/nss/nssinit.c
|
||||
+++ b/mozilla/security/nss/lib/nss/nssinit.c
|
||||
@@ -754,6 +754,10 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
|
||||
PZ_NotifyAllCondVar(nssInitCondition);
|
||||
PZ_Unlock(nssInitLock);
|
||||
|
||||
+ if (initContextPtr && configStrings) {
|
||||
+ PR_smprintf_free(configStrings);
|
||||
+ }
|
||||
+
|
||||
return SECSuccess;
|
||||
|
||||
loser:
|
||||
--
|
||||
1.7.1
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
diff -up ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 ./mozilla/security/nss/lib/nss/nssinit.c
|
||||
--- ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 2011-10-19 17:41:09.148204402 -0700
|
||||
+++ ./mozilla/security/nss/lib/nss/nssinit.c 2011-10-19 17:42:32.354416861 -0700
|
||||
@@ -616,15 +616,19 @@ nss_Init(const char *configdir, const ch
|
||||
passwordRequired = pk11_password_required;
|
||||
}
|
||||
|
||||
- /* we always try to initialize the modules */
|
||||
- rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
|
||||
+ /* Skip the module init if we are already initted and we are trying
|
||||
+ * to init with not noCertDB and noModDB */
|
||||
+ if (!(isReallyInitted && noCertDB && noModDB)) {
|
||||
+ /* we always try to initialize the modules */
|
||||
+ rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
|
||||
updateDir, updCertPrefix, updKeyPrefix, updateID,
|
||||
updateName, configName, configStrings, passwordRequired,
|
||||
readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
|
||||
(initContextPtr != NULL));
|
||||
|
||||
- if (rv != SECSuccess) {
|
||||
- goto loser;
|
||||
+ if (rv != SECSuccess) {
|
||||
+ goto loser;
|
||||
+ }
|
||||
}
|
||||
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
diff -up ./mozilla/security/nss/lib/nss/nssinit.c.800682 ./mozilla/security/nss/lib/nss/nssinit.c
|
||||
--- ./mozilla/security/nss/lib/nss/nssinit.c.800682 2012-03-07 17:34:50.846174813 -0800
|
||||
+++ ./mozilla/security/nss/lib/nss/nssinit.c 2012-03-07 17:36:12.545753433 -0800
|
||||
@@ -1151,6 +1151,11 @@ SECStatus
|
||||
NSS_Shutdown(void)
|
||||
{
|
||||
SECStatus rv;
|
||||
+ /* make sure our lock and condition variable are initialized one and only
|
||||
+ * one time */
|
||||
+ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
|
||||
+ return SECFailure;
|
||||
+ }
|
||||
PZ_Lock(nssInitLock);
|
||||
|
||||
if (!nssIsInitted) {
|
|
@ -0,0 +1,393 @@
|
|||
Index: ./mozilla/security/nss/lib/cryptohi/keythi.h
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/cryptohi/keythi.h,v
|
||||
retrieving revision 1.17
|
||||
diff -u -p -r1.17 keythi.h
|
||||
--- ./mozilla/security/nss/lib/cryptohi/keythi.h 16 May 2012 12:34:15 -0000 1.17
|
||||
+++ ./mozilla/security/nss/lib/cryptohi/keythi.h 2 Nov 2012 18:09:53 -0000
|
||||
@@ -214,7 +214,12 @@ typedef struct SECKEYPublicKeyStr SECKEY
|
||||
#define SECKEY_HAS_ATTRIBUTE_SET(key,attribute) \
|
||||
(0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \
|
||||
(0 != (key->staticflags & SECKEY_##attribute)) : \
|
||||
- PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute)
|
||||
+ PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, PR_FALSE)
|
||||
+
|
||||
+#define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key,attribute, haslock) \
|
||||
+ (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \
|
||||
+ (0 != (key->staticflags & SECKEY_##attribute)) : \
|
||||
+ PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, haslock)
|
||||
|
||||
/*
|
||||
** A generic key structure
|
||||
Index: ./mozilla/security/nss/lib/cryptohi/seckey.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/cryptohi/seckey.c,v
|
||||
retrieving revision 1.68
|
||||
diff -u -p -r1.68 seckey.c
|
||||
--- ./mozilla/security/nss/lib/cryptohi/seckey.c 25 Jun 2012 21:48:39 -0000 1.68
|
||||
+++ ./mozilla/security/nss/lib/cryptohi/seckey.c 2 Nov 2012 18:09:53 -0000
|
||||
@@ -1918,7 +1918,7 @@ loser:
|
||||
}
|
||||
|
||||
#define SECKEY_CacheAttribute(key, attribute) \
|
||||
- if (CK_TRUE == PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute)) { \
|
||||
+ if (CK_TRUE == PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE)) { \
|
||||
key->staticflags |= SECKEY_##attribute; \
|
||||
} else { \
|
||||
key->staticflags &= (~SECKEY_##attribute); \
|
||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11akey.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v
|
||||
retrieving revision 1.36
|
||||
diff -u -p -r1.36 pk11akey.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11akey.c 25 Apr 2012 14:50:04 -0000 1.36
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11akey.c 2 Nov 2012 18:09:54 -0000
|
||||
@@ -740,7 +740,7 @@ PK11_MakePrivKey(PK11SlotInfo *slot, Key
|
||||
CK_KEY_TYPE pk11Type = CKK_RSA;
|
||||
|
||||
pk11Type = PK11_ReadULongAttribute(slot,privID,CKA_KEY_TYPE);
|
||||
- isTemp = (PRBool)!PK11_HasAttributeSet(slot,privID,CKA_TOKEN);
|
||||
+ isTemp = (PRBool)!PK11_HasAttributeSet(slot,privID,CKA_TOKEN,PR_FALSE);
|
||||
switch (pk11Type) {
|
||||
case CKK_RSA: keyType = rsaKey; break;
|
||||
case CKK_DSA: keyType = dsaKey; break;
|
||||
@@ -754,7 +754,7 @@ PK11_MakePrivKey(PK11SlotInfo *slot, Key
|
||||
|
||||
/* if the key is private, make sure we are authenticated to the
|
||||
* token before we try to use it */
|
||||
- isPrivate = (PRBool)PK11_HasAttributeSet(slot,privID,CKA_PRIVATE);
|
||||
+ isPrivate = (PRBool)PK11_HasAttributeSet(slot,privID,CKA_PRIVATE,PR_FALSE);
|
||||
if (isPrivate) {
|
||||
rv = PK11_Authenticate(slot, PR_TRUE, wincx);
|
||||
if (rv != SECSuccess) {
|
||||
@@ -1432,7 +1432,7 @@ PK11_GenerateKeyPairWithOpFlags(PK11Slot
|
||||
|
||||
/* set the ID to the public key so we can find it again */
|
||||
cka_id = pk11_MakeIDFromPublicKey(*pubKey);
|
||||
- pubIsToken = (PRBool)PK11_HasAttributeSet(slot,pubID, CKA_TOKEN);
|
||||
+ pubIsToken = (PRBool)PK11_HasAttributeSet(slot,pubID, CKA_TOKEN,PR_FALSE);
|
||||
|
||||
PK11_SETATTRS(&setTemplate, CKA_ID, cka_id->data, cka_id->len);
|
||||
|
||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11auth.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11auth.c,v
|
||||
retrieving revision 1.16
|
||||
diff -u -p -r1.16 pk11auth.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11auth.c 16 May 2012 12:34:19 -0000 1.16
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11auth.c 2 Nov 2012 18:09:54 -0000
|
||||
@@ -45,8 +45,9 @@ static struct PK11GlobalStruct {
|
||||
* Check the user's password. Log into the card if it's correct.
|
||||
* succeed if the user is already logged in.
|
||||
*/
|
||||
-SECStatus
|
||||
-pk11_CheckPassword(PK11SlotInfo *slot,char *pw,PRBool contextSpecific)
|
||||
+static SECStatus
|
||||
+pk11_CheckPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
|
||||
+ char *pw, PRBool alreadyLocked, PRBool contextSpecific)
|
||||
{
|
||||
int len = 0;
|
||||
CK_RV crv;
|
||||
@@ -66,13 +67,13 @@ pk11_CheckPassword(PK11SlotInfo *slot,ch
|
||||
}
|
||||
|
||||
do {
|
||||
- PK11_EnterSlotMonitor(slot);
|
||||
- crv = PK11_GETTAB(slot)->C_Login(slot->session,
|
||||
+ if (!alreadyLocked) PK11_EnterSlotMonitor(slot);
|
||||
+ crv = PK11_GETTAB(slot)->C_Login(session,
|
||||
contextSpecific ? CKU_CONTEXT_SPECIFIC : CKU_USER,
|
||||
(unsigned char *)pw,len);
|
||||
slot->lastLoginCheck = 0;
|
||||
mustRetry = PR_FALSE;
|
||||
- PK11_ExitSlotMonitor(slot);
|
||||
+ if (!alreadyLocked) PK11_ExitSlotMonitor(slot);
|
||||
switch (crv) {
|
||||
/* if we're already logged in, we're good to go */
|
||||
case CKR_OK:
|
||||
@@ -91,10 +92,19 @@ pk11_CheckPassword(PK11SlotInfo *slot,ch
|
||||
* if the token is still there. */
|
||||
case CKR_SESSION_HANDLE_INVALID:
|
||||
case CKR_SESSION_CLOSED:
|
||||
+ if (session != slot->session) {
|
||||
+ /* don't bother retrying, we were in a middle of an operation,
|
||||
+ * which is now lost. Just fail. */
|
||||
+ PORT_SetError(PK11_MapError(crv));
|
||||
+ rv = SECFailure;
|
||||
+ break;
|
||||
+ }
|
||||
if (retry++ == 0) {
|
||||
rv = PK11_InitToken(slot,PR_FALSE);
|
||||
if (rv == SECSuccess) {
|
||||
if (slot->session != CK_INVALID_SESSION) {
|
||||
+ session = slot->session; /* we should have
|
||||
+ * a new session now */
|
||||
mustRetry = PR_TRUE;
|
||||
} else {
|
||||
PORT_SetError(PK11_MapError(crv));
|
||||
@@ -242,7 +252,8 @@ PK11_HandlePasswordCheck(PK11SlotInfo *s
|
||||
NeedAuth = PR_TRUE;
|
||||
}
|
||||
}
|
||||
- if (NeedAuth) PK11_DoPassword(slot,PR_TRUE,wincx,PR_FALSE);
|
||||
+ if (NeedAuth) PK11_DoPassword(slot, slot->session, PR_TRUE,
|
||||
+ wincx, PR_FALSE, PR_FALSE);
|
||||
}
|
||||
|
||||
void
|
||||
@@ -301,7 +312,8 @@ pk11_LoginStillRequired(PK11SlotInfo *sl
|
||||
SECStatus
|
||||
PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx) {
|
||||
if (pk11_LoginStillRequired(slot,wincx)) {
|
||||
- return PK11_DoPassword(slot,loadCerts,wincx,PR_FALSE);
|
||||
+ return PK11_DoPassword(slot, slot->session, loadCerts, wincx,
|
||||
+ PR_FALSE, PR_FALSE);
|
||||
}
|
||||
return SECSuccess;
|
||||
}
|
||||
@@ -532,7 +544,8 @@ PK11_SetIsLoggedInFunc(PK11IsLoggedInFun
|
||||
* of the PKCS 11 module.
|
||||
*/
|
||||
SECStatus
|
||||
-PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx,
|
||||
+PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
|
||||
+ PRBool loadCerts, void *wincx, PRBool alreadyLocked,
|
||||
PRBool contextSpecific)
|
||||
{
|
||||
SECStatus rv = SECFailure;
|
||||
@@ -602,7 +615,8 @@ PK11_DoPassword(PK11SlotInfo *slot, PRBo
|
||||
break;
|
||||
}
|
||||
}
|
||||
- rv = pk11_CheckPassword(slot,password,contextSpecific);
|
||||
+ rv = pk11_CheckPassword(slot, session, password,
|
||||
+ alreadyLocked, contextSpecific);
|
||||
PORT_Memset(password, 0, PORT_Strlen(password));
|
||||
PORT_Free(password);
|
||||
if (rv != SECWouldBlock) break;
|
||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11merge.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11merge.c,v
|
||||
retrieving revision 1.10
|
||||
diff -u -p -r1.10 pk11merge.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11merge.c 25 Apr 2012 14:50:05 -0000 1.10
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11merge.c 2 Nov 2012 18:09:54 -0000
|
||||
@@ -169,15 +169,15 @@ pk11_getPrivateKeyUsage(PK11SlotInfo *sl
|
||||
{
|
||||
unsigned int usage = 0;
|
||||
|
||||
- if ((PK11_HasAttributeSet(slot, id, CKA_UNWRAP) ||
|
||||
- PK11_HasAttributeSet(slot,id, CKA_DECRYPT))) {
|
||||
+ if ((PK11_HasAttributeSet(slot, id, CKA_UNWRAP,PR_FALSE) ||
|
||||
+ PK11_HasAttributeSet(slot,id, CKA_DECRYPT,PR_FALSE))) {
|
||||
usage |= KU_KEY_ENCIPHERMENT;
|
||||
}
|
||||
- if (PK11_HasAttributeSet(slot, id, CKA_DERIVE)) {
|
||||
+ if (PK11_HasAttributeSet(slot, id, CKA_DERIVE, PR_FALSE)) {
|
||||
usage |= KU_KEY_AGREEMENT;
|
||||
}
|
||||
- if ((PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER) ||
|
||||
- PK11_HasAttributeSet(slot, id, CKA_SIGN))) {
|
||||
+ if ((PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER, PR_FALSE) ||
|
||||
+ PK11_HasAttributeSet(slot, id, CKA_SIGN, PR_FALSE))) {
|
||||
usage |= KU_DIGITAL_SIGNATURE;
|
||||
}
|
||||
return usage;
|
||||
@@ -373,31 +373,31 @@ pk11_getSecretKeyFlags(PK11SlotInfo *slo
|
||||
{
|
||||
CK_FLAGS flags = 0;
|
||||
|
||||
- if (PK11_HasAttributeSet(slot, id, CKA_UNWRAP)) {
|
||||
+ if (PK11_HasAttributeSet(slot, id, CKA_UNWRAP, PR_FALSE)) {
|
||||
flags |= CKF_UNWRAP;
|
||||
}
|
||||
- if (PK11_HasAttributeSet(slot, id, CKA_WRAP)) {
|
||||
+ if (PK11_HasAttributeSet(slot, id, CKA_WRAP, PR_FALSE)) {
|
||||
flags |= CKF_WRAP;
|
||||
}
|
||||
- if (PK11_HasAttributeSet(slot, id, CKA_ENCRYPT)) {
|
||||
+ if (PK11_HasAttributeSet(slot, id, CKA_ENCRYPT, PR_FALSE)) {
|
||||
flags |= CKF_ENCRYPT;
|
||||
}
|
||||
- if (PK11_HasAttributeSet(slot, id, CKA_DECRYPT)) {
|
||||
+ if (PK11_HasAttributeSet(slot, id, CKA_DECRYPT, PR_FALSE)) {
|
||||
flags |= CKF_DECRYPT;
|
||||
}
|
||||
- if (PK11_HasAttributeSet(slot, id, CKA_DERIVE)) {
|
||||
+ if (PK11_HasAttributeSet(slot, id, CKA_DERIVE, PR_FALSE)) {
|
||||
flags |= CKF_DERIVE;
|
||||
}
|
||||
- if (PK11_HasAttributeSet(slot, id, CKA_SIGN)) {
|
||||
+ if (PK11_HasAttributeSet(slot, id, CKA_SIGN, PR_FALSE)) {
|
||||
flags |= CKF_SIGN;
|
||||
}
|
||||
- if (PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER)) {
|
||||
+ if (PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER, PR_FALSE)) {
|
||||
flags |= CKF_SIGN_RECOVER;
|
||||
}
|
||||
- if (PK11_HasAttributeSet(slot, id, CKA_VERIFY)) {
|
||||
+ if (PK11_HasAttributeSet(slot, id, CKA_VERIFY, PR_FALSE)) {
|
||||
flags |= CKF_VERIFY;
|
||||
}
|
||||
- if (PK11_HasAttributeSet(slot, id, CKA_VERIFY_RECOVER)) {
|
||||
+ if (PK11_HasAttributeSet(slot, id, CKA_VERIFY_RECOVER, PR_FALSE)) {
|
||||
flags |= CKF_VERIFY_RECOVER;
|
||||
}
|
||||
return flags;
|
||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11obj.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11obj.c,v
|
||||
retrieving revision 1.27
|
||||
diff -u -p -r1.27 pk11obj.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11obj.c 29 Jun 2012 17:46:25 -0000 1.27
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11obj.c 2 Nov 2012 18:09:54 -0000
|
||||
@@ -146,7 +146,7 @@ PK11_ReadULongAttribute(PK11SlotInfo *sl
|
||||
*/
|
||||
CK_BBOOL
|
||||
PK11_HasAttributeSet( PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
|
||||
- CK_ATTRIBUTE_TYPE type )
|
||||
+ CK_ATTRIBUTE_TYPE type, PRBool haslock )
|
||||
{
|
||||
CK_BBOOL ckvalue = CK_FALSE;
|
||||
CK_ATTRIBUTE theTemplate;
|
||||
@@ -156,10 +156,10 @@ PK11_HasAttributeSet( PK11SlotInfo *slot
|
||||
PK11_SETATTRS( &theTemplate, type, &ckvalue, sizeof( CK_BBOOL ) );
|
||||
|
||||
/* Retrieve attribute value. */
|
||||
- PK11_EnterSlotMonitor(slot);
|
||||
+ if (!haslock) PK11_EnterSlotMonitor(slot);
|
||||
crv = PK11_GETTAB( slot )->C_GetAttributeValue( slot->session, id,
|
||||
&theTemplate, 1 );
|
||||
- PK11_ExitSlotMonitor(slot);
|
||||
+ if (!haslock) PK11_ExitSlotMonitor(slot);
|
||||
if( crv != CKR_OK ) {
|
||||
PORT_SetError( PK11_MapError( crv ) );
|
||||
return CK_FALSE;
|
||||
@@ -254,7 +254,7 @@ PK11_GetAttributes(PRArenaPool *arena,PK
|
||||
PRBool
|
||||
PK11_IsPermObject(PK11SlotInfo *slot, CK_OBJECT_HANDLE handle)
|
||||
{
|
||||
- return (PRBool) PK11_HasAttributeSet(slot, handle, CKA_TOKEN);
|
||||
+ return (PRBool) PK11_HasAttributeSet(slot, handle, CKA_TOKEN, PR_FALSE);
|
||||
}
|
||||
|
||||
char *
|
||||
@@ -735,6 +735,7 @@ PK11_Sign(SECKEYPrivateKey *key, SECItem
|
||||
CK_MECHANISM mech = {0, NULL, 0 };
|
||||
PRBool owner = PR_TRUE;
|
||||
CK_SESSION_HANDLE session;
|
||||
+ PRBool haslock = PR_FALSE;
|
||||
CK_ULONG len;
|
||||
CK_RV crv;
|
||||
|
||||
@@ -745,24 +746,27 @@ PK11_Sign(SECKEYPrivateKey *key, SECItem
|
||||
}
|
||||
|
||||
session = pk11_GetNewSession(slot,&owner);
|
||||
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
|
||||
+ haslock = (!owner || !(slot->isThreadSafe));
|
||||
+ if (haslock) PK11_EnterSlotMonitor(slot);
|
||||
crv = PK11_GETTAB(slot)->C_SignInit(session,&mech,key->pkcs11ID);
|
||||
if (crv != CKR_OK) {
|
||||
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
|
||||
+ if (haslock) PK11_ExitSlotMonitor(slot);
|
||||
pk11_CloseSession(slot,session,owner);
|
||||
PORT_SetError( PK11_MapError(crv) );
|
||||
return SECFailure;
|
||||
}
|
||||
- /* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
|
||||
- * do C_Login with CKU_CONTEXT_SPECIFIC
|
||||
- * between C_SignInit and C_Sign */
|
||||
- if (SECKEY_HAS_ATTRIBUTE_SET(key,CKA_ALWAYS_AUTHENTICATE)) {
|
||||
- PK11_DoPassword(slot, PR_FALSE, key->wincx, PR_TRUE);
|
||||
- }
|
||||
+
|
||||
+ /* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
|
||||
+ * do C_Login with CKU_CONTEXT_SPECIFIC
|
||||
+ * between C_SignInit and C_Sign */
|
||||
+ if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) {
|
||||
+ PK11_DoPassword(slot, session, PR_FALSE, key->wincx, haslock, PR_TRUE);
|
||||
+ }
|
||||
+
|
||||
len = sig->len;
|
||||
crv = PK11_GETTAB(slot)->C_Sign(session,hash->data,
|
||||
hash->len, sig->data, &len);
|
||||
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
|
||||
+ if (haslock) PK11_ExitSlotMonitor(slot);
|
||||
pk11_CloseSession(slot,session,owner);
|
||||
sig->len = len;
|
||||
if (crv != CKR_OK) {
|
||||
@@ -788,6 +792,7 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *ke
|
||||
CK_ULONG out = maxLen;
|
||||
PRBool owner = PR_TRUE;
|
||||
CK_SESSION_HANDLE session;
|
||||
+ PRBool haslock = PR_FALSE;
|
||||
CK_RV crv;
|
||||
|
||||
if (key->keyType != rsaKey) {
|
||||
@@ -803,23 +808,26 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *ke
|
||||
PK11_HandlePasswordCheck(slot, key->wincx);
|
||||
}
|
||||
session = pk11_GetNewSession(slot,&owner);
|
||||
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
|
||||
+ haslock = (!owner || !(slot->isThreadSafe));
|
||||
+ if (haslock) PK11_EnterSlotMonitor(slot);
|
||||
crv = PK11_GETTAB(slot)->C_DecryptInit(session, mech, key->pkcs11ID);
|
||||
if (crv != CKR_OK) {
|
||||
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
|
||||
+ if (haslock) PK11_ExitSlotMonitor(slot);
|
||||
pk11_CloseSession(slot,session,owner);
|
||||
PORT_SetError( PK11_MapError(crv) );
|
||||
return SECFailure;
|
||||
}
|
||||
- /* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
|
||||
- * do C_Login with CKU_CONTEXT_SPECIFIC
|
||||
- * between C_DecryptInit and C_Decrypt */
|
||||
- /* But see note above about servers */
|
||||
- if (SECKEY_HAS_ATTRIBUTE_SET(key,CKA_ALWAYS_AUTHENTICATE)) {
|
||||
- PK11_DoPassword(slot, PR_FALSE, key->wincx, PR_TRUE);
|
||||
- }
|
||||
+
|
||||
+ /* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
|
||||
+ * do C_Login with CKU_CONTEXT_SPECIFIC
|
||||
+ * between C_DecryptInit and C_Decrypt
|
||||
+ * ... But see note above about servers */
|
||||
+ if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) {
|
||||
+ PK11_DoPassword(slot, session, PR_FALSE, key->wincx, haslock, PR_TRUE);
|
||||
+ }
|
||||
+
|
||||
crv = PK11_GETTAB(slot)->C_Decrypt(session,enc, encLen, data, &out);
|
||||
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
|
||||
+ if (haslock) PK11_ExitSlotMonitor(slot);
|
||||
pk11_CloseSession(slot,session,owner);
|
||||
*outLen = out;
|
||||
if (crv != CKR_OK) {
|
||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
|
||||
retrieving revision 1.18
|
||||
diff -u -p -r1.18 pk11priv.h
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 16 May 2012 12:34:20 -0000 1.18
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 2 Nov 2012 18:09:55 -0000
|
||||
@@ -59,8 +59,9 @@ void PK11_CleanKeyList(PK11SlotInfo *slo
|
||||
/************************************************************
|
||||
* Slot Password Management
|
||||
************************************************************/
|
||||
-SECStatus PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx,
|
||||
- PRBool contextSpecific);
|
||||
+SECStatus PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
|
||||
+ PRBool loadCerts, void *wincx, PRBool alreadyLocked,
|
||||
+ PRBool contextSpecific);
|
||||
SECStatus PK11_VerifyPW(PK11SlotInfo *slot,char *pw);
|
||||
void PK11_HandlePasswordCheck(PK11SlotInfo *slot,void *wincx);
|
||||
void PK11_SetVerifyPasswordFunc(PK11VerifyPasswordFunc func);
|
||||
@@ -121,7 +122,8 @@ CK_OBJECT_HANDLE PK11_MatchItem(PK11Slot
|
||||
CK_OBJECT_CLASS o_class);
|
||||
CK_BBOOL PK11_HasAttributeSet( PK11SlotInfo *slot,
|
||||
CK_OBJECT_HANDLE id,
|
||||
- CK_ATTRIBUTE_TYPE type );
|
||||
+ CK_ATTRIBUTE_TYPE type,
|
||||
+ PRBool haslock );
|
||||
CK_RV PK11_GetAttributes(PLArenaPool *arena,PK11SlotInfo *slot,
|
||||
CK_OBJECT_HANDLE obj,CK_ATTRIBUTE *attr, int count);
|
||||
int PK11_NumberCertsForCertSubject(CERTCertificate *cert);
|
|
@ -1,40 +0,0 @@
|
|||
diff -up mozilla/security/nss/lib/nss/nssinit.c.784672 mozilla/security/nss/lib/nss/nssinit.c
|
||||
--- mozilla/security/nss/lib/nss/nssinit.c.784672 2012-01-26 14:43:46.232357231 -0800
|
||||
+++ mozilla/security/nss/lib/nss/nssinit.c 2012-01-26 14:50:55.830512565 -0800
|
||||
@@ -944,6 +944,12 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sF
|
||||
{
|
||||
int i;
|
||||
|
||||
+ /* make sure our lock and condition variable are initialized one and only
|
||||
+ * one time */
|
||||
+ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
|
||||
+ return SECFailure;
|
||||
+ }
|
||||
+
|
||||
PZ_Lock(nssInitLock);
|
||||
if (!NSS_IsInitialized()) {
|
||||
PZ_Unlock(nssInitLock);
|
||||
@@ -1002,6 +1008,11 @@ NSS_UnregisterShutdown(NSS_ShutdownFunc
|
||||
{
|
||||
int i;
|
||||
|
||||
+ /* make sure our lock and condition variable are initialized one and only
|
||||
+ * one time */
|
||||
+ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
|
||||
+ return SECFailure;
|
||||
+ }
|
||||
PZ_Lock(nssInitLock);
|
||||
if (!NSS_IsInitialized()) {
|
||||
PZ_Unlock(nssInitLock);
|
||||
@@ -1192,6 +1203,11 @@ NSS_ShutdownContext(NSSInitContext *cont
|
||||
{
|
||||
SECStatus rv = SECSuccess;
|
||||
|
||||
+ /* make sure our lock and condition variable are initialized one and only
|
||||
+ * one time */
|
||||
+ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
|
||||
+ return SECFailure;
|
||||
+ }
|
||||
PZ_Lock(nssInitLock);
|
||||
/* If one or more threads are in the middle of init, wait for them
|
||||
* to complete */
|
|
@ -1,19 +0,0 @@
|
|||
diff -up ./mozilla/security/nss/cmd/manifest.mn.nofipstest ./mozilla/security/nss/cmd/manifest.mn
|
||||
--- ./mozilla/security/nss/cmd/manifest.mn.nofipstest 2011-12-03 22:54:40.969914919 -0800
|
||||
+++ ./mozilla/security/nss/cmd/manifest.mn 2011-12-03 22:55:12.348505822 -0800
|
||||
@@ -54,7 +54,6 @@ DIRS = lib \
|
||||
dbtest \
|
||||
derdump \
|
||||
digest \
|
||||
- fipstest \
|
||||
makepqg \
|
||||
multinit \
|
||||
ocspclnt \
|
||||
@@ -84,6 +83,7 @@ DIRS = lib \
|
||||
$(NULL)
|
||||
|
||||
TEMPORARILY_DONT_BUILD = \
|
||||
+ fipstest \
|
||||
$(NULL)
|
||||
|
||||
# rsaperf \
|
|
@ -0,0 +1,9 @@
|
|||
diff -up ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test ./mozilla/security/nss/tests/chains/scenarios/scenarios
|
||||
--- ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test 2012-10-12 09:30:07.264987000 -0700
|
||||
+++ ./mozilla/security/nss/tests/chains/scenarios/scenarios 2012-10-12 09:34:55.653123000 -0700
|
||||
@@ -49,5 +49,4 @@ bridgewithpolicyextensionandmapping.cfg
|
||||
realcerts.cfg
|
||||
dsa.cfg
|
||||
revoc.cfg
|
||||
-ocsp.cfg
|
||||
crldp.cfg
|
|
@ -1,7 +1,42 @@
|
|||
diff -up ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 ./mozilla/security/nss/cmd/selfserv/selfserv.c
|
||||
--- ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 2011-10-06 10:42:06.913919000 -0700
|
||||
+++ ./mozilla/security/nss/cmd/selfserv/selfserv.c 2011-10-06 10:43:14.858987000 -0700
|
||||
@@ -1491,14 +1491,18 @@ getBoundListenSocket(unsigned short port
|
||||
Index: ./mozilla/security/nss/cmd/httpserv/httpserv.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/httpserv/httpserv.c,v
|
||||
retrieving revision 1.1
|
||||
diff -u -p -r1.1 httpserv.c
|
||||
--- ./mozilla/security/nss/cmd/httpserv/httpserv.c 28 Jun 2012 11:11:06 -0000 1.1
|
||||
+++ ./mozilla/security/nss/cmd/httpserv/httpserv.c 21 Oct 2012 22:22:10 -0000
|
||||
@@ -661,14 +661,18 @@ getBoundListenSocket(unsigned short port
|
||||
PRStatus prStatus;
|
||||
PRNetAddr addr;
|
||||
PRSocketOptionData opt;
|
||||
+ PRUint16 socketDomain = PR_AF_INET;
|
||||
|
||||
- addr.inet.family = PR_AF_INET;
|
||||
- addr.inet.ip = PR_INADDR_ANY;
|
||||
- addr.inet.port = PR_htons(port);
|
||||
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
|
||||
+ errExit("PR_SetNetAddr");
|
||||
+ }
|
||||
|
||||
- listen_sock = PR_NewTCPSocket();
|
||||
+ if (PR_GetEnv("NSS_USE_SDP")) {
|
||||
+ socketDomain = PR_AF_INET_SDP;
|
||||
+ }
|
||||
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
|
||||
if (listen_sock == NULL) {
|
||||
- errExit("PR_NewTCPSocket");
|
||||
+ errExit("PR_OpenTCPSocket error");
|
||||
}
|
||||
|
||||
opt.option = PR_SockOpt_Nonblocking;
|
||||
Index: ./mozilla/security/nss/cmd/selfserv/selfserv.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
|
||||
retrieving revision 1.102
|
||||
diff -u -p -r1.102 selfserv.c
|
||||
--- ./mozilla/security/nss/cmd/selfserv/selfserv.c 27 Sep 2012 17:13:34 -0000 1.102
|
||||
+++ ./mozilla/security/nss/cmd/selfserv/selfserv.c 21 Oct 2012 22:22:10 -0000
|
||||
@@ -1483,14 +1483,18 @@ getBoundListenSocket(unsigned short port
|
||||
PRStatus prStatus;
|
||||
PRNetAddr addr;
|
||||
PRSocketOptionData opt;
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
diff -up ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 ./mozilla/security/nss/lib/softoken/secmodt.h
|
||||
--- ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 2012-02-29 16:27:58.474061098 -0800
|
||||
+++ ./mozilla/security/nss/lib/softoken/secmodt.h 2012-02-29 16:30:55.604349312 -0800
|
||||
@@ -342,7 +342,7 @@ typedef PRUint32 PK11AttrFlags;
|
||||
#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
|
||||
|
||||
#define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
|
||||
-"Flags=internal,critical" fips " slotparams=(" #slot "={" SECMOD_SLOT_FLAGS "})"
|
||||
+"Flags=internal,critical" fips" slotparams=("#slot"={" SECMOD_SLOT_FLAGS"})"
|
||||
|
||||
#define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
|
||||
#define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1)
|
|
@ -1,25 +1,25 @@
|
|||
diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c
|
||||
--- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible 2012-01-05 13:54:36.430389994 -0800
|
||||
+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-01-05 13:55:25.810750394 -0800
|
||||
@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = {
|
||||
diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.770682 ./mozilla/security/nss/lib/ssl/sslsock.c
|
||||
--- ./mozilla/security/nss/lib/ssl/sslsock.c.770682 2012-11-01 11:10:54.107504267 -0700
|
||||
+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-11-01 11:07:36.758464814 -0700
|
||||
