Elio Maldonado
65efb2c2f3
Reenable patches required for compatibility on stable fedora branches
...
- Reenable nss-ssl-enforce-no-pkcs11-bypass.path
- Renable nss-ssl-cbc-random-iv-off-by-default.patch
2013-06-23 19:00:21 -07:00
Elio Maldonado
b8273ce04c
Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts
...
- Resolves: rhbz#606020 - nss security tools lack man pages
2013-06-19 20:32:27 -07:00
Elio Maldonado
e36079dd45
Build nss without softoken or util sources in the tree
...
- Resolves: rhbz#689918
2013-06-18 17:45:38 -07:00
Elio Maldonado
41e94360c9
Update ssl-cbc-random-iv-by-default.patch
...
- Added a missing comma
2013-06-17 16:23:06 -07:00
Elio Maldonado
2f66633263
Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config
...
- These were blank in nss-config causing build failures on client paclages
- Reported by Martin Stransky when a xulrunner build failed
2013-06-16 10:07:11 -07:00
Elio Maldonado
f6ec57311f
Update to NSS_3_15_RTM
2013-06-15 12:48:12 -07:00
Elio Maldonado
2249db62a6
Fix incorrect path that hid failed test from view
...
- Add ocsp to the test suites to run but ...
- Temporarily disable the ocsp stapling tests
- Do not treat failed attempts at ssl pkcs11 bypass as fatal errors
2013-04-24 18:46:52 -07:00
Elio Maldonado
2a8c1318ea
Update to NSS_3_15_BETA1
...
- Update spec file, patches, and helper scripts on account of a shallower source tree
- Update the pem sources also to adjust to the sallower source for nss
2013-04-09 16:14:36 -07:00
Kai Engert
59b5d52d9e
* Sun Mar 24 2013 Kai Engert <kaie@redhat.com> - 3.14.3-12
...
- Update expired test certificates (fixed in upstream bug 852781)
2013-03-24 00:28:39 +01:00
Kai Engert
21e8668243
* Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 3.14.3-10
...
- Fix incorrect post/postun scripts. Fix broken links in posttrans.
2013-03-08 23:34:55 +01:00
Kai Engert
7b5d7ea05f
* Wed Mar 06 2013 Kai Engert <kaie@redhat.com> - 3.14.3-9
...
- Configure libnssckbi.so to use the alternatives system
in order to prepare for a drop in replacement.
2013-03-06 00:49:27 +01:00
Elio Maldonado
b03345792c
Update to NSS_3_14_3_RTM
...
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails,
patch contributed by Nalin Dahyabhai
2013-02-17 20:02:37 -08:00
Elio Maldonado
0370142fd0
Add pem module fix, spec file support for AArch64 and document additional fix
...
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output, upstream fix
2013-02-16 15:02:25 -08:00
Elio Maldonado
b3f05b9f44
Update to NSS_3_14_3_RTM
...
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- these changes are in experimental RSA OAEP code currently in a state of flux
- and required for the PEM module to compile with the nss 3.4.3 update
2013-02-15 15:34:49 -08:00
Elio Maldonado
96957e805a
Allow building nss softoken against older sqlite
...
- Adding a patch already applied upstream by Kai Engert
2013-02-04 15:12:54 -08:00
Elio Maldonado
7a7f48e712
Reenable patch to run the freebl tests that were ron as part of the nss-softokn build
...
- continue turning off the ocsp tests
2013-02-01 13:39:03 -08:00
Elio Maldonado
830ee96f85
Update to NSS_3_14_2_RTM
...
- Update the minimum requred versiobs of nspr, nss-util, and nss-softokn
- Remove patch obsoleted by the update and update others
- Restore missing second half of the cbc random iv by default patch
- Restore the freebl tests patch until we build without nsssoftoken
2013-02-01 11:24:15 -08:00
Kai Engert
ca00551ea7
- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM
2013-01-03 19:17:24 +01:00
Elio Maldonado
b13dc44579
Require nspr >= 4.9.4
...
- Fix changelog invalid dates
- Patch highlights nss-softoken tests we plan to disable in upcoming release
2012-12-22 17:50:41 -08:00
Elio Maldonado
5a0d6572e1
Update to NSS_3_14_1_RTM
...
- added a patch to not compile the softoken/freebl tests
- needed due to upstream changes to coreconf
- to be addjusted or removed if patch to enabled building nss without softoken is accepted upstream
2012-12-16 22:25:51 -08:00
Elio Maldonado
edea054ffc
Bug 879978 - Install the nssck.api header template where mod_revocator can access it
...
- Install nssck.api in /usr/includes/nss3/templates, otherwise it won't install
2012-12-11 21:26:58 -08:00
Elio Maldonado
461744f676
Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it
...
- Install nssck.api in /usr/includes/nss3
2012-11-27 21:55:17 -08:00
Elio Maldonado Batiz
6e1a26a079
Resolves: rhbz#870864 - Add support in NSS for Secure Boot
2012-11-19 21:45:58 -08:00
Elio Maldonado
19ad65d608
Disable bypass code at build time and return failure on attempts to enable at runtime
...
- Bug 806588 - Disable SSL PKCS #11 bypass at build time
2012-11-09 17:20:07 -08:00
Elio Maldonado
fef81756fd
Rename the patch to reflect the correct bug number
...
- Renamed: Bug-872838-fix-pk11wrap-locking.patch -> Bug-872124-fix-pk11wrap-locking.patch
- Fixed the reference in spec file
Please enter the commit message for your changes. Lines starting
2012-11-04 22:00:38 -08:00
Elio Maldonado
b5d7c8e158
Fix the last changelog entry and quote the correct bug number.
2012-11-04 17:07:18 -08:00
Elio Maldonado
247ec13766
Fix pk11wrap locking to fix 'fedpkg new-sources' and 'fedpkg update' hangs
...
- Bug 87838 - nss-3.14 causes fedpkg new-sources breakage
- Fix should be considered preliminary since the patch may change upon upstream approval
2012-11-04 15:44:01 -08:00
Elio Maldonado
f2639d5e85
Fix the change log by adding a missing entry
...
- Add missing - * Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5
2012-11-04 15:31:50 -08:00
Elio Maldonado
93eeb31cf1
Add a dummy source file for testing /preventing fedpkg breakage
...
- Helps test the fedpkg new-sources and upload commands for breakage by nss updates
- Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources
2012-11-01 16:07:26 -07:00
Elio Maldonado
e4dd1babb0
Fix a previous unwanted merge from f18
...
- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while
- Keeping the patch disabled while we are still in rawhide and
- State in comment that patch is needed for both stable and beta branches
- Update .gitignore to download only the new sources
2012-11-01 11:36:35 -07:00
Elio Maldonado
edf5ff0634
Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default
...
- Bug 872124 - nss 3.14 breaks fedpkg new-sources
2012-11-01 09:29:38 -07:00
Elio Maldonado
c2e20984e1
Fix the spec file so sechash.h gets installed
...
- Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14
2012-10-31 14:05:29 -07:00
Elio Maldonado
192d1d33fb
Update the license to MPLv2.0
2012-10-27 01:58:29 -04:00
Elio Maldonado
3be7379237
Use only -f when removing unwanted headers
...
- alerted to this flaw by Kamil Dudka
- unneeded as we are only removing headers, not directories, and a dangerous practice
2012-10-24 11:13:25 -07:00
Elio Maldonado
982583d915
Add secmodt.h to the headers installed by nss-devel
...
- nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14
2012-10-23 18:48:54 -04:00
Elio Maldonado
b11609d88a
Update to NSS_3_14_RTM
2012-10-22 14:49:08 -07:00
Elio Maldonado
1f01ab68b1
Update to NSS_3_14_RC1
...
- update nss-589636.patch to apply to httpdserv
- turn off ocsp tests for now
- remove no longer needed patches
- remove headers shipped by nss-util
2012-10-21 20:47:52 -04:00
Kai Engert
53a120c4af
* Fri Oct 05 2012 Kai Engert <kaie@redhat.com> - 3.13.6-1
...
- Update to NSS_3_13_6_RTM
2012-10-06 00:22:39 +02:00
Elio Maldonado
ab9d670692
Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3
...
- Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load
- Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer
- Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix
2012-08-27 16:19:41 -07:00
Elio Maldonado
99a740d2ee
Fix pluggable ecc support
...
- Build nss in three phases
- Phase 1: build softoken, freebl, and util with NSS_ENABLE_ECC unset
- Phase 2: build the rest of nss (muinus bltest and fipstest) with NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITEB set
- Phase 3: build bltest and fipstest with NSS_ENABLE_ECC unset as in phsae 1
2012-08-13 15:05:06 -07:00
Dennis Gilmore
bd7e7ae750
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
2012-07-20 00:20:58 -05:00
Elio Maldonado
f304d0d0cf
Fix checkin comment to prevent unwanted expansions of percents
...
- Done on previous commit but must retag now
2012-07-01 11:42:00 -07:00
Elio Maldonado
18cd8ce5de
Fix the checkin comment to use %%
2012-07-01 11:33:54 -07:00
Elio Maldonado
967fa1be0d
Require nspr 4.9.1
2012-07-01 10:35:21 -07:00
Elio Maldonado
7011f18b86
Enable sha224 portion of powerup selftest when running test suites
...
- That disabling was meant for RHEL-6 wich at time has and older softoken
2012-07-01 10:25:16 -07:00
Elio Maldonado
6b33cec549
Resolves: Bug 830410 - Missing Requires %{?_isa}
...
- Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools
- Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib
2012-07-01 10:13:07 -07:00
Elio Maldonado Batiz
e1a1b3583b
Bug 833529 - revert unwanted change to nss.pc.in
...
- Remove the /nss3 fom Lib: line in nss.pc.in
2012-06-20 21:58:09 -07:00
Elio Maldonado
580fd0d7b9
Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in
2012-06-19 10:55:57 -07:00
Elio Maldonado
a27d98a9ec
Update to 3.13.5
2012-06-18 07:20:04 -07:00
Elio Maldonado
c38003c691
Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3
...
- Fix conributed by Kamil Dudka
2012-04-13 10:10:57 -07:00
Elio Maldonado
41064271a8
Resolves: Bug 805723 - Library needs partial RELRO support added
...
- Patch coreconf/Linux.mk as done on RHEL 6.2
2012-04-08 11:13:29 -07:00
Elio Maldonado
034c16be36
Merge branch 'master' into f17
...
- Update to NSS_3_13_4_RTM
- Update the nss-pem source archive to the latest version
- Remove no longer needed patches
- Resolves: Bug 806043 - use pem files interchangeably in a single process
- Resolves: Bug 806051 - PEM various flaws detected by Coverity
- Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name
2012-04-06 15:26:15 -07:00
Elio Maldonado
5203007534
Update to NSS_3_13_14_RTM
2012-04-06 10:06:51 -07:00
Elio Maldonado
310e64d3c2
Update the nss-pem source archive to the latest version
...
- Resolves: Bug 806043 - use pem files interchangeably in a single process
- Resolves: Bug 806051 - PEM various flaws detected by Coverity
- Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name
- Remove patches obsoleted by the nss and pem updates
2012-04-02 13:34:11 -07:00
Elio Maldonado
c408966515
Require nss-util and nss-softokn at 3.12.4
2012-04-01 17:24:02 -07:00
Elio Maldonado
89045d8452
Update to NSS_3_13.4_BETA1
2012-04-01 16:35:48 -07:00
Elio Maldonado Batiz
51c4dcf0e0
Merge branch 'master' into f17
2012-03-27 15:26:25 -07:00
Elio Maldonado
39b507ea3c
- Resolves: Bug 805723 - Library needs partial RELRO support added
2012-03-21 15:01:07 -07:00
Elio Maldonado
19fee62ac7
Enable the Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
...
- F17 is already aplha, let's treat it as a stable branch
- Todo: Ask communinty members to try turning it on and provide
- feedack on servers and clients that may still be broken.
2012-03-09 18:07:15 -08:00
Elio Maldonado Batiz
7d1bd46bd6
Cleanup the spec file
...
- Add references to the upstream bugs
- Fix typo in Summary for sysinit
2012-03-09 14:40:23 -08:00
Elio Maldonado
3ccc11c806
Pick up fixes from RHEL
...
- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync
- Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update
- Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections
2012-03-07 18:39:32 -08:00
Elio Maldonado Batiz
85a1075a8d
Require nss-softokn 3.13.3 as part of the update to NSS_3_13_3_RTM
2012-03-01 12:48:17 -08:00
Elio Maldonado
ca7f73c317
- Update to NSS_3_13_3_RTM
...
- Keeping the requires on nss-softokn at 3.13.1 temporarily
- Removed nss-ckbi-1.88.rtm.patch which we no longer need due to the update
2012-02-29 19:20:40 -08:00
Tom Callaway
6e9d7578fc
fix gcc47 issue causing xulrunner to ftbfs in rawhide
2012-01-30 17:10:53 -05:00
Elio Maldonado
81470bd3c4
- Resolves: Bug 784672 - nss should protect against being called before nss_Init
2012-01-26 14:56:36 -08:00
Dennis Gilmore
b6f8eca453
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
2012-01-13 05:16:40 -06:00
Elio Maldonado
1f56c5ccc5
- Deactivate a patch currently meant for stable branches only
2012-01-06 16:01:07 -08:00
Elio Maldonado
40928cb8e3
- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity
...
- Set NSS_SSL_CBC_RANDOM_IV to 0 by default and change to 1 on user request
2012-01-06 15:50:45 -08:00
Elio Maldonado
d5f0675cc9
- Revert to using current nss_softokn_version
...
- Patch to deal with lack of sha224 is no longer needed
2011-12-13 14:29:45 -08:00
Elio Maldonado
def217ea25
- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV
2011-12-13 06:54:05 -08:00
Elio Maldonado
543ae9ce83
- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS
...
- Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y
- Only patch blapitest for the lack of sha224 on system freebl
- Completed the patch to make pem link against system freebl
2011-12-12 15:42:30 -08:00
Elio Maldonado
109e79922c
- Drop the Batiz from my name, it confuses people
2011-12-06 16:56:09 -08:00
Elio Maldonado
3fe2df48eb
- Remove reference to obsoleted terminalrecord.patch
2011-12-05 15:54:44 -08:00
Elio Maldonado
f67889f49c
- Fix the missing CERTDB_TERMINAL_RECORD symbol problem
...
- Removed unwanted /usr/include/nss3 in front of the normal cflags include path
- Removed ugly and unnecessary patch dealing with CERTDB_TERMINAL_RECORD
2011-12-05 15:51:15 -08:00
Elio Maldonado
321e446e77
- Bug 75036 Enable usage of nss-3.13.3 with nss-softokn-3.12.x
2011-12-04 23:21:22 -08:00
Elio Maldonado
cb85c9e1da
- Bug 750376 Enable updating nss to 3.13.x while keeping nss-softokn at 3.12.9
...
- Statically link the pem module against system freebl found in buildroot
- Disable sha224-related powerup selftest until we update softokn
- Disable sha224 and rsapss tests which nss-softokn 3.12.x doesn't support
- nss-softokn 3.12.9 was submitted for FIPS 140 minor revalidation
2011-12-04 23:08:24 -08:00
Elio Maldonado
953f3cef9d
- Rebuild with nss-softokn from 3.12 in the buildroot
...
- Allows the pem module to statically link against 3.12.x freebl
- Required for using nss-3.13.x with nss-softokn-3.12.y for a merge into ia new rhel git repo
- Build to be temporarily placed on buildroot override but never pushed to updates-testing
2011-12-02 14:21:08 -08:00
Elio Maldonado
1c8a4130f1
- Merge from master
...
- This is an experimental build to fix Bug 750376
- To be added to the buildroot override but should not be pushed to updates-testing
until the bug has been verified as fixed
2011-11-28 15:37:12 -08:00
Elio Maldonado
0598777c8d
Merge branch 'master' into f16
...
Keeping softokn at 3.12.10 as we are bootstrapping the system
2011-11-07 08:36:10 -08:00
Elio Maldonado
cc7766a55d
- Fix broken dependencies by updating the nss-util and nss-softokn versions
2011-11-04 12:26:07 -07:00
Elio Maldonado
28928af492
- Fix the name of the patch file
2011-11-03 20:44:32 -07:00
Elio Maldonado
4a87b24862
- Update to NSS_3_13_1_RTM
...
- Update builtin certs to those from NSSCKBI_1_88_RTM
2011-11-03 17:21:40 -07:00
Elio Maldonado
7b078b5247
- Update to NSS_3_13_RTM
2011-10-15 20:24:39 -07:00
Elio Maldonado
bc4ac545c9
- Update to NSS_3_13_RC0
...
- Adjust patches to new sources
- Remove builtin patch which isn't needed due to the update
- update sources
2011-10-08 12:04:26 -07:00
Elio Maldonado
3586aff4e7
- Fix attempt to free initialized pointer ( #717338 )
...
- Fix leak on pem_CreateObject when given non-existing file name (#734760 )
- Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410 )
2011-09-14 12:28:24 -07:00
Kai Engert
a1e61fa589
NSSCKBI_1_87_RTM
2011-09-06 22:51:08 +02:00
Kai Engert
c26c5b1326
NSSCKBI_1_87_RTM
2011-09-06 22:48:46 +02:00
Elio Maldonado
d7c5a94ba8
- Update to NSS_3_12_11_RTM
2011-08-09 18:31:35 -07:00
Elio Maldonado
a7fb38e80b
- Indicate the provenance of stripped source tarball ( #688015 )
...
- Add the code stripping script to the sources
2011-07-23 20:16:38 -07:00
Michael Schwendt
e2ce6e022c
Provide virtual -static package to meet guidelines ( #609612 ).
2011-06-27 20:17:03 +02:00
Elio Maldonado
5c50a33200
- Enable pluggable ecc support ( #712556 )
...
- Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045 )
2011-06-11 18:05:04 -07:00
Dennis Gilmore
321ca50d42
fix typo in date
2011-05-20 09:09:41 -05:00
Dennis Gilmore
7232ae1bc7
make the test suite non fatal on arm arches
2011-05-20 09:07:45 -05:00
Elio Maldonado
c409805d45
- Fix crmf hard-coded maximum size for wrapped private keys ( #703658 )
...
- Use the safer bound off
- ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS
- which will accomodate other algorithms
2011-05-17 09:07:55 -07:00
Elio Maldonado
656b5456ab
- Update to NSS_3_12_10_RTM
2011-05-06 14:53:40 -07:00
Elio Maldonado
976de5ebbe
- Update to NSS_3_12_10_BETA1
...
- Update nss-539183.patch for new 3.12.10 sources
2011-04-27 18:05:46 -07:00
Elio Maldonado
6e1b6bdc24
- Implement PEM logging using NSPR's own ( #695011 )
2011-04-12 11:53:46 -07:00
Elio Maldonado
4a912ae4d0
Fix the tag name in changelog comment
2011-03-23 15:17:21 -07:00
Elio Maldonado
0b0026515f
- Update to NSS_3.12.9_WITH_CKPI_1_82_RTM
2011-03-23 15:13:45 -07:00
Elio Maldonado
c40f16fc52
Bug 539183 - Short-term fix for ssl test suites hangs on ipv6 type connections
...
Change selfserv to use a dual-stack IPv6 listening socket, which can accept
connections from both IPv4 and IPv6 clients. NSPR's IPv6 sockets have the
IPV6_V6ONLY socket option default to false.
2011-02-24 15:05:17 -08:00