Commit Graph

484 Commits

Author SHA1 Message Date
Tom Callaway
8025e7be74 fix license handling 2014-07-18 18:52:34 -04:00
Elio Maldonado
fd6a1f2171 Update to nss-3.16.2
- Resolves: Bug 1114319 - nss-3.16.2 is available
- Remove no longer needed patch
2014-06-29 10:50:40 -07:00
Elio Maldonado
60816050f2 Remove unwanted source directories at the end of %prep so it truly does it
- Skip the cipher suite already run as part of the nss-softokn build
- Brings spec file fixes already approved and applied on rhel-6.6
2014-06-15 10:28:18 -07:00
Dennis Gilmore
296fce6af9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 10:09:47 -05:00
Jaromir Capik
f94fcb299b Replacing ppc64 and ppc64le with the power64 macro
- Related: Bug 1052545 - Trivial change for ppc64le in nss spec
2014-05-12 20:09:13 +02:00
Elio Maldonado
4d04992e9a Update to nss-3.16.1
- Update the iquote patch on account of the rebase
- Improve error detection in the %section
- Resolves: Bug 1094702 - nss-3.16.1 is available
2014-05-06 09:32:26 -07:00
Elio Maldonado
37a942df5c Require nspr-4.10.4 2014-03-19 08:45:26 -07:00
Elio Maldonado
0834927548 Update to nss-3.16.0
- Cleanup the copying of the tools man pages
- Update the iquote.patch on account of the rebase
2014-03-18 17:27:02 -07:00
Elio Maldonado
8b13702a67 Restore requiring nss_softokn_version >= 3.15.5 2014-03-04 07:33:25 -08:00
Elio Maldonado
4f24d9e6c9 Remove reference to a patch that we aren't yet ready to apply. 2014-02-23 19:02:24 -08:00
Elio Maldonado
23d7297fce Temporarily requiring only nss_softokn_version >= 3.15.4
- This until a koji build environment prprobmem which that causes i686 nss-softokn builds
- to fail is resolved
- nss-softokn-3.15.5 has the same code as nss-softokn-3.15.4
2014-02-23 18:55:11 -08:00
Elio Maldonado
9b8380a073 Update to nss-3.15.5
- Fix location of sharedb files and their manpages
- Move cert9.db, key4.db, and pkcs11.txt to the main package
- Move nss-sysinit manpages tar archives to the main package
- Resolves: Bug 1066877 - nss-3.15.5 is available
- Resolves: Bug 1067091 - Move sharedb files to the %files section
2014-02-19 13:28:37 -08:00
Elio Maldonado
4c076bc0cd Revert previous change that moved some sysinit manpages
- Restore nss-sysinit manpages tar archives to %files sysinit
- Removing spurious wildcard entry was the only change needed
2014-02-06 15:33:20 -08:00
Elio Maldonado
4fb9d07b7f Add explanatory comments for iquote.patch as was done on f20
- The reason for this running patch is far from obvious.
- Helps code reviwers as the patch sometimes needs updating
- when doing rebases to nss that introduce new functions.
2014-01-27 07:51:27 -08:00
Elio Maldonado
a25fc11743 Update pem sources to latest from nss-pem upstream
- Update picks up pem fixes verified on RHEL and applied upstream
- Fix a problem where same files in two rpms created rpm conflict
- Reported at https://bugzilla.redhat.com/show_bug.cgi?id=1050163
- Move some nss-sysinit manpages tar archives to the %files the
- All man pages are listed by name so there shouldn't be wildcard inclusion
- Add support for ppc64le, Resolves: Bug 1052545
2014-01-25 10:57:37 -08:00
Peter Robinson
5d65d327f1 ARM tests pass so remove ARM conditional 2014-01-20 18:48:37 +00:00
Elio Maldonado
7285eaab48 Regenerated pem patch to be suitable for submission to interim upstream pem 2014-01-08 10:24:30 -08:00
Elio Maldonado
569d439b91 Update two patches due to upstream changes
- Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken
- Update iquote.patch on account of upstream changes
- Resolves: Bug 1049229 - nss-3.15.4 is available
2014-01-07 13:48:44 -08:00
Elio Maldonado
aae9602c01 Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM)
- Resolves: Bug 1049229 - nss-3.15.4 is available
- Update pem sources to latest from the interim upstream for pem
- Remove no longer needed patches
2014-01-07 06:13:53 -08:00
Elio Maldonado
b5567867a7 - Resolves: Bug 1040192 - nss-3.15.3.1 is available 2013-12-11 10:41:54 -08:00
Elio Maldonado
4f6555074f Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM)
- Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA
2013-117)
2013-12-11 08:37:47 -08:00
Elio Maldonado
f37654e052 Bump the release tag 2013-12-03 14:12:35 -08:00
Elio Maldonado
49e209f91d Install symlink to setup-nsssysinit.sh, without the ".sh" suffix, that matches the man page documentation 2013-11-26 14:15:45 -08:00
Elio Maldonado
67a7a21b0e Update to NSS_3_15_3_RTM
- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws
- Fix option descriptions for setup-nsssysinit manpage
- Fix man page of nss-sysinit wrong path and other flaws
- Document email option for certutil manpage
- Remove unused patches
2013-11-26 10:36:24 -08:00
Elio Maldonado
658733b0d3 Bump the minimum required verion of nss-util and nss-softokn to 3.15.3 2013-11-23 21:06:02 -08:00
Elio Maldonado
db7fe53123 Update to NSS_3_15_3_RTM
- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws
- Fix option descriptions for setup-nsssysinit manpage
2013-11-23 20:47:19 -08:00
Elio Maldonado
a6a13f1a66 Bump the release tag 2013-10-27 11:04:28 -07:00
Elio Maldonado
4b2b74e5e0 Revert one change from last commit to preserve full nss pluggable ecc supprt 2013-10-27 11:00:35 -07:00
Elio Maldonado
74d9e91174 Remove obsolete NSS_ECC_MORE_THAN_SUITE_B=1 export. It has no effect. 2013-10-23 11:38:39 -07:00
Elio Maldonado
306dd778f4 Use the full sources from upstream
- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird
2013-10-23 09:53:20 -07:00
Elio Maldonado
9b70717281 - Update to NSS_3_15_2_RTM
- Update iquote.patch on account of modified prototype on cert.h installed by nss-devel
- On CERT_GetKeyType a const qualifier was added to the input parameter and this we must include
- the cert.h from the build tree intead of the one in system/buildroot which is not up to date yet
2013-09-27 11:32:01 -07:00
Elio Maldonado
8f6f357e88 Update to NSS_3_15_2_RTM 2013-09-27 09:50:45 -07:00
Elio Maldonado
33f25f5720 Fix the release tag to be Release: 7%{?dist} 2013-08-28 15:08:50 -07:00
Elio Maldonado
da85237ace Update pem sources to pick up a patch applied upstream which a faulty merge had missed
- The pem module should not require unique file basenames
2013-08-28 12:59:23 -07:00
Elio Maldonado
1c902d0023 Fix the version of nss-pem source tar ball to use 2013-08-27 21:17:53 -07:00
Elio Maldonado
2c648570aa Update pem sources to the latest from interim upstream 2013-08-27 21:08:54 -07:00
Elio Maldonado
b4e6e308a6 Resolves: rhbz#996639 - Minor bugs in nss man pages
- Fix some typos and improve description and see also sections
2013-08-19 11:56:32 -07:00
Elio Maldonado
5761e30a94 Cleanup spec file to address most rpmlint errors and warnings
- Using double percent symbols to fix macro-in-comment warnings
- Ignore unversioned-explicit-provides nss-system-init per spec comments
- Ignore invalid-url Source0 as it comes from the git lookaside cache
- Ignore invalid-url Source12 as it comes from the git lookaside cache
2013-08-11 12:16:20 -07:00
Elio Maldonado
3888f3b230 Add man page for pkcs11.txt configuration file and cert and key databases
- Resolves: rhbz#985114 - Provide man pages for the nss configuration files
2013-07-25 14:21:44 -07:00
Elio Maldonado
8ae46fa97f Fix errors in the man pages
- Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util
- Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit
2013-07-19 10:42:57 -07:00
Elio Maldonado
cf4a750103 Update to NSS_3_15_1_RTM
- Enable the iquote.patch to access newly introduced types
- New types and constants added to sslprot.h, sslerr.h, and sslt.h require thhe in-tree headers to be picked up first
2013-07-02 15:15:25 -07:00
Elio Maldonado
8943f1ad54 Update to NSS_3_15_RTM 2013-07-02 13:44:44 -07:00
Elio Maldonado
efdced7007 Revert "Reenable patches required for compatibility on stable fedora branches"
This reverts commit 65efb2c2f3.
That commit wasn't untended for this branch
2013-06-23 19:39:13 -07:00
Elio Maldonado
65efb2c2f3 Reenable patches required for compatibility on stable fedora branches
- Reenable nss-ssl-enforce-no-pkcs11-bypass.path
- Renable nss-ssl-cbc-random-iv-off-by-default.patch
2013-06-23 19:00:21 -07:00
Elio Maldonado
b8273ce04c Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts
- Resolves: rhbz#606020 - nss security tools lack man pages
2013-06-19 20:32:27 -07:00
Elio Maldonado
e36079dd45 Build nss without softoken or util sources in the tree
- Resolves: rhbz#689918
2013-06-18 17:45:38 -07:00
Elio Maldonado
41e94360c9 Update ssl-cbc-random-iv-by-default.patch
- Added a missing comma
2013-06-17 16:23:06 -07:00
Elio Maldonado
2f66633263 Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config
- These were blank in nss-config causing build failures on client paclages
- Reported by Martin Stransky when a xulrunner build failed
2013-06-16 10:07:11 -07:00
Elio Maldonado
f6ec57311f Update to NSS_3_15_RTM 2013-06-15 12:48:12 -07:00
Elio Maldonado
2249db62a6 Fix incorrect path that hid failed test from view
- Add ocsp to the test suites to run but ...
- Temporarily disable the ocsp stapling tests
- Do not treat failed attempts at ssl pkcs11 bypass as fatal errors
2013-04-24 18:46:52 -07:00
Elio Maldonado
2a8c1318ea Update to NSS_3_15_BETA1
- Update spec file, patches, and helper scripts on account of a shallower source tree
- Update the pem sources also to adjust to the sallower source for nss
2013-04-09 16:14:36 -07:00
Kai Engert
59b5d52d9e * Sun Mar 24 2013 Kai Engert <kaie@redhat.com> - 3.14.3-12
- Update expired test certificates (fixed in upstream bug 852781)
2013-03-24 00:28:39 +01:00
Kai Engert
21e8668243 * Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 3.14.3-10
- Fix incorrect post/postun scripts. Fix broken links in posttrans.
2013-03-08 23:34:55 +01:00
Kai Engert
7b5d7ea05f * Wed Mar 06 2013 Kai Engert <kaie@redhat.com> - 3.14.3-9
- Configure libnssckbi.so to use the alternatives system
  in order to prepare for a drop in replacement.
2013-03-06 00:49:27 +01:00
Elio Maldonado
b03345792c Update to NSS_3_14_3_RTM
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails,
  patch contributed by Nalin Dahyabhai
2013-02-17 20:02:37 -08:00
Elio Maldonado
0370142fd0 Add pem module fix, spec file support for AArch64 and document additional fix
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output, upstream fix
2013-02-16 15:02:25 -08:00
Elio Maldonado
b3f05b9f44 Update to NSS_3_14_3_RTM
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- these changes are in experimental RSA OAEP code currently in a state of flux
- and required for the PEM module to compile with the nss 3.4.3 update
2013-02-15 15:34:49 -08:00
Elio Maldonado
96957e805a Allow building nss softoken against older sqlite
- Adding a patch already applied upstream by Kai Engert
2013-02-04 15:12:54 -08:00
Elio Maldonado
7a7f48e712 Reenable patch to run the freebl tests that were ron as part of the nss-softokn build
- continue turning off the ocsp tests
2013-02-01 13:39:03 -08:00
Elio Maldonado
830ee96f85 Update to NSS_3_14_2_RTM
- Update the minimum requred versiobs of nspr, nss-util, and nss-softokn
- Remove patch obsoleted by the update and update others
- Restore missing second half of the cbc random iv by default patch
- Restore the freebl tests patch until we build without nsssoftoken
2013-02-01 11:24:15 -08:00
Kai Engert
ca00551ea7 - Update to NSS_3_14_1_WITH_CKBI_1_93_RTM 2013-01-03 19:17:24 +01:00
Elio Maldonado
b13dc44579 Require nspr >= 4.9.4
- Fix changelog invalid dates
- Patch highlights nss-softoken tests we plan to disable in upcoming release
2012-12-22 17:50:41 -08:00
Elio Maldonado
5a0d6572e1 Update to NSS_3_14_1_RTM
- added a patch to not compile the softoken/freebl tests
- needed due to upstream changes to coreconf
- to be addjusted or removed if patch to enabled building nss without softoken is accepted upstream
2012-12-16 22:25:51 -08:00
Elio Maldonado
edea054ffc Bug 879978 - Install the nssck.api header template where mod_revocator can access it
- Install nssck.api in /usr/includes/nss3/templates, otherwise it won't install
2012-12-11 21:26:58 -08:00
Elio Maldonado
461744f676 Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it
- Install nssck.api in /usr/includes/nss3
2012-11-27 21:55:17 -08:00
Elio Maldonado Batiz
6e1a26a079 Resolves: rhbz#870864 - Add support in NSS for Secure Boot 2012-11-19 21:45:58 -08:00
Elio Maldonado
19ad65d608 Disable bypass code at build time and return failure on attempts to enable at runtime
- Bug 806588 - Disable SSL PKCS #11 bypass at build time
2012-11-09 17:20:07 -08:00
Elio Maldonado
fef81756fd Rename the patch to reflect the correct bug number
- Renamed: Bug-872838-fix-pk11wrap-locking.patch -> Bug-872124-fix-pk11wrap-locking.patch
- Fixed the reference in spec file

Please enter the commit message for your changes. Lines starting
2012-11-04 22:00:38 -08:00
Elio Maldonado
b5d7c8e158 Fix the last changelog entry and quote the correct bug number. 2012-11-04 17:07:18 -08:00
Elio Maldonado
247ec13766 Fix pk11wrap locking to fix 'fedpkg new-sources' and 'fedpkg update' hangs
- Bug 87838 - nss-3.14 causes fedpkg new-sources breakage
- Fix should be considered preliminary since the patch may change upon upstream approval
2012-11-04 15:44:01 -08:00
Elio Maldonado
f2639d5e85 Fix the change log by adding a missing entry
- Add missing - * Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5
2012-11-04 15:31:50 -08:00
Elio Maldonado
93eeb31cf1 Add a dummy source file for testing /preventing fedpkg breakage
- Helps test the fedpkg new-sources and upload commands for breakage by nss updates
- Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources
2012-11-01 16:07:26 -07:00
Elio Maldonado
e4dd1babb0 Fix a previous unwanted merge from f18
- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while
- Keeping the patch disabled while we are still in rawhide and
- State in comment that patch is needed for both stable and beta branches
- Update .gitignore to download only the new sources
2012-11-01 11:36:35 -07:00
Elio Maldonado
edf5ff0634 Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default
- Bug 872124 - nss 3.14 breaks fedpkg new-sources
2012-11-01 09:29:38 -07:00
Elio Maldonado
c2e20984e1 Fix the spec file so sechash.h gets installed
- Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14
2012-10-31 14:05:29 -07:00
Elio Maldonado
192d1d33fb Update the license to MPLv2.0 2012-10-27 01:58:29 -04:00
Elio Maldonado
3be7379237 Use only -f when removing unwanted headers
- alerted to this flaw by Kamil Dudka
- unneeded as we are only removing headers, not directories, and a dangerous practice
2012-10-24 11:13:25 -07:00
Elio Maldonado
982583d915 Add secmodt.h to the headers installed by nss-devel
- nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14
2012-10-23 18:48:54 -04:00
Elio Maldonado
b11609d88a Update to NSS_3_14_RTM 2012-10-22 14:49:08 -07:00
Elio Maldonado
1f01ab68b1 Update to NSS_3_14_RC1
- update nss-589636.patch to apply to httpdserv
- turn off ocsp tests for now
- remove no longer needed patches
- remove headers shipped by nss-util
2012-10-21 20:47:52 -04:00
Kai Engert
53a120c4af * Fri Oct 05 2012 Kai Engert <kaie@redhat.com> - 3.13.6-1
- Update to NSS_3_13_6_RTM
2012-10-06 00:22:39 +02:00
Elio Maldonado
ab9d670692 Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3
- Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load
- Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer
- Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix
2012-08-27 16:19:41 -07:00
Elio Maldonado
99a740d2ee Fix pluggable ecc support
- Build nss in three phases
- Phase 1: build softoken, freebl, and util with NSS_ENABLE_ECC unset
- Phase 2: build the rest of nss (muinus bltest and fipstest) with NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITEB set
- Phase 3: build bltest and fipstest with NSS_ENABLE_ECC unset as in phsae 1
2012-08-13 15:05:06 -07:00
Dennis Gilmore
bd7e7ae750 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-20 00:20:58 -05:00
Elio Maldonado
f304d0d0cf Fix checkin comment to prevent unwanted expansions of percents
- Done on previous commit but must retag now
2012-07-01 11:42:00 -07:00
Elio Maldonado
18cd8ce5de Fix the checkin comment to use %% 2012-07-01 11:33:54 -07:00
Elio Maldonado
967fa1be0d Require nspr 4.9.1 2012-07-01 10:35:21 -07:00
Elio Maldonado
7011f18b86 Enable sha224 portion of powerup selftest when running test suites
- That disabling was meant for RHEL-6 wich at time has and older softoken
2012-07-01 10:25:16 -07:00
Elio Maldonado
6b33cec549 Resolves: Bug 830410 - Missing Requires %{?_isa}
- Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools
- Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib
2012-07-01 10:13:07 -07:00
Elio Maldonado Batiz
e1a1b3583b Bug 833529 - revert unwanted change to nss.pc.in
- Remove the /nss3 fom Lib: line in nss.pc.in
2012-06-20 21:58:09 -07:00
Elio Maldonado
580fd0d7b9 Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in 2012-06-19 10:55:57 -07:00
Elio Maldonado
a27d98a9ec Update to 3.13.5 2012-06-18 07:20:04 -07:00
Elio Maldonado
c38003c691 Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3
- Fix conributed by Kamil Dudka
2012-04-13 10:10:57 -07:00
Elio Maldonado
41064271a8 Resolves: Bug 805723 - Library needs partial RELRO support added
- Patch coreconf/Linux.mk as done on RHEL 6.2
2012-04-08 11:13:29 -07:00
Elio Maldonado
034c16be36 Merge branch 'master' into f17
- Update to NSS_3_13_4_RTM
- Update the nss-pem source archive to the latest version
- Remove no longer needed patches
- Resolves: Bug 806043 - use pem files interchangeably in a single process
- Resolves: Bug 806051 - PEM various flaws detected by Coverity
- Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name
2012-04-06 15:26:15 -07:00
Elio Maldonado
5203007534 Update to NSS_3_13_14_RTM 2012-04-06 10:06:51 -07:00
Elio Maldonado
310e64d3c2 Update the nss-pem source archive to the latest version
- Resolves: Bug 806043 - use pem files interchangeably in a single process
- Resolves: Bug 806051 - PEM various flaws detected by Coverity
- Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name
- Remove patches obsoleted by the nss and pem updates
2012-04-02 13:34:11 -07:00
Elio Maldonado
c408966515 Require nss-util and nss-softokn at 3.12.4 2012-04-01 17:24:02 -07:00
Elio Maldonado
89045d8452 Update to NSS_3_13.4_BETA1 2012-04-01 16:35:48 -07:00
Elio Maldonado Batiz
51c4dcf0e0 Merge branch 'master' into f17 2012-03-27 15:26:25 -07:00
Elio Maldonado
39b507ea3c - Resolves: Bug 805723 - Library needs partial RELRO support added 2012-03-21 15:01:07 -07:00
Elio Maldonado
19fee62ac7 Enable the Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
- F17 is already aplha, let's treat it as a stable branch
- Todo: Ask communinty members to try turning it on and provide
- feedack on servers and clients that may still be broken.
2012-03-09 18:07:15 -08:00
Elio Maldonado Batiz
7d1bd46bd6 Cleanup the spec file
- Add references to the upstream bugs
- Fix typo in Summary for sysinit
2012-03-09 14:40:23 -08:00
Elio Maldonado
3ccc11c806 Pick up fixes from RHEL
- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync
- Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update
- Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections
2012-03-07 18:39:32 -08:00
Elio Maldonado Batiz
85a1075a8d Require nss-softokn 3.13.3 as part of the update to NSS_3_13_3_RTM 2012-03-01 12:48:17 -08:00
Elio Maldonado
ca7f73c317 - Update to NSS_3_13_3_RTM
- Keeping the requires on nss-softokn at 3.13.1 temporarily
- Removed nss-ckbi-1.88.rtm.patch which we no longer need due to the update
2012-02-29 19:20:40 -08:00
Tom Callaway
6e9d7578fc fix gcc47 issue causing xulrunner to ftbfs in rawhide 2012-01-30 17:10:53 -05:00
Elio Maldonado
81470bd3c4 - Resolves: Bug 784672 - nss should protect against being called before nss_Init 2012-01-26 14:56:36 -08:00
Dennis Gilmore
b6f8eca453 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-13 05:16:40 -06:00
Elio Maldonado
1f56c5ccc5 - Deactivate a patch currently meant for stable branches only 2012-01-06 16:01:07 -08:00
Elio Maldonado
40928cb8e3 - Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity
- Set NSS_SSL_CBC_RANDOM_IV to 0 by default and change to 1 on user request
2012-01-06 15:50:45 -08:00
Elio Maldonado
d5f0675cc9 - Revert to using current nss_softokn_version
- Patch to deal with lack of sha224 is no longer needed
2011-12-13 14:29:45 -08:00
Elio Maldonado
def217ea25 - Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV 2011-12-13 06:54:05 -08:00
Elio Maldonado
543ae9ce83 - Resolves: Bug 750376 - nss 3.13 breaks sssd TLS
- Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y
- Only patch blapitest for the lack of sha224 on system freebl
- Completed the patch to make pem link against system freebl
2011-12-12 15:42:30 -08:00
Elio Maldonado
109e79922c - Drop the Batiz from my name, it confuses people 2011-12-06 16:56:09 -08:00
Elio Maldonado
3fe2df48eb - Remove reference to obsoleted terminalrecord.patch 2011-12-05 15:54:44 -08:00
Elio Maldonado
f67889f49c - Fix the missing CERTDB_TERMINAL_RECORD symbol problem
- Removed unwanted /usr/include/nss3 in front of the normal cflags include path
- Removed ugly and unnecessary patch dealing with CERTDB_TERMINAL_RECORD
2011-12-05 15:51:15 -08:00
Elio Maldonado
321e446e77 - Bug 75036 Enable usage of nss-3.13.3 with nss-softokn-3.12.x 2011-12-04 23:21:22 -08:00
Elio Maldonado
cb85c9e1da - Bug 750376 Enable updating nss to 3.13.x while keeping nss-softokn at 3.12.9
- Statically link the pem module against system freebl found in buildroot
- Disable sha224-related powerup selftest until we update softokn
- Disable sha224 and rsapss tests which nss-softokn 3.12.x doesn't support
- nss-softokn 3.12.9 was submitted for FIPS 140 minor revalidation
2011-12-04 23:08:24 -08:00
Elio Maldonado
953f3cef9d - Rebuild with nss-softokn from 3.12 in the buildroot
- Allows the pem module to statically link against 3.12.x freebl
- Required for using nss-3.13.x with nss-softokn-3.12.y for a merge into ia new rhel git repo
- Build to be temporarily placed on buildroot override but never pushed to updates-testing
2011-12-02 14:21:08 -08:00
Elio Maldonado
1c8a4130f1 - Merge from master
- This is an experimental build to fix Bug 750376
- To be added to the buildroot override but should not be pushed to updates-testing
  until the bug has been verified as fixed
2011-11-28 15:37:12 -08:00
Elio Maldonado
0598777c8d Merge branch 'master' into f16
Keeping softokn at 3.12.10 as we are bootstrapping the system
2011-11-07 08:36:10 -08:00
Elio Maldonado
cc7766a55d - Fix broken dependencies by updating the nss-util and nss-softokn versions 2011-11-04 12:26:07 -07:00
Elio Maldonado
28928af492 - Fix the name of the patch file 2011-11-03 20:44:32 -07:00
Elio Maldonado
4a87b24862 - Update to NSS_3_13_1_RTM
- Update builtin certs to those from NSSCKBI_1_88_RTM
2011-11-03 17:21:40 -07:00
Elio Maldonado
7b078b5247 - Update to NSS_3_13_RTM 2011-10-15 20:24:39 -07:00
Elio Maldonado
bc4ac545c9 - Update to NSS_3_13_RC0
- Adjust patches to new sources
- Remove builtin patch which isn't needed due to the update
- update sources
2011-10-08 12:04:26 -07:00
Elio Maldonado
3586aff4e7 - Fix attempt to free initialized pointer (#717338)
- Fix leak on pem_CreateObject when given non-existing file name (#734760)
- Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)
2011-09-14 12:28:24 -07:00
Kai Engert
a1e61fa589 NSSCKBI_1_87_RTM 2011-09-06 22:51:08 +02:00
Kai Engert
c26c5b1326 NSSCKBI_1_87_RTM 2011-09-06 22:48:46 +02:00
Elio Maldonado
d7c5a94ba8 - Update to NSS_3_12_11_RTM 2011-08-09 18:31:35 -07:00
Elio Maldonado
a7fb38e80b - Indicate the provenance of stripped source tarball (#688015)
- Add the code stripping script to the sources
2011-07-23 20:16:38 -07:00
Michael Schwendt
e2ce6e022c Provide virtual -static package to meet guidelines (#609612). 2011-06-27 20:17:03 +02:00
Elio Maldonado
5c50a33200 - Enable pluggable ecc support (#712556)
- Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)
2011-06-11 18:05:04 -07:00
Dennis Gilmore
321ca50d42 fix typo in date 2011-05-20 09:09:41 -05:00
Dennis Gilmore
7232ae1bc7 make the test suite non fatal on arm arches 2011-05-20 09:07:45 -05:00
Elio Maldonado
c409805d45 - Fix crmf hard-coded maximum size for wrapped private keys (#703658)
- Use the safer bound off
- ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS
- which will accomodate other algorithms
2011-05-17 09:07:55 -07:00
Elio Maldonado
656b5456ab - Update to NSS_3_12_10_RTM 2011-05-06 14:53:40 -07:00
Elio Maldonado
976de5ebbe - Update to NSS_3_12_10_BETA1
- Update nss-539183.patch for new 3.12.10 sources
2011-04-27 18:05:46 -07:00
Elio Maldonado
6e1b6bdc24 - Implement PEM logging using NSPR's own (#695011) 2011-04-12 11:53:46 -07:00
Elio Maldonado
4a912ae4d0 Fix the tag name in changelog comment 2011-03-23 15:17:21 -07:00
Elio Maldonado
0b0026515f - Update to NSS_3.12.9_WITH_CKPI_1_82_RTM 2011-03-23 15:13:45 -07:00
Elio Maldonado
c40f16fc52 Bug 539183 - Short-term fix for ssl test suites hangs on ipv6 type connections
Change selfserv to use a dual-stack IPv6 listening socket, which can accept
connections from both IPv4 and IPv6 clients.  NSPR's IPv6 sockets have the
IPV6_V6ONLY socket option default to false.
2011-02-24 15:05:17 -08:00
Elio Maldonado
ab4de6fd80 - Add to pkcs11-devel a requires on nss-softokn-freebl-freebl (#675196)
- This is needed because the latter now owns headers that pkcs11-devel depends on.
