Compare commits
26 Commits
Author | SHA1 | Date |
---|---|---|
Daiki Ueno | 806074eb1e | |
Daiki Ueno | 4cda06bd35 | |
Daiki Ueno | 372993eecd | |
Daiki Ueno | 1c3e54f040 | |
Daiki Ueno | 23188348b0 | |
Daiki Ueno | ce003712e7 | |
Daiki Ueno | 093224836c | |
Daiki Ueno | b4484f6e07 | |
Daiki Ueno | 1841d0a8ed | |
Daiki Ueno | f8810c6bee | |
Daiki Ueno | 8e6f0e50f7 | |
Daiki Ueno | c95b57308e | |
Daiki Ueno | 60e30578fd | |
Daiki Ueno | 28eafb607a | |
Daiki Ueno | 558fa42039 | |
Daiki Ueno | 1f164283dd | |
Daiki Ueno | 0a864f5b54 | |
Daiki Ueno | ba0cd14759 | |
Daiki Ueno | 6463547347 | |
Daiki Ueno | 055e0fecf1 | |
Daiki Ueno | 26f0f90d8b | |
Kai Engert | 6d7ef4785b | |
Daiki Ueno | 2ee2180475 | |
Daiki Ueno | 26ee9b35d2 | |
Daiki Ueno | 32b4e5466a | |
Daiki Ueno | 1b9574d305 |
|
@ -10,3 +10,14 @@ TestUser51.cert
|
||||||
/PayPalRootCA.cert
|
/PayPalRootCA.cert
|
||||||
/PayPalICA.cert
|
/PayPalICA.cert
|
||||||
/nss-3.25.0.tar.gz
|
/nss-3.25.0.tar.gz
|
||||||
|
/nss-3.26.0.tar.gz
|
||||||
|
/nss-3.27.0.tar.gz
|
||||||
|
/nss-3.28.1.tar.gz
|
||||||
|
/nss-3.28.3.tar.gz
|
||||||
|
/nss-3.29.3.tar.gz
|
||||||
|
/nss-3.30.2.tar.gz
|
||||||
|
/nss-3.31.0.tar.gz
|
||||||
|
/nss-3.32.0.tar.gz
|
||||||
|
/nss-3.32.1.tar.gz
|
||||||
|
/nss-3.33.0.tar.gz
|
||||||
|
/nss-3.34.0.tar.gz
|
||||||
|
|
220
iquote.patch
220
iquote.patch
|
@ -1,211 +1,13 @@
|
||||||
diff -up ./nss/cmd/certcgi/Makefile.iquote ./nss/cmd/certcgi/Makefile
|
diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
|
||||||
--- ./nss/cmd/certcgi/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
--- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200
|
||||||
+++ ./nss/cmd/certcgi/Makefile 2016-03-05 12:04:06.216474144 -0800
|
+++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200
|
||||||
@@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
SQLITE_LIB_NAME = sqlite3
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
-
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/cmd/certutil/Makefile.iquote ./nss/cmd/certutil/Makefile
|
|
||||||
--- ./nss/cmd/certutil/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/cmd/certutil/Makefile 2016-03-05 12:04:06.216474144 -0800
|
|
||||||
@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
-
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/cmd/lib/Makefile.iquote ./nss/cmd/lib/Makefile
|
|
||||||
--- ./nss/cmd/lib/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/cmd/lib/Makefile 2016-03-05 12:04:06.216474144 -0800
|
|
||||||
@@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
-
|
|
||||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/cmd/modutil/Makefile.iquote ./nss/cmd/modutil/Makefile
|
|
||||||
--- ./nss/cmd/modutil/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/cmd/modutil/Makefile 2016-03-05 12:04:06.216474144 -0800
|
|
||||||
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
diff -up ./nss/cmd/selfserv/Makefile.iquote ./nss/cmd/selfserv/Makefile
|
|
||||||
--- ./nss/cmd/selfserv/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/cmd/selfserv/Makefile 2016-03-05 12:04:06.216474144 -0800
|
|
||||||
@@ -35,7 +35,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
-
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/cmd/ssltap/Makefile.iquote ./nss/cmd/ssltap/Makefile
|
|
||||||
--- ./nss/cmd/ssltap/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/cmd/ssltap/Makefile 2016-03-05 12:04:06.216474144 -0800
|
|
||||||
@@ -39,7 +39,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
-
|
|
||||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/cmd/strsclnt/Makefile.iquote ./nss/cmd/strsclnt/Makefile
|
|
||||||
--- ./nss/cmd/strsclnt/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/cmd/strsclnt/Makefile 2016-03-05 12:04:06.217474124 -0800
|
|
||||||
@@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
-
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/cmd/tstclnt/Makefile.iquote ./nss/cmd/tstclnt/Makefile
|
|
||||||
--- ./nss/cmd/tstclnt/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/cmd/tstclnt/Makefile 2016-03-05 12:04:06.217474124 -0800
|
|
||||||
@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
#include ../platlibs.mk
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/cmd/vfyserv/Makefile.iquote ./nss/cmd/vfyserv/Makefile
|
|
||||||
--- ./nss/cmd/vfyserv/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/cmd/vfyserv/Makefile 2016-03-05 12:04:06.217474124 -0800
|
|
||||||
@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
#include ../platlibs.mk
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/coreconf/location.mk.iquote ./nss/coreconf/location.mk
|
|
||||||
--- ./nss/coreconf/location.mk.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/coreconf/location.mk 2016-03-05 12:04:06.217474124 -0800
|
|
||||||
@@ -45,6 +45,10 @@ endif
|
|
||||||
|
|
||||||
ifdef NSS_INCLUDE_DIR
|
|
||||||
INCLUDES += -I$(NSS_INCLUDE_DIR)
|
|
||||||
+ ifdef IN_TREE_FREEBL_HEADERS_FIRST
|
|
||||||
+ INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
+ INCLUDES += -iquote $(DIST)/../private/nss
|
|
||||||
+ endif
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifndef NSS_LIB_DIR
|
+# Prefer in-tree headers over system headers
|
||||||
diff -up ./nss/external_tests/pk11_gtest/Makefile.iquote ./nss/external_tests/pk11_gtest/Makefile
|
+ifdef IN_TREE_FREEBL_HEADERS_FIRST
|
||||||
--- ./nss/external_tests/pk11_gtest/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
+ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss
|
||||||
+++ ./nss/external_tests/pk11_gtest/Makefile 2016-03-05 12:04:06.217474124 -0800
|
+endif
|
||||||
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
