import nss-3.67.0-2.el8_4
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
1d082b272e
commit
610c3a152d
|
|
@ -4,5 +4,4 @@ SOURCES/blank-cert9.db
|
|||
SOURCES/blank-key3.db
|
||||
SOURCES/blank-key4.db
|
||||
SOURCES/blank-secmod.db
|
||||
SOURCES/nss-3.66.tar.gz
|
||||
SOURCES/nss-softokn-cavs-1.0.tar.gz
|
||||
SOURCES/nss-3.67.tar.gz
|
||||
|
|
|
|||
|
|
@ -4,5 +4,4 @@ b5570125fbf6bfb410705706af48217a0817c03a SOURCES/blank-cert9.db
|
|||
7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 SOURCES/blank-key3.db
|
||||
f9c9568442386da370193474de1b25c3f68cdaf6 SOURCES/blank-key4.db
|
||||
bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 SOURCES/blank-secmod.db
|
||||
c0d452f828e16e3345e891fe2bd016250f1b51e1 SOURCES/nss-3.66.tar.gz
|
||||
d8a7f044570732caf4ed06fd44a63b3e86ea2a16 SOURCES/nss-softokn-cavs-1.0.tar.gz
|
||||
9cccf98f0476905c0d863a6b2cb08a1955482241 SOURCES/nss-3.67.tar.gz
|
||||
|
|
|
|||
|
|
@ -0,0 +1,16 @@
|
|||
diff -up ./tests/common/parsegtestreport.sed.new_gtest ./tests/common/parsegtestreport.sed
|
||||
--- ./tests/common/parsegtestreport.sed.new_gtest 2021-06-17 16:26:49.361035662 -0700
|
||||
+++ ./tests/common/parsegtestreport.sed 2021-06-17 16:49:08.512261136 -0700
|
||||
@@ -1,8 +1,11 @@
|
||||
/\<testcase/{
|
||||
- s/^.* name="\([^"]*\)" value_param="\([^"]*\)" status="\([^"]*\)" time="[^"]*" classname="\([^"]*\)".*$/\3 '\4: \1 \2'/
|
||||
+ s/^.* name="\([^"]*\)" value_param="\([^"]*\)" status="\([^"]*\)" time="[^"]*" classname="\([^"]*\).*$/\3 '\4: \1 \2'/
|
||||
t end
|
||||
s/^.* name="\([^"]*\)" status="\([^"]*\)" time="[^"]*" classname="\([^"]*\)".*$/\2 '\3: \1'/
|
||||
t end
|
||||
+ s/^.* name="\([^"]*\)" value_param="\([^"]*\)" status="\([^"]*\)" result="[^"]*" time="[^"]*" timestamp="[^"]*" classname="\([^"]*\)".*$/\3 '\4: \1 \2'/
|
||||
+ t end
|
||||
+ s/^.* name="\([^"]*\)" status="\([^"]*\)" result="[^"]*" time="[^"]*" timestamp="[^"]*" classname="\([^"]*\)".*$/\2 '\3: \1'/
|
||||
}
|
||||
d
|
||||
: end
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
diff --git a/lib/freebl/ppc-gcm.s b/lib/freebl/ppc-gcm.s
|
||||
--- a/lib/freebl/ppc-gcm.s
|
||||
+++ b/lib/freebl/ppc-gcm.s
|
||||
@@ -692,7 +692,6 @@
|
||||
|
||||
mtctr 9
|
||||
|
||||
- li 10, 0
|
||||
li 25, 0x10
|
||||
li 26, 0x20
|
||||
li 27, 0x30
|
||||
@@ -703,6 +702,7 @@
|
||||
|
||||
.align 5
|
||||
.L8x_loop:
|
||||
+ li 10, 0
|
||||
VEC_LOAD_INC K, KS, 10
|
||||
|
||||
vadduwm CTR1, CTR, I1
|
||||
diff --git a/lib/freebl/ppc-gcm-wrap.c b/lib/freebl/ppc-gcm-wrap.c
|
||||
--- a/lib/freebl/ppc-gcm-wrap.c
|
||||
+++ b/lib/freebl/ppc-gcm-wrap.c
|
||||
@@ -155,7 +155,7 @@
|
||||
/* Promote the counter by 1 */
|
||||
gcm->CTR[14] += !(++gcm->CTR[15]);
|
||||
gcm->CTR[13] += !(gcm->CTR[15]) && !(gcm->CTR[14]);
|
||||
- gcm->CTR[12] += !(gcm->CTR[15]) && !(gcm->CTR[13]) && !(gcm->CTR[12]);
|
||||
+ gcm->CTR[12] += !(gcm->CTR[15]) && !(gcm->CTR[14]) && !(gcm->CTR[13]);
|
||||
|
||||
/* Now hash AAD - it would actually make sense to seperate the context
|
||||
* creation from the AAD, because that would allow to reuse the H, which
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
diff -up ./lib/pk11wrap/pk11cxt.c.coverity ./lib/pk11wrap/pk11cxt.c
|
||||
--- ./lib/pk11wrap/pk11cxt.c.coverity 2021-06-18 09:36:19.499203028 -0700
|
||||
+++ ./lib/pk11wrap/pk11cxt.c 2021-06-18 09:37:57.993765299 -0700
|
||||
@@ -382,7 +382,7 @@ pk11_CreateNewContextInSlot(CK_MECHANISM
|
||||
* of the connection.*/
|
||||
context->fortezzaHack = PR_FALSE;
|
||||
if (type == CKM_SKIPJACK_CBC64) {
|
||||
- if (symKey->origin == PK11_OriginFortezzaHack) {
|
||||
+ if (symKey && (symKey->origin == PK11_OriginFortezzaHack)) {
|
||||
context->fortezzaHack = PR_TRUE;
|
||||
}
|
||||
}
|
||||
diff -up ./lib/pk11wrap/pk11hpke.c.coverity ./lib/pk11wrap/pk11hpke.c
|
||||
--- ./lib/pk11wrap/pk11hpke.c.coverity 2021-06-18 13:40:05.410644464 -0700
|
||||
+++ ./lib/pk11wrap/pk11hpke.c 2021-06-18 13:42:40.627606469 -0700
|
||||
@@ -1164,8 +1164,6 @@ PK11_HPKE_Seal(HpkeContext *cx, const SE
|
||||
unsigned char tagBuf[HASH_LENGTH_MAX];
|
||||
size_t tagLen;
|
||||
unsigned int fixedBits;
|
||||
- PORT_Assert(cx->baseNonce->len == sizeof(ivOut));
|
||||
- PORT_Memcpy(ivOut, cx->baseNonce->data, cx->baseNonce->len);
|
||||
|
||||
/* aad may be NULL, PT may be zero-length but not NULL. */
|
||||
if (!cx || !cx->aeadContext ||
|
||||
@@ -1176,6 +1174,9 @@ PK11_HPKE_Seal(HpkeContext *cx, const SE
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
+ PORT_Assert(cx->baseNonce->len == sizeof(ivOut));
|
||||
+ PORT_Memcpy(ivOut, cx->baseNonce->data, cx->baseNonce->len);
|
||||
+
|
||||
tagLen = cx->aeadParams->tagLen;
|
||||
maxOut = pt->len + tagLen;
|
||||
fixedBits = (cx->baseNonce->len - 8) * 8;
|
||||
diff -up ./lib/softoken/sftkike.c.coverity ./lib/softoken/sftkike.c
|
||||
--- ./lib/softoken/sftkike.c.coverity 2021-06-18 09:33:59.633405513 -0700
|
||||
+++ ./lib/softoken/sftkike.c 2021-06-18 09:34:20.305523382 -0700
|
||||
@@ -1411,7 +1411,6 @@ sftk_fips_IKE_PowerUpSelfTests(void)
|
||||
(outKeySize != sizeof(ike_known_sha256_prf_plus)) ||
|
||||
(PORT_Memcmp(outKeyData, ike_known_sha256_prf_plus,
|
||||
sizeof(ike_known_sha256_prf_plus)) != 0)) {
|
||||
- PORT_ZFree(outKeyData, outKeySize);
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
return SECFailure;
|
||||
}
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
%global nspr_build_version 4.25.0
|
||||
%global nspr_version 4.25.0
|
||||
%global nss_version 3.66.0
|
||||
%global nss_version 3.67.0
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global saved_files_dir %{_libdir}/nss/saved
|
||||
%global dracutlibdir %{_prefix}/lib/dracut
|
||||
|
|
@ -93,7 +93,6 @@ Source25: key3.db.xml
|
|||
Source26: key4.db.xml
|
||||
Source27: secmod.db.xml
|
||||
Source28: nss-p11-kit.config
|
||||
Source29: nss-softokn-cavs-1.0.tar.gz
|
||||
Source30: PayPalEE.cert
|
||||
|
||||
# To inject hardening flags for DSO
|
||||
|
|
@ -150,8 +149,10 @@ Patch225: nss-3.53-fix-private_key_mac.patch
|
|||
Patch229: nss-3.53.1-measure-fix.patch
|
||||
# no upstream bug yet
|
||||
Patch230: nss-3.66-no-small-primes.patch
|
||||
#
|
||||
Patch231: nss-3.66-ppcle-fix.patch
|
||||
# no upstream bug yet
|
||||
Patch232: nss-3.66-fix-gtest-parsing.patch
|
||||
# no upstream bug yet
|
||||
Patch233: nss-3.67-fix-coverity-issues.patch
|
||||
|
||||
|
||||
%description
|
||||
|
|
@ -280,7 +281,7 @@ Header and library files for doing development with Network Security Services.
|
|||
|
||||
|
||||
%prep
|
||||
%autosetup -N -n %{name}-%{nss_archive_version} -a 29
|
||||
%autosetup -N -n %{name}-%{nss_archive_version}
|
||||
pushd nss
|
||||
%autopatch -p1
|
||||
popd
|
||||
|
|
@ -924,6 +925,12 @@ update-crypto-policies --no-reload &> /dev/null || :
|
|||
|
||||
|
||||
%changelog
|
||||
* Fri Jun 18 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-2
|
||||
- Fix coverity issues
|
||||
|
||||
* Thu Jun 17 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-1
|
||||
- Rebase to NSS 3.67
|
||||
|
||||
* Tue Jun 15 2021 Bob Relyea <rrelyea@redhat.com> - 3.66.0-2
|
||||
- Restore old pkcs12 defaults.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue