From fa84af3e0651e2744fa4dea9d7875a6190854d9d Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Wed, 4 Sep 2019 06:31:06 +0200 Subject: [PATCH] Require NSPR 4.22 --- nss-skip-tls13-fips.patch | 27 --------------------------- nss.spec | 6 ++---- 2 files changed, 2 insertions(+), 31 deletions(-) delete mode 100644 nss-skip-tls13-fips.patch diff --git a/nss-skip-tls13-fips.patch b/nss-skip-tls13-fips.patch deleted file mode 100644 index 4a7c707..0000000 --- a/nss-skip-tls13-fips.patch +++ /dev/null @@ -1,27 +0,0 @@ -# HG changeset patch -# User Daiki Ueno -# Date 1558341826 -7200 -# Mon May 20 10:43:46 2019 +0200 -# Node ID b447f0046807b718d2928d0e33313620d38a287a -# Parent 02ea5f29ac3c1f1c6e6eb4b655afd9b4fc075a9e -tests: skip TLS 1.3 tests under FIPS mode - -diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh ---- a/tests/ssl/ssl.sh -+++ b/tests/ssl/ssl.sh -@@ -393,6 +393,15 @@ ssl_auth() - echo "${testname}" | grep "TLS 1.3" > /dev/null - TLS13=$? - -+ # Currently TLS 1.3 tests are known to fail under FIPS mode, -+ # because HKDF is implemented using the PKCS #11 functions -+ # prohibited under FIPS mode. -+ if [ "${TLS13}" -eq 0 ] && \ -+ [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then -+ echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" -+ continue -+ fi -+ - if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then - echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" - elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then diff --git a/nss.spec b/nss.spec index ec5f0d9..191359c 100644 --- a/nss.spec +++ b/nss.spec @@ -1,4 +1,4 @@ -%global nspr_version 4.21.0 +%global nspr_version 4.22.0 %global nss_version 3.46.0 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global saved_files_dir %{_libdir}/nss/saved @@ -43,7 +43,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM", Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 1%{?dist} +Release: 2%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Requires: nspr >= %{nspr_version} @@ -105,8 +105,6 @@ Patch2: nss-539183.patch # Once the buildroot aha been bootstrapped the patch may be removed # but it doesn't hurt to keep it. Patch4: iquote.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1552767 -Patch5: nss-skip-tls13-fips.patch %description Network Security Services (NSS) is a set of libraries designed to