Compare commits
No commits in common. "main-riscv64" and "master" have entirely different histories.
main-riscv
...
master
|
|
@ -1 +0,0 @@
|
|||
1
|
||||
|
|
@ -49,40 +49,3 @@ TestUser51.cert
|
|||
/nss-3.51.tar.gz
|
||||
/nss-3.51.1.tar.gz
|
||||
/nss-3.52.tar.gz
|
||||
/nss-3.53.tar.gz
|
||||
/nss-3.54.tar.gz
|
||||
/nss-3.55.tar.gz
|
||||
/nss-3.56.tar.gz
|
||||
/nss-3.57.tar.gz
|
||||
/nss-3.58.tar.gz
|
||||
/nspr-4.29.tar.gz
|
||||
/nss-3.59.tar.gz
|
||||
/nss-3.60.1.tar.gz
|
||||
/nss-3.62.tar.gz
|
||||
/nss-3.63.tar.gz
|
||||
/nspr-4.30.tar.gz
|
||||
/nss-3.65.tar.gz
|
||||
/nss-3.67.tar.gz
|
||||
/nspr-4.31.tar.gz
|
||||
/nss-3.69.tar.gz
|
||||
/nspr-4.32.tar.gz
|
||||
/nss-3.71.tar.gz
|
||||
/nss-3.73.tar.gz
|
||||
/nss-3.75.tar.gz
|
||||
/nss-3.77.tar.gz
|
||||
/nss-3.79.tar.gz
|
||||
/nspr-4.34.tar.gz
|
||||
/nss-3.81.tar.gz
|
||||
/nss-3.83.tar.gz
|
||||
/nspr-4.35.tar.gz
|
||||
/nss-3.85.tar.gz
|
||||
/nss-3.87.tar.gz
|
||||
/nss-3.88.1.tar.gz
|
||||
/nss-3.89.tar.gz
|
||||
/nss-3.89-with-nspr-4.35.tar.gz
|
||||
/nss-3.90-with-nspr-4.35.tar.gz
|
||||
/nss-3.91-with-nspr-4.35.tar.gz
|
||||
/nss-3.92-with-nspr-4.35.tar.gz
|
||||
/nss-3.93-with-nspr-4.35.tar.gz
|
||||
/nss-3.94-with-nspr-4.35.tar.gz
|
||||
/nss-3.95-with-nspr-4.35.tar.gz
|
||||
|
|
|
|||
|
|
@ -1,37 +0,0 @@
|
|||
diff -up nspr/config/nspr-config.in.flags nspr/config/nspr-config.in
|
||||
--- nspr/config/nspr-config.in.flags 2013-05-29 13:46:34.147971410 -0700
|
||||
+++ nspr/config/nspr-config.in 2013-05-29 14:17:10.990838914 -0700
|
||||
@@ -102,7 +102,7 @@ if test -z "$includedir"; then
|
||||
includedir=@includedir@
|
||||
fi
|
||||
if test -z "$libdir"; then
|
||||
- libdir=@libdir@
|
||||
+ libdir=`pkg-config --variable=libdir nspr`
|
||||
fi
|
||||
|
||||
if test "$echo_prefix" = "yes"; then
|
||||
@@ -136,12 +136,12 @@ if test "$echo_libs" = "yes"; then
|
||||
if test -n "$lib_nspr"; then
|
||||
libdirs="$libdirs -lnspr${major_version}"
|
||||
fi
|
||||
- os_ldflags="@LDFLAGS@"
|
||||
+ os_ldflags=`pkg-config --variable=ldflags nspr`
|
||||
for i in $os_ldflags ; do
|
||||
if echo $i | grep \^-L >/dev/null; then
|
||||
libdirs="$libdirs $i"
|
||||
fi
|
||||
done
|
||||
- echo $libdirs @OS_LIBS@
|
||||
+ echo $libdirs `pkg-config --variable=os_libs nspr`
|
||||
fi
|
||||
|
||||
diff -up nspr/config/nspr.pc.in.flags nspr/config/nspr.pc.in
|
||||
--- nspr/config/nspr.pc.in.flags 2013-05-29 13:48:15.026643570 -0700
|
||||
+++ nspr/config/nspr.pc.in 2013-05-29 13:49:47.795202949 -0700
|
||||
@@ -6,5 +6,5 @@ includedir=@includedir@
|
||||
Name: NSPR
|
||||
Description: The Netscape Portable Runtime
|
||||
Version: @MOD_MAJOR_VERSION@.@MOD_MINOR_VERSION@.@MOD_PATCH_VERSION@
|
||||
-Libs: -L@libdir@ -lplds@MOD_MAJOR_VERSION@ -lplc@MOD_MAJOR_VERSION@ -lnspr@MOD_MAJOR_VERSION@
|
||||
+Libs: -L@libdir@ -lplds@MOD_MAJOR_VERSION@ -lplc@MOD_MAJOR_VERSION@ -lnspr@MOD_MAJOR_VERSION@ @OS_LIBS@
|
||||
Cflags: -I@includedir@
|
||||
127
nspr-config.xml
127
nspr-config.xml
|
|
@ -1,127 +0,0 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="nspr-config">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Netscape Portable Runtime</title>
|
||||
<productname>nspr</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>nspr-config</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>nspr-config</refname>
|
||||
<refpurpose>Return meta information about nspr libraries</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>nspr-config</command>
|
||||
<arg><option>--prefix</option></arg>
|
||||
<arg><option>--exec-prefix</option></arg>
|
||||
<arg><option>--includedir</option></arg>
|
||||
<arg><option>--libs</option></arg>
|
||||
<arg><option>--cflags</option></arg>
|
||||
<arg><option>--libdir</option></arg>
|
||||
<arg><option>--version</option></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><command>nspr-config</command> is a shell script which can be used to obtain gcc options for building client pacakges of nspr.</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Options</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--prefix</option></term>
|
||||
<listitem><simpara>Returns the top level system directory under which the nspr libraries are installed.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--exec-prefix</option></term>
|
||||
<listitem><simpara>Returns the top level system directory under which any nspr binaries would be installed.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--includedir</option> <replaceable>count</replaceable></term>
|
||||
<listitem><simpara>Returns the path to the directory were the nspr headers are installed.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--version</option></term>
|
||||
<listitem><simpara>Returns the upstream version of nspr in the form major_version-minor_version-patch_version.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--libs</option></term>
|
||||
<listitem><simpara>Returns the compiler linking flags.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--cflags</option></term>
|
||||
<listitem><simpara>Returns the compiler include flags.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--libdir</option></term>
|
||||
<listitem><simpara>Returns the path to the directory were the nspr libraries are installed.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Examples</title>
|
||||
|
||||
<para>The following example will query for both include path and linkage flags:
|
||||
<programlisting>
|
||||
/usr/bin/nspr-config --cflags --libs
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
|
||||
<para><filename>/usr/bin/nspr-config</filename></para>
|
||||
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>pkg-config(1)</para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The NSPR liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>
|
||||
Authors: Elio Maldonado <emaldona@redhat.com>.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
</refentry>
|
||||
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
diff -up ./pr/include/md/_linux.h.gcc-atomics ./pr/include/md/_linux.h
|
||||
--- ./pr/include/md/_linux.h.gcc-atomics 2022-09-20 11:23:22.008942926 -0700
|
||||
+++ ./pr/include/md/_linux.h 2022-09-20 11:34:45.536751340 -0700
|
||||
@@ -105,6 +105,15 @@
|
||||
#endif
|
||||
|
||||
#if defined(__i386__)
|
||||
+#if defined(__GNUC__)
|
||||
+/* Use GCC built-in functions */
|
||||
+#define _PR_HAVE_ATOMIC_OPS
|
||||
+#define _MD_INIT_ATOMIC()
|
||||
+#define _MD_ATOMIC_INCREMENT(ptr) __sync_add_and_fetch(ptr, 1)
|
||||
+#define _MD_ATOMIC_DECREMENT(ptr) __sync_sub_and_fetch(ptr, 1)
|
||||
+#define _MD_ATOMIC_ADD(ptr, i) __sync_add_and_fetch(ptr, i)
|
||||
+#define _MD_ATOMIC_SET(ptr, nv) __sync_lock_test_and_set(ptr, nv)
|
||||
+#else
|
||||
#define _PR_HAVE_ATOMIC_OPS
|
||||
#define _MD_INIT_ATOMIC()
|
||||
extern PRInt32 _PR_x86_AtomicIncrement(PRInt32 *val);
|
||||
@@ -116,6 +125,7 @@ extern PRInt32 _PR_x86_AtomicAdd(PRInt32
|
||||
extern PRInt32 _PR_x86_AtomicSet(PRInt32 *val, PRInt32 newval);
|
||||
#define _MD_ATOMIC_SET _PR_x86_AtomicSet
|
||||
#endif
|
||||
+#endif
|
||||
|
||||
#if defined(__ia64__)
|
||||
#define _PR_HAVE_ATOMIC_OPS
|
||||
@@ -131,6 +141,15 @@ extern PRInt32 _PR_ia64_AtomicSet(PRInt3
|
||||
#endif
|
||||
|
||||
#if defined(__x86_64__)
|
||||
+#if defined(__GNUC__)
|
||||
+/* Use GCC built-in functions */
|
||||
+#define _PR_HAVE_ATOMIC_OPS
|
||||
+#define _MD_INIT_ATOMIC()
|
||||
+#define _MD_ATOMIC_INCREMENT(ptr) __sync_add_and_fetch(ptr, 1)
|
||||
+#define _MD_ATOMIC_DECREMENT(ptr) __sync_sub_and_fetch(ptr, 1)
|
||||
+#define _MD_ATOMIC_ADD(ptr, i) __sync_add_and_fetch(ptr, i)
|
||||
+#define _MD_ATOMIC_SET(ptr, nv) __sync_lock_test_and_set(ptr, nv)
|
||||
+#else
|
||||
#define _PR_HAVE_ATOMIC_OPS
|
||||
#define _MD_INIT_ATOMIC()
|
||||
extern PRInt32 _PR_x86_64_AtomicIncrement(PRInt32 *val);
|
||||
@@ -142,6 +161,7 @@ extern PRInt32 _PR_x86_64_AtomicAdd(PRIn
|
||||
extern PRInt32 _PR_x86_64_AtomicSet(PRInt32 *val, PRInt32 newval);
|
||||
#define _MD_ATOMIC_SET _PR_x86_64_AtomicSet
|
||||
#endif
|
||||
+#endif
|
||||
|
||||
#if defined(__loongarch__)
|
||||
#if defined(__GNUC__)
|
||||
File diff suppressed because it is too large
Load Diff
|
|
@ -1,78 +0,0 @@
|
|||
diff --git a/cmd/ecperf/ecperf.c b/cmd/ecperf/ecperf.c
