- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75

2009-06-05 02:29:21 +00:00 · 2009-06-05 02:29:21 +00:00 · f66dc12e00
parent 903b1142c1
commit f66dc12e00
5 changed files with 6 additions and 61 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1,2 +1,2 @@
 nss-pem-20080124.tar.bz2
-nss-3.12.3-stripped.tar.bz2
+nss-3.12.3.99.3-stripped.tar.bz2
--- a/nss-disable-freebl-execstack.patch
+++ b/nss-disable-freebl-execstack.patch
@ -1,11 +0,0 @@
--- nss-3.12.2.99.3/mozilla/security/nss/lib/freebl/Makefile-save	2009-04-02 08:46:32.083530732 -0700
-+++ nss-3.12.2.99.3/mozilla/security/nss/lib/freebl/Makefile	2009-04-02 08:46:51.740542226 -0700
-@@ -133,7 +133,7 @@
- ifeq ($(OS_TARGET),Linux)
- ifeq ($(CPU_ARCH),x86_64)
-     ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
-    ASFLAGS += -march=opteron -m64 -fPIC
-+    ASFLAGS += -march=opteron -m64 -fPIC -Wa,--noexecstack
-     DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
-     DEFINES += -DNSS_USE_COMBA
-     DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
--- a/42
+++ b/42
@ -1,42 +0,0 @@
-diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.kernelfipsmode ./mozilla/security/nss/lib/freebl/nsslowhash.c
--- ./mozilla/security/nss/lib/freebl/nsslowhash.c.kernelfipsmode	2008-11-27 16:20:44.000000000 +0100
-+++ ./mozilla/security/nss/lib/freebl/nsslowhash.c	2009-04-14 22:58:19.000000000 +0200
-@@ -267,6 +267,27 @@ struct NSSLOWHASHContextStr {
-    
- };
- 
-+static int nsslow_GetFIPSEnabled(void) {
-+#ifdef LINUX
-+    FILE *f;
-+    char d;
-+    size_t size;
-+
-+    f = fopen("/proc/sys/crypto/fips_enabled", "r");
-+    if (!f)
-+        return 0;
-+
-+    size = fread(&d, 1, 1, f);
-+    fclose(f);
-+    if (size != 1)
-+        return 0;
-+    if (d != '1')
-+        return 0;
-+#endif
-+    return 1;
-+}
-+
-+
- static int post = 0;
- 
- static NSSLOWInitContext dummyContext = { 0 };
-@@ -284,7 +305,9 @@ NSSLOW_Init(void)
- 	
- 
-     if (!post) {
-	crv = freebl_fipsPowerUpSelfTest();
-+        crv = CKR_OK;
-+	if (nsslow_GetFIPSEnabled())
-+	    crv = freebl_fipsPowerUpSelfTest();
- 	if (crv != CKR_OK) {
- 	    return NULL;
- 	}
--- a/nss.spec
+++ b/nss.spec
@ -3,8 +3,8 @@

 Summary:          Network Security Services
 Name:             nss
-Version:          3.12.3
-Release:          4%{?dist}
+Version:          3.12.3.99.3
+Release:          1%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@ -35,8 +35,6 @@ Patch2:           nss-nolocalsql.patch
 Patch4:           nss-pem-bug483855.patch
 Patch5:           nss-pem-bug429175.patch
 Patch6:           nss-enable-pem.patch
-Patch7:           nss-disable-freebl-execstack.patch
-Patch8:           nss-freebl-kernelfipsmode

 %description
 Network Security Services (NSS) is a set of libraries designed to
@ -108,8 +106,6 @@ low level services.
 %patch4 -p0 -b .483855
 %patch5 -p0 -b .429175
 %patch6 -p0 -b .libpem
-%patch7 -p1
-%patch8 -p1


 %build
@ -477,6 +473,8 @@ done


 %changelog
+* Fri Jun 05 2009 Kai Engert <kaie@redhat.com> - 3.12.3.99.3-1
+- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75
 * Fri May 08 2009 Kai Engert <kaie@redhat.com> - 3.12.3-4
 - add conflicts info in order to fix bug 499436
 * Tue Apr 14 2009 Kai Engert <kaie@redhat.com> - 3.12.3-3
--- a/2
+++ b/2
@ -1,2 +1,2 @@
 084675e4f793ed82e1ba78f76745ada8  nss-pem-20080124.tar.bz2
-de43077b1fb888bccf155506ec12e40a  nss-3.12.3-stripped.tar.bz2
+bf79d625096067fed3511c0bc6c64c27  nss-3.12.3.99.3-stripped.tar.bz2