Compare commits
26 Commits
Author | SHA1 | Date |
---|---|---|
Daiki Ueno | 806074eb1e | |
Daiki Ueno | 4cda06bd35 | |
Daiki Ueno | 372993eecd | |
Daiki Ueno | 1c3e54f040 | |
Daiki Ueno | 23188348b0 | |
Daiki Ueno | ce003712e7 | |
Daiki Ueno | 093224836c | |
Daiki Ueno | b4484f6e07 | |
Daiki Ueno | 1841d0a8ed | |
Daiki Ueno | f8810c6bee | |
Daiki Ueno | 8e6f0e50f7 | |
Daiki Ueno | c95b57308e | |
Daiki Ueno | 60e30578fd | |
Daiki Ueno | 28eafb607a | |
Daiki Ueno | 558fa42039 | |
Daiki Ueno | 1f164283dd | |
Daiki Ueno | 0a864f5b54 | |
Daiki Ueno | ba0cd14759 | |
Daiki Ueno | 6463547347 | |
Daiki Ueno | 055e0fecf1 | |
Daiki Ueno | 26f0f90d8b | |
Kai Engert | 6d7ef4785b | |
Daiki Ueno | 2ee2180475 | |
Daiki Ueno | 26ee9b35d2 | |
Daiki Ueno | 32b4e5466a | |
Daiki Ueno | 1b9574d305 |
|
@ -10,3 +10,14 @@ TestUser51.cert
|
|||
/PayPalRootCA.cert
|
||||
/PayPalICA.cert
|
||||
/nss-3.25.0.tar.gz
|
||||
/nss-3.26.0.tar.gz
|
||||
/nss-3.27.0.tar.gz
|
||||
/nss-3.28.1.tar.gz
|
||||
/nss-3.28.3.tar.gz
|
||||
/nss-3.29.3.tar.gz
|
||||
/nss-3.30.2.tar.gz
|
||||
/nss-3.31.0.tar.gz
|
||||
/nss-3.32.0.tar.gz
|
||||
/nss-3.32.1.tar.gz
|
||||
/nss-3.33.0.tar.gz
|
||||
/nss-3.34.0.tar.gz
|
||||
|
|
220
iquote.patch
220
iquote.patch
|
@ -1,211 +1,13 @@
|
|||
diff -up ./nss/cmd/certcgi/Makefile.iquote ./nss/cmd/certcgi/Makefile
|
||||
--- ./nss/cmd/certcgi/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/certcgi/Makefile 2016-03-05 12:04:06.216474144 -0800
|
||||
@@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/certutil/Makefile.iquote ./nss/cmd/certutil/Makefile
|
||||
--- ./nss/cmd/certutil/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/certutil/Makefile 2016-03-05 12:04:06.216474144 -0800
|
||||
@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/lib/Makefile.iquote ./nss/cmd/lib/Makefile
|
||||
--- ./nss/cmd/lib/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/lib/Makefile 2016-03-05 12:04:06.216474144 -0800
|
||||
@@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/modutil/Makefile.iquote ./nss/cmd/modutil/Makefile
|
||||
--- ./nss/cmd/modutil/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/modutil/Makefile 2016-03-05 12:04:06.216474144 -0800
|
||||
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
|
||||
#######################################################################
|
||||
diff -up ./nss/cmd/selfserv/Makefile.iquote ./nss/cmd/selfserv/Makefile
|
||||
--- ./nss/cmd/selfserv/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/selfserv/Makefile 2016-03-05 12:04:06.216474144 -0800
|
||||
@@ -35,7 +35,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/ssltap/Makefile.iquote ./nss/cmd/ssltap/Makefile
|
||||
--- ./nss/cmd/ssltap/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/ssltap/Makefile 2016-03-05 12:04:06.216474144 -0800
|
||||
@@ -39,7 +39,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/strsclnt/Makefile.iquote ./nss/cmd/strsclnt/Makefile
|
||||
--- ./nss/cmd/strsclnt/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/strsclnt/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/tstclnt/Makefile.iquote ./nss/cmd/tstclnt/Makefile
|
||||
--- ./nss/cmd/tstclnt/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/tstclnt/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
#######################################################################
|
||||
|
||||
#include ../platlibs.mk
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/vfyserv/Makefile.iquote ./nss/cmd/vfyserv/Makefile
|
||||
--- ./nss/cmd/vfyserv/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/vfyserv/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
#######################################################################
|
||||
|
||||
#include ../platlibs.mk
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/coreconf/location.mk.iquote ./nss/coreconf/location.mk
|
||||
--- ./nss/coreconf/location.mk.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/coreconf/location.mk 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -45,6 +45,10 @@ endif
|
||||
|
||||
ifdef NSS_INCLUDE_DIR
|
||||
INCLUDES += -I$(NSS_INCLUDE_DIR)
|
||||
+ ifdef IN_TREE_FREEBL_HEADERS_FIRST
|
||||
+ INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+ INCLUDES += -iquote $(DIST)/../private/nss
|
||||
+ endif
|
||||
diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
|
||||
--- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200
|
||||
+++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200
|
||||
@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME
|
||||
SQLITE_LIB_NAME = sqlite3
|
||||
endif
|
||||
|
||||
ifndef NSS_LIB_DIR
|
||||
diff -up ./nss/external_tests/pk11_gtest/Makefile.iquote ./nss/external_tests/pk11_gtest/Makefile
|
||||
--- ./nss/external_tests/pk11_gtest/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/external_tests/pk11_gtest/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/external_tests/ssl_gtest/Makefile.iquote ./nss/external_tests/ssl_gtest/Makefile
|
||||
--- ./nss/external_tests/ssl_gtest/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/external_tests/ssl_gtest/Makefile 2016-03-05 12:05:17.208082475 -0800
|
||||
@@ -43,6 +43,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/lib/certhigh/Makefile.iquote ./nss/lib/certhigh/Makefile
|
||||
--- ./nss/lib/certhigh/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/lib/certhigh/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/lib/cryptohi/Makefile.iquote ./nss/lib/cryptohi/Makefile
|
||||
--- ./nss/lib/cryptohi/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/lib/cryptohi/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/lib/nss/Makefile.iquote ./nss/lib/nss/Makefile
|
||||
--- ./nss/lib/nss/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/lib/nss/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/lib/pk11wrap/Makefile.iquote ./nss/lib/pk11wrap/Makefile
|
||||
--- ./nss/lib/pk11wrap/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/lib/pk11wrap/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/lib/ssl/Makefile.iquote ./nss/lib/ssl/Makefile
|
||||
--- ./nss/lib/ssl/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/lib/ssl/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -49,7 +49,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
+# Prefer in-tree headers over system headers
|
||||
+ifdef IN_TREE_FREEBL_HEADERS_FIRST
|
||||
+ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss
|
||||
+endif
|
||||
+
|
||||
MK_LOCATION = included
|
||||
|
|
|
@ -1,275 +1,25 @@
|
|||
diff --git a/lib/nss/config.mk b/lib/nss/config.mk
|
||||
--- a/lib/nss/config.mk
|
||||
+++ b/lib/nss/config.mk
|
||||
@@ -95,8 +95,15 @@ SHARED_LIBRARY_DIRS = \
|
||||
ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))
|
||||
ifndef NS_USE_GCC
|
||||
# Export 'mktemp' to be backward compatible with NSS 3.2.x and 3.3.x
|
||||
# but do not put it in the import library. See bug 142575.
|
||||
DEFINES += -DWIN32_NSS3_DLL_COMPAT
|
||||
DLLFLAGS += -EXPORT:mktemp=nss_mktemp,PRIVATE
|
||||
endif
|
||||
endif
|
||||
+
|
||||
+ifdef POLICY_FILE
|
||||
+ifndef POLICY_PATH
|
||||
+$(error You must define POLICY_PATH if you set POLICY_FILE)
|
||||
+endif
|
||||
+DEFINES += -DPOLICY_FILE=\"$(POLICY_FILE)\" -DPOLICY_PATH=\"$(POLICY_PATH)\"
|
||||
+endif
|
||||
diff --git a/lib/nss/nssinit.c b/lib/nss/nssinit.c
|
||||
--- a/lib/nss/nssinit.c
|
||||
+++ b/lib/nss/nssinit.c
|
||||
@@ -330,47 +330,47 @@ nss_FindExternalRoot(const char *dbpath,
|
||||
|
||||
/*
|
||||
* see nss_Init for definitions of the various options.
|
||||
*
|
||||
* this function builds a moduleSpec string from the options and previously
|
||||
* set statics (from PKCS11_Configure, for instance), and uses it to kick off
|
||||
* the loading of the various PKCS #11 modules.
|
||||
*/
|
||||
-static SECStatus
|
||||
+static SECMODModule *
|
||||
nss_InitModules(const char *configdir, const char *certPrefix,
|
||||
const char *keyPrefix, const char *secmodName,
|
||||
const char *updateDir, const char *updCertPrefix,
|
||||
const char *updKeyPrefix, const char *updateID,
|
||||
const char *updateName, char *configName, char *configStrings,
|
||||
PRBool pwRequired, PRBool readOnly, PRBool noCertDB,
|
||||
PRBool noModDB, PRBool forceOpen, PRBool optimizeSpace,
|
||||
PRBool isContextInit)
|
||||
{
|
||||
- SECStatus rv = SECFailure;
|
||||
+ SECMODModule *module = NULL;
|
||||
char *moduleSpec = NULL;
|
||||
char *flags = NULL;
|
||||
char *lconfigdir = NULL;
|
||||
char *lcertPrefix = NULL;
|
||||
char *lkeyPrefix = NULL;
|
||||
char *lsecmodName = NULL;
|
||||
char *lupdateDir = NULL;
|
||||
char *lupdCertPrefix = NULL;
|
||||
char *lupdKeyPrefix = NULL;
|
||||
char *lupdateID = NULL;
|
||||
char *lupdateName = NULL;
|
||||
|
||||
if (NSS_InitializePRErrorTable() != SECSuccess) {
|
||||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
- return rv;
|
||||
+ return NULL;
|
||||
}
|
||||
|
||||
flags = nss_makeFlags(readOnly,noCertDB,noModDB,forceOpen,
|
||||
pwRequired, optimizeSpace);
|
||||
- if (flags == NULL) return rv;
|
||||
+ if (flags == NULL) return NULL;
|
||||
|
||||
/*
|
||||
* configdir is double nested, and Windows uses the same character
|
||||
* for file seps as we use for escapes! (sigh).
|
||||
*/
|
||||
lconfigdir = NSSUTIL_DoubleEscape(configdir, '\'', '\"');
|
||||
if (lconfigdir == NULL) {
|
||||
goto loser;
|
||||
@@ -427,24 +427,26 @@ loser:
|
||||
if (lsecmodName) PORT_Free(lsecmodName);
|
||||
if (lupdateDir) PORT_Free(lupdateDir);
|
||||
if (lupdCertPrefix) PORT_Free(lupdCertPrefix);
|
||||
if (lupdKeyPrefix) PORT_Free(lupdKeyPrefix);
|
||||
if (lupdateID) PORT_Free(lupdateID);
|
||||
if (lupdateName) PORT_Free(lupdateName);
|
||||
|
||||
if (moduleSpec) {
|
||||
- SECMODModule *module = SECMOD_LoadModule(moduleSpec,NULL,PR_TRUE);
|
||||
+ module = SECMOD_LoadModule(moduleSpec,NULL,PR_TRUE);
|
||||
PR_smprintf_free(moduleSpec);
|
||||
if (module) {
|
||||
- if (module->loaded) rv=SECSuccess;
|
||||
- SECMOD_DestroyModule(module);
|
||||
+ if (!module->loaded) {
|
||||
+ SECMOD_DestroyModule(module);
|
||||
+ module = NULL;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
- return rv;
|
||||
+ return module;
|
||||
}
|
||||
|
||||
/*
|
||||
* OK there are now lots of options here, lets go through them all:
|
||||
*
|
||||
* configdir - base directory where all the cert, key, and module datbases live.
|
||||
* certPrefix - prefix added to the beginning of the cert database example: "
|
||||
* "https-server1-"
|
||||
@@ -520,17 +522,17 @@ nss_Init(const char *configdir, const ch
|
||||
NSSInitContext ** initContextPtr,
|
||||
NSSInitParameters *initParams,
|
||||
PRBool readOnly, PRBool noCertDB,
|
||||
PRBool noModDB, PRBool forceOpen, PRBool noRootInit,
|
||||
PRBool optimizeSpace, PRBool noSingleThreadedModules,
|
||||
PRBool allowAlreadyInitializedModules,
|
||||
PRBool dontFinalizeModules)
|
||||
{
|
||||
- SECStatus rv = SECFailure;
|
||||
+ SECMODModule *parent = NULL;
|
||||
PKIX_UInt32 actualMinorVersion = 0;
|
||||
PKIX_Error *pkixError = NULL;
|
||||
PRBool isReallyInitted;
|
||||
char *configStrings = NULL;
|
||||
char *configName = NULL;
|
||||
PRBool passwordRequired = PR_FALSE;
|
||||
|
||||
/* if we are trying to init with a traditional NSS_Init call, maintain
|
||||
@@ -630,23 +632,23 @@ nss_Init(const char *configdir, const ch
|
||||
configStrings = pk11_config_strings;
|
||||
configName = pk11_config_name;
|
||||
passwordRequired = pk11_password_required;
|
||||
}
|
||||
|
||||
/* Skip the module init if we are already initted and we are trying
|
||||
* to init with noCertDB and noModDB */
|
||||
if (!(isReallyInitted && noCertDB && noModDB)) {
|
||||
- rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
|
||||
+ parent = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
|
||||
updateDir, updCertPrefix, updKeyPrefix, updateID,
|
||||
updateName, configName, configStrings, passwordRequired,
|
||||
readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
|
||||
(initContextPtr != NULL));
|
||||
|
||||
- if (rv != SECSuccess) {
|
||||
+ if (parent == NULL) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* finish up initialization */
|
||||
if (!isReallyInitted) {
|
||||
if (SECOID_Init() != SECSuccess) {
|
||||
@@ -675,17 +677,34 @@ nss_Init(const char *configdir, const ch
|
||||
* path. Skip it */
|
||||
dbpath = NULL;
|
||||
}
|
||||
if (dbpath) {
|
||||
nss_FindExternalRoot(dbpath, secmodName);
|
||||
}
|
||||
}
|
||||
}
|
||||
-
|
||||
+#ifdef POLICY_FILE
|
||||
+ if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS ) {
|
||||
+ SECMODModule *module = SECMOD_LoadModule(
|
||||
+ "name=\"Policy File\" "
|
||||
+ "parameters=\"configdir='sql:" POLICY_PATH "' "
|
||||
+ "secmod='" POLICY_FILE "' "
|
||||
+ "flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" "
|
||||
+ "NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"",
|
||||
+ parent, PR_TRUE);
|
||||
+ if (module) {
|
||||
+ PRBool isLoaded = module->loaded;
|
||||
+ SECMOD_DestroyModule(module);
|
||||
+ if (!isLoaded) {
|
||||
+ goto loser;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
pk11sdr_Init();
|
||||
cert_CreateSubjectKeyIDHashTable();
|
||||
|
||||
pkixError = PKIX_Initialize
|
||||
(PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
|
||||
PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
|
||||
|
||||
if (pkixError != NULL) {
|
||||
@@ -716,32 +735,38 @@ nss_Init(const char *configdir, const ch
|
||||
nssIsInInit--;
|
||||
/* now that we are inited, all waiters can move forward */
|
||||
PZ_NotifyAllCondVar(nssInitCondition);
|
||||
PZ_Unlock(nssInitLock);
|
||||
|
||||
if (initContextPtr && configStrings) {
|
||||
PR_smprintf_free(configStrings);
|
||||
}
|
||||
+ if (parent) {
|
||||
+ SECMOD_DestroyModule(parent);
|
||||
+ }
|
||||
|
||||
return SECSuccess;
|
||||
|
||||
loser:
|
||||
if (initContextPtr && *initContextPtr) {
|
||||
PORT_Free(*initContextPtr);
|
||||
*initContextPtr = NULL;
|
||||
if (configStrings) {
|
||||
PR_smprintf_free(configStrings);
|
||||
}
|
||||
}
|
||||
PZ_Lock(nssInitLock);
|
||||
nssIsInInit--;
|
||||
/* We failed to init, allow one to move forward */
|
||||
PZ_NotifyCondVar(nssInitCondition);
|
||||
PZ_Unlock(nssInitLock);
|
||||
+ if (parent) {
|
||||
+ SECMOD_DestroyModule(parent);
|
||||
+ }
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
|
||||
SECStatus
|
||||
NSS_Init(const char *configdir)
|
||||
{
|
||||
return nss_Init(configdir, "", "", SECMOD_DB, "", "", "", "", "", NULL,
|
||||
diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c
|
||||
--- a/lib/pk11wrap/pk11pars.c
|
||||
+++ b/lib/pk11wrap/pk11pars.c
|
||||
@@ -105,16 +105,17 @@ secmod_NewModule(void)
|
||||
* This allows system NSS to delegate those changes to the user's module DB,
|
||||
* preserving the user's ability to load new PKCS #11 modules (which only
|
||||
* affect him), from existing applications like Firefox.
|
||||
*/
|
||||
#define SECMOD_FLAG_MODULE_DB_IS_MODULE_DB 0x01 /* must be set if any of the
|
||||
diff -up nss/lib/pk11wrap/pk11pars.c.check_policy_file nss/lib/pk11wrap/pk11pars.c
|
||||
--- nss/lib/pk11wrap/pk11pars.c.check_policy_file 2017-01-06 13:21:47.002952050 +0100
|
||||
+++ nss/lib/pk11wrap/pk11pars.c 2017-01-06 13:28:18.972536334 +0100
|
||||
@@ -109,6 +109,7 @@ secmod_NewModule(void)
|
||||
*other flags are set */
|
||||
#define SECMOD_FLAG_MODULE_DB_SKIP_FIRST 0x02
|
||||
#define SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB 0x04
|
||||
+#define SECMOD_FLAG_MODULE_DB_POLICY_ONLY 0x08
|
||||
|
||||
|
||||
/* private flags for internal (field in SECMODModule). */
|
||||
/* The meaing of these flags is as follows:
|
||||
*
|
||||
* SECMOD_FLAG_INTERNAL_IS_INTERNAL - This is a marks the the module is
|
||||
* the internal module (that is, softoken). This bit is the same as the
|
||||
* already existing meaning of internal = PR_TRUE. None of the other
|
||||
@@ -699,16 +700,19 @@ SECMOD_CreateModuleEx(const char *librar
|
||||
if (mod->isModuleDB) {
|
||||
char flags = SECMOD_FLAG_MODULE_DB_IS_MODULE_DB;
|
||||
if (NSSUTIL_ArgHasFlag("flags","skipFirst",nssc)) {
|
||||
flags |= SECMOD_FLAG_MODULE_DB_SKIP_FIRST;
|
||||
}
|
||||
if (NSSUTIL_ArgHasFlag("flags","defaultModDB",nssc)) {
|
||||
@@ -704,6 +705,9 @@ SECMOD_CreateModuleEx(const char *librar
|
||||
if (NSSUTIL_ArgHasFlag("flags", "defaultModDB", nssc)) {
|
||||
flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB;
|
||||
}
|
||||
+ if (NSSUTIL_ArgHasFlag("flags", "policyOnly", nssc)) {
|
||||
+ flags |= SECMOD_FLAG_MODULE_DB_POLICY_ONLY;
|
||||
+ }
|
||||
/* additional moduleDB flags could be added here in the future */
|
||||
mod->isModuleDB = (PRBool) flags;
|
||||
mod->isModuleDB = (PRBool)flags;
|
||||
}
|
||||
|
||||
if (mod->internal) {
|
||||
char flags = SECMOD_FLAG_INTERNAL_IS_INTERNAL;
|
||||
|
||||
if (NSSUTIL_ArgHasFlag("flags", "internalKeySlot", nssc)) {
|
||||
@@ -738,16 +742,24 @@ PRBool
|
||||
SECMOD_GetDefaultModDBFlag(SECMODModule *mod)
|
||||
{
|
||||
char flags = (char) mod->isModuleDB;
|
||||
|
||||
return (flags & SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB) ? PR_TRUE : PR_FALSE;
|
||||
@@ -744,6 +748,14 @@ SECMOD_GetDefaultModDBFlag(SECMODModule
|
||||
}
|
||||
|
||||
PRBool
|
||||
|
@ -283,18 +33,8 @@ diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c
|
|||
+PRBool
|
||||
secmod_IsInternalKeySlot(SECMODModule *mod)
|
||||
{
|
||||
char flags = (char) mod->internal;
|
||||
|
||||
return (flags & SECMOD_FLAG_INTERNAL_KEY_SLOT) ? PR_TRUE : PR_FALSE;
|
||||
}
|
||||
|
||||
void
|
||||
@@ -1521,16 +1533,22 @@ SECMOD_LoadModule(char *modulespec,SECMO
|
||||
if (library) PORT_Free(library);
|
||||
if (moduleName) PORT_Free(moduleName);
|
||||
if (parameters) PORT_Free(parameters);
|
||||
if (nss) PORT_Free(nss);
|
||||
if (config) PORT_Free(config);
|
||||
char flags = (char)mod->internal;
|
||||
@@ -1661,6 +1673,12 @@ SECMOD_LoadModule(char *modulespec, SECM
|
||||
if (!module) {
|
||||
goto loser;
|
||||
}
|
||||
|
@ -307,31 +47,3 @@ diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c
|
|||
if (parent) {
|
||||
module->parent = SECMOD_ReferenceModule(parent);
|
||||
if (module->internal && secmod_IsInternalKeySlot(parent)) {
|
||||
module->internal = parent->internal;
|
||||
}
|
||||
}
|
||||
|
||||
/* load it */
|
||||
diff --git a/lib/util/utilpars.c b/lib/util/utilpars.c
|
||||
--- a/lib/util/utilpars.c
|
||||
+++ b/lib/util/utilpars.c
|
||||
@@ -1139,17 +1139,18 @@ char *
|
||||
*dbType = NSS_DB_TYPE_SQL;
|
||||
PORT_Free(*filename);
|
||||
*filename = NULL;
|
||||
*rw = PR_FALSE;
|
||||
}
|
||||
|
||||
/* only use the renamed secmod for legacy databases */
|
||||
if ((*dbType != NSS_DB_TYPE_LEGACY) &&
|
||||
- (*dbType != NSS_DB_TYPE_MULTIACCESS)) {
|
||||
+ (*dbType != NSS_DB_TYPE_MULTIACCESS) &&
|
||||
+ !NSSUTIL_ArgHasFlag("flags", "forceSecmodChoice", save_params)) {
|
||||
secmodName="pkcs11.txt";
|
||||
}
|
||||
|
||||
if (noModDB) {
|
||||
value = NULL;
|
||||
} else if (lconfigdir && lconfigdir[0] != '\0') {
|
||||
value = PR_smprintf("%s" NSSUTIL_PATH_SEPARATOR "%s",
|
||||
lconfigdir,secmodName);
|
||||
|
|
|
@ -1,161 +0,0 @@
|
|||
--- ./lib/nss/nssinit.c.cond_ignore 2016-07-14 06:07:08.607951998 -0700
|
||||
+++ ./lib/nss/nssinit.c 2016-07-14 06:11:07.698966728 -0700
|
||||
@@ -427,23 +427,21 @@
|
||||
if (lsecmodName) PORT_Free(lsecmodName);
|
||||
if (lupdateDir) PORT_Free(lupdateDir);
|
||||
if (lupdCertPrefix) PORT_Free(lupdCertPrefix);
|
||||
if (lupdKeyPrefix) PORT_Free(lupdKeyPrefix);
|
||||
if (lupdateID) PORT_Free(lupdateID);
|
||||
if (lupdateName) PORT_Free(lupdateName);
|
||||
|
||||
if (moduleSpec) {
|
||||
- module = SECMOD_LoadModule(moduleSpec,NULL,PR_TRUE);
|
||||
+ module = SECMOD_LoadModule(moduleSpec, NULL, PR_TRUE);
|
||||
PR_smprintf_free(moduleSpec);
|
||||
- if (module) {
|
||||
- if (!module->loaded) {
|
||||
- SECMOD_DestroyModule(module);
|
||||
- module = NULL;
|
||||
- }
|
||||
+ if (module && !module->loaded) {
|
||||
+ SECMOD_DestroyModule(module);
|
||||
+ return NULL;
|
||||
}
|
||||
}
|
||||
return module;
|
||||
}
|
||||
|
||||
/*
|
||||
* OK there are now lots of options here, lets go through them all:
|
||||
*
|
||||
@@ -511,41 +509,44 @@
|
||||
return PR_FAILURE;
|
||||
}
|
||||
return PR_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
static SECStatus
|
||||
nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
|
||||
- const char *secmodName, const char *updateDir,
|
||||
+ const char *secmodName, const char *updateDir,
|
||||
const char *updCertPrefix, const char *updKeyPrefix,
|
||||
const char *updateID, const char *updateName,
|
||||
NSSInitContext ** initContextPtr,
|
||||
NSSInitParameters *initParams,
|
||||
- PRBool readOnly, PRBool noCertDB,
|
||||
+ PRBool readOnly, PRBool noCertDB,
|
||||
PRBool noModDB, PRBool forceOpen, PRBool noRootInit,
|
||||
PRBool optimizeSpace, PRBool noSingleThreadedModules,
|
||||
PRBool allowAlreadyInitializedModules,
|
||||
PRBool dontFinalizeModules)
|
||||
{
|
||||
SECMODModule *parent = NULL;
|
||||
PKIX_UInt32 actualMinorVersion = 0;
|
||||
PKIX_Error *pkixError = NULL;
|
||||
PRBool isReallyInitted;
|
||||
char *configStrings = NULL;
|
||||
char *configName = NULL;
|
||||
PRBool passwordRequired = PR_FALSE;
|
||||
+#ifdef POLICY_FILE
|
||||
+ char *ignoreVar;
|
||||
+#endif
|
||||
|
||||
/* if we are trying to init with a traditional NSS_Init call, maintain
|
||||
* the traditional idempotent behavior. */
|
||||
if (!initContextPtr && nssIsInitted) {
|
||||
return SECSuccess;
|
||||
}
|
||||
-
|
||||
+
|
||||
/* make sure our lock and condition variable are initialized one and only
|
||||
* one time */
|
||||
if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/*
|
||||
* if we haven't done basic initialization, single thread the
|
||||
@@ -632,20 +633,20 @@
|
||||
configStrings = pk11_config_strings;
|
||||
configName = pk11_config_name;
|
||||
passwordRequired = pk11_password_required;
|
||||
}
|
||||
|
||||
/* Skip the module init if we are already initted and we are trying
|
||||
* to init with noCertDB and noModDB */
|
||||
if (!(isReallyInitted && noCertDB && noModDB)) {
|
||||
- parent = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
|
||||
- updateDir, updCertPrefix, updKeyPrefix, updateID,
|
||||
+ parent = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
|
||||
+ updateDir, updCertPrefix, updKeyPrefix, updateID,
|
||||
updateName, configName, configStrings, passwordRequired,
|
||||
- readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
|
||||
+ readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
|
||||
(initContextPtr != NULL));
|
||||
|
||||
if (parent == NULL) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -678,50 +679,54 @@
|
||||
dbpath = NULL;
|
||||
}
|
||||
if (dbpath) {
|
||||
nss_FindExternalRoot(dbpath, secmodName);
|
||||
}
|
||||
}
|
||||
}
|
||||
#ifdef POLICY_FILE
|
||||
- if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS ) {
|
||||
+ /* Load the system crypto policy file if it exists,
|
||||
+ * unless the NSS_IGNORE_SYSTEM_POLICY environment
|
||||
+ * variable has been set to 1. */
|
||||
+ ignoreVar = PR_GetEnvSecure("NSS_IGNORE_SYSTEM_POLICY");
|
||||
+ if (ignoreVar == NULL || strncmp(ignoreVar, "1", sizeof("1")) != 0) {
|
||||
+ if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS) {
|
||||
SECMODModule *module = SECMOD_LoadModule(
|
||||
"name=\"Policy File\" "
|
||||
"parameters=\"configdir='sql:" POLICY_PATH "' "
|
||||
"secmod='" POLICY_FILE "' "
|
||||
"flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" "
|
||||
"NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"",
|
||||
- parent, PR_TRUE);
|
||||
+ parent, PR_TRUE);
|
||||
if (module) {
|
||||
PRBool isLoaded = module->loaded;
|
||||
SECMOD_DestroyModule(module);
|
||||
if (!isLoaded) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
}
|
||||
+ }
|
||||
#endif
|
||||
pk11sdr_Init();
|
||||
cert_CreateSubjectKeyIDHashTable();
|
||||
|
||||
pkixError = PKIX_Initialize
|
||||
(PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
|
||||
PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
|
||||
|
||||
if (pkixError != NULL) {
|
||||
goto loser;
|
||||
} else {
|
||||
char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY");
|
||||
if (ev && ev[0]) {
|
||||
CERT_SetUsePKIXForValidation(PR_TRUE);
|
||||
}
|
||||
}
|
||||
-
|
||||
-
|
||||
}
|
||||
|
||||
/*
|
||||
* Now mark the appropriate init state. If initContextPtr was passed
|
||||
* in, then return the new context pointer and add it to the
|
||||
* nssInitContextList. Otherwise set the global nss_isInitted flag
|
||||
*/
|
||||
PZ_Lock(nssInitLock);
|
|
@ -1,9 +1,9 @@
|
|||
diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile
|
||||
--- ./nss/cmd/Makefile.skipem 2016-06-24 10:10:38.143165159 -0700
|
||||
+++ ./nss/cmd/Makefile 2016-06-24 10:13:08.566457400 -0700
|
||||
@@ -17,7 +17,11 @@ endif
|
||||
ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
|
||||
BLTEST_SRCDIR =
|
||||
--- ./nss/cmd/Makefile.skipthem 2017-01-06 13:17:27.477848351 +0100
|
||||
+++ ./nss/cmd/Makefile 2017-01-06 13:19:30.244586100 +0100
|
||||
@@ -19,7 +19,11 @@ BLTEST_SRCDIR =
|
||||
ECPERF_SRCDIR =
|
||||
FREEBL_ECTEST_SRCDIR =
|
||||
FIPSTEST_SRCDIR =
|
||||
+ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1)
|
||||
+SHLIBSIGN_SRCDIR = shlibsign
|
||||
|
@ -12,4 +12,4 @@ diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile
|
|||
+endif
|
||||
else
|
||||
BLTEST_SRCDIR = bltest
|
||||
FIPSTEST_SRCDIR = fipstest
|
||||
ECPERF_SRCDIR = ecperf
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
diff -up ./cmd/manifest.mn.skip_ecperf ./cmd/manifest.mn
|
||||
--- ./cmd/manifest.mn.noecperf 2016-06-24 08:04:53.891106841 -0700
|
||||
+++ ./cmd/manifest.mn 2016-06-24 08:06:57.186887403 -0700
|
||||
@@ -42,7 +42,6 @@ NSS_SRCDIRS = \
|
||||
dbtest \
|
||||
derdump \
|
||||
digest \
|
||||
- ecperf \
|
||||
httpserv \
|
||||
listsuites \
|
||||
makepqg \
|
|
@ -1,11 +1,10 @@
|
|||
diff -up ./external_tests/manifest.mn.skip_util_pk11_ssl_gtest ./external_tests/manifest.mn
|
||||
--- ./external_tests/manifest.mn.skip_util_pk11_ssl_gtest 2016-06-20 10:11:28.000000000 -0700
|
||||
+++ ./external_tests/manifest.mn 2016-06-26 10:09:55.429858648 -0700
|
||||
@@ -9,7 +9,4 @@ DIRS = \
|
||||
google_test \
|
||||
common \
|
||||
der_gtest \
|
||||
- util_gtest \
|
||||
- pk11_gtest \
|
||||
- ssl_gtest \
|
||||
diff -up nss/gtests/manifest.mn.skip_util_gtest nss/gtests/manifest.mn
|
||||
--- nss/gtests/manifest.mn.skip_util_gtest 2017-08-08 12:45:57.598801125 +0200
|
||||
+++ nss/gtests/manifest.mn 2017-08-08 12:46:59.682419852 +0200
|
||||
@@ -31,6 +31,5 @@ endif
|
||||
|
||||
DIRS = \
|
||||
$(LIB_SRCDIRS) \
|
||||
- $(UTIL_SRCDIRS) \
|
||||
$(NSS_SRCDIRS) \
|
||||
$(NULL)
