From bd239c046aecdfa83af6ec6e34ee81679d57a2f7 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Nov 14 2017 13:20:29 +0000 Subject: Update to NSS 3.34.0 --- diff --git a/.gitignore b/.gitignore index c48ea61..350db6c 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ TestUser51.cert /nss-3.32.0.tar.gz /nss-3.32.1.tar.gz /nss-3.33.0.tar.gz +/nss-3.34.0.tar.gz diff --git a/nss-sql-1-1403691-a.patch b/nss-sql-1-1403691-a.patch deleted file mode 100644 index f28f674..0000000 --- a/nss-sql-1-1403691-a.patch +++ /dev/null @@ -1,92 +0,0 @@ - -# HG changeset patch -# User Kai Engert -# Date 1507823956 -7200 -# Node ID 994e89150fc1cd0008d19a8ad8aafed565d98069 -# Parent f3766809817ba03aa8cc1da4fdf48bd011fc01e3 -Bug 1403691, Change first NSS test cycle to explicitly use dbm file format, r=rrelyea - -diff --git a/tests/all.sh b/tests/all.sh ---- a/tests/all.sh -+++ b/tests/all.sh -@@ -125,24 +125,30 @@ run_tests() - echo "Running tests for ${TEST}" - echo "TIMESTAMP ${TEST} BEGIN: `date`" - (cd ${QADIR}/${TEST}; . ./${SCRIPTNAME} 2>&1) - echo "TIMESTAMP ${TEST} END: `date`" - done - } - - ########################## run_cycle_standard ########################## --# run test suites with defaults settings (no PKIX, no sharedb) -+# run test suites with dbm database (no PKIX, no sharedb) - ######################################################################## - run_cycle_standard() - { - TEST_MODE=STANDARD - - TESTS="${ALL_TESTS}" -- TESTS_SKIP= -+ TESTS_SKIP="cipher libpkix sdr ocsp pkits" -+ -+ NSS_DEFAULT_DB_TYPE="dbm" -+ export NSS_DEFAULT_DB_TYPE -+ -+ NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"` -+ NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"` - - run_tests - } - - ############################ run_cycle_pkix ############################ - # run test suites with PKIX enabled - ######################################################################## - run_cycle_pkix() -@@ -157,17 +163,22 @@ run_cycle_pkix() - mkdir -p "${HOSTDIR}" - init_directories - - NSS_ENABLE_PKIX_VERIFY="1" - export NSS_ENABLE_PKIX_VERIFY - - TESTS="${ALL_TESTS}" - TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit" -+ - NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"` -+ export -n NSS_SSL_RUN -+ -+ # use the default format -+ export -n NSS_DEFAULT_DB_TYPE - - run_tests - } - - ######################### run_cycle_upgrade_db ######################### - # upgrades certificate database to shareable format and run test suites - # with those databases - ######################################################################## -@@ -226,20 +237,20 @@ run_cycle_shared_db() - mkdir -p "${HOSTDIR}" - init_directories - - NSS_DEFAULT_DB_TYPE="sql" - export NSS_DEFAULT_DB_TYPE - - # run the tests for native sharedb support - TESTS="${ALL_TESTS}" -- TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits" -+ TESTS_SKIP="dbupgrade" - -- NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"` -- NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"` -+ export -n NSS_SSL_TESTS -+ export -n NSS_SSL_RUN - - run_tests - } - - ############################# run_cycles ############################### - # run test cycles defined in CYCLES variable - ######################################################################## - run_cycles() - diff --git a/nss-sql-1-1403691-b.patch b/nss-sql-1-1403691-b.patch deleted file mode 100644 index 16137ef..0000000 --- a/nss-sql-1-1403691-b.patch +++ /dev/null @@ -1,31 +0,0 @@ - -# HG changeset patch -# User Kai Engert -# Date 1508150373 -7200 -# Node ID e73fedaecd63afe28c9da46cd26906f247375d59 -# Parent 24695a55c095a1c37ed92ac2a4fa6c56595e17c0 -Bug 1403691, follow up fix to allow the pkits tests to work with sql db format - -diff --git a/tests/pkits/pkits.sh b/tests/pkits/pkits.sh ---- a/tests/pkits/pkits.sh -+++ b/tests/pkits/pkits.sh -@@ -88,17 +88,17 @@ pkits_init() - echo "PKITS_DATA" $PKITS_DATA - echo "certs" $certs - echo "crls" $crls - - echo nss > ${PKITSdb}/pw - ${BINDIR}/certutil -N -d ${PKITSdb} -f ${PKITSdb}/pw - - ${BINDIR}/certutil -A -n TrustAnchorRootCertificate -t "C,C,C" -i \ -- $certs/TrustAnchorRootCertificate.crt -d $PKITSdb -+ $certs/TrustAnchorRootCertificate.crt -d $PKITSdb -f ${PKITSdb}/pw - if [ -z "$NSS_NO_PKITS_CRLS" ]; then - ${BINDIR}/crlutil -I -i $crls/TrustAnchorRootCRL.crl -d ${PKITSdb} -f ${PKITSdb}/pw - else - html "

NO CRLs are being used.

" - pkits_log "NO CRLs are being used." - fi - - cp ${PKITSdb}/* ${PKITSbkp} - diff --git a/nss-sql-2-1382278-a.patch b/nss-sql-2-1382278-a.patch deleted file mode 100644 index aa6f559..0000000 --- a/nss-sql-2-1382278-a.patch +++ /dev/null @@ -1,56 +0,0 @@ - -# HG changeset patch -# User Bob Relyea -# Date 1505757778 -7200 -# Node ID 18edd4ad8389d50d4231cc1a545a468dbb11185c -# Parent 70109a01ce53328b511aaa6c839593a3282cb725 -Bug 1382278, certutil -A creates uninitialised database, r=kaie - -diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c ---- a/cmd/certutil/certutil.c -+++ b/cmd/certutil/certutil.c -@@ -3005,16 +3005,43 @@ certutil_main(int argc, char **argv, PRB - certutil.options[opt_NewPasswordFile].arg); - } - if (rv != SECSuccess) { - SECU_PrintError(progName, "Could not set password for the slot"); - goto shutdown; - } - } - -+ /* if we are going to modify the cert database, -+ * make sure it's initialized */ -+ if (certutil.commands[cmd_ModifyCertTrust].activated || -+ certutil.commands[cmd_CreateAndAddCert].activated || -+ certutil.commands[cmd_AddCert].activated || -+ certutil.commands[cmd_AddEmailCert].activated) { -+ if (PK11_NeedUserInit(slot)) { -+ char *password = NULL; -+ /* fetch the password from the command line or the file -+ * if no password is supplied, initialize the password to NULL */ -+ if (pwdata.source == PW_FROMFILE) { -+ password = SECU_FilePasswd(slot, PR_FALSE, pwdata.data); -+ } else if (pwdata.source == PW_PLAINTEXT) { -+ password = PL_strdup(pwdata.data); -+ } -+ rv = PK11_InitPin(slot, (char *)NULL, password ? password : ""); -+ if (password) { -+ PORT_Memset(password, 0, PL_strlen(password)); -+ PORT_Free(password); -+ } -+ if (rv != SECSuccess) { -+ SECU_PrintError(progName, "Could not set password for the slot"); -+ goto shutdown; -+ } -+ } -+ } -+ - /* walk through the upgrade merge if necessary. - * This option is more to test what some applications will want to do - * to do an automatic upgrade. The --merge command is more useful for - * the general case where 2 database need to be merged together. - */ - if (certutil.commands[cmd_UpgradeMerge].activated) { - if (*upgradeTokenName == 0) { - upgradeTokenName = upgradeID; - diff --git a/nss-sql-2-1382278-b.patch b/nss-sql-2-1382278-b.patch deleted file mode 100644 index de9ef56..0000000 --- a/nss-sql-2-1382278-b.patch +++ /dev/null @@ -1,142 +0,0 @@ - -# HG changeset patch -# User Kai Engert -# Date 1506452962 -7200 -# Node ID fe8b221d3bded99b2b21e2e62fb27cc8c659ec2f -# Parent 96a835be15192281d67a8b1046b7f159ff6deb12 -Bug 1382278, add test to confirm implicit init with certutil -A is working, r=rrelyea - -diff --git a/tests/cert/cert.sh b/tests/cert/cert.sh ---- a/tests/cert/cert.sh -+++ b/tests/cert/cert.sh -@@ -1941,32 +1941,42 @@ cert_test_distrust() - cert_test_ocspresp() - { - echo "$SCRIPTNAME: OCSP response creation selftest" - OR_ACTION="perform selftest" - RETEXPECTED=0 - ocspr ${SERVER_CADIR} "serverCA" "chain-1-serverCA" -f "${R_PWFILE}" 2>&1 - } - -+cert_test_implicit_db_init() -+{ -+ echo "$SCRIPTNAME: test implicit database init" -+ -+ CU_ACTION="Add cert with trust flags to db with implicit init" -+ mkdir ${IMPLICIT_INIT_DIR} -+ certu -A -n ca -t 'C,C,C' -d ${P_R_IMPLICIT_INIT_DIR} -i "${SERVER_CADIR}/serverCA.ca.cert" -+} -+ - ############################## cert_cleanup ############################ - # local shell function to finish this script (no exit since it might be - # sourced) - ######################################################################## - cert_cleanup() - { - cert_log "$SCRIPTNAME: finished $SCRIPTNAME" - html "
" - cd ${QADIR} - . common/cleanup.sh - } - - ################## main ################################################# - - cert_init - cert_all_CA -+cert_test_implicit_db_init - cert_extended_ssl - cert_ssl - cert_smime_client - if [[ -n "$NSS_TEST_ENABLE_FIPS" ]]; then - cert_fips - fi - cert_eccurves - cert_extensions -diff --git a/tests/common/init.sh b/tests/common/init.sh ---- a/tests/common/init.sh -+++ b/tests/common/init.sh -@@ -63,16 +63,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU - DBPASSDIR=${HOSTDIR}/dbpass - ECCURVES_DIR=${HOSTDIR}/eccurves - DISTRUSTDIR=${HOSTDIR}/distrust - - SERVER_CADIR=${HOSTDIR}/serverCA - CLIENT_CADIR=${HOSTDIR}/clientCA - EXT_SERVERDIR=${HOSTDIR}/ext_server - EXT_CLIENTDIR=${HOSTDIR}/ext_client -+ IMPLICIT_INIT_DIR=${HOSTDIR}/implicit_init - - IOPR_CADIR=${HOSTDIR}/CA_iopr - IOPR_SSL_SERVERDIR=${HOSTDIR}/server_ssl_iopr - IOPR_SSL_CLIENTDIR=${HOSTDIR}/client_ssl_iopr - IOPR_OCSP_CLIENTDIR=${HOSTDIR}/client_ocsp_iopr - - CERT_EXTENSIONS_DIR=${HOSTDIR}/cert_extensions - STAPLINGDIR=${HOSTDIR}/stapling -@@ -531,16 +532,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU - D_SERVER="Server.$version" - D_CLIENT="Client.$version" - D_NOLOGIN="NoLogin.$version" - D_FIPS="FIPS.$version" - D_DBPASS="DBPASS.$version" - D_ECCURVES="ECCURVES.$version" - D_EXT_SERVER="ExtendedServer.$version" - D_EXT_CLIENT="ExtendedClient.$version" -+ D_IMPLICIT_INIT="ImplicitInit.$version" - D_CERT_EXTENSTIONS="CertExtensions.$version" - D_DISTRUST="Distrust.$version" - - # we need relative pathnames of these files abd directories, since our - # tools can't handle the unix style absolut pathnames on cygnus - - R_CADIR=../CA - R_SERVERDIR=../server -@@ -550,16 +552,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU - R_IOPR_SSL_CLIENTDIR=../client_ssl_iopr - R_IOPR_OCSP_CLIENTDIR=../client_ocsp_iopr - R_ALICEDIR=../alicedir - R_BOBDIR=../bobdir - R_DAVEDIR=../dave - R_EVEDIR=../eve - R_EXT_SERVERDIR=../ext_server - R_EXT_CLIENTDIR=../ext_client -+ R_IMPLICIT_INIT_DIR=../implicit_init - R_CERT_EXT=../cert_extensions - R_STAPLINGDIR=../stapling - R_NOLOGINDIR=../nologin - R_SSLGTESTDIR=../ssl_gtests - R_GTESTDIR=../gtests - - # - # profiles are either paths or domains depending on the setting of -@@ -570,27 +573,29 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU - P_R_BOBDIR=${R_BOBDIR} - P_R_DAVEDIR=${R_DAVEDIR} - P_R_EVEDIR=${R_EVEDIR} - P_R_SERVERDIR=${R_SERVERDIR} - P_R_CLIENTDIR=${R_CLIENTDIR} - P_R_NOLOGINDIR=${R_NOLOGINDIR} - P_R_EXT_SERVERDIR=${R_EXT_SERVERDIR} - P_R_EXT_CLIENTDIR=${R_EXT_CLIENTDIR} -+ P_R_IMPLICIT_INIT_DIR=${R_IMPLICIT_INIT_DIR} - if [ -n "${MULTIACCESS_DBM}" ]; then - P_R_CADIR="multiaccess:${D_CA}" - P_R_ALICEDIR="multiaccess:${D_ALICE}" - P_R_BOBDIR="multiaccess:${D_BOB}" - P_R_DAVEDIR="multiaccess:${D_DAVE}" - P_R_EVEDIR="multiaccess:${D_EVE}" - P_R_SERVERDIR="multiaccess:${D_SERVER}" - P_R_CLIENTDIR="multiaccess:${D_CLIENT}" - P_R_NOLOGINDIR="multiaccess:${D_NOLOGIN}" - P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}" - P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}" -+ P_R_IMPLICIT_INIT_DIR="multiaccess:${D_IMPLICIT_INIT}" - fi - - R_PWFILE=../tests.pw - R_EMPTY_FILE=../tests_empty - R_NOISE_FILE=../tests_noise - - R_FIPSPWFILE=../tests.fipspw - R_FIPSBADPWFILE=../tests.fipsbadpw - diff --git a/nss-sql-3-1395495-a.patch b/nss-sql-3-1395495-a.patch deleted file mode 100644 index 3e91411..0000000 --- a/nss-sql-3-1395495-a.patch +++ /dev/null @@ -1,191 +0,0 @@ - -# HG changeset patch -# User Daiki Ueno -# Date 1505483851 -7200 -# Node ID 279b257c6433f1972d49c529247e6ed2633b979f -# Parent 88b6e9707b17c6b1ba5017cbf62e70bba58c2fcd -Bug 1395495, modutil: Initialize DB with empty password on -create, r=kaie - -diff --git a/cmd/modutil/error.h b/cmd/modutil/error.h ---- a/cmd/modutil/error.h -+++ b/cmd/modutil/error.h -@@ -52,16 +52,17 @@ typedef enum { - ENABLE_FAILED_ERR, - UPDATE_MOD_FAILED_ERR, - DEFAULT_FAILED_ERR, - UNDEFAULT_FAILED_ERR, - STDIN_READ_ERR, - UNSPECIFIED_ERR, - NOCERTDB_MISUSE_ERR, - NSS_INITIALIZE_FAILED_ERR, -+ INITPW_FAILED_ERR, - - LAST_ERR /* must be last */ - } Error; - #define SUCCESS NO_ERR - - /* !!! Should move this into its own .c and un-static it. */ - static char *errStrings[] = { - "Operation completed successfully.\n", -@@ -105,17 +106,18 @@ static char *errStrings[] = { - "ERROR: Slot \"%s\" not found.\n", - "ERROR: Failed to %s slot \"%s\".\n", - "ERROR: Failed to update module \"%s\".\n", - "ERROR: Failed to change defaults.\n", - "ERROR: Failed to change default.\n", - "ERROR: Unable to read from standard input.\n", - "ERROR: Unknown error occurred.\n", - "ERROR: -nocertdb option can only be used with the -jar command.\n", -- "ERROR: NSS_Initialize() failed.\n" -+ "ERROR: NSS_Initialize() failed.\n", -+ "ERROR: Unable to set initial password on the database.\n" - }; - - typedef enum { - FIPS_ENABLED_MSG = 0, - FIPS_DISABLED_MSG, - USING_DBDIR_MSG, - CREATING_DB_MSG, - ADD_MODULE_SUCCESS_MSG, -diff --git a/cmd/modutil/modutil.c b/cmd/modutil/modutil.c ---- a/cmd/modutil/modutil.c -+++ b/cmd/modutil/modutil.c -@@ -860,17 +860,17 @@ main(int argc, char* argv[]) - switch (command) { - case ADD_COMMAND: - errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString); - break; - case CHANGEPW_COMMAND: - errcode = ChangePW(tokenName, pwFile, newpwFile); - break; - case CREATE_COMMAND: -- /* The work was already done in init_crypto() */ -+ errcode = InitPW(); - break; - case DEFAULT_COMMAND: - errcode = SetDefaultModule(moduleName, slotName, mechanisms); - break; - case DELETE_COMMAND: - errcode = DeleteModule(moduleName); - break; - case DISABLE_COMMAND: -diff --git a/cmd/modutil/modutil.h b/cmd/modutil/modutil.h ---- a/cmd/modutil/modutil.h -+++ b/cmd/modutil/modutil.h -@@ -24,16 +24,17 @@ - Error LoadMechanismList(void); - Error FipsMode(char *arg); - Error ChkFipsMode(char *arg); - Error AddModule(char *moduleName, char *libFile, char *ciphers, - char *mechanisms, char *modparms); - Error DeleteModule(char *moduleName); - Error ListModule(char *moduleName); - Error ListModules(); -+Error InitPW(void); - Error ChangePW(char *tokenName, char *pwFile, char *newpwFile); - Error EnableModule(char *moduleName, char *slotName, PRBool enable); - Error RawAddModule(char *dbmodulespec, char *modulespec); - Error RawListModule(char *modulespec); - Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms); - Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms); - void out_of_memory(void); - -diff --git a/cmd/modutil/pk11.c b/cmd/modutil/pk11.c ---- a/cmd/modutil/pk11.c -+++ b/cmd/modutil/pk11.c -@@ -665,16 +665,49 @@ loser: - if (module) { - SECMOD_DestroyModule(module); - } - return rv; - } - - /************************************************************************ - * -+ * I n i t P W -+ */ -+Error -+InitPW(void) -+{ -+ PK11SlotInfo *slot; -+ Error ret = UNSPECIFIED_ERR; -+ -+ slot = PK11_GetInternalKeySlot(); -+ if (!slot) { -+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], "internal"); -+ return NO_SUCH_TOKEN_ERR; -+ } -+ -+ /* Set the initial password to empty */ -+ if (PK11_NeedUserInit(slot)) { -+ if (PK11_InitPin(slot, NULL, "") != SECSuccess) { -+ PR_fprintf(PR_STDERR, errStrings[INITPW_FAILED_ERR]); -+ ret = INITPW_FAILED_ERR; -+ goto loser; -+ } -+ } -+ -+ ret = SUCCESS; -+ -+loser: -+ PK11_FreeSlot(slot); -+ -+ return ret; -+} -+ -+/************************************************************************ -+ * - * C h a n g e P W - */ - Error - ChangePW(char *tokenName, char *pwFile, char *newpwFile) - { - char *oldpw = NULL, *newpw = NULL, *newpw2 = NULL; - PK11SlotInfo *slot; - Error ret = UNSPECIFIED_ERR; -diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh ---- a/tests/tools/tools.sh -+++ b/tests/tools/tools.sh -@@ -492,27 +492,41 @@ SIGNSCRIPT - - echo "$SCRIPTNAME: Show who signed xpi ------------------------------" - echo "signtool -w nojs.xpi -d ${P_R_SIGNDIR}" - ${BINDIR}/signtool -w nojs.xpi -d ${P_R_SIGNDIR} - html_msg $? 0 "Show who signed xpi (signtool -w)" - - } - -+tools_modutil() -+{ -+ echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized" -+ mkdir -p ${R_TOOLSDIR}/moddir -+ modu -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1 -+ ret=$? -+ ${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \ -+ -x -t ',,' -z "${R_NOISE_FILE}" -+ ret=$? -+ html_msg $ret 0 "Test if DB created by modutil -create is initialized" -+ check_tmpfile -+} -+ - ############################## tools_cleanup ########################### - # local shell function to finish this script (no exit since it might be - # sourced) - ######################################################################## - tools_cleanup() - { - html "
" - cd ${QADIR} - . common/cleanup.sh - } - - ################## main ################################################# - - tools_init - tools_p12 - tools_sign -+tools_modutil - tools_cleanup - - - diff --git a/nss-sql-3-1395495-b.patch b/nss-sql-3-1395495-b.patch deleted file mode 100644 index 9f4a1dc..0000000 --- a/nss-sql-3-1395495-b.patch +++ /dev/null @@ -1,33 +0,0 @@ - -# HG changeset patch -# User Daiki Ueno -# Date 1505742679 -7200 -# Node ID 70109a01ce53328b511aaa6c839593a3282cb725 -# Parent 279b257c6433f1972d49c529247e6ed2633b979f -Bug 1395495, bustage fix, Don't use the modu function from cert.sh, r=kaie - -diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh ---- a/tests/tools/tools.sh -+++ b/tests/tools/tools.sh -@@ -496,17 +496,19 @@ SIGNSCRIPT - html_msg $? 0 "Show who signed xpi (signtool -w)" - - } - - tools_modutil() - { - echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized" - mkdir -p ${R_TOOLSDIR}/moddir -- modu -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1 -+ # copied from modu function in cert.sh -+ # echo is used to press Enter expected by modutil -+ echo | ${BINDIR}/modutil -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1 - ret=$? - ${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \ - -x -t ',,' -z "${R_NOISE_FILE}" - ret=$? - html_msg $ret 0 "Test if DB created by modutil -create is initialized" - check_tmpfile - } - - diff --git a/nss.spec b/nss.spec index 5a7f1d0..2b7f47c 100644 --- a/nss.spec +++ b/nss.spec @@ -1,15 +1,15 @@ %global nspr_version 4.17.0 -%global nss_util_version 3.33.0 -%global nss_softokn_version 3.33.0 +%global nss_util_version 3.34.0 +%global nss_softokn_version 3.34.0 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv" Summary: Network Security Services Name: nss -Version: 3.33.0 +Version: 3.34.0 # for Rawhide, please always use release >= 2 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...) -Release: 6%{?dist} +Release: 2%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -98,13 +98,6 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch Patch59: nss-check-policy-file.patch Patch62: nss-skip-util-gtest.patch -# rhbz#1505487, backport several upstream fixes from upstream NSS 3.34 -Patch71: nss-sql-1-1403691-a.patch -Patch72: nss-sql-1-1403691-b.patch -Patch73: nss-sql-2-1382278-a.patch -Patch74: nss-sql-2-1382278-b.patch -Patch75: nss-sql-3-1395495-a.patch -Patch76: nss-sql-3-1395495-b.patch # Fix upgrade_db test use dbm by default, required with default sql Patch77: nss-sql-4-1377940-test.patch @@ -191,12 +184,6 @@ pushd nss %patch59 -p1 -b .check_policy_file %patch62 -p1 -b .skip_util_gtest -%patch71 -p1 -b .1403691-a -%patch72 -p1 -b .1403691-b -%patch73 -p1 -b .1382278-a -%patch74 -p1 -b .1382278-b -%patch75 -p1 -b .1395495-a -%patch76 -p1 -b .1395495-b %patch77 -p1 -b .1377940 popd @@ -774,6 +761,9 @@ done %changelog +* Tue Nov 14 2017 Daiki Ueno - 3.34.0-2 +- Update to NSS 3.34.0 + * Fri Nov 10 2017 Daiki Ueno - 3.33.0-6 - Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka diff --git a/sources b/sources index 198b941..831670f 100644 --- a/sources +++ b/sources @@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403 SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310 -SHA512 (nss-3.33.0.tar.gz) = 50c0445c64972e80ac5863b34c3e0639a02f32247d1a6d3505e2a7c93c950c098f79e75cd9ca420b8b77432ac4558eed049e621f080f53b5652a3bbc1f390c54 +SHA512 (nss-3.34.0.tar.gz) = 2826e3d327af34714d521edac0fba4da6e14c7a28750ccfeeba8259b0a1954233fc47dcbec47b6aeb96f53de501adc15adf130379efa503b00677a924eb50080