Accepting request 588675 from Apache:Modules
- Use fixed upstream 1.0.16 tarball * https://pagure.io/mod_nss/issue/44 (forwarded request 588674 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/588675 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2-mod_nss?expand=0&rev=29
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
13ac2dbefe
@ -1,57 +0,0 @@
|
|||||||
From 6d1f6dd0c2b2cd80559b61779254e1b3d39aa5cd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Fri, 19 Jan 2018 15:36:40 -0500
|
|
||||||
Subject: [PATCH] Fix up some broken cipher strings from a bad merge
|
|
||||||
|
|
||||||
---
|
|
||||||
nss_engine_cipher.c | 22 +++++++++++-----------
|
|
||||||
1 file changed, 11 insertions(+), 11 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/nss_engine_cipher.c b/nss_engine_cipher.c
|
|
||||||
index b78e32c..3eda72a 100644
|
|
||||||
--- a/nss_engine_cipher.c
|
|
||||||
+++ b/nss_engine_cipher.c
|
|
||||||
@@ -59,7 +59,7 @@ cipher_properties ciphers_def[] =
|
|
||||||
{"fips_3des_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, "FIPS-DES-CBC3-SHA", SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA1, SSLV3, SSL_MEDIUM, 112, 168, NULL},
|
|
||||||
{"fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA, "FIPS-DES-CBC-SHA", SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1, SSLV3, SSL_LOW, 56, 56, NULL},
|
|
||||||
#ifdef ENABLE_SERVER_DHE
|
|
||||||
- {"dhe_rsa_3des_sha", TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "EDH-RSA-DES-CBC3-SHA", SSL_kDHE|SSL_aRSA|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
|
|
||||||
+ {"dhe_rsa_3des_sha", TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "DHE-RSA-DES-CBC3-SHA", SSL_kDHE|SSL_aRSA|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
|
|
||||||
{"dhe_rsa_aes_128_sha", TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "DHE-RSA-AES128-SHA", SSL_kDHE|SSL_aRSA|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
|
|
||||||
{"dhe_rsa_aes_256_sha", TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "DHE-RSA-AES256-SHA", SSL_kDHE|SSL_aRSA|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256, NULL},
|
|
||||||
{"dhe_rsa_camellia_128_sha", TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "DHE-RSA-CAMELLIA128-SHA", SSL_kDHE|SSL_aRSA|SSL_CAMELLIA128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
|
|
||||||
@@ -74,21 +74,21 @@ cipher_properties ciphers_def[] =
|
|
||||||
#endif
|
|
||||||
#endif /* ENABLE_SERVER_DHE */
|
|
||||||
#ifdef NSS_ENABLE_ECC
|
|
||||||
- {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA, "ECDH-ECDSA-NULL-SHA", SSL_kECDHe|SSL_aECDH|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0, NULL},
|
|
||||||
- {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "ECDH-ECDSA-RC4-SHA", SSL_kECDHe|SSL_aECDH|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128, NULL},
|
|
||||||
- {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "ECDH-ECDSA-DES-CBC3-SHA", SSL_kECDHe|SSL_aECDH|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
|
|
||||||
- {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "ECDH-ECDSA-AES128-SHA", SSL_kECDHe|SSL_aECDH|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
|
|
||||||
- {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "ECDH-ECDSA-AES256-SHA", SSL_kECDHe|SSL_aECDH|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256, NULL},
|
|
||||||
+ {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA, "ECDH-ECDSA-NULL-SHA", SSL_kECDHE|SSL_AECDH|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0, NULL},
|
|
||||||
+ {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "ECDH-ECDSA-RC4-SHA", SSL_kECDHE|SSL_AECDH|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128, NULL},
|
|
||||||
+ {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "ECDH-ECDSA-DES-CBC3-SHA", SSL_kECDHE|SSL_AECDH|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
|
|
||||||
+ {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "ECDH-ECDSA-AES128-SHA", SSL_kECDHE|SSL_AECDH|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
|
|
||||||
+ {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "ECDH-ECDSA-AES256-SHA", SSL_kECDHE|SSL_AECDH|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256, NULL},
|
|
||||||
{"ecdhe_ecdsa_null_sha", TLS_ECDHE_ECDSA_WITH_NULL_SHA, "ECDHE-ECDSA-NULL-SHA", SSL_kEECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0, NULL},
|
|
||||||
{"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "ECDHE-ECDSA-RC4-SHA", SSL_kEECDH|SSL_aECDSA|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128, NULL},
|
|
||||||
{"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "ECDHE-ECDSA-DES-CBC3-SHA", SSL_kEECDH|SSL_aECDSA|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
|
|
||||||
{"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "ECDHE-ECDSA-AES128-SHA", SSL_kEECDH|SSL_aECDSA|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
|
|
||||||
{"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "ECDHE-ECDSA-AES256-SHA", SSL_kEECDH|SSL_aECDSA|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256, NULL},
|
|
||||||
- {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA, "ECDH-RSA-NULL-SHA", SSL_kECDHr|SSL_aECDH|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0, NULL},
|
|
||||||
- {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA, "ECDH-RSA-RC4-SHA", SSL_kECDHr|SSL_aECDH|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128, NULL},
|
|
||||||
- {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "ECDH-RSA-DES-CBC3-SHA", SSL_kECDHr|SSL_aECDH|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
|
|
||||||
- {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "ECDH-RSA-AES128-SHA", SSL_kECDHr|SSL_aECDH|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
|
|
||||||
- {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "ECDH-RSA-AES256-SHA", SSL_kECDHr|SSL_aECDH|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256, NULL},
|
|
||||||
+ {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA, "ECDH-RSA-NULL-SHA", SSL_kECDHr|SSL_AECDH|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0, NULL},
|
|
||||||
+ {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA, "ECDH-RSA-RC4-SHA", SSL_kECDHr|SSL_AECDH|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128, NULL},
|
|
||||||
+ {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "ECDH-RSA-DES-CBC3-SHA", SSL_kECDHr|SSL_AECDH|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
|
|
||||||
+ {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "ECDH-RSA-AES128-SHA", SSL_kECDHr|SSL_AECDH|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
|
|
||||||
+ {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "ECDH-RSA-AES256-SHA", SSL_kECDHr|SSL_AECDH|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256, NULL},
|
|
||||||
{"ecdhe_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA, "ECDHE-RSA-NULL-SHA", SSL_kEECDH|SSL_aRSA|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0, NULL},
|
|
||||||
{"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA, "ECDHE-RSA-RC4-SHA", SSL_kEECDH|SSL_aRSA|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128, NULL},
|
|
||||||
{"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "ECDHE-RSA-DES-CBC3-SHA", SSL_kEECDH|SSL_aRSA|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
|
|
||||||
--
|
|
||||||
2.16.2
|
|
||||||
|
|
||||||
@ -1,3 +1,18 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Mar 19 15:23:59 UTC 2018 - vcizek@suse.com
|
||||||
|
|
||||||
|
- Use fixed upstream 1.0.16 tarball
|
||||||
|
* https://pagure.io/mod_nss/issue/44
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Mar 19 11:12:29 UTC 2018 - vcizek@suse.com
|
||||||
|
|
||||||
|
- Update to 1.0.16
|
||||||
|
* Fix up some broken cipher strings from a bad merge
|
||||||
|
- adjust distro detection, Tumbleweed has NSS 3.35, Leap 15 has 3.34
|
||||||
|
- drop 0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch
|
||||||
|
(upstream)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Mar 8 13:15:32 UTC 2018 - vcizek@suse.com
|
Thu Mar 8 13:15:32 UTC 2018 - vcizek@suse.com
|
||||||
|
|
||||||
|
|||||||
@ -25,7 +25,7 @@
|
|||||||
%define apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)_MMN; test -x $MMN && $MMN)
|
%define apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)_MMN; test -x $MMN && $MMN)
|
||||||
%define apache_sysconf_nssdir %{apache_sysconfdir}/mod_nss.d
|
%define apache_sysconf_nssdir %{apache_sysconfdir}/mod_nss.d
|
||||||
Name: apache2-mod_nss
|
Name: apache2-mod_nss
|
||||||
Version: 1.0.15
|
Version: 1.0.16
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: SSL/TLS module for the Apache HTTP server
|
Summary: SSL/TLS module for the Apache HTTP server
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
@ -39,7 +39,6 @@ Source5: vhost-nss.template
|
|||||||
Patch1: mod_nss-migrate.patch
|
Patch1: mod_nss-migrate.patch
|
||||||
Patch2: mod_nss-gencert-correct-ownership.patch
|
Patch2: mod_nss-gencert-correct-ownership.patch
|
||||||
Patch4: mod_nss-gencert_use_ss_instead_of_netstat.patch
|
Patch4: mod_nss-gencert_use_ss_instead_of_netstat.patch
|
||||||
Patch5: 0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch
|
|
||||||
BuildRequires: apache-rpm-macros
|
BuildRequires: apache-rpm-macros
|
||||||
BuildRequires: apache2-devel >= 2.2.12
|
BuildRequires: apache2-devel >= 2.2.12
|
||||||
BuildRequires: apr-devel
|
BuildRequires: apr-devel
|
||||||
@ -76,7 +75,6 @@ security library.
