From 1a6f0f37e4b949b5ec5694db7d6c95e114e4c952 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sep 05 2017 07:18:24 +0000 Subject: import nss-softokn-3.28.3-8.el7_4 --- diff --git a/SOURCES/nss-softokn-fix-ecc-post.patch b/SOURCES/nss-softokn-fix-ecc-post.patch new file mode 100644 index 0000000..3fe1836 --- /dev/null +++ b/SOURCES/nss-softokn-fix-ecc-post.patch @@ -0,0 +1,44 @@ +diff -up ./nss/lib/freebl/fipsfreebl.c.ecc_post ./nss/lib/freebl/fipsfreebl.c +--- ./nss/lib/freebl/fipsfreebl.c.ecc_post 2017-07-21 18:33:27.946809392 -0700 ++++ ./nss/lib/freebl/fipsfreebl.c 2017-07-21 18:34:09.065510689 -0700 +@@ -15,9 +15,7 @@ + #include "secerr.h" + #include "prtypes.h" + +-#ifdef NSS_ENABLE_ECC + #include "ec.h" /* Required for ECDSA */ +-#endif + + /* + * different platforms have different ways of calling and initial entry point +@@ -1077,7 +1075,6 @@ rsa_loser: + return (SECFailure); + } + +-#ifdef NSS_ENABLE_ECC + + static SECStatus + freebl_fips_ECDSA_Test(ECParams *ecparams, +@@ -1275,8 +1272,6 @@ freebl_fips_ECDSA_PowerUpSelfTest() + return (SECSuccess); + } + +-#endif /* NSS_ENABLE_ECC */ +- + static SECStatus + freebl_fips_DSA_PowerUpSelfTest(void) + { +@@ -1559,13 +1554,11 @@ freebl_fipsPowerUpSelfTest(unsigned int + if (rv != SECSuccess) + return rv; + +-#ifdef NSS_ENABLE_ECC + /* ECDSA Power-Up SelfTest(s). */ + rv = freebl_fips_ECDSA_PowerUpSelfTest(); + + if (rv != SECSuccess) + return rv; +-#endif + } + /* Passed Power-Up SelfTest(s). */ + return (SECSuccess); diff --git a/SPECS/nss-softokn.spec b/SPECS/nss-softokn.spec index 5e8487a..3103691 100644 --- a/SPECS/nss-softokn.spec +++ b/SPECS/nss-softokn.spec @@ -32,7 +32,7 @@ Summary: Network Security Services Softoken Module Name: nss-softokn Version: 3.28.3 -Release: 6%{?dist} +Release: 8%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -93,6 +93,7 @@ Patch104: nss-softokn-ec-derive-pubkey-check.patch Patch105: nss-softokn-3.28-fix-fips-login.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1345089 Patch106: nss-softokn-fix-drbg.patch +Patch107: nss-softokn-fix-ecc-post.patch %description Network Security Services Softoken Cryptographic Module @@ -100,6 +101,9 @@ Network Security Services Softoken Cryptographic Module %package freebl Summary: Freebl library for the Network Security Services Group: System Environment/Base +# Needed because nss-softokn-freebl dlopen()'s nspr +# https://bugzilla.redhat.com/show_bug.cgi?id=1477308 +Requires: nspr >= %{nspr_version} Conflicts: nss < 3.12.2.99.3-5 Conflicts: prelink < 0.4.3 Conflicts: filesystem < 3 @@ -159,6 +163,7 @@ popd pushd nss %patch106 -p1 -b .fix-drbg popd +%patch107 -p1 -b .ecc_post %build @@ -176,6 +181,9 @@ export FREEBL_NO_DEPEND FREEBL_LOWHASH=1 export FREEBL_LOWHASH +NSS_FORCE_FIPS=1 +export NSS_FORCE_FIPS + #FREEBL_USE_PRELINK=1 #export FREEBL_USE_PRELINK @@ -481,6 +489,13 @@ done %{_includedir}/nss3/shsign.h %changelog +* Thu Aug 3 2017 Bob Relyea - 3.28.3-8 +- fix fips post so that they actually run at startup + +* Wed Aug 2 2017 Daiki Ueno - 3.28.3-7 +- let nss-softokn-freebl depend on recent version of nspr (rhbz#1477308), + patch by Kyle Walker + * Fri May 26 2017 Daiki Ueno - 3.28.3-6 - restore nss-softokn-3.16-add_encrypt_derive.patch