Compare commits
23 Commits
Author | SHA1 | Date |
---|---|---|
Daiki Ueno | 0ab3a46ebc | |
Daiki Ueno | 9fd0ac8dd6 | |
Daiki Ueno | aacd33862f | |
Daiki Ueno | 7fa771c766 | |
Daiki Ueno | 8a6d20c74c | |
Daiki Ueno | aee750e01b | |
Daiki Ueno | 0d1848dba5 | |
Daiki Ueno | f387ed5732 | |
Daiki Ueno | 7ad6dae11e | |
Daiki Ueno | 31a84b766b | |
Daiki Ueno | 50c937a105 | |
Daiki Ueno | 0c8f2e4aef | |
Daiki Ueno | b0d9716431 | |
Daiki Ueno | 10a811eb16 | |
Daiki Ueno | c51947784e | |
Daiki Ueno | 60379b1140 | |
Daiki Ueno | c02a92318d | |
Daiki Ueno | 8a895b4021 | |
Kai Engert | 00dec8e43f | |
Kai Engert | f1ccf9b47a | |
Daiki Ueno | 6870a8a378 | |
Daiki Ueno | fe7dcb8310 | |
Kai Engert | 571d09fa9e |
|
@ -16,3 +16,13 @@ TestUser51.cert
|
|||
/nss-3.28.1.tar.gz
|
||||
/nss-3.29.0.tar.gz
|
||||
/nss-3.29.1.tar.gz
|
||||
/nss-3.29.3.tar.gz
|
||||
/nss-3.30.2.tar.gz
|
||||
/nss-3.31.0.tar.gz
|
||||
/nss-3.32.0.tar.gz
|
||||
/nss-3.32.1.tar.gz
|
||||
/nss-3.33.0.tar.gz
|
||||
/nss-3.34.0.tar.gz
|
||||
/nss-3.35.0.tar.gz
|
||||
/nss-3.36.0.tar.gz
|
||||
/nss-3.36.1.tar.gz
|
||||
|
|
220
iquote.patch
220
iquote.patch
|
@ -1,211 +1,13 @@
|
|||
diff -up ./nss/cmd/certcgi/Makefile.iquote ./nss/cmd/certcgi/Makefile
|
||||
--- ./nss/cmd/certcgi/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/certcgi/Makefile 2016-03-05 12:04:06.216474144 -0800
|
||||
@@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/certutil/Makefile.iquote ./nss/cmd/certutil/Makefile
|
||||
--- ./nss/cmd/certutil/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/certutil/Makefile 2016-03-05 12:04:06.216474144 -0800
|
||||
@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/lib/Makefile.iquote ./nss/cmd/lib/Makefile
|
||||
--- ./nss/cmd/lib/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/lib/Makefile 2016-03-05 12:04:06.216474144 -0800
|
||||
@@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/modutil/Makefile.iquote ./nss/cmd/modutil/Makefile
|
||||
--- ./nss/cmd/modutil/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/modutil/Makefile 2016-03-05 12:04:06.216474144 -0800
|
||||
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
|
||||
#######################################################################
|
||||
diff -up ./nss/cmd/selfserv/Makefile.iquote ./nss/cmd/selfserv/Makefile
|
||||
--- ./nss/cmd/selfserv/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/selfserv/Makefile 2016-03-05 12:04:06.216474144 -0800
|
||||
@@ -35,7 +35,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/ssltap/Makefile.iquote ./nss/cmd/ssltap/Makefile
|
||||
--- ./nss/cmd/ssltap/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/ssltap/Makefile 2016-03-05 12:04:06.216474144 -0800
|
||||
@@ -39,7 +39,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/strsclnt/Makefile.iquote ./nss/cmd/strsclnt/Makefile
|
||||
--- ./nss/cmd/strsclnt/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/strsclnt/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/tstclnt/Makefile.iquote ./nss/cmd/tstclnt/Makefile
|
||||
--- ./nss/cmd/tstclnt/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/tstclnt/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
