Compare commits

..

374 Commits
f14 ... master

Author SHA1 Message Date
Bob Relyea
614f823eb3 Delay new CK_GCM_PARAMS semantics until fedora 34 unless explicitly enabled. 2020-05-13 16:02:36 -07:00
Daiki Ueno
26f93fa193 Restore nss-kremlin-ppc64le.patch 2020-05-11 18:38:26 +02:00
Daiki Ueno
047dc3ed4e Update to NSS 3.52 2020-05-11 18:21:55 +02:00
Daiki Ueno
fc0174ead1 Temporarily revert DBM disablement for kernel build failure (#1827902) 2020-04-25 17:16:02 +02:00
Daiki Ueno
3c018618ca Fix the last change 2020-04-20 15:57:28 +02:00
Daiki Ueno
65271d923d Enable conditional builds on DBM 2020-04-20 14:47:27 +02:00
Daiki Ueno
9ae0f0b9e1 Update to NSS 3.51.1
Also disable building DBM backend
2020-04-20 14:24:47 +02:00
Daiki Ueno
2b122e4485 Update to NSS 3.51 2020-04-07 11:18:10 +02:00
Tom Stellard
507a1cebf0 Use __make macro to invoke make
Using the %__make macro makes it possible for an alternative buildroot
to inject its own flags into the make invocation.  This makes it easier
to do trial rebuilds of fedora using different compilers or different
compiler flags.
2020-03-27 15:39:49 +00:00
Daiki Ueno
7f30e21d0f Apply CMAC fixes from upstream 2020-03-05 09:57:34 +01:00
Daiki Ueno
aa7d80b11e Fix build with s390x, due to bundled kremlin source 2020-03-03 16:16:52 +01:00
Daiki Ueno
f512836b78 Fix build on ppc64le, due to bundled kremlin source 2020-02-17 14:30:50 +01:00
Daiki Ueno
58ca69fcaf Update to NSS 3.50 2020-02-17 13:46:37 +01:00
Daiki Ueno
bd89f2ce5c Fix build with gcc 10 2020-02-14 14:28:21 +01:00
Daiki Ueno
9e1e74ca17 Ignore false-positive compiler warnings with gcc 10 2020-02-14 12:07:57 +01:00
Daiki Ueno
37c40ebd3d Update nss-libpkix-maybe-uninitialized.patch 2020-02-14 11:42:12 +01:00
Daiki Ueno
656c979c95 Suppress compiler warning (treated as fatal) in libpkix 2020-02-14 10:48:31 +01:00
Fedora Release Engineering
0b17c92d39 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-29 19:15:25 +00:00
Daiki Ueno
3c27dc2471 Revert "pass %{_smp_mflags} to make to speed up the build"
This reverts commit 6e689ce0cb.

This still has a race condition and causes the build fail.
2020-01-27 11:07:50 +01:00
Daiki Ueno
36505c331d Update to NSS 3.49.2 2020-01-27 10:24:30 +01:00
Kamil Dudka
6e689ce0cb pass %{_smp_mflags} to make to speed up the build
I tried an uncached build of nss on Fedora 30 VM with 8 CPU cores
and the build time was reduced with this patch from 540 s to 250 s
of wall-clock time.
2020-01-24 11:17:23 +01:00
Daiki Ueno
703a4f9a95 Remove leftover debug command in %build 2020-01-11 09:02:36 +01:00
Daiki Ueno
1e2f8acd14 Fix build on armv7hl with the patch proposed in upstream 2020-01-10 17:26:33 +01:00
Daiki Ueno
74b268dbd9 Update to NSS 3.49 2020-01-10 10:35:28 +01:00
Daiki Ueno
541296170e Update to NSS 3.48 2020-01-03 10:59:30 +01:00
Daiki Ueno
f3ad534c37 Update nss-3.47-certdb-temp-cert.patch 2019-12-04 10:20:43 +01:00
Daiki Ueno
a8a8d020bf Update nss-3.47-certdb-temp-cert.patch to avoid setting empty trust value 2019-12-03 15:51:55 +01:00
Daiki Ueno
704f2e22d6 Update nss-3.47-certdb-temp-cert.patch to the final version 2019-12-03 09:31:24 +01:00
Daiki Ueno
4f639ad73c Fix intermittent SEC_ERROR_UNKNOWN_ISSUER (#1752303, #1648617) 2019-11-28 16:13:41 +01:00
Daiki Ueno
8c9ed11be4 Update to NSS 3.47.1 2019-11-22 18:01:14 +01:00
Bob Relyea
115989f50d Correct change log error so it doesn't propogate to the next patch 2019-11-06 09:16:51 -08:00
Bob Relyea
2ec4745f30 Resolves: rhbz#1768652
NSS softoken does not include CKM_NSS_IKE1_APP_B_PRF_DERIVE in it's mechanism list, causing libreswan to crash.
2019-11-04 13:51:40 -08:00
Daiki Ueno
626f1941fd Install cmac.h required by blapi.h (#1764513) 2019-10-23 10:44:14 +02:00
Daiki Ueno
16706fe38d Update to NSS 3.47 2019-10-22 15:22:45 +02:00
Daiki Ueno
d86af7693a Update to NSS 3.46.1 2019-10-21 13:39:30 +02:00
Daiki Ueno
fa84af3e06 Require NSPR 4.22 2019-09-04 06:31:23 +02:00
Daiki Ueno
2f14d11d0d Update to NSS 3.46 2019-09-03 09:42:24 +02:00
Daiki Ueno
3f3c20ae17 Update to NSS 3.45 2019-08-29 15:38:15 +02:00
Fedora Release Engineering
326f5d0c9a - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 22:36:13 +00:00
Daiki Ueno
c5b7db61f4 Fix CAVS testdir creation 2019-07-03 15:59:50 +02:00
Daiki Ueno
7b734a0c80 Restore files removed by the previous commit 2019-07-02 12:57:50 +02:00
Daiki Ueno
c7e445694f Update to NSS 3.44.1 2019-07-02 12:55:10 +02:00
Daiki Ueno
3ea5d2fb0e Skip TLS 1.3 tests under FIPS mode 2019-05-20 11:09:19 +02:00
Daiki Ueno
4567b678cc Update to NSS 3.44 2019-05-17 13:03:12 +02:00
Daiki Ueno
141e716639 Fix PKCS#11 module leak if C_GetSlotInfo() failed 2019-05-06 18:33:40 +02:00
Elio Maldonado
5deb5dd362 Update nspr_version to 4.21.0 and remove obsolete comment 2019-03-26 08:25:09 -07:00
Daiki Ueno
d3f6891026 Update to NSS 3.43 2019-03-21 10:33:02 +01:00
Daiki Ueno
df8d75ac51 Update to NSS 3.42.1 2019-02-11 13:01:36 +01:00
Daiki Ueno
b3b17b08a0 Update to NSS 3.42 2019-02-08 11:31:29 +01:00
Daiki Ueno
455711f1df Simplify test failure detection in %check
There is the same logic in the upstream script:
https://hg.mozilla.org/projects/nss/file/tip/tests/common/cleanup.sh#l56
2019-02-08 10:59:35 +01:00
Fedora Release Engineering
0e03f768ab - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-01 16:32:50 +00:00
Daiki Ueno
e5e5a75933 Rebuild with recent changes
- Remove prelink.conf as prelink was removed in F24, suggested by
  Harald Reindl
- Use quilt for %%autopatch
- Make sysinit require arch-dependent nss, suggested by Igor Gnatenko
- Silence %%post/%%postun scriptlets, suggested by Ian Collier
2019-01-11 11:53:52 +01:00
Daiki Ueno
431c940fc5 Silence %post/%postun scriptlets
Suggested by Ian Collier in:
https://bugzilla.redhat.com/show_bug.cgi?id=1665053
2019-01-11 10:05:53 +01:00
Daiki Ueno
41b9b6b6a1 Make nss-sysinit require arch-specific nss package
Suggested by Igor Gnatenko in:
https://bugzilla.redhat.com/show_bug.cgi?id=1663136
2019-01-09 13:08:49 +01:00
Daiki Ueno
f572eae5ce Use quilt for %autopatch 2018-12-19 16:28:50 +01:00
Daiki Ueno
b250b65666 Remove prelink.conf as prelink was removed in F24
Suggested by Harald Reindl in:
https://bugzilla.redhat.com/show_bug.cgi?id=1659674
2018-12-18 16:22:25 +01:00
Daiki Ueno
5221baae09 Fix the last commit 2018-12-10 16:17:16 +01:00
Daiki Ueno
cab16c0490 Revert "Switch to gyp buildsystem"
It turned out that libpkix cannot be enabled in gyp build.

