- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75

.cvsignore

@@ -1,2 +1,2 @@
 nss-pem-20080124.tar.bz2
-nss-3.12.3-stripped.tar.bz2
+nss-3.12.3.99.3-stripped.tar.bz2

nss-bug488646.patch

@@ -1,66 +0,0 @@
-diff -up ./mozilla/security/nss/tests/chains/chains.sh.bug488646 ./mozilla/security/nss/tests/chains/chains.sh
---- ./mozilla/security/nss/tests/chains/chains.sh.bug488646	2009-05-08 21:37:48.000000000 +0200
-+++ ./mozilla/security/nss/tests/chains/chains.sh	2009-05-08 21:38:03.000000000 +0200
-@@ -695,6 +695,37 @@ verify_cert()
-     fi
- }
- 
-+
-+check_ocsp()
-+{
-+    OCSP_CERT=$1
-+
-+    CERT_NICK=`echo ${OCSP_CERT} | cut -d: -f1`
-+    CERT_ISSUER=`echo ${OCSP_CERT} | cut -d: -f2`
-+
-+    if [ "${CERT_ISSUER}" = "x" ]; then
-+        CERT_ISSUER=
-+        CERT=${CERT_NICK}.cert
-+        CERT_FILE="${QADIR}/libpkix/certs/${CERT}"
-+    else
-+        CERT=${CERT_NICK}${CERT_ISSUER}.der
-+        CERT_FILE=${CERT}
-+    fi
-+
-+    OCSP_HOST=$(${BINDIR}/pp -t certificate -i ${CERT_FILE} | grep URI | sed "s/.*:\/\///" | sed "s/:.*//")
-+
-+    if [ "${OS_ARCH}" = "WINNT" ]; then
-+        ping -n 1 ${OCSP_HOST}
-+        return $?
-+    elif [ "${OS_ARCH}" = "HP-UX" ]; then
-+        ping ${OCSP_HOST} -c 1
-+        return $?
-+    else
-+        ping -c 1 ${OCSP_HOST}
-+        return $?
-+    fi
-+}
-+
- ############################ parse_result ##############################
- # local shell function to process expected result value
- # this function was created for case that expected result depends on
-@@ -865,6 +896,13 @@ parse_config()
-         "break")
-             break
-             ;;
-+        "check_ocsp")
-+            check_ocsp ${VALUE}
-+            if [ $? -ne 0 ]; then
-+                echo "OCSP server not accessible, skipping OCSP tests"
-+                break;
-+            fi
-+            ;;
-         "")
-             if [ -n "${ENTITY}" ]; then
-                 if [ -z "${DB}" ]; then
-diff -up ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg.bug488646 ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg
---- ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg.bug488646	2009-05-08 21:37:58.000000000 +0200
-+++ ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg	2009-05-08 21:38:03.000000000 +0200
-@@ -1,5 +1,7 @@
- scenario OCSP
- 
-+check_ocsp OCSPEE11:x
-+
- db OCSPRoot
- import OCSPRoot:x:CT,C,C
- 

nss-disable-freebl-execstack.patch

@@ -1,11 +0,0 @@
---- nss-3.12.2.99.3/mozilla/security/nss/lib/freebl/Makefile-save	2009-04-02 08:46:32.083530732 -0700
-+++ nss-3.12.2.99.3/mozilla/security/nss/lib/freebl/Makefile	2009-04-02 08:46:51.740542226 -0700
-@@ -133,7 +133,7 @@
- ifeq ($(OS_TARGET),Linux)
- ifeq ($(CPU_ARCH),x86_64)
-     ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
--    ASFLAGS += -march=opteron -m64 -fPIC
-+    ASFLAGS += -march=opteron -m64 -fPIC -Wa,--noexecstack
-     DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
-     DEFINES += -DNSS_USE_COMBA
-     DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN

nss-freebl-kernelfipsmode

@@ -1,42 +0,0 @@
-diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.kernelfipsmode ./mozilla/security/nss/lib/freebl/nsslowhash.c
---- ./mozilla/security/nss/lib/freebl/nsslowhash.c.kernelfipsmode	2008-11-27 16:20:44.000000000 +0100
-+++ ./mozilla/security/nss/lib/freebl/nsslowhash.c	2009-04-14 22:58:19.000000000 +0200
-@@ -267,6 +267,27 @@ struct NSSLOWHASHContextStr {
-    
- };
- 
-+static int nsslow_GetFIPSEnabled(void) {
-+#ifdef LINUX
-+    FILE *f;
-+    char d;
-+    size_t size;
-+
-+    f = fopen("/proc/sys/crypto/fips_enabled", "r");
-+    if (!f)
-+        return 0;
-+
-+    size = fread(&d, 1, 1, f);
-+    fclose(f);
-+    if (size != 1)
-+        return 0;
-+    if (d != '1')
-+        return 0;
-+#endif
-+    return 1;
-+}
-+
-+
- static int post = 0;
- 
- static NSSLOWInitContext dummyContext = { 0 };
-@@ -284,7 +305,9 @@ NSSLOW_Init(void)
- 	
- 
-     if (!post) {
--	crv = freebl_fipsPowerUpSelfTest();
-+        crv = CKR_OK;
-+	if (nsslow_GetFIPSEnabled())
-+	    crv = freebl_fipsPowerUpSelfTest();
- 	if (crv != CKR_OK) {
- 	    return NULL;
- 	}

nss.spec

@@ -3,8 +3,8 @@
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.12.3
-Release:          7%{?dist}
+Version:          3.12.3.99.3
+Release:          2%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -37,9 +37,6 @@ Patch2:           nss-nolocalsql.patch
 Patch4:           nss-pem-bug483855.patch
 Patch5:           nss-pem-bug429175.patch
 Patch6:           nss-enable-pem.patch
-Patch7:           nss-disable-freebl-execstack.patch
-Patch8:           nss-freebl-kernelfipsmode
-Patch9:           nss-bug488646.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -111,9 +108,6 @@ low level services.
 %patch4 -p0 -b .483855
 %patch5 -p0 -b .429175
 %patch6 -p0 -b .libpem
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1 -b .bug488646
 
 #need newer certs to make test suite work
 #remove once we update to NSS 3.12.4
@@ -484,6 +478,8 @@ done
 
 
 %changelog
+* Fri Jun 05 2009 Kai Engert <kaie@redhat.com> - 3.12.3.99.3-2
+- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75
 * Thu May 07 2009 Kai Engert <kaie@redhat.com> - 3.12.3-7
 - re-enable test suite
 - add patch for upstream bug 488646 and add newer paypal

sources

@@ -1,2 +1,2 @@
 084675e4f793ed82e1ba78f76745ada8  nss-pem-20080124.tar.bz2
-de43077b1fb888bccf155506ec12e40a  nss-3.12.3-stripped.tar.bz2
+bf79d625096067fed3511c0bc6c64c27  nss-3.12.3.99.3-stripped.tar.bz2