Network Security Services
CentOS Sources
2018-05-14 74449011e876d8839a7a1053f27fcea5cd1ccf4e
SPECS/nss.spec
@@ -1,9 +1,9 @@
%global nspr_version 4.17.0
%global nss_util_version 3.34.0
%global nspr_version 4.19.0
%global nss_util_version 3.36.0
%global nss_util_build -1
# adjust to the version that gets submitted for FIPS validation
%global nss_softokn_fips_version 3.34.0
%global nss_softokn_version 3.34.0
%global nss_softokn_fips_version 3.36.0
%global nss_softokn_version 3.36.0
# Attention: Separate softokn versions for build and runtime.
%global runtime_required_softokn_build_version -1
# Building NSS doesn't require the same version of softokn built for runtime.
@@ -26,8 +26,8 @@
Summary:          Network Security Services
Name:             nss
Version:          3.34.0
Release:          4%{?dist}
Version:          3.36.0
Release:          5%{?dist}
License:          MPLv2.0
URL:              http://www.mozilla.org/projects/security/pki/nss/
Group:            System Environment/Libraries
@@ -123,24 +123,21 @@
Patch131: nss-disable-tls13-gtests.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
Patch135: nss-check-policy-file.patch
# To revert the change in:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1377940
Patch136: nss-sql-default.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1278071
Patch137: nss-pkcs12-iterations-limit.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1447628
Patch138: nss-devslot-reinsert.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1453408
Patch139: nss-modutil-skip-changepw-fips.patch
# Work around for yum
# https://bugzilla.redhat.com/show_bug.cgi?id=1469526
Patch141: nss-sysinit-getenv.patch
# Patches backported from 3.35:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1416265
Patch144: nss-pk12util-faulty-aes.patch
# https://bugzilla.mozilla.org/show_bug.cgi?id=1278071
Patch145: nss-increase-pkcs12-iterations.patch
# https://bugzilla.mozilla.org/show_bug.cgi?id=1415847
Patch146: nss-modutil-suppress-password.patch
# https://bugzilla.mozilla.org/show_bug.cgi?id=1426361
Patch147: nss-certutil-suppress-password.patch
# https://bugzilla.mozilla.org/show_bug.cgi?id=1423557
# https://bugzilla.mozilla.org/show_bug.cgi?id=1415171
Patch148: nss-pss-fixes.patch
# https://bugzilla.mozilla.org/show_bug.cgi?id=1054373
Patch149: nss-is-token-present-race.patch
# To revert the change in:
# https://hg.mozilla.org/projects/nss/rev/896e3eb3a799
Patch142: nss-lockcert-api-change.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -244,13 +241,12 @@
%patch130 -p1 -b .reorder-cipher-suites-gtests
%patch131 -p1 -b .disable-tls13-gtests
%patch135 -p1 -b .check_policy_file
%patch136 -p1 -R -b .sql-default
%patch137 -p1 -b .pkcs12-iterations-limit
%patch138 -p1 -b .devslot-reinsert
%patch139 -p1 -b .modutil-skip-changepw-fips
%patch141 -p1 -b .sysinit-getenv
%patch144 -p1 -b .pk12util-faulty-aes
%patch145 -p1 -b .increase-pkcs12-iterations
%patch146 -p1 -b .suppress-modutil-password
%patch147 -p1 -b .suppress-certutil-password
%patch148 -p1 -b .pss-fixes
%patch149 -p1 -b .is-token-present-race
%patch142 -p1 -R -b .lockcert-api-change
popd
#########################################################
@@ -356,6 +352,8 @@
export NSS_BLTEST_NOT_AVAILABLE=1
export NSS_DISABLE_TLS_1_3=1
export NSS_FORCE_FIPS=1
%{__make} -C ./nss/coreconf
%{__make} -C ./nss/lib/dbm
@@ -849,6 +847,24 @@
%changelog
* Wed Apr 18 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-5
- Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h
* Fri Apr 13 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-4
- Work around modutil -changepw error if the old and new passwords are
  both empty in FIPS mode
* Tue Mar 27 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-3
- Decrease the iteration count of PKCS#12 for compatibility with Windows
- Fix deadlock when a token is re-inserted while a client process is running
* Mon Mar 12 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-2
- Set NSS_FORCE_FIPS=1 in %%build
- Revert the changes to tests assuming the default DB type
* Fri Mar  9 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-1
- Rebase to NSS 3.36
* Mon Jan 15 2018 Daiki Ueno <dueno@redhat.com> - 3.34.0-4
- Re-enable nss-is-token-present-race.patch