Compare commits
66 Commits
Author | SHA1 | Date |
---|---|---|
Bob Relyea | 614f823eb3 | |
Daiki Ueno | 26f93fa193 | |
Daiki Ueno | 047dc3ed4e | |
Daiki Ueno | fc0174ead1 | |
Daiki Ueno | 3c018618ca | |
Daiki Ueno | 65271d923d | |
Daiki Ueno | 9ae0f0b9e1 | |
Daiki Ueno | 2b122e4485 | |
Tom Stellard | 507a1cebf0 | |
Daiki Ueno | 7f30e21d0f | |
Daiki Ueno | aa7d80b11e | |
Daiki Ueno | f512836b78 | |
Daiki Ueno | 58ca69fcaf | |
Daiki Ueno | bd89f2ce5c | |
Daiki Ueno | 9e1e74ca17 | |
Daiki Ueno | 37c40ebd3d | |
Daiki Ueno | 656c979c95 | |
Fedora Release Engineering | 0b17c92d39 | |
Daiki Ueno | 3c27dc2471 | |
Daiki Ueno | 36505c331d | |
Kamil Dudka | 6e689ce0cb | |
Daiki Ueno | 703a4f9a95 | |
Daiki Ueno | 1e2f8acd14 | |
Daiki Ueno | 74b268dbd9 | |
Daiki Ueno | 541296170e | |
Daiki Ueno | f3ad534c37 | |
Daiki Ueno | a8a8d020bf | |
Daiki Ueno | 704f2e22d6 | |
Daiki Ueno | 4f639ad73c | |
Daiki Ueno | 8c9ed11be4 | |
Bob Relyea | 115989f50d | |
Bob Relyea | 2ec4745f30 | |
Daiki Ueno | 626f1941fd | |
Daiki Ueno | 16706fe38d | |
Daiki Ueno | d86af7693a | |
Daiki Ueno | fa84af3e06 | |
Daiki Ueno | 2f14d11d0d | |
Daiki Ueno | 3f3c20ae17 | |
Fedora Release Engineering | 326f5d0c9a | |
Daiki Ueno | c5b7db61f4 | |
Daiki Ueno | 7b734a0c80 | |
Daiki Ueno | c7e445694f | |
Daiki Ueno | 3ea5d2fb0e | |
Daiki Ueno | 4567b678cc | |
Daiki Ueno | 141e716639 | |
Elio Maldonado | 5deb5dd362 | |
Daiki Ueno | d3f6891026 | |
Daiki Ueno | df8d75ac51 | |
Daiki Ueno | b3b17b08a0 | |
Daiki Ueno | 455711f1df | |
Fedora Release Engineering | 0e03f768ab | |
Daiki Ueno | e5e5a75933 | |
Daiki Ueno | 431c940fc5 | |
Daiki Ueno | 41b9b6b6a1 | |
Daiki Ueno | f572eae5ce | |
Daiki Ueno | b250b65666 | |
Daiki Ueno | 5221baae09 | |
Daiki Ueno | cab16c0490 | |
Daiki Ueno | af46412ffe | |
Daiki Ueno | e557c2c2a1 | |
Daiki Ueno | 8be7f95db1 | |
Daiki Ueno | 7bdb9fac17 | |
Daiki Ueno | 71d6df3266 | |
Daiki Ueno | 390eaefc52 | |
Daiki Ueno | 4b42d21883 | |
Daiki Ueno | ec4d144b47 |
|
@ -30,3 +30,22 @@ TestUser51.cert
|
||||||
/nss-3.37.3.tar.gz
|
/nss-3.37.3.tar.gz
|
||||||
/nss-3.38.0.tar.gz
|
/nss-3.38.0.tar.gz
|
||||||
/nss-3.39.tar.gz
|
/nss-3.39.tar.gz
|
||||||
|
/nss-3.40.1.tar.gz
|
||||||
|
/nss-3.41.tar.gz
|
||||||
|
/nss-3.42.tar.gz
|
||||||
|
/nss-3.42.1.tar.gz
|
||||||
|
/nss-3.43.tar.gz
|
||||||
|
/nss-3.44.tar.gz
|
||||||
|
/nss-3.44.1.tar.gz
|
||||||
|
/nss-3.45.tar.gz
|
||||||
|
/nss-3.46.tar.gz
|
||||||
|
/nss-3.46.1.tar.gz
|
||||||
|
/nss-3.47.tar.gz
|
||||||
|
/nss-3.47.1.tar.gz
|
||||||
|
/nss-3.48.tar.gz
|
||||||
|
/nss-3.49.tar.gz
|
||||||
|
/nss-3.49.2.tar.gz
|
||||||
|
/nss-3.50.tar.gz
|
||||||
|
/nss-3.51.tar.gz
|
||||||
|
/nss-3.51.1.tar.gz
|
||||||
|
/nss-3.52.tar.gz
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
--- ./nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700
|
--- nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700
|
||||||
+++ ./nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700
|
+++ nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700
|
||||||
@@ -953,23 +953,23 @@
|
@@ -953,23 +953,23 @@
|
||||||
getBoundListenSocket(unsigned short port)
|
getBoundListenSocket(unsigned short port)
|
||||||
{
|
{
|
||||||
|
@ -29,8 +29,8 @@
|
||||||
if (prStatus < 0) {
|
if (prStatus < 0) {
|
||||||
PR_Close(listen_sock);
|
PR_Close(listen_sock);
|
||||||
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
|
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
|
||||||
--- ./nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700
|
--- nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700
|
||||||
+++ ./nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700
|
+++ nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700
|
||||||
@@ -1711,23 +1711,23 @@
|
@@ -1711,23 +1711,23 @@
|
||||||
getBoundListenSocket(unsigned short port)
|
getBoundListenSocket(unsigned short port)
|
||||||
{
|
{
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
diff -up ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 ./lib/util/pkcs11n.h
|
||||||
|
--- ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 2020-05-13 13:44:11.312405744 -0700
|
||||||
|
+++ ./lib/util/pkcs11n.h 2020-05-13 13:45:23.951723660 -0700
|
||||||
|
@@ -605,7 +605,7 @@ typedef struct CK_NSS_GCM_PARAMS {
|
||||||
|
typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR;
|
||||||
|
|
||||||
|
/* deprecated #defines. Drop in future NSS releases */
|
||||||
|
-#ifdef NSS_PKCS11_2_0_COMPAT
|
||||||
|
+#ifndef NSS_PKCS11_3_0_STRICT
|
||||||
|
|
||||||
|
/* defines that were changed between NSS's PKCS #11 and the Oasis headers */
|
||||||
|
#define CKF_EC_FP CKF_EC_F_P
|
||||||
|
@@ -664,7 +664,7 @@ typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_
|
||||||
|
#define CKT_NETSCAPE_VALID CKT_NSS_VALID
|
||||||
|
#define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
|
||||||
|
#else
|
||||||
|
-/* use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined */
|
||||||
|
+/* use the new CK_GCM_PARAMS if NSS_PKCS11_3_0_STRICT is defined */
|
||||||
|
typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS;
|
||||||
|
typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR;
|
||||||
|
#endif
|
|
@ -0,0 +1,31 @@
|
||||||
|
Index: nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||||
|
===================================================================
|
||||||
|
--- nss.orig/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||||
|
+++ nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||||
|
@@ -56,9 +56,10 @@ typedef const char *Prims_string;
|
||||||
|
!defined(__clang__)
|
||||||
|
#include <emmintrin.h>
|
||||||
|
typedef __m128i FStar_UInt128_uint128;
|
||||||
|
-#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
|
||||||
|
+#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
|
||||||
|
(defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
|
||||||
|
- (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
|
||||||
|
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
|
||||||
|
+ defined(__s390x__))
|
||||||
|
typedef unsigned __int128 FStar_UInt128_uint128;
|
||||||
|
#elif !defined(KRML_VERIFIED_UINT128) && defined(_MSC_VER) && defined(__clang__)
|
||||||
|
typedef __uint128_t FStar_UInt128_uint128;
|
||||||
|
Index: nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||||
|
===================================================================
|
||||||
|
--- nss.orig/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||||
|
+++ nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||||
|
@@ -26,7 +26,8 @@
|
||||||
|
|
||||||
|
#if !defined(KRML_VERIFIED_UINT128) && (!defined(_MSC_VER) || defined(__clang__)) && \
|
||||||
|
(defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
|
||||||
|
- (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
|
||||||
|
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
|
||||||
|
+ defined(__s390x__))
|
||||||
|
|
||||||
|
/* GCC + using native unsigned __int128 support */
|
||||||
|
|
|
@ -0,0 +1,94 @@
|
||||||
|
diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c
|
||||||
|
--- a/cmd/modutil/install.c
|
||||||
|
+++ b/cmd/modutil/install.c
|
||||||
|
@@ -825,17 +825,20 @@ rm_dash_r(char *path)
|
||||||
|
|
||||||
|
dir = PR_OpenDir(path);
|
||||||
|
if (!dir) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Recursively delete all entries in the directory */
|
||||||
|
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
|
||||||
|
- sprintf(filename, "%s/%s", path, entry->name);
|
||||||
|
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
|
||||||
|
+ PR_CloseDir(dir);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
if (rm_dash_r(filename)) {
|
||||||
|
PR_CloseDir(dir);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (PR_CloseDir(dir) != PR_SUCCESS) {
|
||||||
|
return -1;
|
||||||
|
diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c
|
||||||
|
--- a/cmd/signtool/util.c
|
||||||
|
+++ b/cmd/signtool/util.c
|
||||||
|
@@ -132,17 +132,20 @@ rm_dash_r(char *path)
|
||||||
|
if (!dir) {
|
||||||
|
PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
|
||||||
|
errorCount++;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Recursively delete all entries in the directory */
|
||||||
|
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
|
||||||
|
- sprintf(filename, "%s/%s", path, entry->name);
|
||||||
|
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
|
||||||
|
+ errorCount++;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
if (rm_dash_r(filename))
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (PR_CloseDir(dir) != PR_SUCCESS) {
|
||||||
|
PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
|
||||||
|
errorCount++;
|
||||||
|
return -1;
|
||||||
|
diff --git a/lib/libpkix/pkix/util/pkix_list.c b/lib/libpkix/pkix/util/pkix_list.c
|
||||||
|
--- a/lib/libpkix/pkix/util/pkix_list.c
|
||||||
|
+++ b/lib/libpkix/pkix/util/pkix_list.c
|
||||||
|
@@ -1530,17 +1530,17 @@ cleanup:
|
||||||
|
*/
|
||||||
|
PKIX_Error *
|
||||||
|
PKIX_List_SetItem(
|
||||||
|
PKIX_List *list,
|
||||||
|
PKIX_UInt32 index,
|
||||||
|
PKIX_PL_Object *item,
|
||||||
|
void *plContext)
|
||||||
|
{
|
||||||
|
- PKIX_List *element;
|
||||||
|
+ PKIX_List *element = NULL;
|
||||||
|
|
||||||
|
PKIX_ENTER(LIST, "PKIX_List_SetItem");
|
||||||
|
PKIX_NULLCHECK_ONE(list);
|
||||||
|
|
||||||
|
if (list->immutable){
|
||||||
|
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
|
||||||
|
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
|
||||||
|
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
|
||||||
|
@@ -102,17 +102,17 @@ cleanup:
|
||||||
|
*/
|
||||||
|
static PKIX_Error *
|
||||||
|
pkix_pl_OID_Equals(
|
||||||
|
PKIX_PL_Object *first,
|
||||||
|
PKIX_PL_Object *second,
|
||||||
|
PKIX_Boolean *pResult,
|
||||||
|
void *plContext)
|
||||||
|
{
|
||||||
|
- PKIX_Int32 cmpResult;
|
||||||
|
+ PKIX_Int32 cmpResult = 0;
|
||||||
|
|
||||||
|
PKIX_ENTER(OID, "pkix_pl_OID_Equals");
|
||||||
|
PKIX_NULLCHECK_THREE(first, second, pResult);
|
||||||
|
|
||||||
|
PKIX_CHECK(pkix_pl_OID_Comparator
|
||||||
|
(first, second, &cmpResult, plContext),
|
||||||
|
PKIX_OIDCOMPARATORFAILED);
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
-b /lib{,64}/libfreeblpriv3.so
|
|
||||||
-b /lib{,64}/libsoftokn3.so
|
|
||||||
-b /lib{,64}/libnssdbm3.so
|
|
||||||
-b /usr/lib{,64}/libfreeblpriv3.so
|
|
||||||
-b /usr/lib{,64}/libsoftokn3.so
|
|
||||||
-b /usr/lib{,64}/libnssdbm3.so
|
|
|
@ -1,29 +0,0 @@
|
||||||
# HG changeset patch
|
|
||||||
# User Daiki Ueno <dueno@redhat.com>
|
|
||||||
# Date 1541595734 -3600
|
|
||||||
# Wed Nov 07 14:02:14 2018 +0100
|
|
||||||
# Node ID 19fd907784e38a5febb54588353368af91b12551
|
|
||||||
# Parent 3b79af0fa294b4b1c009c1c0b659bb72b4d2c1c8
|
|
||||||
Bug 1505317, update PayPal test certs
|
|
||||||
|
|
||||||
diff --git a/tests/chains/scenarios/realcerts.cfg b/tests/chains/scenarios/realcerts.cfg
|
|
||||||
--- a/tests/chains/scenarios/realcerts.cfg
|
|
||||||
+++ b/tests/chains/scenarios/realcerts.cfg
|
|
||||||
@@ -21,7 +21,7 @@ verify TestUser51:x
|
|
||||||
result pass
|
|
||||||
|
|
||||||
verify PayPalEE:x
|
|
||||||
- policy OID.2.16.840.1.114412.1.1
|
|
||||||
+ policy OID.2.16.840.1.114412.2.1
|
|
||||||
result pass
|
|
||||||
|
|
||||||
verify BrAirWaysBadSig:x
|
|
||||||
diff --git a/tests/libpkix/vfychain_test.lst b/tests/libpkix/vfychain_test.lst
|
|
||||||
--- a/tests/libpkix/vfychain_test.lst
|
|
||||||
+++ b/tests/libpkix/vfychain_test.lst
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
# Status | Leaf Cert | Policies | Others(undef)
|
|
||||||
0 TestUser50 undef
|
|
||||||
0 TestUser51 undef
|
|
||||||
-0 PayPalEE OID.2.16.840.1.114412.1.1
|
|
||||||
+0 PayPalEE OID.2.16.840.1.114412.2.1
|
|
242
nss.spec
242
nss.spec
|
@ -1,14 +1,13 @@
|
||||||
%global nspr_version 4.20.0
|
%global nspr_version 4.25.0
|
||||||
%global nss_version 3.39.0
|
%global nss_version 3.52.0
|
||||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
|
||||||
%global saved_files_dir %{_libdir}/nss/saved
|
%global saved_files_dir %{_libdir}/nss/saved
|
||||||
%global prelink_conf_dir %{_sysconfdir}/prelink.conf.d/
|
|
||||||
%global dracutlibdir %{_prefix}/lib/dracut
|
%global dracutlibdir %{_prefix}/lib/dracut
|
||||||
%global dracut_modules_dir %{dracutlibdir}/modules.d/05nss-softokn/
|
%global dracut_modules_dir %{dracutlibdir}/modules.d/05nss-softokn/
|
||||||
%global dracut_conf_dir %{dracutlibdir}/dracut.conf.d
|
%global dracut_conf_dir %{dracutlibdir}/dracut.conf.d
|
||||||
|
|
||||||
%bcond_without tests
|
%bcond_without tests
|
||||||
|
%bcond_without dbm
|
||||||
|
|
||||||
# Produce .chk files for the final stripped binaries
|
# Produce .chk files for the final stripped binaries
|
||||||
#
|
#
|
||||||
|
@ -26,7 +25,7 @@
|
||||||
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
|
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
|
||||||
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreeblpriv3.so \
|
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreeblpriv3.so \
|
||||||
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
|
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
|
||||||
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \
|
%{?with_dbm:$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so} \
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
# The upstream omits the trailing ".0", while we need it for
|
# The upstream omits the trailing ".0", while we need it for
|
||||||
|
@ -45,9 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: %{nss_version}
|
Version: %{nss_version}
|
||||||
# for Rawhide, please always use release >= 2
|
Release: 2%{?dist}
|
||||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
|
||||||
Release: 4%{?dist}
|
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Requires: nspr >= %{nspr_version}
|
Requires: nspr >= %{nspr_version}
|
||||||
|
@ -67,13 +64,13 @@ BuildRequires: gawk
|
||||||
BuildRequires: psmisc
|
BuildRequires: psmisc
|
||||||
BuildRequires: perl-interpreter
|
BuildRequires: perl-interpreter
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
|
BuildRequires: quilt
|
||||||
|
|
||||||
Source0: https://ftp.mozilla.org/pub/security/nss/releases/%{nss_release_tag}/src/%{name}-%{nss_archive_version}.tar.gz
|
Source0: https://ftp.mozilla.org/pub/security/nss/releases/%{nss_release_tag}/src/%{name}-%{nss_archive_version}.tar.gz
|
||||||
Source1: nss-util.pc.in
|
Source1: nss-util.pc.in
|
||||||
Source2: nss-util-config.in
|
Source2: nss-util-config.in
|
||||||
Source3: nss-softokn.pc.in
|
Source3: nss-softokn.pc.in
|
||||||
Source4: nss-softokn-config.in
|
Source4: nss-softokn-config.in
|
||||||
Source5: nss-softokn-prelink.conf
|
|
||||||
Source6: nss-softokn-dracut-module-setup.sh
|
Source6: nss-softokn-dracut-module-setup.sh
|
||||||
Source7: nss-softokn-dracut.conf
|
Source7: nss-softokn-dracut.conf
|
||||||
Source8: nss.pc.in
|
Source8: nss.pc.in
|
||||||
|
@ -94,14 +91,9 @@ Source25: key3.db.xml
|
||||||
Source26: key4.db.xml
|
Source26: key4.db.xml
|
||||||
Source27: secmod.db.xml
|
Source27: secmod.db.xml
|
||||||
Source28: nss-p11-kit.config
|
Source28: nss-p11-kit.config
|
||||||
Source29: PayPalICA.cert
|
|
||||||
Source30: PayPalEE.cert
|
|
||||||
|
|
||||||
Patch1: renegotiate-transitional.patch
|
|
||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
|
||||||
Patch2: nss-539183.patch
|
Patch2: nss-539183.patch
|
||||||
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
|
|
||||||
Patch3: utilwrap-include-templates.patch
|
|
||||||
# This patch uses the GCC -iquote option documented at
|
# This patch uses the GCC -iquote option documented at
|
||||||
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
|
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
|
||||||
# to give the in-tree headers a higher priority over the system headers,
|
# to give the in-tree headers a higher priority over the system headers,
|
||||||
|
@ -114,10 +106,14 @@ Patch3: utilwrap-include-templates.patch
|
||||||
# Once the buildroot aha been bootstrapped the patch may be removed
|
# Once the buildroot aha been bootstrapped the patch may be removed
|
||||||
# but it doesn't hurt to keep it.
|
# but it doesn't hurt to keep it.
|
||||||
Patch4: iquote.patch
|
Patch4: iquote.patch
|
||||||
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
Patch12: nss-signtool-format.patch
|
||||||
Patch5: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
# https://github.com/FStarLang/kremlin/issues/166
|
||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1505317
|
Patch13: nss-kremlin-ppc64le.patch
|
||||||
Patch6: nss-tests-paypal-certs-v2.patch
|
%if 0%{?fedora} < 34
|
||||||
|
%if 0%{?rhel} < 9
|
||||||
|
Patch20: nss-gcm-param-default-pkcs11v2.patch
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
|
@ -145,7 +141,7 @@ Summary: System NSS Initialization
|
||||||
# providing nss-system-init without version so that it can
|
# providing nss-system-init without version so that it can
|
||||||
# be replaced by a better one, e.g. supplied by the os vendor
|
# be replaced by a better one, e.g. supplied by the os vendor
|
||||||
Provides: nss-system-init
|
Provides: nss-system-init
|
||||||
Requires: nss = %{version}-%{release}
|
Requires: nss%{?_isa} = %{version}-%{release}
|
||||||
Requires(post): coreutils, sed
|
Requires(post): coreutils, sed
|
||||||
|
|
||||||
%description sysinit
|
%description sysinit
|
||||||
|
@ -212,7 +208,6 @@ Requires: nspr >= 4.12
|
||||||
# For NSS_SecureMemcmpZero() from nss-util >= 3.33
|
# For NSS_SecureMemcmpZero() from nss-util >= 3.33
|
||||||
Requires: nss-util >= 3.33
|
Requires: nss-util >= 3.33
|
||||||
Conflicts: nss < 3.12.2.99.3-5
|
Conflicts: nss < 3.12.2.99.3-5
|
||||||
Conflicts: prelink < 0.4.3
|
|
||||||
Conflicts: filesystem < 3
|
Conflicts: filesystem < 3
|
||||||
|
|
||||||
%description softokn-freebl
|
%description softokn-freebl
|
||||||
|
@ -246,18 +241,14 @@ Header and library files for doing development with Network Security Services.
|
||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{nss_archive_version}
|
%autosetup -N -S quilt -n %{name}-%{nss_archive_version}
|
||||||
|
|
||||||
%patch1 -p0 -b .transitional
|
|
||||||
%patch2 -p0 -b .539183
|
|
||||||
%patch3 -p0 -b .templates
|
|
||||||
%patch4 -p0 -b .iquote
|
|
||||||
%patch5 -p0 -b .1185708_3des
|
|
||||||
pushd nss
|
pushd nss
|
||||||
%patch6 -p1 -b .paypal-certs
|
%autopatch -p1
|
||||||
cp %{SOURCE29} %{SOURCE30} tests/libpkix/certs
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1247353
|
||||||
|
find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
|
@ -284,6 +275,12 @@ export BUILD_OPT=1
|
||||||
# Generate symbolic info for debuggers
|
# Generate symbolic info for debuggers
|
||||||
export XCFLAGS=$RPM_OPT_FLAGS
|
export XCFLAGS=$RPM_OPT_FLAGS
|
||||||
|
|
||||||
|
# Work around false-positive warnings with gcc 10:
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1803029
|
||||||
|
%ifarch s390x
|
||||||
|
export XCFLAGS="$XCFLAGS -Wno-error=maybe-uninitialized"
|
||||||
|
%endif
|
||||||
|
|
||||||
export LDFLAGS=$RPM_LD_FLAGS
|
export LDFLAGS=$RPM_LD_FLAGS
|
||||||
|
|
||||||
export DSO_LDOPTS=$RPM_LD_FLAGS
|
export DSO_LDOPTS=$RPM_LD_FLAGS
|
||||||
|
@ -298,15 +295,19 @@ export NSS_USE_SYSTEM_SQLITE=1
|
||||||
|
|
||||||
export NSS_ALLOW_SSLKEYLOGFILE=1
|
export NSS_ALLOW_SSLKEYLOGFILE=1
|
||||||
|
|
||||||
|
%if %{with dbm}
|
||||||
|
%else
|
||||||
|
export NSS_DISABLE_DBM=1
|
||||||
|
%endif
|
||||||
|
|
||||||
%ifnarch noarch
|
%ifnarch noarch
|
||||||
%if 0%{__isa_bits} == 64
|
%if 0%{__isa_bits} == 64
|
||||||
export USE_64=1
|
export USE_64=1
|
||||||
%endif
|
%endif
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
##### phase 2: build the rest of nss
|
%{__make} -C ./nss/coreconf
|
||||||
make -C ./nss/coreconf
|
%{__make} -C ./nss/lib/dbm
|
||||||
make -C ./nss/lib/dbm
|
|
||||||
|
|
||||||
# Set the policy file location
|
# Set the policy file location
|
||||||
# if set NSS will always check for the policy file and load if it exists
|
# if set NSS will always check for the policy file and load if it exists
|
||||||
|
@ -314,11 +315,11 @@ export POLICY_FILE="nss.config"
|
||||||
# location of the policy file
|
# location of the policy file
|
||||||
export POLICY_PATH="/etc/crypto-policies/back-ends"
|
export POLICY_PATH="/etc/crypto-policies/back-ends"
|
||||||
|
|
||||||
make -C ./nss
|
%{__make} -C ./nss
|
||||||
|
|
||||||
# build the man pages clean
|
# build the man pages clean
|
||||||
pushd ./nss
|
pushd ./nss
|
||||||
make clean_docs build_docs
|
%{__make} clean_docs build_docs
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# and copy them to the dist directory for %%install to find them
|
# and copy them to the dist directory for %%install to find them
|
||||||
|
@ -467,8 +468,7 @@ fi
|
||||||
MYRAND=`perl -e 'print 9000 + int rand 1000'`; echo $MYRAND ||:
|
MYRAND=`perl -e 'print 9000 + int rand 1000'`; echo $MYRAND ||:
|
||||||
RANDSERV=selfserv_${MYRAND}; echo $RANDSERV ||:
|
RANDSERV=selfserv_${MYRAND}; echo $RANDSERV ||:
|
||||||
DISTBINDIR=`ls -d ./dist/*.OBJ/bin`; echo $DISTBINDIR ||:
|
DISTBINDIR=`ls -d ./dist/*.OBJ/bin`; echo $DISTBINDIR ||:
|
||||||
pushd `pwd`
|
pushd "$DISTBINDIR"
|
||||||
cd $DISTBINDIR
|
|
||||||
ln -s selfserv $RANDSERV
|
ln -s selfserv $RANDSERV
|
||||||
popd
|
popd
|
||||||
# man perlrun, man perlrequick
|
# man perlrun, man perlrequick
|
||||||
|
@ -481,7 +481,7 @@ find ./nss/tests -type f |\
|
||||||
killall $RANDSERV || :
|
killall $RANDSERV || :
|
||||||
|
|
||||||
rm -rf ./tests_results
|
rm -rf ./tests_results
|
||||||
pushd ./nss/tests/
|
pushd nss/tests
|
||||||
# all.sh is the test suite script
|
# all.sh is the test suite script
|
||||||
|
|
||||||
# don't need to run all the tests when testing packaging
|
# don't need to run all the tests when testing packaging
|
||||||
|
@ -498,38 +498,9 @@ pushd ./nss/tests/
|
||||||
# % define nss_ssl_run "cov"
|
# % define nss_ssl_run "cov"
|
||||||
|
|
||||||
HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh
|
HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh
|
||||||
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# Normally, the grep exit status is 0 if selected lines are found and 1 otherwise,
|
|
||||||
# Grep exits with status greater than 1 if an error ocurred.
|
|
||||||
# If there are test failures we expect TEST_FAILURES > 0 and GREP_EXIT_STATUS = 0,
|
|
||||||
# With no test failures we expect TEST_FAILURES = 0 and GREP_EXIT_STATUS = 1, whereas
|
|
||||||
# GREP_EXIT_STATUS > 1 would indicate an error in grep such as failure to find the log file.
|
|
||||||
killall $RANDSERV || :
|
killall $RANDSERV || :
|
||||||
|
|
||||||
TEST_FAILURES=$(grep -c -- '- FAILED$' ./tests_results/security/localhost.1/output.log) || GREP_EXIT_STATUS=$?
|
|
||||||
|
|
||||||
if [ ${GREP_EXIT_STATUS:-0} -eq 1 ]; then
|
|
||||||
echo "okay: test suite detected no failures"
|
|
||||||
else
|
|
||||||
if [ ${GREP_EXIT_STATUS:-0} -eq 0 ]; then
|
|
||||||
# while a situation in which grep return status is 0 and it doesn't output
|
|
||||||
# anything shouldn't happen, set the default to something that is
|
|
||||||
# obviously wrong (-1)
|
|
||||||
echo "error: test suite had ${TEST_FAILURES:--1} test failure(s)"
|
|
||||||
exit 1
|
|
||||||
else
|
|
||||||
if [ ${GREP_EXIT_STATUS:-0} -eq 2 ]; then
|
|
||||||
echo "error: grep has not found log file"
|
|
||||||
exit 1
|
|
||||||
else
|
|
||||||
echo "error: grep failed with exit code: ${GREP_EXIT_STATUS}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
echo "test suite completed"
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%install
|
%install
|
||||||
|
@ -543,7 +514,6 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir}
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
mkdir -p $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
|
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{saved_files_dir}
|
mkdir -p $RPM_BUILD_ROOT/%{saved_files_dir}
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{prelink_conf_dir}
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{dracut_modules_dir}
|
mkdir -p $RPM_BUILD_ROOT/%{dracut_modules_dir}
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{dracut_conf_dir}
|
mkdir -p $RPM_BUILD_ROOT/%{dracut_conf_dir}
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
|
||||||
|
@ -554,7 +524,6 @@ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/nss-tools
|
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/nss-tools
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{prelink_conf_dir}
|
|
||||||
install -m 755 %{SOURCE6} $RPM_BUILD_ROOT/%{dracut_modules_dir}/module-setup.sh
|
install -m 755 %{SOURCE6} $RPM_BUILD_ROOT/%{dracut_modules_dir}/module-setup.sh
|
||||||
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{dracut_conf_dir}/50-nss-softokn.conf
|
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{dracut_conf_dir}/50-nss-softokn.conf
|
||||||
|
|
||||||
|
@ -562,7 +531,7 @@ mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man5
|
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man5
|
||||||
|
|
||||||
# Copy the binary libraries we want
|
# Copy the binary libraries we want
|
||||||
for file in libnssutil3.so libsoftokn3.so libnssdbm3.so libfreebl3.so libfreeblpriv3.so libnss3.so libnsssysinit.so libsmime3.so libssl3.so
|
for file in libnssutil3.so libsoftokn3.so %{?with_dbm:libnssdbm3.so} libfreebl3.so libfreeblpriv3.so libnss3.so libnsssysinit.so libsmime3.so libssl3.so
|
||||||
do
|
do
|
||||||
install -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
install -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
||||||
done
|
done
|
||||||
|
@ -603,7 +572,7 @@ do
|
||||||
done
|
done
|
||||||
|
|
||||||
# Copy some freebl include files we also want
|
# Copy some freebl include files we also want
|
||||||
for file in blapi.h alghmac.h
|
for file in blapi.h alghmac.h cmac.h
|
||||||
do
|
do
|
||||||
install -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
|
install -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
|
||||||
done
|
done
|
||||||
|
@ -638,7 +607,7 @@ for f in nss-config setup-nsssysinit; do
|
||||||
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
||||||
done
|
done
|
||||||
# Copy the man pages for the nss tools
|
# Copy the man pages for the nss tools
|
||||||
for f in "%{allTools}"; do
|
for f in certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv; do
|
||||||
install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
||||||
done
|
done
|
||||||
%if %{defined rhel}
|
%if %{defined rhel}
|
||||||
|
@ -665,10 +634,10 @@ install -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/loc
|
||||||
/usr/bin/setup-nsssysinit.sh on
|
/usr/bin/setup-nsssysinit.sh on
|
||||||
|
|
||||||
%post
|
%post
|
||||||
update-crypto-policies
|
update-crypto-policies &> /dev/null || :
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
update-crypto-policies
|
update-crypto-policies &> /dev/null || :
|
||||||
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
|
@ -865,8 +834,10 @@ update-crypto-policies
|
||||||
%{_includedir}/nss3/templates/templates.c
|
%{_includedir}/nss3/templates/templates.c
|
||||||
|
|
||||||
%files softokn
|
%files softokn
|
||||||
|
%if %{with dbm}
|
||||||
%{_libdir}/libnssdbm3.so
|
%{_libdir}/libnssdbm3.so
|
||||||
%{_libdir}/libnssdbm3.chk
|
%{_libdir}/libnssdbm3.chk
|
||||||
|
%endif
|
||||||
%{_libdir}/libsoftokn3.so
|
%{_libdir}/libsoftokn3.so
|
||||||
%{_libdir}/libsoftokn3.chk
|
%{_libdir}/libsoftokn3.chk
|
||||||
# shared with nss-tools
|
# shared with nss-tools
|
||||||
|
@ -887,8 +858,6 @@ update-crypto-policies
|
||||||
%{_libdir}/libfreeblpriv3.so
|
%{_libdir}/libfreeblpriv3.so
|
||||||
%{_libdir}/libfreeblpriv3.chk
|
%{_libdir}/libfreeblpriv3.chk
|
||||||
#shared
|
#shared
|
||||||
%dir %{prelink_conf_dir}
|
|
||||||
%{prelink_conf_dir}/nss-softokn-prelink.conf
|
|
||||||
%dir %{dracut_modules_dir}
|
%dir %{dracut_modules_dir}
|
||||||
%{dracut_modules_dir}/module-setup.sh
|
%{dracut_modules_dir}/module-setup.sh
|
||||||
%{dracut_conf_dir}/50-nss-softokn.conf
|
%{dracut_conf_dir}/50-nss-softokn.conf
|
||||||
|
@ -898,6 +867,7 @@ update-crypto-policies
|
||||||
%{_includedir}/nss3/blapi.h
|
%{_includedir}/nss3/blapi.h
|
||||||
%{_includedir}/nss3/blapit.h
|
%{_includedir}/nss3/blapit.h
|
||||||
%{_includedir}/nss3/alghmac.h
|
%{_includedir}/nss3/alghmac.h
|
||||||
|
%{_includedir}/nss3/cmac.h
|
||||||
%{_includedir}/nss3/lowkeyi.h
|
%{_includedir}/nss3/lowkeyi.h
|
||||||
%{_includedir}/nss3/lowkeyti.h
|
%{_includedir}/nss3/lowkeyti.h
|
||||||
|
|
||||||
|
@ -922,6 +892,128 @@ update-crypto-policies
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed May 13 2020 Bob Relyea <rrelyea@redhat.com> - 3.52.0-2
|
||||||
|
- Delay CK_GCM_PARAMS semantics until fedora 34
|
||||||
|
|
||||||
|
* Mon May 11 2020 Daiki Ueno <dueno@redhat.com> - 3.52.0-1
|
||||||
|
- Update to NSS 3.52
|
||||||
|
|
||||||
|
* Sat Apr 25 2020 Daiki Ueno <dueno@redhat.com> - 3.51.1-2
|
||||||
|
- Temporarily revert DBM disablement for kernel build failure (#1827902)
|
||||||
|
|
||||||
|
* Mon Apr 20 2020 Daiki Ueno <dueno@redhat.com> - 3.51.1-1
|
||||||
|
- Update to NSS 3.51.1
|
||||||
|
- Disable building DBM backend
|
||||||
|
|
||||||
|
* Tue Apr 7 2020 Daiki Ueno <dueno@redhat.com> - 3.51.0-1
|
||||||
|
- Update to NSS 3.51
|
||||||
|
|
||||||
|
* Thu Mar 26 2020 Tom Stellard <tstellar@redhat.com> - 3.50.0-3
|
||||||
|
- Use __make macro to invoke make
|
||||||
|
|
||||||
|
* Thu Mar 5 2020 Daiki Ueno <dueno@redhat.com> - 3.50.0-2
|
||||||
|
- Apply CMAC fixes from upstream
|
||||||
|
|
||||||
|
* Mon Feb 17 2020 Daiki Ueno <dueno@redhat.com> - 3.50.0-1
|
||||||
|
- Update to NSS 3.50
|
||||||
|
|
||||||
|
* Fri Feb 14 2020 Daiki Ueno <dueno@redhat.com> - 3.49.2-3
|
||||||
|
- Ignore false-positive compiler warnings with gcc 10
|
||||||
|
- Fix build with gcc 10
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.49.2-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jan 27 2020 Daiki Ueno <dueno@redhat.com> - 3.49.2-1
|
||||||
|
- Update to NSS 3.49.2
|
||||||
|
- Don't enable TLS 1.3 by default (#1794814)
|
||||||
|
|
||||||
|
* Fri Jan 10 2020 Daiki Ueno <dueno@redhat.com> - 3.49.0-1
|
||||||
|
- Update to NSS 3.49
|
||||||
|
- Fix build on armv7hl with the patch proposed in upstream
|
||||||
|
|
||||||
|
* Fri Jan 3 2020 Daiki Ueno <dueno@redhat.com> - 3.48.0-1
|
||||||
|
- Update to NSS 3.48
|
||||||
|
|
||||||
|
* Tue Dec 3 2019 Daiki Ueno <dueno@redhat.com> - 3.47.1-4
|
||||||
|
- Update nss-3.47-certdb-temp-cert.patch to avoid setting empty trust value
|
||||||
|
|
||||||
|
* Tue Dec 3 2019 Daiki Ueno <dueno@redhat.com> - 3.47.1-3
|
||||||
|
- Update nss-3.47-certdb-temp-cert.patch to the final version
|
||||||
|
|
||||||
|
* Thu Nov 28 2019 Daiki Ueno <dueno@redhat.com> - 3.47.1-2
|
||||||
|
- Fix intermittent SEC_ERROR_UNKNOWN_ISSUER (#1752303, #1648617)
|
||||||
|
|
||||||
|
* Fri Nov 22 2019 Daiki Ueno <dueno@redhat.com> - 3.47.1-1
|
||||||
|
- Update to NSS 3.47.1
|
||||||
|
|
||||||
|
* Mon Nov 4 2019 Bob Relyea <rrelyea@redhat.com> - 3.47.0-3
|
||||||
|
- Include ike mechanism fix
|
||||||
|
|
||||||
|
* Wed Oct 23 2019 Daiki Ueno <dueno@redhat.com> - 3.47.0-2
|
||||||
|
- Install cmac.h required by blapi.h (#1764513)
|
||||||
|
|
||||||
|
* Tue Oct 22 2019 Daiki Ueno <dueno@redhat.com> - 3.47.0-1
|
||||||
|
- Update to NSS 3.47
|
||||||
|
|
||||||
|
* Mon Oct 21 2019 Daiki Ueno <dueno@redhat.com> - 3.46.1-1
|
||||||
|
- Update to NSS 3.46.1
|
||||||
|
|
||||||
|
* Tue Sep 3 2019 Daiki Ueno <dueno@redhat.com> - 3.46.0-1
|
||||||
|
- Update to NSS 3.46
|
||||||
|
|
||||||
|
* Thu Aug 29 2019 Daiki Ueno <dueno@redhat.com> - 3.45.0-1
|
||||||
|
- Update to NSS 3.45
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.44.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 2 2019 Daiki Ueno <dueno@redhat.com> - 3.44.1-1
|
||||||
|
- Update to NSS 3.44.1
|
||||||
|
|
||||||
|
* Mon May 20 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-2
|
||||||
|
- Skip TLS 1.3 tests under FIPS mode
|
||||||
|
|
||||||
|
* Fri May 17 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-1
|
||||||
|
- Update to NSS 3.44
|
||||||
|
|
||||||
|
* Mon May 6 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-3
|
||||||
|
- Fix PKCS#11 module leak if C_GetSlotInfo() failed
|
||||||
|
|
||||||
|
* Tue Mar 26 2019 Elio Maldonado <elio.maldonado.batiz@gmail.com> - 3.43.0-2
|
||||||
|
- Update %%{nspr_version} to 4.21.0 and remove obsolete comment
|
||||||
|
|
||||||
|
* Thu Mar 21 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-1
|
||||||
|
- Update to NSS 3.43
|
||||||
|
|
||||||
|
* Mon Feb 11 2019 Daiki Ueno <dueno@redhat.com> - 3.42.1-1
|
||||||
|
- Update to NSS 3.42.1
|
||||||
|
|
||||||
|
* Fri Feb 8 2019 Daiki Ueno <dueno@redhat.com> - 3.42.0-1
|
||||||
|
- Update to NSS 3.42
|
||||||
|
|
||||||
|
* Fri Feb 8 2019 Daiki Ueno <dueno@redhat.com> - 3.41.0-5
|
||||||
|
- Simplify test failure detection in %%check
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.41.0-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jan 11 2019 Daiki Ueno <dueno@redhat.com> - 3.41.0-3
|
||||||
|
- Remove prelink.conf as prelink was removed in F24, suggested by
|
||||||
|
Harald Reindl
|
||||||
|
- Use quilt for %%autopatch
|
||||||
|
- Make sysinit require arch-dependent nss, suggested by Igor Gnatenko
|
||||||
|
- Silence %%post/%%postun scriptlets, suggested by Ian Collier
|
||||||
|
|
||||||
|
* Mon Dec 10 2018 Daiki Ueno <dueno@redhat.com> - 3.41.0-1
|
||||||
|
- Update to NSS 3.41
|
||||||
|
|
||||||
|
* Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-3
|
||||||
|
- Remove unnecessary patches
|
||||||
|
|
||||||
|
* Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-2
|
||||||
|
- Update to NSS 3.40.1
|
||||||
|
|
||||||
* Wed Nov 14 2018 Daiki Ueno <dueno@redhat.com> - 3.39.0-4
|
* Wed Nov 14 2018 Daiki Ueno <dueno@redhat.com> - 3.39.0-4
|
||||||
- Consolidate nss-util, nss-softokn, and nss into a single package
|
- Consolidate nss-util, nss-softokn, and nss into a single package
|
||||||
- Fix FTBFS with expired test certs
|
- Fix FTBFS with expired test certs
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
diff -up nss/lib/ssl/sslsock.c.transitional nss/lib/ssl/sslsock.c
|
|
||||||
--- nss/lib/ssl/sslsock.c.transitional 2018-03-09 13:57:50.615706802 +0100
|
|
||||||
+++ nss/lib/ssl/sslsock.c 2018-03-09 13:58:23.708974970 +0100
|
|
||||||
@@ -67,7 +67,7 @@ static sslOptions ssl_defaults = {
|
|
||||||
.noLocks = PR_FALSE,
|
|
||||||
.enableSessionTickets = PR_FALSE,
|
|
||||||
.enableDeflate = PR_FALSE,
|
|
||||||
- .enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN,
|
|
||||||
+ .enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL,
|
|
||||||
.requireSafeNegotiation = PR_FALSE,
|
|
||||||
.enableFalseStart = PR_FALSE,
|
|
||||||
.cbcRandomIV = PR_TRUE,
|
|
|
@ -1,23 +0,0 @@
|
||||||
--- ./nss/lib/ssl/ssl3con.c.1185708_3des 2016-06-23 21:10:09.765992512 -0400
|
|
||||||
+++ ./nss/lib/ssl/ssl3con.c 2016-06-23 22:58:39.121398601 -0400
|
|
||||||
@@ -118,18 +118,18 @@
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
|
|
||||||
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
{ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
4
sources
4
sources
|
@ -3,6 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
|
||||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||||
SHA512 (nss-3.39.tar.gz) = 16358c2d8660ca301410b1d39b2eae64fe2ebbbfab797872410e5fcc67f802ef48f4e362edeecb0591626c77013537019094a6a5dfc8d24487b6b6e54564da8f
|
SHA512 (nss-3.52.tar.gz) = a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6
|
||||||
SHA512 (PayPalEE.cert) = 602518b8476b40dd241879923a36a433f3220eb28a8c4f7d941131def6e3d00b01d92050ab498e2a08763b02c3c4709855de0ee23a0053d26f4fa9f9f33aaad3
|
|
||||||
SHA512 (PayPalICA.cert) = 013795ebb3f13a1cbd5d9d82eef2f439852e461200f12df9790d0b1d63863dc7755af378ea4758f4c8a3a619dfd2d0d43a59da77553caed57611815d6263946b
|
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
diff -up nss/lib/nss/config.mk.templates nss/lib/nss/config.mk
|
|
||||||
--- nss/lib/nss/config.mk.templates 2013-06-18 11:32:07.590089155 -0700
|
|
||||||
+++ nss/lib/nss/config.mk 2013-06-18 11:33:28.732763345 -0700
|
|
||||||
@@ -3,6 +3,10 @@
|
|
||||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
||||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
||||||
|
|
||||||
+#ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
|
|
||||||
+INCLUDES += -I/usr/include/nss3/templates
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
# can't do this in manifest.mn because OS_TARGET isn't defined there.
|
|
||||||
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
|
|
||||||
|
|
Loading…
Reference in New Issue