Update to NSS 3.49
This commit is contained in:
parent
541296170e
commit
74b268dbd9
1
.gitignore
vendored
1
.gitignore
vendored
@ -43,3 +43,4 @@ TestUser51.cert
|
|||||||
/nss-3.47.tar.gz
|
/nss-3.47.tar.gz
|
||||||
/nss-3.47.1.tar.gz
|
/nss-3.47.1.tar.gz
|
||||||
/nss-3.48.tar.gz
|
/nss-3.48.tar.gz
|
||||||
|
/nss-3.49.tar.gz
|
||||||
|
@ -1,63 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Daiki Ueno <dueno@redhat.com>
|
|
||||||
# Date 1575450841 -3600
|
|
||||||
# Wed Dec 04 10:14:01 2019 +0100
|
|
||||||
# Node ID 017097f0a0eaea1a3d849f3de79475c9bc28fcc2
|
|
||||||
# Parent d64102b76a437f24d98a20480dcc9f1655143e7c
|
|
||||||
Bug 1593167, certdb: propagate trust information if trust module is loaded afterwards
|
|
||||||
|
|
||||||
Summary:
|
|
||||||
When the builtin trust module is loaded after some temp certs being created, these temp certs are usually not accompanied by trust information. This causes a problem in Firefox as it loads the module from a separate thread while accessing the network cache which populates temp certs.
|
|
||||||
|
|
||||||
This change makes it properly roll up the trust information, if a temp cert doesn't have trust information.
|
|
||||||
|
|
||||||
Reviewers: rrelyea, keeler
|
|
||||||
|
|
||||||
Reviewed By: rrelyea
|
|
||||||
|
|
||||||
Subscribers: reviewbot, heftig
|
|
||||||
|
|
||||||
Bug #: 1593167
|
|
||||||
|
|
||||||
Differential Revision: https://phabricator.services.mozilla.com/D54726
|
|
||||||
|
|
||||||
diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c
|
|
||||||
--- a/lib/pki/pki3hack.c
|
|
||||||
+++ b/lib/pki/pki3hack.c
|
|
||||||
@@ -921,14 +921,28 @@ stan_GetCERTCertificate(NSSCertificate *
|
|
||||||
}
|
|
||||||
if (!cc->nssCertificate || forceUpdate) {
|
|
||||||
fill_CERTCertificateFields(c, cc, forceUpdate);
|
|
||||||
- } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess &&
|
|
||||||
- !c->object.cryptoContext) {
|
|
||||||
- /* if it's a perm cert, it might have been stored before the
|
|
||||||
- * trust, so look for the trust again. But a temp cert can be
|
|
||||||
- * ignored.
|
|
||||||
- */
|
|
||||||
- CERTCertTrust *trust = NULL;
|
|
||||||
- trust = nssTrust_GetCERTCertTrustForCert(c, cc);
|
|
||||||
+ } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess) {
|
|
||||||
+ CERTCertTrust *trust;
|
|
||||||
+ if (!c->object.cryptoContext) {
|
|
||||||
+ /* If it's a perm cert, it might have been stored before the
|
|
||||||
+ * trust, so look for the trust again.
|
|
||||||
+ */
|
|
||||||
+ trust = nssTrust_GetCERTCertTrustForCert(c, cc);
|
|
||||||
+ } else {
|
|
||||||
+ /* If it's a temp cert, it might have been stored before the
|
|
||||||
+ * builtin trust module is loaded, so look for the trust
|
|
||||||
+ * again, but don't set the empty trust if it is not found.
|
|
||||||
+ */
|
|
||||||
+ NSSTrust *t = nssTrustDomain_FindTrustForCertificate(c->object.cryptoContext->td, c);
|
|
||||||
+ if (!t) {
|
|
||||||
+ goto loser;
|
|
||||||
+ }
|
|
||||||
+ trust = cert_trust_from_stan_trust(t, cc->arena);
|
|
||||||
+ nssTrust_Destroy(t);
|
|
||||||
+ if (!trust) {
|
|
||||||
+ goto loser;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
CERT_LockCertTrust(cc);
|
|
||||||
cc->trust = trust;
|
|
7
nss.spec
7
nss.spec
@ -1,5 +1,5 @@
|
|||||||
%global nspr_version 4.24.0
|
%global nspr_version 4.24.0
|
||||||
%global nss_version 3.48.0
|
%global nss_version 3.49.0
|
||||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
%global saved_files_dir %{_libdir}/nss/saved
|
%global saved_files_dir %{_libdir}/nss/saved
|
||||||
%global dracutlibdir %{_prefix}/lib/dracut
|
%global dracutlibdir %{_prefix}/lib/dracut
|
||||||
@ -107,8 +107,6 @@ Patch2: nss-539183.patch
|
|||||||
Patch4: iquote.patch
|
Patch4: iquote.patch
|
||||||
# add missing ike mechanism to softoken
|
# add missing ike mechanism to softoken
|
||||||
Patch10: nss-3.47-ike-fix.patch
|
Patch10: nss-3.47-ike-fix.patch
|
||||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1593167
|
|
||||||
Patch11: nss-3.47-certdb-temp-cert.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
@ -874,6 +872,9 @@ update-crypto-policies &> /dev/null || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 10 2020 Daiki Ueno <dueno@redhat.com> - 3.49.0-1
|
||||||
|
- Update to NSS 3.49
|
||||||
|
|
||||||
* Fri Jan 3 2020 Daiki Ueno <dueno@redhat.com> - 3.48.0-1
|
* Fri Jan 3 2020 Daiki Ueno <dueno@redhat.com> - 3.48.0-1
|
||||||
- Update to NSS 3.48
|
- Update to NSS 3.48
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
|
|||||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||||
SHA512 (nss-3.48.tar.gz) = 71aefe323501dd8d750ed36606554f2e67ecb2bca85b55bc798d5dfc3a47f3d454348ca950971aaaafb16f6d847c098d2b1c40d40b50380e0c2540ed1b9a9e9a
|
SHA512 (nss-3.49.tar.gz) = 7d8df73a2e585585a7cb3f887af3f933854984479531b3dd30316873bdd92c130e2fadb54e7b3b1f0b10675b1bce09112ef39860d74ef6f0df7b57bf430bd072
|
||||||
|
Loading…
Reference in New Issue
Block a user