- update to NSS 3.31
New functionality * Allow certificates to be specified by RFC7512 PKCS#11 URIs. * Allow querying a certificate object for its temporary or permanent storage status in a thread safe way. New functions * CERT_GetCertIsPerm - retrieve the permanent storage status attribute of a certificate in a thread safe way. * CERT_GetCertIsTemp - retrieve the temporary storage status attribute of a certificate in a thread safe way. * PK11_FindCertFromURI - find a certificate identified by the given URI. * PK11_FindCertsFromURI - find a list of certificates identified by the given URI. * PK11_GetModuleURI - retrieve the URI of the given module. * PK11_GetTokenURI - retrieve the URI of a token based on the given slot information. * PK11URI_CreateURI - create a new PK11URI object from a set of attributes. * PK11URI_DestroyURI - destroy a PK11URI object. * PK11URI_FormatURI - format a PK11URI object to a string. * PK11URI_GetPathAttribute - retrieve a path attribute with the given name. * PK11URI_GetQueryAttribute - retrieve a query attribute with the given name. * PK11URI_ParseURI - parse PKCS#11 URI and return a new PK11URI object. New macros * Several new macros that start with PK11URI_PATTR_ for path attributes defined in RFC7512. * Several new macros that start with PK11URI_QATTR_ for query attributes defined in RFC7512. Notable changes * The APIs that set a TLS version range have been changed to trim the requested range to the overlap with a systemwide crypto policy, if configured. OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=243
This commit is contained in:
parent
8a54093a7b
commit
3acc6b79e5
@ -1,3 +1,51 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Aug 5 13:15:09 UTC 2017 - wr@rosenauer.org
|
||||||
|
|
||||||
|
- update to NSS 3.31
|
||||||
|
New functionality
|
||||||
|
* Allow certificates to be specified by RFC7512 PKCS#11 URIs.
|
||||||
|
* Allow querying a certificate object for its temporary or permanent
|
||||||
|
storage status in a thread safe way.
|
||||||
|
New functions
|
||||||
|
* CERT_GetCertIsPerm - retrieve the permanent storage status attribute of a
|
||||||
|
certificate in a thread safe way.
|
||||||
|
* CERT_GetCertIsTemp - retrieve the temporary storage status attribute of a
|
||||||
|
certificate in a thread safe way.
|
||||||
|
* PK11_FindCertFromURI - find a certificate identified by the given URI.
|
||||||
|
* PK11_FindCertsFromURI - find a list of certificates identified by the given
|
||||||
|
URI.
|
||||||
|
* PK11_GetModuleURI - retrieve the URI of the given module.
|
||||||
|
* PK11_GetTokenURI - retrieve the URI of a token based on the given slot
|
||||||
|
information.
|
||||||
|
* PK11URI_CreateURI - create a new PK11URI object from a set of attributes.
|
||||||
|
* PK11URI_DestroyURI - destroy a PK11URI object.
|
||||||
|
* PK11URI_FormatURI - format a PK11URI object to a string.
|
||||||
|
* PK11URI_GetPathAttribute - retrieve a path attribute with the given name.
|
||||||
|
* PK11URI_GetQueryAttribute - retrieve a query attribute with the given name.
|
||||||
|
* PK11URI_ParseURI - parse PKCS#11 URI and return a new PK11URI object.
|
||||||
|
New macros
|
||||||
|
* Several new macros that start with PK11URI_PATTR_ for path attributes defined
|
||||||
|
in RFC7512.
|
||||||
|
* Several new macros that start with PK11URI_QATTR_ for query attributes defined
|
||||||
|
in RFC7512.
|
||||||
|
Notable changes
|
||||||
|
* The APIs that set a TLS version range have been changed to trim the requested
|
||||||
|
range to the overlap with a systemwide crypto policy, if configured.
|
||||||
|
SSL_VersionRangeGetSupported can be used to query the overlap between the
|
||||||
|
library's supported range of TLS versions and the systemwide policy.
|
||||||
|
* Previously, SSL_VersionRangeSet and SSL_VersionRangeSetDefault returned a
|
||||||
|
failure if the requested version range wasn't fully allowed by the systemwide
|
||||||
|
crypto policy. They have been changed to return success, if at least one TLS
|
||||||
|
version overlaps between the requested range and the systemwide policy. An
|
||||||
|
application may call SSL_VersionRangeGet and SSL_VersionRangeGetDefault to
|
||||||
|
query the TLS version range that was effectively activated.
