Merge branch 'master' into f14
This commit is contained in:
commit
c2be9c41be
File diff suppressed because it is too large
Load Diff
|
@ -2,16 +2,17 @@ Index: ./mozilla/security/nss/lib/pk11wrap/pk11load.c
|
|||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
|
||||
retrieving revision 1.30
|
||||
diff -u -p -r1.30 pk11load.c
|
||||
retrieving revision 1.30.2.2
|
||||
diff -u -p -r1.30 -r1.30.2.2
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11load.c 30 Apr 2010 07:22:54 -0000 1.30
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c 22 Jan 2011 05:39:07 -0000
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c 27 Jan 2011 01:35:46 -0000 1.30.2.2
|
||||
@@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod
|
||||
char *oldModuleSpec;
|
||||
|
||||
if (secmod_IsInternalKeySlot(newModule)) {
|
||||
- pk11_SetInternalKeySlot(slot);
|
||||
- }
|
||||
+ pk11_FirstInternalKeySlot(slot);
|
||||
+ pk11_SetInternalKeySlotIfFirst(slot);
|
||||
+ }
|
||||
newID = slot->slotID;
|
||||
PK11_FreeSlot(slot);
|
||||
|
@ -23,7 +24,7 @@ diff -u -p -r1.30 pk11load.c
|
|||
+ /* explicitly mark the internal slot as such if IsInternalKeySlot()
|
||||
+ * is set */
|
||||
+ if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) {
|
||||
+ pk11_FirstInternalKeySlot(mod->slots[i]);
|
||||
+ pk11_SetInternalKeySlotIfFirst(mod->slots[i]);
|
||||
+ }
|
||||
}
|
||||
mod->slotCount = slotCount;
|
||||
|
@ -32,14 +33,15 @@ Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
|
|||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
|
||||
retrieving revision 1.13
|
||||
diff -u -p -r1.13 pk11priv.h
|
||||
retrieving revision 1.13.2.2
|
||||
diff -u -p -r1.13 -r1.13.2.2
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Oct 2009 23:04:46 -0000 1.13
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 22 Jan 2011 05:39:07 -0000
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Jan 2011 01:35:46 -0000 1.13.2.2
|
||||
@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
|
||||
PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
|
||||
SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
|
||||
void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
|
||||
+void pk11_FirstInternalKeySlot(PK11SlotInfo *slot);
|
||||
+void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot);
|
||||
|
||||
/*********************************************************************
|
||||
* Mechanism Mapping functions
|
||||
|
@ -47,15 +49,43 @@ Index: ./mozilla/security/nss/lib/pk11wrap/pk11slot.c
|
|||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v
|
||||
retrieving revision 1.101
|
||||
diff -u -p -r1.101 pk11slot.c
|
||||
retrieving revision 1.101.2.3
|
||||
diff -u -p -r1.101 -r1.101.2.3
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 3 Apr 2010 18:27:31 -0000 1.101
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 22 Jan 2011 05:39:08 -0000
|
||||
@@ -1735,6 +1735,15 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 27 Jan 2011 01:35:46 -0000 1.101.2.3
|
||||
@@ -1349,7 +1349,7 @@ pk11_isRootSlot(PK11SlotInfo *slot)
|
||||
* times as tokens are removed and re-inserted.
|
||||
*/
|
||||
void
|
||||
-PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot)
|
||||
+PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
|
||||
{
|
||||
SECStatus rv;
|
||||
char *tmp;
|
||||
@@ -1726,6 +1726,12 @@ PK11_NeedUserInit(PK11SlotInfo *slot)
|
||||
}
|
||||
|
||||
static PK11SlotInfo *pk11InternalKeySlot = NULL;
|
||||
+
|
||||
+/*
|
||||
+ * Set a new default internal keyslot. If one has already been set, clear it.
|
||||
+ * Passing NULL falls back to the NSS normally selected default internal key
|
||||
+ * slot.
|
||||
+ */
|
||||
void
|
||||
pk11_SetInternalKeySlot(PK11SlotInfo *slot)
|
||||
{
|
||||
@@ -1735,6 +1741,20 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
|
||||
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Set a new default internal keyslot if the normal key slot has not already
|
||||
+ * been overridden. Subsequent calls to this function will be ignored unless
|
||||
+ * pk11_SetInternalKeySlot is used to clear the current default.
