Update to NSS 3.41

This commit is contained in:
Daiki Ueno 2018-12-10 10:45:52 +01:00
parent 8be7f95db1
commit e557c2c2a1
7 changed files with 7 additions and 62 deletions

1
.gitignore vendored
View File

@ -31,3 +31,4 @@ TestUser51.cert
/nss-3.38.0.tar.gz /nss-3.38.0.tar.gz
/nss-3.39.tar.gz /nss-3.39.tar.gz
/nss-3.40.1.tar.gz /nss-3.40.1.tar.gz
/nss-3.41.tar.gz

Binary file not shown.

Binary file not shown.

View File

@ -1,29 +0,0 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1541595734 -3600
# Wed Nov 07 14:02:14 2018 +0100
# Node ID 19fd907784e38a5febb54588353368af91b12551
# Parent 3b79af0fa294b4b1c009c1c0b659bb72b4d2c1c8
Bug 1505317, update PayPal test certs
diff --git a/tests/chains/scenarios/realcerts.cfg b/tests/chains/scenarios/realcerts.cfg
--- a/tests/chains/scenarios/realcerts.cfg
+++ b/tests/chains/scenarios/realcerts.cfg
@@ -21,7 +21,7 @@ verify TestUser51:x
result pass
verify PayPalEE:x
- policy OID.2.16.840.1.114412.1.1
+ policy OID.2.16.840.1.114412.2.1
result pass
verify BrAirWaysBadSig:x
diff --git a/tests/libpkix/vfychain_test.lst b/tests/libpkix/vfychain_test.lst
--- a/tests/libpkix/vfychain_test.lst
+++ b/tests/libpkix/vfychain_test.lst
@@ -1,4 +1,4 @@
# Status | Leaf Cert | Policies | Others(undef)
0 TestUser50 undef
0 TestUser51 undef
-0 PayPalEE OID.2.16.840.1.114412.1.1
+0 PayPalEE OID.2.16.840.1.114412.2.1

View File

@ -1,5 +1,5 @@
%global nspr_version 4.20.0 %global nspr_version 4.20.0
%global nss_version 3.40.1 %global nss_version 3.41.0
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global saved_files_dir %{_libdir}/nss/saved %global saved_files_dir %{_libdir}/nss/saved
%global prelink_conf_dir %{_sysconfdir}/prelink.conf.d/ %global prelink_conf_dir %{_sysconfdir}/prelink.conf.d/
@ -44,7 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: %{nss_version} Version: %{nss_version}
Release: 3%{?dist} Release: 1%{?dist}
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Requires: nspr >= %{nspr_version} Requires: nspr >= %{nspr_version}
@ -94,15 +94,9 @@ Source25: key3.db.xml
Source26: key4.db.xml Source26: key4.db.xml
Source27: secmod.db.xml Source27: secmod.db.xml
Source28: nss-p11-kit.config Source28: nss-p11-kit.config
Source29: PayPalICA.cert
Source30: PayPalEE.cert
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
Patch2: nss-539183.patch Patch2: nss-539183.patch
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
Patch5: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1505317
Patch6: nss-tests-paypal-certs-v2.patch
%description %description
Network Security Services (NSS) is a set of libraries designed to Network Security Services (NSS) is a set of libraries designed to
@ -234,7 +228,6 @@ Header and library files for doing development with Network Security Services.
%setup -q -n %{name}-%{nss_archive_version} %setup -q -n %{name}-%{nss_archive_version}
pushd nss pushd nss
%autopatch -p1 %autopatch -p1
cp %{SOURCE29} %{SOURCE30} tests/libpkix/certs
popd popd
@ -854,6 +847,9 @@ update-crypto-policies
%changelog %changelog
* Mon Dec 10 2018 Daiki Ueno <dueno@redhat.com> - 3.41.0-1
- Update to NSS 3.41
* Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-3 * Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-3
- Switch to gyp buildsystem - Switch to gyp buildsystem
- Remove unnecessary patches - Remove unnecessary patches

View File

@ -1,23 +0,0 @@
--- nss/lib/ssl/ssl3con.c.1185708_3des 2016-06-23 21:10:09.765992512 -0400
+++ nss/lib/ssl/ssl3con.c 2016-06-23 22:58:39.121398601 -0400
@@ -118,18 +118,18 @@
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},

View File

@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
SHA512 (nss-3.40.1.tar.gz) = 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564 SHA512 (nss-3.41.tar.gz) = b5a43fe86ded664002fd714c493d9222a64539cd6139b64720625d1742fec5100712cbe401c90c79196e9cbad9ec07d9b4f0f517ce34e4b207beaa3e01c9e114