Update to NSS 3.21

- Package listsuites as part of the unsupported tools set
- Resolves: Bug 1279912 - nss-3.21 is available
- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit
- Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set
This commit is contained in:
Elio Maldonado 2015-11-13 17:53:10 -08:00
parent 81b37a0f74
commit c13e32fe80
3 changed files with 146 additions and 18 deletions

View File

@ -1,2 +0,0 @@
Dummy source file that we by uploading it lets us verify that nss builds
do not cause the 'fedpkg upload' or 'fedpg new-sources' commands to hang.

View File

@ -1,16 +0,0 @@
diff -up nss/lib/ssl/sslsock.c.nobypass nss/lib/ssl/sslsock.c
--- nss/lib/ssl/sslsock.c.nobypass 2013-05-30 22:23:37.305583715 -0700
+++ nss/lib/ssl/sslsock.c 2013-05-30 22:23:37.311583762 -0700
@@ -553,8 +553,10 @@ static PRStatus SSL_BypassRegisterShutdo
static PRStatus SSL_BypassSetup(void)
{
#ifdef NO_PKCS11_BYPASS
- /* Guarantee binary compatibility */
- return PR_SUCCESS;
+ /* No need in our case to guarantee binary compatibility and
+ * we can safely return failure as we have never supported it
+ */
+ return PR_FAILURE;
#else
return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown);
#endif

View File

@ -0,0 +1,146 @@
diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h
--- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror 2014-01-23 06:28:18.000000000 -0800
+++ ./nss/lib/ckfw/pem/ckpem.h 2015-11-13 12:07:29.219887390 -0800
@@ -233,6 +233,9 @@ struct pemLOWKEYPrivateKeyStr {
};
typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey;
+/* NOTE: Discrepancy with the the way callers use of the return value as a count
+ * Fix this when we sync. up with the cleanup work being done at nss-pem project.
+ */
SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly);
const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type);
void pem_PopulateModulusExponent(pemInternalObject *io);
diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c
--- ./nss/lib/ckfw/pem/pinst.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
+++ ./nss/lib/ckfw/pem/pinst.c 2015-11-13 12:07:29.219887390 -0800
@@ -472,7 +472,9 @@ AddCertificate(char *certfile, char *key
char *ivstring = NULL;
int cipher;
- nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+ /* TODO: Fix discrepancy between our usage of the return value as
+ * as an int (a count) and the declaration as a SECStatus. */
+ nobjs = (int) ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
if (nobjs <= 0) {
nss_ZFreeIf(objs);
return CKR_GENERAL_ERROR;
@@ -515,8 +517,10 @@ AddCertificate(char *certfile, char *key
if (keyfile) { /* add the private key */
SECItem **keyobjs = NULL;
int kobjs = 0;
+ /* TODO: Fix discrepancy between our usage of the return value as
+ * as an int and the declaration as a SECStatus. */
kobjs =
- ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
+ (int) ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
&ivstring, PR_FALSE);
if (kobjs < 1) {
error = CKR_GENERAL_ERROR;
diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c
--- ./nss/lib/ckfw/pem/pobject.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
+++ ./nss/lib/ckfw/pem/pobject.c 2015-11-13 12:07:29.220887368 -0800
@@ -630,6 +630,11 @@ pem_DestroyInternalObject
if (io->u.key.ivstring)
free(io->u.key.ivstring);
break;
+ case pemAll:
+ /* pemAll is not used, keep the compiler happy
+ * TODO: investigate a proper solution
+ */
+ return;
}
if (NULL != gobj)
@@ -1044,7 +1049,9 @@ pem_CreateObject
int nobjs = 0;
int i;
int objid;
+#if 0
pemToken *token;
+#endif
int cipher;
char *ivstring = NULL;
pemInternalObject *listObj = NULL;
@@ -1073,7 +1080,9 @@ pem_CreateObject
}
slotID = nssCKFWSlot_GetSlotID(fwSlot);
+#if 0
token = (pemToken *) mdToken->etc;
+#endif
/*
* only create keys and certs.
@@ -1114,7 +1123,11 @@ pem_CreateObject
}
if (objClass == CKO_CERTIFICATE) {
- nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+ /* TODO: Fix discrepancy between our usage of the return value as
+ * as an int and the declaration as a SECStatus. Typecasting as a
+ * temporary workaround.
+ */
+ nobjs = (int) ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
if (nobjs < 1)
goto loser;
diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c
--- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
+++ ./nss/lib/ckfw/pem/rsawrapr.c 2015-11-13 12:07:29.220887368 -0800
@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
return 0;
}
+/* unused functions */
+#if 0
static SHA1Context *SHA1_CloneContext(SHA1Context * original)
{
SHA1Context *clone = NULL;
@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un
return SECSuccess;
}
+#endif /* unused functions */
/*
* Format one block of data for public/private key encryption using
diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c
--- ./nss/lib/ckfw/pem/util.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
+++ ./nss/lib/ckfw/pem/util.c 2015-11-13 12:22:52.282196306 -0800
@@ -131,7 +131,8 @@ static SECStatus FileToItem(SECItem * ds
return SECFailure;
}
-int
+/* FIX: Returns a SECStatus yet callers take result as a count */
+SECStatus
ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
int *cipher, char **ivstring, PRBool certsonly)
{
@@ -237,7 +238,12 @@ ReadDERFromFile(SECItem *** derlist, cha
goto loser;
}
if ((certsonly && !key) || (!certsonly && key)) {
+ error = CKR_OK;
PUT_Object(der, error);
+ if (error != CKR_OK) {
+ free(der);
+ goto loser;
+ }
} else {
free(der->data);
free(der);
@@ -255,7 +261,12 @@ ReadDERFromFile(SECItem *** derlist, cha
}
/* NOTE: This code path has never been tested. */
+ error = CKR_OK;
PUT_Object(der, error);
+ if (error != CKR_OK) {
+ free(der);
+ goto loser;
+ }
}
nss_ZFreeIf(filedata.data);