rhbz#1505487, backport upstream fixes required for rhbz#1496560
This commit is contained in:
parent
24e850cb0b
commit
c4dce982fc
92
nss-sql-1-1403691-a.patch
Normal file
92
nss-sql-1-1403691-a.patch
Normal file
@ -0,0 +1,92 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Kai Engert <kaie@kuix.de>
|
||||||
|
# Date 1507823956 -7200
|
||||||
|
# Node ID 994e89150fc1cd0008d19a8ad8aafed565d98069
|
||||||
|
# Parent f3766809817ba03aa8cc1da4fdf48bd011fc01e3
|
||||||
|
Bug 1403691, Change first NSS test cycle to explicitly use dbm file format, r=rrelyea
|
||||||
|
|
||||||
|
diff --git a/tests/all.sh b/tests/all.sh
|
||||||
|
--- a/tests/all.sh
|
||||||
|
+++ b/tests/all.sh
|
||||||
|
@@ -125,24 +125,30 @@ run_tests()
|
||||||
|
echo "Running tests for ${TEST}"
|
||||||
|
echo "TIMESTAMP ${TEST} BEGIN: `date`"
|
||||||
|
(cd ${QADIR}/${TEST}; . ./${SCRIPTNAME} 2>&1)
|
||||||
|
echo "TIMESTAMP ${TEST} END: `date`"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
########################## run_cycle_standard ##########################
|
||||||
|
-# run test suites with defaults settings (no PKIX, no sharedb)
|
||||||
|
+# run test suites with dbm database (no PKIX, no sharedb)
|
||||||
|
########################################################################
|
||||||
|
run_cycle_standard()
|
||||||
|
{
|
||||||
|
TEST_MODE=STANDARD
|
||||||
|
|
||||||
|
TESTS="${ALL_TESTS}"
|
||||||
|
- TESTS_SKIP=
|
||||||
|
+ TESTS_SKIP="cipher libpkix sdr ocsp pkits"
|
||||||
|
+
|
||||||
|
+ NSS_DEFAULT_DB_TYPE="dbm"
|
||||||
|
+ export NSS_DEFAULT_DB_TYPE
|
||||||
|
+
|
||||||
|
+ NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
|
||||||
|
+ NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
|
||||||
|
|
||||||
|
run_tests
|
||||||
|
}
|
||||||
|
|
||||||
|
############################ run_cycle_pkix ############################
|
||||||
|
# run test suites with PKIX enabled
|
||||||
|
########################################################################
|
||||||
|
run_cycle_pkix()
|
||||||
|
@@ -157,17 +163,22 @@ run_cycle_pkix()
|
||||||
|
mkdir -p "${HOSTDIR}"
|
||||||
|
init_directories
|
||||||
|
|
||||||
|
NSS_ENABLE_PKIX_VERIFY="1"
|
||||||
|
export NSS_ENABLE_PKIX_VERIFY
|
||||||
|
|
||||||
|
TESTS="${ALL_TESTS}"
|
||||||
|
TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit"
|
||||||
|
+
|
||||||
|
NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
|
||||||
|
+ export -n NSS_SSL_RUN
|
||||||
|
+
|
||||||
|
+ # use the default format
|
||||||
|
+ export -n NSS_DEFAULT_DB_TYPE
|
||||||
|
|
||||||
|
run_tests
|
||||||
|
}
|
||||||
|
|
||||||
|
######################### run_cycle_upgrade_db #########################
|
||||||
|
# upgrades certificate database to shareable format and run test suites
|
||||||
|
# with those databases
|
||||||
|
########################################################################
|
||||||
|