+
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
MK_LOCATION = included
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/external_tests/ssl_gtest/Makefile.iquote ./nss/external_tests/ssl_gtest/Makefile
|
|
||||||
--- ./nss/external_tests/ssl_gtest/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/external_tests/ssl_gtest/Makefile 2016-03-05 12:05:17.208082475 -0800
|
|
||||||
@@ -43,6 +43,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/lib/certhigh/Makefile.iquote ./nss/lib/certhigh/Makefile
|
|
||||||
--- ./nss/lib/certhigh/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/lib/certhigh/Makefile 2016-03-05 12:04:06.217474124 -0800
|
|
||||||
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
-
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/lib/cryptohi/Makefile.iquote ./nss/lib/cryptohi/Makefile
|
|
||||||
--- ./nss/lib/cryptohi/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/lib/cryptohi/Makefile 2016-03-05 12:04:06.217474124 -0800
|
|
||||||
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
-
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/lib/nss/Makefile.iquote ./nss/lib/nss/Makefile
|
|
||||||
--- ./nss/lib/nss/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/lib/nss/Makefile 2016-03-05 12:04:06.217474124 -0800
|
|
||||||
@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
-
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/lib/pk11wrap/Makefile.iquote ./nss/lib/pk11wrap/Makefile
|
|
||||||
--- ./nss/lib/pk11wrap/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/lib/pk11wrap/Makefile 2016-03-05 12:04:06.217474124 -0800
|
|
||||||
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
-
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
diff -up ./nss/lib/ssl/Makefile.iquote ./nss/lib/ssl/Makefile
|
|
||||||
--- ./nss/lib/ssl/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
|
||||||
+++ ./nss/lib/ssl/Makefile 2016-03-05 12:04:06.217474124 -0800
|
|
||||||
@@ -49,7 +49,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
|
||||||
# (6) Execute "component" rules. (OPTIONAL) #
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
-
|
|
||||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# (7) Execute "local" rules. (OPTIONAL). #
|
|
||||||
|
|
|
@ -1,275 +1,25 @@
|
||||||
diff --git a/lib/nss/config.mk b/lib/nss/config.mk
|
diff -up nss/lib/pk11wrap/pk11pars.c.check_policy_file nss/lib/pk11wrap/pk11pars.c
|
||||||
--- a/lib/nss/config.mk
|
--- nss/lib/pk11wrap/pk11pars.c.check_policy_file 2017-01-06 13:21:47.002952050 +0100
|
||||||
+++ b/lib/nss/config.mk
|
+++ nss/lib/pk11wrap/pk11pars.c 2017-01-06 13:28:18.972536334 +0100
|
||||||
@@ -95,8 +95,15 @@ SHARED_LIBRARY_DIRS = \
|
@@ -109,6 +109,7 @@ secmod_NewModule(void)
|
||||||
ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))
|
*other flags are set */
|
||||||
ifndef NS_USE_GCC
|
#define SECMOD_FLAG_MODULE_DB_SKIP_FIRST 0x02
|
||||||
# Export 'mktemp' to be backward compatible with NSS 3.2.x and 3.3.x
|
|
||||||
# but do not put it in the import library. See bug 142575.
|
|
||||||
DEFINES += -DWIN32_NSS3_DLL_COMPAT
|
|
||||||
DLLFLAGS += -EXPORT:mktemp=nss_mktemp,PRIVATE
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
+
|
|
||||||
+ifdef POLICY_FILE
|
|
||||||
+ifndef POLICY_PATH
|
|
||||||
+$(error You must define POLICY_PATH if you set POLICY_FILE)
|
|
||||||
+endif
|
|
||||||
+DEFINES += -DPOLICY_FILE=\"$(POLICY_FILE)\" -DPOLICY_PATH=\"$(POLICY_PATH)\"
|
|
||||||
+endif
|
|
||||||
diff --git a/lib/nss/nssinit.c b/lib/nss/nssinit.c
|
|
||||||
--- a/lib/nss/nssinit.c
|
|
||||||
+++ b/lib/nss/nssinit.c
|
|
||||||
@@ -330,47 +330,47 @@ nss_FindExternalRoot(const char *dbpath,
|
|
||||||
|
|
||||||
/*
|
|
||||||
* see nss_Init for definitions of the various options.
|
|
||||||
*
|
|
||||||
* this function builds a moduleSpec string from the options and previously
|
|
||||||
* set statics (from PKCS11_Configure, for instance), and uses it to kick off
|
|
||||||
* the loading of the various PKCS #11 modules.
|
|
||||||
*/
|
|
||||||
-static SECStatus
|
|
||||||
+static SECMODModule *
|
|
||||||
nss_InitModules(const char *configdir, const char *certPrefix,
|
|
||||||
const char *keyPrefix, const char *secmodName,
|
|
||||||
const char *updateDir, const char *updCertPrefix,
|
|
||||||
const char *updKeyPrefix, const char *updateID,
|
|
||||||
const char *updateName, char *configName, char *configStrings,
|
|
||||||
PRBool pwRequired, PRBool readOnly, PRBool noCertDB,
|
|
||||||
PRBool noModDB, PRBool forceOpen, PRBool optimizeSpace,
|
|
||||||
PRBool isContextInit)
|
|
||||||
{
|
|
||||||
- SECStatus rv = SECFailure;
|
|
||||||
+ SECMODModule *module = NULL;
|
|
||||||
char *moduleSpec = NULL;
|
|
||||||
char *flags = NULL;
|
|
||||||
char *lconfigdir = NULL;
|
|
||||||
char *lcertPrefix = NULL;
|
|
||||||
char *lkeyPrefix = NULL;
|
|
||||||
char *lsecmodName = NULL;
|
|
||||||
char *lupdateDir = NULL;
|
|
||||||
char *lupdCertPrefix = NULL;
|
|
||||||
char *lupdKeyPrefix = NULL;
|
|
||||||
char *lupdateID = NULL;
|
|
||||||
char *lupdateName = NULL;
|
|
||||||
|
|
||||||
if (NSS_InitializePRErrorTable() != SECSuccess) {
|
|
||||||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
|
||||||
- return rv;
|
|
||||||
+ return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
flags = nss_makeFlags(readOnly,noCertDB,noModDB,forceOpen,
|
|
||||||
pwRequired, optimizeSpace);
|
|
||||||
- if (flags == NULL) return rv;
|
|
||||||
+ if (flags == NULL) return NULL;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* configdir is double nested, and Windows uses the same character
|
|
||||||
* for file seps as we use for escapes! (sigh).
|
|
||||||
*/
|
|
||||||
lconfigdir = NSSUTIL_DoubleEscape(configdir, '\'', '\"');
|
|
||||||
if (lconfigdir == NULL) {
|
|
||||||
goto loser;
|
|
||||||
@@ -427,24 +427,26 @@ loser:
|
|
||||||
if (lsecmodName) PORT_Free(lsecmodName);
|
|
||||||
if (lupdateDir) PORT_Free(lupdateDir);
|
|
||||||
if (lupdCertPrefix) PORT_Free(lupdCertPrefix);
|
|
||||||
if (lupdKeyPrefix) PORT_Free(lupdKeyPrefix);
|
|
||||||
if (lupdateID) PORT_Free(lupdateID);
|
|
||||||
if (lupdateName) PORT_Free(lupdateName);
|
|
||||||
|
|
||||||
if (moduleSpec) {
|
|
||||||
- SECMODModule *module = SECMOD_LoadModule(moduleSpec,NULL,PR_TRUE);
|
|
||||||
+ module = SECMOD_LoadModule(moduleSpec,NULL,PR_TRUE);
|
|
||||||
PR_smprintf_free(moduleSpec);
|
|
||||||
if (module) {
|
|
||||||
- if (module->loaded) rv=SECSuccess;
|
|
||||||
- SECMOD_DestroyModule(module);
|
|
||||||
+ if (!module->loaded) {
|
|
||||||
+ SECMOD_DestroyModule(module);
|
|
||||||
+ module = NULL;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- return rv;
|
|
||||||
+ return module;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* OK there are now lots of options here, lets go through them all:
|
|
||||||
*
|
|
||||||
* configdir - base directory where all the cert, key, and module datbases live.
|
|
||||||
* certPrefix - prefix added to the beginning of the cert database example: "
|
|
||||||
* "https-server1-"
|
|
||||||
@@ -520,17 +522,17 @@ nss_Init(const char *configdir, const ch
|
|
||||||
NSSInitContext ** initContextPtr,
|
|
||||||
NSSInitParameters *initParams,
|
|
||||||
PRBool readOnly, PRBool noCertDB,
|
|
||||||
PRBool noModDB, PRBool forceOpen, PRBool noRootInit,
|
|
||||||
PRBool optimizeSpace, PRBool noSingleThreadedModules,
|
|
||||||
PRBool allowAlreadyInitializedModules,
|
|
||||||
PRBool dontFinalizeModules)
|
|
||||||
{
|
|
||||||
- SECStatus rv = SECFailure;
|
|
||||||
+ SECMODModule *parent = NULL;
|
|
||||||
PKIX_UInt32 actualMinorVersion = 0;
|
|
||||||
PKIX_Error *pkixError = NULL;
|
|
||||||
PRBool isReallyInitted;
|
|
||||||
char *configStrings = NULL;
|
|
||||||
char *configName = NULL;
|
|
||||||
PRBool passwordRequired = PR_FALSE;
|
|
||||||
|
|
||||||
/* if we are trying to init with a traditional NSS_Init call, maintain
|
|
||||||
@@ -630,23 +632,23 @@ nss_Init(const char *configdir, const ch
|
|
||||||
configStrings = pk11_config_strings;
|
|
||||||
configName = pk11_config_name;
|
|
||||||
passwordRequired = pk11_password_required;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Skip the module init if we are already initted and we are trying
|
|
||||||
* to init with noCertDB and noModDB */
|
|
||||||
if (!(isReallyInitted && noCertDB && noModDB)) {
|
|
||||||
- rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
|
|
||||||
+ parent = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
|
|
||||||
updateDir, updCertPrefix, updKeyPrefix, updateID,
|
|
||||||
updateName, configName, configStrings, passwordRequired,
|
|
||||||
readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
|
|
||||||
(initContextPtr != NULL));
|
|
||||||
|
|
||||||
- if (rv != SECSuccess) {
|
|
||||||
+ if (parent == NULL) {
|
|
||||||
goto loser;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* finish up initialization */
|
|
||||||
if (!isReallyInitted) {
|
|
||||||
if (SECOID_Init() != SECSuccess) {
|
|
||||||
@@ -675,17 +677,34 @@ nss_Init(const char *configdir, const ch
|
|
||||||
* path. Skip it */
|
|
||||||
dbpath = NULL;
|
|
||||||
}
|
|
||||||
if (dbpath) {
|
|
||||||
nss_FindExternalRoot(dbpath, secmodName);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
-
|
|
||||||
+#ifdef POLICY_FILE
|
|
||||||
+ if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS ) {
|
|
||||||
+ SECMODModule *module = SECMOD_LoadModule(
|
|
||||||
+ "name=\"Policy File\" "
|
|
||||||
+ "parameters=\"configdir='sql:" POLICY_PATH "' "
|
|
||||||
+ "secmod='" POLICY_FILE "' "
|
|
||||||
+ "flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" "
|
|
||||||
+ "NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"",
|
|
||||||
+ parent, PR_TRUE);
|
|
||||||
+ if (module) {
|
|
||||||
+ PRBool isLoaded = module->loaded;
|
|
||||||
+ SECMOD_DestroyModule(module);
|
|
||||||
+ if (!isLoaded) {
|
|
||||||
+ goto loser;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
pk11sdr_Init();
|
|
||||||
cert_CreateSubjectKeyIDHashTable();
|
|
||||||
|
|
||||||
pkixError = PKIX_Initialize
|
|
||||||
(PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
|
|
||||||
PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
|
|
||||||
|
|
||||||
if (pkixError != NULL) {
|
|
||||||
@@ -716,32 +735,38 @@ nss_Init(const char *configdir, const ch
|
|
||||||
nssIsInInit--;
|
|
||||||
/* now that we are inited, all waiters can move forward */
|
|
||||||
PZ_NotifyAllCondVar(nssInitCondition);
|
|
||||||
PZ_Unlock(nssInitLock);
|
|
||||||
|
|
||||||
if (initContextPtr && configStrings) {
|
|
||||||
PR_smprintf_free(configStrings);
|
|
||||||
}
|
|
||||||
+ if (parent) {
|
|
||||||
+ SECMOD_DestroyModule(parent);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
return SECSuccess;
|
|
||||||
|
|
||||||
loser:
|
|
||||||
if (initContextPtr && *initContextPtr) {
|
|
||||||
PORT_Free(*initContextPtr);
|
|
||||||
*initContextPtr = NULL;
|
|
||||||
if (configStrings) {
|
|
||||||
PR_smprintf_free(configStrings);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
PZ_Lock(nssInitLock);
|
|
||||||
nssIsInInit--;
|
|
||||||
/* We failed to init, allow one to move forward */
|
|
||||||
PZ_NotifyCondVar(nssInitCondition);
|
|
||||||
PZ_Unlock(nssInitLock);
|
|
||||||
+ if (parent) {
|
|
||||||
+ SECMOD_DestroyModule(parent);
|
|
||||||
+ }
|
|
||||||
return SECFailure;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
SECStatus
|
|
||||||
NSS_Init(const char *configdir)
|
|
||||||
{
|
|
||||||
return nss_Init(configdir, "", "", SECMOD_DB, "", "", "", "", "", NULL,
|
|
||||||
diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c
|
|
||||||
--- a/lib/pk11wrap/pk11pars.c
|
|
||||||
+++ b/lib/pk11wrap/pk11pars.c
|
|
||||||
@@ -105,16 +105,17 @@ secmod_NewModule(void)
|
|
||||||
* This allows system NSS to delegate those changes to the user's module DB,
|
|
||||||
* preserving the user's ability to load new PKCS #11 modules (which only
|
|
||||||
* affect him), from existing applications like Firefox.
