Accepting request 913334 from mozilla:Factory

- Update nss-fips-constructor-self-tests.patch to fix crashes
  reported by upstream. This was likely affecting WebRTC calls.

OBS-URL: https://build.opensuse.org/request/show/913334
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=177
This commit is contained in:
Dominique Leuenberger 2021-08-24 08:54:04 +00:00 committed by Git OBS Bridge
commit 9c0330962e
3 changed files with 20 additions and 8 deletions

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Aug 18 12:41:56 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
- Update nss-fips-constructor-self-tests.patch to fix crashes
reported by upstream. This was likely affecting WebRTC calls.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Aug 5 15:21:31 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org> Thu Aug 5 15:21:31 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>

View File

@ -69,7 +69,7 @@ Patch25: nss-fips-detect-fips-mode-fixes.patch
Patch26: nss-fips-combined-hash-sign-dsa-ecdsa.patch Patch26: nss-fips-combined-hash-sign-dsa-ecdsa.patch
Patch27: nss-fips-aes-keywrap-post.patch Patch27: nss-fips-aes-keywrap-post.patch
Patch28: nss-btrfs-sqlite.patch Patch28: nss-btrfs-sqlite.patch
Patch37: nss-fips-fix-missing-nspr.patch Patch29: nss-fips-fix-missing-nspr.patch
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
# aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references # aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
BuildRequires: gcc9-c++ BuildRequires: gcc9-c++
@ -226,7 +226,7 @@ cd nss
%patch26 -p1 %patch26 -p1
%patch27 -p1 %patch27 -p1
%patch28 -p1 %patch28 -p1
%patch37 -p2 %patch29 -p2
# additional CA certificates # additional CA certificates
#cd security/nss/lib/ckfw/builtins #cd security/nss/lib/ckfw/builtins

View File

@ -67,7 +67,7 @@ Index: nss/lib/freebl/fips-selftest.inc
=================================================================== ===================================================================
--- /dev/null --- /dev/null
+++ nss/lib/freebl/fips-selftest.inc +++ nss/lib/freebl/fips-selftest.inc
@@ -0,0 +1,293 @@ @@ -0,0 +1,296 @@
+/* +/*
+ * PKCS #11 FIPS Power-Up Self Test - common stuff. + * PKCS #11 FIPS Power-Up Self Test - common stuff.
+ * + *
@ -250,6 +250,9 @@ Index: nss/lib/freebl/fips-selftest.inc
+ strncat(full_lib_name, SHLIB_VERSION"."SHLIB_SUFFIX, l); + strncat(full_lib_name, SHLIB_VERSION"."SHLIB_SUFFIX, l);
+ l -= strlen(SHLIB_VERSION"."SHLIB_SUFFIX); + l -= strlen(SHLIB_VERSION"."SHLIB_SUFFIX);
+#if 1 +#if 1
+ if (NULL == addr)
+ rv = BLAPI_SHVerifyFile(full_lib_name, &err);
+ else
+ rv = BLAPI_SHVerify(full_lib_name, addr, &err); + rv = BLAPI_SHVerify(full_lib_name, addr, &err);
+#else +#else
+ rv = 1; + rv = 1;
@ -930,7 +933,7 @@ Index: nss/lib/softoken/fips.c
=================================================================== ===================================================================
--- /dev/null --- /dev/null
+++ nss/lib/softoken/fips.c +++ nss/lib/softoken/fips.c
@@ -0,0 +1,33 @@ @@ -0,0 +1,36 @@
+#include "../freebl/fips-selftest.inc" +#include "../freebl/fips-selftest.inc"
+ +
+#include "fips.h" +#include "fips.h"
@ -958,9 +961,12 @@ Index: nss/lib/softoken/fips.c
+{ +{
+ fips_state = fips_initTest("softokn", (PRFuncPtr)fips_initTestSoftoken, fips_checkCryptoSoftoken); + fips_state = fips_initTest("softokn", (PRFuncPtr)fips_initTestSoftoken, fips_checkCryptoSoftoken);
+ +
+ /* The legacy DB must be checked unconditionally. The check is performed by + /* The legacy DB must be checked unconditionally in FIPS mode. */
+ * its constructor. */ +
+ dlopen (SHLIB_PREFIX "nssdbm" SHLIB_VERSION "." SHLIB_SUFFIX, RTLD_LAZY); + if (fips_state)
+ {
+ fips_state = fips_initTest("nssdbm", (PRFuncPtr) NULL, NULL);
+ }
+ +
+ return; + return;
+} +}