@@ -226,20 +237,20 @@ run_cycle_shared_db()
|
||||||
|
mkdir -p "${HOSTDIR}"
|
||||||
|
init_directories
|
||||||
|
|
||||||
|
NSS_DEFAULT_DB_TYPE="sql"
|
||||||
|
export NSS_DEFAULT_DB_TYPE
|
||||||
|
|
||||||
|
# run the tests for native sharedb support
|
||||||
|
TESTS="${ALL_TESTS}"
|
||||||
|
- TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits"
|
||||||
|
+ TESTS_SKIP="dbupgrade"
|
||||||
|
|
||||||
|
- NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
|
||||||
|
- NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
|
||||||
|
+ export -n NSS_SSL_TESTS
|
||||||
|
+ export -n NSS_SSL_RUN
|
||||||
|
|
||||||
|
run_tests
|
||||||
|
}
|
||||||
|
|
||||||
|
############################# run_cycles ###############################
|
||||||
|
# run test cycles defined in CYCLES variable
|
||||||
|
########################################################################
|
||||||
|
run_cycles()
|
||||||
|
|
31
nss-sql-1-1403691-b.patch
Normal file
31
nss-sql-1-1403691-b.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Kai Engert <kaie@kuix.de>
|
||||||
|
# Date 1508150373 -7200
|
||||||
|
# Node ID e73fedaecd63afe28c9da46cd26906f247375d59
|
||||||
|
# Parent 24695a55c095a1c37ed92ac2a4fa6c56595e17c0
|
||||||
|
Bug 1403691, follow up fix to allow the pkits tests to work with sql db format
|
||||||
|
|
||||||
|
diff --git a/tests/pkits/pkits.sh b/tests/pkits/pkits.sh
|
||||||
|
--- a/tests/pkits/pkits.sh
|
||||||
|
+++ b/tests/pkits/pkits.sh
|
||||||
|
@@ -88,17 +88,17 @@ pkits_init()
|
||||||
|
echo "PKITS_DATA" $PKITS_DATA
|
||||||
|
echo "certs" $certs
|
||||||
|
echo "crls" $crls
|
||||||
|
|
||||||
|
echo nss > ${PKITSdb}/pw
|
||||||
|
${BINDIR}/certutil -N -d ${PKITSdb} -f ${PKITSdb}/pw
|
||||||
|
|
||||||
|
${BINDIR}/certutil -A -n TrustAnchorRootCertificate -t "C,C,C" -i \
|
||||||
|
- $certs/TrustAnchorRootCertificate.crt -d $PKITSdb
|
||||||
|
+ $certs/TrustAnchorRootCertificate.crt -d $PKITSdb -f ${PKITSdb}/pw
|
||||||
|
if [ -z "$NSS_NO_PKITS_CRLS" ]; then
|
||||||
|
${BINDIR}/crlutil -I -i $crls/TrustAnchorRootCRL.crl -d ${PKITSdb} -f ${PKITSdb}/pw
|
||||||
|
else
|
||||||
|
html "<H3>NO CRLs are being used.</H3>"
|
||||||
|
pkits_log "NO CRLs are being used."
|
||||||
|
fi
|
||||||
|
|
||||||
|
cp ${PKITSdb}/* ${PKITSbkp}
|
||||||
|
|
56
nss-sql-2-1382278-a.patch
Normal file
56
nss-sql-2-1382278-a.patch
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Bob Relyea <rrelyea@redhat.com>
|
||||||
|
# Date 1505757778 -7200
|
||||||
|
# Node ID 18edd4ad8389d50d4231cc1a545a468dbb11185c
|
||||||
|
# Parent 70109a01ce53328b511aaa6c839593a3282cb725
|
||||||
|
Bug 1382278, certutil -A creates uninitialised database, r=kaie
|
||||||
|
|
||||||
|
diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c
|
||||||
|
--- a/cmd/certutil/certutil.c
|
||||||
|
+++ b/cmd/certutil/certutil.c
|
||||||
|
@@ -3005,16 +3005,43 @@ certutil_main(int argc, char **argv, PRB
