Accepting request 913334 from mozilla:Factory
- Update nss-fips-constructor-self-tests.patch to fix crashes reported by upstream. This was likely affecting WebRTC calls. OBS-URL: https://build.opensuse.org/request/show/913334 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=177
This commit is contained in:
commit
9c0330962e
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Aug 18 12:41:56 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
|
||||||
|
|
||||||
|
- Update nss-fips-constructor-self-tests.patch to fix crashes
|
||||||
|
reported by upstream. This was likely affecting WebRTC calls.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 5 15:21:31 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
|
Thu Aug 5 15:21:31 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
|
||||||
|
|
||||||
|
@ -69,7 +69,7 @@ Patch25: nss-fips-detect-fips-mode-fixes.patch
|
|||||||
Patch26: nss-fips-combined-hash-sign-dsa-ecdsa.patch
|
Patch26: nss-fips-combined-hash-sign-dsa-ecdsa.patch
|
||||||
Patch27: nss-fips-aes-keywrap-post.patch
|
Patch27: nss-fips-aes-keywrap-post.patch
|
||||||
Patch28: nss-btrfs-sqlite.patch
|
Patch28: nss-btrfs-sqlite.patch
|
||||||
Patch37: nss-fips-fix-missing-nspr.patch
|
Patch29: nss-fips-fix-missing-nspr.patch
|
||||||
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
|
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
|
||||||
# aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
|
# aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
|
||||||
BuildRequires: gcc9-c++
|
BuildRequires: gcc9-c++
|
||||||
@ -226,7 +226,7 @@ cd nss
|
|||||||
%patch26 -p1
|
%patch26 -p1
|
||||||
%patch27 -p1
|
%patch27 -p1
|
||||||
%patch28 -p1
|
%patch28 -p1
|
||||||
%patch37 -p2
|
%patch29 -p2
|
||||||
|
|
||||||
# additional CA certificates
|
# additional CA certificates
|
||||||
#cd security/nss/lib/ckfw/builtins
|
#cd security/nss/lib/ckfw/builtins
|
||||||
|
@ -67,7 +67,7 @@ Index: nss/lib/freebl/fips-selftest.inc
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ nss/lib/freebl/fips-selftest.inc
|
+++ nss/lib/freebl/fips-selftest.inc
|
||||||
@@ -0,0 +1,293 @@
|
@@ -0,0 +1,296 @@
|
||||||
+/*
|
+/*
|
||||||
+ * PKCS #11 FIPS Power-Up Self Test - common stuff.
|
+ * PKCS #11 FIPS Power-Up Self Test - common stuff.
|
||||||
+ *
|
+ *
|
||||||
@ -250,6 +250,9 @@ Index: nss/lib/freebl/fips-selftest.inc
|
|||||||
+ strncat(full_lib_name, SHLIB_VERSION"."SHLIB_SUFFIX, l);
|
+ strncat(full_lib_name, SHLIB_VERSION"."SHLIB_SUFFIX, l);
|
||||||
+ l -= strlen(SHLIB_VERSION"."SHLIB_SUFFIX);
|
+ l -= strlen(SHLIB_VERSION"."SHLIB_SUFFIX);
|
||||||
+#if 1
|
+#if 1
|
||||||
|
+ if (NULL == addr)
|
||||||
|
+ rv = BLAPI_SHVerifyFile(full_lib_name, &err);
|
||||||
|
+ else
|
||||||
+ rv = BLAPI_SHVerify(full_lib_name, addr, &err);
|
+ rv = BLAPI_SHVerify(full_lib_name, addr, &err);
|
||||||
+#else
|
+#else
|
||||||
+ rv = 1;
|
+ rv = 1;
|
||||||
@ -930,7 +933,7 @@ Index: nss/lib/softoken/fips.c
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ nss/lib/softoken/fips.c
|
+++ nss/lib/softoken/fips.c
|
||||||
@@ -0,0 +1,33 @@
|
@@ -0,0 +1,36 @@
|
||||||
+#include "../freebl/fips-selftest.inc"
|
+#include "../freebl/fips-selftest.inc"
|
||||||
+
|
+
|
||||||
+#include "fips.h"
|
+#include "fips.h"
|
||||||
@ -958,9 +961,12 @@ Index: nss/lib/softoken/fips.c
|
|||||||
+{
|
+{
|
||||||
+ fips_state = fips_initTest("softokn", (PRFuncPtr)fips_initTestSoftoken, fips_checkCryptoSoftoken);
|
+ fips_state = fips_initTest("softokn", (PRFuncPtr)fips_initTestSoftoken, fips_checkCryptoSoftoken);
|
||||||
+
|
+
|
||||||
+ /* The legacy DB must be checked unconditionally. The check is performed by
|
+ /* The legacy DB must be checked unconditionally in FIPS mode. */
|
||||||
+ * its constructor. */
|
+
|
||||||
+ dlopen (SHLIB_PREFIX "nssdbm" SHLIB_VERSION "." SHLIB_SUFFIX, RTLD_LAZY);
|
+ if (fips_state)
|
||||||
|
+ {
|
||||||
|
+ fips_state = fips_initTest("nssdbm", (PRFuncPtr) NULL, NULL);
|
||||||
|
+ }
|
||||||
+
|
+
|
||||||
+ return;
|
+ return;
|
||||||
+}
|
+}
|
||||||
|
Loading…
Reference in New Issue
Block a user