#######################################################################
|
||||
|
||||
#include ../platlibs.mk
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/cmd/vfyserv/Makefile.iquote ./nss/cmd/vfyserv/Makefile
|
||||
--- ./nss/cmd/vfyserv/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/cmd/vfyserv/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
#######################################################################
|
||||
|
||||
#include ../platlibs.mk
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/coreconf/location.mk.iquote ./nss/coreconf/location.mk
|
||||
--- ./nss/coreconf/location.mk.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/coreconf/location.mk 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -45,6 +45,10 @@ endif
|
||||
|
||||
ifdef NSS_INCLUDE_DIR
|
||||
INCLUDES += -I$(NSS_INCLUDE_DIR)
|
||||
+ ifdef IN_TREE_FREEBL_HEADERS_FIRST
|
||||
+ INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+ INCLUDES += -iquote $(DIST)/../private/nss
|
||||
+ endif
|
||||
diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
|
||||
--- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200
|
||||
+++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200
|
||||
@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME
|
||||
SQLITE_LIB_NAME = sqlite3
|
||||
endif
|
||||
|
||||
ifndef NSS_LIB_DIR
|
||||
diff -up ./nss/gtests/pk11_gtest/Makefile.iquote ./nss/gtests/pk11_gtest/Makefile
|
||||
--- ./nss/gtests/pk11_gtest/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/gtests/pk11_gtest/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/gtests/ssl_gtest/Makefile.iquote ./nss/gtests/ssl_gtest/Makefile
|
||||
--- ./nss/gtests/ssl_gtest/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/gtests/ssl_gtest/Makefile 2016-03-05 12:05:17.208082475 -0800
|
||||
@@ -43,6 +43,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/lib/certhigh/Makefile.iquote ./nss/lib/certhigh/Makefile
|
||||
--- ./nss/lib/certhigh/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/lib/certhigh/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/lib/cryptohi/Makefile.iquote ./nss/lib/cryptohi/Makefile
|
||||
--- ./nss/lib/cryptohi/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/lib/cryptohi/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/lib/nss/Makefile.iquote ./nss/lib/nss/Makefile
|
||||
--- ./nss/lib/nss/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/lib/nss/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
+INCLUDES += -iquote $(DIST)/../private/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/lib/pk11wrap/Makefile.iquote ./nss/lib/pk11wrap/Makefile
|
||||
--- ./nss/lib/pk11wrap/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/lib/pk11wrap/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
diff -up ./nss/lib/ssl/Makefile.iquote ./nss/lib/ssl/Makefile
|
||||
--- ./nss/lib/ssl/Makefile.iquote 2016-02-26 12:51:11.000000000 -0800
|
||||
+++ ./nss/lib/ssl/Makefile 2016-03-05 12:04:06.217474124 -0800
|
||||
@@ -49,7 +49,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
-
|
||||
+INCLUDES += -iquote $(DIST)/../public/nss
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
+# Prefer in-tree headers over system headers
|
||||
+ifdef IN_TREE_FREEBL_HEADERS_FIRST
|
||||
+ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss
|
||||
+endif
|
||||
+
|
||||
MK_LOCATION = included
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
diff -up nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c.gcc7 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c
|
||||
--- nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c.gcc7 2017-02-08 14:34:04.212655936 +0100
|
||||
+++ nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c 2017-02-08 14:37:33.326388891 +0100
|
||||
@@ -89,7 +89,7 @@ pkix_pl_OcspRequest_Hashcode(
|
||||
PKIX_HASHCODE(ocspRq->signerCert, &signerHash, plContext,
|
||||
PKIX_CERTHASHCODEFAILED);
|
||||
|
||||
- *pHashcode = (((((extensionHash << 8) || certHash) << 8) ||
|
||||
+ *pHashcode = ((PKIX_UInt32)(((PKIX_UInt32)((extensionHash << 8) || certHash) << 8) ||
|
||||
dateHash) << 8) || signerHash;
|
||||
|
||||
cleanup:
|
|
@ -1,12 +1,10 @@
|
|||
diff -up ./gtests/manifest.mn.skip_util_gtest ./gtests/manifest.mn
|
||||
--- ./gtests/manifest.mn.skip_util_gtest 2016-09-29 12:05:28.858019733 +0200
|
||||
+++ ./gtests/manifest.mn 2016-09-29 12:06:17.298681765 +0200
|
||||
@@ -9,8 +9,5 @@ DIRS = \
|
||||
google_test \
|
||||
common \
|
||||
der_gtest \
|
||||
- util_gtest \
|
||||
- pk11_gtest \
|
||||
- ssl_gtest \
|
||||
nss_bogo_shim \
|
||||
diff -up nss/gtests/manifest.mn.skip_util_gtest nss/gtests/manifest.mn
|
||||
--- nss/gtests/manifest.mn.skip_util_gtest 2017-08-08 12:45:57.598801125 +0200
|
||||
+++ nss/gtests/manifest.mn 2017-08-08 12:46:59.682419852 +0200
|
||||
@@ -31,6 +31,5 @@ endif
|
||||
|
||||
DIRS = \
|
||||
$(LIB_SRCDIRS) \
|
||||
- $(UTIL_SRCDIRS) \
|
||||
$(NSS_SRCDIRS) \
|
||||
$(NULL)
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
# HG changeset patch
|
||||
# User Kai Engert <kaie@kuix.de>
|
||||
# Date 1511548994 -3600
|
||||
# Fri Nov 24 19:43:14 2017 +0100
|
||||
# Node ID b0658ed367633e505d38c0c0f63b801ddbbb21a4
|
||||
# Parent 807662e6ba57db5be05036511ac8634466ed473f
|
||||
Bug 1377940, Change NSS default storage file format (currently DBM), when no prefix is given, to SQL, r=rrelyea, r=fkiefer
|
||||
|
||||
--- a/tests/all.sh
|
||||
+++ b/tests/all.sh
|
||||
@@ -111,6 +111,8 @@ RUN_FIPS=""
|
||||
########################################################################
|
||||
run_tests()
|
||||
{
|
||||
+ echo "Running test cycle: ${TEST_MODE} ----------------------"
|
||||
+ echo "List of tests that will be executed: ${TESTS}"
|
||||
for TEST in ${TESTS}
|
||||
do
|
||||
# NOTE: the spaces are important. If you don't include
|
||||
@@ -172,8 +174,9 @@ run_cycle_pkix()
|
||||
NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
|
||||
export -n NSS_SSL_RUN
|
||||
|
||||
- # use the default format
|
||||
+ # use the default format. (unset for the shell, export -n for binaries)
|
||||
export -n NSS_DEFAULT_DB_TYPE
|
||||
+ unset NSS_DEFAULT_DB_TYPE
|
||||
|
||||
run_tests
|
||||
}
|
||||
diff --git a/tests/merge/merge.sh b/tests/merge/merge.sh
|
||||
--- a/tests/merge/merge.sh
|
||||
+++ b/tests/merge/merge.sh
|
||||
@@ -98,7 +98,7 @@ merge_init()
|
||||
# are dbm databases.
|
||||
if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then
|
||||
save=${NSS_DEFAULT_DB_TYPE}
|
||||
- NSS_DEFAULT_DB_TYPE= ; export NSS_DEFAULT_DB_TYPE
|
||||
+ NSS_DEFAULT_DB_TYPE=dbm ; export NSS_DEFAULT_DB_TYPE
|
||||
fi
|
||||
|
||||
certutil -N -d ${CONFLICT1DIR} -f ${R_PWFILE}
|
118
nss.spec
118
nss.spec
|
@ -1,6 +1,6 @@
|
|||
%global nspr_version 4.13.0
|
||||
%global nss_util_version 3.29.1
|
||||
%global nss_softokn_version 3.29.1
|
||||
%global nspr_version 4.19.0
|
||||
%global nss_util_version 3.36.1
|
||||
%global nss_softokn_version 3.36.1
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
||||
|
||||
|
@ -18,10 +18,10 @@
|
|||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.29.1
|
||||
Version: 3.36.1
|
||||
# for Rawhide, please always use release >= 2
|
||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||
Release: 2%{?dist}
|
||||
Release: 1.0%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
|
@ -40,17 +40,17 @@ BuildRequires: nss-softokn-devel >= %{nss_softokn_version}
|
|||
BuildRequires: nss-util-devel >= %{nss_util_version}
|
||||
BuildRequires: sqlite-devel
|
||||
BuildRequires: zlib-devel
|
||||
# TODO: revert to "pkgconfig" once pkgconf transition has been settled
|
||||
BuildRequires: /usr/bin/pkg-config
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: gawk
|
||||
BuildRequires: psmisc
|
||||
BuildRequires: perl
|
||||
BuildRequires: perl-interpreter
|
||||
BuildRequires: gcc-c++
|
||||
|
||||
# nss-pem used to be bundled with the nss package on Fedora -- make sure that
|
||||
# programs relying on that continue to work until they are fixed to require
|
||||
# nss-pem instead. Once all of them are fixed, the following line can be
|
||||
# removed. See https://bugzilla.redhat.com/1346806 for details.
|
||||
Requires: nss-pem
|
||||
Requires: nss-pem%{?_isa}
|
||||
|
||||
# NSS 3.28.1 introduced a curve, that is smaller than a check in old
|
||||
# Mozilla code allows.
|
||||
|
@ -100,20 +100,24 @@ Patch40: nss-3.14.0.0-disble-ocsp-test.patch
|
|||
Patch47: utilwrap-include-templates.patch
|
||||
# TODO remove when we switch to building nss without softoken
|
||||
Patch49: nss-skip-bltest-and-fipstest.patch
|
||||
# This patch uses the gcc-iquote dir option documented at
|
||||
# This patch uses the GCC -iquote option documented at
|
||||
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
|
||||
# to place the in-tree directories at the head of the list of list of directories
|
||||
# to be searched for for header files. This ensures a build even when system
|
||||
# headers are older. Such is the case when starting an update with API changes or even private export changes.
|
||||
# Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
|
||||
# to give the in-tree headers a higher priority over the system headers,
|
||||
# when they are included through the quote form (#include "file.h").
|
||||
#
|
||||
# This ensures a build even when system headers are older. Such is the
|
||||
# case when starting an update with API changes or even private export
|
||||
# changes.
|
||||
#
|
||||
# Once the buildroot aha been bootstrapped the patch may be removed
|
||||
# but it doesn't hurt to keep it.
|
||||
Patch50: iquote.patch
|
||||
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
||||
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
||||
Patch59: nss-check-policy-file.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1280846
|
||||
Patch62: nss-skip-util-gtest.patch
|
||||
Patch63: nss-gcc7.patch
|
||||
Patch63: nss-sql-default.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
@ -196,8 +200,8 @@ low level services.
|
|||
%patch58 -p0 -b .1185708_3des
|
||||
pushd nss
|
||||
%patch59 -p1 -b .check_policy_file
|
||||
%patch62 -p0 -b .skip_util_gtest
|
||||
%patch63 -p1 -b .gcc7
|
||||
%patch62 -p1 -b .skip_util_gtest
|
||||
%patch63 -p1 -R -b .sql-default
|
||||
popd
|
||||
|
||||
#########################################################
|
||||
|
@ -226,9 +230,6 @@ popd
|
|||
%{__rm} -rf ./nss/cmd/fipstest
|
||||
%{__rm} -rf ./nss/cmd/rsaperf_low
|
||||
|
||||
######## Remove portions that need to statically link with libnssutil.a
|
||||
%{__rm} -rf ./nss/external_tests/util_gtests
|
||||
|
||||
|
||||
%build
|
||||
|
||||
|
@ -238,6 +239,9 @@ export NSS_NO_PKCS11_BYPASS
|
|||
FREEBL_NO_DEPEND=1
|
||||
export FREEBL_NO_DEPEND
|
||||
|
||||
NSS_FORCE_FIPS=1
|
||||
export NSS_FORCE_FIPS
|
||||
|
||||
# Enable compiler optimizations and disable debugging code
|
||||
export BUILD_OPT=1
|
||||
|
||||
|
@ -297,8 +301,6 @@ export IN_TREE_FREEBL_HEADERS_FIRST=1
|
|||
##### phase 2: build the rest of nss
|
||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
|
||||
export NSS_DISABLE_TLS_1_3=1
|
||||
|
||||
%{__make} -C ./nss/coreconf
|
||||
%{__make} -C ./nss/lib/dbm
|
||||
|
||||
|
@ -407,8 +409,6 @@ export USE_64
|
|||
|
||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
|
||||
export NSS_DISABLE_TLS_1_3=1
|
||||
|
||||
# needed for the fips mangling test
|
||||
export SOFTOKEN_LIB_DIR=%{_libdir}
|
||||
|
||||
|
@ -418,6 +418,8 @@ export SOFTOKEN_LIB_DIR=%{_libdir}
|
|||
# disabled by the system policy.
|
||||
export NSS_IGNORE_SYSTEM_POLICY=1
|
||||
|
||||
export NSS_FORCE_FIPS=1
|
||||
|
||||
# enable the following line to force a test failure
|
||||
# find ./nss -name \*.chk | xargs rm -f
|
||||
|
||||
|
@ -488,7 +490,7 @@ popd
|
|||
killall $RANDSERV || :
|
||||
|
||||
if [ "x$SKIP_NSS_TEST_SUITE" == "x" ]; then
|
||||
TEST_FAILURES=$(grep -c FAILED ./tests_results/security/localhost.1/output.log) || GREP_EXIT_STATUS=$?
|
||||
TEST_FAILURES=$(grep -c -- '- FAILED$' ./tests_results/security/localhost.1/output.log) || GREP_EXIT_STATUS=$?
|
||||
else
|
||||
TEST_FAILURES=0
|
||||
GREP_EXIT_STATUS=1
|
||||
|
@ -784,6 +786,7 @@ fi
|
|||
%{_includedir}/nss3/smime.h
|
||||
%{_includedir}/nss3/ssl.h
|
||||
%{_includedir}/nss3/sslerr.h
|
||||
%{_includedir}/nss3/sslexp.h
|
||||
%{_includedir}/nss3/sslproto.h
|
||||
%{_includedir}/nss3/sslt.h
|
||||
|
||||
|
@ -806,6 +809,69 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Apr 19 2018 Daiki Ueno <dueno@redhat.com> - 3.36.1-1.0
|
||||
- Update to NSS 3.36.1
|
||||
|
||||
* Fri Mar 9 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-1.0
|
||||
- Update to NSS 3.36.0
|
||||
- Add gcc-c++ to BuildRequires (C++ is needed for gtests)
|
||||
- Make test failure detection robuster
|
||||
|
||||
* Wed Feb 7 2018 Daiki Ueno <dueno@redhat.com> - 3.35.0-1.0
|
||||
- Update to NSS 3.35.0
|
||||
|
||||
* Tue Nov 14 2017 Daiki Ueno <dueno@redhat.com> - 3.34.0-1.0
|
||||
- Update to NSS 3.34.0
|
||||
|
||||
* Fri Nov 10 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-1.1
|
||||
- Make sure 32bit nss-pem always be installed with 32bit nss in
|
||||
multlib environment, patch by Kamil Dudka
|
||||
|
||||
* Tue Oct 3 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-1.0
|
||||
- Update to NSS 3.33.0
|
||||
|
||||
* Tue Oct 3 2017 Daiki Ueno <dueno@redhat.com> - 3.32.1-1.1
|
||||
- Update iquote.patch to really prefer in-tree headers over system headers
|
||||
|
||||
* Fri Sep 15 2017 Daiki Ueno <dueno@redhat.com> - 3.32.1-1.0
|
||||
- Update to NSS 3.32.1
|
||||
|
||||
* Fri Aug 18 2017 Daiki Ueno <dueno@redhat.com> - 3.32.0-1.1
|
||||
- Revert signtool deprecation, which was only targeting F27
|
||||
|
||||
* Mon Aug 7 2017 Daiki Ueno <dueno@redhat.com> - 3.32.0-1.0
|
||||
- Update to NSS 3.32.0
|
||||
|
||||
* Tue Jul 18 2017 Daiki Ueno <dueno@redhat.com> - 3.31.0-1.1
|
||||
- Backport mozbz#1381784 to avoid deadlock in dnf
|
||||
|
||||
* Wed Jun 21 2017 Daiki Ueno <dueno@redhat.com> - 3.31.0-1.0
|
||||
- Rebase to NSS 3.31.0
|
||||
|
||||
* Wed May 10 2017 Daiki Ueno <dueno@redhat.com> - 3.30.2-1.1
|
||||
- Re-enable tests on armv7hl
|
||||
- Enable TLS 1.3 again
|
||||
|
||||
* Mon Apr 24 2017 Daiki Ueno <dueno@redhat.com> - 3.30.2-2
|
||||
- Rebase to NSS 3.30.2
|
||||
|
||||
* Wed Mar 29 2017 Kai Engert <kaie@redhat.com> - 3.29.3-1.3
|
||||
- temporarily disable tests on armv7hl because of infrastructure timeouts
|
||||
|
||||
* Wed Mar 29 2017 Kai Engert <kaie@redhat.com> - 3.29.3-1.2
|
||||
- Backport upstream mozbz#1328318 to support crypto policy FUTURE.
|
||||
|
||||
* Wed Mar 22 2017 Daiki Ueno <dueno@redhat.com> - 3.29.3-1.1
|
||||
- Re-add patch to check CKA_NSS_MOZILLA_CA_POLICY, which was
|
||||
mistakenly removed in the previous update
|
||||
|
||||
* Mon Mar 20 2017 Daiki Ueno <dueno@redhat.com> - 3.29.3-1.0
|
||||
- Rebase to NSS 3.29.3
|
||||
- Remove upstreamed patch for fixing crash in tls13_DestroyKeyShares
|
||||
|
||||
* Thu Mar 02 2017 Kai Engert <kaie@redhat.com> - 3.29.1-2.1
|
||||
- Backport mozbz#1334976 and mozbz#1336487.
|
||||
|
||||
* Fri Feb 17 2017 Daiki Ueno <dueno@redhat.com> - 3.29.1-2
|
||||
- Rebase to NSS 3.29.1
|
||||
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
diff -up ./nss/lib/ssl/sslsock.c.transitional ./nss/lib/ssl/sslsock.c
|
||||
--- ./nss/lib/ssl/sslsock.c.transitional 2016-06-23 21:03:16.316480089 -0400
|
||||
+++ ./nss/lib/ssl/sslsock.c 2016-06-23 21:08:07.290202477 -0400
|
||||
@@ -72,7 +72,7 @@ static sslOptions ssl_defaults = {
|
||||
PR_FALSE, /* noLocks */
|
||||
PR_FALSE, /* enableSessionTickets */
|
||||
PR_FALSE, /* enableDeflate */
|
||||
- 2, /* enableRenegotiation (default: requires extension) */
|
||||
+ 3, /* enableRenegotiation (default: transitional) */
|
||||
PR_FALSE, /* requireSafeNegotiation */
|
||||
PR_FALSE, /* enableFalseStart */
|
||||
PR_TRUE, /* cbcRandomIV */
|
||||
diff -up nss/lib/ssl/sslsock.c.transitional nss/lib/ssl/sslsock.c
|
||||
--- nss/lib/ssl/sslsock.c.transitional 2018-03-09 13:57:50.615706802 +0100
|
||||
+++ nss/lib/ssl/sslsock.c 2018-03-09 13:58:23.708974970 +0100
|
||||
@@ -67,7 +67,7 @@ static sslOptions ssl_defaults = {
|
||||
.noLocks = PR_FALSE,
|
||||
.enableSessionTickets = PR_FALSE,
|
||||
.enableDeflate = PR_FALSE,
|
||||
- .enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN,
|
||||
+ .enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL,
|
||||
.requireSafeNegotiation = PR_FALSE,
|
||||
.enableFalseStart = PR_FALSE,
|
||||
.cbcRandomIV = PR_TRUE,
|
||||
|
|
2
sources
2
sources
|
@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
|
|||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||
SHA512 (nss-3.29.1.tar.gz) = c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050
|
||||
SHA512 (nss-3.36.1.tar.gz) = 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
|
||||
|
|
Loading…
Reference in New Issue