From d5f0675cc91d71255762b2217b7c5fdae49fa393 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Tue, 13 Dec 2011 14:29:45 -0800 Subject: [PATCH] - Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed --- nosha224.patch | 101 ------------------------------------------------- nss.spec | 21 +++++----- 2 files changed, 10 insertions(+), 112 deletions(-) delete mode 100644 nosha224.patch diff --git a/nosha224.patch b/nosha224.patch deleted file mode 100644 index 186f7dc..0000000 --- a/nosha224.patch +++ /dev/null @@ -1,101 +0,0 @@ -diff -up ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 ./mozilla/security/nss/cmd/bltest/blapitest.c ---- ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 2011-09-16 12:16:50.000000000 -0700 -+++ ./mozilla/security/nss/cmd/bltest/blapitest.c 2011-12-10 11:45:11.346011408 -0800 -@@ -686,7 +686,9 @@ typedef enum { - bltestMD2, /* Hash algorithms */ - bltestMD5, /* . */ - bltestSHA1, /* . */ -+#ifndef NO_SHA224_AVAILABLE - bltestSHA224, /* . */ -+#endif - bltestSHA256, /* . */ - bltestSHA384, /* . */ - bltestSHA512, /* . */ -@@ -721,7 +723,9 @@ static char *mode_strings[] = - "md2", - "md5", - "sha1", -+#ifndef NO_SHA224_AVAILABLE - "sha224", -+#endif - "sha256", - "sha384", - "sha512", -@@ -1761,6 +1765,7 @@ finish: - return rv; - } - -+#ifndef NO_SHA224_AVAILABLE - SECStatus - SHA224_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) - { -@@ -1800,6 +1805,7 @@ finish: - SHA224_DestroyContext(cx, PR_TRUE); - return rv; - } -+#endif - - SECStatus - SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -@@ -2093,6 +2099,7 @@ cipherInit(bltestCipherInfo *cipherInfo, - cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf; - return SECSuccess; - break; -+#ifndef NO_SHA224_AVAILABLE - case bltestSHA224: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, -@@ -2100,6 +2107,7 @@ cipherInit(bltestCipherInfo *cipherInfo, - cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart - : SHA224_HashBuf; - return SECSuccess; -+#endif - break; - case bltestSHA256: - restart = cipherInfo->params.hash.restart; -@@ -2542,7 +2550,9 @@ cipherFinish(bltestCipherInfo *cipherInf - case bltestMD2: /* hash contexts are ephemeral */ - case bltestMD5: - case bltestSHA1: -+#ifndef NO_SHA224_AVAILABLE - case bltestSHA224: -+#endif - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: -@@ -2896,7 +2906,9 @@ get_params(PRArenaPool *arena, bltestPar - case bltestMD2: - case bltestMD5: - case bltestSHA1: -+#ifndef NO_SHA224_AVAILABLE - case bltestSHA224: -+#endif - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: -diff -up ./mozilla/security/nss/cmd/bltest/Makefile.nosha224 ./mozilla/security/nss/cmd/bltest/Makefile ---- ./mozilla/security/nss/cmd/bltest/Makefile.nosha224 2011-12-10 11:52:27.321001376 -0800 -+++ ./mozilla/security/nss/cmd/bltest/Makefile 2011-12-10 11:56:07.580996325 -0800 -@@ -62,6 +62,11 @@ include $(CORE_DEPTH)/coreconf/config.mk - - include ../platlibs.mk - -+# Don't compile code that requires SHA224 if it isn't avilable -+# Such is the case when system freebl/softokn is the 3.12 one -+# -+CFLAGS+=-DNO_SHA224_AVAILABLE -+ - #EXTRA_SHARED_LIBS += \ - # -L/usr/lib \ - # -lposix4 \ -diff -up ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 ./mozilla/security/nss/tests/cipher/cipher.txt ---- ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 2010-08-17 22:57:05.000000000 -0700 -+++ ./mozilla/security/nss/tests/cipher/cipher.txt 