commit
d04fa43ef4
|
@ -7,5 +7,5 @@ PayPalEE.cert
|
|||
TestCA.ca.cert
|
||||
TestUser50.cert
|
||||
TestUser51.cert
|
||||
/nss-pem-20130405.tar.bz2
|
||||
/nss-3.15.1-stripped.tar.bz2
|
||||
/nss-pem-20130828.tar.bz2
|
||||
/nss-3.15.2-stripped.tar.bz2
|
||||
|
|
24
iquote.patch
24
iquote.patch
|
@ -36,3 +36,27 @@ diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
|
|||
endif
|
||||
|
||||
ifndef NSS_LIB_DIR
|
||||
diff -up nss/lib/certhigh/Makefile.iquote nss/lib/certhigh/Makefile
|
||||
--- nss/lib/certhigh/Makefile.iquote 2013-09-27 11:13:55.158689314 -0700
|
||||
+++ nss/lib/certhigh/Makefile 2013-09-27 11:14:38.181042336 -0700
|
||||
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up nss/lib/cryptohi/Makefile.iquote nss/lib/cryptohi/Makefile
|
||||
--- nss/lib/cryptohi/Makefile.iquote 2013-09-27 11:11:30.117494489 -0700
|
||||
+++ nss/lib/cryptohi/Makefile 2013-09-27 11:12:54.704194915 -0700
|
||||
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
|
|
|
@ -0,0 +1,209 @@
|
|||
diff --git a/doc/certutil.xml b/doc/certutil.xml
|
||||
--- a/doc/certutil.xml
|
||||
+++ b/doc/certutil.xml
|
||||
@@ -634,16 +634,37 @@ of the attribute codes:
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--extSKID</term>
|
||||
<listitem><para>Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>--extNC</term>
|
||||
+ <listitem><para>Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>--keyAttrFlags attrflags</term>
|
||||
+ <listitem><para>
|
||||
+PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>--keyFlagsOn opflags</term>
|
||||
+ <term>--keyFlagsOff opflags</term>
|
||||
+ <listitem><para>
|
||||
+PKCS #11 key Operation Flags.
|
||||
+Comma separated list of one or more of the following:
|
||||
+{token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
|
||||
+ </para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>--source-dir certdir</term>
|
||||
<listitem><para>Identify the certificate database directory to upgrade.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--source-prefix certdir</term>
|
||||
<listitem><para>Give the prefix of the certificate and key databases to upgrade.</para></listitem>
|
||||
</varlistentry>
|
||||
@@ -795,17 +816,17 @@ JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0C
|
||||
XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk
|
||||
0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB
|
||||
AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B
|
||||
AQUFAAOBgQA6chkzkACN281d1jKMrc+RHG2UMaQyxiteaLVZO+Ro1nnRUvseDf09
|
||||
XKYFwPMJjWCihVku6bw/ihZfuMHhxK22Nue6inNQ6eDu7WmrqL8z3iUrQwxs+WiF
|
||||
ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qxKaIHU5q49zijfg==
|
||||
-----END CERTIFICATE-----
|
||||
</programlisting>
|
||||
-<pa>For a humam-readable display</para>
|
||||
+<para>For a human-readable display</para>
|
||||
<programlisting>$ certutil -L -d sql:$HOME/nssdb -n my-ca-cert
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 3650 (0xe42)
|
||||
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
|
||||
Issuer: "CN=Example CA"
|
||||
Validity:
|
||||
diff --git a/doc/cmsutil.xml b/doc/cmsutil.xml
|
||||
--- a/doc/cmsutil.xml
|
||||
+++ b/doc/cmsutil.xml
|
||||
@@ -84,19 +84,26 @@ The options and arguments for the cmsuti
|
||||
<varlistentry>
|
||||
<term>-S </term>
|
||||
<listitem><para>Sign a message.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
<para><command>Arguments</command></para>
|
||||
- <para>Option arguments modify an action and are lowercase.</para>
|
||||
+ <para>Option arguments modify an action.</para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
+ <term>-b </term>
|
||||
+ <listitem>
|
||||
+ <para>Decode a batch of files named in infile.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-c content </term>
|
||||
<listitem>
|
||||
<para>Use this detached content (decode only).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-d dbdir</term>
|
||||
@@ -108,37 +115,58 @@ The options and arguments for the cmsuti
|
||||
<varlistentry>
|
||||
<term>-e envfile</term>
|
||||
<listitem>
|
||||
<para>Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>-f pwfile</term>
|
||||
+ <listitem>
|
||||
+ <para>Use password file to set password on all PKCS#11 tokens.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-G</term>
|
||||
<listitem>
|
||||
<para>Include a signing time attribute (sign only).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
-
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-H hash</term>
|
||||
+ <listitem>
|
||||
+ <para>Use specified hash algorithm (default:SHA1).</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
<varlistentry>
|
||||
<term>-h num</term>
|
||||
<listitem>
|
||||
<para>Generate email headers with info about CMS message (decode only).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-i infile</term>
|
||||
<listitem>
|
||||
<para>Use infile as a source of data (default is stdin).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>-k</term>
|
||||
+ <listitem>
|
||||
+ <para>Keep decoded encryption certs in permanent cert db.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-N nickname</term>
|
||||
<listitem>
|
||||
<para>Specify nickname of certificate to sign with (sign only).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-n </term>
|
||||
@@ -188,16 +216,23 @@ For certificates-only message, list of c
|
||||
<varlistentry>
|
||||
<term>-u certusage</term>
|
||||
<listitem>
|
||||
<para>Set type of cert usage (default is certUsageEmailSigner).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>-v</term>
|
||||
+ <listitem>
|
||||
+ <para>Print debugging information.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-Y ekprefnick</term>
|
||||
<listitem>
|
||||
<para>Specify an encryption key preference by nickname.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
diff --git a/doc/crlutil.xml b/doc/crlutil.xml
|
||||
--- a/doc/crlutil.xml
|
||||
+++ b/doc/crlutil.xml
|
||||
@@ -261,16 +261,30 @@ Specify type of CRL. possible types are:
|
||||
<term>-u url </term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specify the url.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
+ <varlistentry>
|
||||
+ <term>-w pwd-string</term>
|
||||
+ <listitem>
|
||||
+ <para>Provide db password in command line.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-Z algorithm</term>
|
||||
+ <listitem>
|
||||
+ <para>Specify the hash algorithm to use for signing the CRL.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
</variablelist>
|
||||
</refsection>
|
||||
|
||||
<refsection id="syntax">
|
||||
<title>CRL Generation script syntax</title>
|
||||
<para>CRL generation script file has the following syntax:</para>
|
||||
<para>
|
||||
* Line with comments should have # as a first symbol of a line</para>
|
57
nss.spec
57
nss.spec
|
@ -1,17 +1,25 @@
|
|||
%global nspr_version 4.10
|
||||
%global nss_util_version 3.15.1
|
||||
%global nspr_version 4.10.1
|
||||
%global nss_util_version 3.15.2
|
||||
%global nss_softokn_fips_version 3.12.9
|
||||
%global nss_softokn_version 3.15.1
|
||||
%global nss_softokn_version 3.15.2
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
|
||||
|
||||
# solution taken from icedtea-web.spec
|
||||
%define multilib_arches ppc64 sparc64 x86_64
|
||||
%ifarch %{multilib_arches}
|
||||
%define alt_ckbi libnssckbi.so.%{_arch}
|
||||
%else
|
||||
%define alt_ckbi libnssckbi.so
|
||||
%endif
|
||||
|
||||
# Define if using a source archive like "nss-version.with.ckbi.version".
|
||||
# To "disable", add "#" to start of line, AND a space after "%".
|
||||
#% define nss_ckbi_suffix .with.ckbi.1.93
|
||||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.15.1
|
||||
Version: 3.15.2
|
||||
Release: 1%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
|
@ -21,6 +29,8 @@ Requires: nss-util >= %{nss_util_version}
|
|||
# TODO: revert to same version as nss once we are done with the merge
|
||||
Requires: nss-softokn%{_isa} >= %{nss_softokn_version}
|
||||
Requires: nss-system-init
|
||||
Requires(post): %{_sbindir}/update-alternatives
|
||||
Requires(postun): %{_sbindir}/update-alternatives
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: nspr-devel >= %{nspr_version}
|
||||
# TODO: revert to same version as nss once we are done with the merge
|
||||
|
@ -61,7 +71,7 @@ Source7: blank-key4.db
|
|||
Source8: system-pkcs11.txt
|
||||
Source9: setup-nsssysinit.sh
|
||||
Source10: PayPalEE.cert
|
||||
Source12: %{name}-pem-20130405.tar.bz2
|
||||
Source12: %{name}-pem-20130828.tar.bz2
|
||||
Source17: TestCA.ca.cert
|
||||
Source18: TestUser50.cert
|
||||
Source19: TestUser51.cert
|
||||
|
@ -179,7 +189,7 @@ low level services.
|
|||
%patch25 -p0 -b .systemfreebl
|
||||
# activate for stable and beta branches
|
||||
%patch29 -p0 -b .cbcrandomivoff
|
||||
#%patch39 -p0 -b .nobypass
|
||||
#%%patch39 -p0 -b .nobypass
|
||||
%patch40 -p0 -b .noocsptest
|
||||
%patch44 -p1 -b .syncupwithupstream
|
||||
%patch45 -p0 -b .notrash
|
||||
|
@ -514,7 +524,7 @@ done
|
|||
for f in nss-config setup-nsssysinit; do
|
||||
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
||||
done
|
||||
# Copy the man pages the nss tools
|
||||
# Copy the man pages for the nss tools
|
||||
for f in "%{allTools}"; do
|
||||
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
||||
done
|
||||
|
@ -574,7 +584,7 @@ done
|
|||
%{unsupported_tools_directory}/tstclnt
|
||||
%{unsupported_tools_directory}/vfyserv
|
||||
%{unsupported_tools_directory}/vfychain
|
||||
# instead of %{_mandir}/man*/* let's list them explicitely
|
||||
# instead of %%{_mandir}/man*/* let's list them explicitely
|
||||
# supported tools
|
||||
%attr(0644,root,root) %doc /usr/share/man/man1/certutil.1.gz
|
||||
%attr(0644,root,root) %doc /usr/share/man/man1/cmsutil.1.gz
|
||||
|
@ -665,6 +675,11 @@ done
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Sep 26 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-1
|
||||
- Update to NSS_3_15_2_RTM
|
||||
- Update iquote.patch on account of modified prototype on cert.h installed by nss-devel
|
||||
- Keep the nss-ssl-cbc-random-iv-off-by-default.patch enabled
|
||||
|
||||
* Sun Jul 21 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.1-1
|
||||
- Update to NSS_3_15_1_RTM
|
||||
- Enable iquote.patch to access newly introduced types
|
||||
|
@ -709,29 +724,31 @@ done
|
|||
- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it
|
||||
- Install nssck.api in /usr/includes/nss3
|
||||
|
||||
* Mon Nov 19 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-7
|
||||
* Mon Nov 19 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-10
|
||||
- Bug 870864 - Add support in NSS for Secure Boot
|
||||
|
||||
* Fri Nov 09 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-6
|
||||
* Sat Nov 10 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-9
|
||||
- Disable bypass code at build time and return failure on attempts to enable at runtime
|
||||
- Bug 806588 - Disable SSL PKCS #11 bypass at build time
|
||||
- Fix changelog release tags to match what was actually built
|
||||
|
||||
* Mon Nov 05 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5
|
||||
* Sun Nov 04 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-8
|
||||
- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs
|
||||
- Bug 872124 - nss-3.14 breaks fedpkg new-sources
|
||||
|
||||
* Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-4
|
||||
- Fix should be considered preliminary since the patch may change upon upstream approval
|
||||
|
||||
* Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-7
|
||||
- Add a dummy source file for testing /preventing fedpkg breakage
|
||||
- Helps test the fedpkg new-sources and upload commands for breakage by nss updates
|
||||
- Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources
|
||||
|
||||
* Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-3
|
||||
- Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default
|
||||
- Update the patch to account for the new sources
|
||||
- Resolves Bug 872124 - nss 3.14 breaks fedpkg new-sources
|
||||
* Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-6
|
||||
- Fix a previous unwanted merge from f18
|
||||
- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while
|
||||
- Keeping the patch disabled while we are still in rawhide and
|
||||
- State in comment that patch is needed for both stable and beta branches
|
||||
- Update .gitignore to download only the new sources
|
||||
|
||||
* Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-2
|
||||
* Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5
|
||||
- Fix the spec file so sechash.h gets installed
|
||||
- Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14
|
||||
|
||||
|
@ -990,7 +1007,7 @@ done
|
|||
- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)
|
||||
|
||||
* Tue Oct 05 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8-4
|
||||
- Fix invalid %postun scriptlet (#639248)
|
||||
- Fix invalid %%postun scriptlet (#639248)
|
||||
|
||||
* Wed Sep 29 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8-3
|
||||
- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787)
|
||||
|
|
|
@ -95,7 +95,7 @@
|
|||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
|
|
4
sources
4
sources
|
@ -7,5 +7,5 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
|||
f998b70c1be25e8bb9f5fdb5d50eb6f2 TestCA.ca.cert
|
||||
1b7b6808cd77d5df29bf5bb9e5fac967 TestUser50.cert
|
||||
ab0b56dd505a995425c03e5266f7c8d6 TestUser51.cert
|
||||
ee649aa333d24c8e364140cc24860ff6 nss-3.15.1-stripped.tar.bz2
|
||||
8b9cf94e7ed23586ab3f618366b6acb6 nss-pem-20130405.tar.bz2
|
||||
e82dd2b9520f9d0f5d101e7710d59656 nss-pem-20130828.tar.bz2
|
||||
b402f7062b1c0c0ee9d0f223d03b4d6a nss-3.15.2-stripped.tar.bz2
|
||||
|
|
Loading…
Reference in New Issue