Rebase to NSS 3.81
This commit is contained in:
parent
624e780d59
commit
ebcf6b047e
1
.gitignore
vendored
1
.gitignore
vendored
@ -72,3 +72,4 @@ TestUser51.cert
|
||||
/nss-3.77.tar.gz
|
||||
/nss-3.79.tar.gz
|
||||
/nspr-4.34.tar.gz
|
||||
/nss-3.81.tar.gz
|
||||
|
23
nss-3.79-fix-client-cert-crash.patch
Normal file
23
nss-3.79-fix-client-cert-crash.patch
Normal file
@ -0,0 +1,23 @@
|
||||
diff --git a/lib/ssl/authcert.c b/lib/ssl/authcert.c
|
||||
--- a/lib/ssl/authcert.c
|
||||
+++ b/lib/ssl/authcert.c
|
||||
@@ -212,17 +212,17 @@ NSS_GetClientAuthData(void *arg,
|
||||
pw_arg);
|
||||
} else {
|
||||
int nnames = 0;
|
||||
char **names = ssl_DistNamesToStrings(caNames, &nnames);
|
||||
rv = CERT_FilterCertListByCANames(certList, nnames, names,
|
||||
certUsageSSLClient);
|
||||
ssl_FreeDistNamesStrings(names, nnames);
|
||||
}
|
||||
- if ((rv != SECSuccess) || CERT_LIST_EMPTY(certList)) {
|
||||
+ if ((rv != SECSuccess) || (certList && CERT_LIST_EMPTY(certList))) {
|
||||
CERT_DestroyCertList(certList);
|
||||
certList = NULL;
|
||||
}
|
||||
}
|
||||
if (certList == NULL) {
|
||||
/* no user certs meeting the nickname/usage requirements found */
|
||||
return SECFailure;
|
||||
}
|
||||
|
11
nss.spec
11
nss.spec
@ -1,5 +1,5 @@
|
||||
%global nspr_version 4.34.0
|
||||
%global nss_version 3.79.0
|
||||
%global nss_version 3.81.0
|
||||
# NOTE: To avoid NVR clashes of nspr* packages:
|
||||
# - reset %%{nspr_release} to 1, when updating %%{nspr_version}
|
||||
# - increment %%{nspr_version}, when updating the NSS part only
|
||||
@ -7,7 +7,7 @@
|
||||
%global nss_release %baserelease
|
||||
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
|
||||
# release number between nss and nspr are different.
|
||||
%global nspr_release %baserelease
|
||||
%global nspr_release [%baserelease+1]
|
||||
# only need to update this as we added new
|
||||
# algorithms under nss policy control
|
||||
%global crypto_policies_version 20210118
|
||||
@ -131,6 +131,9 @@ Patch12: nss-signtool-format.patch
|
||||
# fedora disabled dbm by default
|
||||
Patch40: nss-no-dbm-man-page.patch
|
||||
|
||||
# upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=1774654
|
||||
Patch50: nss-3.79-fix-client-cert-crash.patch
|
||||
|
||||
Patch100: nspr-config-pc.patch
|
||||
Patch101: nspr-gcc-atomics.patch
|
||||
|
||||
@ -1087,6 +1090,10 @@ update-crypto-policies &> /dev/null || :
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Jun 21 2022 Bob Relyea <rrelyea@redhat.com> - 3.81.0-1
|
||||
- udpate to NSS 3.81
|
||||
- Fix crash when getting client cert and there is none in the database.
|
||||
|
||||
* Tue May 31 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-1
|
||||
- Update to NSS 3.79
|
||||
- Update to NSPR 4.34
|
||||
|
2
sources
2
sources
@ -1,4 +1,4 @@
|
||||
SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
|
||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||
SHA512 (nspr-4.34.tar.gz) = 4cfac886c14cf7df4c4b79fa1c3bc92e1b14260c9c3018fa2562060d62fecb4e66c0b4e8f7edf4f4823def784a919d99dde88a89674f0cd8a644310b0569ead4
|
||||
SHA512 (nss-3.79.tar.gz) = d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
|
||||
SHA512 (nss-3.81.tar.gz) = 206faa29ff9fc9c70f85cbb86690b55bd11003a1a5b1d49f5f3731fdd1221690f957a17d912ee5272505afb938968327f4532ae8f5d2d77e6e13370768229747
|
||||
|
Loading…
Reference in New Issue
Block a user