|
||||||
|
certutil.options[opt_NewPasswordFile].arg);
|
||||||
|
}
|
||||||
|
if (rv != SECSuccess) {
|
||||||
|
SECU_PrintError(progName, "Could not set password for the slot");
|
||||||
|
goto shutdown;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* if we are going to modify the cert database,
|
||||||
|
+ * make sure it's initialized */
|
||||||
|
+ if (certutil.commands[cmd_ModifyCertTrust].activated ||
|
||||||
|
+ certutil.commands[cmd_CreateAndAddCert].activated ||
|
||||||
|
+ certutil.commands[cmd_AddCert].activated ||
|
||||||
|
+ certutil.commands[cmd_AddEmailCert].activated) {
|
||||||
|
+ if (PK11_NeedUserInit(slot)) {
|
||||||
|
+ char *password = NULL;
|
||||||
|
+ /* fetch the password from the command line or the file
|
||||||
|
+ * if no password is supplied, initialize the password to NULL */
|
||||||
|
+ if (pwdata.source == PW_FROMFILE) {
|
||||||
|
+ password = SECU_FilePasswd(slot, PR_FALSE, pwdata.data);
|
||||||
|
+ } else if (pwdata.source == PW_PLAINTEXT) {
|
||||||
|
+ password = PL_strdup(pwdata.data);
|
||||||
|
+ }
|
||||||
|
+ rv = PK11_InitPin(slot, (char *)NULL, password ? password : "");
|
||||||
|
+ if (password) {
|
||||||
|
+ PORT_Memset(password, 0, PL_strlen(password));
|
||||||
|
+ PORT_Free(password);
|
||||||
|
+ }
|
||||||
|
+ if (rv != SECSuccess) {
|
||||||
|
+ SECU_PrintError(progName, "Could not set password for the slot");
|
||||||
|
+ goto shutdown;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* walk through the upgrade merge if necessary.
|
||||||
|
* This option is more to test what some applications will want to do
|
||||||
|
* to do an automatic upgrade. The --merge command is more useful for
|
||||||
|
* the general case where 2 database need to be merged together.
|
||||||
|
*/
|
||||||
|
if (certutil.commands[cmd_UpgradeMerge].activated) {
|
||||||
|
if (*upgradeTokenName == 0) {
|
||||||
|
upgradeTokenName = upgradeID;
|
||||||
|
|
142
nss-sql-2-1382278-b.patch
Normal file
142
nss-sql-2-1382278-b.patch
Normal file
@ -0,0 +1,142 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Kai Engert <kaie@kuix.de>
|
||||||
|
# Date 1506452962 -7200
|
||||||
|
# Node ID fe8b221d3bded99b2b21e2e62fb27cc8c659ec2f
|
||||||
|
# Parent 96a835be15192281d67a8b1046b7f159ff6deb12
|
||||||
|
Bug 1382278, add test to confirm implicit init with certutil -A is working, r=rrelyea
|
||||||
|
|
||||||
|
diff --git a/tests/cert/cert.sh b/tests/cert/cert.sh
|
||||||
|
--- a/tests/cert/cert.sh
|
||||||
|
+++ b/tests/cert/cert.sh
|
||||||
|
@@ -1941,32 +1941,42 @@ cert_test_distrust()
|
||||||
|
cert_test_ocspresp()
|
||||||
|
{
|
||||||
|
echo "$SCRIPTNAME: OCSP response creation selftest"
|
||||||
|
OR_ACTION="perform selftest"
|
||||||
|
RETEXPECTED=0
|
||||||
|
ocspr ${SERVER_CADIR} "serverCA" "chain-1-serverCA" -f "${R_PWFILE}" 2>&1
|
||||||
|
}
|
||||||
|
|
||||||
|