|
||||||
|
* Corrected the encoding of Domain Name Constraints extensions created by
|
||||||
|
certutil.
|
||||||
|
* NSS supports a clean seeding mechanism for *NIX systems now using only
|
||||||
|
/dev/urandom. This is used only when SEED_ONLY_DEV_URANDOM is set at compile
|
||||||
|
time.
|
||||||
|
* CERT_AsciiToName can handle OIDs in dotted decimal form now.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 26 21:30:30 UTC 2017 - wr@rosenauer.org
|
Wed Apr 26 21:30:30 UTC 2017 - wr@rosenauer.org
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ BuildRequires: mozilla-nspr-devel >= 4.14
|
|||||||
BuildRequires: pkg-config
|
BuildRequires: pkg-config
|
||||||
BuildRequires: sqlite-devel
|
BuildRequires: sqlite-devel
|
||||||
BuildRequires: zlib-devel
|
BuildRequires: zlib-devel
|
||||||
Version: 3.30.2
|
Version: 3.31
|
||||||
Release: 0
|
Release: 0
|
||||||
# bug437293
|
# bug437293
|
||||||
%ifarch ppc64
|
%ifarch ppc64
|
||||||
@ -36,8 +36,8 @@ Summary: Network Security Services
|
|||||||
License: MPL-2.0
|
License: MPL-2.0
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
Url: http://www.mozilla.org/projects/security/pki/nss/
|
Url: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_30_2_RTM/src/nss-%{version}.tar.gz
|
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_31_RTM/src/nss-%{version}.tar.gz
|
||||||
# hg clone https://hg.mozilla.org/projects/nss nss-3.30.2/nss ; cd nss-3.30.2/nss ; hg up NSS_3_30_2_RTM
|
# hg clone https://hg.mozilla.org/projects/nss nss-3.31/nss ; cd nss-3.31/nss ; hg up NSS_3_31_RTM
|
||||||
#Source: nss-%{version}.tar.gz
|
#Source: nss-%{version}.tar.gz
|
||||||
Source1: nss.pc.in
|
Source1: nss.pc.in
|
||||||
Source3: nss-config.in
|
Source3: nss-config.in
|
||||||
@ -56,7 +56,6 @@ Patch4: renegotiate-transitional.patch
|
|||||||
Patch5: malloc.patch
|
Patch5: malloc.patch
|
||||||
Patch6: nss-disable-ocsp-test.patch
|
Patch6: nss-disable-ocsp-test.patch
|
||||||
Patch7: nss-sqlitename.patch
|
Patch7: nss-sqlitename.patch
|
||||||
Patch8: nss-fix-hash.patch
|
|
||||||
%define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
|
%define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
|
||||||
PreReq: mozilla-nspr >= %nspr_ver
|
PreReq: mozilla-nspr >= %nspr_ver
|
||||||
PreReq: libfreebl3 >= %{nss_softokn_fips_version}
|
PreReq: libfreebl3 >= %{nss_softokn_fips_version}
|
||||||
@ -177,7 +176,6 @@ cd nss
|
|||||||
%endif
|
%endif
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch8 -p1
|
|
||||||
# additional CA certificates
|
# additional CA certificates
|
||||||
#cd security/nss/lib/ckfw/builtins
|
#cd security/nss/lib/ckfw/builtins
|
||||||
#cat %{SOURCE2} >> certdata.txt
|
#cat %{SOURCE2} >> certdata.txt
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24
|
|
||||||
size 9499119
|
|
3
nss-3.31.tar.gz
Normal file
3
nss-3.31.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:e90561256a3271486162c1fbe8d614d118c333d36a4455be2af8688bd420a65d
|
||||||
|
size 9537011
|
@ -1,13 +0,0 @@
|
|||||||
--- nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c.orig 2017-03-16 09:01:59.024372645 +0000
|
|
||||||
+++ nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c 2017-03-16 09:02:37.280938434 +0000
|
|
||||||
@@ -89,8 +89,8 @@
|
|
||||||
PKIX_HASHCODE(ocspRq->signerCert, &signerHash, plContext,
|
|
||||||
PKIX_CERTHASHCODEFAILED);
|
|
||||||
|
|
||||||
- *pHashcode = (((((extensionHash << 8) || certHash) << 8) ||
|
|
||||||
- dateHash) << 8) || signerHash;
|
|
||||||
+ *pHashcode = (((((extensionHash << 8) | certHash) << 8) |
|
|
||||||
+ dateHash) << 8) | signerHash;
|
|
||||||
|
|
||||||
cleanup:
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user