|
|||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
|
||||||
|
|
||||||
# Touch expression parser sources to prevent regenerating it
|
# Touch expression parser sources to prevent regenerating it
|
||||||
touch nss_expr_*.[chyl]
|
touch nss_expr_*.[chyl]
|
||||||
@ -130,7 +128,7 @@ install -m 755 gencert %{buildroot}%{_sbindir}/
|
|||||||
install -m 755 migrate.pl %{buildroot}%{_sbindir}/mod_nss_migrate.pl
|
install -m 755 migrate.pl %{buildroot}%{_sbindir}/mod_nss_migrate.pl
|
||||||
|
|
||||||
#ln -s $RPM_BUILD_ROOT/%%{apache_libexecdir}/libnssckbi.so $RPM_BUILD_ROOT%%{apache_sysconf_nssdir}/
|
#ln -s $RPM_BUILD_ROOT/%%{apache_libexecdir}/libnssckbi.so $RPM_BUILD_ROOT%%{apache_sysconf_nssdir}/
|
||||||
%if 0%{?suse_version} < 1330
|
%if 0%{?suse_version} <= 1500
|
||||||
touch %{buildroot}%{apache_sysconf_nssdir}/secmod.db
|
touch %{buildroot}%{apache_sysconf_nssdir}/secmod.db
|
||||||
touch %{buildroot}%{apache_sysconf_nssdir}/cert8.db
|
touch %{buildroot}%{apache_sysconf_nssdir}/cert8.db
|
||||||
touch %{buildroot}%{apache_sysconf_nssdir}/key3.db
|
touch %{buildroot}%{apache_sysconf_nssdir}/key3.db
|
||||||
@ -220,7 +218,7 @@ find %{apache_sysconf_nssdir} -user root -name "*.db" ! -type l -exec /bin/chmod
|
|||||||
%dir %{apache_libexecdir}
|
%dir %{apache_libexecdir}
|
||||||
%{apache_libexecdir}/mod_nss.so
|
%{apache_libexecdir}/mod_nss.so
|
||||||
%dir %{apache_sysconf_nssdir}/
|
%dir %{apache_sysconf_nssdir}/
|
||||||
%if 0%{?suse_version} < 1330
|
%if 0%{?suse_version} <= 1500
|
||||||
%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/secmod.db
|
%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/secmod.db
|
||||||
%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/cert8.db
|
%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/cert8.db
|
||||||
%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/key3.db
|
%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/key3.db
|
||||||
|
|||||||
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:5a33734ecd6e1fa44bffb359b0a08431a3b5c8e81a4958d90200bbb2ce2c0fe9
|
|
||||||
size 183083
|
|
||||||
3
mod_nss-1.0.16.tar.gz
Normal file
3
mod_nss-1.0.16.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:b72412ac6cbcaced00fae368fd3497e40c010669e39030db4a7b34e2a8bbf92c
|
||||||
|
size 183115
|
||||||
Loading…
Reference in New Issue
Block a user