This reverts commit 390eaefc52.
2018-12-10 15:36:58 +01:00
Daiki Ueno
af46412ffe Partially revert 7bdb9fac17 2018-12-10 12:49:17 +01:00
Daiki Ueno
e557c2c2a1 Update to NSS 3.41 2018-12-10 10:45:52 +01:00
Daiki Ueno
8be7f95db1 Stop using the custom versioning scheme 2018-12-10 10:39:33 +01:00
Daiki Ueno
7bdb9fac17 Minor cleanup of spec
- expand %%allTools as it is used only once
- remove unnecessary pushd/popd
2018-12-10 10:39:14 +01:00
Daiki Ueno
71d6df3266 Use %%autopatch 2018-12-06 13:51:04 +01:00
Daiki Ueno
390eaefc52 Switch to gyp buildsystem 2018-12-06 13:48:33 +01:00
Daiki Ueno
4b42d21883 Remove unnecessary patches 2018-12-06 10:23:36 +01:00
Daiki Ueno
ec4d144b47 Update to NSS 3.40.1 2018-12-06 10:12:42 +01:00
Daiki Ueno
705e2b3229 Fix Source0 URL 2018-11-27 14:56:16 +01:00
Daiki Ueno
26c062714a Modernize spec file
Suggested by Robert-André Mauchin in:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/3JTN2YN3HM47UKSVTSANB4MO4UJDJPF5/
2018-11-19 15:47:27 +01:00
Daiki Ueno
c29d479b7f Consolidate nss-util, nss-softokn, and nss into a single package 2018-11-14 10:00:13 +01:00
Daiki Ueno
18c140b4c2 Fix FTBFS with expired test certs 2018-11-14 09:58:06 +01:00
Daiki Ueno
bdf4e9ddaf Fix LDFLAGS injection when creating DSO 2018-09-13 16:15:14 +02:00
Daiki Ueno
93c1de8b0d Allow SSLKEYLOGFILE 2018-09-03 14:00:45 +02:00
Daiki Ueno
db341dd2e0 Update to NSS 3.39 2018-09-03 13:55:21 +02:00
Kai Engert
89b8b47d46 Backport upstream addition of nss-policy-check utility, rhbz#1428746 2018-07-20 16:09:32 +02:00
Fedora Release Engineering
e4c3da9da7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 14:31:25 +00:00
Jason Tibbitts
137780ff5d Remove needless use of %defattr 2018-07-10 02:12:27 -05:00
Daiki Ueno
6f4f615c05 Install crypto-policies configuration file for p11-kit-proxy 2018-07-03 13:31:49 +02:00
Daiki Ueno
2b3aa61f20 Update to NSS 3.38 2018-07-02 16:10:47 +02:00
Daiki Ueno
3b822a7262 Backport fix for handling DTLS application_data before handshake 2018-06-06 11:18:51 +02:00
Daiki Ueno
8d5d06f814 Drop more tests failing intermittently 2018-06-06 10:17:29 +02:00
Daiki Ueno
26f23aeeb6 Disable tests failing intermittently 2018-06-05 16:40:58 +02:00
Daiki Ueno
dfa19ec931 Update to NSS 3.37.3 2018-06-05 13:52:07 +02:00
Daiki Ueno
e874285f92 Temporarily disable AlertBeforeServerHello test on all archtectures 2018-06-04 09:46:39 +02:00
Daiki Ueno
abfbe95c8d Temporarily disable AlertBeforeServerHello test on s390x and aarch64 2018-06-01 17:13:57 +02:00
Daiki Ueno
e42c9742c4 Update to NSS 3.37.1 2018-05-28 17:25:42 +02:00
Kai Engert
93dca340cd add missing file nss-moz1458518.patch 2018-05-02 16:08:29 +02:00
Kai Engert
a24d6b1353 Upstream patch to keep nicknames stable on repeated certificate import into SQL DB, mozbz#1458518 2018-05-02 16:01:40 +02:00
Daiki Ueno
418745fdce Update to NSS 3.36.1 2018-04-11 12:41:21 +02:00
Daiki Ueno
03874d1272 Fix partial injection of LDFLAGS 2018-03-12 15:20:53 +01:00
Daiki Ueno
2007524db8 Remove obsolete Conflicts 2018-03-12 15:04:04 +01:00
Daiki Ueno
67567fd852 Remove nss-3.14.0.0-disble-ocsp-test.patch 2018-03-12 15:03:33 +01:00
Daiki Ueno
2eadf22a1d Make test failure detection robuster 2018-03-09 15:38:51 +01:00
Daiki Ueno
3edcb8bd09 Update to NSS 3.36.0 2018-03-09 13:59:41 +01:00
Igor Gnatenko
b33603605a
Remove %clean section
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 09:16:55 +01:00
Igor Gnatenko
7504d3f5b2 Remove BuildRoot definition
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-13 23:55:40 +01:00
Fedora Release Engineering
51a16f5968 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-08 08:28:30 +00:00
Kai Engert
1689d12cbb Set NSS_FORCE_FIPS=1 at %%build time, and remove from %%check. 2018-02-01 14:26:39 +01:00
Kai Engert
0a70bce56d Fix a compiler error with gcc 8, mozbz#1434070 2018-01-29 22:58:11 +01:00
Kai Engert
ccf407af47 Stop pulling in nss-pem automatically, packages that need it should depend on it, rhbz#1539401 2018-01-29 19:03:50 +01:00
Daiki Ueno
08f152ebf9 Update to NSS 3.35.0 2018-01-23 14:38:31 +01:00
Daiki Ueno
bd239c046a Update to NSS 3.34.0 2017-11-14 14:20:29 +01:00
Daiki Ueno
6d15c06123 Fix nss-pem requirement on multilib 2017-11-10 15:13:21 +01:00
Kai Engert
423cf344b1 fix test script 2017-11-08 14:53:14 +01:00
Kai Engert
cd77ff2c17 Update tests to be compatible with default NSS DB changed to sql (the default was changed in the nss-util package). 2017-11-07 14:13:10 +01:00
Kai Engert
c4dce982fc rhbz#1505487, backport upstream fixes required for rhbz#1496560 2017-10-24 14:05:16 +02:00
Serhii Turivny
24e850cb0b Add CI tests using the standard test interface 2017-10-24 11:38:00 +03:00
Daiki Ueno
06c6c5b05b Forcibly run FIPS tests, and install new header file 2017-10-03 15:41:34 +02:00
Daiki Ueno
8a8a89e2ed Update to NSS 3.33.0 2017-10-03 10:18:40 +02:00
Daiki Ueno
c6bdcf333a Update to NSS 3.32.1 2017-09-15 14:21:47 +02:00
Daiki Ueno
3e4febd5a1 Prefer in-tree headers over system headers
See https://bugzilla.redhat.com/show_bug.cgi?id=1422046#c6
2017-09-06 14:38:46 +02:00
Kai Engert
61169569b1 NSS libnssckbi.so has already been obsoleted by p11-kit-trust, rhbz#1484449 2017-08-23 19:41:28 +02:00
Daiki Ueno
2d62c98a25 Don't build util_gtest 2017-08-08 12:47:53 +02:00
Daiki Ueno
7ae9f54af6 Update to NSS 3.32.0 2017-08-07 13:58:01 +02:00
Fedora Release Engineering
3bbfdef75c - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 04:07:03 +00:00
Fedora Release Engineering
7a90b2748d - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 01:18:19 +00:00
Daiki Ueno
943827bba4 Fix the previous commit 2017-07-19 18:34:50 +02:00
Daiki Ueno
82b3129713 Fix the previous commit for deprecating signtool
signtool.1 must be installed even if it is unsupported
2017-07-19 15:39:19 +02:00
Daiki Ueno
4b45ae6d65 Backport mozbz#1381784 to avoid deadlock in dnf 2017-07-18 13:18:15 +02:00
Daiki Ueno
314afd2133 Move signtool to %%_libdir/nss/unsupported-tools 2017-07-13 16:16:30 +02:00
Petr Písař
b2ceaeb648 perl dependency renamed to perl-interpreter <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> 2017-07-12 14:42:33 +02:00
Daiki Ueno
5ed56146a2 Rebase to NSS 3.31.0 2017-06-21 17:41:09 +02:00
Daiki Ueno
4a49c5748c Enable gtests 2017-06-02 15:18:09 +02:00
Daiki Ueno
405310c946 Rebase to NSS 3.30.2 2017-04-24 09:50:22 +02:00
Kai Engert
cd8db2917d Backport upstream mozbz#1328318 to support crypto policy FUTURE. 2017-03-30 11:54:51 +02:00
Daiki Ueno
17cd27bdca Revert workaround for pkgconf transition
This reverts commit 70bf1cefc1.
2017-03-21 12:37:13 +01:00
Daiki Ueno
b6664ebb77 Update to NSS 3.30.0 2017-03-21 12:20:45 +01:00
Kai Engert
8b601d64b2 Backport mozbz#1334976 and mozbz#1336487. 2017-03-02 13:44:16 +01:00
Daiki Ueno
65a4d20cc7 Update to NSS 3.29.1 2017-02-17 15:32:15 +01:00
Daiki Ueno
07c729494a Disable TLS 1.3 again 2017-02-09 10:13:07 +01:00
Daiki Ueno
73106743c1 Update to NSS 3.29.0 2017-02-08 16:33:58 +01:00
Daiki Ueno
70bf1cefc1 Work around pkgconfig -> pkgconf transition issue 2017-01-23 14:41:48 +01:00
Daiki Ueno
877f068e97 Temporarily remove Conflicts: for icecat 2017-01-23 14:15:36 +01:00
Daiki Ueno
82e9983e43 Disable TLS 1.3 again
Also add Conflicts for old Mozilla apps
2017-01-20 17:41:36 +01:00
Daiki Ueno
c6535e87bd Add "Conflicts" with older firefox 2017-01-17 12:49:10 +01:00
Daiki Ueno
8b6e6cc656 Fix incorrect version requirement for nss-util/nss-softokn 2017-01-13 09:41:31 +01:00
Daiki Ueno
9168316fa8 Update to NSS 3.28.1 2017-01-06 14:35:27 +01:00
Daiki Ueno
1df1edced7 Update to 3.27.2 2016-11-30 15:35:31 +01:00
Daiki Ueno
f52ebc585d Revert the previous fix for RSA-PSS and use the upstream fix instead 2016-11-15 16:27:37 +01:00
Kai Engert
387bb6b467 Disable the use of RSA-PSS with SSL/TLS. #1383809 2016-11-02 14:19:58 +01:00
Daiki Ueno
74f302809f Disable TLS 1.3 by default 2016-10-02 07:12:26 +02:00
Daiki Ueno
ddcac56c2e Update to NSS 3.27.0 2016-09-29 13:52:40 +02:00
Daiki Ueno
e0be40e6f7 Add explanation about NSS_IGNORE_SYSTEM_POLICY=1 2016-08-19 10:33:21 +02:00
Daiki Ueno
351f464ed1 Update to NSS 3.26.0 2016-08-10 14:46:53 +02:00
Elio Maldonado
7854e70d7e Incorporate more changes requested in upstream review and commited upstream (#1157720)
- still keeping two separate patches
2016-07-14 10:41:00 -07:00
Elio Maldonado
ff192a931a Incorporate some changes requested in upstream review and commited upstream (#1157720) 2016-07-13 17:44:26 -07:00
Elio Maldonado
270f23d149 Implement changes requested in upstream review and pushed upstream (#1157720)
- merge the two policy related patches
2016-07-12 20:25:49 -07:00
Elio Maldonado
e666a29edf Add support for conditionally ignoring the system policy (#1157720)
- Remove unneeded test scripts patches in order to run more tests
- Remove unneeded test data modifications from the spec file
2016-07-01 18:22:06 -07:00
Elio Maldonado
68e30820ed Add a reference to bug filed upstream 2016-06-28 09:33:42 -07:00
Elio Maldonado
ef6c2f08e7 Remove obsolete patch and spurious lines from the spec file (#1347336) 2016-06-28 07:47:13 -07:00
Elio Maldonado
e51bf1ce38 Cleanup spec file and patches and add references to bugs filed upstream 2016-06-26 15:03:12 -07:00
Elio Maldonado
3792f60887 Rebase to NSS 3.15
- Remove three patches obsolted by the rebase and updated two
- Temporarily not building the ecperf tool
- ecperef requires freebl/ec.h and ecl-curve.h and the latter
- causes compile failure because it requires that
- NSS_ECC_MORE_THAN_SUITE_B not be defined yet this is
- required for nss builds to allow external pkcs #11 providers
- to support curves beyond suite-b, such restriction only applies
- to the internal crypto module
2016-06-24 14:13:59 -07:00
Kai Engert
1911d47990 Bug 1347336, decouple nss-pem from the nss package, patch contributed by Kamil Dudka 2016-06-22 15:20:39 +02:00
Elio Maldonado
f5c6a9ac04 Apply the patch that was last introduced
- Renumber and reorder some of the patches
- Resolves: Bug 1342158
2016-06-03 08:40:01 -07:00
Elio Maldonado
85c6e70f3c Allow application requests to disable SSL v2 to succeed
- Resolves: Bug 1342158 - nss-3.24 does no longer support ssl V2, installation of IPA fails because nss init fails
2016-06-02 13:47:29 -07:00
Elio Maldonado
c460de4d23 Rebase to NSS 3.24.0
- Restore setting the policy file location
- Make ssl tests scripts aware of policy
- Ajust tests data expected result for policy
2016-05-29 10:14:36 -07:00
Elio Maldonado
29b52f2caf Bootstrap build to rebase to NSS 3.24.0
- Temporarily not setting the policy file location
2016-05-25 19:55:49 -07:00
Elio Maldonado
fc09930b4d Update nss_util_version and nss_softoken_version to 3.24.0
- Resolves: Bug 1336849 - nss-3.24 is available
2016-05-24 06:49:40 -07:00
Elio Maldonado
3648d70a92 Update to NSS 3.24.0
- Resolves: Bug 1336849 - nss-3.24 is available
- Update patches on account of the rebase
- Remove unused patches un account of the rebase
- Patch pem module to compile with wrning for unitilaized variables treated as errors
- Patch to skip some of the gtests as they use private calls and need to statically link with libnssutil.a
- TODO: bring this up with the external_tests framework developers upstream
2016-05-23 18:10:46 -07:00
Elio Maldonado
2e6c8d6f71 Change POLICY_FILE to "nss.config" 2016-05-12 12:04:57 -07:00
Elio Maldonado
299e9058d1 Change POLICY_FILE to "nss.cfg" 2016-04-22 08:25:14 -07:00
Elio Maldonado
21d9cd13e1 Change the POLICY_PATH to "/etc/crypto-policies/back-ends"
- Regenerate the check policy patch with hg to provide more context
- the nss-util portion included though not applied here but in nss-util
- todo: file bug upstream once we have done some testing
2016-04-20 08:49:00 -07:00
Elio Maldonado
b9c9bc550c Fix typo in the last %changelog entry 2016-04-14 14:16:05 -07:00
Elio Maldonado
ea86d5898c Load policy file if /etc/pki/nssdb/policy.cfg exists
- Resolves: Bug 1157720 - NSS should enforce the system-wide crypto policy
2016-03-24 15:18:49 -07:00
Elio Maldonado
b22cf46b7c Remove unused patch rendered obsolete by pem update 2016-03-08 15:41:14 -08:00
Elio Maldonado
2a45956d5b Update pem sources to latest from nss-pem upstream
- Resolves: Bug 1300652 - [PEM] insufficient input validity checking while loading a private key
- Fixes memory leak on failed ASN1 decoding of RSA keys with rebase
- https://git.fedorahosted.org/cgit/nss-pem.git
2016-03-08 06:47:48 -08:00
Elio Maldonado
e4343992f0 Rebase to NSS 3.23 2016-03-05 12:42:26 -08:00
Elio Maldonado
c0f6099656 Requite nss and nss-softokn version 3.22.2 2016-02-27 16:45:41 -08:00
Elio Maldonado
69c688f3b5 Rebase to NSS 3.22.2
- Resolves: Bug 1304135 - nss-3.22.2 is available
2016-02-26 21:59:01 -08:00
Elio Maldonado
fe44847276 Fix ssl2/exp test disabling to run all the required tests 2016-02-22 20:49:28 -08:00
Elio Maldonado
c281a339e1 Rebase to NSS 3.22.1
- Bug 1304135 - nss-3.22.1 is available
2016-02-21 11:30:52 -08:00
Elio Maldonado
317de01a4d Update .gitignore as part of updating to nss 3.22 2016-02-08 13:47:18 -08:00
Elio Maldonado
5953345108 Update to NSS 3.22 2016-02-08 07:57:39 -08:00
Fedora Release Engineering
f7ddea92df - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 10:56:52 +00:00
Elio Maldonado
5fe1656484 Resolves: Bug 1299040 - Enable ssl_gtests upstream test suite
- Remove 'export NSS_DISABLE_GTESTS=1' go ssl_gtests are built
- Use %define when specifying the nss_tests to run
2016-01-15 11:12:08 -08:00
Elio Maldonado
0483a01742 Add 64-bit MIPS to multilib arches
- Patch contributed by Michal Toman <michal.toman@gmail.com>
- Resolves: Bug 1294878 - Add 64-bit MIPS to multilib_arches
2015-12-31 08:11:54 -08:00
Jaromir Capik
65e0fbe683 Copy verref.h to the right dir in the STAGE2 recipe 2015-12-15 14:26:29 +01:00
Elio Maldonado
337a03cdd8 Fix style of commit message 2015-11-20 14:56:41 -08:00
Elio Maldonado
34058a2a6e Update %{nss_util_version} and %{nss_softokn_version} to 3.21.0
- Bug 1284095 - all https fails with sec_error_no_token
2015-11-20 14:39:49 -08:00
Elio Maldonado
66122a0ff7 Add references to bugs filed upstream 2015-11-15 10:51:54 -08:00
Elio Maldonado
03da09b383 Enclose the _isa_bits check inside a %ifnarch noarch ... %endif one 2015-11-14 14:49:57 -08:00
Elio Maldonado
69b02be530 Change the test to %if 0%{__isa_bits} == 64 as required in fedora
- As done in the patch contributed by Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit architectures
2015-11-14 11:32:57 -08:00
Elio Maldonado
0a91ce3fe8 Complete the commits to update to NSS 3.21
- Add files missed in previous commit as they weren't staged
- Package listsuites as part of the unsupported tools set
- Resolves: Bug 1279912 - nss-3.21 is available
- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit
- Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set
2015-11-13 18:03:07 -08:00
Elio Maldonado
c13e32fe80 Update to NSS 3.21
- Package listsuites as part of the unsupported tools set
- Resolves: Bug 1279912 - nss-3.21 is available
- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit
- Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set
2015-11-13 17:53:10 -08:00
Jaromir Capik
81b37a0f74 Adding STAGE2 bootstrap recipe 2015-11-04 17:48:00 +01:00
Elio Maldonado
75207789dc Update to NSS 3.20.1 2015-10-31 08:55:27 -07:00
Elio Maldonado
82653be6b2 Enable ECC cipher-suites by default [hrbz#1185708]
- Split the enabling patch in two for easier maintenance
- Remove unused patches rendered obsolete by prior rebase
2015-09-30 11:34:48 -07:00
Elio Maldonado
ae64727ebb Enable ECC cipher-suites by default [hrbz#1185708]
- Implement corrections requested in code review
2015-09-16 09:25:43 -07:00
Elio Maldonado
a046ce773a Enable ECC cipher-suites by default [hrbz#1185708] 2015-09-15 16:21:10 -07:00
Elio Maldonado
17f536942a - Fix patches that disable ssl2 and export cipher suites support
- Fix libssl patch that disables ssl2 & export cipher suites not disable RSA_WITH_NULL ciphers
- Fix syntax erros in patch to skip ssl2 and export cipher suite tests to only skip what;s needed
- Turn ssl2 off by default in the tstclnt tool
- Disable ssl stress tests containing TLS RC4 128 with MD5
- Resolves: Bug 1263005
2015-09-14 18:15:13 -07:00
Elio Maldonado
b10f7b1f18 Fix the version number in last %%changelog entry to be NSS 3.20 2015-08-20 15:15:28 -07:00
Elio Maldonado
c4f83dca30 Update to NSS 3.120 2015-08-20 13:50:06 -07:00
Elio Maldonado
8b92dbf50e Update to NSS 3.19.3
- Resolves: Bug 1251624 - nss-3.19.3 is available
2015-08-07 21:13:01 -07:00
Elio Maldonado
f35af25385 Create on the fly versions of sslcov.txt and sslstress.txt that disable tests for SSL2 and EXPORT ciphers
- Enhancement from Kai Engert already used on RHEL-7
2015-06-26 14:53:21 -07:00
Kai Engert
0779a363b4 Update to NSS 3.19.2 2015-06-17 21:15:31 +02:00
Kai Engert
3a7ef4801d Update to NSS 3.19.1 2015-05-28 22:28:05 +02:00
Kai Engert
c0a0ca5eb2 forgot to udpate sources/gitignore 2015-05-19 21:23:31 +02:00
Kai Engert
856e33f728 Update to NSS 3.19 2015-05-19 21:07:35 +02:00
Kai Engert
a58533f703 Replace expired test certificates, upstream bug 1151037 2015-05-15 16:23:25 +02:00
