From 58591dfdb2482bf0a426e817724f2454e7fe9ba43c3170d45f6e2704c4cf83cf Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 7 Jan 2014 08:49:30 +0000 Subject: [PATCH 1/3] - update to 3.15.4 * required for Firefox 27 * regular CA root store update (1.96) * some OSCP improvments * other bugfixes - removed obsolete char.patch OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=146 --- char.patch | 22 ---------------------- mozilla-nss.changes | 10 ++++++++++ mozilla-nss.spec | 12 +++++------- nss-3.15.3.1.tar.gz | 3 --- nss-3.15.4.tar.gz | 3 +++ 5 files changed, 18 insertions(+), 32 deletions(-) delete mode 100644 char.patch delete mode 100644 nss-3.15.3.1.tar.gz create mode 100644 nss-3.15.4.tar.gz diff --git a/char.patch b/char.patch deleted file mode 100644 index 5d52f3d..0000000 --- a/char.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: security/nss/cmd/modutil/install-ds.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/cmd/modutil/install-ds.c,v -retrieving revision 1.2 -diff -u -p -6 -r1.2 install-ds.c ---- security/nss/cmd/modutil/install-ds.c 25 Apr 2004 15:02:47 -0000 1.2 -+++ nss/cmd/modutil/install-ds.c 5 Feb 2007 06:57:38 -0000 -@@ -249,13 +249,13 @@ Pk11Install_File_Generate(Pk11Install_Fi - if(!subval || (subval->type != STRING_VALUE)){ - errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS], - _this->jarPath); - goto loser; - } - _this->permissions = (int) strtol(subval->string, &endp, 8); -- if(*endp != '\0' || subval->string == "\0") { -+ if(*endp != '\0' || subval->string[0] == '\0') { - errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS], - _this->jarPath); - goto loser; - } - gotPerms = PR_TRUE; - Pk11Install_ListIter_delete(subiter); diff --git a/mozilla-nss.changes b/mozilla-nss.changes index 36f0504..9353416 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue Jan 7 08:39:04 UTC 2014 - wr@rosenauer.org + +- update to 3.15.4 + * required for Firefox 27 + * regular CA root store update (1.96) + * some OSCP improvments + * other bugfixes +- removed obsolete char.patch + ------------------------------------------------------------------- Thu Dec 5 18:59:27 UTC 2013 - wr@rosenauer.org diff --git a/mozilla-nss.spec b/mozilla-nss.spec index 0a81626..559b179 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -1,7 +1,7 @@ # # spec file for package mozilla-nss # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2006-2013 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -25,7 +25,7 @@ BuildRequires: mozilla-nspr-devel BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.15.3.1 +Version: 3.15.4 Release: 0 # bug437293 %ifarch ppc64 @@ -36,9 +36,9 @@ Summary: Network Security Services License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ -# hg clone https://hg.mozilla.org/projects/nss nss-3.15.3.1 ; cd nss-3.15.3.1 ; hg up NSS_3_15_3_1_RTM -#Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_3_1_RTM/src/nss-%{version}.tar.gz -Source: nss-%{version}.tar.gz +Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_4_RTM/src/nss-%{version}.tar.gz +# hg clone https://hg.mozilla.org/projects/nss nss-3.15.4/nss ; cd nss-3.15.4/nss ; hg up NSS_3_15_4_RTM +#Source: nss-%{version}.tar.gz Source1: nss.pc.in Source3: nss-config.in Source4: %{name}-rpmlintrc @@ -50,7 +50,6 @@ Source9: pkcs11.txt #Source10: PayPalEE.cert Patch1: nss-opt.patch Patch2: system-nspr.patch -Patch3: char.patch Patch4: nss-no-rpath.patch Patch5: renegotiate-transitional.patch Patch6: malloc.patch @@ -166,7 +165,6 @@ Mozilla project. cd nss %patch1 -p1 %patch2 -p1 -%patch3 -p1 %patch4 -p1 %patch5 -p1 %if %suse_version > 1110 diff --git a/nss-3.15.3.1.tar.gz b/nss-3.15.3.1.tar.gz deleted file mode 100644 index 3d6cd4f..0000000 --- a/nss-3.15.3.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fc8b56628d3274d0fa804eb69fd0b8ddf419f086f5daa4a023c22d053f6c170c -size 6620826 diff --git a/nss-3.15.4.tar.gz b/nss-3.15.4.tar.gz new file mode 100644 index 0000000..529e6fa --- /dev/null +++ b/nss-3.15.