From c13e32fe803c886477e60f8755ba529058b27f21 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Fri, 13 Nov 2015 17:53:10 -0800 Subject: [PATCH] Update to NSS 3.21 - Package listsuites as part of the unsupported tools set - Resolves: Bug 1279912 - nss-3.21 is available - Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit - Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set --- dummy-sources-for-testing | 2 - nss-ssl-enforce-no-pkcs11-bypass.path | 16 --- pem-compile-with-Werror.patch | 146 ++++++++++++++++++++++++++ 3 files changed, 146 insertions(+), 18 deletions(-) delete mode 100644 dummy-sources-for-testing delete mode 100644 nss-ssl-enforce-no-pkcs11-bypass.path create mode 100644 pem-compile-with-Werror.patch diff --git a/dummy-sources-for-testing b/dummy-sources-for-testing deleted file mode 100644 index 59ba8d6..0000000 --- a/dummy-sources-for-testing +++ /dev/null @@ -1,2 +0,0 @@ -Dummy source file that we by uploading it lets us verify that nss builds -do not cause the 'fedpkg upload' or 'fedpg new-sources' commands to hang. diff --git a/nss-ssl-enforce-no-pkcs11-bypass.path b/nss-ssl-enforce-no-pkcs11-bypass.path deleted file mode 100644 index 3c99446..0000000 --- a/nss-ssl-enforce-no-pkcs11-bypass.path +++ /dev/null @@ -1,16 +0,0 @@ -diff -up nss/lib/ssl/sslsock.c.nobypass nss/lib/ssl/sslsock.c ---- nss/lib/ssl/sslsock.c.nobypass 2013-05-30 22:23:37.305583715 -0700 -+++ nss/lib/ssl/sslsock.c 2013-05-30 22:23:37.311583762 -0700 -@@ -553,8 +553,10 @@ static PRStatus SSL_BypassRegisterShutdo - static PRStatus SSL_BypassSetup(void) - { - #ifdef NO_PKCS11_BYPASS -- /* Guarantee binary compatibility */ -- return PR_SUCCESS; -+ /* No need in our case to guarantee binary compatibility and -+ * we can safely return failure as we have never supported it -+ */ -+ return PR_FAILURE; - #else - return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown); - #endif diff --git a/pem-compile-with-Werror.patch b/pem-compile-with-Werror.patch new file mode 100644 index 0000000..392d74a --- /dev/null +++ b/pem-compile-with-Werror.patch @@ -0,0 +1,146 @@ +diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h +--- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/ckpem.h 2015-11-13 12:07:29.219887390 -0800 +@@ -233,6 +233,9 @@ struct pemLOWKEYPrivateKeyStr { + }; + typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey; + ++/* NOTE: Discrepancy with the the way callers use of the return value as a count ++ * Fix this when we sync. up with the cleanup work being done at nss-pem project. ++ */ + SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly); + const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type); + void pem_PopulateModulusExponent(pemInternalObject *io); +diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c +--- ./nss/lib/ckfw/pem/pinst.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/pinst.c 2015-11-13 12:07:29.219887390 -0800 +@@ -472,7 +472,9 @@ AddCertificate(char *certfile, char *key + char *ivstring = NULL; + int cipher; + +- nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); ++ /* TODO: Fix discrepancy between our usage of the return value as ++ * as an int (a count) and the declaration as a SECStatus. */ ++ nobjs = (int) ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); + if (nobjs <= 0) { + nss_ZFreeIf(objs); + return CKR_GENERAL_ERROR; +@@ -515,8 +517,10 @@ AddCertificate(char *certfile, char *key + if (keyfile) { /* add the private key */ + SECItem **keyobjs = NULL; + int kobjs = 0; ++ /* TODO: Fix discrepancy between our usage of the return value as ++ * as an int and the declaration as a SECStatus. */ + kobjs = +- ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher, ++ (int) ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher, + &ivstring, PR_FALSE); + if (kobjs < 1) { + error = CKR_GENERAL_ERROR; +diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c +--- ./nss/lib/ckfw/pem/pobject.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/pobject.c 2015-11-13 12:07:29.220887368 -0800 +@@ -630,6 +630,11 @@ pem_DestroyInternalObject + if (io->u.key.ivstring) + free(io->u.key.ivstring); + break; ++ case pemAll: ++ /* pemAll is not used, keep the compiler happy ++ * TODO: investigate a proper solution ++ */ ++ return; + } + + if (NULL != gobj) +@@ -1044,7 +1049,9 @@ pem_CreateObject + int nobjs = 0; + int i; + int objid; ++#if 0 + pemToken *token; ++#endif + int cipher; + char *ivstring = NULL; + pemInternalObject *listObj = NULL; +@@ -1073,7 +1080,9 @@ pem_CreateObject + } + slotID = nssCKFWSlot_GetSlotID(fwSlot); + ++#if 0 + token = (pemToken *) mdToken->etc; ++#endif + + /* + * only create keys and certs. +@@ -1114,7 +1123,11 @@ pem_CreateObject + } + + if (objClass == CKO_CERTIFICATE) { +- nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); ++ /* TODO: Fix discrepancy between our usage of the return value as ++ * as an int and the declaration as a SECStatus. Typecasting as a ++ * temporary workaround. ++ */ ++ nobjs = (int) ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); + if (nobjs < 1) + goto loser; + +diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c +--- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/rsawrapr.c 2015-11-13 12:07:29.220887368 -0800 +@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey + return 0; + } + ++/* unused functions */ ++#if 0 + static SHA1Context *SHA1_CloneContext(SHA1Context * original) + { + SHA1Context *clone = NULL; +@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un + + return SECSuccess; + } ++#endif /* unused functions */ + + /* + * Format one block of data for public/private key encryption using +diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c +--- ./nss/lib/ckfw/pem/util.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/util.c 2015-11-13 12:22:52.282196306 -0800 +@@ -131,7 +131,8 @@ static SECStatus FileToItem(SECItem * ds + return SECFailure; + } + +-int ++/* FIX: Returns a SECStatus yet callers take result as a count */ ++SECStatus + ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii, + int *cipher, char **ivstring, PRBool certsonly) + { +@@ -237,7 +238,12 @@ ReadDERFromFile(SECItem *** derlist, cha + goto loser; + } + if ((certsonly && !key) || (!certsonly && key)) { ++ error = CKR_OK; + PUT_Object(der, error); ++ if (error != CKR_OK) { ++ free(der); ++ goto loser; ++ } + } else { + free(der->data); + free(der); +@@ -255,7 +261,12 @@ ReadDERFromFile(SECItem *** derlist, cha + } + + /* NOTE: This code path has never been tested. */ ++ error = CKR_OK; + PUT_Object(der, error); ++ if (error != CKR_OK) { ++ free(der); ++ goto loser; ++ } + } + + nss_ZFreeIf(filedata.data);