Update to NSS 3.34.0
This commit is contained in:
parent
6d15c06123
commit
bd239c046a
1
.gitignore
vendored
1
.gitignore
vendored
@ -22,3 +22,4 @@ TestUser51.cert
|
||||
/nss-3.32.0.tar.gz
|
||||
/nss-3.32.1.tar.gz
|
||||
/nss-3.33.0.tar.gz
|
||||
/nss-3.34.0.tar.gz
|
||||
|
@ -1,92 +0,0 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User Kai Engert <kaie@kuix.de>
|
||||
# Date 1507823956 -7200
|
||||
# Node ID 994e89150fc1cd0008d19a8ad8aafed565d98069
|
||||
# Parent f3766809817ba03aa8cc1da4fdf48bd011fc01e3
|
||||
Bug 1403691, Change first NSS test cycle to explicitly use dbm file format, r=rrelyea
|
||||
|
||||
diff --git a/tests/all.sh b/tests/all.sh
|
||||
--- a/tests/all.sh
|
||||
+++ b/tests/all.sh
|
||||
@@ -125,24 +125,30 @@ run_tests()
|
||||
echo "Running tests for ${TEST}"
|
||||
echo "TIMESTAMP ${TEST} BEGIN: `date`"
|
||||
(cd ${QADIR}/${TEST}; . ./${SCRIPTNAME} 2>&1)
|
||||
echo "TIMESTAMP ${TEST} END: `date`"
|
||||
done
|
||||
}
|
||||
|
||||
########################## run_cycle_standard ##########################
|
||||
-# run test suites with defaults settings (no PKIX, no sharedb)
|
||||
+# run test suites with dbm database (no PKIX, no sharedb)
|
||||
########################################################################
|
||||
run_cycle_standard()
|
||||
{
|
||||
TEST_MODE=STANDARD
|
||||
|
||||
TESTS="${ALL_TESTS}"
|
||||
- TESTS_SKIP=
|
||||
+ TESTS_SKIP="cipher libpkix sdr ocsp pkits"
|
||||
+
|
||||
+ NSS_DEFAULT_DB_TYPE="dbm"
|
||||
+ export NSS_DEFAULT_DB_TYPE
|
||||
+
|
||||
+ NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
|
||||
+ NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
|
||||
|
||||
run_tests
|
||||
}
|
||||
|
||||
############################ run_cycle_pkix ############################
|
||||
# run test suites with PKIX enabled
|
||||
########################################################################
|
||||
run_cycle_pkix()
|
||||
@@ -157,17 +163,22 @@ run_cycle_pkix()
|
||||
mkdir -p "${HOSTDIR}"
|
||||
init_directories
|
||||
|
||||
NSS_ENABLE_PKIX_VERIFY="1"
|
||||
export NSS_ENABLE_PKIX_VERIFY
|
||||
|
||||
TESTS="${ALL_TESTS}"
|
||||
TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit"
|
||||
+
|
||||
NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
|
||||
+ export -n NSS_SSL_RUN
|
||||
+
|
||||
+ # use the default format
|
||||
+ export -n NSS_DEFAULT_DB_TYPE
|
||||
|
||||
run_tests
|
||||
}
|
||||
|
||||
######################### run_cycle_upgrade_db #########################
|
||||
# upgrades certificate database to shareable format and run test suites
|
||||
# with those databases
|
||||
########################################################################
|
||||
@@ -226,20 +237,20 @@ run_cycle_shared_db()
|
||||
mkdir -p "${HOSTDIR}"
|
||||
init_directories
|
||||
|
||||
NSS_DEFAULT_DB_TYPE="sql"
|
||||
export NSS_DEFAULT_DB_TYPE
|
||||
|
||||
# run the tests for native sharedb support
|
||||
TESTS="${ALL_TESTS}"
|
||||
- TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits"
|
||||
+ TESTS_SKIP="dbupgrade"
|
||||
|
||||
- NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
|
||||
- NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
|
||||
+ export -n NSS_SSL_TESTS
|
||||
+ export -n NSS_SSL_RUN
|
||||
|
||||
run_tests
|
||||
}
|
||||
|
||||
############################# run_cycles ###############################
|
||||
# run test cycles defined in CYCLES variable
|
||||
########################################################################
|
||||
run_cycles()
|
||||
|
@ -1,31 +0,0 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User Kai Engert <kaie@kuix.de>
|
||||
# Date 1508150373 -7200
|
||||
# Node ID e73fedaecd63afe28c9da46cd26906f247375d59
|
||||
# Parent 24695a55c095a1c37ed92ac2a4fa6c56595e17c0
|
||||
Bug 1403691, follow up fix to allow the pkits tests to work with sql db format
|
||||
|
||||
diff --git a/tests/pkits/pkits.sh b/tests/pkits/pkits.sh
|
||||
--- a/tests/pkits/pkits.sh
|
||||
+++ b/tests/pkits/pkits.sh
|
||||
@@ -88,17 +88,17 @@ pkits_init()
|
||||
echo "PKITS_DATA" $PKITS_DATA
|
||||
echo "certs" $certs
|
||||
echo "crls" $crls
|
||||
|
||||
echo nss > ${PKITSdb}/pw
|
||||
${BINDIR}/certutil -N -d ${PKITSdb} -f ${PKITSdb}/pw
|
||||
|
||||
${BINDIR}/certutil -A -n TrustAnchorRootCertificate -t "C,C,C" -i \
|
||||
- $certs/TrustAnchorRootCertificate.crt -d $PKITSdb
|
||||
+ $certs/TrustAnchorRootCertificate.crt -d $PKITSdb -f ${PKITSdb}/pw
|
||||
if [ -z "$NSS_NO_PKITS_CRLS" ]; then
|
||||
${BINDIR}/crlutil -I -i $crls/TrustAnchorRootCRL.crl -d ${PKITSdb} -f ${PKITSdb}/pw
|
||||
else
|
||||
html "<H3>NO CRLs are being used.</H3>"
|
||||
pkits_log "NO CRLs are being used."
|
||||
fi
|
||||
|
||||
cp ${PKITSdb}/* ${PKITSbkp}
|
||||
|
@ -1,56 +0,0 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User Bob Relyea <rrelyea@redhat.com>
|
||||
# Date 1505757778 -7200
|
||||
# Node ID 18edd4ad8389d50d4231cc1a545a468dbb11185c
|
||||
# Parent 70109a01ce53328b511aaa6c839593a3282cb725
|
||||
Bug 1382278, certutil -A creates uninitialised database, r=kaie
|
||||
|
||||
diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c
|
||||
--- a/cmd/certutil/certutil.c
|
||||
+++ b/cmd/certutil/certutil.c
|
||||
@@ -3005,16 +3005,43 @@ certutil_main(int argc, char **argv, PRB
|
||||
certutil.options[opt_NewPasswordFile].arg);
|
||||
}
|
||||
if (rv != SECSuccess) {
|
||||
SECU_PrintError(progName, "Could not set password for the slot");
|
||||
goto shutdown;
|
||||
}
|
||||
}
|
||||
|
||||
+ /* if we are going to modify the cert database,
|
||||
+ * make sure it's initialized */
|
||||
+ if (certutil.commands[cmd_ModifyCertTrust].activated ||
|
||||
+ certutil.commands[cmd_CreateAndAddCert].activated ||
|
||||
+ certutil.commands[cmd_AddCert].activated ||
|
||||
+ certutil.commands[cmd_AddEmailCert].activated) {
|
||||
+ if (PK11_NeedUserInit(slot)) {
|
||||
+ char *password = NULL;
|
||||
+ /* fetch the password from the command line or the file
|
||||
+ * if no password is supplied, initialize the password to NULL */
|
||||
+ if (pwdata.source == PW_FROMFILE) {
|
||||
+ password = SECU_FilePasswd(slot, PR_FALSE, pwdata.data);
|
||||
+ } else if (pwdata.source == PW_PLAINTEXT) {
|
||||
+ password = PL_strdup(pwdata.data);
|
||||
+ }
|
||||
+ rv = PK11_InitPin(slot, (char *)NULL, password ? password : "");
|
||||
+ if (password) {
|
||||
+ PORT_Memset(password, 0, PL_strlen(password));
|
||||
+ PORT_Free(password);
|
||||
+ }
|
||||
+ if (rv != SECSuccess) {
|
||||
+ SECU_PrintError(progName, "Could not set password for the slot");
|
||||
+ goto shutdown;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
/* walk through the upgrade merge if necessary.
|
||||
* This option is more to test what some applications will want to do
|
||||
* to do an automatic upgrade. The --merge command is more useful for
|
||||
* the general case where 2 database need to be merged together.
|
||||
*/
|
||||
if (certutil.commands[cmd_UpgradeMerge].activated) {
|
||||
if (*upgradeTokenName == 0) {
|
||||
upgradeTokenName = upgradeID;
|
||||
|
@ -1,142 +0,0 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User Kai Engert <kaie@kuix.de>
|
||||
# Date 1506452962 -7200
|
||||
# Node ID fe8b221d3bded99b2b21e2e62fb27cc8c659ec2f
|
||||
# Parent 96a835be15192281d67a8b1046b7f159ff6deb12
|
||||
Bug 1382278, add test to confirm implicit init with certutil -A is working, r=rrelyea
|
||||
|
||||
diff --git a/tests/cert/cert.sh b/tests/cert/cert.sh
|
||||
--- a/tests/cert/cert.sh
|
||||
+++ b/tests/cert/cert.sh
|
||||
@@ -1941,32 +1941,42 @@ cert_test_distrust()
|
||||
cert_test_ocspresp()
|
||||
{
|
||||
echo "$SCRIPTNAME: OCSP response creation selftest"
|
||||
OR_ACTION="perform selftest"
|
||||
RETEXPECTED=0
|
||||
ocspr ${SERVER_CADIR} "serverCA" "chain-1-serverCA" -f "${R_PWFILE}" 2>&1
|
||||
}
|
||||
|
||||
+cert_test_implicit_db_init()
|
||||
+{
|
||||
+ echo "$SCRIPTNAME: test implicit database init"
|
||||
+
|
||||
+ CU_ACTION="Add cert with trust flags to db with implicit init"
|
||||
+ mkdir ${IMPLICIT_INIT_DIR}
|
||||
+ certu -A -n ca -t 'C,C,C' -d ${P_R_IMPLICIT_INIT_DIR} -i "${SERVER_CADIR}/serverCA.ca.cert"
|
||||
+}
|
||||
+
|
||||
############################## cert_cleanup ############################
|
||||
# local shell function to finish this script (no exit since it might be
|
||||
# sourced)
|
||||
########################################################################
|
||||
cert_cleanup()
|
||||
{
|
||||
cert_log "$SCRIPTNAME: finished $SCRIPTNAME"
|
||||
html "</TABLE><BR>"
|
||||
cd ${QADIR}
|
||||
. common/cleanup.sh
|
||||
}
|
||||
|
||||
################## main #################################################
|
||||
|
||||
cert_init
|
||||
cert_all_CA
|
||||
+cert_test_implicit_db_init
|
||||
cert_extended_ssl
|
||||
cert_ssl
|
||||
cert_smime_client
|
||||
if [[ -n "$NSS_TEST_ENABLE_FIPS" ]]; then
|
||||
cert_fips
|
||||
fi
|
||||
cert_eccurves
|
||||
cert_extensions
|
||||
diff --git a/tests/common/init.sh b/tests/common/init.sh
|
||||
--- a/tests/common/init.sh
|
||||
+++ b/tests/common/init.sh
|
||||
@@ -63,16 +63,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
|
||||
DBPASSDIR=${HOSTDIR}/dbpass
|
||||
ECCURVES_DIR=${HOSTDIR}/eccurves
|
||||
DISTRUSTDIR=${HOSTDIR}/distrust
|
||||
|
||||
SERVER_CADIR=${HOSTDIR}/serverCA
|
||||
CLIENT_CADIR=${HOSTDIR}/clientCA
|
||||
EXT_SERVERDIR=${HOSTDIR}/ext_server
|
||||
EXT_CLIENTDIR=${HOSTDIR}/ext_client
|
||||
+ IMPLICIT_INIT_DIR=${HOSTDIR}/implicit_init
|
||||
|
||||
IOPR_CADIR=${HOSTDIR}/CA_iopr
|
||||
IOPR_SSL_SERVERDIR=${HOSTDIR}/server_ssl_iopr
|
||||
IOPR_SSL_CLIENTDIR=${HOSTDIR}/client_ssl_iopr
|
||||
IOPR_OCSP_CLIENTDIR=${HOSTDIR}/client_ocsp_iopr
|
||||
|
||||
CERT_EXTENSIONS_DIR=${HOSTDIR}/cert_extensions
|
||||
STAPLINGDIR=${HOSTDIR}/stapling
|
||||
@@ -531,16 +532,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
|
||||
D_SERVER="Server.$version"
|
||||
D_CLIENT="Client.$version"
|
||||
D_NOLOGIN="NoLogin.$version"
|
||||
D_FIPS="FIPS.$version"
|
||||
D_DBPASS="DBPASS.$version"
|
||||
D_ECCURVES="ECCURVES.$version"
|
||||
D_EXT_SERVER="ExtendedServer.$version"
|
||||
D_EXT_CLIENT="ExtendedClient.$version"
|
||||
+ D_IMPLICIT_INIT="ImplicitInit.$version"
|
||||
D_CERT_EXTENSTIONS="CertExtensions.$version"
|
||||
D_DISTRUST="Distrust.$version"
|
||||
|
||||
# we need relative pathnames of these files abd directories, since our
|
||||
# tools can't handle the unix style absolut pathnames on cygnus
|
||||
|
||||
R_CADIR=../CA
|
||||
R_SERVERDIR=../server
|
||||
@@ -550,16 +552,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
|
||||
R_IOPR_SSL_CLIENTDIR=../client_ssl_iopr
|
||||
R_IOPR_OCSP_CLIENTDIR=../client_ocsp_iopr
|
||||
R_ALICEDIR=../alicedir
|
||||
R_BOBDIR=../bobdir
|
||||
R_DAVEDIR=../dave
|
||||
R_EVEDIR=../eve
|
||||
R_EXT_SERVERDIR=../ext_server
|
||||
R_EXT_CLIENTDIR=../ext_client
|
||||
+ R_IMPLICIT_INIT_DIR=../implicit_init
|
||||
R_CERT_EXT=../cert_extensions
|
||||
R_STAPLINGDIR=../stapling
|
||||
R_NOLOGINDIR=../nologin
|
||||
R_SSLGTESTDIR=../ssl_gtests
|
||||
R_GTESTDIR=../gtests
|
||||
|
||||
#
|
||||
# profiles are either paths or domains depending on the setting of
|
||||
@@ -570,27 +573,29 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
|
||||
P_R_BOBDIR=${R_BOBDIR}
|
||||
P_R_DAVEDIR=${R_DAVEDIR}
|
||||
P_R_EVEDIR=${R_EVEDIR}
|
||||
P_R_SERVERDIR=${R_SERVERDIR}
|
||||
P_R_CLIENTDIR=${R_CLIENTDIR}
|
||||
P_R_NOLOGINDIR=${R_NOLOGINDIR}
|
||||
P_R_EXT_SERVERDIR=${R_EXT_SERVERDIR}
|
||||
P_R_EXT_CLIENTDIR=${R_EXT_CLIENTDIR}
|
||||
+ P_R_IMPLICIT_INIT_DIR=${R_IMPLICIT_INIT_DIR}
|
||||
if [ -n "${MULTIACCESS_DBM}" ]; then
|
||||
P_R_CADIR="multiaccess:${D_CA}"
|
||||
P_R_ALICEDIR="multiaccess:${D_ALICE}"
|
||||
P_R_BOBDIR="multiaccess:${D_BOB}"
|
||||
P_R_DAVEDIR="multiaccess:${D_DAVE}"
|
||||
P_R_EVEDIR="multiaccess:${D_EVE}"
|
||||
P_R_SERVERDIR="multiaccess:${D_SERVER}"
|
||||
P_R_CLIENTDIR="multiaccess:${D_CLIENT}"
|
||||
P_R_NOLOGINDIR="multiaccess:${D_NOLOGIN}"
|
||||
P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}"
|
||||
P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}"
|
||||
+ P_R_IMPLICIT_INIT_DIR="multiaccess:${D_IMPLICIT_INIT}"
|
||||
fi
|
||||
|
||||
R_PWFILE=../tests.pw
|
||||
R_EMPTY_FILE=../tests_empty
|
||||
R_NOISE_FILE=../tests_noise
|
||||
|
||||
R_FIPSPWFILE=../tests.fipspw
|
||||
R_FIPSBADPWFILE=../tests.fipsbadpw
|
||||
|
@ -1,191 +0,0 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User Daiki Ueno <dueno@redhat.com>
|
||||
# Date 1505483851 -7200
|
||||
# Node ID 279b257c6433f1972d49c529247e6ed2633b979f
|
||||
# Parent 88b6e9707b17c6b1ba5017cbf62e70bba58c2fcd
|
||||
Bug 1395495, modutil: Initialize DB with empty password on -create, r=kaie
|
||||
|
||||
diff --git a/cmd/modutil/error.h b/cmd/modutil/error.h
|
||||
--- a/cmd/modutil/error.h
|
||||
+++ b/cmd/modutil/error.h
|
||||
@@ -52,16 +52,17 @@ typedef enum {
|
||||
ENABLE_FAILED_ERR,
|
||||
UPDATE_MOD_FAILED_ERR,
|
||||
DEFAULT_FAILED_ERR,
|
||||
UNDEFAULT_FAILED_ERR,
|
||||
STDIN_READ_ERR,
|
||||
UNSPECIFIED_ERR,
|
||||
NOCERTDB_MISUSE_ERR,
|
||||
NSS_INITIALIZE_FAILED_ERR,
|
||||
+ INITPW_FAILED_ERR,
|
||||
|
||||
LAST_ERR /* must be last */
|
||||
} Error;
|
||||
#define SUCCESS NO_ERR
|
||||
|
||||
/* !!! Should move this into its own .c and un-static it. */
|
||||
static char *errStrings[] = {
|
||||
"Operation completed successfully.\n",
|
||||
@@ -105,17 +106,18 @@ static char *errStrings[] = {
|
||||
"ERROR: Slot \"%s\" not found.\n",
|
||||
"ERROR: Failed to %s slot \"%s\".\n",
|
||||
"ERROR: Failed to update module \"%s\".\n",
|
||||
"ERROR: Failed to change defaults.\n",
|
||||
"ERROR: Failed to change default.\n",
|
||||
"ERROR: Unable to read from standard input.\n",
|
||||
"ERROR: Unknown error occurred.\n",
|
||||
"ERROR: -nocertdb option can only be used with the -jar command.\n",
|
||||
- "ERROR: NSS_Initialize() failed.\n"
|
||||
+ "ERROR: NSS_Initialize() failed.\n",
|
||||
+ "ERROR: Unable to set initial password on the database.\n"
|
||||
};
|
||||
|
||||
typedef enum {
|
||||
FIPS_ENABLED_MSG = 0,
|
||||
FIPS_DISABLED_MSG,
|
||||
USING_DBDIR_MSG,
|
||||
CREATING_DB_MSG,
|
||||
ADD_MODULE_SUCCESS_MSG,
|
||||
diff --git a/cmd/modutil/modutil.c b/cmd/modutil/modutil.c
|
||||
--- a/cmd/modutil/modutil.c
|
||||
+++ b/cmd/modutil/modutil.c
|
||||
@@ -860,17 +860,17 @@ main(int argc, char* argv[])
|
||||
switch (command) {
|
||||
case ADD_COMMAND:
|
||||
errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
|
||||
break;
|
||||
case CHANGEPW_COMMAND:
|
||||
errcode = ChangePW(tokenName, pwFile, newpwFile);
|
||||
break;
|
||||
case CREATE_COMMAND:
|
||||
- /* The work was already done in init_crypto() */
|
||||
+ errcode = InitPW();
|
||||
break;
|
||||
case DEFAULT_COMMAND:
|
||||
errcode = SetDefaultModule(moduleName, slotName, mechanisms);
|
||||
break;
|
||||
case DELETE_COMMAND:
|
||||
errcode = DeleteModule(moduleName);
|
||||
break;
|
||||
case DISABLE_COMMAND:
|
||||
diff --git a/cmd/modutil/modutil.h b/cmd/modutil/modutil.h
|
||||
--- a/cmd/modutil/modutil.h
|
||||
+++ b/cmd/modutil/modutil.h
|
||||
@@ -24,16 +24,17 @@
|
||||
Error LoadMechanismList(void);
|
||||
Error FipsMode(char *arg);
|
||||
Error ChkFipsMode(char *arg);
|
||||
Error AddModule(char *moduleName, char *libFile, char *ciphers,
|
||||
char *mechanisms, char *modparms);
|
||||
Error DeleteModule(char *moduleName);
|
||||
Error ListModule(char *moduleName);
|
||||
Error ListModules();
|
||||
+Error InitPW(void);
|
||||
Error ChangePW(char *tokenName, char *pwFile, char *newpwFile);
|
||||
Error EnableModule(char *moduleName, char *slotName, PRBool enable);
|
||||
Error RawAddModule(char *dbmodulespec, char *modulespec);
|
||||
Error RawListModule(char *modulespec);
|
||||
Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
|
||||
Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
|
||||
void out_of_memory(void);
|
||||
|
||||
diff --git a/cmd/modutil/pk11.c b/cmd/modutil/pk11.c
|
||||
--- a/cmd/modutil/pk11.c
|
||||
+++ b/cmd/modutil/pk11.c
|
||||
@@ -665,16 +665,49 @@ loser:
|
||||
if (module) {
|
||||
SECMOD_DestroyModule(module);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
*
|
||||
+ * I n i t P W
|
||||
+ */
|
||||
+Error
|
||||
+InitPW(void)
|
||||
+{
|
||||
+ PK11SlotInfo *slot;
|
||||
+ Error ret = UNSPECIFIED_ERR;
|
||||
+
|
||||
+ slot = PK11_GetInternalKeySlot();
|
||||
+ if (!slot) {
|
||||
+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], "internal");
|
||||
+ return NO_SUCH_TOKEN_ERR;
|
||||
+ }
|
||||
+
|
||||
+ /* Set the initial password to empty */
|
||||
+ if (PK11_NeedUserInit(slot)) {
|
||||
+ if (PK11_InitPin(slot, NULL, "") != SECSuccess) {
|
||||
+ PR_fprintf(PR_STDERR, errStrings[INITPW_FAILED_ERR]);
|
||||
+ ret = INITPW_FAILED_ERR;
|
||||
+ goto loser;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ ret = SUCCESS;
|
||||
+
|
||||
+loser:
|
||||
+ PK11_FreeSlot(slot);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+/************************************************************************
|
||||
+ *
|
||||
* C h a n g e P W
|
||||
*/
|
||||
Error
|
||||
ChangePW(char *tokenName, char *pwFile, char *newpwFile)
|
||||
{
|
||||
char *oldpw = NULL, *newpw = NULL, *newpw2 = NULL;
|
||||
PK11SlotInfo *slot;
|
||||
Error ret = UNSPECIFIED_ERR;
|
||||
diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh
|
||||
--- a/tests/tools/tools.sh
|
||||
+++ b/tests/tools/tools.sh
|
||||
@@ -492,27 +492,41 @@ SIGNSCRIPT
|
||||
|
||||
echo "$SCRIPTNAME: Show who signed xpi ------------------------------"
|
||||
echo "signtool -w nojs.xpi -d ${P_R_SIGNDIR}"
|
||||
${BINDIR}/signtool -w nojs.xpi -d ${P_R_SIGNDIR}
|
||||
html_msg $? 0 "Show who signed xpi (signtool -w)"
|
||||
|
||||
}
|
||||
|
||||
+tools_modutil()
|
||||
+{
|
||||
+ echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized"
|
||||
+ mkdir -p ${R_TOOLSDIR}/moddir
|
||||
+ modu -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
|
||||
+ ret=$?
|
||||
+ ${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \
|
||||
+ -x -t ',,' -z "${R_NOISE_FILE}"
|
||||
+ ret=$?
|
||||
+ html_msg $ret 0 "Test if DB created by modutil -create is initialized"
|
||||
+ check_tmpfile
|
||||
+}
|
||||
+
|
||||
############################## tools_cleanup ###########################
|
||||
# local shell function to finish this script (no exit since it might be
|
||||
# sourced)
|
||||
########################################################################
|
||||
tools_cleanup()
|
||||
{
|
||||
html "</TABLE><BR>"
|
||||
cd ${QADIR}
|
||||
. common/cleanup.sh
|
||||
}
|
||||
|
||||
################## main #################################################
|
||||
|
||||
tools_init
|
||||
tools_p12
|
||||
tools_sign
|
||||
+tools_modutil
|
||||
tools_cleanup
|
||||
|
||||
|
||||
|
@ -1,33 +0,0 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User Daiki Ueno <dueno@redhat.com>
|
||||
# Date 1505742679 -7200
|
||||
# Node ID 70109a01ce53328b511aaa6c839593a3282cb725
|
||||
# Parent 279b257c6433f1972d49c529247e6ed2633b979f
|
||||
Bug 1395495, bustage fix, Don't use the modu function from cert.sh, r=kaie
|
||||
|
||||
diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh
|
||||
--- a/tests/tools/tools.sh
|
||||
+++ b/tests/tools/tools.sh
|
||||
@@ -496,17 +496,19 @@ SIGNSCRIPT
|
||||
html_msg $? 0 "Show who signed xpi (signtool -w)"
|
||||
|
||||
}
|
||||
|
||||
tools_modutil()
|
||||
{
|
||||
echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized"
|
||||
mkdir -p ${R_TOOLSDIR}/moddir
|
||||
- modu -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
|
||||
+ # copied from modu function in cert.sh
|
||||
+ # echo is used to press Enter expected by modutil
|
||||
+ echo | ${BINDIR}/modutil -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
|
||||
ret=$?
|
||||
${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \
|
||||
-x -t ',,' -z "${R_NOISE_FILE}"
|
||||
ret=$?
|
||||
html_msg $ret 0 "Test if DB created by modutil -create is initialized"
|
||||
check_tmpfile
|
||||
}
|
||||
|
||||
|
24
nss.spec
24
nss.spec
@ -1,15 +1,15 @@
|
||||
%global nspr_version 4.17.0
|
||||
%global nss_util_version 3.33.0
|
||||
%global nss_softokn_version 3.33.0
|
||||
%global nss_util_version 3.34.0
|
||||
%global nss_softokn_version 3.34.0
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
||||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.33.0
|
||||
Version: 3.34.0
|
||||
# for Rawhide, please always use release >= 2
|
||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||
Release: 6%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
@ -98,13 +98,6 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||
Patch59: nss-check-policy-file.patch
|
||||
Patch62: nss-skip-util-gtest.patch
|
||||
|
||||
# rhbz#1505487, backport several upstream fixes from upstream NSS 3.34
|
||||
Patch71: nss-sql-1-1403691-a.patch
|
||||
Patch72: nss-sql-1-1403691-b.patch
|
||||
Patch73: nss-sql-2-1382278-a.patch
|
||||
Patch74: nss-sql-2-1382278-b.patch
|
||||
Patch75: nss-sql-3-1395495-a.patch
|
||||
Patch76: nss-sql-3-1395495-b.patch
|
||||
# Fix upgrade_db test use dbm by default, required with default sql
|
||||
Patch77: nss-sql-4-1377940-test.patch
|
||||
|
||||
@ -191,12 +184,6 @@ pushd nss
|
||||
%patch59 -p1 -b .check_policy_file
|
||||
%patch62 -p1 -b .skip_util_gtest
|
||||
|
||||
%patch71 -p1 -b .1403691-a
|
||||
%patch72 -p1 -b .1403691-b
|
||||
%patch73 -p1 -b .1382278-a
|
||||
%patch74 -p1 -b .1382278-b
|
||||
%patch75 -p1 -b .1395495-a
|
||||
%patch76 -p1 -b .1395495-b
|
||||
%patch77 -p1 -b .1377940
|
||||
|
||||
popd
|
||||
@ -774,6 +761,9 @@ done
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Nov 14 2017 Daiki Ueno <dueno@redhat.com> - 3.34.0-2
|
||||
- Update to NSS 3.34.0
|
||||
|
||||
* Fri Nov 10 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-6
|
||||
- Make sure 32bit nss-pem always be installed with 32bit nss in
|
||||
multlib environment, patch by Kamil Dudka
|
||||
|
2
sources
2
sources
@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
|
||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||
SHA512 (nss-3.33.0.tar.gz) = 50c0445c64972e80ac5863b34c3e0639a02f32247d1a6d3505e2a7c93c950c098f79e75cd9ca420b8b77432ac4558eed049e621f080f53b5652a3bbc1f390c54
|
||||
SHA512 (nss-3.34.0.tar.gz) = 2826e3d327af34714d521edac0fba4da6e14c7a28750ccfeeba8259b0a1954233fc47dcbec47b6aeb96f53de501adc15adf130379efa503b00677a924eb50080
|
||||
|
Loading…
Reference in New Issue
Block a user