2011-02-18 13:09:28 -08:00
Elio Maldonado
87fcbd4706 - Run the test suites in the check section (#677809) 2011-02-15 20:20:54 -08:00
Elio Maldonado
882fcb9fcf Fix fips mode switch handling bug detected while running JSS tests
Fix NSS to swap the internal key slot on fips mode switches
Fix white space usage in cpp reserved words patch per reviewer request
2011-02-11 07:56:25 -08:00
Elio Maldonado
4c53349943 - Fix cms headers to not use c++ reserved words (#676036)
- Reenabling Bug 499444 patches
2011-02-10 11:58:38 -08:00
Elio Maldonado
a2f2732911 Temorarily revert patches for 499444 until all c++ reserved words are found and extirpated 2011-02-08 17:26:32 -08:00
Dennis Gilmore
114f631980 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 19:07:37 -06:00
Elio Maldonado
cab275f8b6 - Fix cms header to not use c++ reserved word (#676036)
- Reenable patches for bug 499444
2011-02-08 11:48:11 -08:00
Christopher Aillon
40064d5204 Revert patches for 499444
since they use a C++ reserved word and cause compilation of Firefox to fail
2011-02-08 09:39:11 -08:00
Elio Maldonado
1850759856 - Fix the earlier infinite recursion patch (#499444)
- Remove a header that now nss-softokn-freebl-devel ships
2011-02-04 15:20:54 -08:00
Elio Maldonado
453276ca4d Fix infinite recursion when encoding NSS enveloped/digested data (#499444)
Add support in CMS for content types other than S/MIME
2011-02-01 16:13:13 -08:00
Elio Maldonado
f76d0921cd Bug 633043: Update the patch to implement upstream review requests. 2011-01-31 13:04:01 -08:00
Elio Maldonado
5f7dfcf00d Update the cacert trust patch per upstream review (#633043)
- Add comments to the new internal functions
- Rename macro to better reflect purpose and fix typos
- Patch matches the code as checked in upstream
2011-01-26 10:59:29 -08:00
Elio Maldonado
612496b72d Bug 633043 - nss trusts certificates it shouldn't, fixed
- Add patch to honor the user's cert trust preferences (#633043)
- Rename nss-sysinit-fix-trustorder.patch honor-user-trust-preferences.patch
- Remove nss-sysinit-userdb-first.patch, it's obsoleted by current patch
2011-01-22 09:39:22 -08:00
Elio Maldonado
d7e6ef54a1 Update to 3.12.9 2011-01-12 17:46:43 -08:00
Elio Maldonado
fa715a1966 - Follow the fedora pre-release package naming guidelines
- Using the nss-3.12.9-stripped.tar.bz source tar ball
2010-12-27 10:55:39 -08:00
Elio Maldonado
9cfe30c547 - Update to NSS_3_12_9_BETA2
- Fix libpnsspem crash when cacert dir contains other directories (#642433)
- Remove unused-patch
2010-12-10 13:11:24 -08:00
Elio Maldonado
f5fbb3f944 Update to NSS_3_12_9_BETA1 2010-12-08 14:10:33 -08:00
Elio Maldonado
c45196731a - Update pem source tar with fixes for 614532 and 596674
- Remove no longer needed patches
2010-11-25 12:43:08 -08:00
Elio Maldonado
4c96b0e51a Update test certificate which had expired 2010-11-05 08:24:44 -07:00
Elio Maldonado
2cded812be Tell rpm to not veryfy md5, sixe, and mtime of the configuration files.
Fixes 'rpm -qV nss-sysinit nss' failures.
2010-10-31 09:47:13 -07:00
Elio Maldonado
7292dd3723 - Fix certificates trust order (#643134)
- Apply nss-sysinit-userdb-first.patch last
2010-10-18 15:54:32 -07:00
Elio Maldonado
50867d6093 Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248) 2010-10-06 20:22:32 -07:00
Elio Maldonado
89b371d9fc Fix invalid %postun scriptlet (#639248) 2010-10-05 10:07:31 -07:00
Elio Maldonado
c5201d23da Improve the fixes for bugs 636787, 636792, 636801
Replace posttrans sysinit scriptlet with a triggerpostun one (#636787)
Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)
2010-09-29 11:46:10 -07:00
Elio Maldonado
c51d121d29 Add posttrans sysinit scriptlet to re-enable nssysinit - resolves rhbz#636787. 2010-09-27 21:47:31 -07:00
Elio Maldonado
53ccaaaa26 Changes related to the fix for 636787 and 609612
system-pkcs11.txt has nss-sysinit enabled (#636787)
Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)
2010-09-25 13:10:51 -07:00
Elio Maldonado
06f202356f Fix the nss_util_version and nss_softokn_version to be 3.12.8 2010-09-23 17:52:31 -07:00
Elio Maldonado
1e21f59c8c Update to 3.12.8 and resolve bugs 636787, 636787, 636801
nss.spec prevents disabling of nss-sysinit on package upgrade - #636787
setup-nsssysinit.shc creates pkcs11.txt with correct permissions regardless of umask - #636792
setup-nsssysinit.sh reports whether nss-sysinit is turned on or off - #636801
2010-09-23 17:45:52 -07:00
Elio Maldonado
958c0f4fd5 Update to NSS 3.12.8 RC0 2010-09-19 13:19:26 -07:00
Elio Maldonado
4a3d4a018a Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3.
This is the currently higest version that can be satisfied, previous value caused build breakage.
2010-09-05 11:03:04 -07:00
Elio Maldonado
759a662b45 Update for NSS 3.12.8 Beta 3 2010-09-04 13:24:39 -07:00
Elio Maldonado
5cb30e27e1 Change BuildRequries to available version of nss-util-devel. 2010-08-30 15:56:50 -07:00
Elio Maldonado
2becd412b2 Complete the change log 2010-08-29 12:56:11 -07:00
Elio Maldonado
8e3710e2cf Rely on NSS_USE_SYSTEM_SQLITE for no local sql
Define NSS_USE_SYSTEM_SQLITE and remove nss-nolocalsql patch
Fix rpmlint warnings about macros in comments and changelog
Build requires nss-softokn-devel >= 3.12.7
2010-08-29 12:46:20 -07:00
Elio Maldonado
1c9dbe330c Updating to 3.12.7 2010-08-18 18:01:57 -07:00
Elio Maldonado
c647f9551c Apply the patches to fix rhbz#614532
Added 0001-Add-support-for-PKCS-8-encoded-private-keys.patch
Added 0001-Do-not-define-SEC_SkipTemplate.patch
Modified nss.spec to apply the patches
2010-08-14 15:54:14 -07:00
Elio Maldonado
ebb7b25b6f Remove pem source tar 2010-08-09 21:36:17 -07:00
Elio Maldonado
37584d01a1 Update source tar to add support for PKCS#8 encoded PEM RSA private key files rhbz#614532 2010-08-09 15:06:09 -07:00
Elio Maldonado
a3ec3dfe11 * Fri Jul 31 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-9
- Fix nsssysinit to return userdb ahead of systemdb (#603313)
2010-07-31 09:51:45 -07:00
Dennis Gilmore
99c5eddfda fix typo 2010-06-08 19:59:30 +00:00
Dennis Gilmore
f2b0bb17ab changes the requires and BuildRequires versions from = to >= 2010-06-08 19:58:16 +00:00
Elio Maldonado
7edcfc8148 Require nss-softoken 3.12.6 2010-06-08 19:01:01 +00:00
Elio Maldonado
fbbc54fbf1 Fix SIGSEGV within CreateObject rhbz#596674 2010-06-07 04:41:51 +00:00
Elio Maldonado
0b1d72fd87 Synch. up pem source tar with git repo to pick up various fixes 2010-04-12 22:46:45 +00:00
Elio Maldonado
f1e2b65a89 Update test cert in setup phase instead of changing the source tar ball 2010-04-08 01:38:51 +00:00
Elio Maldonado
0578cf1b19 Fix requires for nss-sysinit and update an expired - #576071, #580207 2010-04-07 23:29:25 +00:00
Elio Maldonado
c2a52bb832 Add sed to sysinit requires as setup-nsssysinit.sh requires it -
rhbz#576071
2010-04-06 23:37:08 +00:00
Elio Maldonado
b84ca16585 Remove nss-softokn from requires in ns.pc - rhbz#575001 2010-03-19 04:13:21 +00:00
Elio Maldonado
ba88c56bfa Reenable all tests 2010-03-07 02:05:27 +00:00
Elio Maldonado
688080c659 Add renegotiate-transitional patch and disable ssl tests suites 2010-03-06 21:52:07 +00:00
Elio Maldonado
f9076c4e22 Update to 3.12.6 2010-03-06 21:13:40 +00:00
Elio Maldonado
90bba8e3ec Pick up fixes from F-12 2010-01-25 22:10:27 +00:00
Elio Maldonado
6bcb3eb1cd retagging 2010-01-13 15:21:37 +00:00
Elio Maldonado
19b99b2cd7 Fix sigsegv on call to NSS_Initialize - rhbz #553638 2010-01-13 06:13:28 +00:00
Elio Maldonado
d06d666dbb Address review comments in patch #547860 2010-01-07 02:37:35 +00:00
Elio Maldonado
88e3f7f389 Temporarily disabling the ssl tests 2009-12-31 22:14:53 +00:00
Elio Maldonado
c33feabbec Fix nsssysinit to allow root to modify the nss system database (#547860) 2009-12-31 01:21:59 +00:00