rpms
/
nss
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'f19' into f18 

- Update to nss-3.15.2
This commit is contained in:
Elio Maldonado 2013-10-04 09:06:07 -07:00
parent 76f5af88b8 824235c319
commit d04fa43ef4
6 changed files with 275 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -7,5 +7,5 @@ PayPalEE.cert
TestCA.ca.cert
TestUser50.cert
TestUser51.cert
/nss-pem-20130405.tar.bz2
/nss-3.15.1-stripped.tar.bz2
/nss-pem-20130828.tar.bz2
/nss-3.15.2-stripped.tar.bz2

24
iquote.patch
View File

@ -36,3 +36,27 @@ diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
endif
ifndef NSS_LIB_DIR
diff -up nss/lib/certhigh/Makefile.iquote nss/lib/certhigh/Makefile
--- nss/lib/certhigh/Makefile.iquote 2013-09-27 11:13:55.158689314 -0700
+++ nss/lib/certhigh/Makefile 2013-09-27 11:14:38.181042336 -0700
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
-
+INCLUDES += -iquote $(DIST)/../public/nss
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/lib/cryptohi/Makefile.iquote nss/lib/cryptohi/Makefile
--- nss/lib/cryptohi/Makefile.iquote 2013-09-27 11:11:30.117494489 -0700
+++ nss/lib/cryptohi/Makefile 2013-09-27 11:12:54.704194915 -0700
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
-
+INCLUDES += -iquote $(DIST)/../public/nss
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #

209
manpages-fixes.patch Normal file
View File

@ -0,0 +1,209 @@
diff --git a/doc/certutil.xml b/doc/certutil.xml
--- a/doc/certutil.xml
+++ b/doc/certutil.xml
@@ -634,16 +634,37 @@ of the attribute codes:
</varlistentry>
<varlistentry>
<term>--extSKID</term>
<listitem><para>Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
</varlistentry>
<varlistentry>
+ <term>--extNC</term>
+ <listitem><para>Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--keyAttrFlags attrflags</term>
+ <listitem><para>
+PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--keyFlagsOn opflags</term>
+ <term>--keyFlagsOff opflags</term>
+ <listitem><para>
+PKCS #11 key Operation Flags.
+Comma separated list of one or more of the following:
+{token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>--source-dir certdir</term>
<listitem><para>Identify the certificate database directory to upgrade.</para></listitem>
</varlistentry>
<varlistentry>
<term>--source-prefix certdir</term>
<listitem><para>Give the prefix of the certificate and key databases to upgrade.</para></listitem>
</varlistentry>
@@ -795,17 +816,17 @@ JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0C
XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk
0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB
AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B
AQUFAAOBgQA6chkzkACN281d1jKMrc+RHG2UMaQyxiteaLVZO+Ro1nnRUvseDf09
XKYFwPMJjWCihVku6bw/ihZfuMHhxK22Nue6inNQ6eDu7WmrqL8z3iUrQwxs+WiF
ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qxKaIHU5q49zijfg==
-----END CERTIFICATE-----
</programlisting>
-<pa>For a humam-readable display</para>
+<para>For a human-readable display</para>
<programlisting>$ certutil -L -d sql:$HOME/nssdb -n my-ca-cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3650 (0xe42)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=Example CA"
Validity:
diff --git a/doc/cmsutil.xml b/doc/cmsutil.xml
--- a/doc/cmsutil.xml
+++ b/doc/cmsutil.xml
@@ -84,19 +84,26 @@ The options and arguments for the cmsuti
<varlistentry>
<term>-S </term>
<listitem><para>Sign a message.</para></listitem>
</varlistentry>
</variablelist>
<para><command>Arguments</command></para>
- <para>Option arguments modify an action and are lowercase.</para>
+ <para>Option arguments modify an action.</para>
<variablelist>
<varlistentry>
+ <term>-b </term>
+ <listitem>
+ <para>Decode a batch of files named in infile.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-c content </term>
<listitem>
<para>Use this detached content (decode only).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-d dbdir</term>
@@ -108,37 +115,58 @@ The options and arguments for the cmsuti
<varlistentry>
<term>-e envfile</term>
<listitem>
<para>Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).</para>
</listitem>
</varlistentry>
<varlistentry>
+ <term>-f pwfile</term>
+ <listitem>
+ <para>Use password file to set password on all PKCS#11 tokens.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-G</term>
<listitem>
<para>Include a signing time attribute (sign only).</para>
</listitem>
</varlistentry>
-
+
+ <varlistentry>
+ <term>-H hash</term>
+ <listitem>
+ <para>Use specified hash algorithm (default:SHA1).</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term>-h num</term>
<listitem>
<para>Generate email headers with info about CMS message (decode only).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-i infile</term>
<listitem>
<para>Use infile as a source of data (default is stdin).</para>
</listitem>
</varlistentry>
<varlistentry>
+ <term>-k</term>
+ <listitem>
+ <para>Keep decoded encryption certs in permanent cert db.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-N nickname</term>
<listitem>
<para>Specify nickname of certificate to sign with (sign only).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-n </term>
@@ -188,16 +216,23 @@ For certificates-only message, list of c
<varlistentry>
<term>-u certusage</term>
<listitem>
<para>Set type of cert usage (default is certUsageEmailSigner).</para>
</listitem>
</varlistentry>
<varlistentry>
+ <term>-v</term>
+ <listitem>
+ <para>Print debugging information.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-Y ekprefnick</term>
<listitem>
<para>Specify an encryption key preference by nickname.</para>
</listitem>
</varlistentry>
</variablelist>
diff --git a/doc/crlutil.xml b/doc/crlutil.xml
--- a/doc/crlutil.xml
+++ b/doc/crlutil.xml
@@ -261,16 +261,30 @@ Specify type of CRL. possible types are:
<term>-u url </term>
<listitem>
<para>
Specify the url.
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>-w pwd-string</term>
+ <listitem>
+ <para>Provide db password in command line.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-Z algorithm</term>
+ <listitem>
+ <para>Specify the hash algorithm to use for signing the CRL.</para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsection>
<refsection id="syntax">
<title>CRL Generation script syntax</title>
<para>CRL generation script file has the following syntax:</para>
<para>
* Line with comments should have # as a first symbol of a line</para>

57
nss.spec
View File

@ -1,17 +1,25 @@
%global nspr_version 4.10
%global nss_util_version 3.15.1
%global nspr_version 4.10.1
%global nss_util_version 3.15.2
%global nss_softokn_fips_version 3.12.9
%global nss_softokn_version 3.15.1
%global nss_softokn_version 3.15.2
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
# solution taken from icedtea-web.spec
%define multilib_arches ppc64 sparc64 x86_64
%ifarch %{multilib_arches}
%define alt_ckbi libnssckbi.so.%{_arch}
%else
%define alt_ckbi libnssckbi.so
%endif
# Define if using a source archive like "nss-version.with.ckbi.version".
# To "disable", add "#" to start of line, AND a space after "%".
#% define nss_ckbi_suffix .with.ckbi.1.93
Summary: Network Security Services
Name: nss
Version: 3.15.1
Version: 3.15.2
Release: 1%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
@ -21,6 +29,8 @@ Requires: nss-util >= %{nss_util_version}
# TODO: revert to same version as nss once we are done with the merge
Requires: nss-softokn%{_isa} >= %{nss_softokn_version}
Requires: nss-system-init
Requires(post): %{_sbindir}/update-alternatives
Requires(postun): %{_sbindir}/update-alternatives
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: nspr-devel >= %{nspr_version}
# TODO: revert to same version as nss once we are done with the merge
@ -61,7 +71,7 @@ Source7: blank-key4.db
Source8: system-pkcs11.txt
Source9: setup-nsssysinit.sh
Source10: PayPalEE.cert
Source12: %{name}-pem-20130405.tar.bz2
Source12: %{name}-pem-20130828.tar.bz2
Source17: TestCA.ca.cert
Source18: TestUser50.cert
Source19: TestUser51.cert
@ -179,7 +189,7 @@ low level services.
%patch25 -p0 -b .systemfreebl
# activate for stable and beta branches
%patch29 -p0 -b .cbcrandomivoff
#%patch39 -p0 -b .nobypass
#%%patch39 -p0 -b .nobypass
%patch40 -p0 -b .noocsptest
%patch44 -p1 -b .syncupwithupstream
%patch45 -p0 -b .notrash
@ -514,7 +524,7 @@ done
for f in nss-config setup-nsssysinit; do
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
done
# Copy the man pages the nss tools
# Copy the man pages for the nss tools
for f in "%{allTools}"; do
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
done
@ -574,7 +584,7 @@ done
%{unsupported_tools_directory}/tstclnt
%{unsupported_tools_directory}/vfyserv
%{unsupported_tools_directory}/vfychain
# instead of %{_mandir}/man*/* let's list them explicitely
# instead of %%{_mandir}/man*/* let's list them explicitely
# supported tools
%attr(0644,root,root) %doc /usr/share/man/man1/certutil.1.gz
%attr(0644,root,root) %doc /usr/share/man/man1/cmsutil.1.gz
@ -665,6 +675,11 @@ done
%changelog
* Thu Sep 26 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-1
- Update to NSS_3_15_2_RTM
- Update iquote.patch on account of modified prototype on cert.h installed by nss-devel
- Keep the nss-ssl-cbc-random-iv-off-by-default.patch enabled
* Sun Jul 21 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.1-1
- Update to NSS_3_15_1_RTM
- Enable iquote.patch to access newly introduced types
@ -709,29 +724,31 @@ done
- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it
- Install nssck.api in /usr/includes/nss3
* Mon Nov 19 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-7
* Mon Nov 19 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-10
- Bug 870864 - Add support in NSS for Secure Boot
* Fri Nov 09 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-6
* Sat Nov 10 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-9
- Disable bypass code at build time and return failure on attempts to enable at runtime
- Bug 806588 - Disable SSL PKCS #11 bypass at build time
- Fix changelog release tags to match what was actually built
* Mon Nov 05 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5
* Sun Nov 04 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-8
- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs
- Bug 872124 - nss-3.14 breaks fedpkg new-sources
* Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-4
- Fix should be considered preliminary since the patch may change upon upstream approval
* Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-7
- Add a dummy source file for testing /preventing fedpkg breakage
- Helps test the fedpkg new-sources and upload commands for breakage by nss updates
- Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources
* Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-3
- Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default
- Update the patch to account for the new sources
- Resolves Bug 872124 - nss 3.14 breaks fedpkg new-sources
* Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-6
- Fix a previous unwanted merge from f18
- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while
- Keeping the patch disabled while we are still in rawhide and
- State in comment that patch is needed for both stable and beta branches
- Update .gitignore to download only the new sources
* Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-2
* Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5
- Fix the spec file so sechash.h gets installed
- Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14
@ -990,7 +1007,7 @@ done
- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)
* Tue Oct 05 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8-4
- Fix invalid %postun scriptlet (#639248)
- Fix invalid %%postun scriptlet (#639248)
* Wed Sep 29 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8-3
- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787)

2
setup-nsssysinit.xml
View File

@ -95,7 +95,7 @@
<refsection id="authors">
<title>Authors</title>
<para>The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>

4
sources
View File

@ -7,5 +7,5 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
f998b70c1be25e8bb9f5fdb5d50eb6f2 TestCA.ca.cert
1b7b6808cd77d5df29bf5bb9e5fac967 TestUser50.cert
ab0b56dd505a995425c03e5266f7c8d6 TestUser51.cert
ee649aa333d24c8e364140cc24860ff6 nss-3.15.1-stripped.tar.bz2
8b9cf94e7ed23586ab3f618366b6acb6 nss-pem-20130405.tar.bz2
e82dd2b9520f9d0f5d101e7710d59656 nss-pem-20130828.tar.bz2
b402f7062b1c0c0ee9d0f223d03b4d6a nss-3.15.2-stripped.tar.bz2