+cert_test_implicit_db_init()
|
||||||
|
+{
|
||||||
|
+ echo "$SCRIPTNAME: test implicit database init"
|
||||||
|
+
|
||||||
|
+ CU_ACTION="Add cert with trust flags to db with implicit init"
|
||||||
|
+ mkdir ${IMPLICIT_INIT_DIR}
|
||||||
|
+ certu -A -n ca -t 'C,C,C' -d ${P_R_IMPLICIT_INIT_DIR} -i "${SERVER_CADIR}/serverCA.ca.cert"
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
############################## cert_cleanup ############################
|
||||||
|
# local shell function to finish this script (no exit since it might be
|
||||||
|
# sourced)
|
||||||
|
########################################################################
|
||||||
|
cert_cleanup()
|
||||||
|
{
|
||||||
|
cert_log "$SCRIPTNAME: finished $SCRIPTNAME"
|
||||||
|
html "</TABLE><BR>"
|
||||||
|
cd ${QADIR}
|
||||||
|
. common/cleanup.sh
|
||||||
|
}
|
||||||
|
|
||||||
|
################## main #################################################
|
||||||
|
|
||||||
|
cert_init
|
||||||
|
cert_all_CA
|
||||||
|
+cert_test_implicit_db_init
|
||||||
|
cert_extended_ssl
|
||||||
|
cert_ssl
|
||||||
|
cert_smime_client
|
||||||
|
if [[ -n "$NSS_TEST_ENABLE_FIPS" ]]; then
|
||||||
|
cert_fips
|
||||||
|
fi
|
||||||
|
cert_eccurves
|
||||||
|
cert_extensions
|
||||||
|
diff --git a/tests/common/init.sh b/tests/common/init.sh
|
||||||
|
--- a/tests/common/init.sh
|
||||||
|
+++ b/tests/common/init.sh
|
||||||
|
@@ -63,16 +63,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
|
||||||
|
DBPASSDIR=${HOSTDIR}/dbpass
|
||||||
|
ECCURVES_DIR=${HOSTDIR}/eccurves
|
||||||
|
DISTRUSTDIR=${HOSTDIR}/distrust
|
||||||
|
|
||||||
|
SERVER_CADIR=${HOSTDIR}/serverCA
|
||||||
|
CLIENT_CADIR=${HOSTDIR}/clientCA
|
||||||
|
EXT_SERVERDIR=${HOSTDIR}/ext_server
|
||||||
|
EXT_CLIENTDIR=${HOSTDIR}/ext_client
|
||||||
|
+ IMPLICIT_INIT_DIR=${HOSTDIR}/implicit_init
|
||||||
|
|
||||||
|
IOPR_CADIR=${HOSTDIR}/CA_iopr
|
||||||
|
IOPR_SSL_SERVERDIR=${HOSTDIR}/server_ssl_iopr
|
||||||
|
IOPR_SSL_CLIENTDIR=${HOSTDIR}/client_ssl_iopr
|
||||||
|
IOPR_OCSP_CLIENTDIR=${HOSTDIR}/client_ocsp_iopr
|
||||||
|
|
||||||
|
CERT_EXTENSIONS_DIR=${HOSTDIR}/cert_extensions
|
||||||
|
STAPLINGDIR=${HOSTDIR}/stapling
|
||||||
|
@@ -531,16 +532,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
|
||||||
|
D_SERVER="Server.$version"
|
||||||
|
D_CLIENT="Client.$version"
|
||||||
|
D_NOLOGIN="NoLogin.$version"
|
||||||
|
D_FIPS="FIPS.$version"
|
||||||
|
D_DBPASS="DBPASS.$version"
|
||||||
|
D_ECCURVES="ECCURVES.$version"
|
||||||
|
D_EXT_SERVER="ExtendedServer.$version"
|
||||||
|
D_EXT_CLIENT="ExtendedClient.$version"
|
||||||
|
+ D_IMPLICIT_INIT="ImplicitInit.$version"
|
||||||
|
D_CERT_EXTENSTIONS="CertExtensions.$version"
|
||||||
|
D_DISTRUST="Distrust.$version"
|
||||||
|
|
||||||
|
# we need relative pathnames of these files abd directories, since our
|
||||||
|
# tools can't handle the unix style absolut pathnames on cygnus
|
