[nss/f16] Update to NSS_3_13_3_RTM
Elio Maldonado
emaldonado at fedoraproject.org
Sat Mar 10 18:12:08 UTC 2012
commit f73805aa41880bbaad3a2f84955cb97a1b594ebf
Author: Elio Maldonado Batiz <emaldona at redhat.com>
Date: Sat Mar 10 10:11:16 2012 -0800
Update to NSS_3_13_3_RTM
- spec file cleanup: add references to upstream bugs
- spec file cleanup: fix typo in Summary for sysinit
- Pick up fixes from RHEL
- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync
- Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update
- Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections
- Remove obsolete patch bss-ckbi-188.rtm
...ble-to-contact-LDAP-Server-during-winsync.patch | 27 +
...-that-causes-openswan-to-drop-connections.patch | 15 +
...MQP-daemon-fails-to-load-after-nss-update.patch | 15 +
nss-ckbi-1.88.rtm.patch | 637 --------------------
nss.spec | 42 +-
5 files changed, 91 insertions(+), 645 deletions(-)
---
diff --git a/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch b/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
new file mode 100644
index 0000000..2a57ea7
--- /dev/null
+++ b/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
@@ -0,0 +1,27 @@
+diff -up ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 ./mozilla/security/nss/lib/nss/nssinit.c
+--- ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 2011-10-19 17:41:09.148204402 -0700
++++ ./mozilla/security/nss/lib/nss/nssinit.c 2011-10-19 17:42:32.354416861 -0700
+@@ -616,15 +616,19 @@ nss_Init(const char *configdir, const ch
+ passwordRequired = pk11_password_required;
+ }
+
+- /* we always try to initialize the modules */
+- rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
++ /* Skip the module init if we are already initted and we are trying
++ * to init with not noCertDB and noModDB */
++ if (!(isReallyInitted && noCertDB && noModDB)) {
++ /* we always try to initialize the modules */
++ rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
+ updateDir, updCertPrefix, updKeyPrefix, updateID,
+ updateName, configName, configStrings, passwordRequired,
+ readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
+ (initContextPtr != NULL));
+
+- if (rv != SECSuccess) {
+- goto loser;
++ if (rv != SECSuccess) {
++ goto loser;
++ }
+ }
+
+
diff --git a/Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch b/Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch
new file mode 100644
index 0000000..88b1004
--- /dev/null
+++ b/Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch
@@ -0,0 +1,15 @@
+diff -up ./mozilla/security/nss/lib/pk11wrap/pk11skey.c.800676 ./mozilla/security/nss/lib/pk11wrap/pk11skey.c
+--- ./mozilla/security/nss/lib/pk11wrap/pk11skey.c.800676 2012-03-07 18:29:16.679551532 -0800
++++ ./mozilla/security/nss/lib/pk11wrap/pk11skey.c 2012-03-07 18:29:42.338733488 -0800
+@@ -1664,7 +1664,10 @@ PK11_PubDerive(SECKEYPrivateKey *privKey
+
+ keyType = PK11_GetKeyType(target,keySize);
+ key_size = keySize;
+- symKey->size = keySize;
++ /* There's a bug in FreeBL where this size is treated as a max.
++ * if we are using softoken, Don't set that size value here, but
++ * set it to zero we we will query softoken for the size */
++ symKey->size = slot->isInternal ? 0 : keySize;
+ if (key_size == 0) templateCount--;
+
+ mechanism.mechanism = derive;
diff --git a/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch b/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
new file mode 100644
index 0000000..90a7b4a
--- /dev/null
+++ b/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
@@ -0,0 +1,15 @@
+diff -up ./mozilla/security/nss/lib/nss/nssinit.c.800682 ./mozilla/security/nss/lib/nss/nssinit.c
+--- ./mozilla/security/nss/lib/nss/nssinit.c.800682 2012-03-07 17:34:50.846174813 -0800
++++ ./mozilla/security/nss/lib/nss/nssinit.c 2012-03-07 17:36:12.545753433 -0800
+@@ -1151,6 +1151,11 @@ SECStatus
+ NSS_Shutdown(void)
+ {
+ SECStatus rv;
++ /* make sure our lock and condition variable are initialized one and only
++ * one time */
++ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
++ return SECFailure;
++ }
+ PZ_Lock(nssInitLock);
+
+ if (!nssIsInitted) {
diff --git a/nss.spec b/nss.spec
index 701b206..4b7c6a9 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,13 +1,13 @@
-%global nspr_version 4.8.9
-%global nss_util_version 3.13.1
+%global nspr_version 4.9
+%global nss_util_version 3.13.3
%global nss_softokn_fips_version 3.12.9
-%global nss_softokn_version 3.13.1
+%global nss_softokn_version 3.13.3
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
Summary: Network Security Services
Name: nss
-Version: 3.13.1
-Release: 11%{?dist}
+Version: 3.13.3
+Release: 1%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -63,15 +63,29 @@ Patch18: nss-646045.patch
Patch20: nsspem-createobject-initialize-pointer.patch
Patch21: 0001-libnsspem-rhbz-734760.patch
Patch22: nsspem-init-inform-not-thread-safe.patch
-Patch23: nss-ckbi-1.88.rtm.patch
# must statically link pem against the 3.12.x system freebl in the buildroot
Patch25: nsspem-use-system-freebl.patch
# don't compile the fipstest application
Patch26: nofipstest.patch
# include this patch in the upstream pem review
Patch28: nsspem-bz754771.patch
+# This patch is currently meant for current stable branches
Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
+
+# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
Patch30: bz784672-protect-against-calls-before-nss_init.patch
+# Fix gcc 4.7 c++ issue in secmodt.h
+# http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50917
+Patch31: nss-fix-gcc47-secmodt.patch
+
+# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734484
+Patch32: Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
+
+# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
+Patch33: Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
+
+# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734441
+Patch34: Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch
%description
@@ -98,7 +112,7 @@ Install the nss-tools package if you need command-line tools to
manipulate the NSS certificate and key database.
%package sysinit
-Summary: System NSS Initilization
+Summary: System NSS Initialization
Group: System Environment/Base
# providing nss-system-init without version so that it can
# be replaced by a better one, e.g. supplied by the os vendor
@@ -155,13 +169,16 @@ low level services.
%patch20 -p1 -b .717338
%patch21 -p1 -b .734760
%patch22 -p0 -b .736410
-%patch23 -p0 -b .ckbi188
# link pem against buildroot's 3.12 freebl
%patch25 -p0 -b .systemfreebl
%patch26 -p0 -b .nofipstest
%patch28 -p0 -b .754771
%patch29 -p0 -b .770682
%patch30 -p0 -b .784672
+%patch31 -p0 -b .gcc47
+%patch32 -p0 -b .800674
+%patch33 -p0 -b .800682
+%patch34 -p0 -b .800676
%build
@@ -576,6 +593,15 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
+* Sat Mar 10 2012 Elio Maldonado <emaldona at redhat.com> - 3.13.3-1
+- Update to NSS_3_13_3_RTM
+- spec file cleanup: add references to upstream bugs
+- spec file cleanup: fix typo in Summary for sysinit
+- Pick up fixes from RHEL
+- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync
+- Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update
+- Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections
+
* Thu Jan 26 2012 Elio Maldonado <emaldona at redhat.com> - 3.13.1-12
- Resolves: Bug 784672 - nss should protect against being called before nss_Init
More information about the scm-commits
mailing list