|
|
|
@ -1,16 +1,16 @@
|
|
|
|
|
%global nss_version 3.101.0
|
|
|
|
|
%global nspr_version 4.35.0
|
|
|
|
|
%global baserelease 10
|
|
|
|
|
%global nss_release %baserelease
|
|
|
|
|
# NOTE: To avoid NVR clashes of nspr* packages:
|
|
|
|
|
# - reset %%{nspr_release} to 1, when updating %%{nspr_version}
|
|
|
|
|
# - increment %%{nspr_version}, when updating the NSS part only
|
|
|
|
|
%global baserelease 13
|
|
|
|
|
%global nss_release %baserelease
|
|
|
|
|
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
|
|
|
|
|
# release number between nss and nspr are different.
|
|
|
|
|
# when a new nspr is released with nss, reset nspr_release to baserelease.
|
|
|
|
|
# for each new nss relase with the same nspr, change increment n by one.
|
|
|
|
|
%global nspr_release %[%baserelease+7]
|
|
|
|
|
%global nspr_release %[%baserelease+21]
|
|
|
|
|
# only need to update this as we added new
|
|
|
|
|
# algorithms under nss policy control
|
|
|
|
|
%global crypto_policies_version 20210118
|
|
|
|
|
%global crypto_policies_version 20240522
|
|
|
|
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
|
|
|
|
%global saved_files_dir %{_libdir}/nss/saved
|
|
|
|
|
%global dracutlibdir %{_prefix}/lib/dracut
|
|
|
|
@ -57,6 +57,8 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
|
|
|
|
string.gsub(rpm.expand("%nss_archive_version"), "%.", "_")))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
%global nss_nspr_archive nss-%{nss_archive_version}-with-nspr-%{nspr_archive_version}
|
|
|
|
|
|
|
|
|
|
# This is taken from gnutls.spec
|
|
|
|
|
%define srpmhash() %{lua:
|
|
|
|
|
local files = rpm.expand("%_specdir/nss.spec")
|
|
|
|
@ -76,7 +78,7 @@ Summary: Network Security Services
|
|
|
|
|
Name: nss
|
|
|
|
|
Version: %{nss_version}
|
|
|
|
|
Release: %{nss_release}%{?dist}
|
|
|
|
|
License: MPLv2.0
|
|
|
|
|
License: MPL-2.0
|
|
|
|
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
|
|
|
|
Requires: nspr >= %{nspr_version}
|
|
|
|
|
Requires: nss-util >= %{nss_version}
|
|
|
|
@ -84,7 +86,6 @@ Requires: nss-util >= %{nss_version}
|
|
|
|
|
Requires: nss-softokn%{_isa} >= %{nss_version}
|
|
|
|
|
Requires: nss-system-init
|
|
|
|
|
Requires: p11-kit-trust
|
|
|
|
|
Requires: /usr/bin/update-crypto-policies
|
|
|
|
|
Requires: crypto-policies >= %{crypto_policies_version}
|
|
|
|
|
# for shlibsign
|
|
|
|
|
BuildRequires: make
|
|
|
|
@ -97,7 +98,7 @@ BuildRequires: psmisc
|
|
|
|
|
BuildRequires: perl-interpreter
|
|
|
|
|
BuildRequires: gcc-c++
|
|
|
|
|
|
|
|
|
|
Source0: https://ftp.mozilla.org/pub/security/nss/releases/%{nss_release_tag}/src/%{name}-%{nss_archive_version}.tar.gz
|
|
|
|
|
Source0: https://ftp.mozilla.org/pub/security/nss/releases/%{nss_release_tag}/src/%{nss_nspr_archive}.tar.gz
|
|
|
|
|
Source1: nss-util.pc.in
|
|
|
|
|
Source2: nss-util-config.in
|
|
|
|
|
Source3: nss-softokn.pc.in
|
|
|
|
@ -117,22 +118,18 @@ Source15: system-pkcs11.txt
|
|
|
|
|
Source16: setup-nsssysinit.sh
|
|
|
|
|
Source20: nss-config.xml
|
|
|
|
|
Source21: setup-nsssysinit.xml
|
|
|
|
|
Source22: pkcs11.txt.xml
|
|
|
|
|
Source24: cert9.db.xml
|
|
|
|
|
Source26: key4.db.xml
|
|
|
|
|
%if %{with dbm}
|
|
|
|
|
Source23: cert8.db.xml
|
|
|
|
|
Source25: key3.db.xml
|
|
|
|
|
Source27: secmod.db.xml
|
|
|
|
|
%endif
|
|
|
|
|
Source22: pkcs11.txt.xml
|
|
|
|
|
Source24: cert9.db.xml
|
|
|
|
|
Source26: key4.db.xml
|
|
|
|
|
Source28: nss-p11-kit.config
|
|
|
|
|
# fips algorithms are tied to the red hat validation, others
|
|
|
|
|
# will have their own validation
|
|
|
|
|
Source30: fips_algorithms.h
|
|
|
|
|
|
|
|
|
|
#Source50: NameConstraints_Certs.tar
|
|
|
|
|
|
|
|
|
|
Source100: nspr-%{nspr_archive_version}.tar.gz
|
|
|
|
|
Source101: nspr-config.xml
|
|
|
|
|
|
|
|
|
|
# This patch uses the GCC -iquote option documented at
|
|
|
|
@ -145,22 +142,19 @@ Source101: nspr-config.xml
|
|
|
|
|
# changes.
|
|
|
|
|
#
|
|
|
|
|
# Once the buildroot has been bootstrapped the patch may be removed
|
|
|
|
|
# but it doesn't hurt to keep it
|
|
|
|
|
# but it doesn't hurt to keep it.
|
|
|
|
|
Patch4: iquote.patch
|
|
|
|
|
Patch12: nss-signtool-format.patch
|
|
|
|
|
Patch20: nss-3.101-extend-db-dump-time.patch
|
|
|
|
|
Patch21: nss-3.101-enable-sdb-tests.patch
|
|
|
|
|
|
|
|
|
|
# connect our shared library to the build root loader flags (needed for -relro)
|
|
|
|
|
Patch31: nss-dso-ldflags.patch
|
|
|
|
|
# keep RHEL 8 semantics of disabling md4 and md5 even if the env variable is set
|
|
|
|
|
Patch32: nss-3.101-disable-md5.patch
|
|
|
|
|
# dbm is disabled on RHEL9, make the man pages reflect that
|
|
|
|
|
%if %{with dbm}
|
|
|
|
|
%else
|
|
|
|
|
# rhel10 disabled dbm by default
|
|
|
|
|
Patch33: nss-no-dbm-man-page.patch
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
# not upstreamable patch...
|
|
|
|
|
# WARNING: Need to make this patch work before checking!!! $$$$@@@
|
|
|
|
|
Patch34: nss-3.71-fix-lto-gtests.patch
|
|
|
|
|
# camellia pkcs12 docs.
|
|
|
|
|
Patch35: nss-3.71-camellia-pkcs12-doc.patch
|
|
|
|
@ -175,8 +169,6 @@ Patch50: nss-3.79-fips.patch
|
|
|
|
|
Patch51: nss-3.101-fips-review.patches
|
|
|
|
|
Patch52: nss-3.90-pbkdf2-indicator.patch
|
|
|
|
|
Patch53: nss-3.101-skip-ocsp-if-not-connected.patch
|
|
|
|
|
# dont upstream, must be after patch53 (sigh)
|
|
|
|
|
Patch54: nss-3.101-revert-libpkix-default.patch
|
|
|
|
|
|
|
|
|
|
# ems policy. needs to upstream
|
|
|
|
|
Patch60: nss-3.101-add-ems-policy.patch
|
|
|
|
@ -189,8 +181,6 @@ Patch75: nss-3.90-ppc_no_init.patch
|
|
|
|
|
Patch76: nss-3.101-enable-kyber-policy.patch
|
|
|
|
|
Patch77: nss-3.101-fix-rsa-policy-test.patch
|
|
|
|
|
Patch78: nss-3.101-fix-pkcs12-md5-decode.patch
|
|
|
|
|
Patch79: nss-3.101-el9-restore-old-pkcs12-default.patch
|
|
|
|
|
Patch80: nss-3.101-no-p12-smime-policy.patch
|
|
|
|
|
Patch81: nss-3.101-fix-missing-size-checks.patch
|
|
|
|
|
# https://bugzilla.mozilla.org/show_bug.cgi?id=1905691
|
|
|
|
|
Patch82: nss-3.101-chacha-timing-fix.patch
|
|
|
|
@ -199,20 +189,25 @@ Patch84: nss-3.101-fix-pkcs12-pbkdf1-encoding.patch
|
|
|
|
|
# https://bugzilla.mozilla.org/show_bug.cgi?id=676100
|
|
|
|
|
Patch85: nss-3.101-fix-cms-abi-break.patch
|
|
|
|
|
Patch86: nss-3.101-long-pwd-fix.patch
|
|
|
|
|
Patch87: nss-3.101-fix-shlibsign-fips.patch
|
|
|
|
|
Patch88: nss-3.101-fips-check-ec25519-size.patch
|
|
|
|
|
Patch89: nss-3.101-allow-fips-rsa-oaep.patch
|
|
|
|
|
Patch87: nss-3.101-fix-cavs-test.patch
|
|
|
|
|
Patch88: nss-3.101-fix-shlibsign-fips.patch
|
|
|
|
|
Patch89: nss-3.101-fips-check-ec25519-size.patch
|
|
|
|
|
|
|
|
|
|
Patch100: nspr-config-pc.patch
|
|
|
|
|
Patch101: nspr-gcc-atomics.patch
|
|
|
|
|
# https://bugzilla.mozilla.org/show_bug.cgi?id=1769293
|
|
|
|
|
Patch110: nspr-4.34-fix-coverity-loop-issue.patch
|
|
|
|
|
Patch120: nspr-4.34-server-passive.patch
|
|
|
|
|
# RHEL-10 specific
|
|
|
|
|
Patch90: nss-3.101-disable_dsa.patch
|
|
|
|
|
Patch91: nss-3.101-replace-xyber_with-mlkem.patch
|
|
|
|
|
|
|
|
|
|
# Allow rsa-oaep in fips mode
|
|
|
|
|
Patch95: nss-3.101-allow-fips-rsa-oaep.patch
|
|
|
|
|
|
|
|
|
|
# NSS reverse patches
|
|
|
|
|
Patch300: nss-3.79-distrusted-certs.patch
|
|
|
|
|
|
|
|
|
|
Patch100: nspr-config-pc.patch
|
|
|
|
|
Patch101: nspr-gcc-atomics.patch
|
|
|
|
|
# https://bugzilla.mozilla.org/show_bug.cgi?id=1769293
|
|
|
|
|
Patch110: nspr-4.34-fix-coverity-loop-issue.patch
|
|
|
|
|
Patch120: nspr-4.34-server-passive.patch
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
Network Security Services (NSS) is a set of libraries designed to
|
|
|
|
@ -223,7 +218,7 @@ v3 certificates, and other security standards.
|
|
|
|
|
|
|
|
|
|
%package tools
|
|
|
|
|
Summary: Tools for the Network Security Services
|
|
|
|
|
Requires: %{name}%{?_isa} = %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Requires: %{name}%{?_isa} = %{nss_version}-%{release}
|
|
|
|
|
|
|
|
|
|
%description tools
|
|
|
|
|
Network Security Services (NSS) is a set of libraries designed to
|
|
|
|
@ -240,7 +235,7 @@ Summary: System NSS Initialization
|
|
|
|
|
# providing nss-system-init without version so that it can
|
|
|
|
|
# be replaced by a better one, e.g. supplied by the os vendor
|
|
|
|
|
Provides: nss-system-init
|
|
|
|
|
Requires: nss%{?_isa} = %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Requires: nss%{?_isa} = %{nss_version}-%{release}
|
|
|
|
|
Requires(post): coreutils, sed
|
|
|
|
|
|
|
|
|
|
%description sysinit
|
|
|
|
@ -251,8 +246,8 @@ any system or user configured modules.
|
|
|
|
|
|
|
|
|
|
%package devel
|
|
|
|
|
Summary: Development libraries for Network Security Services
|
|
|
|
|
Provides: nss-static = %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Requires: nss%{?_isa} = %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Provides: nss-static = %{nss_version}-%{release}
|
|
|
|
|
Requires: nss%{?_isa} = %{nss_version}-%{release}
|
|
|
|
|
Requires: nss-util-devel
|
|
|
|
|
Requires: nss-softokn-devel
|
|
|
|
|
Requires: nspr-devel >= %{nspr_version}
|
|
|
|
@ -265,9 +260,9 @@ Header and Library files for doing development with Network Security Services.
|
|
|
|
|
|
|
|
|
|
%package pkcs11-devel
|
|
|
|
|
Summary: Development libraries for PKCS #11 (Cryptoki) using NSS
|
|
|
|
|
Provides: nss-pkcs11-devel-static = %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Requires: nss-devel = %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Requires: nss-softokn-freebl-devel = %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Provides: nss-pkcs11-devel-static = %{nss_version}-%{release}
|
|
|
|
|
Requires: nss-devel = %{nss_version}-%{release}
|
|
|
|
|
Requires: nss-softokn-freebl-devel = %{nss_version}-%{release}
|
|
|
|
|
|
|
|
|
|
%description pkcs11-devel
|
|
|
|
|
Library files for developing PKCS #11 modules using basic NSS
|
|
|
|
@ -283,7 +278,7 @@ Utilities for Network Security Services and the Softoken module
|
|
|
|
|
|
|
|
|
|
%package util-devel
|
|
|
|
|
Summary: Development libraries for Network Security Services Utilities
|
|
|
|
|
Requires: nss-util%{?_isa} = %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Requires: nss-util%{?_isa} = %{nss_version}-%{release}
|
|
|
|
|
Requires: nspr-devel >= %{nspr_version}
|
|
|
|
|
Requires: pkgconfig
|
|
|
|
|
|
|
|
|
@ -294,8 +289,8 @@ Header and library files for doing development with Network Security Services.
|
|
|
|
|
%package softokn
|
|
|
|
|
Summary: Network Security Services Softoken Module
|
|
|
|
|
Requires: nspr >= %{nspr_version}
|
|
|
|
|
Requires: nss-util >= %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Requires: nss-softokn-freebl%{_isa} >= %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Requires: nss-util >= %{nss_version}-%{release}
|
|
|
|
|
Requires: nss-softokn-freebl%{_isa} >= %{nss_version}-%{release}
|
|
|
|
|
|
|
|
|
|
%description softokn
|
|
|
|
|
Network Security Services Softoken Cryptographic Module
|
|
|
|
@ -316,8 +311,8 @@ Install the nss-softokn-freebl package if you need the freebl library.
|
|
|
|
|
|
|
|
|
|
%package softokn-freebl-devel
|
|
|
|
|
Summary: Header and Library files for doing development with the Freebl library for NSS
|
|
|
|
|
Provides: nss-softokn-freebl-static = %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Requires: nss-softokn-freebl%{?_isa} = %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Provides: nss-softokn-freebl-static = %{nss_version}-%{release}
|
|
|
|
|
Requires: nss-softokn-freebl%{?_isa} = %{nss_version}-%{release}
|
|
|
|
|
|
|
|
|
|
%description softokn-freebl-devel
|
|
|
|
|
NSS Softoken Cryptographic Module Freebl Library Development Tools
|
|
|
|
@ -328,10 +323,10 @@ Developers should rely only on the officially supported NSS public API.
|
|
|
|
|
|
|
|
|
|
%package softokn-devel
|
|
|
|
|
Summary: Development libraries for Network Security Services
|
|
|
|
|
Requires: nss-softokn%{?_isa} = %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Requires: nss-softokn-freebl-devel%{?_isa} = %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Requires: nss-softokn%{?_isa} = %{nss_version}-%{release}
|
|
|
|
|
Requires: nss-softokn-freebl-devel%{?_isa} = %{nss_version}-%{release}
|
|
|
|
|
Requires: nspr-devel >= %{nspr_version}
|
|
|
|
|
Requires: nss-util-devel >= %{nss_version}-%{nss_release}%{dist}
|
|
|
|
|
Requires: nss-util-devel >= %{nss_version}-%{release}
|
|
|
|
|
Requires: pkgconfig
|
|
|
|
|
|
|
|
|
|
%description softokn-devel
|
|
|
|
@ -341,7 +336,7 @@ Header and library files for doing development with Network Security Services.
|
|
|
|
|
Summary: Netscape Portable Runtime
|
|
|
|
|
Version: %{nspr_version}
|
|
|
|
|
Release: %{nspr_release}%{?dist}
|
|
|
|
|
License: MPLv2.0
|
|
|
|
|
License: MPL-2.0
|
|
|
|
|
URL: http://www.mozilla.org/projects/nspr/
|
|
|
|
|
Conflicts: filesystem < 3
|
|
|
|
|
BuildRequires: gcc
|
|
|
|
@ -364,12 +359,8 @@ Conflicts: filesystem < 3
|
|
|
|
|
%description -n nspr-devel
|
|
|
|
|
Header files for doing development with the Netscape Portable Runtime.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
|
%setup -q -T -b 100 -n nspr-%{nspr_archive_version}
|
|
|
|
|
|
|
|
|
|
%setup -q -T -b 0 -n %{name}-%{nss_archive_version}
|
|
|
|
|
mv ../nspr-%{nspr_archive_version}/nspr .
|
|
|
|
|
cp ./nspr/config/nspr-config.in ./nspr/config/nspr-config-pc.in
|
|
|
|
|
|
|
|
|
|
%patch -P 100 -p0 -b .flags
|
|
|
|
@ -377,10 +368,8 @@ pushd nspr
|
|
|
|
|
%autopatch -p 1 -m 101 -M 299
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pushd nss
|
|
|
|
|
%autopatch -p1 -M 99
|
|
|
|
|
#%%patch -P 400 -p1 -b .backup
|
|
|
|
|
# sigh it would be nice if autopatch supported -R
|
|
|
|
|
%patch -P 300 -R -p 1
|
|
|
|
|
popd
|
|
|
|
@ -390,11 +379,6 @@ popd
|
|
|
|
|
# each vendors claim in their own FIPS certification
|
|
|
|
|
cp %{SOURCE30} nss/lib/softoken/
|
|
|
|
|
|
|
|
|
|
#update expired test certs
|
|
|
|
|
#pushd nss
|
|
|
|
|
#tar xvf %{SOURCE50}
|
|
|
|
|
#popd
|
|
|
|
|
|
|
|
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1247353
|
|
|
|
|
find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
|
|
|
|
|
|
|
|
|
@ -407,8 +391,6 @@ find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
|
|
|
|
|
# adjustment in the NSS build process.
|
|
|
|
|
mkdir -p nspr_build
|
|
|
|
|
pushd nspr_build
|
|
|
|
|
export LDFLAGS="$RPM_LD_FLAGS"
|
|
|
|
|
export CFLAGS="$RPM_OPT_FLAGS"
|
|
|
|
|
../nspr/configure \
|
|
|
|
|
--prefix=%{_prefix} \
|
|
|
|
|
--libdir=%{_libdir} \
|
|
|
|
@ -429,7 +411,7 @@ export CFLAGS="$RPM_OPT_FLAGS"
|
|
|
|
|
%ifarch i686 x86_64
|
|
|
|
|
sed -i '/^PR_MD_ASFILES/d' config/autoconf.mk
|
|
|
|
|
%endif
|
|
|
|
|
make
|
|
|
|
|
%{make_build}
|
|
|
|
|
|
|
|
|
|
date +"%e %B %Y" | tr -d '\n' > date.xml
|
|
|
|
|
echo -n %{nspr_version} > version.xml
|
|
|
|
@ -458,6 +440,10 @@ popd
|
|
|
|
|
# uncomment if the iquote patch is activated
|
|
|
|
|
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
|
|
|
|
|
|
|
|
|
# deprication
|
|
|
|
|
export NSS_DISABLE_DEPRECATED_SEED=1
|
|
|
|
|
export NSS_DISABLE_DSA=1
|
|
|
|
|
|
|
|
|
|
# FIPS related defines
|
|
|
|
|
export NSS_FORCE_FIPS=1
|
|
|
|
|
export NSS_FIPS_VERSION="%{name}\ %{nss_version}-%{srpmhash}"
|
|
|
|
@ -487,6 +473,8 @@ export XCFLAGS="$XCFLAGS -Wno-error=maybe-uninitialized"
|
|
|
|
|
# Similarly, but for gcc-11
|
|
|
|
|
export XCFLAGS="$XCFLAGS -Wno-array-parameter"
|
|
|
|
|
|
|
|
|
|
export LDFLAGS=$RPM_LD_FLAGS
|
|
|
|
|
|
|
|
|
|
export DSO_LDFLAGS=$RPM_LD_FLAGS
|
|
|
|
|
|
|
|
|
|
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
|
|
|
|
@ -518,8 +506,9 @@ export POLICY_FILE="nss.config"
|
|
|
|
|
# location of the policy file
|
|
|
|
|
export POLICY_PATH="/etc/crypto-policies/back-ends"
|
|
|
|
|
|
|
|
|
|
%{__make} -C ./nss all
|
|
|
|
|
%{__make} -C ./nss latest
|
|
|
|
|
|
|
|
|
|
%{make_build} -C ./nss all
|
|
|
|
|
%{make_build} -C ./nss latest
|
|
|
|
|
|
|
|
|
|
# build the man pages clean
|
|
|
|
|
pushd ./nss
|
|
|
|
@ -614,22 +603,20 @@ date +"%e %B %Y" | tr -d '\n' > date.xml
|
|
|
|
|
echo -n %{nss_version} > version.xml
|
|
|
|
|
|
|
|
|
|
# configuration files and setup script
|
|
|
|
|
for m in %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE24} %{SOURCE26}; do
|
|
|
|
|
cp ${m} .
|
|
|
|
|
done
|
|
|
|
|
for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml cert9.db.xml key4.db.xml; do
|
|
|
|
|
xmlto man ${m}
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
%if %{with dbm}
|
|
|
|
|
# nss dbm databases
|
|
|
|
|
for m in %{SOURCE23} %{SOURCE25} %{SOURCE27}; do
|
|
|
|
|
%global XMLSOURCES %{SOURCE23} %{SOURCE24} %{SOURCE25} %{SOURCE26} %{SOURCE27}
|
|
|
|
|
%global dbfiles cert8.db key3.db secmod.db cert9.db key4.db pkcs11.txt
|
|
|
|
|
%else
|
|
|
|
|
%global XMLSOURCES %{SOURCE22} %{SOURCE24} %{SOURCE26}
|
|
|
|
|
%global dbfiles cert9.db key4.db pkcs11.txt
|
|
|
|
|
%endif
|
|
|
|
|
for m in %{SOURCE20} %{SOURCE21} %{XMLSOURCES}; do
|
|
|
|
|
cp ${m} .
|
|
|
|
|
done
|
|
|
|
|
for m in cert8.db.xml key3.db.xml secmod.db.xml; do
|
|
|
|
|
xmlto man ${m}
|
|
|
|
|
%global configFiles nss-config setup-nsssysinit
|
|
|
|
|
for m in %{configFiles} %{dbfiles}; do
|
|
|
|
|
xmlto man ${m}.xml
|
|
|
|
|
done
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%check
|
|
|
|
@ -653,6 +640,9 @@ popd
|
|
|
|
|
export FREEBL_NO_DEPEND=1
|
|
|
|
|
|
|
|
|
|
export BUILD_OPT=1
|
|
|
|
|
export NSS_DISABLE_PPC_GHASH=1
|
|
|
|
|
export NSS_DISABLE_DEPRECATED_SEED=1
|
|
|
|
|
export NSS_DISABLE_DSA=1
|
|
|
|
|
|
|
|
|
|
%ifnarch noarch
|
|
|
|
|
%if 0%{__isa_bits} == 64
|
|
|
|
@ -675,10 +665,6 @@ done
|
|
|
|
|
# disabled by the system policy.
|
|
|
|
|
export NSS_IGNORE_SYSTEM_POLICY=1
|
|
|
|
|
|
|
|
|
|
%ifarch i686 ppcle64
|
|
|
|
|
export NSS_DB_DUMP_TIME=10
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
# enable the following line to force a test failure
|
|
|
|
|
# find ./nss -name \*.chk | xargs rm -f
|
|
|
|
|
|
|
|
|
@ -789,7 +775,6 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{saved_files_dir}
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{dracut_modules_dir}
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{dracut_conf_dir}
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
|
|
|
|
|
%if %{defined rhel}
|
|
|
|
|
# not needed for rhel and its derivatives only fedora
|
|
|
|
|
%else
|
|
|
|
@ -878,11 +863,11 @@ install -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir
|
|
|
|
|
ln -r -s -f $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit
|
|
|
|
|
|
|
|
|
|
# Copy the man pages for scripts
|
|
|
|
|
for f in nss-config setup-nsssysinit; do
|
|
|
|
|
for f in %{configFiles}; do
|
|
|
|
|
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
|
|
|
|
done
|
|
|
|
|
# Copy the man pages for the nss tools
|
|
|
|
|
for f in certutil cmsutil crlutil derdump modutil nss-policy-check pk12util signtool signver ssltap vfychain vfyserv; do
|
|
|
|
|
for f in certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv; do
|
|
|
|
|
install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
|
|
|
|
done
|
|
|
|
|
%if %{defined rhel}
|
|
|
|
@ -891,19 +876,10 @@ install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_mandir}/man1/pp.1
|
|
|
|
|
install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_datadir}/doc/nss-tools/pp.1
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
# Copy the man pages for the configuration files
|
|
|
|
|
for f in pkcs11.txt cert9.db key4.db; do
|
|
|
|
|
# Copy the man pages for the nss databases
|
|
|
|
|
for f in %{dbfiles}; do
|
|
|
|
|
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
|
|
|
|
|
done
|
|
|
|
|
# Copy the man pages for the nss dbm databases
|
|
|
|
|
%if %{with dbm}
|
|
|
|
|
for f in cert8.db key3.db secmod.db; do
|
|
|
|
|
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
|
|
|
|
|
done
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
# Copy the crypto-policies configuration file
|
|
|
|
|
install -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
|
|
|
|
|
|
|
|
|
|
%triggerpostun -n nss-sysinit -- nss-sysinit < 3.12.8-3
|
|
|
|
|
# Reverse unwanted disabling of sysinit by faulty preun sysinit scriplet
|
|
|
|
@ -924,9 +900,6 @@ if test $1 -eq 2; then
|
|
|
|
|
fi
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%posttrans
|
|
|
|
|
update-crypto-policies &> /dev/null || :
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
|
%{!?_licensedir:%global license %%doc}
|
|
|
|
@ -943,7 +916,6 @@ update-crypto-policies &> /dev/null || :
|
|
|
|
|
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
|
|
|
|
|
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
|
|
|
|
|
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
|
|
|
|
|
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/crypto-policies/local.d/nss-p11-kit.config
|
|
|
|
|
%if %{with dbm}
|
|
|
|
|
%doc %{_mandir}/man5/cert8.db.5*
|
|
|
|
|
%doc %{_mandir}/man5/key3.db.5*
|
|
|
|
@ -989,7 +961,6 @@ update-crypto-policies &> /dev/null || :
|
|
|
|
|
%doc %{_mandir}/man1/cmsutil.1*
|
|
|
|
|
%doc %{_mandir}/man1/crlutil.1*
|
|
|
|
|
%doc %{_mandir}/man1/modutil.1*
|
|
|
|
|
%doc %{_mandir}/man1/nss-policy-check.1*
|
|
|
|
|
%doc %{_mandir}/man1/pk12util.1*
|
|
|
|
|
%doc %{_mandir}/man1/signver.1*
|
|
|
|
|
# unsupported tools
|
|
|
|
@ -1092,8 +1063,8 @@ update-crypto-policies &> /dev/null || :
|
|
|
|
|
%{_includedir}/nss3/base64.h
|
|
|
|
|
%{_includedir}/nss3/ciferfam.h
|
|
|
|
|
%{_includedir}/nss3/eccutil.h
|
|
|
|
|
%{_includedir}/nss3/hasht.h
|
|
|
|
|
%{_includedir}/nss3/kyber.h
|
|
|
|
|
%{_includedir}/nss3/hasht.h
|
|
|
|
|
%{_includedir}/nss3/nssb64.h
|
|
|
|
|
%{_includedir}/nss3/nssb64t.h
|
|
|
|
|
%{_includedir}/nss3/nsshash.h
|
|
|
|
@ -1203,16 +1174,27 @@ update-crypto-policies &> /dev/null || :
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
|
* Mon Nov 11 2024 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.101.0-10
|
|
|
|
|
* Mon Nov 18 2024 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.101.0-13
|
|
|
|
|
- fix the "Allow RSA-OAEP in FIPS mode" patch for the declaration after switch statement
|
|
|
|
|
- fix changelog message for 3.101.0-11
|
|
|
|
|
|
|
|
|
|
* Mon Nov 11 2024 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.101.0-12
|
|
|
|
|
- Allow RSA-OAEP in FIPS mode
|
|
|
|
|
|
|
|
|
|
* Mon Nov 11 2024 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.101.0-9
|
|
|
|
|
* Mon Nov 11 2024 Frantisek Krenzelok <fkrenzel@redhat.com> - 3.101.0-11
|
|
|
|
|
- Add SEC_OID_CURVE25519 to FIPS checks.
|
|
|
|
|
- This will mark algorithms using it as FIPS unapproved.
|
|
|
|
|
- This will mark algorithm using it as FIPS unapproved.
|
|
|
|
|
|
|
|
|
|
* Mon Nov 4 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-10
|
|
|
|
|
- remove dbm references in pkconfig
|
|
|
|
|
|
|
|
|
|
* Mon Nov 4 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-8
|
|
|
|
|
- fix shlibsign in FIPS mode
|
|
|
|
|
- remove dbm from pkgconfig
|
|
|
|
|
* Fri Nov 1 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-9
|
|
|
|
|
- Add ml-kem support and remove xyber support
|
|
|
|
|
- Fix shlibsign when the system is in FIPS mode
|
|
|
|
|
|
|
|
|
|
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.101.0-8
|
|
|
|
|
- Bump release for October 2024 mass rebuild:
|
|
|
|
|
Resolves: RHEL-64018
|
|
|
|
|
|
|
|
|
|
* Wed Sep 4 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-7
|
|
|
|
|
- fix cms abi breakage
|
|
|
|
@ -1222,187 +1204,159 @@ update-crypto-policies &> /dev/null || :
|
|
|
|
|
- fix param encoding in pkcs12 pbamac encoding
|
|
|
|
|
- add support for certificate compression in selfserv and tstclient
|
|
|
|
|
|
|
|
|
|
* Wed Jul 24 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-3
|
|
|
|
|
* Wed Jul 24 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-5
|
|
|
|
|
- Fix missing and inaccurate key length checks
|
|
|
|
|
- Fix chacha timing issue
|
|
|
|
|
|
|
|
|
|
* Tue Jul 16 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-2
|
|
|
|
|
* Thu Jul 18 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-4
|
|
|
|
|
- Fix MD-5 decode issue in pkcs #12
|
|
|
|
|
- turn off policy processing for pkcs12 and smime
|
|
|
|
|
- restore the rhel9 pkcs12 defaults for pk12util
|
|
|
|
|
|
|
|
|
|
* Tue Jun 11 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-1
|
|
|
|
|
- Rebase to NSS 3.101
|
|
|
|
|
- restore ppc init support
|
|
|
|
|
* Mon Jul 15 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-3
|
|
|
|
|
- Add FIPS 140-3 defines to sec file
|
|
|
|
|
|
|
|
|
|
* Wed Apr 10 2024 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-7
|
|
|
|
|
- Allow for shorter ecdsa signatures by padding them to full length
|
|
|
|
|
* Fri Jul 12 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-2
|
|
|
|
|
- Fix spec to deal with annocheck failures
|
|
|
|
|
|
|
|
|
|
* Tue Jan 23 2024 Bob Relyea <rrelyea@redhat.com> - 3.90.0-6
|
|
|
|
|
- Fix ecc DER wrapping.
|
|
|
|
|
* Tue Jun 25 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-1
|
|
|
|
|
- Update NSS to 3.101.0
|
|
|
|
|
- Pick up RHEL FIPS and other patches
|
|
|
|
|
- Turn off SEED and DSA
|
|
|
|
|
|
|
|
|
|
* Tue Jan 9 2024 Bob Relyea <rrelyea@redhat.com> - 3.90.0-5
|
|
|
|
|
- Pick up validated constant time implementations of p256, p384, and p521
|
|
|
|
|
from upsream
|
|
|
|
|
- More Fips indicator changes
|
|
|
|
|
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.97.0-2
|
|
|
|
|
- Bump release for June 2024 mass rebuild
|
|
|
|
|
|
|
|
|
|
* Wed Nov 22 2023 Bob Relyea <rrelyea@redhat.com> - 3.90.0-4
|
|
|
|
|
- FIPS review changes
|
|
|
|
|
- add PORT_SafeZero to avoid compiler optimizing a way zeroing memory.
|
|
|
|
|
- update the indicators for this release
|
|
|
|
|
- allow hashing of longer than int32 values in a single PKCS #11 call.
|
|
|
|
|
* Sun Jan 28 2024 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.97.0-1
|
|
|
|
|
- Update NSS to 3.97.0
|
|
|
|
|
|
|
|
|
|
* Tue Nov 21 2023 Bob Relyea <rrelyea@redhat.com> - 3.90.0-3.3
|
|
|
|
|
- Fix expired certs in tests
|
|
|
|
|
- Fix CVE-2023-5388
|
|
|
|
|
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.96.1-3
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Fri Aug 4 2023 Bob Relyea <rrelyea@redhat.com> - 3.90.0-3
|
|
|
|
|
- add indicator for pbkdf
|
|
|
|
|
- fix ems policy bug
|
|
|
|
|
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.96.1-2
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Thu Jun 29 2023 frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-2
|
|
|
|
|
- fix release number
|
|
|
|
|
* Thu Dec 21 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.96.1-1
|
|
|
|
|
- Update NSS to 3.96.1
|
|
|
|
|
|
|
|
|
|
* Wed Jun 28 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-1
|
|
|
|
|
- fix missing dist tag in packages version
|
|
|
|
|
- move from deprecate %%patch format
|
|
|
|
|
* Mon Nov 27 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.95.0-1
|
|
|
|
|
- Update NSS to 3.95.0
|
|
|
|
|
|
|
|
|
|
* Mon Jun 12 2023 Bob Relyea <rrelyea@redhat.com> - 3.90.0-1
|
|
|
|
|
- Rebase to NSS-3.90
|
|
|
|
|
- Rebase to NSPR-3.35
|
|
|
|
|
- fix incorrect version values in the NSS spec file for FIPS
|
|
|
|
|
* Wed Oct 25 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.94.0-2
|
|
|
|
|
- revert HACL 256 code to fix binary compatibility issue.
|
|
|
|
|
|
|
|
|
|
* Fri Mar 17 2023 Bob Relyea <rrelyea@redhat.com> - 3.79.0-18
|
|
|
|
|
- fix memory leak, add generator test in FIPS mode.
|
|
|
|
|
* Wed Oct 4 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.94.0-1
|
|
|
|
|
- Update NSS to 3.94.0
|
|
|
|
|
|
|
|
|
|
* Thu Mar 16 2023 Bob Relyea <rrelyea@redhat.com> - 3.79.0-17
|
|
|
|
|
- fix consistency return errors. We shouldn't lock the FIPS
|
|
|
|
|
token if the application asked for invalid DH parameters on
|
|
|
|
|
on keygen.
|
|
|
|
|
* Thu Sep 07 2023 Bob Relyea <rrelyea@redhat.com> - 3.93.0-2
|
|
|
|
|
- Update License field to SPDX.
|
|
|
|
|
|
|
|
|
|
* Mon Mar 13 2023 Bob Relyea <rrelyea@redhat.com> - 3.79.0-16
|
|
|
|
|
- Add check for RSA PSS Salt required by FIPS
|
|
|
|
|
- Update fips_algorithms.sh according to the review.
|
|
|
|
|
* Thu Aug 31 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.93.0-1
|
|
|
|
|
- Update NSS to 3.93.0
|
|
|
|
|
|
|
|
|
|
* Thu Mar 2 2023 Bob Relyea <rrelyea@redhat.com> - 3.79.0-15
|
|
|
|
|
- Fix CVE-2023-0767
|
|
|
|
|
* Tue Aug 1 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.92.0-1
|
|
|
|
|
- Update NSS to 3.92.0
|
|
|
|
|
|
|
|
|
|
* Wed Aug 24 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-14
|
|
|
|
|
- Update fips_algorithms.h to match the final FIPS requirements
|
|
|
|
|
- Disable delegated credentials
|
|
|
|
|
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.91.0-2
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Wed Aug 24 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-13
|
|
|
|
|
- remove OAEP from the FIPS indicators
|
|
|
|
|
* Tue Jul 4 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.91.0-1
|
|
|
|
|
- Update NSS to 3.91.0
|
|
|
|
|
|
|
|
|
|
* Thu Aug 11 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-12
|
|
|
|
|
- only turn off rand changes on all non-fips kernels
|
|
|
|
|
* Tue Jun 6 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-1
|
|
|
|
|
- Add patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1836781 &
|
|
|
|
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1836925
|
|
|
|
|
|
|
|
|
|
* Mon Aug 8 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-11
|
|
|
|
|
- only turn off rand changes on ppc64le at build-test time.
|
|
|
|
|
* Mon Jun 5 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-1
|
|
|
|
|
- Update %%patch syntax
|
|
|
|
|
|
|
|
|
|
* Mon Aug 8 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-10
|
|
|
|
|
- turn off rand changes on ppc64le
|
|
|
|
|
* Mon Jun 5 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-1
|
|
|
|
|
- Update NSS to 3.90.0
|
|
|
|
|
|
|
|
|
|
* Sun Aug 7 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-9
|
|
|
|
|
- FIPS 140-3 changes
|
|
|
|
|
* Fri May 5 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.89.0-1
|
|
|
|
|
- combine nss and nspr source togeather
|
|
|
|
|
|
|
|
|
|
* Thu Jul 21 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-8
|
|
|
|
|
- fix encoding issue with NULL passwords
|
|
|
|
|
* Fri May 5 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.89.0-1
|
|
|
|
|
- replace %{version} with %{nss_version} as it version can be overiden.
|
|
|
|
|
|
|
|
|
|
* Thu Jul 7 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-7
|
|
|
|
|
- more complete fix for cert auth regression crash
|
|
|
|
|
* Fri Mar 10 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.89.0-1
|
|
|
|
|
- Update NSS to 3.89.0
|
|
|
|
|
|
|
|
|
|
* Wed Jun 22 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-6
|
|
|
|
|
- Remove debugging printf from a patch
|
|
|
|
|
- increase the pbe cache size to handle reusing the same token key.
|
|
|
|
|
* Fri Feb 10 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.88.1-1
|
|
|
|
|
- Update NSS to 3.88.1
|
|
|
|
|
|
|
|
|
|
* Mon Jun 20 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-5
|
|
|
|
|
- FIPS 140-3 changes
|
|
|
|
|
- Reject Small RSA keys, 1024 bit keys are marked as FIP OK when verifying, reject
|
|
|
|
|
signature keys by policy
|
|
|
|
|
- Allow applications to retrigger selftests on demand.
|
|
|
|
|
* Tue Jan 24 2023 Bob Relyea - 3.87.0-2
|
|
|
|
|
- Fix rebuild errors
|
|
|
|
|
|
|
|
|
|
* Tue Jun 14 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-4
|
|
|
|
|
- server passive fix
|
|
|
|
|
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.87.0-2
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Sat Jun 11 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-3
|
|
|
|
|
- fix regressions in test suite
|
|
|
|
|
* Tue Jan 10 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.87.0-1
|
|
|
|
|
- Update NSS to 3.87 & remove unused patches
|
|
|
|
|
|
|
|
|
|
* Mon Jun 6 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-2
|
|
|
|
|
- fix nspr coverify issues.
|
|
|
|
|
* Thu Nov 17 2022 Bob Relyea <rrelyea@redhat.com> - 3.85.0-1
|
|
|
|
|
- update to NSS 3.83
|
|
|
|
|
|
|
|
|
|
* Wed Jun 1 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-1
|
|
|
|
|
- update to NSS 3.79
|
|
|
|
|
- update to NSPR 4.34
|
|
|
|
|
- change FIPS Modulename to conform with our final module standard
|
|
|
|
|
* Fri Sep 9 2022 Bob Relyea <rrelyea@redhat.com> - 3.83.0-1
|
|
|
|
|
- update to NSS 3.83
|
|
|
|
|
- update to NSPR 4.35
|
|
|
|
|
|
|
|
|
|
* Wed Feb 16 2022 Bob Relyea <rrelyea@redhat.com> - 3.71.0-7
|
|
|
|
|
- Fix handling of pkcs12 passwords for PKCS5v2 cases which causes failures
|
|
|
|
|
on long passwords.
|
|
|
|
|
* Fri Sep 9 2022 Bob Relyea <rrelyea@redhat.com> - 3.81.0-2
|
|
|
|
|
- add dbtool
|
|
|
|
|
|
|
|
|
|
* Wed Jan 26 2022 Bob Relyea <rrelyea@redhat.com> - 3.71.0-6
|
|
|
|
|
- update pkcs12 documentation to include camellia
|
|
|
|
|
- turn on lto
|
|
|
|
|
* Thu Jul 21 2022 Bob Relyea <rrelyea@redhat.com> - 3.81.0-1
|
|
|
|
|
- udpate to NSS 3.81
|
|
|
|
|
|
|
|
|
|
* Wed Jan 12 2022 Bob Relyea <rrelyea@redhat.com> - 3.71.0-5
|
|
|
|
|
- remove old dbm files from the build
|
|
|
|
|
* Thu Jun 16 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-2
|
|
|
|
|
- Fix crash when getting client cert and there is none in the database.
|
|
|
|
|
|
|
|
|
|
* Wed Dec 1 2021 Bob Relyea <rrelyea@redhat.com> - 3.71.0-2
|
|
|
|
|
- Fix CVE-2021-43527
|
|
|
|
|
* Tue May 31 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-1
|
|
|
|
|
- Update to NSS 3.79
|
|
|
|
|
- Update to NSPR 4.34
|
|
|
|
|
|
|
|
|
|
* Tue Oct 19 2021 Bob Relyea <rrelyea@redhat.com> - 3.71.0-2
|
|
|
|
|
- make sure validation is built
|
|
|
|
|
- fix syntax on FIPS module name
|
|
|
|
|
* Mon Apr 4 2022 Bob Relyea <rrelyea@redhat.com> - 3.77.0-1
|
|
|
|
|
- Update to 3.77
|
|
|
|
|
|
|
|
|
|
* Tue Oct 5 2021 Bob Relyea <rrelyea@redhat.com> - 3.71.0-1
|
|
|
|
|
- rebase to NSS-3.71
|
|
|
|
|
* Fri Feb 4 2022 Bob Relyea <rrelyea@redhat.com> - 3.75.0-1
|
|
|
|
|
- Update to 3.75
|
|
|
|
|
- fix PayPal expiration issue
|
|
|
|
|
|
|
|
|
|
* Wed Aug 25 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-13
|
|
|
|
|
- rebuild to clear gating.yaml test
|
|
|
|
|
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.73.0-2
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Thu Aug 19 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-12
|
|
|
|
|
- pick up nspr 3.2 for Firefox 92
|
|
|
|
|
* Wed Dec 1 2021 Bob Relyea <rrelyea@redhat.com> - 3.73.0-1
|
|
|
|
|
- Update to 3.73
|
|
|
|
|
- includes CVE 2021-43527
|
|
|
|
|
|
|
|
|
|
* Thu Aug 12 2021 Florian Weimer <fweimer@redhat.com> - 3.67.0-11
|
|
|
|
|
- Change release number to correct cross-package dependencies (#1991688)
|
|
|
|
|
* Mon Oct 4 2021 Bob Relyea <rrelyea@redhat.com> - 3.71.0-1
|
|
|
|
|
- Update to 3.71
|
|
|
|
|
|
|
|
|
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com>
|
|
|
|
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
|
|
|
Related: rhbz#1991688
|
|
|
|
|
|
|
|
|
|
* Thu Jul 8 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-8
|
|
|
|
|
- fix relro support in nspr part of build
|
|
|
|
|
|
|
|
|
|
* Tue Jul 6 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-7
|
|
|
|
|
- fix ssl alert regressions
|
|
|
|
|
* Tue Aug 10 2021 Bob Relyea <rrelyea@redhat.com> - 3.69.0-2
|
|
|
|
|
- turn on lto
|
|
|
|
|
|
|
|
|
|
* Fri Jul 2 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-6
|
|
|
|
|
- bump the nspr release number
|
|
|
|
|
* Tue Aug 10 2021 Bob Relyea <rrelyea@redhat.com> - 3.69.0-1
|
|
|
|
|
- Update to 3.69
|
|
|
|
|
- Update to NSPR 4.31
|
|
|
|
|
|
|
|
|
|
* Thu Jul 1 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-5
|
|
|
|
|
- fix error when trying to read keys from updated databases when updated
|
|
|
|
|
from unpatched versions of NSS (like on fedora or upstream).
|
|
|
|
|
- fix spelling of LD_OPTFLAGS which prevents relro from working.
|
|
|
|
|
* Tue Jul 27 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-4
|
|
|
|
|
- switch to baserelease so rpmdev-bumpspec will work next time
|
|
|
|
|
|
|
|
|
|
* Fri Jun 18 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-4
|
|
|
|
|
- update nspr man page files to only pick up nspr man pages
|
|
|
|
|
* Tue Jul 27 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-3
|
|
|
|
|
- rpmdev-bumpspec doesn't work correctly with nss/nspr. Fixup version numbers
|
|
|
|
|
|
|
|
|
|
* Fri Jun 18 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-3
|
|
|
|
|
- Update NSS to 3.67
|
|
|
|
|
- Update NSPR to 2.31
|
|
|
|
|
- pick up rhel coverity patches which have not yet been pushed upstream.
|
|
|
|
|
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.67.0-2
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Fri Apr 16 2021 Bob Relyea <rrelyea@redhat.com> - 3.63.0-3
|
|
|
|
|
- prevent MD5 from being enabled even with the environment variables
|
|
|
|
|
and policy. This mirrors the rhel8 semantics.
|
|
|
|
|
- add DSO_LDFLAGS support so we pick up system LDFLAGS in our shared libraries
|
|
|
|
|
* Tue Mar 23 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-1
|
|
|
|
|
- Update to 3.67
|
|
|
|
|
- Update to NSPR 2.31
|
|
|
|
|
|
|
|
|
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.63.0-2
|
|
|
|
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
|
|
|
|
* Tue Mar 23 2021 Bob Relyea <rrelyea@redhat.com> - 3.65.0-1
|
|
|
|
|
- Update to 3.65
|
|
|
|
|
- update nss-tools manages to remove references to dbm
|
|
|
|
|
|
|
|
|
|
* Wed Mar 24 2021 Bob Relyea <rrelyea@redhat.com> - 3.63.0-1
|
|
|
|
|
- Update NSS to 3.62
|
|
|
|
|
- Update NSPR to 2.30
|
|
|
|
|
* Tue Mar 23 2021 Bob Relyea <rrelyea@redhat.com> - 3.63.0-1
|
|
|
|
|
- Update to 3.63
|
|
|
|
|
- Update to NSPR 2.30
|
|
|
|
|
- Remove old dbm files and man pages
|
|
|
|
|
|
|
|
|
|
* Tue Feb 23 2021 Bob Relyea <rrelyea@redhat.com> - 3.62.0-1
|
|
|
|
|
- Update to 3.62
|
|
|
|
|