Compare commits

..

3 Commits

Author SHA1 Message Date
b5fb493e33
Merge remote-tracking branch 'up/f38' into f38-riscv64
Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
2023-04-24 16:04:49 +03:00
Frantisek Krenzelok
5dbb40f005
Update NSS to 3.89.0 & remove unused patch
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
2023-03-11 10:09:16 +01:00
Bob Relyea
cf4b0540c9 Resolves: rhbz#2176392
CVE-2023-0767 nss: Mozilla: Arbitrary memory write via PKCS 12 in NSS
by rebasing to nss 3.88.1, which is already released in f37, f36, and
rawhide.
2023-03-08 15:21:28 -08:00
4 changed files with 13 additions and 32 deletions

2
.gitignore vendored
View File

@ -77,3 +77,5 @@ TestUser51.cert
/nspr-4.35.tar.gz /nspr-4.35.tar.gz
/nss-3.85.tar.gz /nss-3.85.tar.gz
/nss-3.87.tar.gz /nss-3.87.tar.gz
/nss-3.88.1.tar.gz
/nss-3.89.tar.gz

View File

@ -1,24 +0,0 @@
diff -up ./lib/ssl/ssl3exthandle.c.rebuild_errors ./lib/ssl/ssl3exthandle.c
--- ./lib/ssl/ssl3exthandle.c.rebuild_errors 2023-01-24 09:26:36.520183263 -0800
+++ ./lib/ssl/ssl3exthandle.c 2023-01-24 09:27:07.715379228 -0800
@@ -201,7 +201,7 @@ ssl3_FreeSniNameArray(TLSExtensionData *
* Clients sends a filled in session ticket if one is available, and otherwise
* sends an empty ticket. Servers always send empty tickets.
*/
-PRInt32
+SECStatus
ssl3_ClientSendSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData,
sslBuffer *buf, PRBool *added)
{
diff -up ./lib/ssl/sslsnce.c.rebuild_errors ./lib/ssl/sslsnce.c
--- ./lib/ssl/sslsnce.c.rebuild_errors 2023-01-24 09:44:52.714977837 -0800
+++ ./lib/ssl/sslsnce.c 2023-01-24 09:46:20.993510435 -0800
@@ -1820,7 +1820,7 @@ ssl_GetSelfEncryptKeyPair(SECKEYPublicKe
return SECSuccess;
}
-static PRBool
+static SECStatus
ssl_GenerateSelfEncryptKeys(void *pwArg, PRUint8 *keyName,
PK11SymKey **aesKey, PK11SymKey **macKey);

View File

@ -1,13 +1,13 @@
%global nspr_version 4.35.0 %global nspr_version 4.35.0
%global nss_version 3.87.0 %global nss_version 3.89.0
# NOTE: To avoid NVR clashes of nspr* packages: # NOTE: To avoid NVR clashes of nspr* packages:
# - reset %%{nspr_release} to 1, when updating %%{nspr_version} # - reset %%{nspr_release} to 1, when updating %%{nspr_version}
# - increment %%{nspr_version}, when updating the NSS part only # - increment %%{nspr_version}, when updating the NSS part only
%global baserelease 2 %global baserelease 1
%global nss_release %baserelease %global nss_release %baserelease
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
# release number between nss and nspr are different. # release number between nss and nspr are different.
%global nspr_release %[%baserelease+2] %global nspr_release %[%baserelease+4]
# only need to update this as we added new # only need to update this as we added new
# algorithms under nss policy control # algorithms under nss policy control
%global crypto_policies_version 20210118 %global crypto_policies_version 20210118
@ -138,9 +138,6 @@ Patch40: nss-no-dbm-man-page.patch
# https://bugzilla.mozilla.org/show_bug.cgi?id=1774659 # https://bugzilla.mozilla.org/show_bug.cgi?id=1774659
Patch51: nss-3.79-dbtool.patch Patch51: nss-3.79-dbtool.patch
# fix rebuilds error
Patch52: nss-3.85-fedora-rebuild-errors.patch
Patch100: nspr-config-pc.patch Patch100: nspr-config-pc.patch
Patch101: nspr-gcc-atomics.patch Patch101: nspr-gcc-atomics.patch
@ -1098,9 +1095,15 @@ update-crypto-policies &> /dev/null || :
%changelog %changelog
* Wed Mar 1 2023 David Abdurachmanov <davidlt@rivosinc.com> - 3.87.0-2.0.riscv64 * Mon Apr 24 2023 David Abdurachmanov <davidlt@rivosinc.com> - 3.89.0-1.0.riscv64
- Disable tests on riscv64 - Disable tests on riscv64
* Fri Mar 10 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.89.0-1
- Update NSS to 3.89.0
* Fri Feb 10 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.88.1-1
- Update NSS to 3.88.1
* Tue Jan 24 2023 Bob Relyea - 3.87.0-2 * Tue Jan 24 2023 Bob Relyea - 3.87.0-2
- Fix rebuild errors - Fix rebuild errors

View File

@ -1,4 +1,4 @@
SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06 SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
SHA512 (nspr-4.35.tar.gz) = 502815833116e25f79ddf71d1526484908aa92fbc55f8a892729cb404a4daafcc0470a89854cd080d2d20299fdb7d9662507c5362c7ae661cbacf308ac56ef7f SHA512 (nspr-4.35.tar.gz) = 502815833116e25f79ddf71d1526484908aa92fbc55f8a892729cb404a4daafcc0470a89854cd080d2d20299fdb7d9662507c5362c7ae661cbacf308ac56ef7f
SHA512 (nss-3.87.tar.gz) = 4ec7b94e537df109638b821f3a7e3b7bf31d89c3739a6e4c85cad4fab876390ae482971d6f66198818400f467661e86f39dc1d2a4a88077fd81e3a0b7ed64110 SHA512 (nss-3.89.tar.gz) = 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82