|
|
||||||
*/
|
|
||||||
#define SECMOD_FLAG_MODULE_DB_IS_MODULE_DB 0x01 /* must be set if any of the
|
|
||||||
*other flags are set */
|
|
||||||
#define SECMOD_FLAG_MODULE_DB_SKIP_FIRST 0x02
|
|
||||||
#define SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB 0x04
|
#define SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB 0x04
|
||||||
+#define SECMOD_FLAG_MODULE_DB_POLICY_ONLY 0x08
|
+#define SECMOD_FLAG_MODULE_DB_POLICY_ONLY 0x08
|
||||||
|
|
||||||
|
|
||||||
/* private flags for internal (field in SECMODModule). */
|
/* private flags for internal (field in SECMODModule). */
|
||||||
/* The meaing of these flags is as follows:
|
/* The meaing of these flags is as follows:
|
||||||
*
|
@@ -704,6 +705,9 @@ SECMOD_CreateModuleEx(const char *librar
|
||||||
* SECMOD_FLAG_INTERNAL_IS_INTERNAL - This is a marks the the module is
|
if (NSSUTIL_ArgHasFlag("flags", "defaultModDB", nssc)) {
|
||||||
* the internal module (that is, softoken). This bit is the same as the
|
flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB;
|
||||||
* already existing meaning of internal = PR_TRUE. None of the other
|
}
|
||||||
@@ -699,16 +700,19 @@ SECMOD_CreateModuleEx(const char *librar
|
|
||||||
if (mod->isModuleDB) {
|
|
||||||
char flags = SECMOD_FLAG_MODULE_DB_IS_MODULE_DB;
|
|
||||||
if (NSSUTIL_ArgHasFlag("flags","skipFirst",nssc)) {
|
|
||||||
flags |= SECMOD_FLAG_MODULE_DB_SKIP_FIRST;
|
|
||||||
}
|
|
||||||
if (NSSUTIL_ArgHasFlag("flags","defaultModDB",nssc)) {
|
|
||||||
flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB;
|
|
||||||
}
|
|
||||||
+ if (NSSUTIL_ArgHasFlag("flags", "policyOnly", nssc)) {
|
+ if (NSSUTIL_ArgHasFlag("flags", "policyOnly", nssc)) {
|
||||||
+ flags |= SECMOD_FLAG_MODULE_DB_POLICY_ONLY;
|
+ flags |= SECMOD_FLAG_MODULE_DB_POLICY_ONLY;
|
||||||
+ }
|
+ }
|
||||||
/* additional moduleDB flags could be added here in the future */
|
/* additional moduleDB flags could be added here in the future */
|
||||||
mod->isModuleDB = (PRBool) flags;
|
mod->isModuleDB = (PRBool)flags;
|
||||||
}
|
}
|
||||||
|
@@ -744,6 +748,14 @@ SECMOD_GetDefaultModDBFlag(SECMODModule
|
||||||
if (mod->internal) {
|
|
||||||
char flags = SECMOD_FLAG_INTERNAL_IS_INTERNAL;
|
|
||||||
|
|
||||||
if (NSSUTIL_ArgHasFlag("flags", "internalKeySlot", nssc)) {
|
|
||||||
@@ -738,16 +742,24 @@ PRBool
|
|
||||||
SECMOD_GetDefaultModDBFlag(SECMODModule *mod)
|
|
||||||
{
|
|
||||||
char flags = (char) mod->isModuleDB;
|
|
||||||
|
|
||||||
return (flags & SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB) ? PR_TRUE : PR_FALSE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
PRBool
|
PRBool
|
||||||
|
@ -283,20 +33,10 @@ diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c
|
||||||
+PRBool
|
+PRBool
|
||||||
secmod_IsInternalKeySlot(SECMODModule *mod)
|
secmod_IsInternalKeySlot(SECMODModule *mod)
|
||||||
{
|
{
|
||||||
char flags = (char) mod->internal;
|
char flags = (char)mod->internal;
|
||||||
|
@@ -1661,6 +1673,12 @@ SECMOD_LoadModule(char *modulespec, SECM
|
||||||
return (flags & SECMOD_FLAG_INTERNAL_KEY_SLOT) ? PR_TRUE : PR_FALSE;
|
|
||||||
}
|
|
||||||
|
|
||||||
void
|
|
||||||
@@ -1521,16 +1533,22 @@ SECMOD_LoadModule(char *modulespec,SECMO
|
|
||||||
if (library) PORT_Free(library);
|
|
||||||
if (moduleName) PORT_Free(moduleName);
|
|
||||||
if (parameters) PORT_Free(parameters);
|
|
||||||
if (nss) PORT_Free(nss);
|
|
||||||
if (config) PORT_Free(config);
|
|
||||||
if (!module) {
|
if (!module) {
|
||||||
goto loser;
|
goto loser;
|
||||||
}
|
}
|
||||||
+
|
+
|
||||||
+ /* a policy only stanza doesn't actually get 'loaded'. policy has already
|
+ /* a policy only stanza doesn't actually get 'loaded'. policy has already
|
||||||
|
@ -305,33 +45,5 @@ diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c
|
||||||
+ return module;
|
+ return module;
|
||||||
+ }
|
+ }
|
||||||
if (parent) {
|
if (parent) {
|
||||||
module->parent = SECMOD_ReferenceModule(parent);
|
module->parent = SECMOD_ReferenceModule(parent);
|
||||||
if (module->internal && secmod_IsInternalKeySlot(parent)) {
|
if (module->internal && secmod_IsInternalKeySlot(parent)) {
|
||||||
module->internal = parent->internal;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* load it */
|
|
||||||
diff --git a/lib/util/utilpars.c b/lib/util/utilpars.c
|
|
||||||
--- a/lib/util/utilpars.c
|
|
||||||
+++ b/lib/util/utilpars.c
|
|
||||||
@@ -1139,17 +1139,18 @@ char *
|
|
||||||
*dbType = NSS_DB_TYPE_SQL;
|
|
||||||
PORT_Free(*filename);
|
|
||||||
*filename = NULL;
|
|
||||||
*rw = PR_FALSE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* only use the renamed secmod for legacy databases */
|
|
||||||
if ((*dbType != NSS_DB_TYPE_LEGACY) &&
|
|
||||||
- (*dbType != NSS_DB_TYPE_MULTIACCESS)) {
|
|
||||||
+ (*dbType != NSS_DB_TYPE_MULTIACCESS) &&
|
|
||||||
+ !NSSUTIL_ArgHasFlag("flags", "forceSecmodChoice", save_params)) {
|
|
||||||
secmodName="pkcs11.txt";
|
|
||||||
}
|
|
||||||
|
|
||||||
if (noModDB) {
|
|
||||||
value = NULL;
|
|
||||||
} else if (lconfigdir && lconfigdir[0] != '\0') {
|
|
||||||
value = PR_smprintf("%s" NSSUTIL_PATH_SEPARATOR "%s",
|
|
||||||
lconfigdir,secmodName);
|
|
||||||
|
|
|
@ -1,161 +0,0 @@
|
||||||
--- ./lib/nss/nssinit.c.cond_ignore 2016-07-14 06:07:08.607951998 -0700
|
|
||||||
+++ ./lib/nss/nssinit.c 2016-07-14 06:11:07.698966728 -0700
|
|
||||||
@@ -427,23 +427,21 @@
|
|
||||||
if (lsecmodName) PORT_Free(lsecmodName);
|
|
||||||
if (lupdateDir) PORT_Free(lupdateDir);
|
|
||||||
if (lupdCertPrefix) PORT_Free(lupdCertPrefix);
|
|
||||||
if (lupdKeyPrefix) PORT_Free(lupdKeyPrefix);
|
|
||||||
if (lupdateID) PORT_Free(lupdateID);
|
|
||||||
if (lupdateName) PORT_Free(lupdateName);
|
|
||||||
|
|
||||||
if (moduleSpec) {
|
|
||||||
- module = SECMOD_LoadModule(moduleSpec,NULL,PR_TRUE);
|
|
||||||
+ module = SECMOD_LoadModule(moduleSpec, NULL, PR_TRUE);
|
|
||||||
PR_smprintf_free(moduleSpec);
|
|
||||||
- if (module) {
|
|
||||||
- if (!module->loaded) {
|
|
||||||
- SECMOD_DestroyModule(module);
|
|
||||||
- module = NULL;
|
|
||||||
- }
|
|
||||||
+ if (module && !module->loaded) {
|
|
||||||
+ SECMOD_DestroyModule(module);
|
|
||||||
+ return NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return module;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* OK there are now lots of options here, lets go through them all:
|
|
||||||
*
|
|
||||||
@@ -511,41 +509,44 @@
|
|
||||||
return PR_FAILURE;
|
|
||||||
}
|
|
||||||
return PR_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static SECStatus
|
|
||||||
nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
|
|
||||||
- const char *secmodName, const char *updateDir,
|
|
||||||
+ const char *secmodName, const char *updateDir,
|
|
||||||
const char *updCertPrefix, const char *updKeyPrefix,
|
|
||||||
const char *updateID, const char *updateName,
|
|
||||||
NSSInitContext ** initContextPtr,
|
|
||||||
NSSInitParameters *initParams,