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:14d69a0735c5af6b3cc12591f7ebf272203e889f09104182148091d0af682d7c +size 6366271 From 186557c50ad12d90e15e31c43d81871c2b7d7fcb03083298367c05b8df150e87 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Thu, 9 Jan 2014 10:24:37 +0000 Subject: [PATCH 2/3] * Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices. * Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function. * When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PR_Recv (CVE-2013-1740, bmo#919877) New functionality * Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method. * Implemented OCSP server functionality for testing purposes (httpserv utility). * Support SHA-1 signatures with TLS 1.2 client authentication. * Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database. * Added the -w command-line option to pp: don't wrap long output lines. New functions * CERT_ForcePostMethodForOCSP * CERT_GetSubjectNameDigest * CERT_GetSubjectPublicKeyDigest * SSL_PeerCertificateChain * SSL_RecommendedCanFalseStart * SSL_SetCanFalseStartCallback New types * CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP: When this flag is used, libpkix will never attempt to use the HTTP GET method for OCSP requests; it will always use POST. OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=147 --- mozilla-nss.changes | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/mozilla-nss.changes b/mozilla-nss.changes index 9353416..eeb0005 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -4,8 +4,36 @@ Tue Jan 7 08:39:04 UTC 2014 - wr@rosenauer.org - update to 3.15.4 * required for Firefox 27 * regular CA root store update (1.96) - * some OSCP improvments - * other bugfixes + * Reordered the cipher suites offered in SSL/TLS client hello + messages to match modern best practices. + * Improved SSL/TLS false start. In addition to enabling the + SSL_ENABLE_FALSE_START option, an application must now register + a callback using the SSL_SetCanFalseStartCallback function. + * When false start is enabled, libssl will sometimes return + unencrypted, unauthenticated data from PR_Recv + (CVE-2013-1740, bmo#919877) + New functionality + * Implemented OCSP querying using the HTTP GET method, which is + the new default, and will fall back to the HTTP POST method. + * Implemented OCSP server functionality for testing purposes + (httpserv utility). + * Support SHA-1 signatures with TLS 1.2 client authentication. + * Added the --empty-password command-line option to certutil, + to be used with -N: use an empty password when creating a new + database. + * Added the -w command-line option to pp: don't wrap long output + lines. + New functions + * CERT_ForcePostMethodForOCSP + * CERT_GetSubjectNameDigest + * CERT_GetSubjectPublicKeyDigest + * SSL_PeerCertificateChain + * SSL_RecommendedCanFalseStart + * SSL_SetCanFalseStartCallback + New types + * CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP: When this flag is used, + libpkix will never attempt to use the HTTP GET method for OCSP + requests; it will always use POST. - removed obsolete char.patch ------------------------------------------------------------------- From 14100a1118d04f42748eb53506aadeed627d5a57b4a509aa3ef89eb11cf24bb8 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Thu, 9 Jan 2014 10:26:13 +0000 Subject: [PATCH 3/3] OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=148 --- mozilla-nss.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mozilla-nss.spec b/mozilla-nss.spec index 559b179..2362896 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -2,7 +2,7 @@ # spec file for package mozilla-nss # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. -# Copyright (c) 2006-2013 Wolfgang Rosenauer +# Copyright (c) 2006-2014 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed