Update to NSS 3.34.0

This commit is contained in:
Daiki Ueno 2017-11-14 14:20:29 +01:00
parent 6d15c06123
commit bd239c046a
9 changed files with 9 additions and 563 deletions

1
.gitignore vendored
View File

@ -22,3 +22,4 @@ TestUser51.cert
/nss-3.32.0.tar.gz /nss-3.32.0.tar.gz
/nss-3.32.1.tar.gz /nss-3.32.1.tar.gz
/nss-3.33.0.tar.gz /nss-3.33.0.tar.gz
/nss-3.34.0.tar.gz

View File

@ -1,92 +0,0 @@
# HG changeset patch
# User Kai Engert <kaie@kuix.de>
# Date 1507823956 -7200
# Node ID 994e89150fc1cd0008d19a8ad8aafed565d98069
# Parent f3766809817ba03aa8cc1da4fdf48bd011fc01e3
Bug 1403691, Change first NSS test cycle to explicitly use dbm file format, r=rrelyea
diff --git a/tests/all.sh b/tests/all.sh
--- a/tests/all.sh
+++ b/tests/all.sh
@@ -125,24 +125,30 @@ run_tests()
echo "Running tests for ${TEST}"
echo "TIMESTAMP ${TEST} BEGIN: `date`"
(cd ${QADIR}/${TEST}; . ./${SCRIPTNAME} 2>&1)
echo "TIMESTAMP ${TEST} END: `date`"
done
}
########################## run_cycle_standard ##########################
-# run test suites with defaults settings (no PKIX, no sharedb)
+# run test suites with dbm database (no PKIX, no sharedb)
########################################################################
run_cycle_standard()
{
TEST_MODE=STANDARD
TESTS="${ALL_TESTS}"
- TESTS_SKIP=
+ TESTS_SKIP="cipher libpkix sdr ocsp pkits"
+
+ NSS_DEFAULT_DB_TYPE="dbm"
+ export NSS_DEFAULT_DB_TYPE
+
+ NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
+ NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
run_tests
}
############################ run_cycle_pkix ############################
# run test suites with PKIX enabled
########################################################################
run_cycle_pkix()
@@ -157,17 +163,22 @@ run_cycle_pkix()
mkdir -p "${HOSTDIR}"
init_directories
NSS_ENABLE_PKIX_VERIFY="1"
export NSS_ENABLE_PKIX_VERIFY
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit"
+
NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
+ export -n NSS_SSL_RUN
+
+ # use the default format
+ export -n NSS_DEFAULT_DB_TYPE
run_tests
}
######################### run_cycle_upgrade_db #########################
# upgrades certificate database to shareable format and run test suites
# with those databases
########################################################################
@@ -226,20 +237,20 @@ run_cycle_shared_db()
mkdir -p "${HOSTDIR}"
init_directories
NSS_DEFAULT_DB_TYPE="sql"
export NSS_DEFAULT_DB_TYPE
# run the tests for native sharedb support
TESTS="${ALL_TESTS}"
- TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits"
+ TESTS_SKIP="dbupgrade"
- NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
- NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
+ export -n NSS_SSL_TESTS
+ export -n NSS_SSL_RUN
run_tests
}
############################# run_cycles ###############################
# run test cycles defined in CYCLES variable
########################################################################
run_cycles()

View File

@ -1,31 +0,0 @@
# HG changeset patch
# User Kai Engert <kaie@kuix.de>
# Date 1508150373 -7200
# Node ID e73fedaecd63afe28c9da46cd26906f247375d59
# Parent 24695a55c095a1c37ed92ac2a4fa6c56595e17c0
Bug 1403691, follow up fix to allow the pkits tests to work with sql db format
diff --git a/tests/pkits/pkits.sh b/tests/pkits/pkits.sh
--- a/tests/pkits/pkits.sh
+++ b/tests/pkits/pkits.sh
@@ -88,17 +88,17 @@ pkits_init()
echo "PKITS_DATA" $PKITS_DATA
echo "certs" $certs
echo "crls" $crls
echo nss > ${PKITSdb}/pw
${BINDIR}/certutil -N -d ${PKITSdb} -f ${PKITSdb}/pw
${BINDIR}/certutil -A -n TrustAnchorRootCertificate -t "C,C,C" -i \
- $certs/TrustAnchorRootCertificate.crt -d $PKITSdb
+ $certs/TrustAnchorRootCertificate.crt -d $PKITSdb -f ${PKITSdb}/pw
if [ -z "$NSS_NO_PKITS_CRLS" ]; then
${BINDIR}/crlutil -I -i $crls/TrustAnchorRootCRL.crl -d ${PKITSdb} -f ${PKITSdb}/pw
else
html "<H3>NO CRLs are being used.</H3>"
pkits_log "NO CRLs are being used."
fi
cp ${PKITSdb}/* ${PKITSbkp}

View File

@ -1,56 +0,0 @@
# HG changeset patch
# User Bob Relyea <rrelyea@redhat.com>
# Date 1505757778 -7200
# Node ID 18edd4ad8389d50d4231cc1a545a468dbb11185c
# Parent 70109a01ce53328b511aaa6c839593a3282cb725
Bug 1382278, certutil -A creates uninitialised database, r=kaie
diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c
--- a/cmd/certutil/certutil.c
+++ b/cmd/certutil/certutil.c
@@ -3005,16 +3005,43 @@ certutil_main(int argc, char **argv, PRB
certutil.options[opt_NewPasswordFile].arg);
}
if (rv != SECSuccess) {
SECU_PrintError(progName, "Could not set password for the slot");
goto shutdown;
}
}
+ /* if we are going to modify the cert database,
+ * make sure it's initialized */
+ if (certutil.commands[cmd_ModifyCertTrust].activated ||
+ certutil.commands[cmd_CreateAndAddCert].activated ||
+ certutil.commands[cmd_AddCert].activated ||
+ certutil.commands[cmd_AddEmailCert].activated) {
+ if (PK11_NeedUserInit(slot)) {
+ char *password = NULL;
+ /* fetch the password from the command line or the file
+ * if no password is supplied, initialize the password to NULL */
+ if (pwdata.source == PW_FROMFILE) {
+ password = SECU_FilePasswd(slot, PR_FALSE, pwdata.data);
+ } else if (pwdata.source == PW_PLAINTEXT) {
+ password = PL_strdup(pwdata.data);
+ }
+ rv = PK11_InitPin(slot, (char *)NULL, password ? password : "");
+ if (password) {
+ PORT_Memset(password, 0, PL_strlen(password));
+ PORT_Free(password);
+ }
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "Could not set password for the slot");
+ goto shutdown;
+ }
+ }
+ }
+
/* walk through the upgrade merge if necessary.
* This option is more to test what some applications will want to do
* to do an automatic upgrade. The --merge command is more useful for
* the general case where 2 database need to be merged together.
*/
if (certutil.commands[cmd_UpgradeMerge].activated) {
if (*upgradeTokenName == 0) {
upgradeTokenName = upgradeID;

View File

@ -1,142 +0,0 @@
# HG changeset patch
# User Kai Engert <kaie@kuix.de>
# Date 1506452962 -7200
# Node ID fe8b221d3bded99b2b21e2e62fb27cc8c659ec2f
# Parent 96a835be15192281d67a8b1046b7f159ff6deb12
Bug 1382278, add test to confirm implicit init with certutil -A is working, r=rrelyea
diff --git a/tests/cert/cert.sh b/tests/cert/cert.sh
--- a/tests/cert/cert.sh
+++ b/tests/cert/cert.sh
@@ -1941,32 +1941,42 @@ cert_test_distrust()
cert_test_ocspresp()
{
echo "$SCRIPTNAME: OCSP response creation selftest"
OR_ACTION="perform selftest"
RETEXPECTED=0
ocspr ${SERVER_CADIR} "serverCA" "chain-1-serverCA" -f "${R_PWFILE}" 2>&1
}
+cert_test_implicit_db_init()
+{
+ echo "$SCRIPTNAME: test implicit database init"
+
+ CU_ACTION="Add cert with trust flags to db with implicit init"
+ mkdir ${IMPLICIT_INIT_DIR}
+ certu -A -n ca -t 'C,C,C' -d ${P_R_IMPLICIT_INIT_DIR} -i "${SERVER_CADIR}/serverCA.ca.cert"
+}
+
############################## cert_cleanup ############################
# local shell function to finish this script (no exit since it might be
# sourced)
########################################################################
cert_cleanup()
{
cert_log "$SCRIPTNAME: finished $SCRIPTNAME"
html "</TABLE><BR>"
cd ${QADIR}
. common/cleanup.sh
}
################## main #################################################
cert_init
cert_all_CA
+cert_test_implicit_db_init
cert_extended_ssl
cert_ssl
cert_smime_client
if [[ -n "$NSS_TEST_ENABLE_FIPS" ]]; then
cert_fips
fi
cert_eccurves
cert_extensions
diff --git a/tests/common/init.sh b/tests/common/init.sh
--- a/tests/common/init.sh
+++ b/tests/common/init.sh
@@ -63,16 +63,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
DBPASSDIR=${HOSTDIR}/dbpass
ECCURVES_DIR=${HOSTDIR}/eccurves
DISTRUSTDIR=${HOSTDIR}/distrust
SERVER_CADIR=${HOSTDIR}/serverCA
CLIENT_CADIR=${HOSTDIR}/clientCA
EXT_SERVERDIR=${HOSTDIR}/ext_server
EXT_CLIENTDIR=${HOSTDIR}/ext_client
+ IMPLICIT_INIT_DIR=${HOSTDIR}/implicit_init
IOPR_CADIR=${HOSTDIR}/CA_iopr
IOPR_SSL_SERVERDIR=${HOSTDIR}/server_ssl_iopr
IOPR_SSL_CLIENTDIR=${HOSTDIR}/client_ssl_iopr
IOPR_OCSP_CLIENTDIR=${HOSTDIR}/client_ocsp_iopr
CERT_EXTENSIONS_DIR=${HOSTDIR}/cert_extensions