|
||||
|
|
163
nss.spec
163
nss.spec
|
@ -1,6 +1,6 @@
|
|||
%global nspr_version 4.12.0
|
||||
%global nss_util_version 3.25.0
|
||||
%global nss_softokn_version 3.25.0
|
||||
%global nspr_version 4.17.0
|
||||
%global nss_util_version 3.34.0
|
||||
%global nss_softokn_version 3.34.0
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
||||
|
||||
|
@ -18,10 +18,10 @@
|
|||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.25.0
|
||||
Version: 3.34.0
|
||||
# for Rawhide, please always use release >= 2
|
||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||
Release: 6%{?dist}
|
||||
Release: 1.0%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
|
@ -43,16 +43,32 @@ BuildRequires: zlib-devel
|
|||
BuildRequires: pkgconfig
|
||||
BuildRequires: gawk
|
||||
BuildRequires: psmisc
|
||||
BuildRequires: perl
|
||||
BuildRequires: perl-interpreter
|
||||
|
||||
# nss-pem used to be bundled with the nss package on Fedora -- make sure that
|
||||
# programs relying on that continue to work until they are fixed to require
|
||||
# nss-pem instead. Once all of them are fixed, the following line can be
|
||||
# removed. See https://bugzilla.redhat.com/1346806 for details.
|
||||
Requires: nss-pem
|
||||
Requires: nss-pem%{?_isa}
|
||||
|
||||
%{!?nss_ckbi_suffix:%define full_nss_version %{version}}
|
||||
%{?nss_ckbi_suffix:%define full_nss_version %{version}%{nss_ckbi_suffix}}
|
||||
# NSS 3.28.1 introduced a curve, that is smaller than a check in old
|
||||
# Mozilla code allows.
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1413182
|
||||
Conflicts: firefox < 50.1.0-3
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1414983
|
||||
Conflicts: xulrunner < 44.0-9
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1414929
|
||||
Conflicts: thunderbird < 45.6.0-5
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1414982
|
||||
Conflicts: seamonkey < 2.46-2
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1414987
|
||||
Conflicts: icecat < 45.5.1-5
|
||||
|
||||
%if %{defined nss_ckbi_suffix}
|
||||
%define full_nss_version %{version}%{nss_ckbi_suffix}
|
||||
%else
|
||||
%define full_nss_version %{version}
|
||||
%endif
|
||||
|
||||
Source0: %{name}-%{full_nss_version}.tar.gz
|
||||
Source1: nss.pc.in
|
||||
|
@ -83,23 +99,23 @@ Patch40: nss-3.14.0.0-disble-ocsp-test.patch
|
|||
Patch47: utilwrap-include-templates.patch
|
||||
# TODO remove when we switch to building nss without softoken
|
||||
Patch49: nss-skip-bltest-and-fipstest.patch
|
||||
# This patch uses the gcc-iquote dir option documented at
|
||||
# This patch uses the GCC -iquote option documented at
|
||||
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
|
||||
# to place the in-tree directories at the head of the list of list of directories
|
||||
# to be searched for for header files. This ensures a build even when system
|
||||
# headers are older. Such is the case when starting an update with API changes or even private export changes.
|
||||
# Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
|
||||
# to give the in-tree headers a higher priority over the system headers,
|
||||
# when they are included through the quote form (#include "file.h").
|
||||
#
|
||||
# This ensures a build even when system headers are older. Such is the
|
||||
# case when starting an update with API changes or even private export
|
||||
# changes.
|
||||
#
|
||||
# Once the buildroot aha been bootstrapped the patch may be removed
|
||||
# but it doesn't hurt to keep it.
|
||||
Patch50: iquote.patch
|
||||
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
||||
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
||||
Patch59: nss-check-policy-file.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
||||
Patch60: nss-conditionally-ignore-system-policy.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1280846
|
||||
Patch62: nss-skip-util-gtest.patch
|
||||
# TODO: file a bug upstream similar to the one for rsaperf
|
||||
Patch70: nss-skip-ecperf.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
@ -182,9 +198,7 @@ low level services.
|
|||
%patch58 -p0 -b .1185708_3des
|
||||
pushd nss
|
||||
%patch59 -p1 -b .check_policy_file
|
||||
%patch60 -p1 -b .cond_ignore
|
||||
%patch62 -p0 -b .skip_util_gtest
|
||||
%patch70 -p1 -b .skip_ecperf
|
||||
%patch62 -p1 -b .skip_util_gtest
|
||||
popd
|
||||
|
||||
#########################################################
|
||||
|
@ -197,11 +211,6 @@ popd
|
|||
# Upstream https://bugzilla.mozilla.org/show_bug.cgi?id=820207
|
||||
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
|
||||
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
|
||||
# similar problem to the one descrived above
|
||||
# ./nss/lib/freebl/ec.h, ./nss/lib/freebl/ecl/ecl-curve.h
|
||||
# the last one requires that NSS_ECC_MORE_THAN_SUITE_B not be defined
|
||||
%{__cp} ./nss/lib/freebl/ec.h ./nss/cmd/ecperf
|
||||
%{__cp} ./nss/lib/freebl/ecl/ecl-curve.h ./nss/cmd/ecperf
|
||||
|
||||
# Before removing util directory we must save verref.h
|
||||
# as it will be needed later during the build phase.
|
||||
|
@ -218,9 +227,6 @@ popd
|
|||
%{__rm} -rf ./nss/cmd/fipstest
|
||||
%{__rm} -rf ./nss/cmd/rsaperf_low
|
||||
|
||||
######## Remove portions that need to statically link with libnssutil.a
|
||||
%{__rm} -rf ./nss/external_tests/util_gtests
|
||||
|
||||
|
||||
%build
|
||||
|
||||
|
@ -287,10 +293,8 @@ export USE_64
|
|||
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
||||
|
||||
##### phase 2: build the rest of nss
|
||||
# nss supports pluggable ecc with more than suite-b
|
||||
export NSS_ECC_MORE_THAN_SUITE_B=1
|
||||
|
||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
|
||||
%{__make} -C ./nss/coreconf
|
||||
%{__make} -C ./nss/lib/dbm
|
||||
|
||||
|
@ -404,8 +408,12 @@ export SOFTOKEN_LIB_DIR=%{_libdir}
|
|||
|
||||
# End -- copied from the build section
|
||||
|
||||
# This is necessary because the test suite tests algorithms that are
|
||||
# disabled by the system policy.
|
||||
export NSS_IGNORE_SYSTEM_POLICY=1
|
||||
|
||||
export NSS_FORCE_FIPS=1
|
||||
|
||||
# enable the following line to force a test failure
|
||||
# find ./nss -name \*.chk | xargs rm -f
|
||||
|
||||
|
@ -772,6 +780,7 @@ fi
|
|||
%{_includedir}/nss3/smime.h
|
||||
%{_includedir}/nss3/ssl.h
|
||||
%{_includedir}/nss3/sslerr.h
|
||||
%{_includedir}/nss3/sslexp.h
|
||||
%{_includedir}/nss3/sslproto.h
|
||||
%{_includedir}/nss3/sslt.h
|
||||
|
||||
|
@ -794,6 +803,94 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Tue Nov 14 2017 Daiki Ueno <dueno@redhat.com> - 3.34.0-1.0
|
||||
- Update to NSS 3.34.0
|
||||
|
||||
* Fri Nov 10 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-1.1
|
||||
- Make sure 32bit nss-pem always be installed with 32bit nss in
|
||||
multlib environment, patch by Kamil Dudka
|
||||
|
||||
* Tue Oct 3 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-1.0
|
||||
- Update to NSS 3.33.0
|
||||
|
||||
* Tue Oct 3 2017 Daiki Ueno <dueno@redhat.com> - 3.32.1-1.1
|
||||
- Update iquote.patch to really prefer in-tree headers over system headers
|
||||
|
||||
* Fri Sep 15 2017 Daiki Ueno <dueno@redhat.com> - 3.32.1-1.0
|
||||
- Update to NSS 3.32.1
|
||||
|
||||
* Fri Aug 18 2017 Daiki Ueno <dueno@redhat.com> - 3.32.0-1.1
|
||||
- Revert signtool deprecation, which was only targeting F27
|
||||
|
||||
* Mon Aug 7 2017 Daiki Ueno <dueno@redhat.com> - 3.32.0-1.0
|
||||
- Update to NSS 3.32.0
|
||||
|
||||
* Tue Jul 18 2017 Daiki Ueno <dueno@redhat.com> - 3.31.0-1.1
|
||||
- Backport mozbz#1381784 to avoid deadlock in dnf
|
||||
|
||||
* Wed Jun 21 2017 Daiki Ueno <dueno@redhat.com> - 3.31.0-1.0
|
||||
- Rebase to NSS 3.31.0
|
||||
|
||||
* Wed May 10 2017 Daiki Ueno <dueno@redhat.com> - 3.30.2-1.1
|
||||
- Re-enable tests on armv7hl
|
||||
- Enable TLS 1.3 again
|
||||
|
||||
* Mon Apr 24 2017 Daiki Ueno <dueno@redhat.com> - 3.30.2-2
|
||||
- Rebase to NSS 3.30.2
|
||||
|
||||
* Wed Mar 29 2017 Daiki Ueno <dueno@redhat.com> - 3.29.3-1.1
|
||||
- Backport mozbz#1334976 and mozbz#1336487, from F26
|
||||
|
||||
* Mon Mar 20 2017 Daiki Ueno <dueno@redhat.com> - 3.29.3-1.0
|
||||
- Rebase to NSS 3.29.3
|
||||
- Remove upstreamed patch for fixing crash in tls13_DestroyKeyShares
|
||||
|
||||
* Thu Mar 16 2017 Daiki Ueno <dueno@redhat.com> - 3.28.3-1.1
|
||||
- Fix crash in tls13_DestroyKeyShares
|
||||
|
||||
* Tue Feb 21 2017 Daiki Ueno <dueno@redhat.com> - 3.28.3-1.0
|
||||
- Rebase to NSS 3.28.3
|
||||
|
||||
* Fri Jan 20 2017 Daiki Ueno <dueno@redhat.com> - 3.28.1-1.3
|
||||
- Disable TLS 1.3
|
||||
- Add "Conflicts" with packages using older Mozilla codebase, which is
|
||||
not compatible with NSS 3.28.1
|
||||
- Remove NSS_ECC_MORE_THAN_SUITE_B setting, as it was removed in upstream
|
||||
|
||||
* Tue Jan 17 2017 Daiki Ueno <dueno@redhat.com> - 3.28.1-1.2
|
||||
- Add "Conflicts" with older firefox packages which don't have support
|
||||
for smaller curves added in NSS 3.28.1
|
||||
|
||||
* Fri Jan 13 2017 Daiki Ueno <dueno@redhat.com> - 3.28.1-1.1
|
||||
- Fix incorrect version specification in %%nss_{util,softokn}_version,
|
||||
pointed by Elio Maldonado
|
||||
|
||||
* Thu Jan 12 2017 Daiki Ueno <dueno@redhat.com> - 3.28.1-1.0
|
||||
- Rebase to NSS 3.28.1
|
||||
- Remove upstreamed patch for disabling RSA-PSS
|
||||
- Re-enable TLS 1.3
|
||||
|
||||
* Tue Nov 15 2016 Daiki Ueno <dueno@redhat.com> - 3.27.0-1.3
|
||||
- Revert the previous fix for RSA-PSS and use the upstream fix instead
|
||||
|
||||
* Wed Nov 02 2016 Kai Engert <kaie@redhat.com> - 3.27.0-1.2
|
||||
- Disable the use of RSA-PSS with SSL/TLS. #1383809
|
||||
|
||||
* Sun Oct 2 2016 Daiki Ueno <dueno@redhat.com> - 3.27.0-1.1
|
||||
- Disable TLS 1.3 for now, to avoid reported regression with TLS to
|
||||
version intolerant servers
|
||||
|
||||
* Thu Sep 29 2016 Daiki Ueno <dueno@redhat.com> - 3.27.0-1.0
|
||||
- Rebase to NSS 3.27.0
|
||||
- Remove upstreamed ectest patch
|
||||
|
||||
* Mon Aug 8 2016 Daiki Ueno <dueno@redhat.com> - 3.26.0-1.0
|
||||
- Rebase to NSS 3.26.0
|
||||
- Update check policy file patch to better match what was upstreamed
|
||||
- Remove conditionally ignore system policy patch as it has been upstreamed
|
||||
- Skip ectest as well as ecperf, which are built as part of nss-softokn
|
||||
- Fix rpmlint error regarding %%define usage
|
||||
|
||||
* Thu Jul 14 2016 Elio Maldonado <emaldona@redhat.com> - 3.25.0-6
|
||||
- Incorporate some changes requested in upstream review and commited upstream (#1157720)
|
||||
|
||||
|
|
12
sources
12
sources
|
@ -1,6 +1,6 @@
|
|||
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
||||
9315689bbd9f28ceebd47894f99fccbd blank-key3.db
|
||||
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
|
||||
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
|
||||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
||||
950263d15d1f055605bfb6e634a1a019 nss-3.25.0.tar.gz
|
||||
SHA512 (blank-cert8.db) = ac131d15708c5f1b5e467831f919f4fc4ba13b60a4bb5fe260c845fa9afcd899a588d21ed52060abaa1bbb29f2b53af8b495d28407183cb03aff1974f95f1d3d
|
||||
SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
|
||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||
SHA512 (nss-3.34.0.tar.gz) = 2826e3d327af34714d521edac0fba4da6e14c7a28750ccfeeba8259b0a1954233fc47dcbec47b6aeb96f53de501adc15adf130379efa503b00677a924eb50080
|
||||
|
|
Loading…
Reference in New Issue