|
|
||||||
- PRBool readOnly, PRBool noCertDB,
|
|
||||||
+ PRBool readOnly, PRBool noCertDB,
|
|
||||||
PRBool noModDB, PRBool forceOpen, PRBool noRootInit,
|
|
||||||
PRBool optimizeSpace, PRBool noSingleThreadedModules,
|
|
||||||
PRBool allowAlreadyInitializedModules,
|
|
||||||
PRBool dontFinalizeModules)
|
|
||||||
{
|
|
||||||
SECMODModule *parent = NULL;
|
|
||||||
PKIX_UInt32 actualMinorVersion = 0;
|
|
||||||
PKIX_Error *pkixError = NULL;
|
|
||||||
PRBool isReallyInitted;
|
|
||||||
char *configStrings = NULL;
|
|
||||||
char *configName = NULL;
|
|
||||||
PRBool passwordRequired = PR_FALSE;
|
|
||||||
+#ifdef POLICY_FILE
|
|
||||||
+ char *ignoreVar;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/* if we are trying to init with a traditional NSS_Init call, maintain
|
|
||||||
* the traditional idempotent behavior. */
|
|
||||||
if (!initContextPtr && nssIsInitted) {
|
|
||||||
return SECSuccess;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
+
|
|
||||||
/* make sure our lock and condition variable are initialized one and only
|
|
||||||
* one time */
|
|
||||||
if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
|
|
||||||
return SECFailure;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* if we haven't done basic initialization, single thread the
|
|
||||||
@@ -632,20 +633,20 @@
|
|
||||||
configStrings = pk11_config_strings;
|
|
||||||
configName = pk11_config_name;
|
|
||||||
passwordRequired = pk11_password_required;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Skip the module init if we are already initted and we are trying
|
|
||||||
* to init with noCertDB and noModDB */
|
|
||||||
if (!(isReallyInitted && noCertDB && noModDB)) {
|
|
||||||
- parent = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
|
|
||||||
- updateDir, updCertPrefix, updKeyPrefix, updateID,
|
|
||||||
+ parent = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
|
|
||||||
+ updateDir, updCertPrefix, updKeyPrefix, updateID,
|
|
||||||
updateName, configName, configStrings, passwordRequired,
|
|
||||||
- readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
|
|
||||||
+ readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
|
|
||||||
(initContextPtr != NULL));
|
|
||||||
|
|
||||||
if (parent == NULL) {
|
|
||||||
goto loser;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@@ -678,50 +679,54 @@
|
|
||||||
dbpath = NULL;
|
|
||||||
}
|
|
||||||
if (dbpath) {
|
|
||||||
nss_FindExternalRoot(dbpath, secmodName);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#ifdef POLICY_FILE
|
|
||||||
- if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS ) {
|
|
||||||
+ /* Load the system crypto policy file if it exists,
|
|
||||||
+ * unless the NSS_IGNORE_SYSTEM_POLICY environment
|
|
||||||
+ * variable has been set to 1. */
|
|
||||||
+ ignoreVar = PR_GetEnvSecure("NSS_IGNORE_SYSTEM_POLICY");
|
|
||||||
+ if (ignoreVar == NULL || strncmp(ignoreVar, "1", sizeof("1")) != 0) {
|
|
||||||
+ if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS) {
|
|
||||||
SECMODModule *module = SECMOD_LoadModule(
|
|
||||||
"name=\"Policy File\" "
|
|
||||||
"parameters=\"configdir='sql:" POLICY_PATH "' "
|
|
||||||
"secmod='" POLICY_FILE "' "
|
|
||||||
"flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" "
|
|
||||||
"NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"",
|
|
||||||
- parent, PR_TRUE);
|
|
||||||
+ parent, PR_TRUE);
|
|
||||||
if (module) {
|
|
||||||
PRBool isLoaded = module->loaded;
|
|
||||||
SECMOD_DestroyModule(module);
|
|
||||||
if (!isLoaded) {
|
|
||||||
goto loser;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ }
|
|
||||||
#endif
|
|
||||||
pk11sdr_Init();
|
|
||||||
cert_CreateSubjectKeyIDHashTable();
|
|
||||||
|
|
||||||
pkixError = PKIX_Initialize
|
|
||||||
(PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
|
|
||||||
PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
|
|
||||||
|
|
||||||
if (pkixError != NULL) {
|
|
||||||
goto loser;
|
|
||||||
} else {
|
|
||||||
char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY");
|
|
||||||
if (ev && ev[0]) {
|
|
||||||
CERT_SetUsePKIXForValidation(PR_TRUE);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
-
|
|
||||||
-
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Now mark the appropriate init state. If initContextPtr was passed
|
|
||||||
* in, then return the new context pointer and add it to the
|
|
||||||
* nssInitContextList. Otherwise set the global nss_isInitted flag
|
|
||||||
*/
|
|
||||||
PZ_Lock(nssInitLock);
|
|
|
@ -1,9 +1,9 @@
|
||||||
diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile
|
diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile
|
||||||
--- ./nss/cmd/Makefile.skipem 2016-06-24 10:10:38.143165159 -0700
|
--- ./nss/cmd/Makefile.skipthem 2017-01-06 13:17:27.477848351 +0100
|
||||||
+++ ./nss/cmd/Makefile 2016-06-24 10:13:08.566457400 -0700
|
+++ ./nss/cmd/Makefile 2017-01-06 13:19:30.244586100 +0100
|
||||||
@@ -17,7 +17,11 @@ endif
|
@@ -19,7 +19,11 @@ BLTEST_SRCDIR =
|
||||||
ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
|
ECPERF_SRCDIR =
|
||||||
BLTEST_SRCDIR =
|
FREEBL_ECTEST_SRCDIR =
|
||||||
FIPSTEST_SRCDIR =
|
FIPSTEST_SRCDIR =
|
||||||
+ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1)
|
+ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1)
|
||||||
+SHLIBSIGN_SRCDIR = shlibsign
|
+SHLIBSIGN_SRCDIR = shlibsign
|
||||||
|
@ -12,4 +12,4 @@ diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile
|
||||||
+endif
|
+endif
|
||||||
else
|
else
|
||||||
BLTEST_SRCDIR = bltest
|
BLTEST_SRCDIR = bltest
|
||||||
FIPSTEST_SRCDIR = fipstest
|
ECPERF_SRCDIR = ecperf
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
diff -up ./cmd/manifest.mn.skip_ecperf ./cmd/manifest.mn
|
|
||||||
--- ./cmd/manifest.mn.noecperf 2016-06-24 08:04:53.891106841 -0700
|
|
||||||
+++ ./cmd/manifest.mn 2016-06-24 08:06:57.186887403 -0700
|
|
||||||
@@ -42,7 +42,6 @@ NSS_SRCDIRS = \
|
|
||||||
dbtest \
|
|
||||||
derdump \
|
|
||||||
digest \
|
|
||||||
- ecperf \
|
|
||||||
httpserv \
|
|
||||||
listsuites \
|
|
||||||
makepqg \
|
|
|
@ -1,11 +1,10 @@
|
||||||
diff -up ./external_tests/manifest.mn.skip_util_pk11_ssl_gtest ./external_tests/manifest.mn
|
diff -up nss/gtests/manifest.mn.skip_util_gtest nss/gtests/manifest.mn
|
||||||
--- ./external_tests/manifest.mn.skip_util_pk11_ssl_gtest 2016-06-20 10:11:28.000000000 -0700
|
--- nss/gtests/manifest.mn.skip_util_gtest 2017-08-08 12:45:57.598801125 +0200
|
||||||
+++ ./external_tests/manifest.mn 2016-06-26 10:09:55.429858648 -0700
|
+++ nss/gtests/manifest.mn 2017-08-08 12:46:59.682419852 +0200
|
||||||
@@ -9,7 +9,4 @@ DIRS = \
|
@@ -31,6 +31,5 @@ endif
|
||||||
google_test \
|
|
||||||
common \
|
DIRS = \
|
||||||
der_gtest \
|
$(LIB_SRCDIRS) \
|
||||||
- util_gtest \
|
- $(UTIL_SRCDIRS) \
|
||||||
- pk11_gtest \
|
$(NSS_SRCDIRS) \
|
||||||
- ssl_gtest \
|
|
||||||
$(NULL)
|
$(NULL)
|
||||||
|
|
163
nss.spec
163
nss.spec
|
@ -1,6 +1,6 @@
|
||||||
%global nspr_version 4.12.0
|
%global nspr_version 4.17.0
|
||||||
%global nss_util_version 3.25.0
|
%global nss_util_version 3.34.0
|
||||||
%global nss_softokn_version 3.25.0
|
%global nss_softokn_version 3.34.0
|
||||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
||||||
|
|
||||||
|
@ -18,10 +18,10 @@
|
||||||
|
|
||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: 3.25.0
|
Version: 3.34.0
|
||||||
# for Rawhide, please always use release >= 2
|
# for Rawhide, please always use release >= 2
|
||||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||||
Release: 6%{?dist}
|
Release: 1.0%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
|
@ -43,16 +43,32 @@ BuildRequires: zlib-devel
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: gawk
|
BuildRequires: gawk
|
||||||
BuildRequires: psmisc
|
BuildRequires: psmisc
|
||||||
BuildRequires: perl
|
BuildRequires: perl-interpreter
|
||||||
|
|
||||||
# nss-pem used to be bundled with the nss package on Fedora -- make sure that
|
# nss-pem used to be bundled with the nss package on Fedora -- make sure that
|
||||||
# programs relying on that continue to work until they are fixed to require
|
# programs relying on that continue to work until they are fixed to require
|
||||||
# nss-pem instead. Once all of them are fixed, the following line can be
|
# nss-pem instead. Once all of them are fixed, the following line can be
|
||||||
# removed. See https://bugzilla.redhat.com/1346806 for details.
|
# removed. See https://bugzilla.redhat.com/1346806 for details.
|
||||||
Requires: nss-pem
|
Requires: nss-pem%{?_isa}
|
||||||
|
|
||||||
%{!?nss_ckbi_suffix:%define full_nss_version %{version}}
|
# NSS 3.28.1 introduced a curve, that is smaller than a check in old
|
||||||
%{?nss_ckbi_suffix:%define full_nss_version %{version}%{nss_ckbi_suffix}}
|
# Mozilla code allows.
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1413182
|
||||||
|
Conflicts: firefox < 50.1.0-3
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1414983
|
||||||
|
Conflicts: xulrunner < 44.0-9
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1414929
|
||||||
|
Conflicts: thunderbird < 45.6.0-5
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1414982
|
||||||
|
Conflicts: seamonkey < 2.46-2
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1414987
|
||||||
|
Conflicts: icecat < 45.5.1-5
|
||||||
|
|
||||||
|
%if %{defined nss_ckbi_suffix}
|
||||||
|
%define full_nss_version %{version}%{nss_ckbi_suffix}
|
||||||
|
%else
|
||||||
|
%define full_nss_version %{version}
|
||||||
|
%endif
|
||||||
|
|
||||||
Source0: %{name}-%{full_nss_version}.tar.gz
|
Source0: %{name}-%{full_nss_version}.tar.gz
|
||||||
Source1: nss.pc.in
|
Source1: nss.pc.in
|
||||||
|
@ -83,23 +99,23 @@ Patch40: nss-3.14.0.0-disble-ocsp-test.patch
|
||||||
Patch47: utilwrap-include-templates.patch
|
Patch47: utilwrap-include-templates.patch
|
||||||
# TODO remove when we switch to building nss without softoken
|
# TODO remove when we switch to building nss without softoken
|
||||||
Patch49: nss-skip-bltest-and-fipstest.patch
|
Patch49: nss-skip-bltest-and-fipstest.patch
|
||||||
# This patch uses the gcc-iquote dir option documented at
|
# This patch uses the GCC -iquote option documented at
|
||||||
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
|
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
|
||||||
# to place the in-tree directories at the head of the list of list of directories
|
# to give the in-tree headers a higher priority over the system headers,
|
||||||
# to be searched for for header files. This ensures a build even when system
|
# when they are included through the quote form (#include "file.h").
|
||||||
# headers are older. Such is the case when starting an update with API changes or even private export changes.
|
#
|
||||||
# Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
|
# This ensures a build even when system headers are older. Such is the
|
||||||
|
# case when starting an update with API changes or even private export
|
||||||
|
# changes.
|
||||||
|
#
|
||||||
|
# Once the buildroot aha been bootstrapped the patch may be removed
|
||||||
|
# but it doesn't hurt to keep it.
|
||||||
Patch50: iquote.patch
|
Patch50: iquote.patch
|
||||||
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
||||||
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
||||||
Patch59: nss-check-policy-file.patch
|
Patch59: nss-check-policy-file.patch
|
||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
|
||||||
Patch60: nss-conditionally-ignore-system-policy.patch
|
|
||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1280846
|
|
||||||
Patch62: nss-skip-util-gtest.patch
|
Patch62: nss-skip-util-gtest.patch
|
||||||
# TODO: file a bug upstream similar to the one for rsaperf
|
|
||||||
Patch70: nss-skip-ecperf.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
|
@ -182,9 +198,7 @@ low level services.