||||||
|
|
||||||
|
R_CADIR=../CA
|
||||||
|
R_SERVERDIR=../server
|
||||||
|
@@ -550,16 +552,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
|
||||||
|
R_IOPR_SSL_CLIENTDIR=../client_ssl_iopr
|
||||||
|
R_IOPR_OCSP_CLIENTDIR=../client_ocsp_iopr
|
||||||
|
R_ALICEDIR=../alicedir
|
||||||
|
R_BOBDIR=../bobdir
|
||||||
|
R_DAVEDIR=../dave
|
||||||
|
R_EVEDIR=../eve
|
||||||
|
R_EXT_SERVERDIR=../ext_server
|
||||||
|
R_EXT_CLIENTDIR=../ext_client
|
||||||
|
+ R_IMPLICIT_INIT_DIR=../implicit_init
|
||||||
|
R_CERT_EXT=../cert_extensions
|
||||||
|
R_STAPLINGDIR=../stapling
|
||||||
|
R_NOLOGINDIR=../nologin
|
||||||
|
R_SSLGTESTDIR=../ssl_gtests
|
||||||
|
R_GTESTDIR=../gtests
|
||||||
|
|
||||||
|
#
|
||||||
|
# profiles are either paths or domains depending on the setting of
|
||||||
|
@@ -570,27 +573,29 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
|
||||||
|
P_R_BOBDIR=${R_BOBDIR}
|
||||||
|
P_R_DAVEDIR=${R_DAVEDIR}
|
||||||
|
P_R_EVEDIR=${R_EVEDIR}
|
||||||
|
P_R_SERVERDIR=${R_SERVERDIR}
|
||||||
|
P_R_CLIENTDIR=${R_CLIENTDIR}
|
||||||
|
P_R_NOLOGINDIR=${R_NOLOGINDIR}
|
||||||
|
P_R_EXT_SERVERDIR=${R_EXT_SERVERDIR}
|
||||||
|
P_R_EXT_CLIENTDIR=${R_EXT_CLIENTDIR}
|
||||||
|
+ P_R_IMPLICIT_INIT_DIR=${R_IMPLICIT_INIT_DIR}
|
||||||
|
if [ -n "${MULTIACCESS_DBM}" ]; then
|
||||||
|
P_R_CADIR="multiaccess:${D_CA}"
|
||||||
|
P_R_ALICEDIR="multiaccess:${D_ALICE}"
|
||||||
|
P_R_BOBDIR="multiaccess:${D_BOB}"
|
||||||
|
P_R_DAVEDIR="multiaccess:${D_DAVE}"
|
||||||
|
P_R_EVEDIR="multiaccess:${D_EVE}"
|
||||||
|
P_R_SERVERDIR="multiaccess:${D_SERVER}"
|
||||||
|
P_R_CLIENTDIR="multiaccess:${D_CLIENT}"
|
||||||
|
P_R_NOLOGINDIR="multiaccess:${D_NOLOGIN}"
|
||||||
|
P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}"
|
||||||
|
P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}"
|
||||||
|
+ P_R_IMPLICIT_INIT_DIR="multiaccess:${D_IMPLICIT_INIT}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
R_PWFILE=../tests.pw
|
||||||
|
R_EMPTY_FILE=../tests_empty
|
||||||
|
R_NOISE_FILE=../tests_noise
|
||||||
|
|
||||||
|
R_FIPSPWFILE=../tests.fipspw
|
||||||
|
R_FIPSBADPWFILE=../tests.fipsbadpw
|
||||||
|
|
191
nss-sql-3-1395495-a.patch
Normal file
191
nss-sql-3-1395495-a.patch
Normal file
@ -0,0 +1,191 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Daiki Ueno <dueno@redhat.com>
|
||||||
|
# Date 1505483851 -7200
|
||||||
|
# Node ID 279b257c6433f1972d49c529247e6ed2633b979f
|
||||||
|
# Parent 88b6e9707b17c6b1ba5017cbf62e70bba58c2fcd
|
||||||
|
Bug 1395495, modutil: Initialize DB with empty password on -create, r=kaie
|
||||||
|
|
||||||
|
diff --git a/cmd/modutil/error.h b/cmd/modutil/error.h
|
||||||
|
--- a/cmd/modutil/error.h
|
||||||
|
+++ b/cmd/modutil/error.h
|
||||||
|
@@ -52,16 +52,17 @@ typedef enum {
|
||||||
|
ENABLE_FAILED_ERR,
|
||||||
|
UPDATE_MOD_FAILED_ERR,
|
||||||
|
DEFAULT_FAILED_ERR,
|
||||||
|