Elio Maldonado
f59c0d1275 Update to nss-3.18.0
- Resolves: Bug 1203689 - nss-3.18 is available
2015-03-19 09:52:30 -07:00
Elio Maldonado
9b7199b3db Disable export suites and SSL2 support at build time
- Fix syntax errors in various shell scripts
- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites
2015-03-03 14:35:20 -08:00
Till Maas
fa80ce0efb Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
2015-02-21 22:27:31 +01:00
Elio Maldonado
8687a87da5 Commented out the export NSS_NO_SSL2=1 line to not disable ssl2
- Backing out from disabling ssl2 until the patches are fixed
2015-02-09 17:52:50 -08:00
Elio Maldonado
8cfb70a447 Disable SSL2 support at build time
- Fix syntax errors in various shell scripts
- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites
2015-02-08 18:30:17 -08:00
Elio Maldonado
8c142e52fe Update to nss-3.17.4
- remove a patch rendered obsolete by the rebase
2015-01-28 17:23:35 -08:00
Ville Skyttä
c70e45537d Own the %{_datadir}/doc/nss-tools dir
https://bugzilla.redhat.com/show_bug.cgi?id=1185573
2015-01-27 13:16:42 +02:00
Elio Maldonado
62096f81c3 Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer
- Install pp man page in %{_datadir}/doc/nss-tools/pp.1
- Use %{_mandir} instead of /usr/share/man as more generic
2014-12-16 07:43:44 -08:00
Elio Maldonado
a60e3001fe Install pp man page in alternative location
- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer
2014-12-15 08:26:07 -08:00
Elio Maldonado
a7df0838aa Update to nss-3.17.3
- Resolves: Bug 1171012 - nss-3.17.3 is available
2014-12-05 07:32:38 -08:00
Elio Maldonado
3e2a0ea4de Resolves: Bug 994599 - Enable TLS 1.2 by default 2014-10-16 16:36:18 -07:00
Elio Maldonado
1765d80a6c Update to nss-3.17.2 2014-10-12 09:06:05 -07:00
Kai Engert
0ac07fb221 - Update to nss-3.17.1
- Add a mechanism to skip test suite execution during development work
2014-09-25 02:12:48 +02:00
Kevin Fenzi
64ca89cbe4 Rebuild for rpm bug 1131960 2014-08-21 11:48:33 -06:00
Elio Maldonado
3e02cae346 Update to nss-3.17.0
- Update the iquote.patch on account of the rebase
2014-08-19 10:38:45 -07:00
Peter Robinson
db7f9bfa50 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 12:21:01 +00:00
Elio Maldonado
eaa519320e Replace expired PayPal test cert with current one to prevent build failure
- Using the new cert checked in upstream
- See https://hg.mozilla.org/projects/nss/rev/756ccadf33b3
2014-07-30 11:48:10 -07:00
Tom Callaway
8025e7be74 fix license handling 2014-07-18 18:52:34 -04:00
Elio Maldonado
fd6a1f2171 Update to nss-3.16.2
- Resolves: Bug 1114319 - nss-3.16.2 is available
- Remove no longer needed patch
2014-06-29 10:50:40 -07:00
Elio Maldonado
60816050f2 Remove unwanted source directories at the end of %prep so it truly does it
- Skip the cipher suite already run as part of the nss-softokn build
- Brings spec file fixes already approved and applied on rhel-6.6
2014-06-15 10:28:18 -07:00
Dennis Gilmore
296fce6af9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 10:09:47 -05:00
Jaromir Capik
f94fcb299b Replacing ppc64 and ppc64le with the power64 macro
- Related: Bug 1052545 - Trivial change for ppc64le in nss spec
2014-05-12 20:09:13 +02:00
Elio Maldonado
4d04992e9a Update to nss-3.16.1
- Update the iquote patch on account of the rebase
- Improve error detection in the %section
- Resolves: Bug 1094702 - nss-3.16.1 is available
2014-05-06 09:32:26 -07:00
Elio Maldonado
37a942df5c Require nspr-4.10.4 2014-03-19 08:45:26 -07:00
Elio Maldonado
0834927548 Update to nss-3.16.0
- Cleanup the copying of the tools man pages
- Update the iquote.patch on account of the rebase
2014-03-18 17:27:02 -07:00
Elio Maldonado
8b13702a67 Restore requiring nss_softokn_version >= 3.15.5 2014-03-04 07:33:25 -08:00
Elio Maldonado
4f24d9e6c9 Remove reference to a patch that we aren't yet ready to apply. 2014-02-23 19:02:24 -08:00
Elio Maldonado
23d7297fce Temporarily requiring only nss_softokn_version >= 3.15.4
- This until a koji build environment prprobmem which that causes i686 nss-softokn builds
- to fail is resolved
- nss-softokn-3.15.5 has the same code as nss-softokn-3.15.4
2014-02-23 18:55:11 -08:00
Elio Maldonado
9b8380a073 Update to nss-3.15.5
- Fix location of sharedb files and their manpages
- Move cert9.db, key4.db, and pkcs11.txt to the main package
- Move nss-sysinit manpages tar archives to the main package
- Resolves: Bug 1066877 - nss-3.15.5 is available
- Resolves: Bug 1067091 - Move sharedb files to the %files section
2014-02-19 13:28:37 -08:00
Elio Maldonado
4c076bc0cd Revert previous change that moved some sysinit manpages
- Restore nss-sysinit manpages tar archives to %files sysinit
- Removing spurious wildcard entry was the only change needed
2014-02-06 15:33:20 -08:00
Elio Maldonado
4fb9d07b7f Add explanatory comments for iquote.patch as was done on f20
- The reason for this running patch is far from obvious.
- Helps code reviwers as the patch sometimes needs updating
- when doing rebases to nss that introduce new functions.
2014-01-27 07:51:27 -08:00
Elio Maldonado
a25fc11743 Update pem sources to latest from nss-pem upstream
- Update picks up pem fixes verified on RHEL and applied upstream
- Fix a problem where same files in two rpms created rpm conflict
- Reported at https://bugzilla.redhat.com/show_bug.cgi?id=1050163
- Move some nss-sysinit manpages tar archives to the %files the
- All man pages are listed by name so there shouldn't be wildcard inclusion
- Add support for ppc64le, Resolves: Bug 1052545
2014-01-25 10:57:37 -08:00
Peter Robinson
5d65d327f1 ARM tests pass so remove ARM conditional 2014-01-20 18:48:37 +00:00
Elio Maldonado
301ed12356 Remove unneeded sections from the patch 2014-01-10 15:19:35 -08:00
Elio Maldonado
7285eaab48 Regenerated pem patch to be suitable for submission to interim upstream pem 2014-01-08 10:24:30 -08:00
Elio Maldonado
d2ef6540b5 Sync up with changes made upstream for freebl and softoken
- Reduce the patch to its bare minumum
- Remove RSA_BlockOAEP cases which aren't used by the pem module after all
- Copied the private RSA_BlockType data structure from freebl/pkcss11.c that needed here
- Upstream removed softoken/rsawrapr.c and moved the code to freebl/pkcs11.c
- https://bugzilla.mozilla.org/show_bug.cgi?id=836019
- Bug 836019 - Move RSA-PKCS#1, RSA-PSS, and RSA-OAEP into freebl
2014-01-08 09:08:35 -08:00
Elio Maldonado
569d439b91 Update two patches due to upstream changes
- Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken
- Update iquote.patch on account of upstream changes
- Resolves: Bug 1049229 - nss-3.15.4 is available
2014-01-07 13:48:44 -08:00
Elio Maldonado
aae9602c01 Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM)
- Resolves: Bug 1049229 - nss-3.15.4 is available
- Update pem sources to latest from the interim upstream for pem
- Remove no longer needed patches
2014-01-07 06:13:53 -08:00
Elio Maldonado
6ab230bb01 Remove unused patches 2013-12-18 08:00:55 -08:00
Elio Maldonado
b5567867a7 - Resolves: Bug 1040192 - nss-3.15.3.1 is available 2013-12-11 10:41:54 -08:00
Elio Maldonado
4f6555074f Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM)
- Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA
2013-117)
2013-12-11 08:37:47 -08:00
Elio Maldonado
f37654e052 Bump the release tag 2013-12-03 14:12:35 -08:00
Elio Maldonado
49e209f91d Install symlink to setup-nsssysinit.sh, without the ".sh" suffix, that matches the man page documentation 2013-11-26 14:15:45 -08:00
Elio Maldonado
67a7a21b0e Update to NSS_3_15_3_RTM
- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws
- Fix option descriptions for setup-nsssysinit manpage
- Fix man page of nss-sysinit wrong path and other flaws
- Document email option for certutil manpage
- Remove unused patches
2013-11-26 10:36:24 -08:00
Elio Maldonado
129e66ef0e Remove unused script mozilla-crypto-strip.sh 2013-11-24 14:22:43 -08:00
Elio Maldonado
658733b0d3 Bump the minimum required verion of nss-util and nss-softokn to 3.15.3 2013-11-23 21:06:02 -08:00
Elio Maldonado
db7fe53123 Update to NSS_3_15_3_RTM
- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws
- Fix option descriptions for setup-nsssysinit manpage
2013-11-23 20:47:19 -08:00
Elio Maldonado
a6a13f1a66 Bump the release tag 2013-10-27 11:04:28 -07:00
Elio Maldonado
4b2b74e5e0 Revert one change from last commit to preserve full nss pluggable ecc supprt 2013-10-27 11:00:35 -07:00
Elio Maldonado
74d9e91174 Remove obsolete NSS_ECC_MORE_THAN_SUITE_B=1 export. It has no effect. 2013-10-23 11:38:39 -07:00
Elio Maldonado
306dd778f4 Use the full sources from upstream
- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird
2013-10-23 09:53:20 -07:00
Elio Maldonado
9b70717281 - Update to NSS_3_15_2_RTM
- Update iquote.patch on account of modified prototype on cert.h installed by nss-devel
- On CERT_GetKeyType a const qualifier was added to the input parameter and this we must include
- the cert.h from the build tree intead of the one in system/buildroot which is not up to date yet
2013-09-27 11:32:01 -07:00
Elio Maldonado
8f6f357e88 Update to NSS_3_15_2_RTM 2013-09-27 09:50:45 -07:00
Elio Maldonado
33f25f5720 Fix the release tag to be Release: 7%{?dist} 2013-08-28 15:08:50 -07:00
Elio Maldonado
da85237ace Update pem sources to pick up a patch applied upstream which a faulty merge had missed
- The pem module should not require unique file basenames
2013-08-28 12:59:23 -07:00
Elio Maldonado
2285997461 Upload a new pem source tar ball with a fix to a relative patch 2013-08-27 21:39:03 -07:00
Elio Maldonado
1c902d0023 Fix the version of nss-pem source tar ball to use 2013-08-27 21:17:53 -07:00
Elio Maldonado
2c648570aa Update pem sources to the latest from interim upstream 2013-08-27 21:08:54 -07:00
Elio Maldonado
b4e6e308a6 Resolves: rhbz#996639 - Minor bugs in nss man pages
- Fix some typos and improve description and see also sections
2013-08-19 11:56:32 -07:00
Elio Maldonado
5761e30a94 Cleanup spec file to address most rpmlint errors and warnings
- Using double percent symbols to fix macro-in-comment warnings
- Ignore unversioned-explicit-provides nss-system-init per spec comments
- Ignore invalid-url Source0 as it comes from the git lookaside cache
- Ignore invalid-url Source12 as it comes from the git lookaside cache
2013-08-11 12:16:20 -07:00
Elio Maldonado
3888f3b230 Add man page for pkcs11.txt configuration file and cert and key databases
- Resolves: rhbz#985114 - Provide man pages for the nss configuration files
2013-07-25 14:21:44 -07:00
Elio Maldonado
8ae46fa97f Fix errors in the man pages
- Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util
- Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit
2013-07-19 10:42:57 -07:00
Elio Maldonado
fdb9637677 Fix nss-3.14.0.0-disble-ocsp-test.patch
- it was disabling the wrong test, dsa instead of ocsp
2013-07-02 16:15:12 -07:00
Elio Maldonado
cf4a750103 Update to NSS_3_15_1_RTM
- Enable the iquote.patch to access newly introduced types
- New types and constants added to sslprot.h, sslerr.h, and sslt.h require thhe in-tree headers to be picked up first
2013-07-02 15:15:25 -07:00
Elio Maldonado
8943f1ad54 Update to NSS_3_15_RTM 2013-07-02 13:44:44 -07:00
Elio Maldonado
efdced7007 Revert "Reenable patches required for compatibility on stable fedora branches"
This reverts commit 65efb2c2f3.
That commit wasn't untended for this branch
2013-06-23 19:39:13 -07:00
Elio Maldonado
65efb2c2f3 Reenable patches required for compatibility on stable fedora branches
- Reenable nss-ssl-enforce-no-pkcs11-bypass.path
- Renable nss-ssl-cbc-random-iv-off-by-default.patch
2013-06-23 19:00:21 -07:00
Elio Maldonado
b8273ce04c Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts
- Resolves: rhbz#606020 - nss security tools lack man pages
2013-06-19 20:32:27 -07:00
Elio Maldonado
e36079dd45 Build nss without softoken or util sources in the tree
- Resolves: rhbz#689918
2013-06-18 17:45:38 -07:00
Elio Maldonado
41e94360c9 Update ssl-cbc-random-iv-by-default.patch
- Added a missing comma
2013-06-17 16:23:06 -07:00
Elio Maldonado
2f66633263 Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config
- These were blank in nss-config causing build failures on client paclages
- Reported by Martin Stransky when a xulrunner build failed
2013-06-16 10:07:11 -07:00
Elio Maldonado
f6ec57311f Update to NSS_3_15_RTM 2013-06-15 12:48:12 -07:00
Elio Maldonado
2249db62a6 Fix incorrect path that hid failed test from view
- Add ocsp to the test suites to run but ...
- Temporarily disable the ocsp stapling tests
- Do not treat failed attempts at ssl pkcs11 bypass as fatal errors
2013-04-24 18:46:52 -07:00
Elio Maldonado
30056fd35c Update nss-pem-20130405.tar.bz2 to the git lookaside cache 2013-04-09 16:22:42 -07:00
Elio Maldonado
2a8c1318ea Update to NSS_3_15_BETA1
- Update spec file, patches, and helper scripts on account of a shallower source tree
- Update the pem sources also to adjust to the sallower source for nss
2013-04-09 16:14:36 -07:00
Kai Engert
59b5d52d9e * Sun Mar 24 2013 Kai Engert <kaie@redhat.com> - 3.14.3-12
- Update expired test certificates (fixed in upstream bug 852781)
2013-03-24 00:28:39 +01:00
Kai Engert
21e8668243 * Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 3.14.3-10
- Fix incorrect post/postun scripts. Fix broken links in posttrans.
2013-03-08 23:34:55 +01:00
Kai Engert
7b5d7ea05f * Wed Mar 06 2013 Kai Engert <kaie@redhat.com> - 3.14.3-9
- Configure libnssckbi.so to use the alternatives system
  in order to prepare for a drop in replacement.
2013-03-06 00:49:27 +01:00
Elio Maldonado
b03345792c Update to NSS_3_14_3_RTM
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails,
  patch contributed by Nalin Dahyabhai
2013-02-17 20:02:37 -08:00
Elio Maldonado
0370142fd0 Add pem module fix, spec file support for AArch64 and document additional fix
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output, upstream fix
2013-02-16 15:02:25 -08:00
Elio Maldonado
b3f05b9f44 Update to NSS_3_14_3_RTM
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- these changes are in experimental RSA OAEP code currently in a state of flux
- and required for the PEM module to compile with the nss 3.4.3 update
2013-02-15 15:34:49 -08:00
Elio Maldonado
96957e805a Allow building nss softoken against older sqlite
- Adding a patch already applied upstream by Kai Engert
2013-02-04 15:12:54 -08:00
Elio Maldonado
7a7f48e712 Reenable patch to run the freebl tests that were ron as part of the nss-softokn build
- continue turning off the ocsp tests
2013-02-01 13:39:03 -08:00
Elio Maldonado
830ee96f85 Update to NSS_3_14_2_RTM
- Update the minimum requred versiobs of nspr, nss-util, and nss-softokn
- Remove patch obsoleted by the update and update others
- Restore missing second half of the cbc random iv by default patch
- Restore the freebl tests patch until we build without nsssoftoken
2013-02-01 11:24:15 -08:00
Kai Engert
ca00551ea7 - Update to NSS_3_14_1_WITH_CKBI_1_93_RTM 2013-01-03 19:17:24 +01:00
Elio Maldonado
b13dc44579 Require nspr >= 4.9.4
- Fix changelog invalid dates
- Patch highlights nss-softoken tests we plan to disable in upcoming release
2012-12-22 17:50:41 -08:00
Elio Maldonado
5a0d6572e1 Update to NSS_3_14_1_RTM
- added a patch to not compile the softoken/freebl tests
- needed due to upstream changes to coreconf
- to be addjusted or removed if patch to enabled building nss without softoken is accepted upstream
2012-12-16 22:25:51 -08:00
Elio Maldonado
edea054ffc Bug 879978 - Install the nssck.api header template where mod_revocator can access it
- Install nssck.api in /usr/includes/nss3/templates, otherwise it won't install
2012-12-11 21:26:58 -08:00
Elio Maldonado
765b3c410b Fix the patch turn the dault as intended
- Remove a pprtion that is actually applied already
- Current one gives the desired results but must invertigate further why the sencnd hunk is already applied.
2012-11-28 12:52:53 -08:00
Elio Maldonado
461744f676 Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it
- Install nssck.api in /usr/includes/nss3
2012-11-27 21:55:17 -08:00
Elio Maldonado
4e9cb6d944 Cleanup the file paths as it was done on the f18 version 2012-11-20 12:10:58 -08:00
Elio Maldonado
e45858c07c Keep the patch as it was approved with only the recommended changes.
- Revert back to using szOID_KP_CTL_USAGE_SIGNING instead of SEC_OID_KP_CTL_USAGE_SIGNING
- This is our temporary local private name and what makes this code work even after we rebase
- and pick up the upstream changes. Of course, this patch will be removed when that happens.
2012-11-20 09:42:53 -08:00
Elio Maldonado Batiz
6e1a26a079 Resolves: rhbz#870864 - Add support in NSS for Secure Boot 2012-11-19 21:45:58 -08:00
Elio Maldonado
19ad65d608 Disable bypass code at build time and return failure on attempts to enable at runtime
- Bug 806588 - Disable SSL PKCS #11 bypass at build time
2012-11-09 17:20:07 -08:00
Elio Maldonado
fef81756fd Rename the patch to reflect the correct bug number
- Renamed: Bug-872838-fix-pk11wrap-locking.patch -> Bug-872124-fix-pk11wrap-locking.patch
- Fixed the reference in spec file

Please enter the commit message for your changes. Lines starting
2012-11-04 22:00:38 -08:00
Elio Maldonado
b5d7c8e158 Fix the last changelog entry and quote the correct bug number. 2012-11-04 17:07:18 -08:00
Elio Maldonado
247ec13766 Fix pk11wrap locking to fix 'fedpkg new-sources' and 'fedpkg update' hangs
- Bug 87838 - nss-3.14 causes fedpkg new-sources breakage
- Fix should be considered preliminary since the patch may change upon upstream approval
2012-11-04 15:44:01 -08:00
Elio Maldonado
fdff72cd4e Merge branch 'master' of ssh://pkgs.fedoraproject.org/nss
- My local copy is behind by one commi after doing a reset on user
2012-11-04 15:32:56 -08:00
Elio Maldonado
f2639d5e85 Fix the change log by adding a missing entry
- Add missing - * Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5
2012-11-04 15:31:50 -08:00
Elio Maldonado
b89655218d Fix the change log by adding a missing entry
- Add missing - * Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5
2012-11-04 15:15:16 -08:00
Elio Maldonado
93eeb31cf1 Add a dummy source file for testing /preventing fedpkg breakage
- Helps test the fedpkg new-sources and upload commands for breakage by nss updates
- Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources
2012-11-01 16:07:26 -07:00
Elio Maldonado
e4dd1babb0 Fix a previous unwanted merge from f18
- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while
- Keeping the patch disabled while we are still in rawhide and
- State in comment that patch is needed for both stable and beta branches
- Update .gitignore to download only the new sources
2012-11-01 11:36:35 -07:00
Elio Maldonado
edf5ff0634 Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default
- Bug 872124 - nss 3.14 breaks fedpkg new-sources
2012-11-01 09:29:38 -07:00
Elio Maldonado
c2e20984e1 Fix the spec file so sechash.h gets installed
- Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14
2012-10-31 14:05:29 -07:00
Elio Maldonado
192d1d33fb Update the license to MPLv2.0 2012-10-27 01:58:29 -04:00
Elio Maldonado
3be7379237 Use only -f when removing unwanted headers
- alerted to this flaw by Kamil Dudka
- unneeded as we are only removing headers, not directories, and a dangerous practice
2012-10-24 11:13:25 -07:00
Elio Maldonado
982583d915 Add secmodt.h to the headers installed by nss-devel
- nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14
2012-10-23 18:48:54 -04:00
Elio Maldonado
b11609d88a Update to NSS_3_14_RTM 2012-10-22 14:49:08 -07:00
Elio Maldonado
0889879046 Upload new sources to the git lookaside cache 2012-10-21 20:50:37 -04:00
Elio Maldonado
1f01ab68b1 Update to NSS_3_14_RC1
- update nss-589636.patch to apply to httpdserv
- turn off ocsp tests for now
- remove no longer needed patches
- remove headers shipped by nss-util
2012-10-21 20:47:52 -04:00
Kai Engert
61aa73d6e8 remove empty line... 2012-10-06 00:34:44 +02:00
Kai Engert
53a120c4af * Fri Oct 05 2012 Kai Engert <kaie@redhat.com> - 3.13.6-1
- Update to NSS_3_13_6_RTM
2012-10-06 00:22:39 +02:00
Elio Maldonado
ab9d670692 Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3
- Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load
- Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer
- Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix
2012-08-27 16:19:41 -07:00
Elio Maldonado
99a740d2ee Fix pluggable ecc support
- Build nss in three phases
- Phase 1: build softoken, freebl, and util with NSS_ENABLE_ECC unset
- Phase 2: build the rest of nss (muinus bltest and fipstest) with NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITEB set
- Phase 3: build bltest and fipstest with NSS_ENABLE_ECC unset as in phsae 1
2012-08-13 15:05:06 -07:00
Dennis Gilmore
bd7e7ae750 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-20 00:20:58 -05:00
Elio Maldonado
f304d0d0cf Fix checkin comment to prevent unwanted expansions of percents
- Done on previous commit but must retag now
2012-07-01 11:42:00 -07:00
Elio Maldonado
18cd8ce5de Fix the checkin comment to use %% 2012-07-01 11:33:54 -07:00
Elio Maldonado
967fa1be0d Require nspr 4.9.1 2012-07-01 10:35:21 -07:00
Elio Maldonado
7011f18b86 Enable sha224 portion of powerup selftest when running test suites
- That disabling was meant for RHEL-6 wich at time has and older softoken
2012-07-01 10:25:16 -07:00
Elio Maldonado
6b33cec549 Resolves: Bug 830410 - Missing Requires %{?_isa}
- Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools
- Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib
2012-07-01 10:13:07 -07:00
Elio Maldonado Batiz
e1a1b3583b Bug 833529 - revert unwanted change to nss.pc.in
- Remove the /nss3 fom Lib: line in nss.pc.in
2012-06-20 21:58:09 -07:00
Elio Maldonado
580fd0d7b9 Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in 2012-06-19 10:55:57 -07:00
Elio Maldonado
a27d98a9ec Update to 3.13.5 2012-06-18 07:20:04 -07:00
Elio Maldonado
c38003c691 Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3
- Fix conributed by Kamil Dudka
2012-04-13 10:10:57 -07:00
Elio Maldonado
41064271a8 Resolves: Bug 805723 - Library needs partial RELRO support added
- Patch coreconf/Linux.mk as done on RHEL 6.2
2012-04-08 11:13:29 -07:00
Elio Maldonado
034c16be36 Merge branch 'master' into f17
- Update to NSS_3_13_4_RTM
- Update the nss-pem source archive to the latest version
- Remove no longer needed patches
- Resolves: Bug 806043 - use pem files interchangeably in a single process
- Resolves: Bug 806051 - PEM various flaws detected by Coverity
- Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name
2012-04-06 15:26:15 -07:00
Elio Maldonado
99d4b15c76 Fix duplicate entries
- Reemove the previous entry for nss tar ball, keep latest
2012-04-06 11:04:36 -07:00
Elio Maldonado
4fe7a90965 Updated the correct stripped source archive 2012-04-06 10:11:54 -07:00
Elio Maldonado
5203007534 Update to NSS_3_13_14_RTM 2012-04-06 10:06:51 -07:00
Elio Maldonado
310e64d3c2 Update the nss-pem source archive to the latest version
- Resolves: Bug 806043 - use pem files interchangeably in a single process
- Resolves: Bug 806051 - PEM various flaws detected by Coverity
- Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name
- Remove patches obsoleted by the nss and pem updates
2012-04-02 13:34:11 -07:00
Elio Maldonado
c408966515 Require nss-util and nss-softokn at 3.12.4 2012-04-01 17:24:02 -07:00
Elio Maldonado
89045d8452 Update to NSS_3_13.4_BETA1 2012-04-01 16:35:48 -07:00
Elio Maldonado Batiz
51c4dcf0e0 Merge branch 'master' into f17 2012-03-27 15:26:25 -07:00
Elio Maldonado
39b507ea3c - Resolves: Bug 805723 - Library needs partial RELRO support added 2012-03-21 15:01:07 -07:00
Elio Maldonado
19fee62ac7 Enable the Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
- F17 is already aplha, let's treat it as a stable branch
- Todo: Ask communinty members to try turning it on and provide
- feedack on servers and clients that may still be broken.
2012-03-09 18:07:15 -08:00
Elio Maldonado Batiz
7d1bd46bd6 Cleanup the spec file
- Add references to the upstream bugs
- Fix typo in Summary for sysinit
2012-03-09 14:40:23 -08:00
Elio Maldonado
3ccc11c806 Pick up fixes from RHEL
- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync
- Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update
- Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections
2012-03-07 18:39:32 -08:00
Elio Maldonado Batiz
85a1075a8d Require nss-softokn 3.13.3 as part of the update to NSS_3_13_3_RTM 2012-03-01 12:48:17 -08:00
Elio Maldonado
ca7f73c317 - Update to NSS_3_13_3_RTM
- Keeping the requires on nss-softokn at 3.13.1 temporarily
- Removed nss-ckbi-1.88.rtm.patch which we no longer need due to the update
2012-02-29 19:20:40 -08:00
Tom Callaway
6e9d7578fc fix gcc47 issue causing xulrunner to ftbfs in rawhide 2012-01-30 17:10:53 -05:00
Elio Maldonado
81470bd3c4 - Resolves: Bug 784672 - nss should protect against being called before nss_Init 2012-01-26 14:56:36 -08:00
Dennis Gilmore
b6f8eca453 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-13 05:16:40 -06:00
Elio Maldonado
1f56c5ccc5 - Deactivate a patch currently meant for stable branches only 2012-01-06 16:01:07 -08:00
Elio Maldonado
40928cb8e3 - Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity
- Set NSS_SSL_CBC_RANDOM_IV to 0 by default and change to 1 on user request
2012-01-06 15:50:45 -08:00
Elio Maldonado
d5f0675cc9 - Revert to using current nss_softokn_version
- Patch to deal with lack of sha224 is no longer needed
2011-12-13 14:29:45 -08:00
Elio Maldonado
def217ea25 - Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV 2011-12-13 06:54:05 -08:00
Elio Maldonado
aecd53f653 Merge branch 'f16' 2011-12-12 16:37:02 -08:00
Elio Maldonado
543ae9ce83 - Resolves: Bug 750376 - nss 3.13 breaks sssd TLS
- Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y
- Only patch blapitest for the lack of sha224 on system freebl
- Completed the patch to make pem link against system freebl
2011-12-12 15:42:30 -08:00
Elio Maldonado
109e79922c - Drop the Batiz from my name, it confuses people 2011-12-06 16:56:09 -08:00
Elio Maldonado
1584b7eb6a - This patch moved to nss-util where it belomgs 2011-12-06 16:47:13 -08:00
Elio Maldonado
e8491da33f Merge branch 'f16' 2011-12-06 16:40:25 -08:00
Elio Maldonado
3fe2df48eb - Remove reference to obsoleted terminalrecord.patch 2011-12-05 15:54:44 -08:00
Elio Maldonado
f67889f49c - Fix the missing CERTDB_TERMINAL_RECORD symbol problem
- Removed unwanted /usr/include/nss3 in front of the normal cflags include path
- Removed ugly and unnecessary patch dealing with CERTDB_TERMINAL_RECORD
2011-12-05 15:51:15 -08:00
Elio Maldonado
2980194bf3 Merge branch 'f16' 2011-12-04 23:29:00 -08:00
Elio Maldonado
321e446e77 - Bug 75036 Enable usage of nss-3.13.3 with nss-softokn-3.12.x 2011-12-04 23:21:22 -08:00
Elio Maldonado
cb85c9e1da - Bug 750376 Enable updating nss to 3.13.x while keeping nss-softokn at 3.12.9
- Statically link the pem module against system freebl found in buildroot
- Disable sha224-related powerup selftest until we update softokn
- Disable sha224 and rsapss tests which nss-softokn 3.12.x doesn't support
- nss-softokn 3.12.9 was submitted for FIPS 140 minor revalidation
2011-12-04 23:08:24 -08:00
Elio Maldonado
953f3cef9d - Rebuild with nss-softokn from 3.12 in the buildroot
- Allows the pem module to statically link against 3.12.x freebl
- Required for using nss-3.13.x with nss-softokn-3.12.y for a merge into ia new rhel git repo
- Build to be temporarily placed on buildroot override but never pushed to updates-testing
2011-12-02 14:21:08 -08:00
Elio Maldonado
1c8a4130f1 - Merge from master
- This is an experimental build to fix Bug 750376
- To be added to the buildroot override but should not be pushed to updates-testing
  until the bug has been verified as fixed
2011-11-28 15:37:12 -08:00
Elio Maldonado
5fe8f41a13 - Dropping the %%{?_isa} from Requires: nss-system-init as it causes problems 2011-11-28 06:37:44 -08:00
Elio Maldonado
a32a69acd9 - Changed the minimum required softokn version to nss_softokn_fips_version
- This is a temporary change to enable merging into the new rhel git repo
- Using Requires: nss-system-init%%{?_isa} to prevent multilib install problems (rhbz#751694)
2011-11-27 10:54:55 -08:00
Dan Williams
dc20ddf3a8 Fix __GNUC_MINOR mistype that caused users of NSS to fail to build 2011-11-10 14:40:47 -06:00
Elio Maldonado
190ec81eec - Remove patch that was obsoleted by the update 2011-11-07 08:38:42 -08:00
Elio Maldonado
0598777c8d Merge branch 'master' into f16
Keeping softokn at 3.12.10 as we are bootstrapping the system
2011-11-07 08:36:10 -08:00
Elio Maldonado
cc7766a55d - Fix broken dependencies by updating the nss-util and nss-softokn versions 2011-11-04 12:26:07 -07:00
Elio Maldonado
28928af492 - Fix the name of the patch file 2011-11-03 20:44:32 -07:00
Elio Maldonado
4a87b24862 - Update to NSS_3_13_1_RTM
- Update builtin certs to those from NSSCKBI_1_88_RTM
2011-11-03 17:21:40 -07:00
Elio Maldonado
7b078b5247 - Update to NSS_3_13_RTM 2011-10-15 20:24:39 -07:00
Elio Maldonado
e13d622bc5 - Update to NSS_3_13_RTM 2011-10-15 20:21:47 -07:00
Elio Maldonado
bc4ac545c9 - Update to NSS_3_13_RC0
- Adjust patches to new sources
- Remove builtin patch which isn't needed due to the update
- update sources
2011-10-08 12:04:26 -07:00
Elio Maldonado
3586aff4e7 - Fix attempt to free initialized pointer (#717338)
- Fix leak on pem_CreateObject when given non-existing file name (#734760)
- Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)
2011-09-14 12:28:24 -07:00
Kai Engert
a1e61fa589 NSSCKBI_1_87_RTM 2011-09-06 22:51:08 +02:00
Kai Engert
c26c5b1326 NSSCKBI_1_87_RTM 2011-09-06 22:48:46 +02:00
Elio Maldonado
bc8d177729 - Restore the line for the pem sources 2011-08-09 21:21:45 -07:00
Elio Maldonado
4f63c4864b - Update sources to NSS_3_12_11_RTM
- Run the stripping script
2011-08-09 21:09:30 -07:00
Elio Maldonado
d7c5a94ba8 - Update to NSS_3_12_11_RTM 2011-08-09 18:31:35 -07:00
Elio Maldonado
a7fb38e80b - Indicate the provenance of stripped source tarball (#688015)
- Add the code stripping script to the sources
2011-07-23 20:16:38 -07:00
37 changed files with 2924 additions and 5646 deletions

47
.gitignore vendored
View File

@ -1,8 +1,51 @@
nss-3.12.10-stripped.tar.bz2
nss-pem-20101125.tar.bz2
blank-cert8.db
blank-key3.db
blank-secmod.db
blank-cert9.db
blank-key4.db
PayPalEE.cert
TestCA.ca.cert
TestUser50.cert
TestUser51.cert
/PayPalRootCA.cert
/PayPalICA.cert
/nss-3.25.0.tar.gz
/nss-3.26.0.tar.gz
/nss-3.27.0.tar.gz
/nss-3.27.2.tar.gz
/nss-3.28.1.tar.gz
/nss-3.29.0.tar.gz
/nss-3.29.1.tar.gz
/nss-3.30.0.tar.gz
/nss-3.30.2.tar.gz
/nss-3.31.0.tar.gz
/nss-3.32.0.tar.gz
/nss-3.32.1.tar.gz
/nss-3.33.0.tar.gz
/nss-3.34.0.tar.gz
/nss-3.35.0.tar.gz
/nss-3.36.0.tar.gz
/nss-3.36.1.tar.gz
/nss-3.37.1.tar.gz
/nss-3.37.3.tar.gz
/nss-3.38.0.tar.gz
/nss-3.39.tar.gz
/nss-3.40.1.tar.gz
/nss-3.41.tar.gz
/nss-3.42.tar.gz
/nss-3.42.1.tar.gz
/nss-3.43.tar.gz
/nss-3.44.tar.gz
/nss-3.44.1.tar.gz
/nss-3.45.tar.gz
/nss-3.46.tar.gz
/nss-3.46.1.tar.gz
/nss-3.47.tar.gz
/nss-3.47.1.tar.gz
/nss-3.48.tar.gz
/nss-3.49.tar.gz
/nss-3.49.2.tar.gz
/nss-3.50.tar.gz
/nss-3.51.tar.gz
/nss-3.51.1.tar.gz
/nss-3.52.tar.gz

View File

@ -1,107 +0,0 @@
From 5c61cdba435096ee6e65cee4dc9a473430643c07 Mon Sep 17 00:00:00 2001
From: Elio Maldonado <emaldona@redhat.com>
Date: Tue, 12 Apr 2011 09:31:48 -0700
Subject: [PATCH] Bug 695011 PEM logging
Use NSPR logging facilities for PEM logging to fix a segmenation violation
caused when user cannot for write a log file created by root
---
mozilla/security/nss/lib/ckfw/pem/ckpem.h | 7 ++++-
mozilla/security/nss/lib/ckfw/pem/util.c | 30 ++++++++++++++++------------
2 files changed, 22 insertions(+), 15 deletions(-)
diff --git a/mozilla/security/nss/lib/ckfw/pem/ckpem.h b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
index 839d40b..720525e 100644
--- a/mozilla/security/nss/lib/ckfw/pem/ckpem.h
+++ b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
@@ -1,3 +1,6 @@
+#ifndef CKPEM_H
+#define CKPEM_H
+
#include "nssckmdt.h"
#include "nssckfw.h"
#include "ckfwtm.h"
@@ -254,8 +257,8 @@ unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk);
/* ptoken.c */
NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError);
+/* util.c */
void open_log();
-void close_log();
void plog(const char *fmt, ...);
-#define PEM_H 1
+#endif /* CKPEM_H */
diff --git a/mozilla/security/nss/lib/ckfw/pem/util.c b/mozilla/security/nss/lib/ckfw/pem/util.c
index 853f418..fafb924 100644
--- a/mozilla/security/nss/lib/ckfw/pem/util.c
+++ b/mozilla/security/nss/lib/ckfw/pem/util.c
@@ -41,6 +41,7 @@
#include "prtime.h"
#include "prlong.h"
#include "prerror.h"
+#include "prlog.h"
#include "prprf.h"
#include "plgetopt.h"
#include "prenv.h"
@@ -51,6 +52,9 @@
#include "cryptohi.h"
#include "secpkcs7.h"
#include "secerr.h"
+
+#include "ckpem.h"
+
#include <stdarg.h>
#define CHUNK_SIZE 512
@@ -267,34 +271,34 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
return -1;
}
-FILE *plogfile;
+#ifdef DEBUG
+#define LOGGING_BUFFER_SIZE 400
+#define PEM_DEFAULT_LOG_FILE "/tmp/pkcs11.log"
+static const char *pemLogModuleName = "PEM";
+static PRLogModuleInfo* pemLogModule;
+#endif
void open_log()
{
#ifdef DEBUG
- plogfile = fopen("/tmp/pkcs11.log", "a");
-#endif
+ const char *nsprLogFile = PR_GetEnv("NSPR_LOG_FILE");
- return;
-}
+ pemLogModule = PR_NewLogModule(pemLogModuleName);
-void close_log()
-{
-#ifdef DEBUG
- fclose(plogfile);
+ (void) PR_SetLogFile(nsprLogFile ? nsprLogFile : PEM_DEFAULT_LOG_FILE);
+ /* If false, the log file will remain what it was before */
#endif
- return;
}
void plog(const char *fmt, ...)
{
#ifdef DEBUG
+ char buf[LOGGING_BUFFER_SIZE];
va_list ap;
va_start(ap, fmt);
- vfprintf(plogfile, fmt, ap);
+ PR_vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
-
- fflush(plogfile);
+ PR_LOG(pemLogModule, PR_LOG_DEBUG, ("%s", buf));
#endif
}
--
1.7.4.2

68
STAGE2-nss Normal file
View File

@ -0,0 +1,68 @@
#requires nspr
#requires perl
#requires nss-util
#requires nss-softokn
mcd $BUILDDIR/nss
export BUILD_OPT=1
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
export NSPR_INCLUDE_DIR=/usr/include/nspr
export NSPR_LIB_DIR=/usr/lib${SUFFIX}
export NSS_USE_SYSTEM_SQLITE=1
export NSS_BUILD_WITHOUT_SOFTOKEN=1
export USE_SYSTEM_SOFTOKEN=1
export SOFTOKEN_LIB_DIR=/usr/lib${SUFFIX}
export NSSUTIL_INCLUDE_DIR=/usr/include/nss3
export NSSUTIL_LIB_DIR=/usr/lib${SUFFIX}
export USE_SYSTEM_NSSUTIL=1
export FREEBL_INCLUDE_DIR=/usr/include/nss3
export FREEBL_LIB_DIR=/usr/lib${SUFFIX}
export USE_SYSTEM_FREEBL=1
export NSS_USE_SYSTEM_FREEBL=1
export FREEBL_NO_DEPEND=1
export IN_TREE_FREEBL_HEADERS_FIRST=1
export NSS_BLTEST_NOT_AVAILABLE=1
export NSS_NO_SSL2_NO_EXPORT=1
export NSS_ECC_MORE_THAN_SUITE_B=1
export NSS_NO_PKCS11_BYPASS=1
#export NSDISTMODE="copy"
if [ "$SUFFIX" = "64" ]; then
USE_64=1
export USE_64
fi
(cd $SRC/nss-3.* && mkdir -p dist/private/nss && cp nss/lib/ckfw/nssck.api dist/private/nss/)
make -C $SRC/nss-3.*/nss/coreconf
make -C $SRC/nss-3.*/nss/lib/dbm
# nss/nssinit.c, ssl/sslcon.c, smime/smimeutil.c and ckfw/builtins/binst.c
# need nss/verref.h which is exported privately, move it to where it can be found.
(cd $SRC/nss-3.* && mkdir -p dist/private/nss && cp -a nss/verref.h dist/private/nss/)
make -C $SRC/nss-3.*/nss
cd $SRC/nss-3.*/nss/coreconf
make install
cd $SRC/nss-3.*/nss/lib/dbm
make install
cd $SRC/nss-3.*/nss
make install
# Copy the binary libraries we want
NSSLIBS="libnss3.so libnssckbi.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so"
# BOZO: temporarily disable FIPS140 support
#NSSLIBCHKS="libnssdbm3.chk libfreebl3.chk libsoftokn3.chk"
NSSLIBCHKS=""
# END BOZO
cd $SRC/nss-3.*
for file in $NSSLIBS $NSSLIBCHKS
do
install -p -m 755 dist/*.OBJ/lib/$file /usr/lib${SUFFIX}/
done
# Copy the include files we want
for file in $SRC/nss-*/dist/public/nss/*.h
do
install -p -m 644 $file /usr/include/nss3/
done

File diff suppressed because it is too large Load Diff

View File

@ -1,637 +0,0 @@
diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.c
--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 2011-11-03 13:52:25.634021626 -0700
+++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.c 2011-11-03 13:54:04.872021278 -0700
@@ -35,7 +35,7 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.13 $ $Date: 2011/09/02 19:39:06 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.13 $ $Date: 2011/09/02 19:39:06 $";
+static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.14 $ $Date: 2011/11/03 15:12:14 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.14 $ $Date: 2011/11/03 15:12:14 $";
#endif /* DEBUG */
#ifndef BUILTINS_H
@@ -1075,6 +1075,18 @@ static const CK_ATTRIBUTE_TYPE nss_built
static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_342 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_343 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+};
#ifdef DEBUG
static const NSSItem nss_builtins_items_0 [] = {
{ (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
@@ -1083,7 +1095,7 @@ static const NSSItem nss_builtins_items_
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"CVS ID", (PRUint32)7 },
{ (void *)"NSS", (PRUint32)4 },
- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.13 $ $Date: 2011/09/02 19:39:06 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.13 $ $Date: 2011/09/02 19:39:06 $", (PRUint32)165 }
+ { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.14 $ $Date: 2011/11/03 15:12:14 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.14 $ $Date: 2011/11/03 15:12:14 $", (PRUint32)165 }
};
#endif /* DEBUG */
static const NSSItem nss_builtins_items_1 [] = {
@@ -22600,6 +22612,266 @@ static const NSSItem nss_builtins_items_
{ (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
+static const NSSItem nss_builtins_items_340 [] = {
+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 },
+ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+ { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061"
+"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145"
+"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017"
+"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061"
+"\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151"
+"\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156"
+"\162\151\143\150\051"
+, (PRUint32)101 },
+ { (void *)"0", (PRUint32)2 },
+ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
+"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157"
+"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125"
+"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165"
+"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156"
+"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105"
+"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142"
+"\141\154\040\122\157\157\164"
+, (PRUint32)119 },
+ { (void *)"\002\006\007\377\377\377\377\377"
+, (PRUint32)8 },
+ { (void *)"\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007"
+"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001"
+"\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023"
+"\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124"
+"\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060"
+"\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145"
+"\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163"
+"\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023"
+"\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040"
+"\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060"
+"\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062"
+"\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060"
+"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003"
+"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144"
+"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013"
+"\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003"
+"\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145"
+"\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051"
+"\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001"
+"\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144"
+"\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376"
+"\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312"
+"\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225"
+"\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152"
+"\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173"
+"\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335"
+"\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177"
+"\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001"
+"\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035"
+"\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134"
+"\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001"
+"\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005"
+"\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142"
+"\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164"
+"\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056"
+"\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003"
+"\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006"
+"\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061"
+"\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026"
+"\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157"
+"\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023"
+"\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040"
+"\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061"
+"\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171"
+"\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040"
+"\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004"
+"\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072"
+"\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165"
+"\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103"
+"\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060"
+"\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027"
+"\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015"
+"\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201"
+"\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005"
+"\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325"
+"\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377"
+"\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222"
+"\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113"
+"\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362"
+"\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305"
+"\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143"
+"\131"
+, (PRUint32)977 }
+};
+static const NSSItem nss_builtins_items_341 [] = {
+ { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 },
+ { (void *)"\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025"
+"\214\071\131\117"
+, (PRUint32)20 },
+ { (void *)"\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152"
+, (PRUint32)16 },
+ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
+"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157"
+"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125"
+"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165"
+"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156"
+"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105"
+"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142"
+"\141\154\040\122\157\157\164"
+, (PRUint32)119 },
+ { (void *)"\002\006\007\377\377\377\377\377"
+, (PRUint32)8 },
+ { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
+static const NSSItem nss_builtins_items_342 [] = {
+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 },
+ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+ { (void *)"\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061"
+"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145"
+"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017"
+"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061"
+"\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151"
+"\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050"
+"\105\156\162\151\143\150\051"
+, (PRUint32)103 },
+ { (void *)"0", (PRUint32)2 },
+ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143"
+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
+"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105"
+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
+"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151"
+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
+"\040\050\062\060\064\070\051"
+, (PRUint32)183 },
+ { (void *)"\002\006\007\377\377\377\377\377"
+, (PRUint32)8 },
+ { (void *)"\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007"
+"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001"
+"\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012"
+"\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060"
+"\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162"
+"\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070"
+"\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056"
+"\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061"
+"\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071"
+"\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114"
+"\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023"
+"\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162"
+"\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157"
+"\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061"
+"\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065"
+"\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060"
+"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003"
+"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144"
+"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013"
+"\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003"
+"\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145"
+"\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143"
+"\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015"
+"\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202"
+"\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065"
+"\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140"
+"\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026"
+"\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313"
+"\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336"
+"\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245"
+"\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044"
+"\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167"
+"\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026"
+"\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166"
+"\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063"
+"\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312"
+"\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364"
+"\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046"
+"\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150"
+"\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205"
+"\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060"
+"\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006"
+"\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001"
+"\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006"
+"\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005"
+"\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006"
+"\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006"
+"\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072"
+"\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156"
+"\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006"
+"\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005"
+"\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167"
+"\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171"
+"\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004"
+"\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072"
+"\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145"
+"\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003"
+"\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060"
+"\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321"
+"\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160"
+"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003"
+"\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153"
+"\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003"
+"\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001"
+"\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014"
+"\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063"
+"\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142"
+"\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264"
+"\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251"
+"\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330"
+"\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327"
+"\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013"
+"\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113"
+"\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227"
+"\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100"
+"\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247"
+"\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011"
+"\355\020\342\305"
+, (PRUint32)1236 }
+};
+static const NSSItem nss_builtins_items_343 [] = {
+ { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 },
+ { (void *)"\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151"
+"\005\155\061\046"
+, (PRUint32)20 },
+ { (void *)"\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362"
+, (PRUint32)16 },
+ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143"
+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
+"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105"
+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
+"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151"
+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
+"\040\050\062\060\064\070\051"
+, (PRUint32)183 },
+ { (void *)"\002\006\007\377\377\377\377\377"
+, (PRUint32)8 },
+ { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
builtinsInternalObject
nss_builtins_data[] = {
@@ -22944,11 +23216,15 @@ nss_builtins_data[] = {
{ 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} },
{ 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} },
{ 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} },
- { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }
+ { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} },
+ { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} },
+ { 13, nss_builtins_types_341, nss_builtins_items_341, {NULL} },
+ { 11, nss_builtins_types_342, nss_builtins_items_342, {NULL} },
+ { 13, nss_builtins_types_343, nss_builtins_items_343, {NULL} }
};
const PRUint32
#ifdef DEBUG
- nss_builtins_nObjects = 339+1;
+ nss_builtins_nObjects = 343+1;
#else
- nss_builtins_nObjects = 339;
+ nss_builtins_nObjects = 343;
#endif /* DEBUG */
diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt
--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 2011-11-03 13:52:50.979012198 -0700
+++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt 2011-11-03 13:54:37.485020788 -0700
@@ -34,7 +34,7 @@
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.64.2.13 $ $Date: 2011/09/02 19:39:06 $"
+CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.64.2.14 $ $Date: 2011/11/03 15:12:15 $"
#
# certdata.txt
@@ -23299,3 +23299,284 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSC
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061
+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
+\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151
+\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156
+\162\151\143\150\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007
+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023
+\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124
+\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060
+\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145
+\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163
+\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023
+\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
+\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060
+\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062
+\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060
+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
+\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003
+\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145
+\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051
+\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144
+\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376
+\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312
+\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225
+\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152
+\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173
+\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335
+\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177
+\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001
+\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035
+\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134
+\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001
+\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005
+\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142
+\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164
+\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056
+\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006
+\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061
+\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026
+\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157
+\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023
+\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
+\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061
+\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171
+\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040
+\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004
+\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072
+\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165
+\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103
+\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060
+\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027
+\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201
+\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005
+\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325
+\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377
+\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222
+\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113
+\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362
+\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305
+\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143
+\131
+END
+
+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025
+\214\071\131\117
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061
+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
+\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151
+\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050
+\105\156\162\151\143\150\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007
+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012
+\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060
+\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162
+\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070
+\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056
+\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061
+\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071
+\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114
+\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023
+\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061
+\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065
+\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060
+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
+\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003
+\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145
+\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143
+\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065
+\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140
+\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026
+\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313
+\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336
+\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245
+\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044
+\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167
+\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026
+\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166
+\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063
+\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312
+\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364
+\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046
+\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150
+\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205
+\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
+\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
+\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
+\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006
+\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006
+\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072
+\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156
+\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006
+\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005
+\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167
+\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171
+\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004
+\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072
+\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145
+\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003
+\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060
+\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321
+\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153
+\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003
+\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001
+\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014
+\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063
+\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142
+\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264
+\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251
+\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330
+\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327
+\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013
+\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113
+\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227
+\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100
+\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247
+\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011
+\355\020\342\305
+END
+
+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151
+\005\155\061\046
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
diff -up ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h
--- ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 2011-11-03 13:53:16.192262303 -0700
+++ ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h 2011-11-03 13:54:48.182013245 -0700
@@ -77,8 +77,8 @@
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 87
-#define NSS_BUILTINS_LIBRARY_VERSION "1.87"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 88
+#define NSS_BUILTINS_LIBRARY_VERSION "1.88"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1

59
cert8.db.xml Normal file
View File

@ -0,0 +1,59 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="cert8.db">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>cert8.db</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>cert8.db</refname>
<refpurpose>Legacy NSS certificate database</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para><emphasis>cert8.db</emphasis> is an NSS certificate database.</para>
<para>This certificate database is in the legacy database format. Consider migrating to cert9.db and key4.db which are the new sqlite-based shared database format with support for concurrent access.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/cert8.db</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

59
cert9.db.xml Normal file
View File

@ -0,0 +1,59 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="cert9.db">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>cert9.db</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>cert9.db</refname>
<refpurpose>NSS certificate database</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para><emphasis>cert9.db</emphasis> is an NSS certificate database.</para>
<para>This certificate database is the sqlite-based shared database with support for concurrent access.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/cert9.db</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>pkcs11.txt(5)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

13
iquote.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
--- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200
+++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200
@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME
SQLITE_LIB_NAME = sqlite3
endif
+# Prefer in-tree headers over system headers
+ifdef IN_TREE_FREEBL_HEADERS_FIRST
+ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss
+endif
+
MK_LOCATION = included

59
key3.db.xml Normal file
View File

@ -0,0 +1,59 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="key3.db">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>key3.db</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>key3.db</refname>
<refpurpose>Legacy NSS certificate database</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para><emphasis>key3.db</emphasis> is an NSS certificate database.</para>
<para>This is a key database in the legacy database format. Consider migrating to cert9.db and key4.db which which are the new sqlite-based shared database format with support for concurrent access.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/key3.db</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

59
key4.db.xml Normal file
View File

@ -0,0 +1,59 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="key4.db">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>key4.db</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>key4.db</refname>
<refpurpose>NSS certificate database</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para><emphasis>key4.db</emphasis> is an NSS key database.</para>
<para>This key database is the sqlite-based shared database format with support for concurrent access.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/key4.db</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>pkcs11.txt(5)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

View File

@ -1,22 +1,62 @@
diff -up ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 ./mozilla/security/nss/cmd/selfserv/selfserv.c
--- ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 2011-04-27 15:24:07.922128850 -0700
+++ ./mozilla/security/nss/cmd/selfserv/selfserv.c 2011-04-27 15:27:11.053271675 -0700
@@ -1493,14 +1493,14 @@ getBoundListenSocket(unsigned short port
--- nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700
+++ nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700
@@ -953,23 +953,23 @@
getBoundListenSocket(unsigned short port)
{
PRFileDesc *listen_sock;
int listenQueueDepth = 5 + (2 * maxThreads);
PRStatus prStatus;
PRNetAddr addr;
PRSocketOptionData opt;
PRUint16 socketDomain = PR_AF_INET;
- addr.inet.family = PR_AF_INET;
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
+ errExit("PR_SetNetAddr");
+ errExit("PR_SetNetAddr");
+ }
if (PR_GetEnv("NSS_USE_SDP")) {
socketDomain = PR_AF_INET_SDP;
}
- listen_sock = PR_OpenTCPSocket(socketDomain);
- listen_sock = PR_NewTCPSocket();
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
if (listen_sock == NULL) {
errExit("PR_OpenTCPSocket error");
- errExit("PR_NewTCPSocket");
+ errExit("PR_OpenTCPSockett");
}
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
--- nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700
+++ nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700
@@ -1711,23 +1711,23 @@
getBoundListenSocket(unsigned short port)
{
PRFileDesc *listen_sock;
int listenQueueDepth = 5 + (2 * maxThreads);
PRStatus prStatus;
PRNetAddr addr;
PRSocketOptionData opt;
- addr.inet.family = PR_AF_INET;
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
+ errExit("PR_SetNetAddr");
+ }
- listen_sock = PR_NewTCPSocket();
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
if (listen_sock == NULL) {
- errExit("PR_NewTCPSocket");
+ errExit("PR_OpenTCPSocket error");
}
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");

View File

@ -1,34 +0,0 @@
diff -up ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot ./mozilla/security/nss/tests/dbtests/dbtests.sh
--- ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot 2011-04-06 09:56:07.207701000 -0700
+++ ./mozilla/security/nss/tests/dbtests/dbtests.sh 2011-04-06 10:19:54.159552000 -0700
@@ -201,6 +201,9 @@ dbtest_main()
cat $RONLY_DIR/* > /dev/null
fi
+ # skipping the next two tests when user is root,
+ # otherwise they would fail due to rooty powers
+ if [[ $EUID -ne 0 ]] then
${BINDIR}/dbtest -d $RONLY_DIR
ret=$?
if [ $ret -ne 46 ]; then
@@ -208,6 +211,10 @@ dbtest_main()
else
html_passed "Dbtest r/w didn't work in an readonly dir $ret"
fi
+ else
+ html_passed "Skipping Dbtest r/w in a readonly dir because user is root"
+ fi
+ if [[ $EUID -ne 0 ]] then
${BINDIR}/certutil -D -n "TestUser" -d .
ret=$?
if [ $ret -ne 255 ]; then
@@ -215,6 +222,9 @@ dbtest_main()
else
html_passed "Certutil didn't work in an readonly dir $ret"
fi
+ else
+ html_passed "Skipping Certutil delete cert in an readonly directory test because user is root"
+ fi
Echo "test opening the database ronly in a readonly directory"

View File

@ -1,47 +0,0 @@
Index: mozilla/security/nss/lib/crmf/crmfi.h
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/crmf/crmfi.h,v
retrieving revision 1.4
diff -u -u -r1.4 crmfi.h
--- mozilla/security/nss/lib/crmf/crmfi.h 15 Jan 2011 19:47:11 -0000 1.4
+++ mozilla/security/nss/lib/crmf/crmfi.h 11 May 2011 20:06:26 -0000
@@ -46,10 +46,38 @@
#include "secasn1.h"
#include "crmfit.h"
#include "secerr.h"
+#include "blapit.h"
#define CRMF_DEFAULT_ARENA_SIZE 1024
-#define MAX_WRAPPED_KEY_LEN 2048
+/*
+ * Explanation for the definition of MAX_WRAPPED_KEY_LEN:
+ *
+ * It's used for internal buffers to transport a wrapped private key.
+ * The value is in BYTES.
+ * We want to define a reasonable upper bound for this value.
+ * Ideally this could be calculated, but in order to simplify the code
+ * we want to estimate the maximum requires size.
+ * See also mozilla bug 655850 for the full explanation.
+ *
+ * We know the largest wrapped keys are RSA keys.
+ * We'll estimate the maximum size needed for wrapped RSA keys,
+ * and assume it's sufficient for wrapped keys of any type we support.
+ *
+ * The maximum size of RSA keys in bits is defined elsewhere as
+ * RSA_MAX_MODULUS_BITS
+ *
+ * The idea is to define MAX_WRAPPED_KEY_LEN based on the above.
+ *
+ * A wrapped RSA key requires about
+ * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65
+ * bytes.
+ *
+ * Therefore, a safe upper bound is:
+ * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS
+ *
+ */
+#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS
#define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8)
#define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8)

132
nss-config.xml Normal file
View File

@ -0,0 +1,132 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="nss-config">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>nss-config</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>nss-config</refname>
<refpurpose>Return meta information about nss libraries</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nss-config</command>
<arg><option>--prefix</option></arg>
<arg><option>--exec-prefix</option></arg>
<arg><option>--includedir</option></arg>
<arg><option>--libs</option></arg>
<arg><option>--cflags</option></arg>
<arg><option>--libdir</option></arg>
<arg><option>--version</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection id="description">
<title>Description</title>
<para><command>nss-config</command> is a shell scrip
tool which can be used to obtain gcc options for building client pacakges of nspt. </para>
</refsection>
<refsection>
<title>Options</title>
<variablelist>
<varlistentry>
<term><option>--prefix</option></term>
<listitem><simpara>Returns the top level system directory under which the nss libraries are installed.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--exec-prefix</option></term>
<listitem><simpara>returns the top level system directory under which any nss binaries would be installed.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--includedir</option> <replaceable>count</replaceable></term>
<listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--version</option></term>
<listitem><simpara>returns the upstream version of nss in the form major_version-minor_version-patch_version.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--libs</option></term>
<listitem><simpara>returns the compiler linking flags.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--cflags</option></term>
<listitem><simpara>returns the compiler include flags.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--libdir</option></term>
<listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Examples</title>
<para>The following example will query for both include path and linkage flags:
<programlisting>
/usr/bin/nss-config --cflags --libs
</programlisting>
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/usr/bin/nss-config</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>pkg-config(1)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>
Authors: Elio Maldonado &lt;emaldona@redhat.com>.
</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

View File

@ -1,12 +0,0 @@
diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700
+++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700
@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
CORE_DEPTH = ../../..
-DIRS = builtins
+DIRS = builtins pem
PRIVATE_EXPORTS = \
ck.h \

View File

@ -0,0 +1,21 @@
diff -up ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 ./lib/util/pkcs11n.h
--- ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 2020-05-13 13:44:11.312405744 -0700
+++ ./lib/util/pkcs11n.h 2020-05-13 13:45:23.951723660 -0700
@@ -605,7 +605,7 @@ typedef struct CK_NSS_GCM_PARAMS {
typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR;
/* deprecated #defines. Drop in future NSS releases */
-#ifdef NSS_PKCS11_2_0_COMPAT
+#ifndef NSS_PKCS11_3_0_STRICT
/* defines that were changed between NSS's PKCS #11 and the Oasis headers */
#define CKF_EC_FP CKF_EC_F_P
@@ -664,7 +664,7 @@ typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_
#define CKT_NETSCAPE_VALID CKT_NSS_VALID
#define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
#else
-/* use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined */
+/* use the new CK_GCM_PARAMS if NSS_PKCS11_3_0_STRICT is defined */
typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS;
typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR;
#endif

31
nss-kremlin-ppc64le.patch Normal file
View File

@ -0,0 +1,31 @@
Index: nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
===================================================================
--- nss.orig/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
+++ nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
@@ -56,9 +56,10 @@ typedef const char *Prims_string;
!defined(__clang__)
#include <emmintrin.h>
typedef __m128i FStar_UInt128_uint128;
-#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
+#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
(defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
- (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
+ defined(__s390x__))
typedef unsigned __int128 FStar_UInt128_uint128;
#elif !defined(KRML_VERIFIED_UINT128) && defined(_MSC_VER) && defined(__clang__)
typedef __uint128_t FStar_UInt128_uint128;
Index: nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
===================================================================
--- nss.orig/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
+++ nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
@@ -26,7 +26,8 @@
#if !defined(KRML_VERIFIED_UINT128) && (!defined(_MSC_VER) || defined(__clang__)) && \
(defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
- (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
+ defined(__s390x__))
/* GCC + using native unsigned __int128 support */

4
nss-p11-kit.config Normal file
View File

@ -0,0 +1,4 @@
name=p11-kit-proxy
library=p11-kit-proxy.so

94
nss-signtool-format.patch Normal file
View File

@ -0,0 +1,94 @@
diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c
--- a/cmd/modutil/install.c
+++ b/cmd/modutil/install.c
@@ -825,17 +825,20 @@ rm_dash_r(char *path)
dir = PR_OpenDir(path);
if (!dir) {
return -1;
}
/* Recursively delete all entries in the directory */
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
- sprintf(filename, "%s/%s", path, entry->name);
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
+ PR_CloseDir(dir);
+ return -1;
+ }
if (rm_dash_r(filename)) {
PR_CloseDir(dir);
return -1;
}
}
if (PR_CloseDir(dir) != PR_SUCCESS) {
return -1;
diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c
--- a/cmd/signtool/util.c
+++ b/cmd/signtool/util.c
@@ -132,17 +132,20 @@ rm_dash_r(char *path)
if (!dir) {
PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
errorCount++;
return -1;
}
/* Recursively delete all entries in the directory */
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
- sprintf(filename, "%s/%s", path, entry->name);
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
+ errorCount++;
+ return -1;
+ }
if (rm_dash_r(filename))
return -1;
}
if (PR_CloseDir(dir) != PR_SUCCESS) {
PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
errorCount++;
return -1;
diff --git a/lib/libpkix/pkix/util/pkix_list.c b/lib/libpkix/pkix/util/pkix_list.c
--- a/lib/libpkix/pkix/util/pkix_list.c
+++ b/lib/libpkix/pkix/util/pkix_list.c
@@ -1530,17 +1530,17 @@ cleanup:
*/
PKIX_Error *
PKIX_List_SetItem(
PKIX_List *list,
PKIX_UInt32 index,
PKIX_PL_Object *item,
void *plContext)
{
- PKIX_List *element;
+ PKIX_List *element = NULL;
PKIX_ENTER(LIST, "PKIX_List_SetItem");
PKIX_NULLCHECK_ONE(list);
if (list->immutable){
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
}
diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
@@ -102,17 +102,17 @@ cleanup:
*/
static PKIX_Error *
pkix_pl_OID_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
- PKIX_Int32 cmpResult;
+ PKIX_Int32 cmpResult = 0;
PKIX_ENTER(OID, "pkix_pl_OID_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_pl_OID_Comparator
(first, second, &cmpResult, plContext),
PKIX_OIDCOMPARATORFAILED);

116
nss-softokn-config.in Normal file
View File

@ -0,0 +1,116 @@
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <<EOF
Usage: nss-softokn-config [OPTIONS] [LIBRARIES]
Options:
[--prefix[=DIR]]
[--exec-prefix[=DIR]]
[--includedir[=DIR]]
[--libdir[=DIR]]
[--version]
[--libs]
[--cflags]
Dynamic Libraries:
softokn3 - Requires full dynamic linking
freebl3 - for internal use only (and glibc for self-integrity check)
nssdbm3 - for internal use only
Dymamically linked
EOF
exit $1
}
if test $# -eq 0; then
usage 1 1>&2
fi
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
case $1 in
--prefix=*)
prefix=$optarg
;;
--prefix)
echo_prefix=yes
;;
--exec-prefix=*)
exec_prefix=$optarg
;;
--exec-prefix)
echo_exec_prefix=yes
;;
--includedir=*)
includedir=$optarg
;;
--includedir)
echo_includedir=yes
;;
--libdir=*)
libdir=$optarg
;;
--libdir)
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
;;
--cflags)
echo_cflags=yes
;;
--libs)
echo_libs=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
fi
if test -z "$includedir"; then
includedir=`pkg-config --variable=includedir nss-softokn`
fi
if test -z "$libdir"; then
libdir=`pkg-config --variable=libdir nss-softokn`
fi
if test "$echo_prefix" = "yes"; then
echo $prefix
fi
if test "$echo_exec_prefix" = "yes"; then
echo $exec_prefix
fi
if test "$echo_includedir" = "yes"; then
echo $includedir
fi
if test "$echo_libdir" = "yes"; then
echo $libdir
fi
if test "$echo_cflags" = "yes"; then
echo -I$includedir
fi
if test "$echo_libs" = "yes"; then
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
echo $libdirs
fi

View File

@ -0,0 +1,18 @@
#!/bin/bash
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
check() {
return 255
}
depends() {
return 0
}
install() {
local _dir
inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \
libfreebl3.so
}

3
nss-softokn-dracut.conf Normal file
View File

@ -0,0 +1,3 @@
# turn on nss-softokn module
add_dracutmodules+=" nss-softokn "

11
nss-softokn.pc.in Normal file
View File

@ -0,0 +1,11 @@
prefix=%prefix%
exec_prefix=%exec_prefix%
libdir=%libdir%
includedir=%includedir%
Name: NSS-SOFTOKN
Description: Network Security Services Softoken PKCS #11 Module
Version: %SOFTOKEN_VERSION%
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3
Cflags: -I${includedir}

118
nss-util-config.in Normal file
View File

@ -0,0 +1,118 @@
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <<EOF
Usage: nss-util-config [OPTIONS] [LIBRARIES]
Options:
[--prefix[=DIR]]
[--exec-prefix[=DIR]]
[--includedir[=DIR]]
[--libdir[=DIR]]
[--version]
[--libs]
[--cflags]
Dynamic Libraries:
nssutil
EOF
exit $1
}
if test $# -eq 0; then
usage 1 1>&2
fi
lib_nssutil=yes
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
case $1 in
--prefix=*)
prefix=$optarg
;;
--prefix)
echo_prefix=yes
;;
--exec-prefix=*)
exec_prefix=$optarg
;;
--exec-prefix)
echo_exec_prefix=yes
;;
--includedir=*)
includedir=$optarg
;;
--includedir)
echo_includedir=yes
;;
--libdir=*)
libdir=$optarg
;;
--libdir)
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
;;
--cflags)
echo_cflags=yes
;;
--libs)
echo_libs=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
exec_prefix=`pkg-config --variable=exec_prefix nss-util`
fi
if test -z "$includedir"; then
includedir=`pkg-config --variable=includedir nss-util`
fi
if test -z "$libdir"; then
libdir=`pkg-config --variable=libdir nss-util`
fi
if test "$echo_prefix" = "yes"; then
echo $prefix
fi
if test "$echo_exec_prefix" = "yes"; then
echo $exec_prefix
fi
if test "$echo_includedir" = "yes"; then
echo $includedir
fi
if test "$echo_libdir" = "yes"; then
echo $libdir
fi
if test "$echo_cflags" = "yes"; then
echo -I$includedir
fi
if test "$echo_libs" = "yes"; then
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
if test -n "$lib_nssutil"; then
libdirs="$libdirs -lnssutil${major_version}"
fi
echo $libdirs
fi

11
nss-util.pc.in Normal file
View File

@ -0,0 +1,11 @@
prefix=%prefix%
exec_prefix=%exec_prefix%
libdir=%libdir%
includedir=%includedir%
Name: NSS-UTIL
Description: Network Security Services Utility Library
Version: %NSSUTIL_VERSION%
Requires: nspr >= %NSPR_VERSION%
Libs: -L${libdir} -lnssutil3
Cflags: -I${includedir}

View File

@ -7,5 +7,5 @@ Name: NSS
Description: Network Security Services
Version: %NSS_VERSION%
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
Libs: -lssl3 -lsmime3 -lnss3
Libs: -L${libdir} -lssl3 -lsmime3 -lnss3
Cflags: -I${includedir}

1777
nss.spec

File diff suppressed because it is too large Load Diff

View File

@ -1,52 +0,0 @@
diff -up ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 ./mozilla/security/nss/lib/ckfw/pem/util.c
--- ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 2010-11-25 10:49:27.000000000 -0800
+++ ./mozilla/security/nss/lib/ckfw/pem/util.c 2010-12-08 08:02:02.618304926 -0800
@@ -96,9 +96,6 @@ static SECItem *AllocItem(SECItem * item
return (result);
loser:
- if (result != NULL) {
- SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE);
- }
return (NULL);
}
@@ -110,7 +107,7 @@ static SECStatus FileToItem(SECItem * ds
prStatus = PR_GetOpenFileInfo(src, &info);
- if (prStatus != PR_SUCCESS) {
+ if (prStatus != PR_SUCCESS || info.type == PR_FILE_DIRECTORY) {
return SECFailure;
}
@@ -126,8 +123,7 @@ static SECStatus FileToItem(SECItem * ds
return SECSuccess;
loser:
- SECITEM_FreeItem(dst, PR_FALSE);
- nss_ZFreeIf(dst);
+ nss_ZFreeIf(dst->data);
return SECFailure;
}
@@ -153,6 +149,10 @@ ReadDERFromFile(SECItem *** derlist, cha
/* Read in ascii data */
rv = FileToItem(&filedata, inFile);
+ if (rv != SECSuccess) {
+ PR_Close(inFile);
+ return -1;
+ }
asc = (char *) filedata.data;
if (!asc) {
PR_Close(inFile);
@@ -252,7 +252,7 @@ ReadDERFromFile(SECItem *** derlist, cha
} else {
/* Read in binary der */
rv = FileToItem(der, inFile);
- if (rv) {
+ if (rv != SECSuccess) {
PR_Close(inFile);
return -1;
}

56
pkcs11.txt.xml Normal file
View File

@ -0,0 +1,56 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="pkcs11.txt">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>pkcs11.txt</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>pkcs11.txt</refname>
<refpurpose>NSS PKCS #11 module configuration file</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para>
The pkcs11.txt file is used to configure initialization parameters for the nss security module and optionally other pkcs #11 modules.
</para>
<para>
For full documentation visit <ulink url="https://developer.mozilla.org/en-US/docs/PKCS11_Module_Specs">PKCS #11 Module Specs</ulink>.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/pkcs11.txt</filename></para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

View File

@ -1,12 +0,0 @@
diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c
--- ./mozilla/security/nss/lib/ssl/sslsock.c.transitional 2010-09-04 09:46:50.331327676 -0700
+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2010-09-04 09:50:02.814325605 -0700
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */
- 2, /* enableRenegotiation (default: requires extension) */
+ 3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */
};

63
secmod.db.xml Normal file
View File

@ -0,0 +1,63 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="secmod.db">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>secmod.db</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>secmod.db</refname>
<refpurpose>Legacy NSS security modules database</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para><emphasis>secmod.db</emphasis> is an NSS security modules database.</para>
<para>The security modules database is used to keep track of the NSS security modules. The NSS security modules export their services via the PKCS #11 API which NSS uses as its Services Provider Interface.
</para>
<para>The command line utility <emphasis>modutil</emphasis> is used for managing PKCS #11 module information both within secmod.db files and within hardware tokens.
</para>
<para>For new applications the recommended way of tracking security modules is via the pkcs11.txt configuration file used in conjunction the new sqlite-based shared database format for certificate and key databases.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/secmod.db</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>modutil(1), cert8.db(5), cert9.db(5), key3.db(5), key4.db(5), pkcs11.txt(5)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

106
setup-nsssysinit.xml Normal file
View File

@ -0,0 +1,106 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="setup-nsssysinit">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>setup-nsssysinit</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>setup-nsssysinit</refname>
<refpurpose>Query or enable the nss-sysinit module</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>setup-nsssysinit</command>
<arg><option>on</option></arg>
<arg><option>off</option></arg>
<arg><option>status</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection id="description">
<title>Description</title>
<para><command>setup-nsssysinit</command> is a shell script to query the status of the nss-sysinit module and when run with root priviledge it can enable or disable it. </para>
<para>Turns on or off the nss-sysinit module db by editing the global PKCS #11 configuration file. Displays the status. This script can be invoked by the user as super user. It is invoked at nss-sysinit post install time with argument on.
</para>
</refsection>
<refsection>
<title>Options</title>
<variablelist>
<varlistentry>
<term><option>on</option></term>
<listitem><simpara>Turn on nss-sysinit.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>off</option></term>
<listitem><simpara>Turn on nss-sysinit.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>status</option></term>
<listitem><simpara>returns whether nss-syinit is enabled or not.</simpara></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Examples</title>
<para>The following example will query for the status of nss-sysinit:
<programlisting>
/usr/bin/setup-nsssysinit status
</programlisting>
</para>
<para>The following example, when run as superuser, will turn on nss-sysinit:
<programlisting>
/usr/bin/setup-nsssysinit on
</programlisting>
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/usr/bin/setup-nsssysinit</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>pkg-config(1)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

14
sources
View File

@ -1,8 +1,6 @@
05ccaacf0146ef7b74f100e9d2141633 nss-3.12.10-stripped.tar.bz2
e63cddf74c07f0d818d1052ecc6fbb1f nss-pem-20101125.tar.bz2
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
9315689bbd9f28ceebd47894f99fccbd blank-key3.db
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
bf47cecad861efa77d1488ad4a73cb5b PayPalEE.cert
SHA512 (blank-cert8.db) = ac131d15708c5f1b5e467831f919f4fc4ba13b60a4bb5fe260c845fa9afcd899a588d21ed52060abaa1bbb29f2b53af8b495d28407183cb03aff1974f95f1d3d
SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
SHA512 (nss-3.52.tar.gz) = a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6

View File

@ -0,0 +1,64 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when
# Description: NSS tools should not use SHA1 by default when
# Author: Hubert Kario <hkario@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2016 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Hubert Kario <hkario@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: NSS tools should not use SHA1 by default when" >> $(METADATA)
@echo "Type: Regression" >> $(METADATA)
@echo "TestTime: 10m" >> $(METADATA)
@echo "RunFor: nss openssl" >> $(METADATA)
@echo "Requires: nss nss-tools openssl" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

View File

@ -0,0 +1,4 @@
PURPOSE of NSS-tools-should-not-use-SHA1-by-default-when
Description: NSS tools should not use SHA1 by default when
Author: Hubert Kario <hkario@redhat.com>
Summary: NSS tools should not use SHA1 by default when generating digital signatures/certificates

View File

@ -0,0 +1,125 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of NSS-tools-should-not-use-SHA1-by-default-when
# Description: NSS tools should not use SHA1 by default when
# Author: Hubert Kario <hkario@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2016 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="nss"
PACKAGES="nss openssl"
DBDIR="nssdb"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm --all
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlRun "mkdir nssdb"
rlRun "certutil -N -d $DBDIR --empty-password"
rlLogInfo "Create a JAR file"
rlRun "mkdir java-dir"
rlRun "pushd java-dir"
rlRun "mkdir META-INF mypackage"
rlRun "echo 'Main-Class: mypackage/MyMainFile' > META-INF/MANIFEST.MF"
rlRun "echo 'Those are not the droids you are looking for' > mypackage/MyMainFile.class"
#rlRun "jar -cfe package.jar mypackage/MyMainFile mypackage/MyMainFile.class"
rlRun "popd"
#rlRun "mv java-dir/package.jar ."
rlPhaseEnd
rlPhaseStartTest "Self signing certificates"
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
rlRun "certutil -d $DBDIR -S -n 'CA' -t 'cTC,cTC,cTC' -s 'CN=CA' -x -z noise"
rlRun -s "certutil -d $DBDIR -L -n 'CA' -a | openssl x509 -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Signing certificates"
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
rlRun "certutil -d $DBDIR -S -n 'server' -t 'u,u,u' -s 'CN=server.example.com' -c 'CA' -z noise --nsCertType sslClient,sslServer,objectSigning,smime"
rlRun -s "certutil -d $DBDIR -L -n 'server' -a | openssl x509 -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Certificate request"
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
rlRun "mkdir srv2db"
rlRun "certutil -d srv2db -N --empty-password"
rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise"
rlRun -s "openssl req -noout -text -in srv2.req"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt"
rlRun -s "openssl x509 -in srv2.crt -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlRun "rm -rf srv2db"
rlPhaseEnd
rlPhaseStartTest "Certificate request with SHA1"
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
rlRun "mkdir srv2db"
rlRun "certutil -d srv2db -N --empty-password"
rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise -Z SHA1"
rlRun -s "openssl req -noout -text -in srv2.req"
rlAssertGrep "Signature Algorithm: sha1WithRSAEncryption" "$rlRun_LOG"
rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt"
rlRun -s "openssl x509 -in srv2.crt -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlRun "rm -rf srv2db"
rlPhaseEnd
rlPhaseStartTest "Signing CMS messages"
rlRun "echo 'This is a document' > document.txt"
rlRun "cmsutil -S -d $DBDIR -N 'server' -i document.txt -o document.cms"
rlRun -s "openssl cms -in document.cms -inform der -noout -cmsout -print"
rlAssertGrep "algorithm: sha256" $rlRun_LOG
rlAssertNotGrep "algorithm: sha1" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "CRL signing"
rlRun "echo $(date --utc +update=%Y%m%d%H%M%SZ) > script"
rlRun "echo $(date -d 'next week' --utc +nextupdate=%Y%m%d%H%M%SZ) >> script"
rlRun "echo addext crlNumber 0 1245 >>script"
rlRun "echo addcert 12 $(date -d 'yesterday' --utc +%Y%m%d%H%M%SZ) >>script"
rlRun "echo addext reasonCode 0 0 >>script"
rlRun "cat script"
rlRun "crlutil -G -c script -d $DBDIR -n CA -o ca.crl"
rlRun -s "openssl crl -in ca.crl -inform der -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" $rlRun_LOG
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

12
tests/tests.yml Normal file
View File

@ -0,0 +1,12 @@
---
# This first play always runs on the local staging system
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
tests:
- NSS-tools-should-not-use-SHA1-by-default-when
required_packages:
- nss-tools
- nss