STAPLINGDIR=${HOSTDIR}/stapling
@@ -531,16 +532,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
D_SERVER="Server.$version"
D_CLIENT="Client.$version"
D_NOLOGIN="NoLogin.$version"
D_FIPS="FIPS.$version"
D_DBPASS="DBPASS.$version"
D_ECCURVES="ECCURVES.$version"
D_EXT_SERVER="ExtendedServer.$version"
D_EXT_CLIENT="ExtendedClient.$version"
+ D_IMPLICIT_INIT="ImplicitInit.$version"
D_CERT_EXTENSTIONS="CertExtensions.$version"
D_DISTRUST="Distrust.$version"
# we need relative pathnames of these files abd directories, since our
# tools can't handle the unix style absolut pathnames on cygnus
R_CADIR=../CA
R_SERVERDIR=../server
@@ -550,16 +552,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
R_IOPR_SSL_CLIENTDIR=../client_ssl_iopr
R_IOPR_OCSP_CLIENTDIR=../client_ocsp_iopr
R_ALICEDIR=../alicedir
R_BOBDIR=../bobdir
R_DAVEDIR=../dave
R_EVEDIR=../eve
R_EXT_SERVERDIR=../ext_server
R_EXT_CLIENTDIR=../ext_client
+ R_IMPLICIT_INIT_DIR=../implicit_init
R_CERT_EXT=../cert_extensions
R_STAPLINGDIR=../stapling
R_NOLOGINDIR=../nologin
R_SSLGTESTDIR=../ssl_gtests
R_GTESTDIR=../gtests
#
# profiles are either paths or domains depending on the setting of
@@ -570,27 +573,29 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
P_R_BOBDIR=${R_BOBDIR}
P_R_DAVEDIR=${R_DAVEDIR}
P_R_EVEDIR=${R_EVEDIR}
P_R_SERVERDIR=${R_SERVERDIR}
P_R_CLIENTDIR=${R_CLIENTDIR}
P_R_NOLOGINDIR=${R_NOLOGINDIR}
P_R_EXT_SERVERDIR=${R_EXT_SERVERDIR}
P_R_EXT_CLIENTDIR=${R_EXT_CLIENTDIR}
+ P_R_IMPLICIT_INIT_DIR=${R_IMPLICIT_INIT_DIR}
if [ -n "${MULTIACCESS_DBM}" ]; then
P_R_CADIR="multiaccess:${D_CA}"
P_R_ALICEDIR="multiaccess:${D_ALICE}"
P_R_BOBDIR="multiaccess:${D_BOB}"
P_R_DAVEDIR="multiaccess:${D_DAVE}"
P_R_EVEDIR="multiaccess:${D_EVE}"
P_R_SERVERDIR="multiaccess:${D_SERVER}"
P_R_CLIENTDIR="multiaccess:${D_CLIENT}"
P_R_NOLOGINDIR="multiaccess:${D_NOLOGIN}"
P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}"
P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}"
+ P_R_IMPLICIT_INIT_DIR="multiaccess:${D_IMPLICIT_INIT}"
fi
R_PWFILE=../tests.pw
R_EMPTY_FILE=../tests_empty
R_NOISE_FILE=../tests_noise
R_FIPSPWFILE=../tests.fipspw
R_FIPSBADPWFILE=../tests.fipsbadpw

View File

@ -1,191 +0,0 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1505483851 -7200
# Node ID 279b257c6433f1972d49c529247e6ed2633b979f
# Parent 88b6e9707b17c6b1ba5017cbf62e70bba58c2fcd
Bug 1395495, modutil: Initialize DB with empty password on -create, r=kaie
diff --git a/cmd/modutil/error.h b/cmd/modutil/error.h
--- a/cmd/modutil/error.h
+++ b/cmd/modutil/error.h
@@ -52,16 +52,17 @@ typedef enum {
ENABLE_FAILED_ERR,
UPDATE_MOD_FAILED_ERR,
DEFAULT_FAILED_ERR,
UNDEFAULT_FAILED_ERR,
STDIN_READ_ERR,
UNSPECIFIED_ERR,
NOCERTDB_MISUSE_ERR,
NSS_INITIALIZE_FAILED_ERR,
+ INITPW_FAILED_ERR,
LAST_ERR /* must be last */
} Error;
#define SUCCESS NO_ERR
/* !!! Should move this into its own .c and un-static it. */
static char *errStrings[] = {
"Operation completed successfully.\n",
@@ -105,17 +106,18 @@ static char *errStrings[] = {
"ERROR: Slot \"%s\" not found.\n",
"ERROR: Failed to %s slot \"%s\".\n",
"ERROR: Failed to update module \"%s\".\n",
"ERROR: Failed to change defaults.\n",
"ERROR: Failed to change default.\n",
"ERROR: Unable to read from standard input.\n",
"ERROR: Unknown error occurred.\n",
"ERROR: -nocertdb option can only be used with the -jar command.\n",
- "ERROR: NSS_Initialize() failed.\n"
+ "ERROR: NSS_Initialize() failed.\n",
+ "ERROR: Unable to set initial password on the database.\n"
};
typedef enum {
FIPS_ENABLED_MSG = 0,
FIPS_DISABLED_MSG,
USING_DBDIR_MSG,
CREATING_DB_MSG,
ADD_MODULE_SUCCESS_MSG,
diff --git a/cmd/modutil/modutil.c b/cmd/modutil/modutil.c
--- a/cmd/modutil/modutil.c
+++ b/cmd/modutil/modutil.c
@@ -860,17 +860,17 @@ main(int argc, char* argv[])
switch (command) {
case ADD_COMMAND:
errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
break;
case CHANGEPW_COMMAND:
errcode = ChangePW(tokenName, pwFile, newpwFile);
break;
case CREATE_COMMAND:
- /* The work was already done in init_crypto() */
+ errcode = InitPW();
break;
case DEFAULT_COMMAND:
errcode = SetDefaultModule(moduleName, slotName, mechanisms);
break;
case DELETE_COMMAND:
errcode = DeleteModule(moduleName);
break;
case DISABLE_COMMAND:
diff --git a/cmd/modutil/modutil.h b/cmd/modutil/modutil.h
--- a/cmd/modutil/modutil.h
+++ b/cmd/modutil/modutil.h
@@ -24,16 +24,17 @@
Error LoadMechanismList(void);
Error FipsMode(char *arg);
Error ChkFipsMode(char *arg);
Error AddModule(char *moduleName, char *libFile, char *ciphers,
char *mechanisms, char *modparms);
Error DeleteModule(char *moduleName);
Error ListModule(char *moduleName);
Error ListModules();
+Error InitPW(void);
Error ChangePW(char *tokenName, char *pwFile, char *newpwFile);
Error EnableModule(char *moduleName, char *slotName, PRBool enable);
Error RawAddModule(char *dbmodulespec, char *modulespec);
Error RawListModule(char *modulespec);
Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
void out_of_memory(void);
diff --git a/cmd/modutil/pk11.c b/cmd/modutil/pk11.c
--- a/cmd/modutil/pk11.c
+++ b/cmd/modutil/pk11.c
@@ -665,16 +665,49 @@ loser:
if (module) {
SECMOD_DestroyModule(module);
}
return rv;
}
/************************************************************************
*
+ * I n i t P W
+ */
+Error
+InitPW(void)
+{
+ PK11SlotInfo *slot;
+ Error ret = UNSPECIFIED_ERR;
+
+ slot = PK11_GetInternalKeySlot();
+ if (!slot) {
+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], "internal");
+ return NO_SUCH_TOKEN_ERR;
+ }
+
+ /* Set the initial password to empty */
+ if (PK11_NeedUserInit(slot)) {
+ if (PK11_InitPin(slot, NULL, "") != SECSuccess) {
+ PR_fprintf(PR_STDERR, errStrings[INITPW_FAILED_ERR]);
+ ret = INITPW_FAILED_ERR;
+ goto loser;
+ }
+ }
+
+ ret = SUCCESS;
+
+loser:
+ PK11_FreeSlot(slot);
+
+ return ret;
+}
+
+/************************************************************************
+ *
* C h a n g e P W
*/
Error
ChangePW(char *tokenName, char *pwFile, char *newpwFile)
{
char *oldpw = NULL, *newpw = NULL, *newpw2 = NULL;
PK11SlotInfo *slot;
Error ret = UNSPECIFIED_ERR;
diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh
--- a/tests/tools/tools.sh
+++ b/tests/tools/tools.sh
@@ -492,27 +492,41 @@ SIGNSCRIPT
echo "$SCRIPTNAME: Show who signed xpi ------------------------------"
echo "signtool -w nojs.xpi -d ${P_R_SIGNDIR}"
${BINDIR}/signtool -w nojs.xpi -d ${P_R_SIGNDIR}
html_msg $? 0 "Show who signed xpi (signtool -w)"
}
+tools_modutil()
+{
+ echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized"
+ mkdir -p ${R_TOOLSDIR}/moddir
+ modu -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
+ ret=$?
+ ${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \
+ -x -t ',,' -z "${R_NOISE_FILE}"
+ ret=$?
+ html_msg $ret 0 "Test if DB created by modutil -create is initialized"
+ check_tmpfile
+}
+
############################## tools_cleanup ###########################
# local shell function to finish this script (no exit since it might be
# sourced)
########################################################################
tools_cleanup()
{
html "</TABLE><BR>"
cd ${QADIR}
. common/cleanup.sh
}
################## main #################################################
tools_init
tools_p12
tools_sign
+tools_modutil
tools_cleanup

View File

@ -1,33 +0,0 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1505742679 -7200
# Node ID 70109a01ce53328b511aaa6c839593a3282cb725
# Parent 279b257c6433f1972d49c529247e6ed2633b979f
Bug 1395495, bustage fix, Don't use the modu function from cert.sh, r=kaie
diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh
--- a/tests/tools/tools.sh
+++ b/tests/tools/tools.sh
@@ -496,17 +496,19 @@ SIGNSCRIPT
html_msg $? 0 "Show who signed xpi (signtool -w)"
}
tools_modutil()
{
echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized"
mkdir -p ${R_TOOLSDIR}/moddir
- modu -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
+ # copied from modu function in cert.sh
+ # echo is used to press Enter expected by modutil
+ echo | ${BINDIR}/modutil -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
ret=$?
${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \
-x -t ',,' -z "${R_NOISE_FILE}"
ret=$?
html_msg $ret 0 "Test if DB created by modutil -create is initialized"
check_tmpfile
}

View File

@ -1,15 +1,15 @@
%global nspr_version 4.17.0 %global nspr_version 4.17.0
%global nss_util_version 3.33.0 %global nss_util_version 3.34.0
%global nss_softokn_version 3.33.0 %global nss_softokn_version 3.34.0
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv" %global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.33.0 Version: 3.34.0
# for Rawhide, please always use release >= 2 # for Rawhide, please always use release >= 2
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...) # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
Release: 6%{?dist} Release: 2%{?dist}
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -98,13 +98,6 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
Patch59: nss-check-policy-file.patch Patch59: nss-check-policy-file.patch
Patch62: nss-skip-util-gtest.patch Patch62: nss-skip-util-gtest.patch
# rhbz#1505487, backport several upstream fixes from upstream NSS 3.34
Patch71: nss-sql-1-1403691-a.patch
Patch72: nss-sql-1-1403691-b.patch
Patch73: nss-sql-2-1382278-a.patch
Patch74: nss-sql-2-1382278-b.patch
Patch75: nss-sql-3-1395495-a.patch
Patch76: nss-sql-3-1395495-b.patch
# Fix upgrade_db test use dbm by default, required with default sql # Fix upgrade_db test use dbm by default, required with default sql
Patch77: nss-sql-4-1377940-test.patch Patch77: nss-sql-4-1377940-test.patch
@ -191,12 +184,6 @@ pushd nss
%patch59 -p1 -b .check_policy_file %patch59 -p1 -b .check_policy_file
%patch62 -p1 -b .skip_util_gtest %patch62 -p1 -b .skip_util_gtest
%patch71 -p1 -b .1403691-a
%patch72 -p1 -b .1403691-b
%patch73 -p1 -b .1382278-a
%patch74 -p1 -b .1382278-b
%patch75 -p1 -b .1395495-a
%patch76 -p1 -b .1395495-b
%patch77 -p1 -b .1377940 %patch77 -p1 -b .1377940
popd popd
@ -774,6 +761,9 @@ done
%changelog %changelog
* Tue Nov 14 2017 Daiki Ueno <dueno@redhat.com> - 3.34.0-2
- Update to NSS 3.34.0
* Fri Nov 10 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-6 * Fri Nov 10 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-6
- Make sure 32bit nss-pem always be installed with 32bit nss in - Make sure 32bit nss-pem always be installed with 32bit nss in
multlib environment, patch by Kamil Dudka multlib environment, patch by Kamil Dudka

View File

@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
SHA512 (nss-3.33.0.tar.gz) = 50c0445c64972e80ac5863b34c3e0639a02f32247d1a6d3505e2a7c93c950c098f79e75cd9ca420b8b77432ac4558eed049e621f080f53b5652a3bbc1f390c54 SHA512 (nss-3.34.0.tar.gz) = 2826e3d327af34714d521edac0fba4da6e14c7a28750ccfeeba8259b0a1954233fc47dcbec47b6aeb96f53de501adc15adf130379efa503b00677a924eb50080