@@ -153,7 +153,7 @@ static sslOptions ssl_defaults = {
|
||||
3, /* enableRenegotiation (default: transitional) */
|
||||
PR_FALSE, /* requireSafeNegotiation */
|
||||
PR_FALSE, /* enableFalseStart */
|
||||
- PR_TRUE /* cbcRandomIV */
|
||||
+ PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */
|
||||
- PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */
|
||||
+ PR_TRUE /* cbcRandomIV */
|
||||
};
|
||||
|
||||
sslSessionIDLookupFunc ssl_sid_lookup;
|
||||
@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void)
|
||||
/*
|
||||
@@ -2833,9 +2833,9 @@ ssl_SetDefaultsFromEnvironment(void)
|
||||
PR_TRUE));
|
||||
}
|
||||
ev = getenv("NSS_SSL_CBC_RANDOM_IV");
|
||||
- if (ev && ev[0] == '0') {
|
||||
- ssl_defaults.cbcRandomIV = PR_FALSE;
|
||||
- SSL_TRACE(("SSL: cbcRandomIV set to 0"));
|
||||
+ if (ev && ev[0] == '1') {
|
||||
+ ssl_defaults.cbcRandomIV = PR_TRUE;
|
||||
+ SSL_TRACE(("SSL: cbcRandomIV set to 1"));
|
||||
- if (ev && ev[0] == '1') {
|
||||
- ssl_defaults.cbcRandomIV = PR_TRUE;
|
||||
- SSL_TRACE(("SSL: cbcRandomIV set to 1"));
|
||||
+ if (ev && ev[0] == '0') {
|
||||
+ ssl_defaults.cbcRandomIV = PR_FALSE;
|
||||
+ SSL_TRACE(("SSL: cbcRandomIV set to 0"));
|
||||
}
|
||||
}
|
||||
#endif /* NSS_HAVE_GETENV */
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
diff -up ./mozilla/security/nss/lib/ssl/derive.c.nobypass ./mozilla/security/nss/lib/ssl/derive.c
|
||||
diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.nobypass ./mozilla/security/nss/lib/ssl/sslsock.c
|
||||
--- ./mozilla/security/nss/lib/ssl/sslsock.c.nobypass 2012-10-07 15:12:25.455307540 -0700
|
||||
+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-10-07 15:21:27.229346754 -0700
|
||||
@@ -547,8 +547,8 @@ static PRStatus SSL_BypassRegisterShutdo
|
||||
static PRStatus SSL_BypassSetup(void)
|
||||
{
|
||||
#ifdef NO_PKCS11_BYPASS
|
||||
- /* Guarantee binary compatibility */
|
||||
- return PR_SUCCESS;
|
||||
+ /* We can safely return failure as we have never supported it */
|
||||
+ return PR_FALSE;
|
||||
#else
|
||||
return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown);
|
||||
#endif
|
177
nss.spec
177
nss.spec
|
@ -1,14 +1,14 @@
|
|||
%global nspr_version 4.9.2
|
||||
%global nss_util_version 3.13.6
|
||||
%global nss_util_version 3.14
|
||||
%global nss_softokn_fips_version 3.12.9
|
||||
%global nss_softokn_version 3.13.6
|
||||
%global nss_softokn_version 3.14
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.13.6
|
||||
Release: 1%{?dist}
|
||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||
Version: 3.14
|
||||
Release: 7%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
Requires: nspr >= %{nspr_version}
|
||||
|
@ -62,22 +62,17 @@ Patch18: nss-646045.patch
|
|||
# must statically link pem against the freebl in the buildroot
|
||||
# Needed only when freebl on tree has newe APIS
|
||||
Patch25: nsspem-use-system-freebl.patch
|
||||
# don't compile the fipstest application
|
||||
Patch26: nofipstest.patch
|
||||
# This patch is currently meant for stable branches
|
||||
Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
|
||||
# Prevent users from trying to enable ssl pkcs11 bypass
|
||||
Patch39: nss-ssl-enforce-no-pkcs11-bypass.path
|
||||
# TODO: Remove this patch when the ocsp test are fixed
|
||||
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
|
||||
|
||||
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
|
||||
Patch30: bz784672-protect-against-calls-before-nss_init.patch
|
||||
|
||||
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734484
|
||||
Patch32: Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
|
||||
|
||||
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
|
||||
Patch33: Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
|
||||
|
||||
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=745224
|
||||
Patch34: Bug-772628-nss_Init-leaks-memory.patch
|
||||
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=357025
|
||||
Patch41: Bug-872124-fix-pk11wrap-locking.patch
|
||||
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=807890
|
||||
Patch42: 0001-Add-extended-key-usage-for-MS-Authenticode-Code-Sign.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
@ -157,17 +152,18 @@ low level services.
|
|||
%patch18 -p0 -b .646045
|
||||
# link pem against buildroot's freebl, esential wen mixing and matching
|
||||
%patch25 -p0 -b .systemfreebl
|
||||
%patch26 -p0 -b .nofipstest
|
||||
# activate only if requested for this branch
|
||||
# activate for stable and beta branches
|
||||
%patch29 -p0 -b .770682
|
||||
%patch30 -p0 -b .784672
|
||||
%patch32 -p0 -b .800674
|
||||
%patch33 -p0 -b .800682
|
||||
%patch34 -p1 -b .772628
|
||||
|
||||
%patch39 -p1 -b .nobypass
|
||||
%patch40 -p1 -b .noocsptest
|
||||
%patch41 -p0 -b .872124
|
||||
%patch42 -p0 -b .870864
|
||||
|
||||
%build
|
||||
|
||||
NSS_NO_PKCS11_BYPASS=1
|
||||
export NSS_NO_PKCS11_BYPASS
|
||||
|
||||
FREEBL_NO_DEPEND=1
|
||||
export FREEBL_NO_DEPEND
|
||||
|
||||
|
@ -342,7 +338,7 @@ cd ./mozilla/security/nss/tests/
|
|||
|
||||
# don't need to run all the tests when testing packaging
|
||||
# nss_cycles: standard pkix upgradedb sharedb
|
||||
# nss_tests: cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains
|
||||
nss_tests="cipher libpkix cert dbtests tools fips sdr crmf smime ssl merge pkits chains"
|
||||
# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
|
||||
# nss_ssl_run: cov auth stress
|
||||
#
|
||||
|
@ -427,46 +423,47 @@ done
|
|||
%{__install} -p -m 755 ./mozilla/dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh
|
||||
|
||||
#remove the nss-util-devel headers
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/base64.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/ciferfam.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64t.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslocks.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilock.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilckt.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlk.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlkt.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssutil.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11f.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11n.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11p.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11t.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11u.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/portreg.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1t.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/seccomon.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secder.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secdert.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secdig.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secdigt.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secerr.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secitem.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoid.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoidt.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secport.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilrename.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/base64.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/ciferfam.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64t.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslocks.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilock.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilckt.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlk.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlkt.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssutil.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11f.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11n.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11p.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11t.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11u.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/portreg.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1t.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/seccomon.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secder.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secdert.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secdig.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secdigt.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secerr.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secitem.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secoid.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secoidt.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secport.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilrename.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilmodt.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilpars.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilparst.h
|
||||
|
||||
#remove the nss-softokn-devel and nss-softokn-freebl-devel headers
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/alghmac.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/blapit.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/ecl-exp.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/hasht.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/sechash.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secmodt.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/shsign.h
|
||||
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
||||
#remove headers shipped nss-softokn-devel and nss-softokn-freebl-devel
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/alghmac.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/blapit.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/ecl-exp.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/hasht.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/shsign.h
|
||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
||||
|
||||
%clean
|
||||
%{__rm} -rf $RPM_BUILD_ROOT
|
||||
|
@ -542,6 +539,7 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
|||
%{_includedir}/nss3/crmft.h
|
||||
%{_includedir}/nss3/cryptohi.h
|
||||
%{_includedir}/nss3/cryptoht.h
|
||||
%{_includedir}/nss3/sechash.h
|
||||
%{_includedir}/nss3/jar-ds.h
|
||||
%{_includedir}/nss3/jar.h
|
||||
%{_includedir}/nss3/jarfile.h
|
||||
|
@ -568,6 +566,7 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
|||
%{_includedir}/nss3/preenc.h
|
||||
%{_includedir}/nss3/secmime.h
|
||||
%{_includedir}/nss3/secmod.h
|
||||
%{_includedir}/nss3/secmodt.h
|
||||
%{_includedir}/nss3/secpkcs5.h
|
||||
%{_includedir}/nss3/secpkcs7.h
|
||||
%{_includedir}/nss3/smime.h
|
||||
|
@ -594,6 +593,52 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Nov 19 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-7
|
||||
- Bug 870864 - Add support in NSS for Secure Boot
|
||||
|
||||
* Fri Nov 09 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-6
|
||||
- Disable bypass code at build time and return failure on attempts to enable at runtime
|
||||
- Bug 806588 - Disable SSL PKCS #11 bypass at build time
|
||||
- Fix changelog release tags to match what was actually built
|
||||
|
||||
* Mon Nov 05 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5
|
||||
- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs
|
||||
- Bug 872124 - nss-3.14 breaks fedpkg new-sources
|
||||
|
||||
* Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-4
|
||||
- Add a dummy source file for testing /preventing fedpkg breakage
|
||||
- Helps test the fedpkg new-sources and upload commands for breakage by nss updates
|
||||
- Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources
|
||||
|
||||
* Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-3
|
||||
- Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default
|
||||
- Update the patch to account for the new sources
|
||||
- Resolves Bug 872124 - nss 3.14 breaks fedpkg new-sources
|
||||
|
||||
* Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-2
|
||||
- Fix the spec file so sechash.h gets installed
|
||||
- Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14
|
||||
|
||||
* Sat Oct 27 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-4
|
||||
- Update the license to MPLv2.0
|
||||
|
||||
* Wed Oct 24 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-3
|
||||
- Use only -f when removing unwanted headers
|
||||
|
||||
* Tue Oct 23 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-2
|
||||
- Add secmodt.h to the headers installed by nss-devel
|
||||
- nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14
|
||||
|
||||
* Mon Oct 22 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-1
|
||||
- Update to NSS_3_14_RTM
|
||||
|
||||
* Sun Oct 21 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-0.1.rc.1
|
||||
- Update to NSS_3_14_RC1
|
||||
- update nss-589636.patch to apply to httpdserv
|
||||
- turn off ocsp tests for now
|
||||
- remove no longer needed patches
|
||||
- remove headers shipped by nss-util
|
||||
|
||||
* Fri Oct 05 2012 Kai Engert <kaie@redhat.com> - 3.13.6-1
|
||||
- Update to NSS_3_13_6_RTM
|
||||
|
||||
|
@ -602,7 +647,7 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
|||
- Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load
|
||||
- Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer
|
||||
- Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix
|
||||
- Seletive merge from master
|
||||
- Selective merge from master
|
||||
|
||||
* Mon Aug 13 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.5-7
|
||||
- Fix pluggable ecc support
|
||||
|
|
3
sources
3
sources
|
@ -5,4 +5,5 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
|||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
||||
bf47cecad861efa77d1488ad4a73cb5b PayPalEE.cert
|
||||
2a06bf7b815d1a666cc3587b895506ce nss-pem-20120811.tar.bz2
|
||||
11bdf048bce19963c88c4fc32652cd29 nss-3.13.6-stripped.tar.bz2
|
||||
2844d502638ac84097d5a9affa6d1c3a nss-3.14-stripped.tar.bz2
|
||||
1eda5a1b9b9ab00476203d0df303297c dummy-sources-for-testing
|
||||
|
|
Loading…
Reference in New Issue