diff --git a/.cvsignore b/.cvsignore index 095444a..3530e21 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ nss-pem-20080124.tar.bz2 -nss-3.12.3-stripped.tar.bz2 +nss-3.12.3.99.3-stripped.tar.bz2 diff --git a/nss-disable-freebl-execstack.patch b/nss-disable-freebl-execstack.patch deleted file mode 100644 index 75424ed..0000000 --- a/nss-disable-freebl-execstack.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- nss-3.12.2.99.3/mozilla/security/nss/lib/freebl/Makefile-save 2009-04-02 08:46:32.083530732 -0700 -+++ nss-3.12.2.99.3/mozilla/security/nss/lib/freebl/Makefile 2009-04-02 08:46:51.740542226 -0700 -@@ -133,7 +133,7 @@ - ifeq ($(OS_TARGET),Linux) - ifeq ($(CPU_ARCH),x86_64) - ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s -- ASFLAGS += -march=opteron -m64 -fPIC -+ ASFLAGS += -march=opteron -m64 -fPIC -Wa,--noexecstack - DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY - DEFINES += -DNSS_USE_COMBA - DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN diff --git a/nss-freebl-kernelfipsmode b/nss-freebl-kernelfipsmode deleted file mode 100644 index 1ddcd13..0000000 --- a/nss-freebl-kernelfipsmode +++ /dev/null @@ -1,42 +0,0 @@ -diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.kernelfipsmode ./mozilla/security/nss/lib/freebl/nsslowhash.c ---- ./mozilla/security/nss/lib/freebl/nsslowhash.c.kernelfipsmode 2008-11-27 16:20:44.000000000 +0100 -+++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2009-04-14 22:58:19.000000000 +0200 -@@ -267,6 +267,27 @@ struct NSSLOWHASHContextStr { - - }; - -+static int nsslow_GetFIPSEnabled(void) { -+#ifdef LINUX -+ FILE *f; -+ char d; -+ size_t size; -+ -+ f = fopen("/proc/sys/crypto/fips_enabled", "r"); -+ if (!f) -+ return 0; -+ -+ size = fread(&d, 1, 1, f); -+ fclose(f); -+ if (size != 1) -+ return 0; -+ if (d != '1') -+ return 0; -+#endif -+ return 1; -+} -+ -+ - static int post = 0; - - static NSSLOWInitContext dummyContext = { 0 }; -@@ -284,7 +305,9 @@ NSSLOW_Init(void) - - - if (!post) { -- crv = freebl_fipsPowerUpSelfTest(); -+ crv = CKR_OK; -+ if (nsslow_GetFIPSEnabled()) -+ crv = freebl_fipsPowerUpSelfTest(); - if (crv != CKR_OK) { - return NULL; - } diff --git a/nss.spec b/nss.spec index 606b08c..ef5635c 100644 --- a/nss.spec +++ b/nss.spec @@ -3,8 +3,8 @@ Summary: Network Security Services Name: nss -Version: 3.12.3 -Release: 4%{?dist} +Version: 3.12.3.99.3 +Release: 1%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -35,8 +35,6 @@ Patch2: nss-nolocalsql.patch Patch4: nss-pem-bug483855.patch Patch5: nss-pem-bug429175.patch Patch6: nss-enable-pem.patch -Patch7: nss-disable-freebl-execstack.patch -Patch8: nss-freebl-kernelfipsmode %description Network Security Services (NSS) is a set of libraries designed to @@ -108,8 +106,6 @@ low level services. %patch4 -p0 -b .483855 %patch5 -p0 -b .429175 %patch6 -p0 -b .libpem -%patch7 -p1 -%patch8 -p1 %build @@ -477,6 +473,8 @@ done %changelog +* Fri Jun 05 2009 Kai Engert - 3.12.3.99.3-1 +- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75 * Fri May 08 2009 Kai Engert - 3.12.3-4 - add conflicts info in order to fix bug 499436 * Tue Apr 14 2009 Kai Engert - 3.12.3-3 diff --git a/sources b/sources index d08b592..4fadaa6 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ 084675e4f793ed82e1ba78f76745ada8 nss-pem-20080124.tar.bz2 -de43077b1fb888bccf155506ec12e40a nss-3.12.3-stripped.tar.bz2 +bf79d625096067fed3511c0bc6c64c27 nss-3.12.3.99.3-stripped.tar.bz2