Compare commits

...

24 Commits
master ... f31

Author SHA1 Message Date
Daiki Ueno
364a86cc8f Update to NSS 3.51 2020-04-07 11:20:36 +02:00
Daiki Ueno
4a5cdbbdb2 Apply CMAC fixes from upstream 2020-03-12 10:24:30 +01:00
Daiki Ueno
f1e37f35f8 Upload new sources 2020-03-04 17:35:50 +01:00
Daiki Ueno
c0b78bc53d Update to NSS 3.50 2020-03-04 17:34:17 +01:00
Daiki Ueno
c3571bbb3d Update to NSS 3.49.2 2020-01-27 10:32:57 +01:00
Daiki Ueno
b8de59e750 Remove leftover debug command in %build 2020-01-11 09:03:41 +01:00
Daiki Ueno
7e331e9268 Fix build on armv7hl with the patch proposed in upstream 2020-01-10 17:28:09 +01:00
Daiki Ueno
219dd2513d Fix %changelog mistakenly pulled from F32 2020-01-10 10:39:48 +01:00
Daiki Ueno
3b655a2e4d Update to NSS 3.49 2020-01-10 10:37:16 +01:00
Daiki Ueno
81985bfb96 Update to NSS 3.48 2020-01-03 11:17:25 +01:00
Daiki Ueno
71cc95f92d Update nss-3.47-certdb-temp-cert.patch 2019-12-04 10:21:09 +01:00
Daiki Ueno
1c0d77a6bb Update nss-3.47-certdb-temp-cert.patch to avoid setting empty trust value 2019-12-03 15:52:20 +01:00
Daiki Ueno
7007c4d430 Update nss-3.47-certdb-temp-cert.patch to the final version 2019-12-03 09:33:04 +01:00
Daiki Ueno
eab1ac8862 Fix intermittent SEC_ERROR_UNKNOWN_ISSUER (#1752303, #1648617) 2019-11-28 16:14:26 +01:00
Daiki Ueno
ed198c7587 Update to NSS 3.47.1 2019-11-22 18:02:43 +01:00
Bob Relyea
0102258016 Resolves: rhbz#1768653
NSS softoken does not include CKM_NSS_IKE1_APP_B_PRF_DERIVE in it's mechanism list, causing libreswan to crash.
2019-11-04 14:08:21 -08:00
Daiki Ueno
74e1e8c297 Install cmac.h required by blapi.h (#1764513) 2019-10-23 13:08:14 +02:00
Daiki Ueno
b7b17c0e1f Update to NSS 3.47 2019-10-22 15:24:15 +02:00
Daiki Ueno
3c59bd0f5a Update to NSS 3.46.1 2019-10-21 13:48:37 +02:00
Daiki Ueno
f767d63b1b Rebuild with NSPR 4.22 2019-09-04 11:52:26 +02:00
Daiki Ueno
79de609de6 Remove unused patch 2019-09-03 11:08:58 +02:00
Daiki Ueno
cf10cdf089 Remove upstreamed patch 2019-09-03 11:06:21 +02:00
Daiki Ueno
64e05e396d Restore files mistakenly removed in the last commit 2019-09-03 09:51:35 +02:00
Daiki Ueno
4d56a6c3a1 Update to NSS 3.46 2019-09-03 09:47:21 +02:00
10 changed files with 233 additions and 227 deletions

9
.gitignore vendored
View File

@ -37,3 +37,12 @@ TestUser51.cert
/nss-3.43.tar.gz
/nss-3.44.tar.gz
/nss-3.44.1.tar.gz
/nss-3.46.tar.gz
/nss-3.46.1.tar.gz
/nss-3.47.tar.gz
/nss-3.47.1.tar.gz
/nss-3.48.tar.gz
/nss-3.49.tar.gz
/nss-3.49.2.tar.gz
/nss-3.50.tar.gz
/nss-3.51.tar.gz

22
nss-3.47-ike-fix.patch Normal file
View File

@ -0,0 +1,22 @@
diff -up ./lib/softoken/pkcs11.c.ike_fix ./lib/softoken/pkcs11.c
--- ./lib/softoken/pkcs11.c.ike_fix 2019-11-04 10:15:08.022176945 -0800
+++ ./lib/softoken/pkcs11.c 2019-11-04 10:17:35.396733750 -0800
@@ -330,7 +330,7 @@ static const struct mechanismList mechan
{ CKM_AES_CTS, { 16, 32, CKF_EN_DE }, PR_TRUE },
{ CKM_AES_CTR, { 16, 32, CKF_EN_DE }, PR_TRUE },
{ CKM_AES_GCM, { 16, 32, CKF_EN_DE }, PR_TRUE },
- { CKM_AES_XCBC_MAC_96, { 16, 16, CKF_SN_VR }, PR_TRUE },
+ { CKM_AES_XCBC_MAC_96, { 12, 12, CKF_SN_VR }, PR_TRUE },
{ CKM_AES_XCBC_MAC, { 16, 16, CKF_SN_VR }, PR_TRUE },
/* ------------------------- Camellia Operations --------------------- */
{ CKM_CAMELLIA_KEY_GEN, { 16, 32, CKF_GENERATE }, PR_TRUE },
@@ -518,7 +518,8 @@ static const struct mechanismList mechan
/* --------------------IPSEC ----------------------- */
{ CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE },
{ CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE },
- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE }
+ { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE },
+ { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE }
};
static const CK_ULONG mechanismCount = sizeof(mechanisms) / sizeof(mechanisms[0]);

View File

@ -1,155 +0,0 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1562162181 -7200
# Wed Jul 03 15:56:21 2019 +0200
# Node ID 88feab2a3e5e4b00b1626d59a0d3ecef93cafb92
# Parent b5d3f574967f8c5c705dab15682b0e16fac3e4be
tests: ensure CAVS test dirs are created
diff --git a/tests/fips/cavs_scripts/aes.sh b/tests/fips/cavs_scripts/aes.sh
--- a/tests/fips/cavs_scripts/aes.sh
+++ b/tests/fips/cavs_scripts/aes.sh
@@ -83,6 +83,8 @@ if [ ${COMMAND} = "verify" ]; then
exit $result
fi
+test -d "${RSPDIR}" || mkdir "${RSPDIR}"
+
for request in $cbc_kat_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
diff --git a/tests/fips/cavs_scripts/aesgcm.sh b/tests/fips/cavs_scripts/aesgcm.sh
--- a/tests/fips/cavs_scripts/aesgcm.sh
+++ b/tests/fips/cavs_scripts/aesgcm.sh
@@ -56,6 +56,8 @@ if [ ${COMMAND} = "verify" ]; then
exit $result
fi
+test -d "${RSPDIR}" || mkdir "${RSPDIR}"
+
for request in $gcm_decrypt_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
diff --git a/tests/fips/cavs_scripts/dsa.sh b/tests/fips/cavs_scripts/dsa.sh
--- a/tests/fips/cavs_scripts/dsa.sh
+++ b/tests/fips/cavs_scripts/dsa.sh
@@ -59,6 +59,8 @@ if [ ${COMMAND} = "verify" ]; then
exit $result
fi
+test -d "${RSPDIR}" || mkdir "${RSPDIR}"
+
request=KeyPair.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
diff --git a/tests/fips/cavs_scripts/ecdsa.sh b/tests/fips/cavs_scripts/ecdsa.sh
--- a/tests/fips/cavs_scripts/ecdsa.sh
+++ b/tests/fips/cavs_scripts/ecdsa.sh
@@ -50,6 +50,8 @@ if [ ${COMMAND} = "verify" ]; then
exit $result
fi
+test -d "${RSPDIR}" || mkdir "${RSPDIR}"
+
request=KeyPair.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
diff --git a/tests/fips/cavs_scripts/hmac.sh b/tests/fips/cavs_scripts/hmac.sh
--- a/tests/fips/cavs_scripts/hmac.sh
+++ b/tests/fips/cavs_scripts/hmac.sh
@@ -31,6 +31,9 @@ if [ ${COMMAND} = "verify" ]; then
done
exit $result
fi
+
+test -d "${RSPDIR}" || mkdir "${RSPDIR}"
+
for request in $hmac_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
diff --git a/tests/fips/cavs_scripts/ike.sh b/tests/fips/cavs_scripts/ike.sh
--- a/tests/fips/cavs_scripts/ike.sh
+++ b/tests/fips/cavs_scripts/ike.sh
@@ -33,6 +33,8 @@ if [ ${COMMAND} = "verify" ]; then
exit $result
fi
+test -d "${RSPDIR}" || mkdir "${RSPDIR}"
+
request=ikev1_dsa.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
diff --git a/tests/fips/cavs_scripts/kas.sh b/tests/fips/cavs_scripts/kas.sh
--- a/tests/fips/cavs_scripts/kas.sh
+++ b/tests/fips/cavs_scripts/kas.sh
@@ -68,6 +68,8 @@ if [ ${COMMAND} = "verify" ]; then
exit $result
fi
+test -d "${RSPDIR}" || mkdir "${RSPDIR}"
+
request=KASFunctionTest_ECCEphemeralUnified_NOKC_ZZOnly_init.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
diff --git a/tests/fips/cavs_scripts/rng.sh b/tests/fips/cavs_scripts/rng.sh
--- a/tests/fips/cavs_scripts/rng.sh
+++ b/tests/fips/cavs_scripts/rng.sh
@@ -30,6 +30,9 @@ if [ ${COMMAND} = "verify" ]; then
done
exit $result
fi
+
+test -d "${RSPDIR}" || mkdir "${RSPDIR}"
+
for request in $drbg_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
diff --git a/tests/fips/cavs_scripts/rsa.sh b/tests/fips/cavs_scripts/rsa.sh
--- a/tests/fips/cavs_scripts/rsa.sh
+++ b/tests/fips/cavs_scripts/rsa.sh
@@ -38,6 +38,8 @@ if [ ${COMMAND} = "verify" ]; then
exit $result
fi
+test -d "${RSPDIR}" || mkdir "${RSPDIR}"
+
request=SigGen15_186-3.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
diff --git a/tests/fips/cavs_scripts/sha.sh b/tests/fips/cavs_scripts/sha.sh
--- a/tests/fips/cavs_scripts/sha.sh
+++ b/tests/fips/cavs_scripts/sha.sh
@@ -51,6 +51,8 @@ if [ ${COMMAND} = "verify" ]; then
exit $result
fi
+test -d "${RSPDIR}" || mkdir "${RSPDIR}"
+
for request in $sha_ShortMsg_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
diff --git a/tests/fips/cavs_scripts/tdea.sh b/tests/fips/cavs_scripts/tdea.sh
--- a/tests/fips/cavs_scripts/tdea.sh
+++ b/tests/fips/cavs_scripts/tdea.sh
@@ -77,6 +77,8 @@ if [ ${COMMAND} = "verify" ]; then
exit $result
fi
+test -d "${RSPDIR}" || mkdir "${RSPDIR}"
+
for request in $cbc_kat_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
diff --git a/tests/fips/cavs_scripts/tls.sh b/tests/fips/cavs_scripts/tls.sh
--- a/tests/fips/cavs_scripts/tls.sh
+++ b/tests/fips/cavs_scripts/tls.sh
@@ -30,6 +30,9 @@ if [ ${COMMAND} = "verify" ]; then
done
exit $result
fi
+
+test -d "${RSPDIR}" || mkdir "${RSPDIR}"
+
for request in $tls_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response

30
nss-kremlin-ppc64le.patch Normal file
View File

@ -0,0 +1,30 @@
Index: nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
===================================================================
--- nss.orig/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
+++ nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
@@ -56,7 +56,9 @@ typedef const char *Prims_string;
#include <emmintrin.h>
typedef __m128i FStar_UInt128_uint128;
#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
- (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__))
+ (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
+ defined(__s390x__))
typedef unsigned __int128 FStar_UInt128_uint128;
#else
typedef struct FStar_UInt128_uint128_s {
Index: nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
===================================================================
--- nss.orig/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
+++ nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
@@ -25,7 +25,9 @@
#include "LowStar_Endianness.h"
#if !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
- (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__))
+ (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
+ defined(__s390x__))
/* GCC + using native unsigned __int128 support */

View File

@ -1,35 +0,0 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1557150127 -7200
# Mon May 06 15:42:07 2019 +0200
# Node ID 438ac983bda9ec7944990d22a37877e9111caa90
# Parent b018f3e84d87cce99a1fd81feeecb31123058687
pk11slot: reference module from slot for finalization
diff --git a/lib/pk11wrap/pk11slot.c b/lib/pk11wrap/pk11slot.c
--- a/lib/pk11wrap/pk11slot.c
+++ b/lib/pk11wrap/pk11slot.c
@@ -1439,6 +1439,11 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT
slot->slotID = slotID;
slot->isThreadSafe = mod->isThreadSafe;
slot->hasRSAInfo = PR_FALSE;
+ slot->module = mod; /* NOTE: we don't make a reference here because
+ * modules have references to their slots. This
+ * works because modules keep implicit references
+ * from their slots, and won't unload and disappear
+ * until all their slots have been freed */
if (PK11_GETTAB(slot)->C_GetSlotInfo(slotID, &slotInfo) != CKR_OK) {
slot->disabled = PR_TRUE;
@@ -1448,11 +1453,6 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT
/* test to make sure claimed mechanism work */
slot->needTest = mod->internal ? PR_FALSE : PR_TRUE;
- slot->module = mod; /* NOTE: we don't make a reference here because
- * modules have references to their slots. This
- * works because modules keep implicit references
- * from their slots, and won't unload and disappear
- * until all their slots have been freed */
(void)PK11_MakeString(NULL, slot->slot_name,
(char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription));
slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT);

94
nss-signtool-format.patch Normal file
View File

@ -0,0 +1,94 @@
diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c
--- a/cmd/modutil/install.c
+++ b/cmd/modutil/install.c
@@ -825,17 +825,20 @@ rm_dash_r(char *path)
dir = PR_OpenDir(path);
if (!dir) {
return -1;
}
/* Recursively delete all entries in the directory */
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
- sprintf(filename, "%s/%s", path, entry->name);
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
+ PR_CloseDir(dir);
+ return -1;
+ }
if (rm_dash_r(filename)) {
PR_CloseDir(dir);
return -1;
}
}
if (PR_CloseDir(dir) != PR_SUCCESS) {
return -1;
diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c
--- a/cmd/signtool/util.c
+++ b/cmd/signtool/util.c
@@ -132,17 +132,20 @@ rm_dash_r(char *path)
if (!dir) {
PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
errorCount++;
return -1;
}
/* Recursively delete all entries in the directory */
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
- sprintf(filename, "%s/%s", path, entry->name);
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
+ errorCount++;
+ return -1;
+ }
if (rm_dash_r(filename))
return -1;
}
if (PR_CloseDir(dir) != PR_SUCCESS) {
PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
errorCount++;
return -1;
diff --git a/lib/libpkix/pkix/util/pkix_list.c b/lib/libpkix/pkix/util/pkix_list.c
--- a/lib/libpkix/pkix/util/pkix_list.c
+++ b/lib/libpkix/pkix/util/pkix_list.c
@@ -1530,17 +1530,17 @@ cleanup:
*/
PKIX_Error *
PKIX_List_SetItem(
PKIX_List *list,
PKIX_UInt32 index,
PKIX_PL_Object *item,
void *plContext)
{
- PKIX_List *element;
+ PKIX_List *element = NULL;
PKIX_ENTER(LIST, "PKIX_List_SetItem");
PKIX_NULLCHECK_ONE(list);
if (list->immutable){
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
}
diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
@@ -102,17 +102,17 @@ cleanup:
*/
static PKIX_Error *
pkix_pl_OID_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
- PKIX_Int32 cmpResult;
+ PKIX_Int32 cmpResult = 0;
PKIX_ENTER(OID, "pkix_pl_OID_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_pl_OID_Comparator
(first, second, &cmpResult, plContext),
PKIX_OIDCOMPARATORFAILED);

View File

@ -1,27 +0,0 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1558341826 -7200
# Mon May 20 10:43:46 2019 +0200
# Node ID b447f0046807b718d2928d0e33313620d38a287a
# Parent 02ea5f29ac3c1f1c6e6eb4b655afd9b4fc075a9e
tests: skip TLS 1.3 tests under FIPS mode
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
--- a/tests/ssl/ssl.sh
+++ b/tests/ssl/ssl.sh
@@ -393,6 +393,15 @@ ssl_auth()
echo "${testname}" | grep "TLS 1.3" > /dev/null
TLS13=$?
+ # Currently TLS 1.3 tests are known to fail under FIPS mode,
+ # because HKDF is implemented using the PKCS #11 functions
+ # prohibited under FIPS mode.
+ if [ "${TLS13}" -eq 0 ] && \
+ [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
+ echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
+ continue
+ fi
+
if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then

12
nss-tls13-default.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up nss/lib/ssl/sslsock.c.tls13-default nss/lib/ssl/sslsock.c
--- nss/lib/ssl/sslsock.c.tls13-default 2020-01-27 10:21:44.930830558 +0100
+++ nss/lib/ssl/sslsock.c 2020-01-27 10:21:47.419852229 +0100
@@ -97,7 +97,7 @@ static sslOptions ssl_defaults = {
*/
static SSLVersionRange versions_defaults_stream = {
SSL_LIBRARY_VERSION_TLS_1_0,
- SSL_LIBRARY_VERSION_TLS_1_3
+ SSL_LIBRARY_VERSION_TLS_1_2
};
static SSLVersionRange versions_defaults_datagram = {

View File

@ -1,5 +1,5 @@
%global nspr_version 4.21.0
%global nss_version 3.44.1
%global nspr_version 4.25.0
%global nss_version 3.51.0
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global saved_files_dir %{_libdir}/nss/saved
%global dracutlibdir %{_prefix}/lib/dracut
@ -43,7 +43,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
Summary: Network Security Services
Name: nss
Version: %{nss_version}
Release: 2%{?dist}
Release: 1%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Requires: nspr >= %{nspr_version}
@ -93,8 +93,6 @@ Source28: nss-p11-kit.config
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
Patch2: nss-539183.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1549382
Patch3: nss-module-leak.patch
# This patch uses the GCC -iquote option documented at
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
# to give the in-tree headers a higher priority over the system headers,
@ -107,9 +105,16 @@ Patch3: nss-module-leak.patch
# Once the buildroot aha been bootstrapped the patch may be removed
# but it doesn't hurt to keep it.
Patch4: iquote.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1552767
Patch5: nss-skip-tls13-fips.patch
Patch6: nss-cavs-tests.patch
# add missing ike mechanism to softoken
Patch10: nss-3.47-ike-fix.patch
# To revert the upstream change:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1573118
# as it still doesn't work under FIPS mode because of missing HKDF
# support in PKCS #11.
Patch11: nss-tls13-default.patch
Patch12: nss-signtool-format.patch
# https://github.com/FStarLang/kremlin/issues/166
Patch13: nss-kremlin-ppc64le.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@ -557,7 +562,7 @@ do
done
# Copy some freebl include files we also want
for file in blapi.h alghmac.h
for file in blapi.h alghmac.h cmac.h
do
install -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
done
@ -850,6 +855,7 @@ update-crypto-policies &> /dev/null || :
%{_includedir}/nss3/blapi.h
%{_includedir}/nss3/blapit.h
%{_includedir}/nss3/alghmac.h
%{_includedir}/nss3/cmac.h
%{_includedir}/nss3/lowkeyi.h
%{_includedir}/nss3/lowkeyti.h
@ -874,6 +880,56 @@ update-crypto-policies &> /dev/null || :
%changelog
* Tue Apr 7 2020 Daiki Ueno <dueno@redhat.com> - 3.51.0-1
- Update to NSS 3.51
* Thu Mar 5 2020 Daiki Ueno <dueno@redhat.com> - 3.50.0-2
- Apply CMAC fixes from upstream
* Mon Feb 17 2020 Daiki Ueno <dueno@redhat.com> - 3.50.0-1
- Update to NSS 3.50
* Mon Jan 27 2020 Daiki Ueno <dueno@redhat.com> - 3.49.2-1
- Update to NSS 3.49.2
- Don't enable TLS 1.3 by default (#1794814)
* Fri Jan 10 2020 Daiki Ueno <dueno@redhat.com> - 3.49.0-1
- Update to NSS 3.49
- Fix build on armv7hl with the patch proposed in upstream
* Fri Jan 3 2020 Daiki Ueno <dueno@redhat.com> - 3.48.0-1
- Update to NSS 3.48
* Tue Dec 3 2019 Daiki Ueno <dueno@redhat.com> - 3.47.1-4
- Update nss-3.47-certdb-temp-cert.patch to avoid setting empty trust value
* Tue Dec 3 2019 Daiki Ueno <dueno@redhat.com> - 3.47.1-3
- Update nss-3.47-certdb-temp-cert.patch to the final version
* Thu Nov 28 2019 Daiki Ueno <dueno@redhat.com> - 3.47.1-2
- Fix intermittent SEC_ERROR_UNKNOWN_ISSUER (#1752303, #1648617)
* Fri Nov 22 2019 Daiki Ueno <dueno@redhat.com> - 3.47.1-1
- Update to NSS 3.47.1
* Thu Nov 7 2019 Bob Relyea <rrelyea@redhat.com> - 3.47.0-3
- Include ike mechanism fix
* Wed Oct 23 2019 Daiki Ueno <dueno@redhat.com> - 3.47.0-2
- Install cmac.h required by blapi.h (#1764513)
* Tue Oct 22 2019 Daiki Ueno <dueno@redhat.com> - 3.47.0-1
- Update to NSS 3.47
* Mon Oct 21 2019 Daiki Ueno <dueno@redhat.com> - 3.46.1-1
- Update to NSS 3.46.1
* Wed Sep 4 2019 Daiki Ueno <dueno@redhat.com> - 3.46.0-2
- Rebuild with NSPR 4.22
* Tue Sep 3 2019 Daiki Ueno <dueno@redhat.com> - 3.46.0-2
- Update to NSS 3.46
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.44.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

View File

@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
SHA512 (nss-3.44.1.tar.gz) = eb8777701a25b54377026633b6bf284e4c62308012058355f348a7c57525afe96db74a07de41ba01754e316a7dff06689de527359a5474ed7ab606779c4cf169
SHA512 (nss-3.51.tar.gz) = 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd