Commit Graph

435 Commits

Author SHA1 Message Date
Elio Maldonado
1c902d0023 Fix the version of nss-pem source tar ball to use 2013-08-27 21:17:53 -07:00
Elio Maldonado
2c648570aa Update pem sources to the latest from interim upstream 2013-08-27 21:08:54 -07:00
Elio Maldonado
b4e6e308a6 Resolves: rhbz#996639 - Minor bugs in nss man pages
- Fix some typos and improve description and see also sections
2013-08-19 11:56:32 -07:00
Elio Maldonado
5761e30a94 Cleanup spec file to address most rpmlint errors and warnings
- Using double percent symbols to fix macro-in-comment warnings
- Ignore unversioned-explicit-provides nss-system-init per spec comments
- Ignore invalid-url Source0 as it comes from the git lookaside cache
- Ignore invalid-url Source12 as it comes from the git lookaside cache
2013-08-11 12:16:20 -07:00
Elio Maldonado
3888f3b230 Add man page for pkcs11.txt configuration file and cert and key databases
- Resolves: rhbz#985114 - Provide man pages for the nss configuration files
2013-07-25 14:21:44 -07:00
Elio Maldonado
8ae46fa97f Fix errors in the man pages
- Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util
- Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit
2013-07-19 10:42:57 -07:00
Elio Maldonado
fdb9637677 Fix nss-3.14.0.0-disble-ocsp-test.patch
- it was disabling the wrong test, dsa instead of ocsp
2013-07-02 16:15:12 -07:00
Elio Maldonado
cf4a750103 Update to NSS_3_15_1_RTM
- Enable the iquote.patch to access newly introduced types
- New types and constants added to sslprot.h, sslerr.h, and sslt.h require thhe in-tree headers to be picked up first
2013-07-02 15:15:25 -07:00
Elio Maldonado
8943f1ad54 Update to NSS_3_15_RTM 2013-07-02 13:44:44 -07:00
Elio Maldonado
efdced7007 Revert "Reenable patches required for compatibility on stable fedora branches"
This reverts commit 65efb2c2f3.
That commit wasn't untended for this branch
2013-06-23 19:39:13 -07:00
Elio Maldonado
65efb2c2f3 Reenable patches required for compatibility on stable fedora branches
- Reenable nss-ssl-enforce-no-pkcs11-bypass.path
- Renable nss-ssl-cbc-random-iv-off-by-default.patch
2013-06-23 19:00:21 -07:00
Elio Maldonado
b8273ce04c Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts
- Resolves: rhbz#606020 - nss security tools lack man pages
2013-06-19 20:32:27 -07:00
Elio Maldonado
e36079dd45 Build nss without softoken or util sources in the tree
- Resolves: rhbz#689918
2013-06-18 17:45:38 -07:00
Elio Maldonado
41e94360c9 Update ssl-cbc-random-iv-by-default.patch
- Added a missing comma
2013-06-17 16:23:06 -07:00
Elio Maldonado
2f66633263 Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config
- These were blank in nss-config causing build failures on client paclages
- Reported by Martin Stransky when a xulrunner build failed
2013-06-16 10:07:11 -07:00
Elio Maldonado
f6ec57311f Update to NSS_3_15_RTM 2013-06-15 12:48:12 -07:00
Elio Maldonado
2249db62a6 Fix incorrect path that hid failed test from view
- Add ocsp to the test suites to run but ...
- Temporarily disable the ocsp stapling tests
- Do not treat failed attempts at ssl pkcs11 bypass as fatal errors
2013-04-24 18:46:52 -07:00
Elio Maldonado
30056fd35c Update nss-pem-20130405.tar.bz2 to the git lookaside cache 2013-04-09 16:22:42 -07:00
Elio Maldonado
2a8c1318ea Update to NSS_3_15_BETA1
- Update spec file, patches, and helper scripts on account of a shallower source tree
- Update the pem sources also to adjust to the sallower source for nss
2013-04-09 16:14:36 -07:00
Kai Engert
59b5d52d9e * Sun Mar 24 2013 Kai Engert <kaie@redhat.com> - 3.14.3-12
- Update expired test certificates (fixed in upstream bug 852781)
2013-03-24 00:28:39 +01:00
Kai Engert
21e8668243 * Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 3.14.3-10
- Fix incorrect post/postun scripts. Fix broken links in posttrans.
2013-03-08 23:34:55 +01:00
Kai Engert
7b5d7ea05f * Wed Mar 06 2013 Kai Engert <kaie@redhat.com> - 3.14.3-9
- Configure libnssckbi.so to use the alternatives system
  in order to prepare for a drop in replacement.
2013-03-06 00:49:27 +01:00
Elio Maldonado
b03345792c Update to NSS_3_14_3_RTM
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails,
  patch contributed by Nalin Dahyabhai
2013-02-17 20:02:37 -08:00
Elio Maldonado
0370142fd0 Add pem module fix, spec file support for AArch64 and document additional fix
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output, upstream fix
2013-02-16 15:02:25 -08:00
Elio Maldonado
b3f05b9f44 Update to NSS_3_14_3_RTM
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- these changes are in experimental RSA OAEP code currently in a state of flux
- and required for the PEM module to compile with the nss 3.4.3 update
2013-02-15 15:34:49 -08:00
Elio Maldonado
96957e805a Allow building nss softoken against older sqlite
- Adding a patch already applied upstream by Kai Engert
2013-02-04 15:12:54 -08:00
Elio Maldonado
7a7f48e712 Reenable patch to run the freebl tests that were ron as part of the nss-softokn build
- continue turning off the ocsp tests
2013-02-01 13:39:03 -08:00
Elio Maldonado
830ee96f85 Update to NSS_3_14_2_RTM
- Update the minimum requred versiobs of nspr, nss-util, and nss-softokn
- Remove patch obsoleted by the update and update others
- Restore missing second half of the cbc random iv by default patch
- Restore the freebl tests patch until we build without nsssoftoken
2013-02-01 11:24:15 -08:00
Kai Engert
ca00551ea7 - Update to NSS_3_14_1_WITH_CKBI_1_93_RTM 2013-01-03 19:17:24 +01:00
Elio Maldonado
b13dc44579 Require nspr >= 4.9.4
- Fix changelog invalid dates
- Patch highlights nss-softoken tests we plan to disable in upcoming release
2012-12-22 17:50:41 -08:00
Elio Maldonado
5a0d6572e1 Update to NSS_3_14_1_RTM
- added a patch to not compile the softoken/freebl tests
- needed due to upstream changes to coreconf
- to be addjusted or removed if patch to enabled building nss without softoken is accepted upstream
2012-12-16 22:25:51 -08:00
Elio Maldonado
edea054ffc Bug 879978 - Install the nssck.api header template where mod_revocator can access it
- Install nssck.api in /usr/includes/nss3/templates, otherwise it won't install
2012-12-11 21:26:58 -08:00
Elio Maldonado
765b3c410b Fix the patch turn the dault as intended
- Remove a pprtion that is actually applied already
- Current one gives the desired results but must invertigate further why the sencnd hunk is already applied.
2012-11-28 12:52:53 -08:00
Elio Maldonado
461744f676 Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it
- Install nssck.api in /usr/includes/nss3
2012-11-27 21:55:17 -08:00
Elio Maldonado
4e9cb6d944 Cleanup the file paths as it was done on the f18 version 2012-11-20 12:10:58 -08:00
Elio Maldonado
e45858c07c Keep the patch as it was approved with only the recommended changes.
- Revert back to using szOID_KP_CTL_USAGE_SIGNING instead of SEC_OID_KP_CTL_USAGE_SIGNING
- This is our temporary local private name and what makes this code work even after we rebase
- and pick up the upstream changes. Of course, this patch will be removed when that happens.
2012-11-20 09:42:53 -08:00
Elio Maldonado Batiz
6e1a26a079 Resolves: rhbz#870864 - Add support in NSS for Secure Boot 2012-11-19 21:45:58 -08:00
Elio Maldonado
19ad65d608 Disable bypass code at build time and return failure on attempts to enable at runtime
- Bug 806588 - Disable SSL PKCS #11 bypass at build time
2012-11-09 17:20:07 -08:00
Elio Maldonado
fef81756fd Rename the patch to reflect the correct bug number
- Renamed: Bug-872838-fix-pk11wrap-locking.patch -> Bug-872124-fix-pk11wrap-locking.patch
- Fixed the reference in spec file

Please enter the commit message for your changes. Lines starting
2012-11-04 22:00:38 -08:00
Elio Maldonado
b5d7c8e158 Fix the last changelog entry and quote the correct bug number. 2012-11-04 17:07:18 -08:00
Elio Maldonado
247ec13766 Fix pk11wrap locking to fix 'fedpkg new-sources' and 'fedpkg update' hangs
- Bug 87838 - nss-3.14 causes fedpkg new-sources breakage
- Fix should be considered preliminary since the patch may change upon upstream approval
2012-11-04 15:44:01 -08:00
Elio Maldonado
fdff72cd4e Merge branch 'master' of ssh://pkgs.fedoraproject.org/nss
- My local copy is behind by one commi after doing a reset on user
2012-11-04 15:32:56 -08:00
Elio Maldonado
f2639d5e85 Fix the change log by adding a missing entry
- Add missing - * Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5
2012-11-04 15:31:50 -08:00
Elio Maldonado
b89655218d Fix the change log by adding a missing entry
- Add missing - * Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5
2012-11-04 15:15:16 -08:00
Elio Maldonado
93eeb31cf1 Add a dummy source file for testing /preventing fedpkg breakage
- Helps test the fedpkg new-sources and upload commands for breakage by nss updates
- Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources
2012-11-01 16:07:26 -07:00
Elio Maldonado
e4dd1babb0 Fix a previous unwanted merge from f18
- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while
- Keeping the patch disabled while we are still in rawhide and
- State in comment that patch is needed for both stable and beta branches
- Update .gitignore to download only the new sources
2012-11-01 11:36:35 -07:00
Elio Maldonado
edf5ff0634 Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default
- Bug 872124 - nss 3.14 breaks fedpkg new-sources
2012-11-01 09:29:38 -07:00
Elio Maldonado
c2e20984e1 Fix the spec file so sechash.h gets installed
- Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14
2012-10-31 14:05:29 -07:00
Elio Maldonado
192d1d33fb Update the license to MPLv2.0 2012-10-27 01:58:29 -04:00
Elio Maldonado
3be7379237 Use only -f when removing unwanted headers
- alerted to this flaw by Kamil Dudka
- unneeded as we are only removing headers, not directories, and a dangerous practice
2012-10-24 11:13:25 -07:00