Accepting request 213275 from mozilla:Factory

OBS-URL: https://build.opensuse.org/request/show/213275
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=88

char.patch

@@ -1,22 +0,0 @@
-Index: security/nss/cmd/modutil/install-ds.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/cmd/modutil/install-ds.c,v
-retrieving revision 1.2
-diff -u -p -6 -r1.2 install-ds.c
---- security/nss/cmd/modutil/install-ds.c	25 Apr 2004 15:02:47 -0000	1.2
-+++ nss/cmd/modutil/install-ds.c	5 Feb 2007 06:57:38 -0000
-@@ -249,13 +249,13 @@ Pk11Install_File_Generate(Pk11Install_Fi
- 				if(!subval || (subval->type != STRING_VALUE)){
- 					errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS],
-                                     _this->jarPath);
- 					goto loser;
- 				}
- 				_this->permissions = (int) strtol(subval->string, &endp, 8);
--				if(*endp != '\0' || subval->string == "\0") {
-+				if(*endp != '\0' || subval->string[0] == '\0') {
- 					errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS],
-                                     _this->jarPath);
- 					goto loser;
- 				}
- 				gotPerms = PR_TRUE;
- 				Pk11Install_ListIter_delete(subiter);

mozilla-nss.changes

@@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Tue Jan  7 08:39:04 UTC 2014 - wr@rosenauer.org
+
+- update to 3.15.4
+  * required for Firefox 27
+  * regular CA root store update (1.96)
+  * Reordered the cipher suites offered in SSL/TLS client hello
+    messages to match modern best practices.
+  * Improved SSL/TLS false start. In addition to enabling the
+    SSL_ENABLE_FALSE_START option, an application must now register
+    a callback using the SSL_SetCanFalseStartCallback function.
+  * When false start is enabled, libssl will sometimes return
+    unencrypted, unauthenticated data from PR_Recv
+    (CVE-2013-1740, bmo#919877)
+  New functionality
+  * Implemented OCSP querying using the HTTP GET method, which is
+    the new default, and will fall back to the HTTP POST method.
+  * Implemented OCSP server functionality for testing purposes
+    (httpserv utility).
+  * Support SHA-1 signatures with TLS 1.2 client authentication.
+  * Added the --empty-password command-line option to certutil,
+    to be used with -N: use an empty password when creating a new
+    database.
+  * Added the -w command-line option to pp: don't wrap long output
+    lines.
+  New functions
+  * CERT_ForcePostMethodForOCSP
+  * CERT_GetSubjectNameDigest
+  * CERT_GetSubjectPublicKeyDigest
+  * SSL_PeerCertificateChain
+  * SSL_RecommendedCanFalseStart
+  * SSL_SetCanFalseStartCallback
+  New types
+  * CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP: When this flag is used,
+    libpkix will never attempt to use the HTTP GET method for OCSP
+    requests; it will always use POST.
+- removed obsolete char.patch
+
 -------------------------------------------------------------------
 Thu Dec  5 18:59:27 UTC 2013 - wr@rosenauer.org
 

mozilla-nss.spec

@@ -1,8 +1,8 @@
 #
 # spec file for package mozilla-nss
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# Copyright (c) 2006-2013 Wolfgang Rosenauer
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2006-2014 Wolfgang Rosenauer
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@ BuildRequires:  mozilla-nspr-devel
 BuildRequires:  pkg-config
 BuildRequires:  sqlite-devel
 BuildRequires:  zlib-devel
-Version:        3.15.3.1
+Version:        3.15.4
 Release:        0
 # bug437293
 %ifarch ppc64
@@ -36,9 +36,9 @@ Summary:        Network Security Services
 License:        MPL-2.0
 Group:          System/Libraries
 Url:            http://www.mozilla.org/projects/security/pki/nss/
-# hg clone https://hg.mozilla.org/projects/nss nss-3.15.3.1 ; cd nss-3.15.3.1 ; hg up NSS_3_15_3_1_RTM
-#Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_3_1_RTM/src/nss-%{version}.tar.gz
-Source:         nss-%{version}.tar.gz
+Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_4_RTM/src/nss-%{version}.tar.gz
+# hg clone https://hg.mozilla.org/projects/nss nss-3.15.4/nss ; cd nss-3.15.4/nss ; hg up NSS_3_15_4_RTM
+#Source:         nss-%{version}.tar.gz
 Source1:        nss.pc.in
 Source3:        nss-config.in
 Source4:        %{name}-rpmlintrc
@@ -50,7 +50,6 @@ Source9:        pkcs11.txt
 #Source10:       PayPalEE.cert
 Patch1:         nss-opt.patch
 Patch2:         system-nspr.patch
-Patch3:         char.patch
 Patch4:         nss-no-rpath.patch
 Patch5:         renegotiate-transitional.patch
 Patch6:         malloc.patch
@@ -166,7 +165,6 @@ Mozilla project.
 cd nss
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %if %suse_version > 1110

nss-3.15.3.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fc8b56628d3274d0fa804eb69fd0b8ddf419f086f5daa4a023c22d053f6c170c
-size 6620826

nss-3.15.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:14d69a0735c5af6b3cc12591f7ebf272203e889f09104182148091d0af682d7c
+size 6366271