[nss/private-disableSSL2OnFedora] Update test patch to run more tests
Elio Maldonado
emaldonado at fedoraproject.org
Sat Jul 12 16:39:27 UTC 2014
commit 5b04337f7843a9a967398e2398ebd2cbb0ca704c
Author: Elio Maldonado <emaldona at redhat.com>
Date: Sat Jul 12 09:38:11 2014 -0700
Update test patch to run more tests
disable-sslv2-libssl.patch | 82 ++++++++++++++++++++++----------------------
nss.spec | 52 ++++++++++++++--------------
2 files changed, 67 insertions(+), 67 deletions(-)
---
diff --git a/disable-sslv2-libssl.patch b/disable-sslv2-libssl.patch
index a9bc128..4b18eb3 100644
--- a/disable-sslv2-libssl.patch
+++ b/disable-sslv2-libssl.patch
@@ -13,63 +13,63 @@ diff -up ./nss/lib/ssl/config.mk.disableSSL2 ./nss/lib/ssl/config.mk
DEFINES += -DNO_PKCS11_BYPASS
else
diff -up ./nss/lib/ssl/sslsock.c.disableSSL2 ./nss/lib/ssl/sslsock.c
---- ./nss/lib/ssl/sslsock.c.disableSSL2 2013-11-05 16:09:47.419727310 -0800
-+++ ./nss/lib/ssl/sslsock.c 2013-11-05 16:09:47.461727980 -0800
-@@ -639,6 +639,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
- break;
+--- ./nss/lib/ssl/sslsock.c.disableSSL2 2014-07-10 18:45:18.756370281 -0700
++++ ./nss/lib/ssl/sslsock.c 2014-07-10 18:47:55.956392803 -0700
+@@ -653,6 +653,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+ break;
case SSL_ENABLE_SSL2:
+#ifdef NSS_NO_SSL2
-+ if (on) {
-+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
-+ rv = SECFailure; /* not allowed */
-+ }
-+ break;
-+ ss->opt.enableSSL2 = on;
++if (on) {
++ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
++ rv = SECFailure; /* not allowed */
++ }
++ break;
++ ss->opt.enableSSL2 = on;
+#else
if (IS_DTLS(ss)) {
- if (on) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -650,6 +658,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
- if (on) {
- ss->opt.v2CompatibleHello = on;
- }
+ if (on) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+@@ -664,6 +672,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+ if (on) {
+ ss->opt.v2CompatibleHello = on;
+ }
+#endif
- ss->preferredCipher = NULL;
- if (ss->cipherSpecs) {
- PORT_Free(ss->cipherSpecs);
-@@ -671,6 +680,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
- break;
+ ss->preferredCipher = NULL;
+ if (ss->cipherSpecs) {
+ PORT_Free(ss->cipherSpecs);
+@@ -685,6 +694,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+ break;
case SSL_V2_COMPATIBLE_HELLO:
+#ifdef NSS_NO_SSL2
-+ if (on) {
-+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
-+ rv = SECFailure; /* not allowed */
-+ break;
-+ }
++ if (on) {
++ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
++ rv = SECFailure; /* not allowed */
++ break;
++ }
+#else
if (IS_DTLS(ss)) {
- if (on) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -678,6 +694,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
- }
- break;
- }
+ if (on) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+@@ -692,6 +708,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+ }
+ break;
+ }
+#endif
- ss->opt.v2CompatibleHello = on;
- if (!on) {
- ss->opt.enableSSL2 = on;
-@@ -1112,7 +1129,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt
+ ss->opt.v2CompatibleHello = on;
+ if (!on) {
+ ss->opt.enableSSL2 = on;
+@@ -1146,7 +1163,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt
if (ssl_IsRemovedCipherSuite(which)) {
- rv = SECSuccess;
+ rv = SECSuccess;
} else if (SSL_IS_SSL2_CIPHER(which)) {
+#ifdef NSS_NO_SSL2
-+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
-+ rv = SECFailure; /* not allowed */
++ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
++ rv = SECFailure; /* not allowed */
+#else
- rv = ssl2_SetPolicy(which, policy);
+ rv = ssl2_SetPolicy(which, policy);
+#endif
} else {
- rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
+ rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
}
diff --git a/nss.spec b/nss.spec
index 97fd054..27e903a 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,6 +1,6 @@
-%global nspr_version 4.10.5
-%global nss_util_version 3.16.1
-%global nss_softokn_version 3.16.1
+%global nspr_version 4.10.6
+%global nss_util_version 3.16.2
+%global nss_softokn_version 3.16.2
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
@@ -18,8 +18,8 @@
Summary: Network Security Services
Name: nss
-Version: 3.16.1
-Release: 2.1%{?dist}.ssl2disabled.1
+Version: 3.16.2
+Release: 2%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -82,8 +82,6 @@ Patch25: nsspem-use-system-freebl.patch
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
Patch47: utilwrap-include-templates.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=902171
-Patch48: nss-versus-softoken-tests.patch
# TODO remove when we switch to building nss without softoken
Patch49: nss-skip-bltest-and-fipstest.patch
# This patch uses the gcc-iquote dir option documented at
@@ -96,8 +94,6 @@ Patch50: iquote.patch
Patch51: disable-sslv2-libssl.patch
Patch52: disable-sslv2-tests.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1007126
-Patch70: manfixes.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -183,12 +179,10 @@ low level services.
%patch25 -p0 -b .systemfreebl
%patch40 -p0 -b .noocsptest
%patch47 -p0 -b .templates
-%patch48 -p0 -b .crypto
%patch49 -p0 -b .skipthem
%patch50 -p0 -b .iquote
%patch51 -p0 -b .disableSSL2
%patch52 -p0 -b .disableSSL2
-%patch70 -p0 -b .cleanup
#########################################################
# Higher-level libraries and test tools need access to
@@ -206,6 +200,16 @@ done
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
+##### Remove util/freebl/softoken and low level tools
+######## Remove freebl, softoken and util
+%{__rm} -rf ./nss/lib/freebl
+%{__rm} -rf ./nss/lib/softoken
+%{__rm} -rf ./nss/lib/util
+######## Remove nss-softokn test tools as we already ran
+# the cipher test suite as part of the nss-softokn build
+%{__rm} -rf ./nss/cmd/bltest
+%{__rm} -rf ./nss/cmd/fipstest
+%{__rm} -rf ./nss/cmd/rsaperf_low
%build
@@ -274,17 +278,6 @@ export USE_64
# uncomment if the iquote patch is activated
export IN_TREE_FREEBL_HEADERS_FIRST=1
-##### phase 1: remove util/freebl/softoken and low level tools
-#
-######## Remove freebl, softoken and util
-%{__rm} -rf ./mozilla/security/nss/lib/freebl
-%{__rm} -rf ./mozilla/security/nss/lib/softoken
-%{__rm} -rf ./mozilla/security/nss/lib/util
-######## Remove nss-softokn test tools
-%{__rm} -rf ./mozilla/security/nss/cmd/bltest
-%{__rm} -rf ./mozilla/security/nss/cmd/fipstest
-%{__rm} -rf ./mozilla/security/nss/cmd/rsaperf_low
-
##### phase 2: build the rest of nss
# nss supports pluggable ecc with more than suite-b
NSS_ECC_MORE_THAN_SUITE_B=1
@@ -436,7 +429,7 @@ pushd ./nss/tests/
# don't need to run all the tests when testing packaging
# nss_cycles: standard pkix upgradedb sharedb
-nss_tests="cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains"
+nss_tests="libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains"
# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
# nss_ssl_run: cov auth stress
#
@@ -769,11 +762,18 @@ fi
%changelog
-* Mon Jun 02 2014 Elio Maldonado <emaldona at redhat.com> - 3.16.1-2.1.ssl2disabled.1
+* Thu Jul 10 2014 Elio Maldonado <emaldona at redhat.com> -3.16.1-2
- rebuilt with ssl2 disabled
-* Mon Jun 02 2014 Elio Maldonado <emaldona at redhat.com> - 3.16.1-2.1.ssl2allowed.1
-- Add option to disable SSL2, SSL2 enabled by default
+* Sun Jun 29 2014 Elio Maldonado <emaldona at redhat.com> - 3.16.2-1
+- Update to nss-3.16.2
+
+* Sun Jun 15 2014 Elio Maldonado <emaldona at redhat.com> - 3.16.1-4
+- Remove unwanted source directories at end of %%prep so it truly does it
+- Skip the cipher suite already run as part of the nss-softokn build
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.16.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon May 12 2014 Jaromir Capik <jcapik at redhat.com> - 3.16.1-2
- Replacing ppc64 and ppc64le with the power64 macro
More information about the scm-commits
mailing list