Thu Jan 21 2021 Bob Relyea <rrelyea@redhat.com> - 3.60.1-1
Update to NSS 3.60.1 Drop NODEPEND_FREEBL and LOWHASH bug 1919033
This commit is contained in:
Bob Relyea
parent
6f68ada6a7
commit
245982b2c4
1
.gitignore
vendored
1
.gitignore
vendored
@ -57,3 +57,4 @@ TestUser51.cert
|
|||||||
/nss-3.58.tar.gz
|
/nss-3.58.tar.gz
|
||||||
/nspr-4.29.tar.gz
|
/nspr-4.29.tar.gz
|
||||||
/nss-3.59.tar.gz
|
/nss-3.59.tar.gz
|
||||||
|
/nss-3.60.1.tar.gz
|
||||||
|
|||||||
19
nss-turn-off-expired-ocsp-cert.patch
Normal file
19
nss-turn-off-expired-ocsp-cert.patch
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
diff --git a/tests/chains/scenarios/nameconstraints.cfg b/tests/chains/scenarios/nameconstraints.cfg
|
||||||
|
--- a/tests/chains/scenarios/nameconstraints.cfg
|
||||||
|
+++ b/tests/chains/scenarios/nameconstraints.cfg
|
||||||
|
@@ -159,12 +159,12 @@ verify NameConstraints.dcissblocked:x
|
||||||
|
verify NameConstraints.dcissallowed:x
|
||||||
|
result pass
|
||||||
|
|
||||||
|
# Subject: "O = IPA.LOCAL 201901211552, CN = OCSP Subsystem"
|
||||||
|
#
|
||||||
|
# This tests that a non server certificate (i.e. id-kp-serverAuth
|
||||||
|
# not present in EKU) does *NOT* have CN treated as dnsName for
|
||||||
|
# purposes of Name Constraints validation
|
||||||
|
-verify NameConstraints.ocsp1:x
|
||||||
|
- usage 10
|
||||||
|
- result pass
|
||||||
|
+#verify NameConstraints.ocsp1:x
|
||||||
|
+# usage 10
|
||||||
|
+# result pass
|
||||||
|
|
||||||
19
nss.spec
19
nss.spec
@ -2,8 +2,8 @@
|
|||||||
# NOTE: To avoid NVR clashes of nspr* packages:
|
# NOTE: To avoid NVR clashes of nspr* packages:
|
||||||
# - reset %%{nspr_release} to 1, when updating %%{nspr_version}
|
# - reset %%{nspr_release} to 1, when updating %%{nspr_version}
|
||||||
# - increment %%{nspr_version}, when updating the NSS part only
|
# - increment %%{nspr_version}, when updating the NSS part only
|
||||||
%global nspr_release 9
|
%global nspr_release 10
|
||||||
%global nss_version 3.59.0
|
%global nss_version 3.60.1
|
||||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
%global saved_files_dir %{_libdir}/nss/saved
|
%global saved_files_dir %{_libdir}/nss/saved
|
||||||
%global dracutlibdir %{_prefix}/lib/dracut
|
%global dracutlibdir %{_prefix}/lib/dracut
|
||||||
@ -53,7 +53,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
|||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: %{nss_version}
|
Version: %{nss_version}
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Requires: nspr >= %{nspr_version}
|
Requires: nspr >= %{nspr_version}
|
||||||
@ -118,6 +118,7 @@ Patch2: nss-539183.patch
|
|||||||
# but it doesn't hurt to keep it.
|
# but it doesn't hurt to keep it.
|
||||||
Patch4: iquote.patch
|
Patch4: iquote.patch
|
||||||
Patch12: nss-signtool-format.patch
|
Patch12: nss-signtool-format.patch
|
||||||
|
Patch13: nss-turn-off-expired-ocsp-cert.patch
|
||||||
%if 0%{?fedora} < 34
|
%if 0%{?fedora} < 34
|
||||||
%if 0%{?rhel} < 9
|
%if 0%{?rhel} < 9
|
||||||
Patch20: nss-gcm-param-default-pkcs11v2.patch
|
Patch20: nss-gcm-param-default-pkcs11v2.patch
|
||||||
@ -125,8 +126,6 @@ Patch20: nss-gcm-param-default-pkcs11v2.patch
|
|||||||
%endif
|
%endif
|
||||||
# can drop this patch when the underlying btrfs/sqlite issue is solved
|
# can drop this patch when the underlying btrfs/sqlite issue is solved
|
||||||
Patch30: nss-fedora-btrf-sql-hack.patch
|
Patch30: nss-fedora-btrf-sql-hack.patch
|
||||||
# can drop this patch once crypto-policies has been updated
|
|
||||||
Patch31: nss-3.53.1-revert_rhel8_unsafe_policy_change.patch
|
|
||||||
|
|
||||||
Patch100: nspr-config-pc.patch
|
Patch100: nspr-config-pc.patch
|
||||||
Patch101: nspr-gcc-atomics.patch
|
Patch101: nspr-gcc-atomics.patch
|
||||||
@ -348,13 +347,13 @@ popd
|
|||||||
# This package fails its testsuite with LTO. Disable LTO for now
|
# This package fails its testsuite with LTO. Disable LTO for now
|
||||||
%global _lto_cflags %{nil}
|
%global _lto_cflags %{nil}
|
||||||
|
|
||||||
export FREEBL_NO_DEPEND=1
|
#export FREEBL_NO_DEPEND=1
|
||||||
|
|
||||||
# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets
|
# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets
|
||||||
# copied to dist and the rpm install phase can find it
|
# copied to dist and the rpm install phase can find it
|
||||||
# This due of the upstream changes to fix
|
# This due of the upstream changes to fix
|
||||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=717906
|
# https://bugzilla.mozilla.org/show_bug.cgi?id=717906
|
||||||
export FREEBL_LOWHASH=1
|
# export FREEBL_LOWHASH=1
|
||||||
|
|
||||||
# uncomment if the iquote patch is activated
|
# uncomment if the iquote patch is activated
|
||||||
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
||||||
@ -393,6 +392,8 @@ export NSS_USE_SYSTEM_SQLITE=1
|
|||||||
|
|
||||||
export NSS_ALLOW_SSLKEYLOGFILE=1
|
export NSS_ALLOW_SSLKEYLOGFILE=1
|
||||||
|
|
||||||
|
export NSS_SEED_ONLY_DEV_URANDOM=1
|
||||||
|
|
||||||
%if %{with dbm}
|
%if %{with dbm}
|
||||||
%else
|
%else
|
||||||
export NSS_DISABLE_DBM=1
|
export NSS_DISABLE_DBM=1
|
||||||
@ -1048,6 +1049,10 @@ update-crypto-policies &> /dev/null || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 21 2021 Bob Relyea <rrelyea@redhat.com> - 3.60.1-1
|
||||||
|
- Update to NSS 3.60.1
|
||||||
|
- Drop NODEPEND_FREEBL and LOWHASH
|
||||||
|
|
||||||
* Fri Dec 11 2020 Bob Relyea <rrelyea@redhat.com> - 3.59.0-2
|
* Fri Dec 11 2020 Bob Relyea <rrelyea@redhat.com> - 3.59.0-2
|
||||||
- Work around btrfs/sqlite bug
|
- Work around btrfs/sqlite bug
|
||||||
- Disable new policy entries until crypto-polices has been updated
|
- Disable new policy entries until crypto-polices has been updated
|
||||||
|
|||||||
8
sources
8
sources
@ -1,7 +1 @@
|
|||||||
SHA512 (blank-cert8.db) = ac131d15708c5f1b5e467831f919f4fc4ba13b60a4bb5fe260c845fa9afcd899a588d21ed52060abaa1bbb29f2b53af8b495d28407183cb03aff1974f95f1d3d
|
SHA512 (nss-3.60.1.tar.gz) = ba398ddad6f90f3562a041b7fd5fc7b72eb20961cc5c1f4890c3b0d95d438404b26ae6feb54cb8c650707134479a915e1f522f0e9257bc2ede053dd0811156d5
|
||||||
SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
|
|
||||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
|
||||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
|
||||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
|
||||||
SHA512 (nspr-4.29.tar.gz) = ba5ac275fe0beb69d7a7674c9ee9e4429bd5761daed285edd975ccc829af30d062bf4a0f5e44361e3bd191f21b1905f96ab146d53b55324020f13ecb3c05609b
|
|
||||||
SHA512 (nss-3.59.tar.gz) = 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user