Update to NSS 3.40.1
This commit is contained in:
parent
66df6d2135
commit
fad8bd4953
|
@ -30,3 +30,4 @@ TestUser51.cert
|
||||||
/nss-3.37.3.tar.gz
|
/nss-3.37.3.tar.gz
|
||||||
/nss-3.38.0.tar.gz
|
/nss-3.38.0.tar.gz
|
||||||
/nss-3.39.tar.gz
|
/nss-3.39.tar.gz
|
||||||
|
/nss-3.40.1.tar.gz
|
||||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -1,79 +0,0 @@
|
||||||
# HG changeset patch
|
|
||||||
# User David Woodhouse <David.Woodhouse@intel.com>
|
|
||||||
# Date 1529655250 -7200
|
|
||||||
# Fri Jun 22 10:14:10 2018 +0200
|
|
||||||
# Node ID d99e54ca9b6df33025ee9a196b8b942428bbff91
|
|
||||||
# Parent 1a13c19d7fab53fd62786e05d6546a4abf66e48d
|
|
||||||
Bug 1296263 - Fix loading of PKCS#11 modules from system policy file, r=rrelyea
|
|
||||||
|
|
||||||
We currently load the policy file after calling
|
|
||||||
STAN_LoadDefaultNSS3TrustDomain(), which causes problems because any
|
|
||||||
tokens in the newly-added modules don't get initialised.
|
|
||||||
|
|
||||||
Move it up by a few lines and fix up the indentation while we're at it.
|
|
||||||
|
|
||||||
diff --git a/lib/nss/nssinit.c b/lib/nss/nssinit.c
|
|
||||||
--- a/lib/nss/nssinit.c
|
|
||||||
+++ b/lib/nss/nssinit.c
|
|
||||||
@@ -702,6 +702,30 @@ nss_Init(const char *configdir, const ch
|
|
||||||
if (SECOID_Init() != SECSuccess) {
|
|
||||||
goto loser;
|
|
||||||
}
|
|
||||||
+#ifdef POLICY_FILE
|
|
||||||
+ /* Load the system crypto policy file if it exists,
|
|
||||||
+ * unless the NSS_IGNORE_SYSTEM_POLICY environment
|
|
||||||
+ * variable has been set to 1. */
|
|
||||||
+ ignoreVar = PR_GetEnvSecure("NSS_IGNORE_SYSTEM_POLICY");
|
|
||||||
+ if (ignoreVar == NULL || strncmp(ignoreVar, "1", sizeof("1")) != 0) {
|
|
||||||
+ if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS) {
|
|
||||||
+ SECMODModule *module = SECMOD_LoadModule(
|
|
||||||
+ "name=\"Policy File\" "
|
|
||||||
+ "parameters=\"configdir='sql:" POLICY_PATH "' "
|
|
||||||
+ "secmod='" POLICY_FILE "' "
|
|
||||||
+ "flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" "
|
|
||||||
+ "NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"",
|
|
||||||
+ parent, PR_TRUE);
|
|
||||||
+ if (module) {
|
|
||||||
+ PRBool isLoaded = module->loaded;
|
|
||||||
+ SECMOD_DestroyModule(module);
|
|
||||||
+ if (!isLoaded) {
|
|
||||||
+ goto loser;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
if (STAN_LoadDefaultNSS3TrustDomain() != PR_SUCCESS) {
|
|
||||||
goto loser;
|
|
||||||
}
|
|
||||||
@@ -730,30 +754,6 @@ nss_Init(const char *configdir, const ch
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
-#ifdef POLICY_FILE
|
|
||||||
- /* Load the system crypto policy file if it exists,
|
|
||||||
- * unless the NSS_IGNORE_SYSTEM_POLICY environment
|
|
||||||
- * variable has been set to 1. */
|
|
||||||
- ignoreVar = PR_GetEnvSecure("NSS_IGNORE_SYSTEM_POLICY");
|
|
||||||
- if (ignoreVar == NULL || strncmp(ignoreVar, "1", sizeof("1")) != 0) {
|
|
||||||
- if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS) {
|
|
||||||
- SECMODModule *module = SECMOD_LoadModule(
|
|
||||||
- "name=\"Policy File\" "
|
|
||||||
- "parameters=\"configdir='sql:" POLICY_PATH "' "
|
|
||||||
- "secmod='" POLICY_FILE "' "
|
|
||||||
- "flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" "
|
|
||||||
- "NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"",
|
|
||||||
- parent, PR_TRUE);
|
|
||||||
- if (module) {
|
|
||||||
- PRBool isLoaded = module->loaded;
|
|
||||||
- SECMOD_DestroyModule(module);
|
|
||||||
- if (!isLoaded) {
|
|
||||||
- goto loser;
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
pk11sdr_Init();
|
|
||||||
cert_CreateSubjectKeyIDHashTable();
|
|
||||||
|
|
56
nss.spec
56
nss.spec
|
@ -1,5 +1,5 @@
|
||||||
%global nspr_version 4.20.0
|
%global nspr_version 4.20.0
|
||||||
%global nss_version 3.39.0
|
%global nss_version 3.40.1
|
||||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
||||||
%global saved_files_dir %{_libdir}/nss/saved
|
%global saved_files_dir %{_libdir}/nss/saved
|
||||||
|
@ -42,20 +42,12 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
||||||
string.gsub(rpm.expand("%nss_archive_version"), "%.", "_")))
|
string.gsub(rpm.expand("%nss_archive_version"), "%.", "_")))
|
||||||
}
|
}
|
||||||
|
|
||||||
# The upstream omits the trailing ".0", while we need it for
|
|
||||||
# consistency with the pkg-config version:
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1578106
|
|
||||||
%{lua:
|
|
||||||
rpm.define(string.format("nss_archive_version %s",
|
|
||||||
string.gsub(rpm.expand("%nss_version"), "(.*)%.0$", "%1")))
|
|
||||||
}
|
|
||||||
|
|
||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: %{nss_version}
|
Version: %{nss_version}
|
||||||
# for Rawhide, please always use release >= 2
|
# for Rawhide, please always use release >= 2
|
||||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||||
Release: 1.1%{?dist}
|
Release: 1.0%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Requires: nspr >= %{nspr_version}
|
Requires: nspr >= %{nspr_version}
|
||||||
|
@ -930,40 +922,60 @@ update-crypto-policies
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Nov 27 2018 Daiki Ueno <dueno@redhat.com> - 3.39.0-1.1
|
* Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-1.0
|
||||||
|
- Update to NSS 3.40.1
|
||||||
|
|
||||||
|
* Wed Nov 14 2018 Daiki Ueno <dueno@redhat.com> - 3.39.0-4
|
||||||
- Consolidate nss-util, nss-softokn, and nss into a single package
|
- Consolidate nss-util, nss-softokn, and nss into a single package
|
||||||
- Fix FTBFS with expired test certs
|
- Fix FTBFS with expired test certs
|
||||||
- Modernize spec file based on the suggestion from Robert-André Mauchin
|
- Modernize spec file based on the suggestion from Robert-André Mauchin
|
||||||
|
|
||||||
* Mon Sep 3 2018 Daiki Ueno <dueno@redhat.com> - 3.39.0-1.0
|
* Thu Sep 13 2018 Daiki Ueno <dueno@redhat.com> - 3.39.0-3
|
||||||
|
- Fix LDFLAGS injection
|
||||||
|
|
||||||
|
* Mon Sep 3 2018 Daiki Ueno <dueno@redhat.com> - 3.39.0-2
|
||||||
- Update to NSS 3.39
|
- Update to NSS 3.39
|
||||||
- Use the upstream tarball as it is (rhbz#1578106)
|
- Use the upstream tarball as it is (rhbz#1578106)
|
||||||
|
- Allow SSLKEYLOGFILE (rhbz#1620207)
|
||||||
|
|
||||||
* Tue Jul 3 2018 Daiki Ueno <dueno@redhat.com> - 3.38.0-1.0
|
* Fri Jul 20 2018 Kai Engert <kaie@redhat.com> - 3.38.0-4
|
||||||
|
- Backport upstream addition of nss-policy-check utility, rhbz#1428746
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.38.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 2 2018 Daiki Ueno <dueno@redhat.com> - 3.38.0-2
|
||||||
- Update to NSS 3.38
|
- Update to NSS 3.38
|
||||||
|
- Install crypto-policies configuration file for
|
||||||
|
https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules
|
||||||
|
- Use %%ldconfig_scriptlets
|
||||||
|
|
||||||
* Wed Jun 6 2018 Daiki Ueno <dueno@redhat.com> - 3.37.3-1.1
|
* Wed Jun 6 2018 Daiki Ueno <dueno@redhat.com> - 3.37.3-3
|
||||||
- Backport fix for handling DTLS application_data before handshake
|
- Backport fix for handling DTLS application_data before handshake
|
||||||
|
|
||||||
* Tue Jun 5 2018 Daiki Ueno <dueno@redhat.com> - 3.37.3-1.0
|
* Tue Jun 5 2018 Daiki Ueno <dueno@redhat.com> - 3.37.3-2
|
||||||
- Update to NSS 3.37.3
|
- Update to NSS 3.37.3
|
||||||
|
|
||||||
* Mon Jun 4 2018 Daiki Ueno <dueno@redhat.com> - 3.37.1-1.0
|
* Mon May 28 2018 Daiki Ueno <dueno@redhat.com> - 3.37.1-2
|
||||||
- Update to NSS 3.37.1
|
- Update to NSS 3.37.1
|
||||||
|
- Temporarily disable AlertBeforeServerHello test
|
||||||
|
|
||||||
* Wed May 02 2018 Kai Engert <kaie@redhat.com> - 3.36.1-1.1
|
* Wed May 02 2018 Kai Engert <kaie@redhat.com> - 3.36.1-3
|
||||||
- Upstream patch to keep nicknames stable on repeated certificate
|
- Upstream patch to keep nicknames stable on repeated certificate
|
||||||
import into SQL DB, mozbz#1458518
|
import into SQL DB, mozbz#1458518
|
||||||
|
|
||||||
* Wed Apr 11 2018 Daiki Ueno <dueno@redhat.com> - 3.36.1-1.0
|
* Wed Apr 11 2018 Daiki Ueno <dueno@redhat.com> - 3.36.1-2
|
||||||
- Update to NSS 3.36.1
|
- Update to NSS 3.36.1
|
||||||
- Remove nss-3.14.0.0-disble-ocsp-test.patch
|
|
||||||
- Fix partial injection of LDFLAGS
|
|
||||||
- Remove NSS_NO_PKCS11_BYPASS, which is no-op in upstream
|
|
||||||
|
|
||||||
* Fri Mar 9 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-1.0
|
* Mon Mar 12 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-3
|
||||||
|
- Remove nss-3.14.0.0-disble-ocsp-test.patch
|
||||||
|
- Remove obsolete Conflicts
|
||||||
|
- Fix partial injection of LDFLAGS
|
||||||
|
|
||||||
|
* Fri Mar 9 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-2
|
||||||
- Update to NSS 3.36.0
|
- Update to NSS 3.36.0
|
||||||
- Add gcc-c++ to BuildRequires (C++ is needed for gtests)
|
- Add gcc-c++ to BuildRequires (C++ is needed for gtests)
|
||||||
|
- Remove NSS_NO_PKCS11_BYPASS, which is no-op in upstream
|
||||||
- Make test failure detection robuster
|
- Make test failure detection robuster
|
||||||
|
|
||||||
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.35.0-5
|
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.35.0-5
|
||||||
|
|
4
sources
4
sources
|
@ -3,6 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
|
||||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||||
SHA512 (nss-3.39.tar.gz) = 16358c2d8660ca301410b1d39b2eae64fe2ebbbfab797872410e5fcc67f802ef48f4e362edeecb0591626c77013537019094a6a5dfc8d24487b6b6e54564da8f
|
SHA512 (nss-3.40.1.tar.gz) = 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
|
||||||
SHA512 (PayPalEE.cert) = 602518b8476b40dd241879923a36a433f3220eb28a8c4f7d941131def6e3d00b01d92050ab498e2a08763b02c3c4709855de0ee23a0053d26f4fa9f9f33aaad3
|
|
||||||
SHA512 (PayPalICA.cert) = 013795ebb3f13a1cbd5d9d82eef2f439852e461200f12df9790d0b1d63863dc7755af378ea4758f4c8a3a619dfd2d0d43a59da77553caed57611815d6263946b
|
|
||||||
|
|
Loading…
Reference in New Issue