rpms/nss
5
0
Fork 0
Code Issues Pull Requests Releases Activity

NSS 3.12 Beta 1

Browse Source
This commit is contained in:
Kai Engert 2008-01-25 12:29:12 +00:00
parent f0c6761fb7
commit 6887e03df9
7 changed files with 23 additions and 263 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.cvsignore
View File

@ -1,3 +1,2 @@
nss-3.11.99.2-stripped.tar.bz2 nss-3.11.99.3-stripped.tar.bz2
nss-pem.tar.gz nss-pem-20080124.tar.bz2
nss-3.11.99.2b-stripped.tar.bz2

8
nss-config.in
View File

@ -20,6 +20,7 @@ Options:
[--cflags] [--cflags]
Dynamic Libraries: Dynamic Libraries:
nss nss
nssutil
ssl ssl
smime smime
EOF EOF
@ -33,6 +34,7 @@ fi
lib_ssl=yes lib_ssl=yes
lib_smime=yes lib_smime=yes
lib_nss=yes lib_nss=yes
lib_nssutil=yes
while test $# -gt 0; do while test $# -gt 0; do
case "$1" in case "$1" in
@ -83,6 +85,9 @@ while test $# -gt 0; do
nss) nss)
lib_nss=yes lib_nss=yes
;; ;;
nssutil)
lib_nssutil=yes
;;
*) *)
usage 1 1>&2 usage 1 1>&2
;; ;;
@ -132,6 +137,9 @@ if test "$echo_libs" = "yes"; then
if test -n "$lib_nss"; then if test -n "$lib_nss"; then
libdirs="$libdirs -lnss${major_version}" libdirs="$libdirs -lnss${major_version}"
fi fi
if test -n "$lib_nssutil"; then
libdirs="$libdirs -lnssutil${major_version}"
fi
echo $libdirs echo $libdirs
fi fi

173
nss-create-obj.patch
View File

@ -1,173 +0,0 @@
diff -up mozilla/security/nss/lib/nss/nss.def.createobj mozilla/security/nss/lib/nss/nss.def
--- mozilla/security/nss/lib/nss/nss.def.createobj 2007-11-06 14:11:40.000000000 +0100
+++ mozilla/security/nss/lib/nss/nss.def 2007-11-06 14:11:59.000000000 +0100
@@ -913,8 +913,10 @@ CERT_FindCRLEntryReasonExten;
CERT_FindCRLNumberExten;
CERT_FindNameConstraintsExten;
CERT_PKIXVerifyCert;
+PK11_CreateGenericObject;
PK11_GenerateKeyPairWithOpFlags;
PK11_GetAllSlotsForCert;
+PK11_WriteRawAttribute;
SECKEY_ECParamsToBasePointOrderLen;
SECKEY_ECParamsToKeySize;
SECMOD_DeleteModuleEx;
Index: mozilla/security/nss/lib/pk11wrap/pk11obj.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11obj.c,v
retrieving revision 1.11.2.3
diff -u -r1.11.2.3 pk11obj.c
--- mozilla/security/nss/lib/pk11wrap/pk11obj.c 5 Jan 2007 09:44:05 -0000 1.11.2.3
+++ mozilla/security/nss/lib/pk11wrap/pk11obj.c 9 May 2007 20:58:17 -0000
@@ -388,7 +388,7 @@
SECStatus
PK11_CreateNewObject(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
- CK_ATTRIBUTE *theTemplate, int count,
+ const CK_ATTRIBUTE *theTemplate, int count,
PRBool token, CK_OBJECT_HANDLE *objectID)
{
CK_SESSION_HANDLE rwsession;
@@ -1306,7 +1306,7 @@
PK11_DestroyGenericObject(objects);
}
/* delete all the objects before it in the list */
- for (objects = prevObject; objects; objects = nextObject) {
+ for (objects = prevObject; objects; objects = prevObject) {
prevObject = objects->prev;
PK11_DestroyGenericObject(objects);
}
@@ -1314,6 +1314,96 @@
}
+/*
+ * Hand Create a new object and return the Generic object for our new object.
+ */
+PK11GenericObject *
+PK11_CreateGenericObject(PK11SlotInfo *slot, const CK_ATTRIBUTE *template_,
+ int count, PRBool token)
+{
+ CK_OBJECT_HANDLE objectID;
+ PK11GenericObject *obj;
+ CK_RV crv;
+
+ PK11_EnterSlotMonitor(slot);
+ crv = PK11_CreateNewObject(slot, slot->session, template_, count,
+ token, &objectID);
+ PK11_ExitSlotMonitor(slot);
+ if (crv != CKR_OK) {
+ PORT_SetError(PK11_MapError(crv));
+ return NULL;
+ }
+
+ obj = PORT_New(PK11GenericObject);
+ if ( !obj ) {
+ /* error set by PORT_New */
+ return NULL;
+ }
+
+ /* initialize it */
+ obj->slot = PK11_ReferenceSlot(slot);
+ obj->objectID = objectID;
+ obj->next = NULL;
+ obj->prev = NULL;
+ return obj;
+}
+
+/*
+ * Change an attribute on a raw object
+ */
+SECStatus
+PK11_WriteRawAttribute(PK11ObjectType objType, void *objSpec,
+ CK_ATTRIBUTE_TYPE attrType, SECItem *item)
+{
+ PK11SlotInfo *slot = NULL;
+ CK_OBJECT_HANDLE handle;
+ CK_ATTRIBUTE setTemplate;
+ CK_RV crv;
+ CK_SESSION_HANDLE rwsession;
+
+ switch (objType) {
+ case PK11_TypeGeneric:
+ slot = ((PK11GenericObject *)objSpec)->slot;
+ handle = ((PK11GenericObject *)objSpec)->objectID;
+ break;
+ case PK11_TypePrivKey:
+ slot = ((SECKEYPrivateKey *)objSpec)->pkcs11Slot;
+ handle = ((SECKEYPrivateKey *)objSpec)->pkcs11ID;
+ break;
+ case PK11_TypePubKey:
+ slot = ((SECKEYPublicKey *)objSpec)->pkcs11Slot;
+ handle = ((SECKEYPublicKey *)objSpec)->pkcs11ID;
+ break;
+ case PK11_TypeSymKey:
+ slot = ((PK11SymKey *)objSpec)->slot;
+ handle = ((PK11SymKey *)objSpec)->objectID;
+ break;
+ case PK11_TypeCert: /* don't handle cert case for now */
+ default:
+ break;
+ }
+ if (slot == NULL) {
+ PORT_SetError(SEC_ERROR_UNKNOWN_OBJECT_TYPE);
+ return SECFailure;
+ }
+
+ PK11_SETATTRS(&setTemplate, attrType, (CK_CHAR *) item->data, item->len);
+ rwsession = PK11_GetRWSession(slot);
+ if (rwsession == CK_INVALID_SESSION) {
+ PORT_SetError(SEC_ERROR_BAD_DATA);
+ return SECFailure;
+ }
+ crv = PK11_GETTAB(slot)->C_SetAttributeValue(rwsession, handle,
+ &setTemplate, 1);
+ PK11_RestoreROSession(slot, rwsession);
+ if (crv != CKR_OK) {
+ PORT_SetError(PK11_MapError(crv));
+ return SECFailure;
+ }
+ return SECSuccess;
+}
+
+
SECStatus
PK11_ReadRawAttribute(PK11ObjectType objType, void *objSpec,
CK_ATTRIBUTE_TYPE attrType, SECItem *item)
Index: mozilla/security/nss/lib/pk11wrap/pk11pub.h
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11pub.h,v
retrieving revision 1.14.2.1
diff -u -r1.14.2.1 pk11pub.h
--- mozilla/security/nss/lib/pk11wrap/pk11pub.h 2 Mar 2006 00:12:27 -0000 1.14.2.1
+++ mozilla/security/nss/lib/pk11wrap/pk11pub.h 9 May 2007 20:58:17 -0000
@@ -688,8 +688,13 @@
PK11GenericObject *object);
SECStatus PK11_DestroyGenericObjects(PK11GenericObject *object);
SECStatus PK11_DestroyGenericObject(PK11GenericObject *object);
+PK11GenericObject *PK11_CreateGenericObject(PK11SlotInfo *slot,
+ const CK_ATTRIBUTE *template_,
+ int count, PRBool token);
SECStatus PK11_ReadRawAttribute(PK11ObjectType type, void *object,
CK_ATTRIBUTE_TYPE attr, SECItem *item);
+SECStatus PK11_WriteRawAttribute(PK11ObjectType type, void *object,
+ CK_ATTRIBUTE_TYPE attr, SECItem *item);
/**********************************************************************
Index: mozilla/security/nss/lib/pk11wrap/secmodi.h
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/secmodi.h,v
retrieving revision 1.23
diff -u -r1.23 secmodi.h
--- mozilla/security/nss/lib/pk11wrap/secmodi.h 9 Sep 2005 02:03:57 -0000 1.23
+++ mozilla/security/nss/lib/pk11wrap/secmodi.h 9 May 2007 20:58:17 -0000
@@ -105,7 +105,7 @@
#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
(x)->pValue=(v); (x)->ulValueLen = (l);
SECStatus PK11_CreateNewObject(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
- CK_ATTRIBUTE *theTemplate, int count,
+ const CK_ATTRIBUTE *theTemplate, int count,
PRBool token, CK_OBJECT_HANDLE *objectID);
SECStatus pbe_PK11AlgidToParam(SECAlgorithmID *algid,SECItem *mech);

64
nss-unix_rand.patch
View File

@ -1,64 +0,0 @@
Index: mozilla/security/nss/lib/freebl/unix_rand.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/freebl/unix_rand.c,v
retrieving revision 1.25
retrieving revision 1.28
diff -u -r1.25 -r1.28
--- mozilla/security/nss/lib/freebl/unix_rand.c 25 Jul 2007 22:54:35 -0000 1.25
+++ mozilla/security/nss/lib/freebl/unix_rand.c 3 Dec 2007 21:07:01 -0000 1.28
@@ -866,7 +866,8 @@
/* if the child hasn't exited, kill it -- we're done with its output */
while ((rv = waitpid(pid, &status, WNOHANG)) == -1 && errno == EINTR)
;
- if (rv == 0 && kill(pid, SIGKILL) == 0) {
+ if (rv == 0) {
+ kill(pid, SIGKILL);
while ((rv = waitpid(pid, &status, 0)) == -1 && errno == EINTR)
;
}
@@ -921,15 +922,6 @@
};
#endif
-#ifdef DO_PS
-For now it is considered that it is too expensive to run the ps command
-for the small amount of entropy it provides.
-#if defined(__sun) && (!defined(__svr4) && !defined(SVR4)) || defined(bsdi) || defined(LINUX)
- static char ps_cmd[] = "ps aux";
-#else
- static char ps_cmd[] = "ps -el";
-#endif
-#endif /* DO_PS */
#if defined(BSDI)
static char netstat_ni_cmd[] = "netstat -nis";
#else
@@ -980,9 +972,12 @@
* in a pthreads environment. Therefore, we call safe_popen last and on
* BSD/OS we do not call safe_popen when we succeeded in getting data
* from /dev/urandom.
+ *
+ * Bug 174993: LINUX provides /dev/urandom, don't fork netstat
+ * if data has been gathered successfully
*/
-#ifdef BSDI
+#if defined(BSDI) || defined(LINUX)
if (bytes)
return;
#endif
@@ -1010,15 +1005,6 @@
}
#endif
-#ifdef DO_PS
- fp = safe_popen(ps_cmd);
- if (fp != NULL) {
- while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
- RNG_RandomUpdate(buf, bytes);
- safe_pclose(fp);
- }
-#endif
-
#ifdef DO_NETSTAT
fp = safe_popen(netstat_ni_cmd);
if (fp != NULL) {

2
nss.pc.in
View File

@ -7,5 +7,5 @@ Name: NSS
Description: Network Security Services Description: Network Security Services
Version: %NSS_VERSION% Version: %NSS_VERSION%
Requires: nspr >= %NSPR_VERSION% Requires: nspr >= %NSPR_VERSION%
Libs: -lssl3 -lsmime3 -lnss3 Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
Cflags: -I${includedir} Cflags: -I${includedir}

30
nss.spec
View File

@ -3,8 +3,8 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.11.99.2b Version: 3.11.99.3
Release: 3%{?dist} Release: 1%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -26,13 +26,11 @@ Source3: blank-cert8.db
Source4: blank-key3.db Source4: blank-key3.db
Source5: blank-secmod.db Source5: blank-secmod.db
Source8: nss-prelink.conf Source8: nss-prelink.conf
Source12: %{name}-pem.tar.gz Source12: %{name}-pem-20080124.tar.bz2
Patch1: nss-no-rpath.patch Patch1: nss-no-rpath.patch
Patch2: nss-nolocalsql.patch Patch2: nss-nolocalsql.patch
Patch3: nss-unix_rand.patch
Patch6: nss-enable-pem.patch Patch6: nss-enable-pem.patch
Patch7: nss-create-obj.patch
%description %description
@ -87,9 +85,7 @@ low level services.
%patch1 -p0 %patch1 -p0
%patch2 -p0 %patch2 -p0
%patch3 -p0
%patch6 -p0 -b .libpem %patch6 -p0 -b .libpem
%patch7 -p0 -b .create-obj
%build %build
@ -170,7 +166,8 @@ chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config
%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory} %{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
# Copy the binary libraries we want # Copy the binary libraries we want
for file in libsoftokn3.so libfreebl3.so libnss3.so libssl3.so libsmime3.so libnssckbi.so libnsspem.so libnssdbm3.so for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
libssl3.so libsmime3.so libnssckbi.so libnsspem.so libnssdbm3.so
do do
%{__install} -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_lib} %{__install} -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_lib}
done done
@ -205,18 +202,6 @@ do
%{__install} -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} %{__install} -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
done done
# For now, we don't want any pkix files to be public
for file in mozilla/dist/public/nss/pkix*.h
do
rm $file
done
# For now, we don't want these files to be public
for file in sdb.h sftkdbt.h
do
rm mozilla/dist/public/nss/$file
done
# Copy the include files we want # Copy the include files we want
for file in mozilla/dist/public/nss/*.h for file in mozilla/dist/public/nss/*.h
do do
@ -241,6 +226,7 @@ done
%files %files
%defattr(-,root,root) %defattr(-,root,root)
/%{_lib}/libnss3.so /%{_lib}/libnss3.so
/%{_lib}/libnssutil3.so
/%{_lib}/libnssdbm3.so /%{_lib}/libnssdbm3.so
/%{_lib}/libssl3.so /%{_lib}/libssl3.so
/%{_lib}/libsmime3.so /%{_lib}/libsmime3.so
@ -368,6 +354,7 @@ done
%{_includedir}/nss3/sslerr.h %{_includedir}/nss3/sslerr.h
%{_includedir}/nss3/sslproto.h %{_includedir}/nss3/sslproto.h
%{_includedir}/nss3/sslt.h %{_includedir}/nss3/sslt.h
%{_includedir}/nss3/utilrename.h
%{_includedir}/nss3/watcomfx.h %{_includedir}/nss3/watcomfx.h
@ -388,6 +375,9 @@ done
%changelog %changelog
* Thu Jan 24 2008 Kai Engert <kengert@redhat.com> - 3.11.99.3-1
* NSS 3.12 Beta 1
* Mon Jan 07 2008 Kai Engert <kengert@redhat.com> - 3.11.99.2b-3 * Mon Jan 07 2008 Kai Engert <kengert@redhat.com> - 3.11.99.2b-3
- move .so files to /lib - move .so files to /lib

4
sources
View File

@ -1,2 +1,2 @@
d656d49b02fe756bae4942acc90f61a4 nss-pem.tar.gz 8edfbf85d062c648da0acd146b45db0a nss-3.11.99.3-stripped.tar.bz2
0c946e2c95e6896e9f9792a9596afeb6 nss-3.11.99.2b-stripped.tar.bz2 084675e4f793ed82e1ba78f76745ada8 nss-pem-20080124.tar.bz2