UNDEFAULT_FAILED_ERR,
|
||||||
|
STDIN_READ_ERR,
|
||||||
|
UNSPECIFIED_ERR,
|
||||||
|
NOCERTDB_MISUSE_ERR,
|
||||||
|
NSS_INITIALIZE_FAILED_ERR,
|
||||||
|
+ INITPW_FAILED_ERR,
|
||||||
|
|
||||||
|
LAST_ERR /* must be last */
|
||||||
|
} Error;
|
||||||
|
#define SUCCESS NO_ERR
|
||||||
|
|
||||||
|
/* !!! Should move this into its own .c and un-static it. */
|
||||||
|
static char *errStrings[] = {
|
||||||
|
"Operation completed successfully.\n",
|
||||||
|
@@ -105,17 +106,18 @@ static char *errStrings[] = {
|
||||||
|
"ERROR: Slot \"%s\" not found.\n",
|
||||||
|
"ERROR: Failed to %s slot \"%s\".\n",
|
||||||
|
"ERROR: Failed to update module \"%s\".\n",
|
||||||
|
"ERROR: Failed to change defaults.\n",
|
||||||
|
"ERROR: Failed to change default.\n",
|
||||||
|
"ERROR: Unable to read from standard input.\n",
|
||||||
|
"ERROR: Unknown error occurred.\n",
|
||||||
|
"ERROR: -nocertdb option can only be used with the -jar command.\n",
|
||||||
|
- "ERROR: NSS_Initialize() failed.\n"
|
||||||
|
+ "ERROR: NSS_Initialize() failed.\n",
|
||||||
|
+ "ERROR: Unable to set initial password on the database.\n"
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef enum {
|
||||||
|
FIPS_ENABLED_MSG = 0,
|
||||||
|
FIPS_DISABLED_MSG,
|
||||||
|
USING_DBDIR_MSG,
|
||||||
|
CREATING_DB_MSG,
|
||||||
|
ADD_MODULE_SUCCESS_MSG,
|
||||||
|
diff --git a/cmd/modutil/modutil.c b/cmd/modutil/modutil.c
|
||||||
|
--- a/cmd/modutil/modutil.c
|
||||||
|
+++ b/cmd/modutil/modutil.c
|
||||||
|
@@ -860,17 +860,17 @@ main(int argc, char* argv[])
|
||||||
|
switch (command) {
|
||||||
|
case ADD_COMMAND:
|
||||||
|
errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
|
||||||
|
break;
|
||||||
|
case CHANGEPW_COMMAND:
|
||||||
|
errcode = ChangePW(tokenName, pwFile, newpwFile);
|
||||||
|
break;
|
||||||
|
case CREATE_COMMAND:
|
||||||
|
- /* The work was already done in init_crypto() */
|
||||||
|
+ errcode = InitPW();
|
||||||
|
break;
|
||||||
|
case DEFAULT_COMMAND:
|
||||||
|
errcode = SetDefaultModule(moduleName, slotName, mechanisms);
|
||||||
|
break;
|
||||||
|
case DELETE_COMMAND:
|
||||||
|
errcode = DeleteModule(moduleName);
|
||||||
|
break;
|
||||||
|
case DISABLE_COMMAND:
|
||||||
|
diff --git a/cmd/modutil/modutil.h b/cmd/modutil/modutil.h
|
||||||
|
--- a/cmd/modutil/modutil.h
|
||||||
|
+++ b/cmd/modutil/modutil.h
|
||||||
|
@@ -24,16 +24,17 @@
|
||||||
|
Error LoadMechanismList(void);
|
||||||
|
Error FipsMode(char *arg);
|
||||||
|
Error ChkFipsMode(char *arg);
|
||||||
|
Error AddModule(char *moduleName, char *libFile, char *ciphers,
|
||||||
|
char *mechanisms, char *modparms);
|
||||||
|
Error DeleteModule(char *moduleName);
|
||||||
|
Error ListModule(char *moduleName);
|
||||||
|
Error ListModules();
|
||||||
|
+Error InitPW(void);
|
||||||
|
Error ChangePW(char *tokenName, char *pwFile, char *newpwFile);
|
||||||
|