2011-12-04 22:03:47.317609956 -0800 -@@ -73,7 +73,6 @@ - 0 md2_-H MD2_Hash - 0 md5_-H MD5_Hash - 0 sha1_-H SHA1_Hash -- 0 sha224_-H SHA224_Hash - 0 sha256_-H SHA256_Hash - 0 sha384_-H SHA384_Hash - 0 sha512_-H SHA512_Hash diff --git a/nss.spec b/nss.spec index 7d8ee33..2817b79 100644 --- a/nss.spec +++ b/nss.spec @@ -7,20 +7,20 @@ Summary: Network Security Services Name: nss Version: 3.13.1 -Release: 8%{?dist} +Release: 9%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries Requires: nspr >= %{nspr_version} Requires: nss-util >= %{nss_util_version} # TODO: revert to same version as nss once we are done with the merge -Requires: nss-softokn%{_isa} >= %{nss_softokn_fips_version} +Requires: nss-softokn%{_isa} >= %{nss_softokn_version} Requires: nss-system-init BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: nspr-devel >= %{nspr_version} # TODO: revert to same version as nss once we are done with the merge # Using '>=' but on RHEL the requires should be '=' -BuildRequires: nss-softokn-devel >= %{nss_softokn_fips_version} +BuildRequires: nss-softokn-devel >= %{nss_softokn_version} BuildRequires: nss-util-devel >= %{nss_util_version} BuildRequires: sqlite-devel BuildRequires: zlib-devel @@ -68,8 +68,6 @@ Patch23: nss-ckbi-1.88.rtm.patch Patch25: nsspem-use-system-freebl.patch # don't compile the fipstest application Patch26: nofipstest.patch -# sha224 isn't available when we use 3.12 softokn -Patch27: nosha224.patch # include this patch in the upstream pem review Patch28: nsspem-bz754771.patch @@ -134,7 +132,7 @@ Requires: nss-devel = %{version}-%{release} # TODO: revert to using nss_softokn_version once we are done with # the merge into to new rhel git repo # For RHEL we should have '=' instead of '>=' -Requires: nss-softokn-freebl-devel >= %{nss_softokn_fips_version} +Requires: nss-softokn-freebl-devel >= %{nss_softokn_version} %description pkcs11-devel Library files for developing PKCS #11 modules using basic NSS @@ -159,7 +157,6 @@ low level services. # link pem against buildroot's 3.12 freebl %patch25 -p0 -b .systemfreebl %patch26 -p0 -b .nofipstest -%patch27 -p0 -b .nosha224 %patch28 -p0 -b .754771 @@ -233,9 +230,7 @@ export NSS_ECC_MORE_THAN_SUITE_B # Set up our package file # The nspr_version and nss_{util|softokn}_version globals used # here match the ones nss has for its Requires. -# TODO: using %%{nss_softokn_fips_version} for rhel -# but for fefora we will revert to nss_softokn_version after -# the merge is completed +# Using the current %%{nss_softokn_version} for fedora again %{__mkdir_p} ./mozilla/dist/pkgconfig %{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%prefix%%,%{_prefix},g" \ @@ -244,7 +239,7 @@ export NSS_ECC_MORE_THAN_SUITE_B -e "s,%%NSS_VERSION%%,%{version},g" \ -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ -e "s,%%NSSUTIL_VERSION%%,%{nss_util_version},g" \ - -e "s,%%SOFTOKEN_VERSION%%,%{nss_softokn_fips_version},g" > \ + -e "s,%%SOFTOKEN_VERSION%%,%{nss_softokn_version},g" > \ ./mozilla/dist/pkgconfig/nss.pc NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` @@ -577,6 +572,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog +* Tue Dec 13 2011 elio maldonado - 3.13.1-9 +- Revert to using current nss_softokn_version +- Patch to deal with lack of sha224 is no longer needed + * Tue Dec 13 2011 Elio Maldonado - 3.13.1-8 - Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV