From f1cf6062d29ddb1a1f56a2b84e36e26506a02927 Mon Sep 17 00:00:00 2001 From: guoxiaoqi Date: Fri, 14 Feb 2020 16:20:20 +0800 Subject: [PATCH] fix problem that tstclnt fails to connect to fe80::1%lo0 --- nss-539183.patch | 62 +++++++++++++++++++++++++++++++++++++++++++++++ nss.spec | 25 ++++++++++++------- system-pkcs11.txt | 5 ++++ 3 files changed, 83 insertions(+), 9 deletions(-) create mode 100644 nss-539183.patch create mode 100644 system-pkcs11.txt diff --git a/nss-539183.patch b/nss-539183.patch new file mode 100644 index 0000000..eda3249 --- /dev/null +++ b/nss-539183.patch @@ -0,0 +1,62 @@ +--- ./nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700 ++++ ./nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700 +@@ -953,23 +953,23 @@ + getBoundListenSocket(unsigned short port) + { + PRFileDesc *listen_sock; + int listenQueueDepth = 5 + (2 * maxThreads); + PRStatus prStatus; + PRNetAddr addr; + PRSocketOptionData opt; + +- addr.inet.family = PR_AF_INET; +- addr.inet.ip = PR_INADDR_ANY; +- addr.inet.port = PR_htons(port); ++ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { ++ errExit("PR_SetNetAddr"); ++ } + +- listen_sock = PR_NewTCPSocket(); ++ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); + if (listen_sock == NULL) { +- errExit("PR_NewTCPSocket"); ++ errExit("PR_OpenTCPSockett"); + } + + opt.option = PR_SockOpt_Nonblocking; + opt.value.non_blocking = PR_FALSE; + prStatus = PR_SetSocketOption(listen_sock, &opt); + if (prStatus < 0) { + PR_Close(listen_sock); + errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)"); +--- ./nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700 ++++ ./nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700 +@@ -1711,23 +1711,23 @@ + getBoundListenSocket(unsigned short port) + { + PRFileDesc *listen_sock; + int listenQueueDepth = 5 + (2 * maxThreads); + PRStatus prStatus; + PRNetAddr addr; + PRSocketOptionData opt; + +- addr.inet.family = PR_AF_INET; +- addr.inet.ip = PR_INADDR_ANY; +- addr.inet.port = PR_htons(port); ++ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { ++ errExit("PR_SetNetAddr"); ++ } + +- listen_sock = PR_NewTCPSocket(); ++ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); + if (listen_sock == NULL) { +- errExit("PR_NewTCPSocket"); ++ errExit("PR_OpenTCPSocket error"); + } + + opt.option = PR_SockOpt_Nonblocking; + opt.value.non_blocking = PR_FALSE; + prStatus = PR_SetSocketOption(listen_sock, &opt); + if (prStatus < 0) { + PR_Close(listen_sock); + errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)"); diff --git a/nss.spec b/nss.spec index bc6b8a0..16658ab 100644 --- a/nss.spec +++ b/nss.spec @@ -10,7 +10,7 @@ Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 7 +Release: 8 License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Provides: nss-system-init @@ -33,11 +33,12 @@ Source11: blank-key3.db Source12: blank-secmod.db Source13: blank-cert9.db Source14: blank-key4.db +Source15: system-pkcs11.txt Source16: setup-nsssysinit.sh - -Patch9000: Bug-1412829-reject-empty-supported_signature_algorit.patch -Patch9001: Bug-1507135-Add-additional-null-checks-to-CMS-messag.patch -Patch9002: Bug-1507174-Add-additional-null-checks-to-other-CMS-.patch +Patch0: nss-539183.patch +Patch1: Bug-1412829-reject-empty-supported_signature_algorit.patch +Patch2: Bug-1507135-Add-additional-null-checks-to-CMS-messag.patch +Patch3: Bug-1507174-Add-additional-null-checks-to-other-CMS-.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -120,10 +121,12 @@ Help document for NSS %prep %setup -q -n %{name}-%{nss_version} +%patch0 -p0 -b .539183 + pushd nss -%patch9000 -p1 -%patch9001 -p1 -%patch9002 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 popd %build @@ -310,6 +313,7 @@ install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db # Shared db install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db +install -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt # Copy the binary libraries we want for file in libnssutil3.so libsoftokn3.so libnssdbm3.so libfreebl3.so libfreeblpriv3.so libnss3.so libnsssysinit.so libsmime3.so libssl3.so @@ -371,7 +375,7 @@ install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_mandir}/man1/pp.1 # Copy the crypto-policies configuration file -#/usr/bin/setup-nsssysinit.sh on +/usr/bin/setup-nsssysinit.sh on #$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so #$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreeblpriv3.so #$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so @@ -536,6 +540,9 @@ update-crypto-policies %doc %{_mandir}/man* %changelog +* Fri Feb 14 2020 openEuler Buildteam - 3.40.1-9 +- fix problem that tstclnt fails to connect to fe80::1%lo0 + * Wed Jan 15 2020 openEuler Buildteam - 3.40.1-8 - add nsssysinit.sh diff --git a/system-pkcs11.txt b/system-pkcs11.txt new file mode 100644 index 0000000..c2f5704 --- /dev/null +++ b/system-pkcs11.txt @@ -0,0 +1,5 @@ +library=libnsssysinit.so +name=NSS Internal PKCS #11 Module +parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) + -- Gitee