|
||||
+ */
|
||||
+void
|
||||
+pk11_FirstInternalKeySlot(PK11SlotInfo *slot)
|
||||
+pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot)
|
||||
+{
|
||||
+ if (pk11InternalKeySlot) {
|
||||
+ return;
|
||||
|
@ -70,18 +100,30 @@ Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c
|
|||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
|
||||
retrieving revision 1.2
|
||||
diff -u -p -r1.2 nsssysinit.c
|
||||
retrieving revision 1.2.2.2
|
||||
diff -u -p -r1.2 -r1.2.2.2
|
||||
--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c 6 Feb 2010 04:56:37 -0000 1.2
|
||||
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 22 Jan 2011 05:39:08 -0000
|
||||
@@ -221,7 +221,7 @@ getFIPSMode(void)
|
||||
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 26 Jan 2011 00:52:31 -0000 1.2.2.2
|
||||
@@ -221,16 +221,16 @@ getFIPSMode(void)
|
||||
* 2 for the key slot, and
|
||||
* 3 for the crypto operations slot fips
|
||||
*/
|
||||
-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
|
||||
+#define ORDER_FLAGS "cipherOrder=100"
|
||||
+#define CIPHER_ORDER_FLAGS "cipherOrder=100"
|
||||
#define SLOT_FLAGS \
|
||||
"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
|
||||
" askpw=any timeout=30 ]"
|
||||
|
||||
static const char *nssDefaultFlags =
|
||||
- ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
|
||||
+ CIPHER_ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
|
||||
|
||||
static const char *nssDefaultFIPSFlags =
|
||||
- ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
|
||||
+ CIPHER_ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
|
||||
|
||||
/*
|
||||
* This function builds the list of databases and modules to load, and sets
|
||||
@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
|
||||
"library= "
|
||||
"module=\"NSS User database\" "
|
||||
|
@ -131,3 +173,24 @@ diff -u -p -r1.2 nsssysinit.c
|
|||
}
|
||||
|
||||
/* that was the last module */
|
||||
@@ -372,9 +348,9 @@ overlapstrcpy(char *target, char *src)
|
||||
|
||||
/* determine what options the user was trying to open this database with */
|
||||
/* filename is the directory pointed to by configdir= */
|
||||
-/* stripped is the rest of the paramters with configdir= stripped out */
|
||||
+/* stripped is the rest of the parameters with configdir= stripped out */
|
||||
static SECStatus
|
||||
-parse_paramters(char *parameters, char **filename, char **stripped)
|
||||
+parse_parameters(char *parameters, char **filename, char **stripped)
|
||||
{
|
||||
char *sourcePrev;
|
||||
char *sourceCurr;
|
||||
@@ -423,7 +399,7 @@ NSS_ReturnModuleSpecData(unsigned long f
|
||||
char **retString = NULL;
|
||||
SECStatus rv;
|
||||
|
||||
- rv = parse_paramters(parameters, &filename, &stripped);
|
||||
+ rv = parse_parameters(parameters, &filename, &stripped);
|
||||
if (rv != SECSuccess) {
|
||||
/* use defaults */
|
||||
filename = getSystemDB();
|
||||
|
|
10
nss.spec
10
nss.spec
|
@ -6,7 +6,7 @@
|
|||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.12.9
|
||||
Release: 2%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
|
@ -43,6 +43,7 @@ Patch3: renegotiate-transitional.patch
|
|||
Patch6: nss-enable-pem.patch
|
||||
Patch7: nsspem-642433.patch
|
||||
Patch11: honor-user-trust-preferences.patch
|
||||
Patch12: allow-content-types-beyond-smime.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
@ -115,6 +116,7 @@ low level services.
|
|||
%patch6 -p0 -b .libpem
|
||||
%patch7 -p0 -b .642433
|
||||
%patch11 -p1 -b .643134
|
||||
%patch12 -p1 -b .contenttypes
|
||||
|
||||
|
||||
%build
|
||||
|
@ -490,6 +492,12 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
|||
%{_libdir}/libnssckfw.a
|
||||
|
||||
%changelog
|
||||
* Tue Feb 01 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-4
|
||||
- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)
|
||||
|
||||
* Mon Jan 31 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-3
|
||||
- Update the cacert trust patch per upstream review requests (#633043)
|
||||
|
||||
* Wed Jan 19 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-2
|
||||
- Fix to honor the user's cert trust preferences (#633043)
|
||||
- Remove obsoleted patch
|
||||
|
|
Loading…
Reference in New Issue