From e6c0644902eb27b56552c37485be3f115f585925 Mon Sep 17 00:00:00 2001 From: Bob Relyea Date: Tue, 14 Jun 2022 18:50:06 -0700 Subject: [PATCH] Resolves: rhbz#2064360 - resolve more regressions. selfserv no longer handles IPV4 when configured for IPV6. --- nspr-4.34-server-passive.patch | 12 + nss-3.79-remove-explicit-ipv4.patch | 442 ---------------------------- nss.spec | 9 +- 3 files changed, 19 insertions(+), 444 deletions(-) create mode 100644 nspr-4.34-server-passive.patch delete mode 100644 nss-3.79-remove-explicit-ipv4.patch diff --git a/nspr-4.34-server-passive.patch b/nspr-4.34-server-passive.patch new file mode 100644 index 0000000..ed8d713 --- /dev/null +++ b/nspr-4.34-server-passive.patch @@ -0,0 +1,12 @@ +diff -r c75b4e36b7e8 pr/src/misc/prnetdb.c +--- a/pr/src/misc/prnetdb.c Wed May 25 23:39:48 2022 +0200 ++++ b/pr/src/misc/prnetdb.c Tue Jun 14 18:48:03 2022 -0400 +@@ -2204,6 +2204,7 @@ + + memset(&hints, 0, sizeof(hints)); + ++ hints.ai_flags = AI_PASSIVE; + rv = GETADDRINFO(NULL, tmpBuf, &hints, &res); + if (rv == 0) { + PRBool result_still_empty = PR_TRUE; + diff --git a/nss-3.79-remove-explicit-ipv4.patch b/nss-3.79-remove-explicit-ipv4.patch deleted file mode 100644 index 3222e8c..0000000 --- a/nss-3.79-remove-explicit-ipv4.patch +++ /dev/null @@ -1,442 +0,0 @@ -diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh ---- a/tests/ssl/ssl.sh -+++ b/tests/ssl/ssl.sh -@@ -81,16 +81,17 @@ ssl_init() - if [ -n "$NSS_TASKCLUSTER_MAC" ]; then - cwd=$(cd $(dirname $0); pwd -P) - padd=$(echo $cwd | cut -d "/" -f4 | sed 's/[^0-9]//g') - PORT=$(($PORT + $padd)) - fi - NSS_SSL_TESTS=${NSS_SSL_TESTS:-normal_normal} - nss_ssl_run="stapling signed_cert_timestamps cov auth dtls scheme exporter" - NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run} -+ IPVER=${NSS_CLIENT_IPVER} - - # Test case files - SSLCOV=${QADIR}/ssl/sslcov.txt - SSLAUTH=${QADIR}/ssl/sslauth.txt - SSLSTRESS=${QADIR}/ssl/sslstress.txt - SSLPOLICY=${QADIR}/ssl/sslpolicy.txt - REQUEST_FILE=${QADIR}/ssl/sslreq.dat - -@@ -166,26 +167,26 @@ is_selfserv_alive() - - ########################### wait_for_selfserv ########################## - # local shell function to wait until selfserver is running and initialized - ######################################################################## - wait_for_selfserv() - { - #verbose="-v" - echo "trying to connect to selfserv at `date`" -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\" - echo " -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}" -- ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \ -+ ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \ - -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE} - if [ $? -ne 0 ]; then - sleep 5 - echo "retrying to connect to selfserv at `date`" - echo "tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\" - echo " -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}" -- ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \ -+ ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \ - -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE} - if [ $? -ne 0 ]; then - html_failed "Waiting for Server" - fi - fi - is_selfserv_alive - } - -@@ -371,21 +372,21 @@ ssl_cov() - if [ "$VMAX" = "ssl3" -a "$VMIN" = "tls1.1" ]; then - kill_selfserv - start_selfserv $CIPHER_SUITES - VMIN="ssl3" - fi - - - -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\" - echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}" - - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \ - -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \ - >${TMP}/$HOST.tmp.$$ 2>&1 - ret=$? - cat ${TMP}/$HOST.tmp.$$ - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - html_msg $ret 0 "${testname}" \ - "produced a returncode of $ret, expected is 0" - done < ${SSL_COV_TMP} -@@ -427,21 +428,21 @@ ssl_cov_rsa_pss() - ;; - *) - continue - ;; - esac - - echo "$SCRIPTNAME: running $testname (RSA-PSS) ----------------------------" - -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\" - echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}" - - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \ - -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \ - >${TMP}/$HOST.tmp.$$ 2>&1 - ret=$? - cat ${TMP}/$HOST.tmp.$$ - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - html_msg $ret 0 "${testname}" \ - "produced a returncode of $ret, expected is 0" - done -@@ -480,20 +481,20 @@ ssl_auth() - unset SERVER_VMIN - unset SERVER_VMAX - if [ $TLS13 -eq 0 ] ; then - SERVER_VMIN=tls1.0 - SERVER_VMAX=tls1.3 - fi - start_selfserv `echo "$sparam" | sed -e 's;\([^\\]\)_;\1 ;g' -e 's;\\\\_;_;g'` - -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" - echo " ${cparam} < ${REQUEST_FILE}" - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${cparam} $verbose ${CLIENT_OPTIONS} \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${cparam} $verbose ${CLIENT_OPTIONS} \ - -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \ - >${TMP}/$HOST.tmp.$$ 2>&1 - ret=$? - cat ${TMP}/$HOST.tmp.$$ - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - - #workaround for bug #402058 - [ $ret -ne 0 ] && ret=1 -@@ -528,20 +529,20 @@ ssl_stapling_sub() - - SAVE_P_R_SERVERDIR=${P_R_SERVERDIR} - P_R_SERVERDIR=${P_R_SERVERDIR}/../stapling/ - - echo "${testname}" - - start_selfserv - -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" - echo " -c v -T -O -F -M 1 -V ssl3:tls1.2 ${CLIENT_PW} < ${REQUEST_FILE}" - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ - -d ${P_R_CLIENTDIR} $verbose -c v -T -O -F -M 1 -V ssl3:tls1.2 ${CLIENT_PW} < ${REQUEST_FILE} \ - >${TMP}/$HOST.tmp.$$ 2>&1 - ret=$? - cat ${TMP}/$HOST.tmp.$$ - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - - # hopefully no workaround for bug #402058 needed here? - # (see commands in ssl_auth -@@ -572,20 +573,20 @@ ssl_stapling_stress() - SERVER_OPTIONS="${SERVER_OPTIONS} ${SO}" - - SAVE_P_R_SERVERDIR=${P_R_SERVERDIR} - P_R_SERVERDIR=${P_R_SERVERDIR}/../stapling/ - - echo "${testname}" - start_selfserv - -- echo "strsclnt -4 -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \\" -+ echo "strsclnt ${IPVER} -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \\" - echo " -c 1000 -V ssl3:tls1.2 -N -T $verbose ${HOSTADDR}" - echo "strsclnt started at `date`" -- ${PROFTOOL} ${BINDIR}/strsclnt -4 -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \ -+ ${PROFTOOL} ${BINDIR}/strsclnt ${IPVER} -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \ - -c 1000 -V ssl3:tls1.2 -N -T $verbose ${HOSTADDR} - ret=$? - - echo "strsclnt completed at `date`" - html_msg $ret $value \ - "${testname}" \ - "produced a returncode of $ret, expected is $value." - kill_selfserv -@@ -638,20 +639,20 @@ ssl_signed_cert_timestamps() - value=0 - - echo "${testname}" - - start_selfserv - - # Since we don't have server-side support, this test only covers advertising the - # extension in the client hello. -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" - echo " -U -V tls1.0:tls1.2 ${CLIENT_PW} < ${REQUEST_FILE}" - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ - -d ${P_R_CLIENTDIR} $verbose -U -V tls1.0:tls1.2 ${CLIENT_PW} < ${REQUEST_FILE} \ - >${TMP}/$HOST.tmp.$$ 2>&1 - ret=$? - cat ${TMP}/$HOST.tmp.$$ - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - - html_msg $ret $value "${testname}" \ - "produced a returncode of $ret, expected is $value" -@@ -697,20 +698,20 @@ ssl_stress() - fi - - if [ "${NOLOGIN}" -eq 0 ] ; then - dbdir=${P_R_NOLOGINDIR} - else - dbdir=${P_R_CLIENTDIR} - fi - -- echo "strsclnt -4 -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \\" -+ echo "strsclnt ${IPVER} -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \\" - echo " -V ssl3:tls1.2 $verbose ${HOSTADDR}" - echo "strsclnt started at `date`" -- ${PROFTOOL} ${BINDIR}/strsclnt -4 -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \ -+ ${PROFTOOL} ${BINDIR}/strsclnt ${IPVER} -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \ - -V ssl3:tls1.2 $verbose ${HOSTADDR} - ret=$? - echo "strsclnt completed at `date`" - html_msg $ret $value \ - "${testname}" \ - "produced a returncode of $ret, expected is $value. " - if [ "`uname -n`" = "sjsu" ] ; then - echo "debugging disapering selfserv... ps -ef | grep selfserv" -@@ -789,20 +790,20 @@ ssl_crl_ssl() - while [ $TEMP_NUM -lt $CRL_GROUP_RANGE ] - do - CURR_SER_NUM=`expr ${CRL_GROUP_BEGIN} + ${TEMP_NUM}` - TEMP_NUM=`expr $TEMP_NUM + 1` - USER_NICKNAME="TestUser${CURR_SER_NUM}" - cparam=`echo $_cparam | sed -e 's;\([^\\]\)_;\1 ;g' -e 's;\\\\_;_;g' -e "s/TestUser/$USER_NICKNAME/g" ` - start_selfserv `echo "$sparam" | sed -e 's;\([^\\]\)_;\1 ;g' -e 's;\\\\_;_;g'` - -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\" - echo " ${cparam} < ${REQUEST_FILE}" - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${cparam} \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${cparam} \ - -d ${R_CLIENTDIR} $verbose < ${REQUEST_FILE} \ - >${TMP}/$HOST.tmp.$$ 2>&1 - ret=$? - cat ${TMP}/$HOST.tmp.$$ - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - if [ $CURR_SER_NUM -ne $UNREVOKED_CERT ]; then - modvalue=$rev_modvalue - testAddMsg="revoked" -@@ -884,21 +885,21 @@ ssl_policy() - if [ "$testmax" = "TLS12" ]; then - VMAX="tls1.2" - fi - - # load the policy - policy=`echo ${policy} | sed -e 's;_; ;g'` - setup_policy "$policy" ${P_R_CLIENTDIR} - -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\" - echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}" - - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \ - -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \ - >${TMP}/$HOST.tmp.$$ 2>&1 - ret=$? - cat ${TMP}/$HOST.tmp.$$ - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - - #workaround for bug #402058 - [ $ret -ne 0 ] && ret=1 -@@ -1066,22 +1067,22 @@ ssl_policy_selfserv() - - start_selfserv $CIPHER_SUITES - - SERVER_OPTIONS="${SAVE_SERVER_OPTIONS}" - VMIN="ssl3" - VMAX="tls1.2" - - # Try to connect to the server with a ciphersuite using RSA in key exchange -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\" - echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}" - - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - RET_EXP=254 -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \ - -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \ - >${TMP}/$HOST.tmp.$$ 2>&1 - RET=$? - cat ${TMP}/$HOST.tmp.$$ - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - - html_msg $RET $RET_EXP "${testname}" \ - "produced a returncode of $RET, expected is $RET_EXP" -@@ -1156,30 +1157,30 @@ load_group_crl() { - if [ $group -eq 1 ]; then - echo "==================== Resetting to group 1 crl ===================" - kill_selfserv - start_selfserv - is_selfserv_alive - fi - echo "================= Reloading ${eccomment}CRL for group $grpBegin - $grpEnd =============" - -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\" - echo " -V ssl3:tls1.2 -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix}" - echo "Request:" - echo "GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}" - echo "" - echo "RELOAD time $i" - - REQF=${R_CLIENTDIR}.crlreq - cat > ${REQF} <<_EOF_REQUEST_ - GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix} - - _EOF_REQUEST_ - -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f \ - -d ${R_CLIENTDIR} $verbose -V ssl3:tls1.2 -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix} \ - >${OUTFILE_TMP} 2>&1 < ${REQF} - - cat ${OUTFILE_TMP} - grep "CRL ReCache Error" ${OUTFILE_TMP} - if [ $? -eq 0 ]; then - ret=1 - return 1 -@@ -1257,20 +1258,20 @@ ssl_crl_cache() - while [ $TEMP_NUM -lt $TOTAL_CRL_RANGE ] - do - CURR_SER_NUM=`expr ${CRL_GRP_1_BEGIN} + ${TEMP_NUM}` - TEMP_NUM=`expr $TEMP_NUM + 1` - USER_NICKNAME="TestUser${CURR_SER_NUM}" - cparam=`echo $_cparam | sed -e 's;\([^\]\)_;\1 ;g' -e 's;\\_;_;g' -e "s/TestUser/$USER_NICKNAME/g" ` - - echo "Server Args: $SERV_ARG" -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\" - echo " ${cparam} < ${REQUEST_FILE}" - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${cparam} \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${cparam} \ - -d ${R_CLIENTDIR} $verbose < ${REQUEST_FILE} \ - >${TMP}/$HOST.tmp.$$ 2>&1 - ret=$? - cat ${TMP}/$HOST.tmp.$$ - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - is_revoked ${CURR_SER_NUM} ${LOADED_GRP} - isRevoked=$? - if [ $isRevoked -eq 0 ]; then -@@ -1325,29 +1326,29 @@ ssl_dtls() - #verbose="-v" - html_head "SSL DTLS $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE" - - testname="ssl_dtls" - value=0 - - echo "${testname}" - -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \\" - echo " -d ${P_R_SERVERDIR} $verbose -U -V tls1.1:tls1.2 -P server -n ${HOSTADDR} -w nss < ${REQUEST_FILE} &" - -- (sleep 2; cat ${REQUEST_FILE}) | ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \ -+ (sleep 2; cat ${REQUEST_FILE}) | ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \ - -d ${P_R_SERVERDIR} $verbose -U -V tls1.1:tls1.2 -P server -n ${HOSTADDR} -w nss 2>&1 & - - PID=$! - - sleep 1 - -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \\" - echo " -d ${P_R_CLIENTDIR} $verbose -U -V tls1.1:tls1.2 -P client -Q ${CLIENT_PW} < ${REQUEST_FILE}" -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ - -d ${P_R_CLIENTDIR} $verbose -U -V tls1.1:tls1.2 -P client -Q ${CLIENT_PW} < ${REQUEST_FILE} 2>&1 - ret=$? - html_msg $ret $value "${testname}" \ - "produced a returncode of $ret, expected is $value" - - kill ${PID} - - html "
" -@@ -1364,19 +1365,19 @@ ssl_scheme() - schemes=("rsa_pkcs1_sha256" "rsa_pss_rsae_sha256" "rsa_pkcs1_sha256,rsa_pss_rsae_sha256") - for sscheme in "${schemes[@]}"; do - for cscheme in "${schemes[@]}"; do - testname="ssl_scheme server='$sscheme' client='$cscheme'" - echo "${testname}" - - start_selfserv -V tls1.2:tls1.2 -J "$sscheme" - -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" - echo " -V tls1.2:tls1.2 -J "$cscheme" ${CLIENT_PW} < ${REQUEST_FILE}" -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ - -d ${P_R_CLIENTDIR} $verbose -V tls1.2:tls1.2 -J "$cscheme" ${CLIENT_PW} < ${REQUEST_FILE} 2>&1 - ret=$? - # If both schemes include just one option and those options don't - # match, then the test should fail; otherwise, assume that it works. - if [ "${cscheme#*,}" = "$cscheme" -a \ - "${sscheme#*,}" = "$sscheme" -a \ - "$cscheme" != "$sscheme" ]; then - expected=254 -@@ -1404,19 +1405,19 @@ ssl_scheme_stress() - schemes=("rsa_pkcs1_sha256" "rsa_pss_rsae_sha256" "rsa_pkcs1_sha256,rsa_pss_rsae_sha256") - for sscheme in "${schemes[@]}"; do - for cscheme in "${schemes[@]}"; do - testname="ssl_scheme server='$sscheme' client='$cscheme'" - echo "${testname}" - - start_selfserv -V tls1.2:tls1.2 -J "$sscheme" - -- echo "strsclnt -4 -q -p ${PORT} -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" -+ echo "strsclnt ${IPVER} -q -p ${PORT} -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" - echo " -V tls1.2:tls1.2 -J "$cscheme" ${HOSTADDR} ${CLIENT_PW} < ${REQUEST_FILE}" -- ${PROFTOOL} ${BINDIR}/strsclnt -4 -q -p ${PORT} ${CLIENT_OPTIONS} \ -+ ${PROFTOOL} ${BINDIR}/strsclnt ${IPVER} -q -p ${PORT} ${CLIENT_OPTIONS} \ - -d ${P_R_CLIENTDIR} $verbose -V tls1.2:tls1.2 -J "$cscheme" ${HOSTADDR} ${CLIENT_PW} < ${REQUEST_FILE} 2>&1 - ret=$? - # If both schemes include just one option and those options don't - # match, then the test should fail; otherwise, assume that it works. - if [ "${cscheme#*,}" = "$cscheme" -a \ - "${sscheme#*,}" = "$sscheme" -a \ - "$cscheme" != "$sscheme" ]; then - expected=1 -@@ -1443,19 +1444,19 @@ ssl_exporter() - save_fileout=${fileout} - fileout=1 - SAVE_SERVEROUTFILE=${SERVEROUTFILE} - SERVEROUTFILE=server.out - exporters=("label" "label:10" "label:10:0xdeadbeef" "0x666f6f2c:10:0xdeadbeef" "label1:10:0xdeadbeef,label2:10") - for exporter in "${exporters[@]}"; do - start_selfserv -V tls1.2:tls1.2 -x "$exporter" - -- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" -+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" - echo " -V tls1.2:tls1.2 -x $exporter ${CLIENT_PW} < ${REQUEST_FILE}" -- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ -+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ - -d ${P_R_CLIENTDIR} $verbose -V tls1.2:tls1.2 -x "$exporter" ${CLIENT_PW} < ${REQUEST_FILE} 2>&1 > client.out - kill_selfserv - diff <(LC_ALL=C grep -A1 "^ *Keying Material:" server.out) \ - <(LC_ALL=C grep -A1 "^ *Keying Material:" client.out) - ret=$? - html_msg $ret 0 "${testname}" \ - "produced a returncode of $ret, expected is 0" - done diff --git a/nss.spec b/nss.spec index 3d625eb..5c0219b 100644 --- a/nss.spec +++ b/nss.spec @@ -1,6 +1,6 @@ %global nss_version 3.79.0 %global nspr_version 4.34.0 -%global baserelease 3 +%global baserelease 4 %global nss_release %baserelease # NOTE: To avoid NVR clashes of nspr* packages: # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when @@ -158,7 +158,7 @@ Patch34: nss-3.71-fix-lto-gtests.patch Patch35: nss-3.71-camellia-pkcs12-doc.patch # patches that expect to be upstreamed -Patch50: nss-3.79-remove-explicit-ipv4.patch +#Patch50: nss-3.79-remove-explicit-ipv4.patch Patch51: nss-3.79-dbtool.patch Patch52: nss-3.79-dont-verify-default.patch Patch53: nss-3.79-fix-client-cert-crash.patch @@ -168,6 +168,7 @@ Patch53: nss-3.79-fix-client-cert-crash.patch Patch100: nspr-config-pc.patch Patch101: nspr-gcc-atomics.patch Patch110: nspr-4.34-fix-coverity-loop-issue.patch +Patch120: nspr-4.34-server-passive.patch # NSS reverse patches @@ -336,6 +337,7 @@ cp ./nspr/config/nspr-config.in ./nspr/config/nspr-config-pc.in pushd nspr %patch101 -p1 -b .gcc-atomics %patch110 -p1 -b .coverity +%patch120 -p1 -b .server-passive popd pushd nss @@ -1142,6 +1144,9 @@ update-crypto-policies &> /dev/null || : %changelog +* Tue Jun 14 2022 Bob Relyea - 3.79.0-4 +- server passive fix + * Sat Jun 11 2022 Bob Relyea - 3.79.0-3 - fix regressions in test suite