|
||||||
%patch58 -p0 -b .1185708_3des
|
%patch58 -p0 -b .1185708_3des
|
||||||
pushd nss
|
pushd nss
|
||||||
%patch59 -p1 -b .check_policy_file
|
%patch59 -p1 -b .check_policy_file
|
||||||
%patch60 -p1 -b .cond_ignore
|
%patch62 -p1 -b .skip_util_gtest
|
||||||
%patch62 -p0 -b .skip_util_gtest
|
|
||||||
%patch70 -p1 -b .skip_ecperf
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
#########################################################
|
#########################################################
|
||||||
|
@ -197,11 +211,6 @@ popd
|
||||||
# Upstream https://bugzilla.mozilla.org/show_bug.cgi?id=820207
|
# Upstream https://bugzilla.mozilla.org/show_bug.cgi?id=820207
|
||||||
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
|
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
|
||||||
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
|
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
|
||||||
# similar problem to the one descrived above
|
|
||||||
# ./nss/lib/freebl/ec.h, ./nss/lib/freebl/ecl/ecl-curve.h
|
|
||||||
# the last one requires that NSS_ECC_MORE_THAN_SUITE_B not be defined
|
|
||||||
%{__cp} ./nss/lib/freebl/ec.h ./nss/cmd/ecperf
|
|
||||||
%{__cp} ./nss/lib/freebl/ecl/ecl-curve.h ./nss/cmd/ecperf
|
|
||||||
|
|
||||||
# Before removing util directory we must save verref.h
|
# Before removing util directory we must save verref.h
|
||||||
# as it will be needed later during the build phase.
|
# as it will be needed later during the build phase.
|
||||||
|
@ -218,9 +227,6 @@ popd
|
||||||
%{__rm} -rf ./nss/cmd/fipstest
|
%{__rm} -rf ./nss/cmd/fipstest
|
||||||
%{__rm} -rf ./nss/cmd/rsaperf_low
|
%{__rm} -rf ./nss/cmd/rsaperf_low
|
||||||
|
|
||||||
######## Remove portions that need to statically link with libnssutil.a
|
|
||||||
%{__rm} -rf ./nss/external_tests/util_gtests
|
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
|
@ -287,10 +293,8 @@ export USE_64
|
||||||
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
||||||
|
|
||||||
##### phase 2: build the rest of nss
|
##### phase 2: build the rest of nss
|
||||||
# nss supports pluggable ecc with more than suite-b
|
|
||||||
export NSS_ECC_MORE_THAN_SUITE_B=1
|
|
||||||
|
|
||||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||||
|
|
||||||
%{__make} -C ./nss/coreconf
|
%{__make} -C ./nss/coreconf
|
||||||
%{__make} -C ./nss/lib/dbm
|
%{__make} -C ./nss/lib/dbm
|
||||||
|
|
||||||
|
@ -404,8 +408,12 @@ export SOFTOKEN_LIB_DIR=%{_libdir}
|
||||||
|
|
||||||
# End -- copied from the build section
|
# End -- copied from the build section
|
||||||
|
|
||||||
|
# This is necessary because the test suite tests algorithms that are
|
||||||
|
# disabled by the system policy.
|
||||||
export NSS_IGNORE_SYSTEM_POLICY=1
|
export NSS_IGNORE_SYSTEM_POLICY=1
|
||||||
|
|
||||||
|
export NSS_FORCE_FIPS=1
|
||||||
|
|
||||||
# enable the following line to force a test failure
|
# enable the following line to force a test failure
|
||||||
# find ./nss -name \*.chk | xargs rm -f
|
# find ./nss -name \*.chk | xargs rm -f
|
||||||
|
|
||||||
|
@ -772,6 +780,7 @@ fi
|
||||||
%{_includedir}/nss3/smime.h
|
%{_includedir}/nss3/smime.h
|
||||||
%{_includedir}/nss3/ssl.h
|
%{_includedir}/nss3/ssl.h
|
||||||
%{_includedir}/nss3/sslerr.h
|
%{_includedir}/nss3/sslerr.h
|
||||||
|
%{_includedir}/nss3/sslexp.h
|
||||||
%{_includedir}/nss3/sslproto.h
|
%{_includedir}/nss3/sslproto.h
|
||||||
%{_includedir}/nss3/sslt.h
|
%{_includedir}/nss3/sslt.h
|
||||||
|
|
||||||
|
@ -794,6 +803,94 @@ fi
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 14 2017 Daiki Ueno <dueno@redhat.com> - 3.34.0-1.0
|
||||||
|
- Update to NSS 3.34.0
|
||||||
|
|
||||||
|
* Fri Nov 10 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-1.1
|
||||||
|
- Make sure 32bit nss-pem always be installed with 32bit nss in
|
||||||
|
multlib environment, patch by Kamil Dudka
|
||||||
|
|
||||||
|
* Tue Oct 3 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-1.0
|
||||||
|
- Update to NSS 3.33.0
|
||||||
|
|
||||||
|
* Tue Oct 3 2017 Daiki Ueno <dueno@redhat.com> - 3.32.1-1.1
|
||||||
|
- Update iquote.patch to really prefer in-tree headers over system headers
|
||||||
|
|
||||||
|
* Fri Sep 15 2017 Daiki Ueno <dueno@redhat.com> - 3.32.1-1.0
|
||||||
|
- Update to NSS 3.32.1
|
||||||
|
|
||||||
|
* Fri Aug 18 2017 Daiki Ueno <dueno@redhat.com> - 3.32.0-1.1
|
||||||
|
- Revert signtool deprecation, which was only targeting F27
|
||||||
|
|
||||||
|
* Mon Aug 7 2017 Daiki Ueno <dueno@redhat.com> - 3.32.0-1.0
|
||||||
|
- Update to NSS 3.32.0
|
||||||
|
|
||||||
|
* Tue Jul 18 2017 Daiki Ueno <dueno@redhat.com> - 3.31.0-1.1
|
||||||
|
- Backport mozbz#1381784 to avoid deadlock in dnf
|
||||||
|
|
||||||
|
* Wed Jun 21 2017 Daiki Ueno <dueno@redhat.com> - 3.31.0-1.0
|
||||||
|
- Rebase to NSS 3.31.0
|
||||||
|
|
||||||
|
* Wed May 10 2017 Daiki Ueno <dueno@redhat.com> - 3.30.2-1.1
|
||||||
|
- Re-enable tests on armv7hl
|
||||||
|
- Enable TLS 1.3 again
|
||||||
|
|
||||||
|
* Mon Apr 24 2017 Daiki Ueno <dueno@redhat.com> - 3.30.2-2
|
||||||
|
- Rebase to NSS 3.30.2
|
||||||
|
|
||||||
|
* Wed Mar 29 2017 Daiki Ueno <dueno@redhat.com> - 3.29.3-1.1
|
||||||
|
- Backport mozbz#1334976 and mozbz#1336487, from F26
|
||||||
|
|
||||||
|
* Mon Mar 20 2017 Daiki Ueno <dueno@redhat.com> - 3.29.3-1.0
|
||||||
|
- Rebase to NSS 3.29.3
|
||||||
|
- Remove upstreamed patch for fixing crash in tls13_DestroyKeyShares
|
||||||
|
|
||||||
|
* Thu Mar 16 2017 Daiki Ueno <dueno@redhat.com> - 3.28.3-1.1
|
||||||
|
- Fix crash in tls13_DestroyKeyShares
|
||||||
|
|
||||||
|
* Tue Feb 21 2017 Daiki Ueno <dueno@redhat.com> - 3.28.3-1.0
|
||||||
|
- Rebase to NSS 3.28.3
|
||||||
|
|
||||||
|
* Fri Jan 20 2017 Daiki Ueno <dueno@redhat.com> - 3.28.1-1.3
|
||||||
|
- Disable TLS 1.3
|
||||||
|
- Add "Conflicts" with packages using older Mozilla codebase, which is
|
||||||
|
not compatible with NSS 3.28.1
|
||||||
|
- Remove NSS_ECC_MORE_THAN_SUITE_B setting, as it was removed in upstream
|
||||||
|
|
||||||
|
* Tue Jan 17 2017 Daiki Ueno <dueno@redhat.com> - 3.28.1-1.2
|
||||||
|
- Add "Conflicts" with older firefox packages which don't have support
|
||||||
|
for smaller curves added in NSS 3.28.1
|
||||||
|
|
||||||
|
* Fri Jan 13 2017 Daiki Ueno <dueno@redhat.com> - 3.28.1-1.1
|
||||||
|
- Fix incorrect version specification in %%nss_{util,softokn}_version,
|
||||||
|
pointed by Elio Maldonado
|
||||||
|
|
||||||
|
* Thu Jan 12 2017 Daiki Ueno <dueno@redhat.com> - 3.28.1-1.0
|
||||||
|
- Rebase to NSS 3.28.1
|
||||||
|
- Remove upstreamed patch for disabling RSA-PSS
|
||||||
|
- Re-enable TLS 1.3
|
||||||
|
|
||||||
|
* Tue Nov 15 2016 Daiki Ueno <dueno@redhat.com> - 3.27.0-1.3
|
||||||
|
- Revert the previous fix for RSA-PSS and use the upstream fix instead
|
||||||
|
|
||||||
|
* Wed Nov 02 2016 Kai Engert <kaie@redhat.com> - 3.27.0-1.2
|
||||||
|
- Disable the use of RSA-PSS with SSL/TLS. #1383809
|
||||||
|
|
||||||
|
* Sun Oct 2 2016 Daiki Ueno <dueno@redhat.com> - 3.27.0-1.1
|
||||||
|
- Disable TLS 1.3 for now, to avoid reported regression with TLS to
|
||||||
|
version intolerant servers
|
||||||
|
|
||||||
|
* Thu Sep 29 2016 Daiki Ueno <dueno@redhat.com> - 3.27.0-1.0
|
||||||
|
- Rebase to NSS 3.27.0
|
||||||
|
- Remove upstreamed ectest patch
|
||||||
|
|
||||||
|
* Mon Aug 8 2016 Daiki Ueno <dueno@redhat.com> - 3.26.0-1.0
|
||||||
|
- Rebase to NSS 3.26.0
|
||||||
|
- Update check policy file patch to better match what was upstreamed
|
||||||
|
- Remove conditionally ignore system policy patch as it has been upstreamed
|
||||||
|
- Skip ectest as well as ecperf, which are built as part of nss-softokn
|
||||||
|
- Fix rpmlint error regarding %%define usage
|
||||||
|
|
||||||
* Thu Jul 14 2016 Elio Maldonado <emaldona@redhat.com> - 3.25.0-6
|
* Thu Jul 14 2016 Elio Maldonado <emaldona@redhat.com> - 3.25.0-6
|
||||||
- Incorporate some changes requested in upstream review and commited upstream (#1157720)
|
- Incorporate some changes requested in upstream review and commited upstream (#1157720)
|
||||||
|
|
||||||
|
|
12
sources
12
sources
|
@ -1,6 +1,6 @@
|
||||||
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
SHA512 (blank-cert8.db) = ac131d15708c5f1b5e467831f919f4fc4ba13b60a4bb5fe260c845fa9afcd899a588d21ed52060abaa1bbb29f2b53af8b495d28407183cb03aff1974f95f1d3d
|
||||||
9315689bbd9f28ceebd47894f99fccbd blank-key3.db
|
SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
|
||||||
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
|
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||||
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
|
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||||
950263d15d1f055605bfb6e634a1a019 nss-3.25.0.tar.gz
|
SHA512 (nss-3.34.0.tar.gz) = 2826e3d327af34714d521edac0fba4da6e14c7a28750ccfeeba8259b0a1954233fc47dcbec47b6aeb96f53de501adc15adf130379efa503b00677a924eb50080
|
||||||
|
|
Loading…
Reference in New Issue