Error EnableModule(char *moduleName, char *slotName, PRBool enable);
|
||||||
|
Error RawAddModule(char *dbmodulespec, char *modulespec);
|
||||||
|
Error RawListModule(char *modulespec);
|
||||||
|
Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
|
||||||
|
Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
|
||||||
|
void out_of_memory(void);
|
||||||
|
|
||||||
|
diff --git a/cmd/modutil/pk11.c b/cmd/modutil/pk11.c
|
||||||
|
--- a/cmd/modutil/pk11.c
|
||||||
|
+++ b/cmd/modutil/pk11.c
|
||||||
|
@@ -665,16 +665,49 @@ loser:
|
||||||
|
if (module) {
|
||||||
|
SECMOD_DestroyModule(module);
|
||||||
|
}
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
|
||||||
|
/************************************************************************
|
||||||
|
*
|
||||||
|
+ * I n i t P W
|
||||||
|
+ */
|
||||||
|
+Error
|
||||||
|
+InitPW(void)
|
||||||
|
+{
|
||||||
|
+ PK11SlotInfo *slot;
|
||||||
|
+ Error ret = UNSPECIFIED_ERR;
|
||||||
|
+
|
||||||
|
+ slot = PK11_GetInternalKeySlot();
|
||||||
|
+ if (!slot) {
|
||||||
|
+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], "internal");
|
||||||
|
+ return NO_SUCH_TOKEN_ERR;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Set the initial password to empty */
|
||||||
|
+ if (PK11_NeedUserInit(slot)) {
|
||||||
|
+ if (PK11_InitPin(slot, NULL, "") != SECSuccess) {
|
||||||
|
+ PR_fprintf(PR_STDERR, errStrings[INITPW_FAILED_ERR]);
|
||||||
|
+ ret = INITPW_FAILED_ERR;
|
||||||
|
+ goto loser;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ ret = SUCCESS;
|
||||||
|
+
|
||||||
|
+loser:
|
||||||
|
+ PK11_FreeSlot(slot);
|
||||||
|
+
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/************************************************************************
|
||||||
|
+ *
|
||||||
|
* C h a n g e P W
|
||||||
|
*/
|
||||||
|
Error
|
||||||
|
ChangePW(char *tokenName, char *pwFile, char *newpwFile)
|
||||||
|
{
|
||||||
|
char *oldpw = NULL, *newpw = NULL, *newpw2 = NULL;
|
||||||
|
PK11SlotInfo *slot;
|
||||||
|
Error ret = UNSPECIFIED_ERR;
|
||||||
|
diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh
|
||||||
|
--- a/tests/tools/tools.sh
|
||||||
|
+++ b/tests/tools/tools.sh
|
||||||
|
@@ -492,27 +492,41 @@ SIGNSCRIPT
|
||||||
|
|
||||||
|
echo "$SCRIPTNAME: Show who signed xpi ------------------------------"
|
||||||
|
echo "signtool -w nojs.xpi -d ${P_R_SIGNDIR}"
|
||||||
|
${BINDIR}/signtool -w nojs.xpi -d ${P_R_SIGNDIR}
|
||||||
|
html_msg $? 0 "Show who signed xpi (signtool -w)"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
+tools_modutil()
|
||||||
|
+{
|
||||||
|
+ echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized"
|
||||||
|
+ mkdir -p ${R_TOOLSDIR}/moddir
|
||||||
|
+ modu -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
|
||||||
|
+ ret=$?
|
||||||
|
+ ${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \
|
||||||
|
+ -x -t ',,' -z "${R_NOISE_FILE}"
|
||||||
|
+ ret=$?
|
||||||
|
+ html_msg $ret 0 "Test if DB created by modutil -create is initialized"
|
||||||
|
+ check_tmpfile
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
############################## tools_cleanup ###########################
|
||||||
|
# local shell function to finish this script (no exit since it might be
|
||||||
|
# sourced)
|
||||||
|
########################################################################
|
||||||
|
tools_cleanup()
|
||||||
|
{
|
||||||
|
html "</TABLE><BR>"
|
||||||
|
cd ${QADIR}
|
||||||
|
. common/cleanup.sh
|
||||||
|
}
|
||||||
|
|
||||||
|
################## main #################################################
|
||||||
|
|
||||||
|
tools_init
|
||||||
|
tools_p12
|
||||||
|
tools_sign
|
||||||
|
+tools_modutil
|
||||||
|
tools_cleanup
|
||||||
|
|
||||||
|
|
||||||
|
|
33
nss-sql-3-1395495-b.patch
Normal file
33
nss-sql-3-1395495-b.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Daiki Ueno <dueno@redhat.com>
|
||||||
|
# Date 1505742679 -7200
|
||||||
|
# Node ID 70109a01ce53328b511aaa6c839593a3282cb725
|
||||||
|
# Parent 279b257c6433f1972d49c529247e6ed2633b979f
|
||||||
|
Bug 1395495, bustage fix, Don't use the modu function from cert.sh, r=kaie
|
||||||
|
|
||||||
|
diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh
|
||||||
|
--- a/tests/tools/tools.sh
|
||||||
|
+++ b/tests/tools/tools.sh
|
||||||
|
@@ -496,17 +496,19 @@ SIGNSCRIPT
|
||||||
|
html_msg $? 0 "Show who signed xpi (signtool -w)"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
tools_modutil()
|
||||||
|
{
|
||||||
|
echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized"
|
||||||
|
mkdir -p ${R_TOOLSDIR}/moddir
|
||||||
|
- modu -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
|
||||||
|
+ # copied from modu function in cert.sh
|
||||||
|
+ # echo is used to press Enter expected by modutil
|
||||||
|
+ echo | ${BINDIR}/modutil -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
|
||||||
|
ret=$?
|
||||||
|
${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \
|
||||||
|
-x -t ',,' -z "${R_NOISE_FILE}"
|
||||||
|
ret=$?
|
||||||
|
html_msg $ret 0 "Test if DB created by modutil -create is initialized"
|
||||||
|
check_tmpfile
|
||||||
|
}
|
||||||
|
|
||||||
|
|
22
nss.spec
22
nss.spec
@ -9,7 +9,7 @@ Name: nss
|
|||||||
Version: 3.33.0
|
Version: 3.33.0
|
||||||
# for Rawhide, please always use release >= 2
|
# for Rawhide, please always use release >= 2
|
||||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -98,6 +98,15 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
|||||||
Patch59: nss-check-policy-file.patch
|
Patch59: nss-check-policy-file.patch
|
||||||
Patch62: nss-skip-util-gtest.patch
|
Patch62: nss-skip-util-gtest.patch
|
||||||
|
|
||||||
|
# rhbz#1505487, backport several upstream fixes from upstream NSS 3.34
|
||||||
|
Patch71: nss-sql-1-1403691-a.patch
|
||||||
|
Patch72: nss-sql-1-1403691-b.patch
|
||||||
|
Patch73: nss-sql-2-1382278-a.patch
|
||||||
|
Patch74: nss-sql-2-1382278-b.patch
|
||||||
|
Patch75: nss-sql-3-1395495-a.patch
|
||||||
|
Patch76: nss-sql-3-1395495-b.patch
|
||||||
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
support cross-platform development of security-enabled client and
|
support cross-platform development of security-enabled client and
|
||||||
@ -180,6 +189,14 @@ low level services.
|
|||||||
pushd nss
|
pushd nss
|
||||||
%patch59 -p1 -b .check_policy_file
|
%patch59 -p1 -b .check_policy_file
|
||||||
%patch62 -p1 -b .skip_util_gtest
|
%patch62 -p1 -b .skip_util_gtest
|
||||||
|
|
||||||
|
%patch71 -p1 -b .1403691-a
|
||||||
|
%patch72 -p1 -b .1403691-b
|
||||||
|
%patch73 -p1 -b .1382278-a
|
||||||
|
%patch74 -p1 -b .1382278-b
|
||||||
|
%patch75 -p1 -b .1395495-a
|
||||||
|
%patch76 -p1 -b .1395495-b
|
||||||
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
#########################################################
|
#########################################################
|
||||||
@ -755,6 +772,9 @@ done
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 24 2017 Kai Engert <kaie@redhat.com> - 3.33.0-3
|
||||||
|
- rhbz#1505487, backport upstream fixes required for rhbz#1496560
|
||||||
|
|
||||||
* Tue Oct 3 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-2
|
* Tue Oct 3 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-2
|
||||||
- Update to NSS 3.33.0
|
- Update to NSS 3.33.0
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user