|
||||
--- a/cmd/ecperf/ecperf.c
|
||||
+++ b/cmd/ecperf/ecperf.c
|
||||
@@ -51,10 +51,11 @@
|
||||
int iters = threadData->iters;
|
||||
unsigned char sigData[256];
|
||||
SECItem sig;
|
||||
CK_SESSION_HANDLE session;
|
||||
CK_RV crv;
|
||||
+ void *tmp = NULL;
|
||||
|
||||
threadData->status = SECSuccess;
|
||||
threadData->count = 0;
|
||||
|
||||
/* get our thread's session */
|
||||
@@ -66,10 +67,11 @@
|
||||
}
|
||||
|
||||
if (threadData->isSign) {
|
||||
sig.data = sigData;
|
||||
sig.len = sizeof(sigData);
|
||||
+ tmp = threadData->p2;
|
||||
threadData->p2 = (void *)&sig;
|
||||
}
|
||||
|
||||
while (iters--) {
|
||||
threadData->status = (*op)(session, threadData->p1,
|
||||
@@ -77,27 +79,33 @@
|
||||
if (threadData->status != SECSuccess) {
|
||||
break;
|
||||
}
|
||||
threadData->count++;
|
||||
}
|
||||
+
|
||||
+ if (threadData->isSign) {
|
||||
+ threadData->p2 = tmp;
|
||||
+ }
|
||||
return;
|
||||
}
|
||||
|
||||
void
|
||||
genericThread(void *data)
|
||||
{
|
||||
ThreadData *threadData = (ThreadData *)data;
|
||||
int iters = threadData->iters;
|
||||
unsigned char sigData[256];
|
||||
SECItem sig;
|
||||
+ void *tmp = NULL;
|
||||
|
||||
threadData->status = SECSuccess;
|
||||
threadData->count = 0;
|
||||
|
||||
if (threadData->isSign) {
|
||||
sig.data = sigData;
|
||||
sig.len = sizeof(sigData);
|
||||
+ tmp = threadData->p2;
|
||||
threadData->p2 = (void *)&sig;
|
||||
}
|
||||
|
||||
while (iters--) {
|
||||
threadData->status = (*threadData->op)(threadData->p1,
|
||||
@@ -105,10 +113,14 @@
|
||||
if (threadData->status != SECSuccess) {
|
||||
break;
|
||||
}
|
||||
threadData->count++;
|
||||
}
|
||||
+
|
||||
+ if (threadData->isSign) {
|
||||
+ threadData->p2 = tmp;
|
||||
+ }
|
||||
return;
|
||||
}
|
||||
|
||||
/* Time iter repetitions of operation op. */
|
||||
SECStatus
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
--- nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700
|
||||
+++ nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700
|
||||
@@ -953,23 +953,23 @@
|
||||
getBoundListenSocket(unsigned short port)
|
||||
{
|
||||
PRFileDesc *listen_sock;
|
||||
int listenQueueDepth = 5 + (2 * maxThreads);
|
||||
PRStatus prStatus;
|
||||
PRNetAddr addr;
|
||||
PRSocketOptionData opt;
|
||||
|
||||
- addr.inet.family = PR_AF_INET;
|
||||
- addr.inet.ip = PR_INADDR_ANY;
|
||||
- addr.inet.port = PR_htons(port);
|
||||
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
|
||||
+ errExit("PR_SetNetAddr");
|
||||
+ }
|
||||
|
||||
- listen_sock = PR_NewTCPSocket();
|
||||
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
|
||||
if (listen_sock == NULL) {
|
||||
- errExit("PR_NewTCPSocket");
|
||||
+ errExit("PR_OpenTCPSockett");
|
||||
}
|
||||
|
||||
opt.option = PR_SockOpt_Nonblocking;
|
||||
opt.value.non_blocking = PR_FALSE;
|
||||
prStatus = PR_SetSocketOption(listen_sock, &opt);
|
||||
if (prStatus < 0) {
|
||||
PR_Close(listen_sock);
|
||||
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
|
||||
--- nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700
|
||||
+++ nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700
|
||||
@@ -1711,23 +1711,23 @@
|
||||
getBoundListenSocket(unsigned short port)
|
||||
{
|
||||
PRFileDesc *listen_sock;
|
||||
int listenQueueDepth = 5 + (2 * maxThreads);
|
||||
PRStatus prStatus;
|
||||
PRNetAddr addr;
|
||||
PRSocketOptionData opt;
|
||||
|
||||
- addr.inet.family = PR_AF_INET;
|
||||
- addr.inet.ip = PR_INADDR_ANY;
|
||||
- addr.inet.port = PR_htons(port);
|
||||
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
|
||||
+ errExit("PR_SetNetAddr");
|
||||
+ }
|
||||
|
||||
- listen_sock = PR_NewTCPSocket();
|
||||
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
|
||||
if (listen_sock == NULL) {
|
||||
- errExit("PR_NewTCPSocket");
|
||||
+ errExit("PR_OpenTCPSocket error");
|
||||
}
|
||||
|
||||
opt.option = PR_SockOpt_Nonblocking;
|
||||
opt.value.non_blocking = PR_FALSE;
|
||||
prStatus = PR_SetSocketOption(listen_sock, &opt);
|
||||
if (prStatus < 0) {
|
||||
PR_Close(listen_sock);
|
||||
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
diff -up ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 ./lib/util/pkcs11n.h
|
||||
--- ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 2020-05-13 13:44:11.312405744 -0700
|
||||
+++ ./lib/util/pkcs11n.h 2020-05-13 13:45:23.951723660 -0700
|
||||
@@ -605,7 +605,7 @@ typedef struct CK_NSS_GCM_PARAMS {
|
||||
typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR;
|
||||
|
||||
/* deprecated #defines. Drop in future NSS releases */
|
||||
-#ifdef NSS_PKCS11_2_0_COMPAT
|
||||
+#ifndef NSS_PKCS11_3_0_STRICT
|
||||
|
||||
/* defines that were changed between NSS's PKCS #11 and the Oasis headers */
|
||||
#define CKF_EC_FP CKF_EC_F_P
|
||||
@@ -664,7 +664,7 @@ typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_
|
||||
#define CKT_NETSCAPE_VALID CKT_NSS_VALID
|
||||
#define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
|
||||
#else
|
||||
-/* use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined */
|
||||
+/* use the new CK_GCM_PARAMS if NSS_PKCS11_3_0_STRICT is defined */
|
||||
typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS;
|
||||
typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR;
|
||||
#endif
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
Index: nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||
+++ nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||
@@ -56,9 +56,10 @@ typedef const char *Prims_string;
|
||||
!defined(__clang__)
|
||||
#include <emmintrin.h>
|
||||
typedef __m128i FStar_UInt128_uint128;
|
||||
-#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
|
||||
+#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
|
||||
(defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
|
||||
- (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
|
||||
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
|
||||
+ defined(__s390x__))
|
||||
typedef unsigned __int128 FStar_UInt128_uint128;
|
||||
#elif !defined(KRML_VERIFIED_UINT128) && defined(_MSC_VER) && defined(__clang__)
|
||||
typedef __uint128_t FStar_UInt128_uint128;
|
||||
Index: nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||
+++ nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||
@@ -26,7 +26,8 @@
|
||||
|
||||
#if !defined(KRML_VERIFIED_UINT128) && (!defined(_MSC_VER) || defined(__clang__)) && \
|
||||
(defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
|
||||
- (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
|
||||
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
|
||||
+ defined(__s390x__))
|
||||
|
||||
/* GCC + using native unsigned __int128 support */
|
||||
|
||||
|
|
@ -1,120 +0,0 @@
|
|||
diff -up ./doc/certutil.xml.no-dbm ./doc/certutil.xml
|
||||
--- ./doc/certutil.xml.no-dbm 2021-05-29 10:26:21.853386165 -0700
|
||||
+++ ./doc/certutil.xml 2021-05-29 10:31:15.057058619 -0700
|
||||
@@ -205,8 +205,7 @@ If this option is not used, the validity
|
||||
<para><command>certutil</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). </para>
|
||||
<para>NSS recognizes the following prefixes:</para>
|
||||
<itemizedlist>
|
||||
- <listitem><para><command>sql:</command> requests the newer database</para></listitem>
|
||||
- <listitem><para><command>dbm:</command> requests the legacy database</para></listitem>
|
||||
+ <listitem><para><command>sql:</command> requests the sql-lite database</para></listitem>
|
||||
</itemizedlist>
|
||||
<para>If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then <command>sql:</command> is the default.</para>
|
||||
</listitem>
|
||||
@@ -1205,17 +1204,9 @@ BerkeleyDB. These new databases provide
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
-<para>Because the SQLite databases are designed to be shared, these are the <emphasis>shared</emphasis> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</para>
|
||||
+<para>Because the SQLite databases are designed to be shared, these are the <emphasis>shared</emphasis> database type. </para>
|
||||
|
||||
-<para>By default, the tools (<command>certutil</command>, <command>pk12util</command>, <command>modutil</command>) assume that the given security databases use the SQLite type.
|
||||
-Using the legacy databases must be manually specified by using the <command>dbm:</command> prefix with the given security directory. For example:</para>
|
||||
-
|
||||
-<programlisting>$ certutil -L -d dbm:/home/my/sharednssdb</programlisting>
|
||||
-
|
||||
-<para>To set the legacy database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>dbm</envar>:</para>
|
||||
-<programlisting>export NSS_DEFAULT_DB_TYPE="dbm"</programlisting>
|
||||
-
|
||||
-<para>This line can be set added to the <filename>~/.bashrc</filename> file to make the change permanent.</para>
|
||||
+<para>By default, the tools (<command>certutil</command>, <command>pk12util</command>, <command>modutil</command>) assume that the given security databases use the SQLite type.</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
diff -up ./doc/modutil.xml.no-dbm ./doc/modutil.xml
|
||||
--- ./doc/modutil.xml.no-dbm 2021-05-29 10:26:21.854386171 -0700
|
||||
+++ ./doc/modutil.xml 2021-05-29 10:28:23.293078869 -0700
|
||||
@@ -151,7 +151,7 @@
|
||||
<varlistentry>
|
||||
<term>-dbdir directory</term>
|
||||
<listitem><para>Specify the database directory in which to access or create security module database files.</para>
|
||||
- <para><command>modutil</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). If the prefix <command>dbm:</command> is not used, then the tool assumes that the given databases are in SQLite format.</para></listitem>
|
||||
+ <para><command>modutil</command> supports SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@@ -689,15 +689,7 @@ BerkleyDB. These new databases provide m
|
||||
|
||||
<para>Because the SQLite databases are designed to be shared, these are the <emphasis>shared</emphasis> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</para>
|
||||
|
||||
-<para>By default, the tools (<command>certutil</command>, <command>pk12util</command>, <command>modutil</command>) assume that the given security databases use the SQLite type.
|
||||
-Using the legacy databases must be manually specified by using the <command>dbm:</command> prefix with the given security directory. For example:</para>
|
||||
-
|
||||
-<programlisting>modutil -create -dbdir dbm:/home/my/sharednssdb</programlisting>
|
||||
-
|
||||
-<para>To set the legacy database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>dbm</envar>:</para>
|
||||
-<programlisting>export NSS_DEFAULT_DB_TYPE="dbm"</programlisting>
|
||||
-
|
||||
-<para>This line can be added to the <filename>~/.bashrc</filename> file to make the change permanent for the user.</para>
|
||||
+<para>By default, the tools (<command>certutil</command>, <command>pk12util</command>, <command>modutil</command>) assume that the given security databases use the SQLite type. </para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
diff -up ./doc/pk12util.xml.no-dbm ./doc/pk12util.xml
|
||||
--- ./doc/pk12util.xml.no-dbm 2021-05-29 10:26:21.854386171 -0700
|
||||
+++ ./doc/pk12util.xml 2021-05-29 10:28:23.293078869 -0700
|
||||
@@ -90,7 +90,7 @@
|
||||
<varlistentry>
|
||||
<term>-d directory</term>
|
||||
<listitem><para>Specify the database directory into which to import to or export from certificates and keys.</para>
|
||||
- <para><command>pk12util</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). If the prefix <command>dbm:</command> is not used, then the tool assumes that the given databases are in the SQLite format.</para></listitem>
|
||||
+ <para><command>pk12util</command> supports SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@@ -394,15 +394,7 @@ BerkleyDB. These new databases provide m
|
||||
|
||||
<para>Because the SQLite databases are designed to be shared, these are the <emphasis>shared</emphasis> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</para>
|
||||
|
||||
-<para>By default, the tools (<command>certutil</command>, <command>pk12util</command>, <command>modutil</command>) assume that the given security databases use the SQLite type
|
||||
-Using the legacy databases must be manually specified by using the <command>dbm:</command> prefix with the given security directory. For example:</para>
|
||||
-
|
||||
-<programlisting># pk12util -i /tmp/cert-files/users.p12 -d dbm:/home/my/sharednssdb</programlisting>
|
||||
-
|
||||
-<para>To set the legacy database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>dbm</envar>:</para>
|
||||
-<programlisting>export NSS_DEFAULT_DB_TYPE="dbm"</programlisting>
|
||||
-
|
||||
-<para>This line can be set added to the <filename>~/.bashrc</filename> file to make the change permanent.</para>
|
||||
+<para>By default, the tools (<command>certutil</command>, <command>pk12util</command>, <command>modutil</command>) assume that the given security databases use the SQLite type. </para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
diff -up ./doc/signver.xml.no-dbm ./doc/signver.xml
|
||||
--- ./doc/signver.xml.no-dbm 2021-05-29 10:26:21.854386171 -0700
|
||||
+++ ./doc/signver.xml 2021-05-29 10:28:23.293078869 -0700
|
||||
@@ -66,7 +66,7 @@
|
||||
<varlistentry>
|
||||
<term>-d <emphasis>directory</emphasis></term>
|
||||
<listitem><para>Specify the database directory which contains the certificates and keys.</para>
|
||||
- <para><command>signver</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). If the prefix <command>dbm:</command> is not used, then the tool assumes that the given databases are in the SQLite format.</para></listitem>
|
||||
+ <para><command>signver</command> supports SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). </para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>-a</term>
|
||||
@@ -155,15 +155,7 @@ BerkleyDB. These new databases provide m
|
||||
|
||||
<para>Because the SQLite databases are designed to be shared, these are the <emphasis>shared</emphasis> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</para>
|
||||
|
||||
-<para>By default, the tools (<command>certutil</command>, <command>pk12util</command>, <command>modutil</command>) assume that the given security databases use the SQLite type
|
||||
-Using the legacy databases must be manually specified by using the <command>dbm:</command> prefix with the given security directory. For example:</para>
|
||||
-
|
||||
-<programlisting># signver -A -s <replaceable>signature</replaceable> -d dbm:/home/my/sharednssdb</programlisting>
|
||||
-
|
||||
-<para>To set the legacy database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>dbm</envar>:</para>
|
||||
-<programlisting>export NSS_DEFAULT_DB_TYPE="dbm"</programlisting>
|
||||
-
|
||||
-<para>This line can be added to the <filename>~/.bashrc</filename> file to make the change permanent for the user.</para>
|
||||
+<para>By default, the tools (<command>certutil</command>, <command>pk12util</command>, <command>modutil</command>) assume that the given security databases use the SQLite type.</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
|
|
@ -10,7 +10,7 @@ diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c
|
|||
|
||||
/* Recursively delete all entries in the directory */
|
||||
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
|
||||
- snprintf(filename, sizeof(filename), "%s/%s", path, entry->name);
|
||||
- sprintf(filename, "%s/%s", path, entry->name);
|
||||
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
|
||||
+ PR_CloseDir(dir);
|
||||
+ return -1;
|
||||
|
|
@ -26,19 +26,28 @@ diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c
|
|||
diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c
|
||||
--- a/cmd/signtool/util.c
|
||||
+++ b/cmd/signtool/util.c
|
||||
@@ -138,6 +138,12 @@ rm_dash_r(char *path)
|
||||
@@ -132,17 +132,20 @@ rm_dash_r(char *path)
|
||||
if (!dir) {
|
||||
PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
|
||||
errorCount++;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Recursively delete all entries in the directory */
|
||||
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
|
||||
snprintf(filename, sizeof(filename), "%s/%s", path, entry->name);
|
||||
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name
|
||||
+) >= sizeof(filename)) {
|
||||
- sprintf(filename, "%s/%s", path, entry->name);
|
||||
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
|
||||
+ errorCount++;
|
||||
+ PR_CloseDir(dir);
|
||||
+ return -1;
|
||||
+ }
|
||||
if (rm_dash_r(filename)) {
|
||||
PR_CloseDir(dir);
|
||||
if (rm_dash_r(filename))
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (PR_CloseDir(dir) != PR_SUCCESS) {
|
||||
PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
|
||||
errorCount++;
|
||||
return -1;
|
||||
diff --git a/lib/libpkix/pkix/util/pkix_list.c b/lib/libpkix/pkix/util/pkix_list.c
|
||||
--- a/lib/libpkix/pkix/util/pkix_list.c
|
||||
+++ b/lib/libpkix/pkix/util/pkix_list.c
|
||||
|
|
|
|||
565
nss.spec
565
nss.spec
|
|
@ -1,28 +1,13 @@
|
|||
%global nspr_version 4.35.0
|
||||
%global nss_version 3.95.0
|
||||
# NOTE: To avoid NVR clashes of nspr* packages:
|
||||
# - reset %%{nspr_release} to 1, when updating %%{nspr_version}
|
||||
# - increment %%{nspr_version}, when updating the NSS part only
|
||||
%global baserelease 1
|
||||
%global nss_release %baserelease
|
||||
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
|
||||
# release number between nss and nspr are different.
|
||||
%global nspr_release %[%baserelease+15]
|
||||
# only need to update this as we added new
|
||||
# algorithms under nss policy control
|
||||
%global crypto_policies_version 20210118
|
||||
%global nspr_version 4.25.0
|
||||
%global nss_version 3.52.0
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global saved_files_dir %{_libdir}/nss/saved
|
||||
%global dracutlibdir %{_prefix}/lib/dracut
|
||||
%global dracut_modules_dir %{dracutlibdir}/modules.d/05nss-softokn/
|
||||
%global dracut_conf_dir %{dracutlibdir}/dracut.conf.d
|
||||
|
||||
%ifnarch riscv64
|
||||
%bcond_without tests
|
||||
%else
|
||||
%bcond_with tests
|
||||
%endif
|
||||
%bcond_with dbm
|
||||
%bcond_without dbm
|
||||
|
||||
# Produce .chk files for the final stripped binaries
|
||||
#
|
||||
|
|
@ -46,11 +31,6 @@
|
|||
# The upstream omits the trailing ".0", while we need it for
|
||||
# consistency with the pkg-config version:
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1578106
|
||||
%{lua:
|
||||
rpm.define(string.format("nspr_archive_version %s",
|
||||
string.gsub(rpm.expand("%nspr_version"), "(.*)%.0$", "%1")))
|
||||
}
|
||||
|
||||
%{lua:
|
||||
rpm.define(string.format("nss_archive_version %s",
|
||||
string.gsub(rpm.expand("%nss_version"), "(.*)%.0$", "%1")))
|
||||
|
|
@ -61,13 +41,11 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
|||
string.gsub(rpm.expand("%nss_archive_version"), "%.", "_")))
|
||||
}
|
||||
|
||||
%global nss_nspr_archive nss-%{nss_archive_version}-with-nspr-%{nspr_archive_version}
|
||||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: %{nss_version}
|
||||
Release: %{nss_release}.0.riscv64%{?dist}
|
||||
License: MPL-2.0
|
||||
Release: 2%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Requires: nspr >= %{nspr_version}
|
||||
Requires: nss-util >= %{nss_version}
|
||||
|
|
@ -75,10 +53,9 @@ Requires: nss-util >= %{nss_version}
|
|||
Requires: nss-softokn%{_isa} >= %{nss_version}
|
||||
Requires: nss-system-init
|
||||
Requires: p11-kit-trust
|
||||
Requires: /usr/bin/update-crypto-policies
|
||||
Requires: crypto-policies >= %{crypto_policies_version}
|
||||
Requires: crypto-policies
|
||||
BuildRequires: nspr-devel >= %{nspr_version}
|
||||
# for shlibsign
|
||||
BuildRequires: make
|
||||
BuildRequires: nss-softokn
|
||||
BuildRequires: sqlite-devel
|
||||
BuildRequires: zlib-devel
|
||||
|
|
@ -87,8 +64,9 @@ BuildRequires: gawk
|
|||
BuildRequires: psmisc
|
||||
BuildRequires: perl-interpreter
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: quilt
|
||||
|
||||
Source0: https://ftp.mozilla.org/pub/security/nss/releases/%{nss_release_tag}/src/%{nss_nspr_archive}.tar.gz
|
||||
Source0: https://ftp.mozilla.org/pub/security/nss/releases/%{nss_release_tag}/src/%{name}-%{nss_archive_version}.tar.gz
|
||||
Source1: nss-util.pc.in
|
||||
Source2: nss-util-config.in
|
||||
Source3: nss-softokn.pc.in
|
||||
|
|
@ -97,11 +75,9 @@ Source6: nss-softokn-dracut-module-setup.sh
|
|||
Source7: nss-softokn-dracut.conf
|
||||
Source8: nss.pc.in
|
||||
Source9: nss-config.in
|
||||
%if %{with dbm}
|
||||
Source10: blank-cert8.db
|
||||
Source11: blank-key3.db
|
||||
Source12: blank-secmod.db
|
||||
%endif
|
||||
Source13: blank-cert9.db
|
||||
Source14: blank-key4.db
|
||||
Source15: system-pkcs11.txt
|
||||
|
|
@ -109,17 +85,15 @@ Source16: setup-nsssysinit.sh
|
|||
Source20: nss-config.xml
|
||||
Source21: setup-nsssysinit.xml
|
||||
Source22: pkcs11.txt.xml
|
||||
Source24: cert9.db.xml
|
||||
Source26: key4.db.xml
|
||||
%if %{with dbm}
|
||||
Source23: cert8.db.xml
|
||||
Source24: cert9.db.xml
|
||||
Source25: key3.db.xml
|
||||
Source26: key4.db.xml
|
||||
Source27: secmod.db.xml
|
||||
%endif
|
||||
Source28: nss-p11-kit.config
|
||||
|
||||
Source101: nspr-config.xml
|
||||
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
|
||||
Patch2: nss-539183.patch
|
||||
# This patch uses the GCC -iquote option documented at
|
||||
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
|
||||
# to give the in-tree headers a higher priority over the system headers,
|
||||
|
|
@ -129,15 +103,17 @@ Source101: nspr-config.xml
|
|||
# case when starting an update with API changes or even private export
|
||||
# changes.
|
||||
#
|
||||
# Once the buildroot has been bootstrapped the patch may be removed
|
||||
# Once the buildroot aha been bootstrapped the patch may be removed
|
||||
# but it doesn't hurt to keep it.
|
||||
Patch4: iquote.patch
|
||||
Patch12: nss-signtool-format.patch
|
||||
# fedora disabled dbm by default
|
||||
Patch40: nss-no-dbm-man-page.patch
|
||||
|
||||
Patch100: nspr-config-pc.patch
|
||||
Patch101: nspr-gcc-atomics.patch
|
||||
# https://github.com/FStarLang/kremlin/issues/166
|
||||
Patch13: nss-kremlin-ppc64le.patch
|
||||
%if 0%{?fedora} < 34
|
||||
%if 0%{?rhel} < 9
|
||||
Patch20: nss-gcm-param-default-pkcs11v2.patch
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
|
@ -148,7 +124,7 @@ v3 certificates, and other security standards.
|
|||
|
||||
%package tools
|
||||
Summary: Tools for the Network Security Services
|
||||
Requires: %{name}%{?_isa} = %{nss_version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description tools
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
|
@ -165,7 +141,7 @@ Summary: System NSS Initialization
|
|||
# providing nss-system-init without version so that it can
|
||||
# be replaced by a better one, e.g. supplied by the os vendor
|
||||
Provides: nss-system-init
|
||||
Requires: nss%{?_isa} = %{nss_version}-%{release}
|
||||
Requires: nss%{?_isa} = %{version}-%{release}
|
||||
Requires(post): coreutils, sed
|
||||
|
||||
%description sysinit
|
||||
|
|
@ -176,8 +152,8 @@ any system or user configured modules.
|
|||
|
||||
%package devel
|
||||
Summary: Development libraries for Network Security Services
|
||||
Provides: nss-static = %{nss_version}-%{release}
|
||||
Requires: nss%{?_isa} = %{nss_version}-%{release}
|
||||
Provides: nss-static = %{version}-%{release}
|
||||
Requires: nss%{?_isa} = %{version}-%{release}
|
||||
Requires: nss-util-devel
|
||||
Requires: nss-softokn-devel
|
||||
Requires: nspr-devel >= %{nspr_version}
|
||||
|
|
@ -190,9 +166,9 @@ Header and Library files for doing development with Network Security Services.
|
|||
|
||||
%package pkcs11-devel
|
||||
Summary: Development libraries for PKCS #11 (Cryptoki) using NSS
|
||||
Provides: nss-pkcs11-devel-static = %{nss_version}-%{release}
|
||||
Requires: nss-devel = %{nss_version}-%{release}
|
||||
Requires: nss-softokn-freebl-devel = %{nss_version}-%{release}
|
||||
Provides: nss-pkcs11-devel-static = %{version}-%{release}
|
||||
Requires: nss-devel = %{version}-%{release}
|
||||
Requires: nss-softokn-freebl-devel = %{version}-%{release}
|
||||
|
||||
%description pkcs11-devel
|
||||
Library files for developing PKCS #11 modules using basic NSS
|
||||
|
|
@ -208,7 +184,7 @@ Utilities for Network Security Services and the Softoken module
|
|||
|
||||
%package util-devel
|
||||
Summary: Development libraries for Network Security Services Utilities
|
||||
Requires: nss-util%{?_isa} = %{nss_version}-%{release}
|
||||
Requires: nss-util%{?_isa} = %{version}-%{release}
|
||||
Requires: nspr-devel >= %{nspr_version}
|
||||
Requires: pkgconfig
|
||||
|
||||
|
|
@ -219,8 +195,8 @@ Header and library files for doing development with Network Security Services.
|
|||
%package softokn
|
||||
Summary: Network Security Services Softoken Module
|
||||
Requires: nspr >= %{nspr_version}
|
||||
Requires: nss-util >= %{nss_version}-%{release}
|
||||
Requires: nss-softokn-freebl%{_isa} >= %{nss_version}-%{release}
|
||||
Requires: nss-util >= %{version}-%{release}
|
||||
Requires: nss-softokn-freebl%{_isa} >= %{version}-%{release}
|
||||
|
||||
%description softokn
|
||||
Network Security Services Softoken Cryptographic Module
|
||||
|
|
@ -241,8 +217,8 @@ Install the nss-softokn-freebl package if you need the freebl library.
|
|||
|
||||
%package softokn-freebl-devel
|
||||
Summary: Header and Library files for doing development with the Freebl library for NSS
|
||||
Provides: nss-softokn-freebl-static = %{nss_version}-%{release}
|
||||
Requires: nss-softokn-freebl%{?_isa} = %{nss_version}-%{release}
|
||||
Provides: nss-softokn-freebl-static = %{version}-%{release}
|
||||
Requires: nss-softokn-freebl%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description softokn-freebl-devel
|
||||
NSS Softoken Cryptographic Module Freebl Library Development Tools
|
||||
|
|
@ -253,53 +229,21 @@ Developers should rely only on the officially supported NSS public API.
|
|||
|
||||
%package softokn-devel
|
||||
Summary: Development libraries for Network Security Services
|
||||
Requires: nss-softokn%{?_isa} = %{nss_version}-%{release}
|
||||
Requires: nss-softokn-freebl-devel%{?_isa} = %{nss_version}-%{release}
|
||||
Requires: nss-softokn%{?_isa} = %{version}-%{release}
|
||||
Requires: nss-softokn-freebl-devel%{?_isa} = %{version}-%{release}
|
||||
Requires: nspr-devel >= %{nspr_version}
|
||||
Requires: nss-util-devel >= %{nss_version}-%{release}
|
||||
Requires: nss-util-devel >= %{version}-%{release}
|
||||
Requires: pkgconfig
|
||||
BuildRequires: nspr-devel >= %{nspr_version}
|
||||
|
||||
%description softokn-devel
|
||||
Header and library files for doing development with Network Security Services.
|
||||
|
||||
%package -n nspr
|
||||
Summary: Netscape Portable Runtime
|
||||
Version: %{nspr_version}
|
||||
Release: %{nspr_release}%{?dist}
|
||||
License: MPL-2.0
|
||||
URL: http://www.mozilla.org/projects/nspr/
|
||||
Conflicts: filesystem < 3
|
||||
BuildRequires: gcc
|
||||
|
||||
%description -n nspr
|
||||
NSPR provides platform independence for non-GUI operating system
|
||||
facilities. These facilities include threads, thread synchronization,
|
||||
normal file and network I/O, interval timing and calendar time, basic
|
||||
memory management (malloc and free) and shared library linking.
|
||||
|
||||
%package -n nspr-devel
|
||||
Summary: Development libraries for the Netscape Portable Runtime
|
||||
Version: %{nspr_version}
|
||||
Release: %{nspr_release}%{?dist}
|
||||
Requires: nspr%{?_isa} = %{nspr_version}-%{nspr_release}%{?dist}
|
||||
Requires: pkgconfig
|
||||
BuildRequires: xmlto
|
||||
Conflicts: filesystem < 3
|
||||
|
||||
%description -n nspr-devel
|
||||
Header files for doing development with the Netscape Portable Runtime.
|
||||
|
||||
%prep
|
||||
%setup -q -T -b 0 -n %{name}-%{nss_archive_version}
|
||||
cp ./nspr/config/nspr-config.in ./nspr/config/nspr-config-pc.in
|
||||
|
||||
%patch 100 -p0 -b .flags
|
||||
pushd nspr
|
||||
%patch 101 -p1 -b .gcc-atomics
|
||||
popd
|
||||
|
||||
%autosetup -N -S quilt -n %{name}-%{nss_archive_version}
|
||||
pushd nss
|
||||
%autopatch -p1 -M 99
|
||||
%autopatch -p1
|
||||
popd
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1247353
|
||||
|
|
@ -307,58 +251,14 @@ find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
|
|||
|
||||
|
||||
%build
|
||||
# Build, check, and install NSPR for building NSS in the later phase
|
||||
#
|
||||
# TODO: This phase can be done by the NSS build process if we switch
|
||||
# to using "make nss_build_all". For now, however, we need some
|
||||
# adjustment in the NSS build process.
|
||||
mkdir -p nspr_build
|
||||
pushd nspr_build
|
||||
../nspr/configure \
|
||||
--prefix=%{_prefix} \
|
||||
--libdir=%{_libdir} \
|
||||
--includedir=%{_includedir}/nspr4 \
|
||||
--with-dist-prefix=$PWD/../dist \
|
||||
%ifnarch noarch
|
||||
%if 0%{__isa_bits} == 64
|
||||
--enable-64bit \
|
||||
%endif
|
||||
%endif
|
||||
%ifarch armv7l armv7hl armv7nhl
|
||||
--enable-thumb2 \
|
||||
%endif
|
||||
--enable-optimize="$RPM_OPT_FLAGS" \
|
||||
--disable-debug
|
||||
|
||||
# The assembly files are only for legacy atomics, to which we prefer GCC atomics
|
||||
%ifarch i686 x86_64
|
||||
sed -i '/^PR_MD_ASFILES/d' config/autoconf.mk
|
||||
%endif
|
||||
make
|
||||
|
||||
date +"%e %B %Y" | tr -d '\n' > date.xml
|
||||
echo -n %{nspr_version} > version.xml
|
||||
|
||||
for m in %{SOURCE101}; do
|
||||
cp ${m} .
|
||||
done
|
||||
for m in nspr-config.xml; do
|
||||
xmlto man ${m}
|
||||
done
|
||||
popd
|
||||
|
||||
# Build NSS
|
||||
#
|
||||
# This package fails its testsuite with LTO. Disable LTO for now
|
||||
#%global _lto_cflags %{nil}
|
||||
|
||||
#export FREEBL_NO_DEPEND=1
|
||||
export FREEBL_NO_DEPEND=1
|
||||
|
||||
# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets
|
||||
# copied to dist and the rpm install phase can find it
|
||||
# This due of the upstream changes to fix
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=717906
|
||||
# export FREEBL_LOWHASH=1
|
||||
export FREEBL_LOWHASH=1
|
||||
|
||||
# uncomment if the iquote patch is activated
|
||||
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
||||
|
|
@ -381,9 +281,6 @@ export XCFLAGS=$RPM_OPT_FLAGS
|
|||
export XCFLAGS="$XCFLAGS -Wno-error=maybe-uninitialized"
|
||||
%endif
|
||||
|
||||
# Similarly, but for gcc-11
|
||||
export XCFLAGS="$XCFLAGS -Wno-array-parameter"
|
||||
|
||||
export LDFLAGS=$RPM_LD_FLAGS
|
||||
|
||||
export DSO_LDOPTS=$RPM_LD_FLAGS
|
||||
|
|
@ -391,15 +288,13 @@ export DSO_LDOPTS=$RPM_LD_FLAGS
|
|||
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
|
||||
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
|
||||
|
||||
export NSPR_INCLUDE_DIR=$PWD/dist/include/nspr
|
||||
export NSPR_LIB_DIR=$PWD/dist/lib
|
||||
export NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
|
||||
export NSPR_LIB_DIR=%{_libdir}
|
||||
|
||||
export NSS_USE_SYSTEM_SQLITE=1
|
||||
|
||||
export NSS_ALLOW_SSLKEYLOGFILE=1
|
||||
|
||||
export NSS_SEED_ONLY_DEV_URANDOM=1
|
||||
|
||||
%if %{with dbm}
|
||||
%else
|
||||
export NSS_DISABLE_DBM=1
|
||||
|
|
@ -411,15 +306,16 @@ export USE_64=1
|
|||
%endif
|
||||
%endif
|
||||
|
||||
%{__make} -C ./nss/coreconf
|
||||
%{__make} -C ./nss/lib/dbm
|
||||
|
||||
# Set the policy file location
|
||||
# if set NSS will always check for the policy file and load if it exists
|
||||
export POLICY_FILE="nss.config"
|
||||
# location of the policy file
|
||||
export POLICY_PATH="/etc/crypto-policies/back-ends"
|
||||
|
||||
|
||||
%{__make} -C ./nss all
|
||||
%{__make} -C ./nss latest
|
||||
%{__make} -C ./nss
|
||||
|
||||
# build the man pages clean
|
||||
pushd ./nss
|
||||
|
|
@ -438,7 +334,7 @@ cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
|
|||
-e "s,%%exec_prefix%%,%{_prefix},g" \
|
||||
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
|
||||
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
|
||||
-e "s,%%NSSUTIL_VERSION%%,%{nss_version},g" > \
|
||||
-e "s,%%NSSUTIL_VERSION%%,%{version},g" > \
|
||||
./dist/pkgconfig/nss-util.pc
|
||||
|
||||
NSSUTIL_VMAJOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'`
|
||||
|
|
@ -462,7 +358,7 @@ cat %{SOURCE3} | sed -e "s,%%libdir%%,%{_libdir},g" \
|
|||
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
|
||||
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
|
||||
-e "s,%%NSSUTIL_VERSION%%,%{nss_version},g" \
|
||||
-e "s,%%SOFTOKEN_VERSION%%,%{nss_version},g" > \
|
||||
-e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
|
||||
./dist/pkgconfig/nss-softokn.pc
|
||||
|
||||
SOFTOKEN_VMAJOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'`
|
||||
|
|
@ -484,7 +380,7 @@ cat %{SOURCE8} | sed -e "s,%%libdir%%,%{_libdir},g" \
|
|||
-e "s,%%prefix%%,%{_prefix},g" \
|
||||
-e "s,%%exec_prefix%%,%{_prefix},g" \
|
||||
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
|
||||
-e "s,%%NSS_VERSION%%,%{nss_version},g" \
|
||||
-e "s,%%NSS_VERSION%%,%{version},g" \
|
||||
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
|
||||
-e "s,%%NSSUTIL_VERSION%%,%{nss_version},g" \
|
||||
-e "s,%%SOFTOKEN_VERSION%%,%{nss_version},g" > \
|
||||
|
|
@ -511,47 +407,32 @@ chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh
|
|||
cp ./nss/lib/ckfw/nssck.api ./dist/private/nss/
|
||||
|
||||
date +"%e %B %Y" | tr -d '\n' > date.xml
|
||||
echo -n %{nss_version} > version.xml
|
||||
echo -n %{version} > version.xml
|
||||
|
||||
# configuration files and setup script
|
||||
%if %{with dbm}
|
||||
%global XMLSOURCES %{SOURCE23} %{SOURCE24} %{SOURCE25} %{SOURCE26} %{SOURCE27}
|
||||
%global dbfiles cert8.db key3.db secmod.db cert9.db key4.db pkcs11.txt
|
||||
%else
|
||||
%global XMLSOURCES %{SOURCE22} %{SOURCE24} %{SOURCE26}
|
||||
%global dbfiles cert9.db key4.db pkcs11.txt
|
||||
%endif
|
||||
for m in %{SOURCE20} %{SOURCE21} %{XMLSOURCES}; do
|
||||
for m in %{SOURCE20} %{SOURCE21} %{SOURCE22}; do
|
||||
cp ${m} .
|
||||
done
|
||||
%global configFiles nss-config setup-nsssysinit
|
||||
for m in %{configFiles} %{dbfiles}; do
|
||||
xmlto man ${m}.xml
|
||||
for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml; do
|
||||
xmlto man ${m}
|
||||
done
|
||||
|
||||
# nss databases considered to be configuration files
|
||||
for m in %{SOURCE23} %{SOURCE24} %{SOURCE25} %{SOURCE26} %{SOURCE27}; do
|
||||
cp ${m} .
|
||||
done
|
||||
for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml; do
|
||||
xmlto man ${m}
|
||||
done
|
||||
|
||||
|
||||
%check
|
||||
%if %{with tests}
|
||||
pushd nspr_build
|
||||
# Run test suite.
|
||||
perl ../nspr/pr/tests/runtests.pl 2>&1 | tee output.log
|
||||
|
||||
TEST_FAILURES=`grep -c FAILED ./output.log` || :
|
||||
if [ $TEST_FAILURES -ne 0 ]; then
|
||||
echo "error: test suite returned failure(s)"
|
||||
exit 1
|
||||
fi
|
||||
echo "test suite completed"
|
||||
popd
|
||||
%endif
|
||||
|
||||
%if %{with tests}
|
||||
# Begin -- copied from the build section
|
||||
|
||||
export FREEBL_NO_DEPEND=1
|
||||
|
||||
export BUILD_OPT=1
|
||||
export NSS_DISABLE_PPC_GHASH=1
|
||||
|
||||
%ifnarch noarch
|
||||
%if 0%{__isa_bits} == 64
|
||||
|
|
@ -561,15 +442,6 @@ export USE_64=1
|
|||
|
||||
# End -- copied from the build section
|
||||
|
||||
# copy the nspr libraries into the NSS object directory so we use the
|
||||
# newly compiled nspr binaries in our test rather than the build root
|
||||
# versions
|
||||
export LOBJDIR=`make -s -C ./nss/tests/common objdir_name`
|
||||
for i in ./dist/lib/*.so
|
||||
do
|
||||
cp $i ./dist/${LOBJDIR}/lib
|
||||
done
|
||||
|
||||
# This is necessary because the test suite tests algorithms that are
|
||||
# disabled by the system policy.
|
||||
export NSS_IGNORE_SYSTEM_POLICY=1
|
||||
|
|
@ -593,9 +465,9 @@ if [ $SPACEISBAD -ne 0 ]; then
|
|||
echo "error: filenames containing space are not supported (xargs)"
|
||||
exit 1
|
||||
fi
|
||||
export MYRAND=`perl -e 'print 9000 + int rand 1000'`; echo $MYRAND
|
||||
export RANDSERV=selfserv_${MYRAND}; echo $RANDSERV
|
||||
export DISTBINDIR=./dist/${LOBJDIR}/bin
|
||||
MYRAND=`perl -e 'print 9000 + int rand 1000'`; echo $MYRAND ||:
|
||||
RANDSERV=selfserv_${MYRAND}; echo $RANDSERV ||:
|
||||
DISTBINDIR=`ls -d ./dist/*.OBJ/bin`; echo $DISTBINDIR ||:
|
||||
pushd "$DISTBINDIR"
|
||||
ln -s selfserv $RANDSERV
|
||||
popd
|
||||
|
|
@ -633,46 +505,6 @@ killall $RANDSERV || :
|
|||
|
||||
%install
|
||||
|
||||
pushd nspr_build
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
|
||||
|
||||
# Get rid of the things we don't want installed (per upstream)
|
||||
rm -rf \
|
||||
$RPM_BUILD_ROOT/%{_bindir}/compile-et.pl \
|
||||
$RPM_BUILD_ROOT/%{_bindir}/prerr.properties \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/libnspr4.a \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/libplc4.a \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/libplds4.a \
|
||||
$RPM_BUILD_ROOT/%{_datadir}/aclocal/nspr.m4 \
|
||||
$RPM_BUILD_ROOT/%{_includedir}/nspr4/md
|
||||
|
||||
for f in nspr-config; do
|
||||
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
||||
done
|
||||
popd
|
||||
|
||||
# Begin -- copied from the build section
|
||||
# this is needed to make sure LOBJDIR is correct
|
||||
|
||||
export FREEBL_NO_DEPEND=1
|
||||
|
||||
export BUILD_OPT=1
|
||||
export NSS_DISABLE_PPC_GHASH=1
|
||||
|
||||
%ifnarch noarch
|
||||
%if 0%{__isa_bits} == 64
|
||||
export USE_64=1
|
||||
%endif
|
||||
%endif
|
||||
|
||||
# End -- copied from the build section
|
||||
|
||||
# get the objdir value from the test make file
|
||||
export LOBJDIR=`make -s -C ./nss/tests/common objdir_name`
|
||||
|
||||
# There is no make install target so we'll do it ourselves.
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_includedir}/nss3
|
||||
|
|
@ -701,17 +533,15 @@ mkdir -p $RPM_BUILD_ROOT%{_mandir}/man5
|
|||
# Copy the binary libraries we want
|
||||
for file in libnssutil3.so libsoftokn3.so %{?with_dbm:libnssdbm3.so} libfreebl3.so libfreeblpriv3.so libnss3.so libnsssysinit.so libsmime3.so libssl3.so
|
||||
do
|
||||
install -p -m 755 dist/${LOBJDIR}/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
||||
install -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
||||
done
|
||||
|
||||
# Install the empty NSS db files
|
||||
# Legacy db
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb
|
||||
%if %{with dbm}
|
||||
install -p -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
|
||||
install -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
|
||||
install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
|
||||
%endif
|
||||
# Shared db
|
||||
install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
|
||||
install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
|
||||
|
|
@ -720,19 +550,19 @@ install -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.tx
|
|||
# Copy the development libraries we want
|
||||
for file in libcrmf.a libnssb.a libnssckfw.a
|
||||
do
|
||||
install -p -m 644 dist/${LOBJDIR}/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
||||
install -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
||||
done
|
||||
|
||||
# Copy the binaries we want
|
||||
for file in certutil cmsutil crlutil modutil nss-policy-check pk12util signver ssltap
|
||||
do
|
||||
install -p -m 755 dist/${LOBJDIR}/bin/$file $RPM_BUILD_ROOT/%{_bindir}
|
||||
install -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
|
||||
done
|
||||
|
||||
# Copy the binaries we ship as unsupported
|
||||
for file in bltest dbtool ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain
|
||||
for file in bltest ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain
|
||||
do
|
||||
install -p -m 755 dist/${LOBJDIR}/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
||||
install -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
||||
done
|
||||
|
||||
# Copy the include files we want
|
||||
|
|
@ -750,7 +580,7 @@ done
|
|||
# Copy the static freebl library
|
||||
for file in libfreebl.a
|
||||
do
|
||||
install -p -m 644 dist/${LOBJDIR}/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
||||
install -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
||||
done
|
||||
|
||||
# Copy the template files we want
|
||||
|
|
@ -773,7 +603,7 @@ install -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir
|
|||
ln -r -s -f $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit
|
||||
|
||||
# Copy the man pages for scripts
|
||||
for f in %{configFiles}; do
|
||||
for f in nss-config setup-nsssysinit; do
|
||||
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
||||
done
|
||||
# Copy the man pages for the nss tools
|
||||
|
|
@ -786,8 +616,12 @@ install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_mandir}/man1/pp.1
|
|||
install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_datadir}/doc/nss-tools/pp.1
|
||||
%endif
|
||||
|
||||
# Copy the man pages for the configuration files
|
||||
for f in pkcs11.txt; do
|
||||
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
|
||||
done
|
||||
# Copy the man pages for the nss databases
|
||||
for f in %{dbfiles}; do
|
||||
for f in cert8.db cert9.db key3.db key4.db secmod.db; do
|
||||
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
|
||||
done
|
||||
|
||||
|
|
@ -800,20 +634,9 @@ install -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/loc
|
|||
/usr/bin/setup-nsssysinit.sh on
|
||||
|
||||
%post
|
||||
%if %{with dbm}
|
||||
%else
|
||||
# Upon upgrade, ensure that the existing database locations are migrated to SQL
|
||||
# database.
|
||||
if test $1 -eq 2; then
|
||||
for dbdir in %{_sysconfdir}/pki/nssdb; do
|
||||
if test ! -e ${dbdir}/pkcs11.txt; then
|
||||
/usr/bin/certutil --merge -d ${dbdir} --source-dir ${dbdir}
|
||||
fi
|
||||
done
|
||||
fi
|
||||
%endif
|
||||
update-crypto-policies &> /dev/null || :
|
||||
|
||||
%posttrans
|
||||
%postun
|
||||
update-crypto-policies &> /dev/null || :
|
||||
|
||||
|
||||
|
|
@ -824,20 +647,16 @@ update-crypto-policies &> /dev/null || :
|
|||
%{_libdir}/libssl3.so
|
||||
%{_libdir}/libsmime3.so
|
||||
%dir %{_sysconfdir}/pki/nssdb
|
||||
%if %{with dbm}
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert8.db
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key3.db
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/secmod.db
|
||||
%endif
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/crypto-policies/local.d/nss-p11-kit.config
|
||||
%if %{with dbm}
|
||||
%doc %{_mandir}/man5/cert8.db.5*
|
||||
%doc %{_mandir}/man5/key3.db.5*
|
||||
%doc %{_mandir}/man5/secmod.db.5*
|
||||
%endif
|
||||
%doc %{_mandir}/man5/cert9.db.5*
|
||||
%doc %{_mandir}/man5/key4.db.5*
|
||||
%doc %{_mandir}/man5/pkcs11.txt.5*
|
||||
|
|
@ -927,7 +746,6 @@ update-crypto-policies &> /dev/null || :
|
|||
%{_includedir}/nss3/p12plcy.h
|
||||
%{_includedir}/nss3/p12t.h
|
||||
%{_includedir}/nss3/pk11func.h
|
||||
%{_includedir}/nss3/pk11hpke.h
|
||||
%{_includedir}/nss3/pk11pqg.h
|
||||
%{_includedir}/nss3/pk11priv.h
|
||||
%{_includedir}/nss3/pk11pub.h
|
||||
|
|
@ -1027,7 +845,6 @@ update-crypto-policies &> /dev/null || :
|
|||
%dir %{saved_files_dir}
|
||||
%dir %{unsupported_tools_directory}
|
||||
%{unsupported_tools_directory}/bltest
|
||||
%{unsupported_tools_directory}/dbtool
|
||||
%{unsupported_tools_directory}/ecperf
|
||||
%{unsupported_tools_directory}/fbectest
|
||||
%{unsupported_tools_directory}/fipstest
|
||||
|
|
@ -1073,232 +890,8 @@ update-crypto-policies &> /dev/null || :
|
|||
%{_includedir}/nss3/nsslowhash.h
|
||||
%{_includedir}/nss3/shsign.h
|
||||
|
||||
%files -n nspr
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license nspr/LICENSE
|
||||
%{_libdir}/libnspr4.so
|
||||
%{_libdir}/libplc4.so
|
||||
%{_libdir}/libplds4.so
|
||||
|
||||
%files -n nspr-devel
|
||||
%{_includedir}/nspr4
|
||||
%{_libdir}/pkgconfig/nspr.pc
|
||||
%{_bindir}/nspr-config
|
||||
%doc %{_mandir}/man1/nspr-config.*
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Dec 14 2023 David Abdurachmanov <davidlt@rivosinc.com> - 3.95.0-1.0.riscv64
|
||||
- Disable tests on riscv64 for now
|
||||
|
||||
* Mon Nov 27 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.95.0-1
|
||||
- Update NSS to 3.95.0
|
||||
|
||||
* Wed Oct 25 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.94.0-2
|
||||
- revert HACL 256 code to fix binary compatibility issue.
|
||||
|
||||
* Wed Oct 4 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.94.0-1
|
||||
- Update NSS to 3.94.0
|
||||
|
||||
* Thu Sep 07 2023 Bob Relyea <rrelyea@redhat.com> - 3.93.0-2
|
||||
- Update License field to SPDX.
|
||||
|
||||
* Thu Aug 31 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.93.0-1
|
||||
- Update NSS to 3.93.0
|
||||
|
||||
* Tue Aug 1 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.92.0-1
|
||||
- Update NSS to 3.92.0
|
||||
|
||||
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.91.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
|
||||
* Tue Jul 4 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.91.0-1
|
||||
- Update NSS to 3.91.0
|
||||
|
||||
* Tue Jun 6 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-1
|
||||
- Add patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1836781 &
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=1836925
|
||||
|
||||
* Mon Jun 5 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-1
|
||||
- Update %patch syntax
|
||||
|
||||
* Mon Jun 5 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-1
|
||||
- Update NSS to 3.90.0
|
||||
|
||||
* Fri May 5 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.89.0-1
|
||||
- combine nss and nspr source togeather
|
||||
|
||||
* Fri May 5 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.89.0-1
|
||||
- replace %{version} with %{nss_version} as it version can be overiden.
|
||||
|
||||
* Fri Mar 10 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.89.0-1
|
||||
- Update NSS to 3.89.0
|
||||
|
||||
* Fri Feb 10 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.88.1-1
|
||||
- Update NSS to 3.88.1
|
||||
|
||||
* Tue Jan 24 2023 Bob Relyea - 3.87.0-2
|
||||
- Fix rebuild errors
|
||||
|
||||
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.87.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Tue Jan 10 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.87.0-1
|
||||
- Update NSS to 3.87 & remove unused patches
|
||||
|
||||
* Thu Nov 17 2022 Bob Relyea <rrelyea@redhat.com> - 3.85.0-1
|
||||
- update to NSS 3.83
|
||||
|
||||
* Fri Sep 9 2022 Bob Relyea <rrelyea@redhat.com> - 3.83.0-1
|
||||
- update to NSS 3.83
|
||||
- update to NSPR 4.35
|
||||
|
||||
* Fri Sep 9 2022 Bob Relyea <rrelyea@redhat.com> - 3.81.0-2
|
||||
- add dbtool
|
||||
|
||||
* Thu Jul 21 2022 Bob Relyea <rrelyea@redhat.com> - 3.81.0-1
|
||||
- udpate to NSS 3.81
|
||||
|
||||
* Thu Jun 16 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-2
|
||||
- Fix crash when getting client cert and there is none in the database.
|
||||
|
||||
* Tue May 31 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-1
|
||||
- Update to NSS 3.79
|
||||
- Update to NSPR 4.34
|
||||
|
||||
* Mon Apr 4 2022 Bob Relyea <rrelyea@redhat.com> - 3.77.0-1
|
||||
- Update to 3.77
|
||||
|
||||
* Fri Feb 4 2022 Bob Relyea <rrelyea@redhat.com> - 3.75.0-1
|
||||
- Update to 3.75
|
||||
- fix PayPal expiration issue
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.73.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Wed Dec 1 2021 Bob Relyea <rrelyea@redhat.com> - 3.73.0-1
|
||||
- Update to 3.73
|
||||
- includes CVE 2021-43527
|
||||
|
||||
* Mon Oct 4 2021 Bob Relyea <rrelyea@redhat.com> - 3.71.0-1
|
||||
- Update to 3.71
|
||||
|
||||
* Tue Aug 10 2021 Bob Relyea <rrelyea@redhat.com> - 3.69.0-2
|
||||
- turn on lto
|
||||
|
||||
* Tue Aug 10 2021 Bob Relyea <rrelyea@redhat.com> - 3.69.0-1
|
||||
- Update to 3.69
|
||||
- Update to NSPR 4.31
|
||||
|
||||
* Tue Jul 27 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-4
|
||||
- switch to baserelease so rpmdev-bumpspec will work next time
|
||||
|
||||
* Tue Jul 27 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-3
|
||||
- rpmdev-bumpspec doesn't work correctly with nss/nspr. Fixup version numbers
|
||||
|
||||
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.67.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Tue Mar 23 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-1
|
||||
- Update to 3.67
|
||||
- Update to NSPR 2.31
|
||||
|
||||
* Tue Mar 23 2021 Bob Relyea <rrelyea@redhat.com> - 3.65.0-1
|
||||
- Update to 3.65
|
||||
- update nss-tools manages to remove references to dbm
|
||||
|
||||
* Tue Mar 23 2021 Bob Relyea <rrelyea@redhat.com> - 3.63.0-1
|
||||
- Update to 3.63
|
||||
- Update to NSPR 2.30
|
||||
- Remove old dbm files and man pages
|
||||
|
||||
* Tue Feb 23 2021 Bob Relyea <rrelyea@redhat.com> - 3.62.0-1
|
||||
- Update to 3.62
|
||||
|
||||
* Mon Feb 01 2021 Kalev Lember <klember@redhat.com> - 3.60.1-5
|
||||
- Rebuild to fix broken nspr dependencies
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.60.1-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Fri Jan 22 2021 Bob Relyea <rrelyea@redhat.com> - 3.60.1-2
|
||||
- Update nspr release number
|
||||
|
||||
* Fri Jan 22 2021 Bob Relyea <rrelyea@redhat.com> - 3.60.1-2
|
||||
- Update requires so that we get the correct crypto policies
|
||||
(or all RSA and ECDSA signatures wil fail)
|
||||
|
||||
* Thu Jan 21 2021 Bob Relyea <rrelyea@redhat.com> - 3.60.1-1
|
||||
- Update to NSS 3.60.1
|
||||
- Drop NODEPEND_FREEBL and LOWHASH
|
||||
|
||||
* Fri Dec 11 2020 Bob Relyea <rrelyea@redhat.com> - 3.59.0-2
|
||||
- Work around btrfs/sqlite bug
|
||||
- Disable new policy entries until crypto-polices has been updated
|
||||
|
||||
* Thu Dec 10 2020 Daiki Ueno <dueno@redhat.com> - 3.59.0-1
|
||||
- Update to NSS 3.59
|
||||
- Remove unused quilt BR
|
||||
|
||||
* Sat Nov 7 2020 Daiki Ueno <dueno@redhat.com> - 3.58.0-8
|
||||
- Replace %%{version} references in %%build with %%{nss_version}, suggested by Dmitry Butskoy in bz#1895447
|
||||
|
||||
* Fri Oct 30 2020 Daiki Ueno <dueno@redhat.com> - 3.58.0-7
|
||||
- Use the lockstep release numbering for both nspr and nss
|
||||
|
||||
* Thu Oct 29 2020 Jeff Law <law@redhat.com> - 3.58.0-6
|
||||
- Disable -Warray-parameter warning for gcc-11
|
||||
|
||||
* Tue Oct 27 2020 Daiki Ueno <dueno@redhat.com> - 3.58.0-5
|
||||
- Consolidate NSPR package with this package
|
||||
|
||||
* Mon Oct 26 2020 Bob Relyea <rrelyea@redhat.com> - 3.58.0-4
|
||||
- fix pkix ocsp to tolerate OCSP checking on intermediates
|
||||
when the root is signed by sha1 and sha1 is disabled by
|
||||
policy
|
||||
|
||||
* Mon Oct 26 2020 Daiki Ueno <dueno@redhat.com> - 3.58.0-3
|
||||
- Revert the last change, always tolerate the first CCS in TLS 1.3
|
||||
|
||||
* Thu Oct 22 2020 Daiki Ueno <dueno@redhat.com> - 3.58.0-2
|
||||
- Enable TLS 1.3 middlebox compatibility mode by default
|
||||
|
||||
* Tue Oct 20 2020 Daiki Ueno <dueno@redhat.com> - 3.58.0-1
|
||||
- Update to NSS 3.58
|
||||
|
||||
* Sat Sep 19 2020 Daiki Ueno <dueno@redhat.com> - 3.57.0-1
|
||||
- Update to NSS 3.57
|
||||
|
||||
* Mon Aug 24 2020 Daiki Ueno <dueno@redhat.com> - 3.56.0-1
|
||||
- Update to NSS 3.56
|
||||
|
||||
* Thu Aug 13 2020 Daiki Ueno <dueno@redhat.com> - 3.55.0-3
|
||||
- Fix DBM backend disablement
|
||||
- Add scriptlet to auto-migrated known database locations
|
||||
|
||||
* Sat Aug 8 2020 Daiki Ueno <dueno@redhat.com> - 3.55.0-2
|
||||
- Disable LTO
|
||||
|
||||
* Sun Aug 2 2020 Daiki Ueno <dueno@redhat.com> - 3.55.0-1
|
||||
- Update to NSS 3.55
|
||||
- Disable building DBM backend
|
||||
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.54.0-3
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.54.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Wed Jul 15 2020 Daiki Ueno <dueno@redhat.com> - 3.54.0-1
|
||||
- Update to NSS 3.54
|
||||
|
||||
* Thu Jun 4 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.0-2
|
||||
- Fix non-strict prototype in pk11pub.h
|
||||
|
||||
* Mon Jun 1 2020 Daiki Ueno <dueno@redhat.com> - 3.53.0-1
|
||||
- Update to NSS 3.53
|
||||
|
||||
* Wed May 13 2020 Bob Relyea <rrelyea@redhat.com> - 3.52.0-2
|
||||
- Delay CK_GCM_PARAMS semantics until fedora 34
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
summary: Upstreamed interop-2way tests
|
||||
contact: Stanislav Zidek <szidek@redhat.com>
|
||||
discover:
|
||||
# upstreamed tests (public)
|
||||
- name: interop-gnutls-2way
|
||||
how: fmf
|
||||
url: https://gitlab.com/redhat-crypto/tests/interop.git
|
||||
filter: 'tag: interop-nss & tag: interop-gnutls & tag: interop-2way'
|
||||
execute:
|
||||
how: tmt
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
summary: Upstreamed interop-2way tests
|
||||
contact: Stanislav Zidek <szidek@redhat.com>
|
||||
discover:
|
||||
# upstreamed tests (public)
|
||||
- name: interop-openssl-2way
|
||||
how: fmf
|
||||
url: https://gitlab.com/redhat-crypto/tests/interop.git
|
||||
filter: 'tag: interop-nss & tag: interop-openssl & tag: interop-2way'
|
||||
execute:
|
||||
how: tmt
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
summary: Upstreamed interop-nss-openssl renegotiation test
|
||||
contact: Stanislav Zidek <szidek@redhat.com>
|
||||
discover:
|
||||
# upstreamed tests (public)
|
||||
- name: interop-openssl-reneg
|
||||
how: fmf
|
||||
url: https://gitlab.com/redhat-crypto/tests/interop.git
|
||||
filter: 'tag: interop-nss & tag: interop-openssl & tag: interop-reneg'
|
||||
execute:
|
||||
how: tmt
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
summary: Upstreamed interop tests - short tests which do not need to run in parallel
|
||||
contact: Stanislav Zidek <szidek@redhat.com>
|
||||
discover:
|
||||
# upstreamed tests (public)
|
||||
- name: interop-other+nss-fast
|
||||
how: fmf
|
||||
url: https://gitlab.com/redhat-crypto/tests/interop.git
|
||||
filter: 'tag: interop-nss & tag: -interop-slow'
|
||||
execute:
|
||||
how: tmt
|
||||
5
sources
5
sources
|
|
@ -1,3 +1,6 @@
|
|||
SHA512 (blank-cert8.db) = ac131d15708c5f1b5e467831f919f4fc4ba13b60a4bb5fe260c845fa9afcd899a588d21ed52060abaa1bbb29f2b53af8b495d28407183cb03aff1974f95f1d3d
|
||||
SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
|
||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||
SHA512 (nss-3.95-with-nspr-4.35.tar.gz) = 8394a0381db5b5d7f975f5057e0578909901244616ccaca694c1932fd9428e651a52bbf3f30e4d993e692538a603a57df1eae5e9badda3a1291d35836ab02ecd
|
||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||
SHA512 (nss-3.52.tar.gz) = a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6
|
||||
|
|
|
|||
|
|
@ -0,0 +1,64 @@
|
|||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when
|
||||
# Description: NSS tools should not use SHA1 by default when
|
||||
# Author: Hubert Kario <hkario@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2016 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Hubert Kario <hkario@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: NSS tools should not use SHA1 by default when" >> $(METADATA)
|
||||
@echo "Type: Regression" >> $(METADATA)
|
||||
@echo "TestTime: 10m" >> $(METADATA)
|
||||
@echo "RunFor: nss openssl" >> $(METADATA)
|
||||
@echo "Requires: nss nss-tools openssl" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
PURPOSE of NSS-tools-should-not-use-SHA1-by-default-when
|
||||
Description: NSS tools should not use SHA1 by default when
|
||||
Author: Hubert Kario <hkario@redhat.com>
|
||||
Summary: NSS tools should not use SHA1 by default when generating digital signatures/certificates
|
||||
|
|
@ -0,0 +1,125 @@
|
|||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of NSS-tools-should-not-use-SHA1-by-default-when
|
||||
# Description: NSS tools should not use SHA1 by default when
|
||||
# Author: Hubert Kario <hkario@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2016 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="nss"
|
||||
PACKAGES="nss openssl"
|
||||
DBDIR="nssdb"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm --all
|
||||
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||
rlRun "pushd $TmpDir"
|
||||
rlRun "mkdir nssdb"
|
||||
rlRun "certutil -N -d $DBDIR --empty-password"
|
||||
rlLogInfo "Create a JAR file"
|
||||
rlRun "mkdir java-dir"
|
||||
rlRun "pushd java-dir"
|
||||
rlRun "mkdir META-INF mypackage"
|
||||
rlRun "echo 'Main-Class: mypackage/MyMainFile' > META-INF/MANIFEST.MF"
|
||||
rlRun "echo 'Those are not the droids you are looking for' > mypackage/MyMainFile.class"
|
||||
#rlRun "jar -cfe package.jar mypackage/MyMainFile mypackage/MyMainFile.class"
|
||||
rlRun "popd"
|
||||
#rlRun "mv java-dir/package.jar ."
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Self signing certificates"
|
||||
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
|
||||
rlRun "certutil -d $DBDIR -S -n 'CA' -t 'cTC,cTC,cTC' -s 'CN=CA' -x -z noise"
|
||||
rlRun -s "certutil -d $DBDIR -L -n 'CA' -a | openssl x509 -noout -text"
|
||||
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
|
||||
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Signing certificates"
|
||||
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
|
||||
rlRun "certutil -d $DBDIR -S -n 'server' -t 'u,u,u' -s 'CN=server.example.com' -c 'CA' -z noise --nsCertType sslClient,sslServer,objectSigning,smime"
|
||||
rlRun -s "certutil -d $DBDIR -L -n 'server' -a | openssl x509 -noout -text"
|
||||
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
|
||||
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Certificate request"
|
||||
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
|
||||
rlRun "mkdir srv2db"
|
||||
rlRun "certutil -d srv2db -N --empty-password"
|
||||
rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise"
|
||||
rlRun -s "openssl req -noout -text -in srv2.req"
|
||||
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
|
||||
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
|
||||
rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt"
|
||||
rlRun -s "openssl x509 -in srv2.crt -noout -text"
|
||||
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
|
||||
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
|
||||
rlRun "rm -rf srv2db"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Certificate request with SHA1"
|
||||
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
|
||||
rlRun "mkdir srv2db"
|
||||
rlRun "certutil -d srv2db -N --empty-password"
|
||||
rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise -Z SHA1"
|
||||
rlRun -s "openssl req -noout -text -in srv2.req"
|
||||
rlAssertGrep "Signature Algorithm: sha1WithRSAEncryption" "$rlRun_LOG"
|
||||
rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt"
|
||||
rlRun -s "openssl x509 -in srv2.crt -noout -text"
|
||||
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
|
||||
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
|
||||
rlRun "rm -rf srv2db"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Signing CMS messages"
|
||||
rlRun "echo 'This is a document' > document.txt"
|
||||
rlRun "cmsutil -S -d $DBDIR -N 'server' -i document.txt -o document.cms"
|
||||
rlRun -s "openssl cms -in document.cms -inform der -noout -cmsout -print"
|
||||
rlAssertGrep "algorithm: sha256" $rlRun_LOG
|
||||
rlAssertNotGrep "algorithm: sha1" $rlRun_LOG
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "CRL signing"
|
||||
rlRun "echo $(date --utc +update=%Y%m%d%H%M%SZ) > script"
|
||||
rlRun "echo $(date -d 'next week' --utc +nextupdate=%Y%m%d%H%M%SZ) >> script"
|
||||
rlRun "echo addext crlNumber 0 1245 >>script"
|
||||
rlRun "echo addcert 12 $(date -d 'yesterday' --utc +%Y%m%d%H%M%SZ) >>script"
|
||||
rlRun "echo addext reasonCode 0 0 >>script"
|
||||
rlRun "cat script"
|
||||
rlRun "crlutil -G -c script -d $DBDIR -n CA -o ca.crl"
|
||||
rlRun -s "openssl crl -in ca.crl -inform der -noout -text"
|
||||
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" $rlRun_LOG
|
||||
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "popd"
|
||||
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
# This first play always runs on the local staging system
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
tests:
|
||||
- NSS-tools-should-not-use-SHA1-by-default-when
|
||||
required_packages:
|
||||
- nss-tools
|
||||
- nss
|
||||
Loading…
Reference in New Issue