diff --git a/.gitignore b/.gitignore index 0ed84b6..b386124 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/nss-util-3.28.4.tar.gz +SOURCES/nss-util-3.34.0.tar.gz diff --git a/.nss-util.metadata b/.nss-util.metadata index 779d4b0..96a9507 100644 --- a/.nss-util.metadata +++ b/.nss-util.metadata @@ -1 +1 @@ -cf8f65cd933957802a2ed95c2e67061fff43f350 SOURCES/nss-util-3.28.4.tar.gz +a614a976a848d65b840e65a58d73529dffcf25d4 SOURCES/nss-util-3.34.0.tar.gz diff --git a/SOURCES/nss-util-ecc-defaults.patch b/SOURCES/nss-util-ecc-defaults.patch new file mode 100644 index 0000000..f4cd5bb --- /dev/null +++ b/SOURCES/nss-util-ecc-defaults.patch @@ -0,0 +1,31 @@ +# HG changeset patch +# User Bob Relyea +# Date 1513864398 -3600 +# Thu Dec 21 14:53:18 2017 +0100 +# Node ID e577b1df8dabb31466cebad07fdbe0883290bede +# Parent 481de926f1fa18b7b62e80b59f28f2aef7ab3034 +Bug 1312142, Softoken still does not handle login state correctly for user db slots in FIPS mode, r=kaie + +diff --git a/lib/util/utilpars.c b/lib/util/utilpars.c +--- a/lib/util/utilpars.c ++++ b/lib/util/utilpars.c +@@ -589,6 +589,7 @@ struct nssutilArgSlotFlagTable { + } + static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = { + NSSUTIL_ARG_ENTRY(RSA, SECMOD_RSA_FLAG), ++ NSSUTIL_ARG_ENTRY(ECC, SECMOD_ECC_FLAG), + NSSUTIL_ARG_ENTRY(DSA, SECMOD_RSA_FLAG), + NSSUTIL_ARG_ENTRY(RC2, SECMOD_RC4_FLAG), + NSSUTIL_ARG_ENTRY(RC4, SECMOD_RC2_FLAG), +diff --git a/lib/util/utilparst.h b/lib/util/utilparst.h +--- a/lib/util/utilparst.h ++++ b/lib/util/utilparst.h +@@ -43,7 +43,7 @@ + #define NSSUTIL_DEFAULT_INTERNAL_INIT3 \ + " askpw=any timeout=30})\"" + #define NSSUTIL_DEFAULT_SFTKN_FLAGS \ +- "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]" ++ "slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]" + + #define NSSUTIL_DEFAULT_CIPHER_ORDER 0 + #define NSSUTIL_DEFAULT_TRUST_ORDER 50 diff --git a/SOURCES/nss-util-mozilla-ca-policy.patch b/SOURCES/nss-util-mozilla-ca-policy.patch deleted file mode 100644 index de662f2..0000000 --- a/SOURCES/nss-util-mozilla-ca-policy.patch +++ /dev/null @@ -1,20 +0,0 @@ -# HG changeset patch -# User Kai Engert -# Date 1486667455 -3600 -# Thu Feb 09 20:10:55 2017 +0100 -# Node ID 29858a467f45b3964c7403ab4e41daf5c5bc18ad -# Parent 867f6176020d098a5c069bf43f06ef5c68e4c3cd -Bug 1334976, use a new attribute in the builtins root CA list, to distinguish between Mozilla policy CAs and other CAs, code changes, r=rrelyea - -diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h ---- a/lib/util/pkcs11n.h -+++ b/lib/util/pkcs11n.h -@@ -93,6 +93,8 @@ - #define CKA_NSS_JPAKE_X2 (CKA_NSS + 32) - #define CKA_NSS_JPAKE_X2S (CKA_NSS + 33) - -+#define CKA_NSS_MOZILLA_CA_POLICY (CKA_NSS + 34) -+ - /* - * Trust attributes: - * diff --git a/SOURCES/nss-util-pkcs12.patch b/SOURCES/nss-util-pkcs12.patch deleted file mode 100644 index c5994b3..0000000 --- a/SOURCES/nss-util-pkcs12.patch +++ /dev/null @@ -1,45 +0,0 @@ -# HG changeset patch -# User Daiki Ueno -# Date 1481829086 -3600 -# Thu Dec 15 20:11:26 2016 +0100 -# Node ID 6d66c2c24e4d9d1ad12a7065c55ef1c9fe143057 -# Parent 35ecce23718136f99ca9537007481b4774c57e68 -Bug 1268143 - pk12util can't import PKCS#12 files with SHA-256 MAC, r=rrelyea - -diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h ---- a/lib/util/pkcs11n.h -+++ b/lib/util/pkcs11n.h -@@ -222,6 +222,12 @@ - #define CKM_NSS_CHACHA20_KEY_GEN (CKM_NSS + 27) - #define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 28) - -+/* Additional PKCS #12 PBE algorithms defined in v1.1 */ -+#define CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN (CKM_NSS + 29) -+#define CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN (CKM_NSS + 30) -+#define CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN (CKM_NSS + 31) -+#define CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN (CKM_NSS + 32) -+ - /* - * HISTORICAL: - * Do not attempt to use these. They are only used by NETSCAPE's internal -# HG changeset patch -# User Daiki Ueno -# Date 1485768835 -3600 -# Mon Jan 30 10:33:55 2017 +0100 -# Node ID 09d1a0757431fa52ae025138da654c698141971b -# Parent 806c3106536feea0827ec54729a52b5cbac8a496 -Bug 1268141 - pk12util can't import PKCS#12 files encrypted with AES-128-CBC, r=rrelyea - -diff --git a/lib/util/ciferfam.h b/lib/util/ciferfam.h ---- a/lib/util/ciferfam.h -+++ b/lib/util/ciferfam.h -@@ -52,6 +52,9 @@ - #define PKCS12_RC4_128 (CIPHER_FAMILYID_PKCS12 | 0012) - #define PKCS12_DES_56 (CIPHER_FAMILYID_PKCS12 | 0021) - #define PKCS12_DES_EDE3_168 (CIPHER_FAMILYID_PKCS12 | 0022) -+#define PKCS12_AES_CBC_128 (CIPHER_FAMILYID_PKCS12 | 0031) -+#define PKCS12_AES_CBC_192 (CIPHER_FAMILYID_PKCS12 | 0032) -+#define PKCS12_AES_CBC_256 (CIPHER_FAMILYID_PKCS12 | 0033) - - /* SMIME version numbers are negative, to avoid colliding with SSL versions */ - #define SMIME_LIBRARY_VERSION_1_0 -0x0100 diff --git a/SOURCES/nss-util-policy-double-newline.patch b/SOURCES/nss-util-policy-double-newline.patch deleted file mode 100644 index c627990..0000000 --- a/SOURCES/nss-util-policy-double-newline.patch +++ /dev/null @@ -1,68 +0,0 @@ -diff --git a/lib/util/utilmod.c b/lib/util/utilmod.c ---- a/lib/util/utilmod.c -+++ b/lib/util/utilmod.c -@@ -227,20 +227,25 @@ nssutil_ReadSecmodDB(const char *appName - * the following loop takes line separated config lines and collapses - * the lines to a single string, escaping and quoting as necessary. - */ - /* loop state variables */ - moduleString = NULL; /* current concatenated string */ - internal = PR_FALSE; /* is this an internal module */ - skipParams = PR_FALSE; /* did we find an override parameter block*/ - paramsValue = NULL; /* the current parameter block value */ -- while (fgets(line, sizeof(line), fd) != NULL) { -- int len = PORT_Strlen(line); -+ do { -+ int len; -+ -+ if (fgets(line, sizeof(line), fd) == NULL) { -+ goto endloop; -+ } - - /* remove the ending newline */ -+ len = PORT_Strlen(line); - if (len && line[len - 1] == '\n') { - len--; - line[len] = 0; - } - if (*line == '#') { - continue; - } - if (*line != 0) { -@@ -339,16 +344,17 @@ nssutil_ReadSecmodDB(const char *appName - } - } - continue; - } - if ((moduleString == NULL) || (*moduleString == 0)) { - continue; - } - -+ endloop: - /* - * if we are here, we have found a complete stanza. Now write out - * any param section we may have found. - */ - if (paramsValue) { - /* we had an override */ - if (!skipParams) { - moduleString = nssutil_DupnCat(moduleString, " parameters=", 12); -@@ -374,17 +380,17 @@ nssutil_ReadSecmodDB(const char *appName - moduleList[0] = moduleString; - } else { - moduleList[moduleCount] = moduleString; - moduleCount++; - } - moduleString = NULL; - internal = PR_FALSE; - skipParams = PR_FALSE; -- } -+ } while (!feof(fd)); - - if (moduleString) { - PORT_Free(moduleString); - moduleString = NULL; - } - done: - /* if we couldn't open a pkcs11 database, look for the old one */ - if (fd == NULL) { diff --git a/SPECS/nss-util.spec b/SPECS/nss-util.spec index 51c76ef..2bc4044 100644 --- a/SPECS/nss-util.spec +++ b/SPECS/nss-util.spec @@ -1,11 +1,11 @@ -%global nspr_version 4.13.1 +%global nspr_version 4.17.0 # adjust to the very latest build needed -%global nspr_build_version -1.0 +%global nspr_build_version -1 Summary: Network Security Services Utilities Library Name: nss-util -Version: 3.28.4 -Release: 3%{?dist} +Version: 3.34.0 +Release: 2%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -39,13 +39,8 @@ Patch7: pkcs1sig-include-prtypes.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089 Patch8: nss-util-3.19.1-tls12-mechanisms.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1334976 -Patch9: nss-util-mozilla-ca-policy.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1268143 -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1268141 -Patch10: nss-util-pkcs12.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1319856 -Patch11: nss-util-policy-double-newline.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1312142 +Patch9: nss-util-ecc-defaults.patch %description Utilities for Network Security Services and the Softoken module @@ -70,9 +65,7 @@ Header and library files for doing development with Network Security Services. %patch7 -p0 -b .include_prtypes %patch8 -p1 -b .tls12_mechs pushd nss -%patch9 -p1 -b .mozilla_ca_policy -%patch10 -p1 -b .pkcs12 -%patch11 -p1 -b .policy_double_newline +%patch9 -p1 -b .ecc_defaults popd @@ -224,6 +217,7 @@ done %{_includedir}/nss3/pkcs11p.h %{_includedir}/nss3/pkcs11t.h %{_includedir}/nss3/pkcs11u.h +%{_includedir}/nss3/pkcs11uri.h %{_includedir}/nss3/pkcs1sig.h %{_includedir}/nss3/portreg.h %{_includedir}/nss3/secasn1.h @@ -245,6 +239,18 @@ done %{_includedir}/nss3/templates/templates.c %changelog +* Tue Jan 16 2018 Daiki Ueno - 3.34.0-2 +- Recognize "ECC" flag in slotFlags + +* Thu Nov 23 2017 Daiki Ueno - 3.34.0-1 +- Rebase to nss-3.34 + +* Mon Oct 30 2017 Daiki Ueno - 3.34.0-0.1.beta1 +- Rebase to nss-3.34-beta1 + +* Fri Oct 6 2017 Daiki Ueno - 3.33.0-1 +- Rebase to nss-3.33 + * Mon May 15 2017 Daiki Ueno - 3.28.4-3 - Backport patch to allow empty line at the end of policy file