Compare commits
93 Commits
| Author | SHA1 | Date |
|---|---|---|
Bob Relyea
|
614f823eb3 | |
Daiki Ueno
|
26f93fa193 | |
|
Daiki Ueno
|
047dc3ed4e | |
|
Daiki Ueno
|
fc0174ead1 | |
|
Daiki Ueno
|
3c018618ca | |
|
Daiki Ueno
|
65271d923d | |
|
Daiki Ueno
|
9ae0f0b9e1 | |
|
Daiki Ueno
|
2b122e4485 | |
Tom Stellard
|
507a1cebf0 | |
|
Daiki Ueno
|
7f30e21d0f | |
|
Daiki Ueno
|
aa7d80b11e | |
|
Daiki Ueno
|
f512836b78 | |
|
Daiki Ueno
|
58ca69fcaf | |
|
Daiki Ueno
|
bd89f2ce5c | |
|
Daiki Ueno
|
9e1e74ca17 | |
|
Daiki Ueno
|
37c40ebd3d | |
|
Daiki Ueno
|
656c979c95 | |
Fedora Release Engineering
|
0b17c92d39 | |
|
Daiki Ueno
|
3c27dc2471 | |
|
Daiki Ueno
|
36505c331d | |
Kamil Dudka
|
6e689ce0cb | |
|
Daiki Ueno
|
703a4f9a95 | |
|
Daiki Ueno
|
1e2f8acd14 | |
|
Daiki Ueno
|
74b268dbd9 | |
|
Daiki Ueno
|
541296170e | |
|
Daiki Ueno
|
f3ad534c37 | |
|
Daiki Ueno
|
a8a8d020bf | |
|
Daiki Ueno
|
704f2e22d6 | |
|
Daiki Ueno
|
4f639ad73c | |
|
Daiki Ueno
|
8c9ed11be4 | |
|
Bob Relyea
|
115989f50d | |
|
Bob Relyea
|
2ec4745f30 | |
|
Daiki Ueno
|
626f1941fd | |
|
Daiki Ueno
|
16706fe38d | |
|
Daiki Ueno
|
d86af7693a | |
|
Daiki Ueno
|
fa84af3e06 | |
|
Daiki Ueno
|
2f14d11d0d | |
|
Daiki Ueno
|
3f3c20ae17 | |
|
Fedora Release Engineering
|
326f5d0c9a | |
|
Daiki Ueno
|
c5b7db61f4 | |
|
Daiki Ueno
|
7b734a0c80 | |
|
Daiki Ueno
|
c7e445694f | |
|
Daiki Ueno
|
3ea5d2fb0e | |
|
Daiki Ueno
|
4567b678cc | |
|
Daiki Ueno
|
141e716639 | |
Elio Maldonado
|
5deb5dd362 | |
|
Daiki Ueno
|
d3f6891026 | |
|
Daiki Ueno
|
df8d75ac51 | |
|
Daiki Ueno
|
b3b17b08a0 | |
|
Daiki Ueno
|
455711f1df | |
|
Fedora Release Engineering
|
0e03f768ab | |
|
Daiki Ueno
|
e5e5a75933 | |
|
Daiki Ueno
|
431c940fc5 | |
|
Daiki Ueno
|
41b9b6b6a1 | |
|
Daiki Ueno
|
f572eae5ce | |
|
Daiki Ueno
|
b250b65666 | |
|
Daiki Ueno
|
5221baae09 | |
|
Daiki Ueno
|
cab16c0490 | |
|
Daiki Ueno
|
af46412ffe | |
|
Daiki Ueno
|
e557c2c2a1 | |
|
Daiki Ueno
|
8be7f95db1 | |
|
Daiki Ueno
|
7bdb9fac17 | |
|
Daiki Ueno
|
71d6df3266 | |
|
Daiki Ueno
|
390eaefc52 | |
|
Daiki Ueno
|
4b42d21883 | |
|
Daiki Ueno
|
ec4d144b47 | |
|
Daiki Ueno
|
705e2b3229 | |
|
Daiki Ueno
|
26c062714a | |
|
Daiki Ueno
|
c29d479b7f | |
|
Daiki Ueno
|
18c140b4c2 | |
|
Daiki Ueno
|
bdf4e9ddaf | |
|
Daiki Ueno
|
93c1de8b0d | |
|
Daiki Ueno
|
db341dd2e0 | |
Kai Engert
|
89b8b47d46 | |
|
Fedora Release Engineering
|
e4c3da9da7 | |
Jason Tibbitts
|
137780ff5d | |
|
Daiki Ueno
|
6f4f615c05 | |
|
Daiki Ueno
|
2b3aa61f20 | |
|
Daiki Ueno
|
3b822a7262 | |
|
Daiki Ueno
|
8d5d06f814 | |
|
Daiki Ueno
|
26f23aeeb6 | |
|
Daiki Ueno
|
dfa19ec931 | |
|
Daiki Ueno
|
e874285f92 | |
|
Daiki Ueno
|
abfbe95c8d | |
|
Daiki Ueno
|
e42c9742c4 | |
|
Kai Engert
|
93dca340cd | |
|
Kai Engert
|
a24d6b1353 | |
|
Daiki Ueno
|
418745fdce | |
|
Daiki Ueno
|
03874d1272 | |
|
Daiki Ueno
|
2007524db8 | |
|
Daiki Ueno
|
67567fd852 | |
|
Daiki Ueno
|
2eadf22a1d | |
|
Daiki Ueno
|
3edcb8bd09 |
|
|
@ -24,3 +24,28 @@ TestUser51.cert
|
|||
/nss-3.33.0.tar.gz
|
||||
/nss-3.34.0.tar.gz
|
||||
/nss-3.35.0.tar.gz
|
||||
/nss-3.36.0.tar.gz
|
||||
/nss-3.36.1.tar.gz
|
||||
/nss-3.37.1.tar.gz
|
||||
/nss-3.37.3.tar.gz
|
||||
/nss-3.38.0.tar.gz
|
||||
/nss-3.39.tar.gz
|
||||
/nss-3.40.1.tar.gz
|
||||
/nss-3.41.tar.gz
|
||||
/nss-3.42.tar.gz
|
||||
/nss-3.42.1.tar.gz
|
||||
/nss-3.43.tar.gz
|
||||
/nss-3.44.tar.gz
|
||||
/nss-3.44.1.tar.gz
|
||||
/nss-3.45.tar.gz
|
||||
/nss-3.46.tar.gz
|
||||
/nss-3.46.1.tar.gz
|
||||
/nss-3.47.tar.gz
|
||||
/nss-3.47.1.tar.gz
|
||||
/nss-3.48.tar.gz
|
||||
/nss-3.49.tar.gz
|
||||
/nss-3.49.2.tar.gz
|
||||
/nss-3.50.tar.gz
|
||||
/nss-3.51.tar.gz
|
||||
/nss-3.51.1.tar.gz
|
||||
/nss-3.52.tar.gz
|
||||
|
|
|
|||
|
|
@ -1,16 +0,0 @@
|
|||
diff -up nss/coreconf/Linux.mk.relro nss/coreconf/Linux.mk
|
||||
--- nss/coreconf/Linux.mk.relro 2013-04-09 14:29:45.943228682 -0700
|
||||
+++ nss/coreconf/Linux.mk 2013-04-09 14:31:26.194953927 -0700
|
||||
@@ -174,6 +174,12 @@ endif
|
||||
endif
|
||||
endif
|
||||
|
||||
+# harden DSOs/executables a bit against exploits
|
||||
+ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
|
||||
+DSO_LDOPTS+=-Wl,-z,relro
|
||||
+LDFLAGS += -Wl,-z,relro
|
||||
+endif
|
||||
+
|
||||
USE_SYSTEM_ZLIB = 1
|
||||
ZLIB_LIBS = -lz
|
||||
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
diff -up nss/tests/chains/scenarios/scenarios.noocsptest nss/tests/chains/scenarios/scenarios
|
||||
--- nss/tests/chains/scenarios/scenarios.noocsptest 2013-06-27 10:58:08.000000000 -0700
|
||||
+++ nss/tests/chains/scenarios/scenarios 2013-07-02 16:13:27.075038930 -0700
|
||||
@@ -50,7 +50,6 @@ bridgewithpolicyextensionandmapping.cfg
|
||||
realcerts.cfg
|
||||
dsa.cfg
|
||||
revoc.cfg
|
||||
-ocsp.cfg
|
||||
crldp.cfg
|
||||
trustanchors.cfg
|
||||
nameconstraints.cfg
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
--- ./nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700
|
||||
+++ ./nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700
|
||||
--- nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700
|
||||
+++ nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700
|
||||
@@ -953,23 +953,23 @@
|
||||
getBoundListenSocket(unsigned short port)
|
||||
{
|
||||
|
|
@ -29,8 +29,8 @@
|
|||
if (prStatus < 0) {
|
||||
PR_Close(listen_sock);
|
||||
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
|
||||
--- ./nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700
|
||||
+++ ./nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700
|
||||
--- nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700
|
||||
+++ nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700
|
||||
@@ -1711,23 +1711,23 @@
|
||||
getBoundListenSocket(unsigned short port)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,49 +0,0 @@
|
|||
diff -up nss/lib/pk11wrap/pk11pars.c.check_policy_file nss/lib/pk11wrap/pk11pars.c
|
||||
--- nss/lib/pk11wrap/pk11pars.c.check_policy_file 2017-01-06 13:21:47.002952050 +0100
|
||||
+++ nss/lib/pk11wrap/pk11pars.c 2017-01-06 13:28:18.972536334 +0100
|
||||
@@ -109,6 +109,7 @@ secmod_NewModule(void)
|
||||
*other flags are set */
|
||||
#define SECMOD_FLAG_MODULE_DB_SKIP_FIRST 0x02
|
||||
#define SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB 0x04
|
||||
+#define SECMOD_FLAG_MODULE_DB_POLICY_ONLY 0x08
|
||||
|
||||
/* private flags for internal (field in SECMODModule). */
|
||||
/* The meaing of these flags is as follows:
|
||||
@@ -704,6 +705,9 @@ SECMOD_CreateModuleEx(const char *librar
|
||||
if (NSSUTIL_ArgHasFlag("flags", "defaultModDB", nssc)) {
|
||||
flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB;
|
||||
}
|
||||
+ if (NSSUTIL_ArgHasFlag("flags", "policyOnly", nssc)) {
|
||||
+ flags |= SECMOD_FLAG_MODULE_DB_POLICY_ONLY;
|
||||
+ }
|
||||
/* additional moduleDB flags could be added here in the future */
|
||||
mod->isModuleDB = (PRBool)flags;
|
||||
}
|
||||
@@ -744,6 +748,14 @@ SECMOD_GetDefaultModDBFlag(SECMODModule
|
||||
}
|
||||
|
||||
PRBool
|
||||
+secmod_PolicyOnly(SECMODModule *mod)
|
||||
+{
|
||||
+ char flags = (char) mod->isModuleDB;
|
||||
+
|
||||
+ return (flags & SECMOD_FLAG_MODULE_DB_POLICY_ONLY) ? PR_TRUE : PR_FALSE;
|
||||
+}
|
||||
+
|
||||
+PRBool
|
||||
secmod_IsInternalKeySlot(SECMODModule *mod)
|
||||
{
|
||||
char flags = (char)mod->internal;
|
||||
@@ -1661,6 +1673,12 @@ SECMOD_LoadModule(char *modulespec, SECM
|
||||
if (!module) {
|
||||
goto loser;
|
||||
}
|
||||
+
|
||||
+ /* a policy only stanza doesn't actually get 'loaded'. policy has already
|
||||
+ * been parsed as a side effect of the CreateModuleEx call */
|
||||
+ if (secmod_PolicyOnly(module)) {
|
||||
+ return module;
|
||||
+ }
|
||||
if (parent) {
|
||||
module->parent = SECMOD_ReferenceModule(parent);
|
||||
if (module->internal && secmod_IsInternalKeySlot(parent)) {
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
diff -up ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 ./lib/util/pkcs11n.h
|
||||
--- ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 2020-05-13 13:44:11.312405744 -0700
|
||||
+++ ./lib/util/pkcs11n.h 2020-05-13 13:45:23.951723660 -0700
|
||||
@@ -605,7 +605,7 @@ typedef struct CK_NSS_GCM_PARAMS {
|
||||
typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR;
|
||||
|
||||
/* deprecated #defines. Drop in future NSS releases */
|
||||
-#ifdef NSS_PKCS11_2_0_COMPAT
|
||||
+#ifndef NSS_PKCS11_3_0_STRICT
|
||||
|
||||
/* defines that were changed between NSS's PKCS #11 and the Oasis headers */
|
||||
#define CKF_EC_FP CKF_EC_F_P
|
||||
@@ -664,7 +664,7 @@ typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_
|
||||
#define CKT_NETSCAPE_VALID CKT_NSS_VALID
|
||||
#define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
|
||||
#else
|
||||
-/* use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined */
|
||||
+/* use the new CK_GCM_PARAMS if NSS_PKCS11_3_0_STRICT is defined */
|
||||
typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS;
|
||||
typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR;
|
||||
#endif
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
Index: nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||
+++ nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||
@@ -56,9 +56,10 @@ typedef const char *Prims_string;
|
||||
!defined(__clang__)
|
||||
#include <emmintrin.h>
|
||||
typedef __m128i FStar_UInt128_uint128;
|
||||
-#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
|
||||
+#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
|
||||
(defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
|
||||
- (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
|
||||
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
|
||||
+ defined(__s390x__))
|
||||
typedef unsigned __int128 FStar_UInt128_uint128;
|
||||
#elif !defined(KRML_VERIFIED_UINT128) && defined(_MSC_VER) && defined(__clang__)
|
||||
typedef __uint128_t FStar_UInt128_uint128;
|
||||
Index: nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||
+++ nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||
@@ -26,7 +26,8 @@
|
||||
|
||||
#if !defined(KRML_VERIFIED_UINT128) && (!defined(_MSC_VER) || defined(__clang__)) && \
|
||||
(defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
|
||||
- (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
|
||||
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
|
||||
+ defined(__s390x__))
|
||||
|
||||
/* GCC + using native unsigned __int128 support */
|
||||
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
name=p11-kit-proxy
|
||||
library=p11-kit-proxy.so
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,94 @@
|
|||
diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c
|
||||
--- a/cmd/modutil/install.c
|
||||
+++ b/cmd/modutil/install.c
|
||||
@@ -825,17 +825,20 @@ rm_dash_r(char *path)
|
||||
|
||||
dir = PR_OpenDir(path);
|
||||
if (!dir) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Recursively delete all entries in the directory */
|
||||
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
|
||||
- sprintf(filename, "%s/%s", path, entry->name);
|
||||
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
|
||||
+ PR_CloseDir(dir);
|
||||
+ return -1;
|
||||
+ }
|
||||
if (rm_dash_r(filename)) {
|
||||
PR_CloseDir(dir);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (PR_CloseDir(dir) != PR_SUCCESS) {
|
||||
return -1;
|
||||
diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c
|
||||
--- a/cmd/signtool/util.c
|
||||
+++ b/cmd/signtool/util.c
|
||||
@@ -132,17 +132,20 @@ rm_dash_r(char *path)
|
||||
if (!dir) {
|
||||
PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
|
||||
errorCount++;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Recursively delete all entries in the directory */
|
||||
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
|
||||
- sprintf(filename, "%s/%s", path, entry->name);
|
||||
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
|
||||
+ errorCount++;
|
||||
+ return -1;
|
||||
+ }
|
||||
if (rm_dash_r(filename))
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (PR_CloseDir(dir) != PR_SUCCESS) {
|
||||
PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
|
||||
errorCount++;
|
||||
return -1;
|
||||
diff --git a/lib/libpkix/pkix/util/pkix_list.c b/lib/libpkix/pkix/util/pkix_list.c
|
||||
--- a/lib/libpkix/pkix/util/pkix_list.c
|
||||
+++ b/lib/libpkix/pkix/util/pkix_list.c
|
||||
@@ -1530,17 +1530,17 @@ cleanup:
|
||||
*/
|
||||
PKIX_Error *
|
||||
PKIX_List_SetItem(
|
||||
PKIX_List *list,
|
||||
PKIX_UInt32 index,
|
||||
PKIX_PL_Object *item,
|
||||
void *plContext)
|
||||
{
|
||||
- PKIX_List *element;
|
||||
+ PKIX_List *element = NULL;
|
||||
|
||||
PKIX_ENTER(LIST, "PKIX_List_SetItem");
|
||||
PKIX_NULLCHECK_ONE(list);
|
||||
|
||||
if (list->immutable){
|
||||
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
|
||||
}
|
||||
|
||||
diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
|
||||
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
|
||||
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
|
||||
@@ -102,17 +102,17 @@ cleanup:
|
||||
*/
|
||||
static PKIX_Error *
|
||||
pkix_pl_OID_Equals(
|
||||
PKIX_PL_Object *first,
|
||||
PKIX_PL_Object *second,
|
||||
PKIX_Boolean *pResult,
|
||||
void *plContext)
|
||||
{
|
||||
- PKIX_Int32 cmpResult;
|
||||
+ PKIX_Int32 cmpResult = 0;
|
||||
|
||||
PKIX_ENTER(OID, "pkix_pl_OID_Equals");
|
||||
PKIX_NULLCHECK_THREE(first, second, pResult);
|
||||
|
||||
PKIX_CHECK(pkix_pl_OID_Comparator
|
||||
(first, second, &cmpResult, plContext),
|
||||
PKIX_OIDCOMPARATORFAILED);
|
||||
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile
|
||||
--- ./nss/cmd/Makefile.skipthem 2017-01-06 13:17:27.477848351 +0100
|
||||
+++ ./nss/cmd/Makefile 2017-01-06 13:19:30.244586100 +0100
|
||||
@@ -19,7 +19,11 @@ BLTEST_SRCDIR =
|
||||
ECPERF_SRCDIR =
|
||||
FREEBL_ECTEST_SRCDIR =
|
||||
FIPSTEST_SRCDIR =
|
||||
+ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1)
|
||||
+SHLIBSIGN_SRCDIR = shlibsign
|
||||
+else
|
||||
SHLIBSIGN_SRCDIR =
|
||||
+endif
|
||||
else
|
||||
BLTEST_SRCDIR = bltest
|
||||
ECPERF_SRCDIR = ecperf
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
diff -up nss/gtests/manifest.mn.skip_util_gtest nss/gtests/manifest.mn
|
||||
--- nss/gtests/manifest.mn.skip_util_gtest 2017-08-08 12:45:57.598801125 +0200
|
||||
+++ nss/gtests/manifest.mn 2017-08-08 12:46:59.682419852 +0200
|
||||
@@ -31,6 +31,5 @@ endif
|
||||
|
||||
DIRS = \
|
||||
$(LIB_SRCDIRS) \
|
||||
- $(UTIL_SRCDIRS) \
|
||||
$(NSS_SRCDIRS) \
|
||||
$(NULL)
|
||||
|
|
@ -0,0 +1,116 @@
|
|||
#!/bin/sh
|
||||
|
||||
prefix=@prefix@
|
||||
|
||||
major_version=@MOD_MAJOR_VERSION@
|
||||
minor_version=@MOD_MINOR_VERSION@
|
||||
patch_version=@MOD_PATCH_VERSION@
|
||||
|
||||
usage()
|
||||
{
|
||||
cat <<EOF
|
||||
Usage: nss-softokn-config [OPTIONS] [LIBRARIES]
|
||||
Options:
|
||||
[--prefix[=DIR]]
|
||||
[--exec-prefix[=DIR]]
|
||||
[--includedir[=DIR]]
|
||||
[--libdir[=DIR]]
|
||||
[--version]
|
||||
[--libs]
|
||||
[--cflags]
|
||||
Dynamic Libraries:
|
||||
softokn3 - Requires full dynamic linking
|
||||
freebl3 - for internal use only (and glibc for self-integrity check)
|
||||
nssdbm3 - for internal use only
|
||||
Dymamically linked
|
||||
EOF
|
||||
exit $1
|
||||
}
|
||||
|
||||
if test $# -eq 0; then
|
||||
usage 1 1>&2
|
||||
fi
|
||||
|
||||
while test $# -gt 0; do
|
||||
case "$1" in
|
||||
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
|
||||
*) optarg= ;;
|
||||
esac
|
||||
|
||||
case $1 in
|
||||
--prefix=*)
|
||||
prefix=$optarg
|
||||
;;
|
||||
--prefix)
|
||||
echo_prefix=yes
|
||||
;;
|
||||
--exec-prefix=*)
|
||||
exec_prefix=$optarg
|
||||
;;
|
||||
--exec-prefix)
|
||||
echo_exec_prefix=yes
|
||||
;;
|
||||
--includedir=*)
|
||||
includedir=$optarg
|
||||
;;
|
||||
--includedir)
|
||||
echo_includedir=yes
|
||||
;;
|
||||
--libdir=*)
|
||||
libdir=$optarg
|
||||
;;
|
||||
--libdir)
|
||||
echo_libdir=yes
|
||||
;;
|
||||
--version)
|
||||
echo ${major_version}.${minor_version}.${patch_version}
|
||||
;;
|
||||
--cflags)
|
||||
echo_cflags=yes
|
||||
;;
|
||||
--libs)
|
||||
echo_libs=yes
|
||||
;;
|
||||
*)
|
||||
usage 1 1>&2
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
# Set variables that may be dependent upon other variables
|
||||
if test -z "$exec_prefix"; then
|
||||
exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
|
||||
fi
|
||||
if test -z "$includedir"; then
|
||||
includedir=`pkg-config --variable=includedir nss-softokn`
|
||||
fi
|
||||
if test -z "$libdir"; then
|
||||
libdir=`pkg-config --variable=libdir nss-softokn`
|
||||
fi
|
||||
|
||||
if test "$echo_prefix" = "yes"; then
|
||||
echo $prefix
|
||||
fi
|
||||
|
||||
if test "$echo_exec_prefix" = "yes"; then
|
||||
echo $exec_prefix
|
||||
fi
|
||||
|
||||
if test "$echo_includedir" = "yes"; then
|
||||
echo $includedir
|
||||
fi
|
||||
|
||||
if test "$echo_libdir" = "yes"; then
|
||||
echo $libdir
|
||||
fi
|
||||
|
||||
if test "$echo_cflags" = "yes"; then
|
||||
echo -I$includedir
|
||||
fi
|
||||
|
||||
if test "$echo_libs" = "yes"; then
|
||||
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
|
||||
echo $libdirs
|
||||
fi
|
||||
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
#!/bin/bash
|
||||
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
|
||||
# ex: ts=8 sw=4 sts=4 et filetype=sh
|
||||
|
||||
check() {
|
||||
return 255
|
||||
}
|
||||
|
||||
depends() {
|
||||
return 0
|
||||
}
|
||||
|
||||
install() {
|
||||
local _dir
|
||||
|
||||
inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \
|
||||
libfreebl3.so
|
||||
}
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
# turn on nss-softokn module
|
||||
|
||||
add_dracutmodules+=" nss-softokn "
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
prefix=%prefix%
|
||||
exec_prefix=%exec_prefix%
|
||||
libdir=%libdir%
|
||||
includedir=%includedir%
|
||||
|
||||
Name: NSS-SOFTOKN
|
||||
Description: Network Security Services Softoken PKCS #11 Module
|
||||
Version: %SOFTOKEN_VERSION%
|
||||
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
|
||||
Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3
|
||||
Cflags: -I${includedir}
|
||||
|
|
@ -0,0 +1,118 @@
|
|||
#!/bin/sh
|
||||
|
||||
prefix=@prefix@
|
||||
|
||||
major_version=@MOD_MAJOR_VERSION@
|
||||
minor_version=@MOD_MINOR_VERSION@
|
||||
patch_version=@MOD_PATCH_VERSION@
|
||||
|
||||
usage()
|
||||
{
|
||||
cat <<EOF
|
||||
Usage: nss-util-config [OPTIONS] [LIBRARIES]
|
||||
Options:
|
||||
[--prefix[=DIR]]
|
||||
[--exec-prefix[=DIR]]
|
||||
[--includedir[=DIR]]
|
||||
[--libdir[=DIR]]
|
||||
[--version]
|
||||
[--libs]
|
||||
[--cflags]
|
||||
Dynamic Libraries:
|
||||
nssutil
|
||||
EOF
|
||||
exit $1
|
||||
}
|
||||
|
||||
if test $# -eq 0; then
|
||||
usage 1 1>&2
|
||||
fi
|
||||
|
||||
lib_nssutil=yes
|
||||
|
||||
while test $# -gt 0; do
|
||||
case "$1" in
|
||||
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
|
||||
*) optarg= ;;
|
||||
esac
|
||||
|
||||
case $1 in
|
||||
--prefix=*)
|
||||
prefix=$optarg
|
||||
;;
|
||||
--prefix)
|
||||
echo_prefix=yes
|
||||
;;
|
||||
--exec-prefix=*)
|
||||
exec_prefix=$optarg
|
||||
;;
|
||||
--exec-prefix)
|
||||
echo_exec_prefix=yes
|
||||
;;
|
||||
--includedir=*)
|
||||
includedir=$optarg
|
||||
;;
|
||||
--includedir)
|
||||
echo_includedir=yes
|
||||
;;
|
||||
--libdir=*)
|
||||
libdir=$optarg
|
||||
;;
|
||||
--libdir)
|
||||
echo_libdir=yes
|
||||
;;
|
||||
--version)
|
||||
echo ${major_version}.${minor_version}.${patch_version}
|
||||
;;
|
||||
--cflags)
|
||||
echo_cflags=yes
|
||||
;;
|
||||
--libs)
|
||||
echo_libs=yes
|
||||
;;
|
||||
*)
|
||||
usage 1 1>&2
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
# Set variables that may be dependent upon other variables
|
||||
if test -z "$exec_prefix"; then
|
||||
exec_prefix=`pkg-config --variable=exec_prefix nss-util`
|
||||
fi
|
||||
if test -z "$includedir"; then
|
||||
includedir=`pkg-config --variable=includedir nss-util`
|
||||
fi
|
||||
if test -z "$libdir"; then
|
||||
libdir=`pkg-config --variable=libdir nss-util`
|
||||
fi
|
||||
|
||||
if test "$echo_prefix" = "yes"; then
|
||||
echo $prefix
|
||||
fi
|
||||
|
||||
if test "$echo_exec_prefix" = "yes"; then
|
||||
echo $exec_prefix
|
||||
fi
|
||||
|
||||
if test "$echo_includedir" = "yes"; then
|
||||
echo $includedir
|
||||
fi
|
||||
|
||||
if test "$echo_libdir" = "yes"; then
|
||||
echo $libdir
|
||||
fi
|
||||
|
||||
if test "$echo_cflags" = "yes"; then
|
||||
echo -I$includedir
|
||||
fi
|
||||
|
||||
if test "$echo_libs" = "yes"; then
|
||||
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
|
||||
if test -n "$lib_nssutil"; then
|
||||
libdirs="$libdirs -lnssutil${major_version}"
|
||||
fi
|
||||
echo $libdirs
|
||||
fi
|
||||
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
prefix=%prefix%
|
||||
exec_prefix=%exec_prefix%
|
||||
libdir=%libdir%
|
||||
includedir=%includedir%
|
||||
|
||||
Name: NSS-UTIL
|
||||
Description: Network Security Services Utility Library
|
||||
Version: %NSSUTIL_VERSION%
|
||||
Requires: nspr >= %NSPR_VERSION%
|
||||
Libs: -L${libdir} -lnssutil3
|
||||
Cflags: -I${includedir}
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
diff -up ./nss/lib/ssl/sslsock.c.transitional ./nss/lib/ssl/sslsock.c
|
||||
--- ./nss/lib/ssl/sslsock.c.transitional 2016-06-23 21:03:16.316480089 -0400
|
||||
+++ ./nss/lib/ssl/sslsock.c 2016-06-23 21:08:07.290202477 -0400
|
||||
@@ -72,7 +72,7 @@ static sslOptions ssl_defaults = {
|
||||
PR_FALSE, /* noLocks */
|
||||
PR_FALSE, /* enableSessionTickets */
|
||||
PR_FALSE, /* enableDeflate */
|
||||
- 2, /* enableRenegotiation (default: requires extension) */
|
||||
+ 3, /* enableRenegotiation (default: transitional) */
|
||||
PR_FALSE, /* requireSafeNegotiation */
|
||||
PR_FALSE, /* enableFalseStart */
|
||||
PR_TRUE, /* cbcRandomIV */
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
--- ./nss/lib/ssl/ssl3con.c.1185708_3des 2016-06-23 21:10:09.765992512 -0400
|
||||
+++ ./nss/lib/ssl/ssl3con.c 2016-06-23 22:58:39.121398601 -0400
|
||||
@@ -118,18 +118,18 @@
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
|
||||
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
|
|
@ -1,56 +0,0 @@
|
|||
diff -up ./nss/cmd/signtool/sign.c.org ./nss/cmd/signtool/sign.c
|
||||
--- ./nss/cmd/signtool/sign.c.org 2018-01-18 15:19:59.000000000 +0100
|
||||
+++ ./nss/cmd/signtool/sign.c 2018-01-29 22:46:32.599450048 +0100
|
||||
@@ -83,7 +83,12 @@ SignArchive(char *tree, char *keyName, c
|
||||
/* rsa/dsa to zip */
|
||||
sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
|
||||
: "rsa"));
|
||||
- sprintf(fullfn, "%s/%s", tree, tempfn);
|
||||
+ if (snprintf(fullfn, FNSIZE, "%s/%s", tree, tempfn) >= FNSIZE) {
|
||||
+ PR_fprintf(errorFD, "buffer overflow, the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
|
||||
+ tree);
|
||||
+ errorCount++;
|
||||
+ exit(ERRX);
|
||||
+ }
|
||||
JzipAdd(fullfn, tempfn, zipfile, compression_level);
|
||||
|
||||
/* Loop through all files & subdirectories, add to archive */
|
||||
@@ -93,12 +98,22 @@ SignArchive(char *tree, char *keyName, c
|
||||
}
|
||||
/* mf to zip */
|
||||
strcpy(tempfn, "META-INF/manifest.mf");
|
||||
- sprintf(fullfn, "%s/%s", tree, tempfn);
|
||||
+ if (snprintf(fullfn, FNSIZE, "%s/%s", tree, tempfn) >= FNSIZE) {
|
||||
+ PR_fprintf(errorFD, "buffer overflow, the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
|
||||
+ tree);
|
||||
+ errorCount++;
|
||||
+ exit(ERRX);
|
||||
+ }
|
||||
JzipAdd(fullfn, tempfn, zipfile, compression_level);
|
||||
|
||||
/* sf to zip */
|
||||
sprintf(tempfn, "META-INF/%s.sf", base);
|
||||
- sprintf(fullfn, "%s/%s", tree, tempfn);
|
||||
+ if (snprintf(fullfn, FNSIZE, "%s/%s", tree, tempfn) >= FNSIZE) {
|
||||
+ PR_fprintf(errorFD, "buffer overflow, the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
|
||||
+ tree);
|
||||
+ errorCount++;
|
||||
+ exit(ERRX);
|
||||
+ }
|
||||
JzipAdd(fullfn, tempfn, zipfile, compression_level);
|
||||
|
||||
/* Add the rsa/dsa file to the zip archive normally */
|
||||
@@ -106,7 +121,12 @@ SignArchive(char *tree, char *keyName, c
|
||||
/* rsa/dsa to zip */
|
||||
sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
|
||||
: "rsa"));
|
||||
- sprintf(fullfn, "%s/%s", tree, tempfn);
|
||||
+ if (snprintf(fullfn, FNSIZE, "%s/%s", tree, tempfn) >= FNSIZE) {
|
||||
+ PR_fprintf(errorFD, "buffer overflow, the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
|
||||
+ tree);
|
||||
+ errorCount++;
|
||||
+ exit(ERRX);
|
||||
+ }
|
||||
JzipAdd(fullfn, tempfn, zipfile, compression_level);
|
||||
}
|
||||
|
||||
2
sources
2
sources
|
|
@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
|
|||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||
SHA512 (nss-3.35.0.tar.gz) = a9865fd11d8b2ab83b57b1b50fe6f0d3a6d936f7ae4d0817e9dd1bf3e5182ff7f26ebc21fe7490c3dea2b792e4e4302af876ac70750e8e1f4da6bb710fd3002e
|
||||
SHA512 (nss-3.52.tar.gz) = a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6
|
||||
|
|
|
|||
|
|
@ -1,14 +0,0 @@
|
|||
diff -up nss/lib/nss/config.mk.templates nss/lib/nss/config.mk
|
||||
--- nss/lib/nss/config.mk.templates 2013-06-18 11:32:07.590089155 -0700
|
||||
+++ nss/lib/nss/config.mk 2013-06-18 11:33:28.732763345 -0700
|
||||
@@ -3,6 +3,10 @@
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
+#ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
|
||||
+INCLUDES += -I/usr/include/nss3/templates
|
||||
+#endif
|
||||
+
|
||||
# can't do this in manifest.mn because OS_TARGET isn't defined there.
|
||||
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
|
||||
|
||||
Loading…
Reference in New Issue