rpms
/
nss
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rebase to NSS 3.23

This commit is contained in:
Elio Maldonado 2016-03-05 12:42:26 -08:00
parent c0f6099656
commit e4343992f0
8 changed files with 200 additions and 357 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -10,4 +10,4 @@ TestUser51.cert
/nss-pem-20140125.tar.bz2
/PayPalRootCA.cert
/PayPalICA.cert
/nss-3.22.2.tar.gz
/nss-3.23.0.tar.gz

190
disableSSL2libssl.patch
View File

@ -1,5 +1,5 @@
--- ./lib/ssl/config.mk.disableSSL2libssl 2016-01-29 02:30:10.000000000 -0800
+++ ./lib/ssl/config.mk 2016-02-06 11:20:50.322990421 -0800
--- ./lib/ssl/config.mk.disableSSL2libssl 2016-03-05 09:20:12.712130884 -0800
+++ ./lib/ssl/config.mk 2016-03-05 09:24:22.748518581 -0800
@@ -2,16 +2,20 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
@ -13,108 +13,108 @@
+DEFINES += -DNSS_NO_SSL2_NO_EXPORT
+endif
+
# Allow build-time configuration of TLS 1.3 (Experimental)
ifdef NSS_ENABLE_TLS_1_3
DEFINES += -DNSS_ENABLE_TLS_1_3
endif
ifdef NSS_NO_PKCS11_BYPASS
DEFINES += -DNO_PKCS11_BYPASS
else
--- ./lib/ssl/sslsock.c.disableSSL2libssl 2016-02-06 11:20:50.312990617 -0800
+++ ./lib/ssl/sslsock.c 2016-02-06 11:26:04.123828138 -0800
@@ -705,16 +705,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs);
ss->cipherSpecs = NULL;
ss->sizeCipherSpecs = 0;
}
break;
CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
case SSL_ENABLE_SSL2:
+#ifdef NSS_NO_SSL2_NO_EXPORT
+ if (on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ }
+#else
if (IS_DTLS(ss)) {
if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure; /* not allowed */
EXTRA_LIBS += \
$(CRYPTOLIB) \
$(NULL)
--- ./lib/ssl/sslsock.c.disableSSL2libssl 2016-03-05 09:20:12.713130866 -0800
+++ ./lib/ssl/sslsock.c 2016-03-05 09:32:55.060592007 -0800
@@ -707,16 +707,22 @@
if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs);
ss->cipherSpecs = NULL;
ss->sizeCipherSpecs = 0;
}
break;
}
if (on) {
@@ -729,52 +735,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
case SSL_ENABLE_SSL2:
+#ifdef NSS_NO_SSL2_NO_EXPORT
+ if (on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ }
+#else
if (IS_DTLS(ss)) {
if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure; /* not allowed */
}
break;
}
if (on) {
@@ -731,52 +737,67 @@
ss->opt.v2CompatibleHello = on;
}
ss->preferredCipher = NULL;
if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs);
ss->cipherSpecs = NULL;
ss->sizeCipherSpecs = 0;
}
+#endif /* NSS_NO_SSL2_NO_EXPORT */
break;
case SSL_NO_CACHE:
ss->opt.noCache = on;
break;
case SSL_ENABLE_FDX:
if (on && ss->opt.noLocks) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
}
ss->opt.fdx = on;
break;
case SSL_V2_COMPATIBLE_HELLO:
+#ifdef NSS_NO_SSL2_NO_EXPORT
+ if (on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ }
+#else
if (IS_DTLS(ss)) {
if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure; /* not allowed */
}
break;
}
ss->opt.v2CompatibleHello = on;
}
ss->preferredCipher = NULL;
if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs);
ss->cipherSpecs = NULL;
ss->sizeCipherSpecs = 0;
}
+#endif /* NSS_NO_SSL2_NO_EXPORT */
break;
case SSL_NO_CACHE:
ss->opt.noCache = on;
break;
case SSL_ENABLE_FDX:
if (on && ss->opt.noLocks) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
}
ss->opt.fdx = on;
break;
case SSL_V2_COMPATIBLE_HELLO:
+#ifdef NSS_NO_SSL2_NO_EXPORT
+ if (on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ }
+#else
if (IS_DTLS(ss)) {
if (on) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure; /* not allowed */
if (!on) {
ss->opt.enableSSL2 = on;
}
+#endif /* NSS_NO_SSL2_NO_EXPORT */
break;
}
ss->opt.v2CompatibleHello = on;
if (!on) {
ss->opt.enableSSL2 = on;
}
+#endif /* NSS_NO_SSL2_NO_EXPORT */
break;
case SSL_ROLLBACK_DETECTION:
ss->opt.detectRollBack = on;
break;
case SSL_ROLLBACK_DETECTION:
ss->opt.detectRollBack = on;
break;
case SSL_NO_STEP_DOWN:
case SSL_NO_STEP_DOWN:
+#ifdef NSS_NO_SSL2_NO_EXPORT
+ if (!on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ }
+ if (!on) {
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+ rv = SECFailure; /* not allowed */
+ }
+#else
ss->opt.noStepDown = on;
if (on)
SSL_DisableExportCipherSuites(fd);
ss->opt.noStepDown = on;
if (on)
SSL_DisableExportCipherSuites(fd);
+#endif /* NSS_NO_SSL2_NO_EXPORT */
break;
break;
case SSL_BYPASS_PKCS11:
if (ss->handshakeBegun) {
PORT_SetError(PR_INVALID_STATE_ERROR);
rv = SECFailure;
} else {
if (PR_FALSE != on) {
@@ -1235,16 +1256,32 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
case SSL_BYPASS_PKCS11:
if (ss->handshakeBegun) {
PORT_SetError(PR_INVALID_STATE_ERROR);
rv = SECFailure;
} else {
if (PR_FALSE != on) {
@@ -1324,16 +1345,32 @@
}
return SECSuccess;
}
@ -140,10 +140,10 @@
+ }
+#endif /* NSS_NO_SSL2_NO_EXPORT */
switch (suite) {
case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
return PR_TRUE;
default:
return PR_FALSE;
case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
return PR_TRUE;
default:
return PR_FALSE;
}

124
fix_warnings_treated_as_errors.patch
View File

@ -1,124 +0,0 @@
diff -up ./cmd/p7sign/p7sign.c.fix_warnings ./cmd/p7sign/p7sign.c
--- ./cmd/p7sign/p7sign.c.fix_warnings 2016-02-07 15:29:48.459494920 -0800
+++ ./cmd/p7sign/p7sign.c 2016-02-07 15:55:04.920963101 -0800
@@ -92,21 +92,24 @@ SignFile(FILE *outFile, PRFileDesc *inFi
SEC_PKCS7ContentInfo *cinfo;
SECStatus rv;
- if (outFile == NULL || inFile == NULL || cert == NULL)
- return -1;
+ if (outFile == NULL || inFile == NULL || cert == NULL) {
+ return -1;
+ }
/* suck the file in */
- if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE,
- PR_FALSE) != SECSuccess)
- return -1;
+ if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE,
+ PR_FALSE) != SECSuccess) {
+ return -1;
+ }
if (!encapsulated) {
/* unfortunately, we must create the digest ourselves */
/* SEC_PKCS7CreateSignedData should have a flag to not include */
/* the content for non-encapsulated content at encode time, but */
/* should always compute the hash itself */
- if (CreateDigest(&data2sign, digestdata, &len, 32) < 0)
- return -1;
+ if (CreateDigest(&data2sign, digestdata, &len, 32) < 0) {
+ return -1;
+ }
digest.data = (unsigned char *)digestdata;
digest.len = len;
}
@@ -116,9 +119,9 @@ SignFile(FILE *outFile, PRFileDesc *inFi
SEC_OID_SHA1,
encapsulated ? NULL : &digest,
NULL, NULL);
- if (cinfo == NULL)
+ if (cinfo == NULL) {
return -1;
-
+ }
if (encapsulated) {
SEC_PKCS7SetContent(cinfo, (char *)data2sign.data, data2sign.len);
}
@@ -134,8 +137,9 @@ SignFile(FILE *outFile, PRFileDesc *inFi
SEC_PKCS7DestroyContentInfo (cinfo);
- if (rv != SECSuccess)
+ if (rv != SECSuccess) {
return -1;
+ }
return 0;
}
diff -up ./cmd/vfychain/vfychain.c.fix_warnings ./cmd/vfychain/vfychain.c
--- ./cmd/vfychain/vfychain.c.fix_warnings 2016-02-07 16:03:13.189775733 -0800
+++ ./cmd/vfychain/vfychain.c 2016-02-07 16:22:33.709073372 -0800
@@ -439,7 +439,7 @@ main(int argc, char *argv[], char *envp[
case 0 : /* positional parameter */ goto breakout;
case 'a' : isAscii = PR_TRUE; break;
case 'b' : secStatus = DER_AsciiToTime(&time, optstate->value);
- if (secStatus != SECSuccess) Usage(progName); break;
+ if (secStatus != SECSuccess) { Usage(progName); } break;
case 'd' : certDir = PL_strdup(optstate->value); break;
case 'e' : ocsp_fetchingFailureIsAFailure = PR_FALSE; break;
case 'f' : certFetching = PR_TRUE; break;
@@ -484,9 +484,9 @@ main(int argc, char *argv[], char *envp[
case 't' : trusted = PR_TRUE; break;
case 'T' : onlyTrustAnchors = PR_FALSE; break;
case 'u' : usage = PORT_Atoi(optstate->value);
- if (usage < 0 || usage > 62) Usage(progName);
+ if (usage < 0 || usage > 62) { Usage(progName); }
certUsage = ((SECCertificateUsage)1) << usage;
- if (certUsage > certificateUsageHighest) Usage(progName);
+ if (certUsage > certificateUsageHighest) { Usage(progName); }
break;
case 'w':
pwdata.source = PW_PLAINTEXT;
diff -up ./lib/dbm/src/hash.c.fix_warnings ./lib/dbm/src/hash.c
--- ./lib/dbm/src/hash.c.fix_warnings 2016-02-07 15:18:54.006925157 -0800
+++ ./lib/dbm/src/hash.c 2016-02-07 15:21:02.151491099 -0800
@@ -815,9 +815,9 @@ hash_access(
}
ovfl_loop_count++;
- if(ovfl_loop_count > MAX_OVERFLOW_HASH_ACCESS_LOOPS)
+ if(ovfl_loop_count > MAX_OVERFLOW_HASH_ACCESS_LOOPS) {
return (DATABASE_CORRUPTED_ERROR);
-
+ }
/* FOR LOOP INIT */
bp = (uint16 *)rbufp->page;
n = *bp++;
@@ -825,8 +825,9 @@ hash_access(
off = hashp->BSIZE;
} else if (bp[1] < REAL_KEY) {
if ((ndx =
- __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0)
+ __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0) {
goto found;
+ }
if (ndx == -2) {
bufp = rbufp;
if (!(pageno =
diff -up ./lib/dbm/src/h_page.c.fix_warnings ./lib/dbm/src/h_page.c
--- ./lib/dbm/src/h_page.c.fix_warnings 2016-01-29 02:30:10.000000000 -0800
+++ ./lib/dbm/src/h_page.c 2016-02-07 15:10:42.439250993 -0800
@@ -114,9 +114,9 @@ long new_lseek(int fd, long offset, int
if(origin == SEEK_CUR)
{
- if(offset < 1)
- return(lseek(fd, offset, SEEK_CUR));
-
+ if(offset < 1) {
+ return(lseek(fd, offset, SEEK_CUR));
+ }
cur_pos = lseek(fd, 0, SEEK_CUR);
if(cur_pos < 0)

146
iquote.patch
View File

@ -1,17 +1,6 @@
diff -up nss/cmd/bltest/Makefile.iquote nss/cmd/bltest/Makefile
--- nss/cmd/bltest/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/bltest/Makefile 2014-05-06 07:15:41.173387799 -0700
@@ -45,6 +45,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
+INCLUDES += -iquote $(DIST)/../private/nss
#######################################################################
diff -up nss/cmd/certcgi/Makefile.iquote nss/cmd/certcgi/Makefile
--- nss/cmd/certcgi/Makefile.iquote 2014-08-19 10:18:35.713017904 -0700
+++ nss/cmd/certcgi/Makefile 2014-08-19 10:19:36.106528087 -0700
diff -up ./nss/cmd/certcgi/Makefile.iquote ./nss/cmd/certcgi/Makefile
--- ./nss/cmd/certcgi/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/cmd/certcgi/Makefile 2016-03-05 12:04:06.216474144 -0800
@@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -22,9 +11,9 @@ diff -up nss/cmd/certcgi/Makefile.iquote nss/cmd/certcgi/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/certutil/Makefile.iquote nss/cmd/certutil/Makefile
--- nss/cmd/certutil/Makefile.iquote 2014-08-19 10:23:39.697585905 -0700
+++ nss/cmd/certutil/Makefile 2014-08-19 10:24:31.060019803 -0700
diff -up ./nss/cmd/certutil/Makefile.iquote ./nss/cmd/certutil/Makefile
--- ./nss/cmd/certutil/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/cmd/certutil/Makefile 2016-03-05 12:04:06.216474144 -0800
@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -35,9 +24,9 @@ diff -up nss/cmd/certutil/Makefile.iquote nss/cmd/certutil/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/lib/Makefile.iquote nss/cmd/lib/Makefile
--- nss/cmd/lib/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/lib/Makefile 2014-05-06 07:15:41.174387806 -0700
diff -up ./nss/cmd/lib/Makefile.iquote ./nss/cmd/lib/Makefile
--- ./nss/cmd/lib/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/cmd/lib/Makefile 2016-03-05 12:04:06.216474144 -0800
@@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -48,10 +37,10 @@ diff -up nss/cmd/lib/Makefile.iquote nss/cmd/lib/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/modutil/Makefile.iquote nss/cmd/modutil/Makefile
--- nss/cmd/modutil/Makefile.iquote 2014-05-06 07:34:30.055124213 -0700
+++ nss/cmd/modutil/Makefile 2014-05-06 07:35:36.016602770 -0700
@@ -41,6 +41,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
diff -up ./nss/cmd/modutil/Makefile.iquote ./nss/cmd/modutil/Makefile
--- ./nss/cmd/modutil/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/cmd/modutil/Makefile 2016-03-05 12:04:06.216474144 -0800
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -59,9 +48,9 @@ diff -up nss/cmd/modutil/Makefile.iquote nss/cmd/modutil/Makefile
#######################################################################
diff -up nss/cmd/selfserv/Makefile.iquote nss/cmd/selfserv/Makefile
--- nss/cmd/selfserv/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/selfserv/Makefile 2014-05-06 07:15:41.175387813 -0700
diff -up ./nss/cmd/selfserv/Makefile.iquote ./nss/cmd/selfserv/Makefile
--- ./nss/cmd/selfserv/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/cmd/selfserv/Makefile 2016-03-05 12:04:06.216474144 -0800
@@ -35,7 +35,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -72,9 +61,9 @@ diff -up nss/cmd/selfserv/Makefile.iquote nss/cmd/selfserv/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/ssltap/Makefile.iquote nss/cmd/ssltap/Makefile
--- nss/cmd/ssltap/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/ssltap/Makefile 2014-05-06 07:15:41.176387820 -0700
diff -up ./nss/cmd/ssltap/Makefile.iquote ./nss/cmd/ssltap/Makefile
--- ./nss/cmd/ssltap/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/cmd/ssltap/Makefile 2016-03-05 12:04:06.216474144 -0800
@@ -39,7 +39,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -85,9 +74,9 @@ diff -up nss/cmd/ssltap/Makefile.iquote nss/cmd/ssltap/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/strsclnt/Makefile.iquote nss/cmd/strsclnt/Makefile
--- nss/cmd/strsclnt/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/strsclnt/Makefile 2014-05-06 07:15:41.177387827 -0700
diff -up ./nss/cmd/strsclnt/Makefile.iquote ./nss/cmd/strsclnt/Makefile
--- ./nss/cmd/strsclnt/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/cmd/strsclnt/Makefile 2016-03-05 12:04:06.217474124 -0800
@@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -98,9 +87,9 @@ diff -up nss/cmd/strsclnt/Makefile.iquote nss/cmd/strsclnt/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/tstclnt/Makefile.iquote nss/cmd/tstclnt/Makefile
--- nss/cmd/tstclnt/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/tstclnt/Makefile 2014-05-06 07:15:41.178387834 -0700
diff -up ./nss/cmd/tstclnt/Makefile.iquote ./nss/cmd/tstclnt/Makefile
--- ./nss/cmd/tstclnt/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/cmd/tstclnt/Makefile 2016-03-05 12:04:06.217474124 -0800
@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
@ -110,9 +99,9 @@ diff -up nss/cmd/tstclnt/Makefile.iquote nss/cmd/tstclnt/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/cmd/vfyserv/Makefile.iquote nss/cmd/vfyserv/Makefile
--- nss/cmd/vfyserv/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/cmd/vfyserv/Makefile 2014-05-06 07:15:41.179387841 -0700
diff -up ./nss/cmd/vfyserv/Makefile.iquote ./nss/cmd/vfyserv/Makefile
--- ./nss/cmd/vfyserv/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/cmd/vfyserv/Makefile 2016-03-05 12:04:06.217474124 -0800
@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
@ -122,9 +111,9 @@ diff -up nss/cmd/vfyserv/Makefile.iquote nss/cmd/vfyserv/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
--- nss/coreconf/location.mk.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/coreconf/location.mk 2014-05-06 07:15:41.180387848 -0700
diff -up ./nss/coreconf/location.mk.iquote ./nss/coreconf/location.mk
--- ./nss/coreconf/location.mk.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/coreconf/location.mk 2016-03-05 12:04:06.217474124 -0800
@@ -45,6 +45,10 @@ endif
ifdef NSS_INCLUDE_DIR
@ -136,9 +125,32 @@ diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
endif
ifndef NSS_LIB_DIR
diff -up nss/lib/certhigh/Makefile.iquote nss/lib/certhigh/Makefile
--- nss/lib/certhigh/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/lib/certhigh/Makefile 2014-05-06 07:15:41.181387855 -0700
diff -up ./nss/external_tests/pk11_gtest/Makefile.iquote ./nss/external_tests/pk11_gtest/Makefile
--- ./nss/external_tests/pk11_gtest/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/external_tests/pk11_gtest/Makefile 2016-03-05 12:04:06.217474124 -0800
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
+INCLUDES += -iquote $(DIST)/../public/nss
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up ./nss/external_tests/ssl_gtest/Makefile.iquote ./nss/external_tests/ssl_gtest/Makefile
--- ./nss/external_tests/ssl_gtest/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/external_tests/ssl_gtest/Makefile 2016-03-05 12:05:17.208082475 -0800
@@ -43,6 +43,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
+INCLUDES += -iquote $(DIST)/../public/nss
+INCLUDES += -iquote $(DIST)/../public/nss
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up ./nss/lib/certhigh/Makefile.iquote ./nss/lib/certhigh/Makefile
--- ./nss/lib/certhigh/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/lib/certhigh/Makefile 2016-03-05 12:04:06.217474124 -0800
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -148,9 +160,9 @@ diff -up nss/lib/certhigh/Makefile.iquote nss/lib/certhigh/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/lib/cryptohi/Makefile.iquote nss/lib/cryptohi/Makefile
--- nss/lib/cryptohi/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/lib/cryptohi/Makefile 2014-05-06 07:15:41.182387862 -0700
diff -up ./nss/lib/cryptohi/Makefile.iquote ./nss/lib/cryptohi/Makefile
--- ./nss/lib/cryptohi/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/lib/cryptohi/Makefile 2016-03-05 12:04:06.217474124 -0800
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -160,9 +172,9 @@ diff -up nss/lib/cryptohi/Makefile.iquote nss/lib/cryptohi/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/lib/nss/Makefile.iquote nss/lib/nss/Makefile
--- nss/lib/nss/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700
+++ nss/lib/nss/Makefile 2014-05-06 07:15:41.183387869 -0700
diff -up ./nss/lib/nss/Makefile.iquote ./nss/lib/nss/Makefile
--- ./nss/lib/nss/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/lib/nss/Makefile 2016-03-05 12:04:06.217474124 -0800
@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -174,8 +186,8 @@ diff -up nss/lib/nss/Makefile.iquote nss/lib/nss/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up ./nss/lib/pk11wrap/Makefile.iquote ./nss/lib/pk11wrap/Makefile
--- ./nss/lib/pk11wrap/Makefile.iquote 2016-02-07 09:49:33.310455054 -0800
+++ ./nss/lib/pk11wrap/Makefile 2016-02-07 09:51:38.830881330 -0800
--- ./nss/lib/pk11wrap/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/lib/pk11wrap/Makefile 2016-03-05 12:04:06.217474124 -0800
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -185,9 +197,9 @@ diff -up ./nss/lib/pk11wrap/Makefile.iquote ./nss/lib/pk11wrap/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up nss/lib/ssl/Makefile.iquote nss/lib/ssl/Makefile
--- nss/lib/ssl/Makefile.iquote 2015-11-13 09:23:41.653738563 -0800
+++ nss/lib/ssl/Makefile 2015-11-13 09:25:25.121415348 -0800
diff -up ./nss/lib/ssl/Makefile.iquote ./nss/lib/ssl/Makefile
--- ./nss/lib/ssl/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
+++ ./nss/lib/ssl/Makefile 2016-03-05 12:04:06.217474124 -0800
@@ -49,7 +49,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
@ -197,25 +209,3 @@ diff -up nss/lib/ssl/Makefile.iquote nss/lib/ssl/Makefile
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up ./nss/external_tests/pk11_gtest/Makefile.iquote ./nss/external_tests/pk11_gtest/Makefile
--- ./nss/external_tests/pk11_gtest/Makefile.iquote 2016-02-07 10:07:49.163055808 -0800
+++ ./nss/external_tests/pk11_gtest/Makefile 2016-02-07 10:09:07.463478307 -0800
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
+INCLUDES += -iquote $(DIST)/../public/nss
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
diff -up ./nss/external_tests/ssl_gtest/Makefile.iquote ./nss/external_tests/ssl_gtest/Makefile
--- ./nss/external_tests/ssl_gtest/Makefile.iquote 2016-02-07 10:19:57.132763142 -0800
+++ ./nss/external_tests/ssl_gtest/Makefile 2016-02-07 10:20:42.346957530 -0800
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
++INCLUDES += -iquote $(DIST)/../public/nss
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #

51
nss.spec
View File

@ -1,6 +1,6 @@
%global nspr_version 4.12.0
%global nss_util_version 3.22.2
%global nss_softokn_version 3.22.2
%global nss_util_version 3.23.0
%global nss_softokn_version 3.23.0
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
@ -18,7 +18,7 @@
Summary: Network Security Services
Name: nss
Version: 3.22.2
Version: 3.23.0
# for Rawhide, please always use release >= 2
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
Release: 2%{?dist}
@ -87,7 +87,7 @@ Patch49: nss-skip-bltest-and-fipstest.patch
# This patch uses the gcc-iquote dir option documented at
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
# to place the in-tree directories at the head of the list of list of directories
# to be searched for for header files. This ensures a build even when system
# to be searched for for header files. This ensures a build even when system
# headers are older. Such is the case when starting an update with API changes or even private export changes.
# Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
Patch50: iquote.patch
@ -105,10 +105,6 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
# The submission will be very different from this patch as
# cleanup there is already in progress there.
Patch59: pem-compile-with-Werror.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1246499
Patch60: vfyserv-defined-but-not-used.patch
# Local: Upstream nss-3.23 has these fixed
Patch61: fix_warnings_treated_as_errors.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@ -173,7 +169,7 @@ Requires: nss-devel = %{version}-%{release}
Requires: nss-softokn-freebl-devel >= %{nss_softokn_version}
%description pkcs11-devel
Library files for developing PKCS #11 modules using basic NSS
Library files for developing PKCS #11 modules using basic NSS
low level services.
@ -199,10 +195,6 @@ popd
%patch55 -p1 -b .skip_stress_tls_rc4_128_with_md5
%patch58 -p0 -b .1185708_3des
%patch59 -p0 -b .compile_Werror
pushd nss
%patch60 -p1 -b .defined_not_used
%patch61 -p1 -b .fix_warnings
popd
#########################################################
# Higher-level libraries and test tools need access to
@ -337,7 +329,7 @@ popd
# Set up our package file
# The nspr_version and nss_{util|softokn}_version globals used
# here match the ones nss has for its Requires.
# here match the ones nss has for its Requires.
# Using the current %%{nss_softokn_version} for fedora again
%{__mkdir_p} ./dist/pkgconfig
%{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
@ -392,7 +384,7 @@ done
for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml; do
xmlto man ${m}
done
%check
if [ ${DISABLETEST:-0} -eq 1 ]; then
@ -486,9 +478,9 @@ fi
popd
# Normally, the grep exit status is 0 if selected lines are found and 1 otherwise,
# Grep exits with status greater than 1 if an error ocurred.
# If there are test failures we expect TEST_FAILURES > 0 and GREP_EXIT_STATUS = 0,
# With no test failures we expect TEST_FAILURES = 0 and GREP_EXIT_STATUS = 1, whereas
# Grep exits with status greater than 1 if an error ocurred.
# If there are test failures we expect TEST_FAILURES > 0 and GREP_EXIT_STATUS = 0,
# With no test failures we expect TEST_FAILURES = 0 and GREP_EXIT_STATUS = 1, whereas
# GREP_EXIT_STATUS > 1 would indicate an error in grep such as failure to find the log file.
killall $RANDSERV || :
@ -602,11 +594,11 @@ done
ln -r -s -f $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit
# Copy the man pages for scripts
for f in nss-config setup-nsssysinit; do
for f in nss-config setup-nsssysinit; do
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
done
# Copy the man pages for the nss tools
for f in "%{allTools}"; do
for f in "%{allTools}"; do
install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
done
%if %{defined rhel}
@ -616,11 +608,11 @@ install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_datadir}/doc/nss-tool
%endif
# Copy the man pages for the configuration files
for f in pkcs11.txt; do
for f in pkcs11.txt; do
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
done
# Copy the man pages for the nss databases
for f in cert8.db cert9.db key3.db key4.db secmod.db; do
for f in cert8.db cert9.db key3.db key4.db secmod.db; do
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
done
@ -831,6 +823,9 @@ fi
%changelog
* Sat Mar 05 2016 emaldona <emaldona@redhat.com> - 3.23.0-2
- Rebase to NSS 3.23
* Sat Feb 27 2016 Elio Maldonado <emaldona@redhat.com> - 3.22.2-2
- Rebase to NSS 3.22.2
@ -932,7 +927,7 @@ fi
- Backing out from disabling ssl2 until the patches are fixed
* Mon Feb 09 2015 Elio Maldonado <emaldona@redhat.com> - 3.17.4-2
- Disable SSL2 support at build time
- Disable SSL2 support at build time
- Fix syntax errors in various shell scripts
- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites
@ -1182,7 +1177,7 @@ fi
- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs
- Bug 872124 - nss-3.14 breaks fedpkg new-sources
- Fix should be considered preliminary since the patch may change upon upstream approval
* Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-7
- Add a dummy source file for testing /preventing fedpkg breakage
- Helps test the fedpkg new-sources and upload commands for breakage by nss updates
@ -1225,7 +1220,7 @@ fi
* Mon Aug 27 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.5-8
- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3
- Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load
- Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer
- Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer
- Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix
* Mon Aug 13 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.5-7
@ -1466,7 +1461,7 @@ fi
* Thu Sep 23 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8-1
- Update to 3.12.8
- Prevent disabling of nss-sysinit on package upgrade (#636787)
- Create pkcs11.txt with correct permissions regardless of umask (#636792)
- Create pkcs11.txt with correct permissions regardless of umask (#636792)
- Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801)
- Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)
@ -1726,7 +1721,7 @@ fi
- fix to not clone internal objects in collect_objects(). (501118)
- fix to not bypass initialization if module arguments are omitted. (501058)
- fix numerous gcc warnings. (500815)
- fix to support arbitrarily long password while loading a private key. (500180)
- fix to support arbitrarily long password while loading a private key. (500180)
- fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)
* Mon Jun 08 2009 Elio Maldonado <emaldona@redhat.com> - 3.12.3.99.3-4
- add patch for bug 502133 upstream bug 496997
@ -1854,7 +1849,7 @@ fi
* Fri Mar 02 2007 Kai Engert <kengert@redhat.com> - 3.11.5-2
- Fix rhbz#230545, failure to enable FIPS mode
- Fix rhbz#220542, make NSS more tolerant of resets when in the
- Fix rhbz#220542, make NSS more tolerant of resets when in the
middle of prompting for a user password.
* Sat Feb 24 2007 Kai Engert <kengert@redhat.com> - 3.11.5-1

24
renegotiate-transitional.patch
View File

@ -1,12 +1,12 @@
diff -up nss/lib/ssl/sslsock.c.transitional nss/lib/ssl/sslsock.c
--- nss/lib/ssl/sslsock.c.transitional 2013-05-30 22:10:54.882675807 -0700
+++ nss/lib/ssl/sslsock.c 2013-05-30 22:12:11.909260024 -0700
@@ -149,7 +149,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */
- 2, /* enableRenegotiation (default: requires extension) */
+ 3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */
PR_TRUE, /* cbcRandomIV */
diff -up ./nss/lib/ssl/sslsock.c.transitional ./nss/lib/ssl/sslsock.c
--- ./nss/lib/ssl/sslsock.c.transitional 2016-03-05 08:54:13.871412639 -0800
+++ ./nss/lib/ssl/sslsock.c 2016-03-05 09:00:27.721889811 -0800
@@ -77,7 +77,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */
- 2, /* enableRenegotiation (default: requires extension) */
+ 3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */
PR_TRUE, /* cbcRandomIV */

2
sources
View File

@ -4,4 +4,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
b8a94e863c852e1f8b75e930e76f8640 nss-pem-20140125.tar.bz2
c42c743b3e70b2912c77fb4129b0a12b nss-3.22.2.tar.gz
574488f97390085832299cc3b90814a8 nss-3.23.0.tar.gz

18
vfyserv-defined-but-not-used.patch
View File

@ -1,18 +0,0 @@
diff -up ./cmd/vfyserv/vfyserv.h.defined_not_used ./cmd/vfyserv/vfyserv.h
--- ./cmd/vfyserv/vfyserv.h.defined_not_used 2016-02-06 18:32:54.143216370 -0800
+++ ./cmd/vfyserv/vfyserv.h 2016-02-06 18:33:24.943636231 -0800
@@ -135,14 +135,4 @@ void lockedVars_WaitForDone(lockedVars *
int lockedVars_AddToCount(lockedVars *lv, int addend);
-/* Buffer stuff. */
-
-static const char stopCmd[] = { "GET /stop " };
-static const char defaultHeader[] = {
- "HTTP/1.0 200 OK\r\n"
- "Server: SSL sample server\r\n"
- "Content-type: text/plain\r\n"
- "\r\n"
-};
-
#endif