Compare commits
36 Commits
master
...
nss-3_12_6
Author | SHA1 | Date |
---|---|---|
Elio Maldonado | f87b9329cd | |
Elio Maldonado | 15ea8e6328 | |
Elio Maldonado | fa2658066e | |
Elio Maldonado | 7fa225766b | |
Elio Maldonado | 8f79ab452e | |
Elio Maldonado | a6f9d69494 | |
Elio Maldonado | c0bccc0f7b | |
Elio Maldonado | 1e4227045b | |
Elio Maldonado | 83451a19ed | |
Elio Maldonado | 64ce39c763 | |
Elio Maldonado | 96a054f139 | |
Elio Maldonado | 70df32f821 | |
Elio Maldonado | 92db65991e | |
Elio Maldonado | 56dc00989b | |
Elio Maldonado | 91030c96d8 | |
Elio Maldonado | f1a3345519 | |
Elio Maldonado | dd9892b9a8 | |
Elio Maldonado | 55edeec982 | |
Elio Maldonado | 1aff3403a3 | |
Elio Maldonado | 09ecfd57b6 | |
Elio Maldonado | f2ccd473b5 | |
Elio Maldonado | 4f8d878891 | |
Elio Maldonado | 5766a45a65 | |
Elio Maldonado | f8024f1124 | |
Elio Maldonado | cb110c36cc | |
Elio Maldonado | a98531146e | |
Elio Maldonado | 302377ce99 | |
Elio Maldonado | f8ccb63629 | |
Elio Maldonado | a10e23db6b | |
Elio Maldonado | 9d98fbfa61 | |
Bill Nottingham | 6a5ec0e38b | |
Elio Maldonado | 782344fee9 | |
Elio Maldonado | c68a00ee4e | |
Elio Maldonado | 0f54a974d6 | |
Elio Maldonado | 99e8ed3aca | |
Jesse Keating | 92df9c7dc4 |
10
.cvsignore
10
.cvsignore
|
@ -1,2 +1,8 @@
|
|||
nss-3.12.4-stripped.tar.bz2
|
||||
nss-pem-20090907.tar.bz2
|
||||
nss-3.12.6-stripped.tar.bz2
|
||||
nss-pem-20100412.tar.bz2
|
||||
blank-cert8.db
|
||||
blank-key3.db
|
||||
blank-secmod.db
|
||||
blank-cert9.db
|
||||
blank-key4.db
|
||||
PayPalEE.cert
|
||||
|
|
4
Makefile
4
Makefile
|
@ -1,10 +1,10 @@
|
|||
# Makefile for source rpm: nss
|
||||
# $Id: Makefile,v 1.1 2005/12/15 19:34:51 caillon Exp $
|
||||
# $Id: Makefile,v 1.2 2007/10/15 19:11:25 notting Exp $
|
||||
NAME := nss
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
|
BIN
blank-cert8.db
BIN
blank-cert8.db
Binary file not shown.
BIN
blank-cert9.db
BIN
blank-cert9.db
Binary file not shown.
BIN
blank-key3.db
BIN
blank-key3.db
Binary file not shown.
BIN
blank-key4.db
BIN
blank-key4.db
Binary file not shown.
BIN
blank-secmod.db
BIN
blank-secmod.db
Binary file not shown.
159
newargs.patch
159
newargs.patch
|
@ -1,159 +0,0 @@
|
|||
Index: mozilla/security/nss/lib/pk11wrap/pk11pars.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11pars.c,v
|
||||
retrieving revision 1.21
|
||||
diff -u -p -r1.21 pk11pars.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11pars.c 12 Nov 2005 00:14:25 -0000 1.21
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11pars.c 1 Sep 2009 21:55:18 -0000
|
||||
@@ -107,6 +107,41 @@ secmod_NewModule(void)
|
||||
|
||||
}
|
||||
|
||||
+/* private flags. */
|
||||
+/* The meaing of these flags is as follows:
|
||||
+ *
|
||||
+ * SECMOD_FLAG_IS_MODULE_DB - This is a module that accesses the database of
|
||||
+ * other modules to load. Module DBs are loadable modules that tells
|
||||
+ * NSS which PKCS #11 modules to load and when. These module DBs are
|
||||
+ * chainable. That is, one module DB can load another one. NSS system init
|
||||
+ * design takes advantage of this feature. In system NSS, a fixed system
|
||||
+ * module DB loads the system defined libraries, then chains out to the
|
||||
+ * traditional module DBs to load any system or user configured modules
|
||||
+ * (like smart cards). This bit is the same as the already existing meaning
|
||||
+ * of isModuleDB = PR_TRUE. None of the other flags should be set if this
|
||||
+ * flag isn't on.
|
||||
+ *
|
||||
+ * SECMOD_FLAG_SKIP_FIRST - This flag tells NSS to skip the first
|
||||
+ * PKCS #11 module presented by a module DB. This allows the OS to load a
|
||||
+ * softoken from the system module, then ask the existing module DB code to
|
||||
+ * load the other PKCS #11 modules in that module DB (skipping it's request
|
||||
+ * to load softoken). This gives the system init finer control over the
|
||||
+ * configuration of that softoken module.
|
||||
+ *
|
||||
+ * SECMOD_FLAG_DEFAULT_MODDB - This flag allows system init to mark a
|
||||
+ * different module DB as the 'default' module DB (the one in which
|
||||
+ * 'Add module' changes will go). Without this flag NSS takes the first
|
||||
+ * module as the default Module DB, but in system NSS, that first module
|
||||
+ * is the system module, which is likely read only (at least to the user).
|
||||
+ * This allows system NSS to delegate those changes to the user's module DB,
|
||||
+ * preserving the user's ability to load new PKCS #11 modules (which only
|
||||
+ * affect him), from existing applications like Firefox.
|
||||
+ */
|
||||
+#define SECMOD_FLAG_IS_MODULE_DB 0x01 /* must be set if any of the other flags
|
||||
+ * are set */
|
||||
+#define SECMOD_FLAG_SKIP_FIRST 0x02
|
||||
+#define SECMOD_FLAG_DEFAULT_MODDB 0x04
|
||||
+
|
||||
/*
|
||||
* for 3.4 we continue to use the old SECMODModule structure
|
||||
*/
|
||||
@@ -137,15 +172,33 @@ SECMOD_CreateModule(const char *library,
|
||||
if (slotParams) PORT_Free(slotParams);
|
||||
/* new field */
|
||||
mod->trustOrder = secmod_argReadLong("trustOrder",nssc,
|
||||
- SECMOD_DEFAULT_TRUST_ORDER,NULL);
|
||||
+ SECMOD_DEFAULT_TRUST_ORDER,NULL);
|
||||
/* new field */
|
||||
mod->cipherOrder = secmod_argReadLong("cipherOrder",nssc,
|
||||
- SECMOD_DEFAULT_CIPHER_ORDER,NULL);
|
||||
+ SECMOD_DEFAULT_CIPHER_ORDER,NULL);
|
||||
/* new field */
|
||||
mod->isModuleDB = secmod_argHasFlag("flags","moduleDB",nssc);
|
||||
mod->moduleDBOnly = secmod_argHasFlag("flags","moduleDBOnly",nssc);
|
||||
if (mod->moduleDBOnly) mod->isModuleDB = PR_TRUE;
|
||||
|
||||
+ /* we need more bits, but we also want to preserve binary compatibility
|
||||
+ * so we overload the isModuleDB PRBool with additional flags.
|
||||
+ * These flags are only valid if mod->isModuleDB is already set.
|
||||
+ * NOTE: this depends on the fact that PRBool is at least a char on
|
||||
+ * all platforms. These flags are only valid if moduleDB is set, so
|
||||
+ * code checking if (mod->isModuleDB) will continue to work correctly. */
|
||||
+ if (mod->isModuleDB) {
|
||||
+ char flags = SECMOD_FLAG_IS_MODULE_DB;
|
||||
+ if (secmod_argHasFlag("flags","skipFirst",nssc)) {
|
||||
+ flags |= SECMOD_FLAG_SKIP_FIRST;
|
||||
+ }
|
||||
+ if (secmod_argHasFlag("flags","defaultModDB",nssc)) {
|
||||
+ flags |= SECMOD_FLAG_DEFAULT_MODDB;
|
||||
+ }
|
||||
+ /* additional moduleDB flags could be added here in the future */
|
||||
+ mod->isModuleDB = (PRBool) flags;
|
||||
+ }
|
||||
+
|
||||
ciphers = secmod_argGetParamValue("ciphers",nssc);
|
||||
secmod_argSetNewCipherFlags(&mod->ssl[0],ciphers);
|
||||
if (ciphers) PORT_Free(ciphers);
|
||||
@@ -155,6 +208,22 @@ SECMOD_CreateModule(const char *library,
|
||||
return mod;
|
||||
}
|
||||
|
||||
+PRBool
|
||||
+SECMOD_GetSkipFirstFlag(SECMODModule *mod)
|
||||
+{
|
||||
+ char flags = (char) mod->isModuleDB;
|
||||
+
|
||||
+ return (flags & SECMOD_FLAG_SKIP_FIRST) ? PR_TRUE : PR_FALSE;
|
||||
+}
|
||||
+
|
||||
+PRBool
|
||||
+SECMOD_GetDefaultModDBFlag(SECMODModule *mod)
|
||||
+{
|
||||
+ char flags = (char) mod->isModuleDB;
|
||||
+
|
||||
+ return (flags & SECMOD_FLAG_DEFAULT_MODDB) ? PR_TRUE : PR_FALSE;
|
||||
+}
|
||||
+
|
||||
static char *
|
||||
secmod_mkModuleSpec(SECMODModule * module)
|
||||
{
|
||||
@@ -333,7 +402,12 @@ SECMOD_LoadModule(char *modulespec,SECMO
|
||||
if (moduleSpecList) {
|
||||
char **index;
|
||||
|
||||
- for (index = moduleSpecList; *index; index++) {
|
||||
+ index = moduleSpecList;
|
||||
+ if (*index && SECMOD_GetSkipFirstFlag(module)) {
|
||||
+ index++;
|
||||
+ }
|
||||
+
|
||||
+ for (; *index; index++) {
|
||||
SECMODModule *child;
|
||||
child = SECMOD_LoadModule(*index,module,PR_TRUE);
|
||||
if (!child) break;
|
||||
Index: mozilla/security/nss/lib/pk11wrap/pk11util.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11util.c,v
|
||||
retrieving revision 1.55
|
||||
diff -u -p -r1.55 pk11util.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11util.c 30 Jul 2009 00:29:35 -0000 1.55
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11util.c 1 Sep 2009 21:55:18 -0000
|
||||
@@ -179,7 +179,10 @@ SECMOD_AddModuleToList(SECMODModule *new
|
||||
SECStatus
|
||||
SECMOD_AddModuleToDBOnlyList(SECMODModule *newModule)
|
||||
{
|
||||
- if (defaultDBModule == NULL) {
|
||||
+ if (defaultDBModule && SECMOD_GetDefaultModDBFlag(newModule)) {
|
||||
+ SECMOD_DestroyModule(defaultDBModule);
|
||||
+ defaultDBModule = SECMOD_ReferenceModule(newModule);
|
||||
+ } else if (defaultDBModule == NULL) {
|
||||
defaultDBModule = SECMOD_ReferenceModule(newModule);
|
||||
}
|
||||
return secmod_AddModuleToList(&modulesDB,newModule);
|
||||
Index: mozilla/security/nss/lib/pk11wrap/secmod.h
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/secmod.h,v
|
||||
retrieving revision 1.26
|
||||
diff -u -p -r1.26 secmod.h
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/secmod.h 17 Dec 2008 06:09:16 -0000 1.26
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/secmod.h 1 Sep 2009 21:55:18 -0000
|
||||
@@ -151,6 +151,10 @@ extern PK11SlotInfo *SECMOD_FindSlot(SEC
|
||||
/* of modType has been installed */
|
||||
PRBool SECMOD_IsModulePresent( unsigned long int pubCipherEnableFlags );
|
||||
|
||||
+/* accessors */
|
||||
+PRBool SECMOD_GetSkipFirstFlag(SECMODModule *mod);
|
||||
+PRBool SECMOD_GetDefaultModDBFlag(SECMODModule *mod);
|
||||
+
|
||||
/* Functions used to convert between internal & public representation
|
||||
* of Mechanism Flags and Cipher Enable Flags */
|
||||
extern unsigned long SECMOD_PubMechFlagstoInternal(unsigned long publicFlags);
|
|
@ -1,14 +0,0 @@
|
|||
--- ./mozilla/security/nss/cmd/platlibs.mk.withrpath 2007-02-19 07:17:06.000000000 +0100
|
||||
+++ ./mozilla/security/nss/cmd/platlibs.mk 2007-02-19 07:18:07.000000000 +0100
|
||||
@@ -52,9 +52,9 @@
|
||||
|
||||
ifeq ($(OS_ARCH), Linux)
|
||||
ifeq ($(USE_64), 1)
|
||||
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
|
||||
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
|
||||
else
|
||||
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
|
||||
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
|
||||
endif
|
||||
endif
|
||||
|
|
@ -1,26 +1,26 @@
|
|||
diff -up ./mozilla/security/nss/lib/Makefile.nolocalsql ./mozilla/security/nss/lib/Makefile
|
||||
--- ./mozilla/security/nss/lib/Makefile.nolocalsql 2007-07-19 23:36:49.000000000 +0200
|
||||
+++ ./mozilla/security/nss/lib/Makefile 2009-04-14 17:07:40.000000000 +0200
|
||||
@@ -62,11 +62,11 @@ ifeq ($(OS_TARGET), WINCE)
|
||||
DIRS := $(filter-out fortcrypt,$(DIRS))
|
||||
--- ./mozilla/security/nss/lib/Makefile.nolocalsql 2010-02-27 16:40:25.891777537 -0800
|
||||
+++ ./mozilla/security/nss/lib/Makefile 2010-02-27 16:41:59.175902327 -0800
|
||||
@@ -62,11 +62,11 @@ ifndef USE_SYSTEM_ZLIB
|
||||
ZLIB_SRCDIR = zlib # Add the zlib directory to DIRS.
|
||||
endif
|
||||
|
||||
-ifndef MOZILLA_CLIENT
|
||||
-ifndef NSS_USE_SYSTEM_SQLITE
|
||||
-DIRS := sqlite $(DIRS)
|
||||
-SQLITE_SRCDIR = sqlite # Add the sqlite directory to DIRS.
|
||||
-endif
|
||||
-endif
|
||||
+#ifndef MOZILLA_CLIENT
|
||||
+#ifndef NSS_USE_SYSTEM_SQLITE
|
||||
+#DIRS := sqlite $(DIRS)
|
||||
+#SQLITE_SRCDIR = sqlite # Add the sqlite directory to DIRS.
|
||||
+#endif
|
||||
+#endif
|
||||
|
||||
#######################################################################
|
||||
# (5) Execute "global" rules. (OPTIONAL) #
|
||||
ifndef MOZILLA_CLIENT
|
||||
ifeq ($(OS_ARCH),Linux)
|
||||
diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn
|
||||
--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql 2007-07-19 23:36:50.000000000 +0200
|
||||
+++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn 2009-04-14 17:07:40.000000000 +0200
|
||||
--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql 2010-02-27 16:44:24.998777709 -0800
|
||||
+++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn 2010-02-27 16:45:08.533803472 -0800
|
||||
@@ -46,9 +46,9 @@ MAPFILE = $(OBJDIR)/nssdbm.def
|
||||
|
||||
DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
|
||||
|
@ -35,8 +35,8 @@ diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./m
|
|||
CSRCS = \
|
||||
dbmshim.c \
|
||||
diff -up ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/manifest.mn
|
||||
--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql 2009-03-25 17:21:37.000000000 +0100
|
||||
+++ ./mozilla/security/nss/lib/softoken/manifest.mn 2009-04-14 17:07:40.000000000 +0200
|
||||
--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql 2010-02-27 16:42:52.213902231 -0800
|
||||
+++ ./mozilla/security/nss/lib/softoken/manifest.mn 2010-02-27 16:43:34.040776788 -0800
|
||||
@@ -47,9 +47,9 @@ MAPFILE = $(OBJDIR)/softokn.def
|
||||
|
||||
DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
|
||||
|
|
|
@ -6,6 +6,6 @@ includedir=%includedir%
|
|||
Name: NSS
|
||||
Description: Network Security Services
|
||||
Version: %NSS_VERSION%
|
||||
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%, nss-softokn >= %SOFTOKEN_VERSION%
|
||||
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
|
||||
Libs: -lssl3 -lsmime3 -lnss3
|
||||
Cflags: -I${includedir}
|
||||
|
|
123
nss.spec
123
nss.spec
|
@ -1,22 +1,24 @@
|
|||
%global nspr_version 4.8
|
||||
%global nss_util_version 3.12.4
|
||||
%global nspr_version 4.8.4
|
||||
%global nss_util_version 3.12.6
|
||||
%global nss_softokn_version 3.12.4
|
||||
%global nss_softokn_fips_version 3.12.4
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.12.4
|
||||
Release: 12%{?dist}
|
||||
Version: 3.12.6
|
||||
Release: 5%{?dist}
|
||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
Requires: nspr >= %{nspr_version}
|
||||
Requires: nss-util >= %{nss_util_version}
|
||||
Requires: nss-softokn >= %{nss_softokn_version}
|
||||
Requires: nss-util = %{nss_util_version}
|
||||
Requires: nss-softokn%{_isa} = %{nss_softokn_fips_version}
|
||||
Requires: nss-system-init
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: nspr-devel >= %{nspr_version}
|
||||
BuildRequires: nss-softokn-devel >= %{version}
|
||||
BuildRequires: nss-util-devel >= %{nss_util_version}
|
||||
BuildRequires: nss-softokn-devel = %{nss_softokn_version}
|
||||
BuildRequires: nss-util-devel = %{nss_util_version}
|
||||
BuildRequires: sqlite-devel
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: pkgconfig
|
||||
|
@ -35,12 +37,13 @@ Source6: blank-cert9.db
|
|||
Source7: blank-key4.db
|
||||
Source8: system-pkcs11.txt
|
||||
Source9: setup-nsssysinit.sh
|
||||
Source12: %{name}-pem-20090907.tar.bz2
|
||||
Source10: PayPalEE.cert
|
||||
Source12: %{name}-pem-20100412.tar.bz2
|
||||
|
||||
Patch2: nss-nolocalsql.patch
|
||||
Patch3: renegotiate-transitional.patch
|
||||
Patch4: validate-arguments.patch
|
||||
Patch6: nss-enable-pem.patch
|
||||
Patch7: newargs.patch
|
||||
Patch8: sysinit.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
@ -68,8 +71,9 @@ manipulate the NSS certificate and key database.
|
|||
%package sysinit
|
||||
Summary: System NSS Initilization
|
||||
Group: System Environment/Base
|
||||
Provides: nss-sysinit = %{version}-%{release}
|
||||
Provides: nss-system-init
|
||||
Requires: nss = %{version}-%{release}
|
||||
Requires(post): coreutils, sed
|
||||
|
||||
%description sysinit
|
||||
Default Operating System module that manages applications loading
|
||||
|
@ -102,12 +106,14 @@ low level services.
|
|||
|
||||
%prep
|
||||
%setup -q
|
||||
%{__cp} %{SOURCE10} -f ./mozilla/security/nss/tests/libpkix/certs
|
||||
%setup -q -T -D -n %{name}-%{version} -a 12
|
||||
|
||||
%patch2 -p0
|
||||
%patch2 -p0 -b .nolocalsql
|
||||
%patch3 -p0 -b .transitional
|
||||
%patch4 -p0 -b .validate
|
||||
%patch6 -p0 -b .libpem
|
||||
%patch7 -p0 -b .newargs
|
||||
%patch8 -p0 -b .sysinit
|
||||
|
||||
|
||||
%build
|
||||
|
||||
|
@ -137,8 +143,8 @@ export NSPR_LIB_DIR
|
|||
NSS_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
|
||||
NSS_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nss-util | sed 's/-L//'`
|
||||
|
||||
export NSS_INCLUDE_DIR
|
||||
export NSS_LIB_DIR
|
||||
#export NSS_INCLUDE_DIR
|
||||
#export NSS_LIB_DIR
|
||||
|
||||
%ifarch x86_64 ppc64 ia64 s390x sparc64
|
||||
USE_64=1
|
||||
|
@ -229,6 +235,17 @@ rm -rf ./mozilla/tests_results
|
|||
cd ./mozilla/security/nss/tests/
|
||||
# all.sh is the test suite script
|
||||
|
||||
# don't need to run all the tests when testing packaging
|
||||
# nss_cycles: standard pkix upgradedb sharedb
|
||||
# nss_tests: cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains
|
||||
# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
|
||||
# nss_ssl_run: cov auth stress
|
||||
|
||||
# Temporarily disabling the ssl test suites
|
||||
# until bug 539183 gets resolved
|
||||
#%global nss_ssl_tests " "
|
||||
#%global nss_ssl_run " "
|
||||
|
||||
HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh
|
||||
|
||||
cd ../../../../
|
||||
|
@ -469,6 +486,78 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
|||
|
||||
|
||||
%changelog
|
||||
* Sat Apr 12 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-5
|
||||
- Update pem source tar to pick up the following bug fixes:
|
||||
- PEM - Allow collect objects to search through all objects
|
||||
- PEM - Make CopyObject return a new shallow copy
|
||||
- PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv
|
||||
|
||||
* Wed Apr 07 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-4
|
||||
- Update the test cert in the setup phase
|
||||
|
||||
* Wed Apr 07 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-3
|
||||
- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071)
|
||||
- Update PayPalEE test cert with unexpired one (#580207)
|
||||
|
||||
* Fri Mar 19 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-2
|
||||
- Fix nss.pc to not require nss-softokn (#575001)
|
||||
|
||||
* Sat Mar 06 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-1.2
|
||||
- Rebuilt with all tests enabled
|
||||
|
||||
* Sat Mar 06 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-1.1
|
||||
- Update to 3.12.6
|
||||
- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period
|
||||
- Patch tools to validate command line options arguments
|
||||
|
||||
* Mon Jan 25 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.5-8
|
||||
- Fix curl related regression and general patch code clean up
|
||||
|
||||
* Wed Jan 13 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.5-7
|
||||
- Retagged
|
||||
|
||||
* Wed Jan 13 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.5-6
|
||||
- retagging
|
||||
|
||||
* Tue Jan 12 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.5-2.1
|
||||
- Fix SIGSEGV on call of NSS_Initialize (#553638)
|
||||
|
||||
* Wed Jan 06 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.5-2
|
||||
- bump release number and rebuild
|
||||
|
||||
* Wed Jan 06 2010 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.14
|
||||
- Fix nsssysinit to allow root to modify the nss system database (#547860)
|
||||
|
||||
* Wed Jan 06 2010 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.12.1
|
||||
- Temporarily disabling the ssl tests until Bug 539183 is resolved
|
||||
|
||||
* Sat Dec 25 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.11
|
||||
- Fix an error introduced when adapting the patch for 546211
|
||||
|
||||
* Sat Dec 19 2009 Elio maldonado<emaldona@redhat.com> - 3.12.5-1.10
|
||||
- Remove some left over trace statements from nsssysinit patching
|
||||
|
||||
* Thu Dec 17 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.8
|
||||
- Fix nsssysinit to set the default flags on the crypto module (#545779)
|
||||
- Fix nsssysinit to enable apps to use the system cert store, patch contributed by David Woodhouse (#546221)
|
||||
- Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)
|
||||
- Sysinit requires coreutils for post install scriplet (#547067)
|
||||
- Remove redundant header from the pem module
|
||||
|
||||
* Wed Dec 09 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-2.1
|
||||
- Remove unneeded patch
|
||||
|
||||
* Thu Dec 04 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.2
|
||||
- Update to 3.12.5
|
||||
- CVE-2009-3555 TLS: MITM attacks via session renegotiation
|
||||
|
||||
* Mon Oct 26 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-15
|
||||
- Require nss-softoken of same arch as nss (#527867)
|
||||
|
||||
* Mon Oct 06 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-14
|
||||
- Fix bug where user was prompted for a password when listing keys on an empty system database (#527048)
|
||||
- Fix setup-nsssysinit to handle more general flags formats (#527051)
|
||||
|
||||
* Sun Sep 27 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-12
|
||||
- Fix syntax error in setup-nsssysinit.sh
|
||||
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
Index: ./mozilla/security/nss/lib/ssl/sslsock.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
|
||||
retrieving revision 1.66
|
||||
diff -u -p -r1.66 sslsock.c
|
||||
--- ./mozilla/security/nss/lib/ssl/sslsock.c 26 Feb 2010 20:44:54 -0000 1.66
|
||||
+++ ./mozilla/security/nss/lib/ssl/sslsock.c 1 Mar 2010 18:05:10 -0000
|
||||
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
|
||||
PR_FALSE, /* noLocks */
|
||||
PR_FALSE, /* enableSessionTickets */
|
||||
PR_FALSE, /* enableDeflate */
|
||||
- 2, /* enableRenegotiation (default: requires extension) */
|
||||
+ 3, /* enableRenegotiation (default: transitional)
|
||||
PR_FALSE, /* requireSafeNegotiation */
|
||||
};
|
||||
|
|
@ -22,13 +22,6 @@ if test $# -eq 0; then
|
|||
usage 1 1>&2
|
||||
fi
|
||||
|
||||
on="1"
|
||||
case "$1" in
|
||||
on | ON ) on="1";;
|
||||
off | OFF ) on="";;
|
||||
* ) usage 1 1>&2;;
|
||||
esac
|
||||
|
||||
# the system-wide configuration file
|
||||
p11conf="/etc/pki/nssdb/pkcs11.txt"
|
||||
# must exist, otherwise report it and exit with failure
|
||||
|
@ -37,19 +30,26 @@ if [ ! -f $p11conf ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# turn on or off
|
||||
if [ on = "1" ]; then
|
||||
cat ${p11conf} | sed -e 's/^library=$/library=libnsssysinit.so/' \
|
||||
-e 'g/^NSS/ s; Flags=internal,critical; Flags=internal,moduleDBOnly,critical;' > \
|
||||
${p11conf}.on
|
||||
mv ${p11conf}.on ${p11conf}
|
||||
else
|
||||
if [ `grep "^library=libnsssysinit" ${p11conf}` == ""]; then
|
||||
exit 0
|
||||
fi
|
||||
cat ${p11conf} | sed -e 's/^library=libnsssysinit.so/library=/' \
|
||||
-e 'g/^NSS/ s; Flags=internal,moduleDBOnly,critical; Flags=internal,critical;' > \
|
||||
${p11conf}.off
|
||||
mv ${p11conf}.off ${p11conf}
|
||||
fi
|
||||
|
||||
on="1"
|
||||
case "$1" in
|
||||
on | ON )
|
||||
cat ${p11conf} | \
|
||||
sed -e 's/^library=$/library=libnsssysinit.so/' \
|
||||
-e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \
|
||||
${p11conf}.on
|
||||
mv ${p11conf}.on ${p11conf}
|
||||
;;
|
||||
off | OFF )
|
||||
if [ ! `grep "^library=libnsssysinit" ${p11conf}` ]; then
|
||||
exit 0
|
||||
fi
|
||||
cat ${p11conf} | \
|
||||
sed -e 's/^library=libnsssysinit.so/library=/' \
|
||||
-e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \
|
||||
${p11conf}.off
|
||||
mv ${p11conf}.off ${p11conf}
|
||||
;;
|
||||
* )
|
||||
usage 1 1>&2
|
||||
;;
|
||||
esac
|
||||
|
|
10
sources
10
sources
|
@ -1,2 +1,8 @@
|
|||
954834f7b173bdab366a19880c671c39 nss-3.12.4-stripped.tar.bz2
|
||||
895ef804e11c14868e86df80c2dd9b66 nss-pem-20090907.tar.bz2
|
||||
3902499c8e02b02d4944f21d3c6a839f nss-3.12.6-stripped.tar.bz2
|
||||
f32d884d178082ce8201f01e21f0d050 nss-pem-20100412.tar.bz2
|
||||
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
||||
9315689bbd9f28ceebd47894f99fccbd blank-key3.db
|
||||
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
|
||||
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
|
||||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
||||
9bbc62615e6b2b22547375b5d39ddfe7 PayPalEE.cert
|
||||
|
|
1492
sysinit.patch
1492
sysinit.patch
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,720 @@
|
|||
Index: ./mozilla/security/nss/cmd/p7content/p7content.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/p7content/p7content.c,v
|
||||
retrieving revision 1.12
|
||||
diff -u -p -r1.12 p7content.c
|
||||
--- ./mozilla/security/nss/cmd/p7content/p7content.c 4 Aug 2008 22:58:31 -0000 1.12
|
||||
+++ ./mozilla/security/nss/cmd/p7content/p7content.c 2 Mar 2010 18:29:48 -0000
|
||||
@@ -64,7 +64,7 @@ extern int fprintf(FILE *, char *, ...);
|
||||
|
||||
|
||||
static void
|
||||
-Usage(char *progName)
|
||||
+Usage(const char *progName)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage: %s [-d dbdir] [-i input] [-o output]\n",
|
||||
@@ -195,6 +195,15 @@ DecodeAndPrintFile(FILE *out, PRFileDesc
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static void
|
||||
+PrintMsgAndExit(const char *progName, char opt)
|
||||
+{
|
||||
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
|
||||
+ Usage(progName);
|
||||
+}
|
||||
+
|
||||
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
|
||||
+
|
||||
/*
|
||||
* Print the contents of a PKCS7 message, indicating signatures, etc.
|
||||
*/
|
||||
@@ -222,10 +231,12 @@ main(int argc, char **argv)
|
||||
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
|
||||
switch (optstate->option) {
|
||||
case 'd':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
SECU_ConfigDirectory(optstate->value);
|
||||
break;
|
||||
|
||||
case 'i':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
inFile = PR_Open(optstate->value, PR_RDONLY, 0);
|
||||
if (!inFile) {
|
||||
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
|
||||
@@ -235,6 +246,7 @@ main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
case 'o':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
outFile = fopen(optstate->value, "w");
|
||||
if (!outFile) {
|
||||
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
|
||||
@@ -244,11 +256,13 @@ main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
case 'p':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
pwdata.source = PW_PLAINTEXT;
|
||||
pwdata.data = PORT_Strdup (optstate->value);
|
||||
break;
|
||||
|
||||
case 'f':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
pwdata.source = PW_FROMFILE;
|
||||
pwdata.data = PORT_Strdup (optstate->value);
|
||||
break;
|
||||
Index: ./mozilla/security/nss/cmd/p7env/p7env.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/p7env/p7env.c,v
|
||||
retrieving revision 1.10
|
||||
diff -u -p -r1.10 p7env.c
|
||||
--- ./mozilla/security/nss/cmd/p7env/p7env.c 11 Feb 2010 02:39:47 -0000 1.10
|
||||
+++ ./mozilla/security/nss/cmd/p7env/p7env.c 2 Mar 2010 18:29:48 -0000
|
||||
@@ -63,7 +63,7 @@ extern int fprintf(FILE *, char *, ...);
|
||||
|
||||
|
||||
static void
|
||||
-Usage(char *progName)
|
||||
+Usage(const char *progName)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage: %s -r recipient [-d dbdir] [-i input] [-o output]\n",
|
||||
@@ -159,6 +159,15 @@ EncryptFile(FILE *outFile, FILE *inFile,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static void
|
||||
+PrintMsgAndExit(const char *progName, char opt)
|
||||
+{
|
||||
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
|
||||
+ Usage(progName);
|
||||
+}
|
||||
+
|
||||
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
|
||||
+
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
@@ -194,10 +203,12 @@ main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
case 'd':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
SECU_ConfigDirectory(optstate->value);
|
||||
break;
|
||||
|
||||
case 'i':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
inFile = fopen(optstate->value, "r");
|
||||
if (!inFile) {
|
||||
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
|
||||
@@ -207,6 +218,7 @@ main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
case 'o':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
outFile = fopen(optstate->value, "wb");
|
||||
if (!outFile) {
|
||||
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
|
||||
@@ -216,6 +228,7 @@ main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
case 'r':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
if (rcpt == NULL) {
|
||||
recipients = rcpt = PORT_Alloc (sizeof(struct recipient));
|
||||
} else {
|
||||
Index: ./mozilla/security/nss/cmd/p7sign/p7sign.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/p7sign/p7sign.c,v
|
||||
retrieving revision 1.14
|
||||
diff -u -p -r1.14 p7sign.c
|
||||
--- ./mozilla/security/nss/cmd/p7sign/p7sign.c 4 Aug 2008 22:58:28 -0000 1.14
|
||||
+++ ./mozilla/security/nss/cmd/p7sign/p7sign.c 2 Mar 2010 18:29:48 -0000
|
||||
@@ -67,7 +67,7 @@ extern int fprintf(FILE *, char *, ...);
|
||||
static secuPWData pwdata = { PW_NONE, 0 };
|
||||
|
||||
static void
|
||||
-Usage(char *progName)
|
||||
+Usage(const char *progName)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage: %s -k keyname [-d keydir] [-i input] [-o output]\n",
|
||||
@@ -173,6 +173,15 @@ SignFile(FILE *outFile, PRFileDesc *inFi
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static void
|
||||
+PrintMsgAndExit(const char *progName, char opt)
|
||||
+{
|
||||
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
|
||||
+ Usage(progName);
|
||||
+}
|
||||
+
|
||||
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
|
||||
+
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
@@ -210,10 +219,12 @@ main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
case 'd':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
SECU_ConfigDirectory(optstate->value);
|
||||
break;
|
||||
|
||||
case 'i':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
inFile = PR_Open(optstate->value, PR_RDONLY, 0);
|
||||
if (!inFile) {
|
||||
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
|
||||
@@ -223,10 +234,12 @@ main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
case 'k':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
keyName = strdup(optstate->value);
|
||||
break;
|
||||
|
||||
case 'o':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
outFile = fopen(optstate->value, "wb");
|
||||
if (!outFile) {
|
||||
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
|
||||
@@ -235,11 +248,13 @@ main(int argc, char **argv)
|
||||
}
|
||||
break;
|
||||
case 'p':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
pwdata.source = PW_PLAINTEXT;
|
||||
pwdata.data = strdup (optstate->value);
|
||||
break;
|
||||
|
||||
case 'f':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
pwdata.source = PW_FROMFILE;
|
||||
pwdata.data = PORT_Strdup (optstate->value);
|
||||
break;
|
||||
Index: ./mozilla/security/nss/cmd/p7verify/p7verify.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/p7verify/p7verify.c,v
|
||||
retrieving revision 1.10
|
||||
diff -u -p -r1.10 p7verify.c
|
||||
--- ./mozilla/security/nss/cmd/p7verify/p7verify.c 8 Aug 2008 23:47:57 -0000 1.10
|
||||
+++ ./mozilla/security/nss/cmd/p7verify/p7verify.c 2 Mar 2010 18:29:48 -0000
|
||||
@@ -126,7 +126,7 @@ DigestFile(unsigned char *digest, unsign
|
||||
|
||||
|
||||
static void
|
||||
-Usage(char *progName)
|
||||
+Usage(const char *progName)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage: %s -c content -s signature [-d dbdir] [-u certusage]\n",
|
||||
@@ -209,6 +209,14 @@ HashDecodeAndVerify(FILE *out, FILE *con
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static void
|
||||
+PrintMsgAndExit(const char *progName, char opt)
|
||||
+{
|
||||
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
|
||||
+ Usage(progName);
|
||||
+}
|
||||
+
|
||||
+#define REQUIRE_ARG(opt,arg) if (!(arg)) PrintMsgAndExit(progName, opt)
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
@@ -239,6 +247,7 @@ main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
case 'c':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
contentFile = fopen(optstate->value, "r");
|
||||
if (!contentFile) {
|
||||
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
|
||||
@@ -248,10 +257,12 @@ main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
case 'd':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
SECU_ConfigDirectory(optstate->value);
|
||||
break;
|
||||
|
||||
case 'o':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
outFile = fopen(optstate->value, "w");
|
||||
if (!outFile) {
|
||||
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
|
||||
@@ -261,6 +272,7 @@ main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
case 's':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
signatureFile = PR_Open(optstate->value, PR_RDONLY, 0);
|
||||
if (!signatureFile) {
|
||||
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
|
||||
@@ -271,7 +283,7 @@ main(int argc, char **argv)
|
||||
|
||||
case 'u': {
|
||||
int usageType;
|
||||
-
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
usageType = atoi (strdup(optstate->value));
|
||||
if (usageType < certUsageSSLClient || usageType > certUsageAnyCA)
|
||||
return -1;
|
||||
Index: ./mozilla/security/nss/cmd/strsclnt/strsclnt.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/strsclnt/strsclnt.c,v
|
||||
retrieving revision 1.66
|
||||
diff -u -p -r1.66 strsclnt.c
|
||||
--- ./mozilla/security/nss/cmd/strsclnt/strsclnt.c 10 Feb 2010 18:07:20 -0000 1.66
|
||||
+++ ./mozilla/security/nss/cmd/strsclnt/strsclnt.c 2 Mar 2010 18:29:51 -0000
|
||||
@@ -1325,6 +1325,15 @@ done:
|
||||
return rv;
|
||||
}
|
||||
|
||||
+static void
|
||||
+PrintMsgAndExit(const char *progName, char opt)
|
||||
+{
|
||||
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
|
||||
+ Usage(progName);
|
||||
+}
|
||||
+
|
||||
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
|
||||
+
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
@@ -1364,33 +1373,57 @@ main(int argc, char **argv)
|
||||
|
||||
case 'B': bypassPKCS11 = PR_TRUE; break;
|
||||
|
||||
- case 'C': cipherString = optstate->value; break;
|
||||
+ case 'C':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ cipherString = optstate->value;
|
||||
+ break;
|
||||
|
||||
case 'D': NoDelay = PR_TRUE; break;
|
||||
|
||||
case 'N': NoReuse = 1; break;
|
||||
|
||||
- case 'P': fullhs = PORT_Atoi(optstate->value); break;
|
||||
+ case 'P':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ fullhs = PORT_Atoi(optstate->value);
|
||||
+ break;
|
||||
|
||||
case 'T': disableTLS = PR_TRUE; break;
|
||||
|
||||
case 'U': ThrottleUp = PR_TRUE; break;
|
||||
|
||||
- case 'a': sniHostName = PL_strdup(optstate->value); break;
|
||||
+ case 'a':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ sniHostName = PL_strdup(optstate->value);
|
||||
+ break;
|
||||
|
||||
- case 'c': connections = PORT_Atoi(optstate->value); break;
|
||||
+ case 'c':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ connections = PORT_Atoi(optstate->value);
|
||||
+ break;
|
||||
|
||||
- case 'd': dir = optstate->value; break;
|
||||
+ case 'd':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ dir = optstate->value;
|
||||
+ break;
|
||||
|
||||
- case 'f': fileName = optstate->value; break;
|
||||
+ case 'f':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ fileName = optstate->value;
|
||||
+ break;
|
||||
|
||||
case 'i': ignoreErrors = PR_TRUE; break;
|
||||
|
||||
- case 'n': nickName = PL_strdup(optstate->value); break;
|
||||
+ case 'n':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ nickName = PL_strdup(optstate->value);
|
||||
+ break;
|
||||
|
||||
case 'o': MakeCertOK++; break;
|
||||
|
||||
- case 'p': port = PORT_Atoi(optstate->value); break;
|
||||
+ case 'p':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ port = PORT_Atoi(optstate->value);
|
||||
+ break;
|
||||
|
||||
case 'q': QuitOnTimeout = PR_TRUE; break;
|
||||
|
||||
@@ -1407,11 +1440,13 @@ main(int argc, char **argv)
|
||||
case 'v': verbose++; break;
|
||||
|
||||
case 'w':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
pwdata.source = PW_PLAINTEXT;
|
||||
pwdata.data = PL_strdup(optstate->value);
|
||||
break;
|
||||
|
||||
case 'W':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
pwdata.source = PW_FROMFILE;
|
||||
pwdata.data = PL_strdup(optstate->value);
|
||||
break;
|
||||
@@ -1419,6 +1454,7 @@ main(int argc, char **argv)
|
||||
case 'z': enableCompression = PR_TRUE; break;
|
||||
|
||||
case 0: /* positional parameter */
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
if (hostName) {
|
||||
Usage(progName);
|
||||
}
|
||||
Index: ./mozilla/security/nss/cmd/tests/remtest.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/tests/remtest.c,v
|
||||
retrieving revision 1.5
|
||||
diff -u -p -r1.5 remtest.c
|
||||
--- ./mozilla/security/nss/cmd/tests/remtest.c 8 Aug 2008 23:48:09 -0000 1.5
|
||||
+++ ./mozilla/security/nss/cmd/tests/remtest.c 2 Mar 2010 18:29:51 -0000
|
||||
@@ -69,6 +69,15 @@ Usage(char *progName)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
+static void
|
||||
+PrintMsgAndExit(const char *progName, char opt)
|
||||
+{
|
||||
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
|
||||
+ Usage(progName);
|
||||
+}
|
||||
+
|
||||
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
|
||||
+
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
char * certDir = NULL;
|
||||
@@ -92,10 +101,12 @@ int main(int argc, char **argv)
|
||||
switch (optstate->option) {
|
||||
|
||||
case 'd':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
certDir = strdup(optstate->value);
|
||||
certDir = SECU_ConfigDirectory(certDir);
|
||||
break;
|
||||
case 't':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
tokenName = strdup(optstate->value);
|
||||
break;
|
||||
case 'r':
|
||||
Index: ./mozilla/security/nss/cmd/tstclnt/tstclnt.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/tstclnt/tstclnt.c,v
|
||||
retrieving revision 1.62
|
||||
diff -u -p -r1.62 tstclnt.c
|
||||
--- ./mozilla/security/nss/cmd/tstclnt/tstclnt.c 10 Feb 2010 18:07:21 -0000 1.62
|
||||
+++ ./mozilla/security/nss/cmd/tstclnt/tstclnt.c 2 Mar 2010 18:29:51 -0000
|
||||
@@ -497,6 +497,15 @@ separateReqHeader(const PRFileDesc* outF
|
||||
Usage(progName); \
|
||||
}
|
||||
|
||||
+static void
|
||||
+PrintMsgAndExit(const char *progName, char opt)
|
||||
+{
|
||||
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
|
||||
+ Usage(progName);
|
||||
+}
|
||||
+
|
||||
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
|
||||
+
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
PRFileDesc * s;
|
||||
@@ -563,38 +572,56 @@ int main(int argc, char **argv)
|
||||
|
||||
case 'B': bypassPKCS11 = 1; break;
|
||||
|
||||
- case 'S': skipProtoHeader = PR_TRUE; break;
|
||||
+ case 'S': skipProtoHeader = PR_TRUE; break;
|
||||
|
||||
case 'T': disableTLS = 1; break;
|
||||
|
||||
- case 'a': if (!hs1SniHostName) {
|
||||
- hs1SniHostName = PORT_Strdup(optstate->value);
|
||||
- } else if (!hs2SniHostName) {
|
||||
- hs2SniHostName = PORT_Strdup(optstate->value);
|
||||
- } else {
|
||||
- Usage(progName);
|
||||
- }
|
||||
- break;
|
||||
-
|
||||
- case 'c': cipherString = PORT_Strdup(optstate->value); break;
|
||||
-
|
||||
- case 'd': certDir = PORT_Strdup(optstate->value); break;
|
||||
+ case 'a':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ if (!hs1SniHostName) {
|
||||
+ hs1SniHostName = PORT_Strdup(optstate->value);
|
||||
+ } else if (!hs2SniHostName) {
|
||||
+ hs2SniHostName = PORT_Strdup(optstate->value);
|
||||
+ } else {
|
||||
+ Usage(progName);
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
+ case 'c':
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
+ cipherString = PORT_Strdup(optstate->value);
|
||||
+ break;
|
||||
+
|
||||
+ case 'd':
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
+ certDir = PORT_Strdup(optstate->value);
|
||||
+ break;
|
||||
|
||||
case 'f': clientSpeaksFirst = PR_TRUE; break;
|
||||
|
||||
- case 'h': host = PORT_Strdup(optstate->value); break;
|
||||
+ case 'h':
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
+ host = PORT_Strdup(optstate->value);
|
||||
+ break;
|
||||
|
||||
case 'm':
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
multiplier = atoi(optstate->value);
|
||||
if (multiplier < 0)
|
||||
multiplier = 0;
|
||||
break;
|
||||
|
||||
- case 'n': nickname = PORT_Strdup(optstate->value); break;
|
||||
+ case 'n':
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
+ nickname = PORT_Strdup(optstate->value);
|
||||
+ break;
|
||||
|
||||
case 'o': override = 1; break;
|
||||
|
||||
- case 'p': portno = (PRUint16)atoi(optstate->value); break;
|
||||
+ case 'p':
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
+ portno = (PRUint16)atoi(optstate->value);
|
||||
+ break;
|
||||
|
||||
case 'q': pingServerFirst = PR_TRUE; break;
|
||||
|
||||
@@ -604,17 +631,22 @@ int main(int argc, char **argv)
|
||||
|
||||
case 'v': verbose++; break;
|
||||
|
||||
- case 'r': renegotiationsToDo = atoi(optstate->value); break;
|
||||
-
|
||||
- case 'w':
|
||||
- pwdata.source = PW_PLAINTEXT;
|
||||
- pwdata.data = PORT_Strdup(optstate->value);
|
||||
- break;
|
||||
-
|
||||
- case 'W':
|
||||
- pwdata.source = PW_FROMFILE;
|
||||
- pwdata.data = PORT_Strdup(optstate->value);
|
||||
- break;
|
||||
+ case 'r':
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
+ renegotiationsToDo = atoi(optstate->value);
|
||||
+ break;
|
||||
+
|
||||
+ case 'w':
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
+ pwdata.source = PW_PLAINTEXT;
|
||||
+ pwdata.data = PORT_Strdup(optstate->value);
|
||||
+ break;
|
||||
+
|
||||
+ case 'W':
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
+ pwdata.source = PW_FROMFILE;
|
||||
+ pwdata.data = PORT_Strdup(optstate->value);
|
||||
+ break;
|
||||
|
||||
case 'x': useExportPolicy = 1; break;
|
||||
|
||||
Index: ./mozilla/security/nss/cmd/vfychain/vfychain.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/vfychain/vfychain.c,v
|
||||
retrieving revision 1.30
|
||||
diff -u -p -r1.30 vfychain.c
|
||||
--- ./mozilla/security/nss/cmd/vfychain/vfychain.c 1 Apr 2009 20:41:29 -0000 1.30
|
||||
+++ ./mozilla/security/nss/cmd/vfychain/vfychain.c 2 Mar 2010 18:29:52 -0000
|
||||
@@ -432,6 +432,15 @@ isOCSPEnabled()
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
+static void
|
||||
+PrintMsgAndExit(const char *progName, char opt)
|
||||
+{
|
||||
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
|
||||
+ Usage(progName);
|
||||
+}
|
||||
+
|
||||
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
|
||||
+
|
||||
int
|
||||
main(int argc, char *argv[], char *envp[])
|
||||
{
|
||||
@@ -469,12 +478,19 @@ main(int argc, char *argv[], char *envp[
|
||||
switch(optstate->option) {
|
||||
case 0 : /* positional parameter */ goto breakout;
|
||||
case 'a' : isAscii = PR_TRUE; break;
|
||||
- case 'b' : secStatus = DER_AsciiToTime(&time, optstate->value);
|
||||
- if (secStatus != SECSuccess) Usage(progName); break;
|
||||
- case 'd' : certDir = PL_strdup(optstate->value); break;
|
||||
+ case 'b' :
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ secStatus = DER_AsciiToTime(&time, optstate->value);
|
||||
+ if (secStatus != SECSuccess) Usage(progName);
|
||||
+ break;
|
||||
+ case 'd' :
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ certDir = PL_strdup(optstate->value);
|
||||
+ break;
|
||||
case 'e' : ocsp_fetchingFailureIsAFailure = PR_FALSE; break;
|
||||
case 'f' : certFetching = PR_TRUE; break;
|
||||
case 'g' :
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
if (revMethodsData[revDataIndex].testTypeStr ||
|
||||
revMethodsData[revDataIndex].methodTypeStr) {
|
||||
revDataIndex += 1;
|
||||
@@ -489,11 +505,13 @@ main(int argc, char *argv[], char *envp[
|
||||
revMethodsData[revDataIndex].
|
||||
testTypeStr = PL_strdup(optstate->value); break;
|
||||
case 'h' :
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
revMethodsData[revDataIndex].
|
||||
testFlagsStr = PL_strdup(optstate->value);break;
|
||||
case 'i' : vfyCounts = PORT_Atoi(optstate->value); break;
|
||||
break;
|
||||
case 'm' :
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
if (revMethodsData[revDataIndex].methodTypeStr) {
|
||||
revDataIndex += 1;
|
||||
if (revDataIndex == REV_METHOD_INDEX_MAX) {
|
||||
@@ -506,24 +524,33 @@ main(int argc, char *argv[], char *envp[
|
||||
useDefaultRevFlags = PR_FALSE;
|
||||
revMethodsData[revDataIndex].
|
||||
methodTypeStr = PL_strdup(optstate->value); break;
|
||||
- case 'o' : oidStr = PL_strdup(optstate->value); break;
|
||||
+ case 'o' :
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ oidStr = PL_strdup(optstate->value);
|
||||
+ break;
|
||||
case 'p' : usePkix += 1; break;
|
||||
case 'r' : isAscii = PR_FALSE; break;
|
||||
case 's' :
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
revMethodsData[revDataIndex].
|
||||
- methodFlagsStr = PL_strdup(optstate->value); break;
|
||||
+ methodFlagsStr = PL_strdup(optstate->value);
|
||||
+ break;
|
||||
case 't' : trusted = PR_TRUE; break;
|
||||
- case 'u' : usage = PORT_Atoi(optstate->value);
|
||||
+ case 'u' :
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
+ usage = PORT_Atoi(optstate->value);
|
||||
if (usage < 0 || usage > 62) Usage(progName);
|
||||
certUsage = ((SECCertificateUsage)1) << usage;
|
||||
if (certUsage > certificateUsageHighest) Usage(progName);
|
||||
break;
|
||||
case 'w':
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
pwdata.source = PW_PLAINTEXT;
|
||||
pwdata.data = PORT_Strdup(optstate->value);
|
||||
break;
|
||||
|
||||
case 'W':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
pwdata.source = PW_FROMFILE;
|
||||
pwdata.data = PORT_Strdup(optstate->value);
|
||||
break;
|
||||
Index: ./mozilla/security/nss/cmd/vfyserv/vfyserv.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/vfyserv/vfyserv.c,v
|
||||
retrieving revision 1.17
|
||||
diff -u -p -r1.17 vfyserv.c
|
||||
--- ./mozilla/security/nss/cmd/vfyserv/vfyserv.c 8 Aug 2008 23:48:12 -0000 1.17
|
||||
+++ ./mozilla/security/nss/cmd/vfyserv/vfyserv.c 2 Mar 2010 18:29:52 -0000
|
||||
@@ -419,6 +419,15 @@ client_main(unsigned short port,
|
||||
Usage(progName); \
|
||||
}
|
||||
|
||||
+static void
|
||||
+PrintMsgAndExit(const char *progName, char opt)
|
||||
+{
|
||||
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
|
||||
+ Usage(progName);
|
||||
+}
|
||||
+
|
||||
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
|
||||
+
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
@@ -442,23 +451,43 @@ main(int argc, char **argv)
|
||||
optstate = PL_CreateOptState(argc, argv, "C:cd:f:l:n:p:ot:w:");
|
||||
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
|
||||
switch(optstate->option) {
|
||||
- case 'C' : cipherString = PL_strdup(optstate->value); break;
|
||||
- case 'c' : dumpChain = PR_TRUE; break;
|
||||
- case 'd' : certDir = PL_strdup(optstate->value); break;
|
||||
- case 'l' : respUrl = PL_strdup(optstate->value); break;
|
||||
- case 'p' : port = PORT_Atoi(optstate->value); break;
|
||||
- case 'o' : doOcspCheck = PR_TRUE; break;
|
||||
- case 't' : respCertName = PL_strdup(optstate->value); break;
|
||||
- case 'w':
|
||||
+ case 'C' :
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ cipherString = PL_strdup(optstate->value);
|
||||
+ break;
|
||||
+ case 'c' : dumpChain = PR_TRUE;
|
||||
+ break;
|
||||
+ case 'd' :
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ certDir = PL_strdup(optstate->value);
|
||||
+ break;
|
||||
+ case 'l' :
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ respUrl = PL_strdup(optstate->value);
|
||||
+ break;
|
||||
+ case 'p' :
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
+ port = PORT_Atoi(optstate->value);
|
||||
+ break;
|
||||
+ case 'o' : doOcspCheck = PR_TRUE;
|
||||
+ break;
|
||||
+ case 't' :
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
+ respCertName = PL_strdup(optstate->value);
|
||||
+ break;
|
||||
+ case 'w' :
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
pwdata.source = PW_PLAINTEXT;
|
||||
pwdata.data = PORT_Strdup(optstate->value);
|
||||
break;
|
||||
-
|
||||
case 'f':
|
||||
+ REQUIRE_ARG(optstate->option, optstate->value);
|
||||
pwdata.source = PW_FROMFILE;
|
||||
pwdata.data = PORT_Strdup(optstate->value);
|
||||
break;
|
||||
- case '\0': hostName = PL_strdup(optstate->value); break;
|
||||
+ case '\0':
|
||||
+ REQUIRE_ARG(optstate->option,optstate->value);
|
||||
+ hostName = PL_strdup(optstate->value); break;
|
||||
default : Usage(progName);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue