rpms/nss
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to NSS_3_14_RC1

Browse Source 
- update nss-589636.patch to apply to httpdserv
- turn off ocsp tests for now
- remove no longer needed patches
- remove headers shipped by nss-util
This commit is contained in:
Elio Maldonado 2012-10-21 20:47:52 -04:00
parent 61aa73d6e8
commit 1f01ab68b1
9 changed files with 67 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Bug-772628-nss_Init-leaks-memory.patch
View File

@ -1,27 +0,0 @@
From ea14b3279da63a344dcaf3466592c2619025ac28 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 9 Jan 2012 14:10:07 +0100
Subject: [PATCH] nss - rhbz #772628 (fix a memory leak in nssinit.c) V2
---
mozilla/security/nss/lib/nss/nssinit.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/mozilla/security/nss/lib/nss/nssinit.c b/mozilla/security/nss/lib/nss/nssinit.c
index f1c0327..9fbbab7 100644
--- a/mozilla/security/nss/lib/nss/nssinit.c
+++ b/mozilla/security/nss/lib/nss/nssinit.c
@@ -754,6 +754,10 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
PZ_NotifyAllCondVar(nssInitCondition);
PZ_Unlock(nssInitLock);
+ if (initContextPtr && configStrings) {
+ PR_smprintf_free(configStrings);
+ }
+
return SECSuccess;
loser:
--
1.7.1

27
Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
View File

@ -1,27 +0,0 @@
diff -up ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 ./mozilla/security/nss/lib/nss/nssinit.c
--- ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 2011-10-19 17:41:09.148204402 -0700
+++ ./mozilla/security/nss/lib/nss/nssinit.c 2011-10-19 17:42:32.354416861 -0700
@@ -616,15 +616,19 @@ nss_Init(const char *configdir, const ch
passwordRequired = pk11_password_required;
}
- /* we always try to initialize the modules */
- rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
+ /* Skip the module init if we are already initted and we are trying
+ * to init with not noCertDB and noModDB */
+ if (!(isReallyInitted && noCertDB && noModDB)) {
+ /* we always try to initialize the modules */
+ rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
updateDir, updCertPrefix, updKeyPrefix, updateID,
updateName, configName, configStrings, passwordRequired,
readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
(initContextPtr != NULL));
- if (rv != SECSuccess) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}

15
Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
View File

@ -1,15 +0,0 @@
diff -up ./mozilla/security/nss/lib/nss/nssinit.c.800682 ./mozilla/security/nss/lib/nss/nssinit.c
--- ./mozilla/security/nss/lib/nss/nssinit.c.800682 2012-03-07 17:34:50.846174813 -0800
+++ ./mozilla/security/nss/lib/nss/nssinit.c 2012-03-07 17:36:12.545753433 -0800
@@ -1151,6 +1151,11 @@ SECStatus
NSS_Shutdown(void)
{
SECStatus rv;
+ /* make sure our lock and condition variable are initialized one and only
+ * one time */
+ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+ return SECFailure;
+ }
PZ_Lock(nssInitLock);
if (!nssIsInitted) {

40
bz784672-protect-against-calls-before-nss_init.patch
View File

@ -1,40 +0,0 @@
diff -up mozilla/security/nss/lib/nss/nssinit.c.784672 mozilla/security/nss/lib/nss/nssinit.c
--- mozilla/security/nss/lib/nss/nssinit.c.784672 2012-01-26 14:43:46.232357231 -0800
+++ mozilla/security/nss/lib/nss/nssinit.c 2012-01-26 14:50:55.830512565 -0800
@@ -944,6 +944,12 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sF
{
int i;
+ /* make sure our lock and condition variable are initialized one and only
+ * one time */
+ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+ return SECFailure;
+ }
+
PZ_Lock(nssInitLock);
if (!NSS_IsInitialized()) {
PZ_Unlock(nssInitLock);
@@ -1002,6 +1008,11 @@ NSS_UnregisterShutdown(NSS_ShutdownFunc
{
int i;
+ /* make sure our lock and condition variable are initialized one and only
+ * one time */
+ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+ return SECFailure;
+ }
PZ_Lock(nssInitLock);
if (!NSS_IsInitialized()) {
PZ_Unlock(nssInitLock);
@@ -1192,6 +1203,11 @@ NSS_ShutdownContext(NSSInitContext *cont
{
SECStatus rv = SECSuccess;
+ /* make sure our lock and condition variable are initialized one and only
+ * one time */
+ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+ return SECFailure;
+ }
PZ_Lock(nssInitLock);
/* If one or more threads are in the middle of init, wait for them
* to complete */

19
nofipstest.patch
View File

@ -1,19 +0,0 @@
diff -up ./mozilla/security/nss/cmd/manifest.mn.nofipstest ./mozilla/security/nss/cmd/manifest.mn
--- ./mozilla/security/nss/cmd/manifest.mn.nofipstest 2011-12-03 22:54:40.969914919 -0800
+++ ./mozilla/security/nss/cmd/manifest.mn 2011-12-03 22:55:12.348505822 -0800
@@ -54,7 +54,6 @@ DIRS = lib \
dbtest \
derdump \
digest \
- fipstest \
makepqg \
multinit \
ocspclnt \
@@ -84,6 +83,7 @@ DIRS = lib \
$(NULL)
TEMPORARILY_DONT_BUILD = \
+ fipstest \
$(NULL)
# rsaperf \

9
nss-3.14.0.0-disble-ocsp-test.patch Normal file
View File

@ -0,0 +1,9 @@
diff -up ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test ./mozilla/security/nss/tests/chains/scenarios/scenarios
--- ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test 2012-10-12 09:30:07.264987000 -0700
+++ ./mozilla/security/nss/tests/chains/scenarios/scenarios 2012-10-12 09:34:55.653123000 -0700
@@ -49,5 +49,4 @@ bridgewithpolicyextensionandmapping.cfg
realcerts.cfg
dsa.cfg
revoc.cfg
-ocsp.cfg
crldp.cfg

43
nss-539183.patch
View File

@ -1,7 +1,42 @@
diff -up ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 ./mozilla/security/nss/cmd/selfserv/selfserv.c
--- ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 2011-10-06 10:42:06.913919000 -0700
+++ ./mozilla/security/nss/cmd/selfserv/selfserv.c 2011-10-06 10:43:14.858987000 -0700
@@ -1491,14 +1491,18 @@ getBoundListenSocket(unsigned short port
Index: ./mozilla/security/nss/cmd/httpserv/httpserv.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/httpserv/httpserv.c,v
retrieving revision 1.1
diff -u -p -r1.1 httpserv.c
--- ./mozilla/security/nss/cmd/httpserv/httpserv.c 28 Jun 2012 11:11:06 -0000 1.1
+++ ./mozilla/security/nss/cmd/httpserv/httpserv.c 21 Oct 2012 22:22:10 -0000
@@ -661,14 +661,18 @@ getBoundListenSocket(unsigned short port
PRStatus prStatus;
PRNetAddr addr;
PRSocketOptionData opt;
+ PRUint16 socketDomain = PR_AF_INET;
- addr.inet.family = PR_AF_INET;
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
+ errExit("PR_SetNetAddr");
+ }
- listen_sock = PR_NewTCPSocket();
+ if (PR_GetEnv("NSS_USE_SDP")) {
+ socketDomain = PR_AF_INET_SDP;
+ }
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
if (listen_sock == NULL) {
- errExit("PR_NewTCPSocket");
+ errExit("PR_OpenTCPSocket error");
}
opt.option = PR_SockOpt_Nonblocking;
Index: ./mozilla/security/nss/cmd/selfserv/selfserv.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
retrieving revision 1.102
diff -u -p -r1.102 selfserv.c
--- ./mozilla/security/nss/cmd/selfserv/selfserv.c 27 Sep 2012 17:13:34 -0000 1.102
+++ ./mozilla/security/nss/cmd/selfserv/selfserv.c 21 Oct 2012 22:22:10 -0000
@@ -1483,14 +1483,18 @@ getBoundListenSocket(unsigned short port
PRStatus prStatus;
PRNetAddr addr;
PRSocketOptionData opt;

12
nss-fix-gcc47-secmodt.patch
View File

@ -1,12 +0,0 @@
diff -up ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 ./mozilla/security/nss/lib/softoken/secmodt.h
--- ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 2012-02-29 16:27:58.474061098 -0800
+++ ./mozilla/security/nss/lib/softoken/secmodt.h 2012-02-29 16:30:55.604349312 -0800
@@ -342,7 +342,7 @@ typedef PRUint32 PK11AttrFlags;
#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
#define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
-"Flags=internal,critical" fips " slotparams=(" #slot "={" SECMOD_SLOT_FLAGS "})"
+"Flags=internal,critical" fips" slotparams=("#slot"={" SECMOD_SLOT_FLAGS"})"
#define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
#define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1)

45
nss.spec
View File

@ -1,13 +1,13 @@
%global nspr_version 4.9.2
%global nss_util_version 3.13.6
%global nss_util_version 3.14
%global nss_softokn_fips_version 3.12.9
%global nss_softokn_version 3.13.6
%global nss_softokn_version 3.14
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
Summary: Network Security Services
Name: nss
Version: 3.13.6
Release: 1%{?dist}
Version: 3.14
Release: 0.1%{?dist}.rc1.1
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@ -62,22 +62,10 @@ Patch18: nss-646045.patch
# must statically link pem against the freebl in the buildroot
# Needed only when freebl on tree has newe APIS
Patch25: nsspem-use-system-freebl.patch
# don't compile the fipstest application
Patch26: nofipstest.patch
# This patch is currently meant for stable branches
Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
Patch30: bz784672-protect-against-calls-before-nss_init.patch
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734484
Patch32: Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
Patch33: Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=745224
Patch34: Bug-772628-nss_Init-leaks-memory.patch
# TODO: Remove this patch when the ocsp test are fixed
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@ -157,14 +145,9 @@ low level services.
%patch18 -p0 -b .646045
# link pem against buildroot's freebl, esential wen mixing and matching
%patch25 -p0 -b .systemfreebl
%patch26 -p0 -b .nofipstest
# activate only if requested for this branch
#%patch29 -p0 -b .770682
%patch30 -p0 -b .784672
%patch32 -p0 -b .800674
%patch33 -p0 -b .800682
%patch34 -p1 -b .772628
%patch40 -p1 -b .noocsptest
%build
@ -342,7 +325,7 @@ cd ./mozilla/security/nss/tests/
# don't need to run all the tests when testing packaging
# nss_cycles: standard pkix upgradedb sharedb
# nss_tests: cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains
nss_tests="cipher libpkix cert dbtests tools fips sdr crmf smime ssl merge pkits chains"
# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
# nss_ssl_run: cov auth stress
#
@ -457,8 +440,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoid.h
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoidt.h
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secport.h
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilrename.h
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilmodt.h
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilpars.h
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilparst.h
#remove the nss-softokn-devel and nss-softokn-freebl-devel headers
#remove headers shipped nss-softokn-devel and nss-softokn-freebl-devel
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/alghmac.h
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/blapit.h
rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/ecl-exp.h
@ -594,6 +580,13 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
* Sun Oct 21 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-0.1.rc.1
- Update to NSS_3_14_RC1
- update nss-589636.patch to apply to httpdserv
- turn off ocsp tests for now
- remove no longer needed patches
- remove headers shipped by nss-util
* Fri Oct 05 2012 Kai Engert <kaie@redhat.com> - 3.13.6-1
- Update to NSS_3_13_6_RTM