Accepting request 223809 from mozilla:Factory

- update to 3.15.5
  * required for Firefox 28
  * export FREEBL_LOWHASH to get the correct default headers
    (bnc#865539)
  New functionality
  * Added support for the TLS application layer protocol negotiation
    (ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and
    SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both)
    should be used for application layer protocol negotiation.
  * Added the TLS padding extension. The extension type value is 35655,
    which may change when an official extension type value is assigned
    by IANA. NSS automatically adds the padding extension to ClientHello
    when necessary.
  * Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting
    the tail of a CERTCertList.
  Notable Changes
  * bmo#950129: Improve the OCSP fetching policy when verifying OCSP
    responses
  * bmo#949060: Validate the iov input argument (an array of PRIOVec
    structures) of ssl_WriteV (called via PR_Writev). Applications should
    still take care when converting struct iov to PRIOVec because the
    iov_len members of the two structures have different types
    (size_t vs. int). size_t is unsigned and may be larger than int.

- BuildRequire mozilla-nspr >= 4.9

OBS-URL: https://build.opensuse.org/request/show/223809
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=90
This commit is contained in:
Stephan Kulow 2014-02-26 22:20:34 +00:00 committed by Git OBS Bridge
commit 47108391e0
5 changed files with 43 additions and 19 deletions

View File

@ -1,3 +1,35 @@
-------------------------------------------------------------------
Tue Feb 25 11:31:18 UTC 2014 - wr@rosenauer.org
- update to 3.15.5
* required for Firefox 28
* export FREEBL_LOWHASH to get the correct default headers
(bnc#865539)
New functionality
* Added support for the TLS application layer protocol negotiation
(ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and
SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both)
should be used for application layer protocol negotiation.
* Added the TLS padding extension. The extension type value is 35655,
which may change when an official extension type value is assigned
by IANA. NSS automatically adds the padding extension to ClientHello
when necessary.
* Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting
the tail of a CERTCertList.
Notable Changes
* bmo#950129: Improve the OCSP fetching policy when verifying OCSP
responses
* bmo#949060: Validate the iov input argument (an array of PRIOVec
structures) of ssl_WriteV (called via PR_Writev). Applications should
still take care when converting struct iov to PRIOVec because the
iov_len members of the two structures have different types
(size_t vs. int). size_t is unsigned and may be larger than int.
-------------------------------------------------------------------
Thu Feb 20 10:55:30 UTC 2014 - aj@ajaissle.de
- BuildRequire mozilla-nspr >= 4.9
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 7 08:39:04 UTC 2014 - wr@rosenauer.org Tue Jan 7 08:39:04 UTC 2014 - wr@rosenauer.org

View File

@ -21,11 +21,11 @@
Name: mozilla-nss Name: mozilla-nss
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: mozilla-nspr-devel BuildRequires: mozilla-nspr-devel >= 4.9
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRequires: sqlite-devel BuildRequires: sqlite-devel
BuildRequires: zlib-devel BuildRequires: zlib-devel
Version: 3.15.4 Version: 3.15.5
Release: 0 Release: 0
# bug437293 # bug437293
%ifarch ppc64 %ifarch ppc64
@ -36,8 +36,8 @@ Summary: Network Security Services
License: MPL-2.0 License: MPL-2.0
Group: System/Libraries Group: System/Libraries
Url: http://www.mozilla.org/projects/security/pki/nss/ Url: http://www.mozilla.org/projects/security/pki/nss/
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_4_RTM/src/nss-%{version}.tar.gz Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_5_RTM/src/nss-%{version}.tar.gz
# hg clone https://hg.mozilla.org/projects/nss nss-3.15.4/nss ; cd nss-3.15.4/nss ; hg up NSS_3_15_4_RTM # hg clone https://hg.mozilla.org/projects/nss nss-3.15.5/nss ; cd nss-3.15.5/nss ; hg up NSS_3_15_5_RTM
#Source: nss-%{version}.tar.gz #Source: nss-%{version}.tar.gz
Source1: nss.pc.in Source1: nss.pc.in
Source3: nss-config.in Source3: nss-config.in
@ -85,7 +85,7 @@ Summary: Network (Netscape) Security Services development files
Group: Development/Libraries/Other Group: Development/Libraries/Other
Requires: libfreebl3 Requires: libfreebl3
Requires: libsoftokn3 Requires: libsoftokn3
Requires: mozilla-nspr-devel Requires: mozilla-nspr-devel >= 4.9
Requires: mozilla-nss = %{version}-%{release} Requires: mozilla-nss = %{version}-%{release}
# bug437293 # bug437293
%ifarch ppc64 %ifarch ppc64
@ -185,6 +185,7 @@ TIME="\"$(date -d "${modified}" "+%%R")\""
find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} + find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
export FREEBL_NO_DEPEND=1 export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export NSPR_INCLUDE_DIR=`nspr-config --includedir` export NSPR_INCLUDE_DIR=`nspr-config --includedir`
export NSPR_LIB_DIR=`nspr-config --libdir` export NSPR_LIB_DIR=`nspr-config --libdir`
export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:14d69a0735c5af6b3cc12591f7ebf272203e889f09104182148091d0af682d7c
size 6366271

3
nss-3.15.5.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1442c85624b7de74c7745132a65aa0de47d280c4f01f293d111bc0b6d8271f43
size 6367893

View File

@ -1,12 +1,8 @@
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
index e6b2387..87fbe1d 100644
--- a/lib/ssl/sslsock.c --- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c
@@ -144,17 +144,17 @@ static sslOptions ssl_defaults = { @@ -74,7 +74,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* fdx */
PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
PR_TRUE, /* detectRollBack */
PR_FALSE, /* noStepDown */
PR_FALSE, /* bypassPKCS11 */
PR_FALSE, /* noLocks */ PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */ PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */ PR_FALSE, /* enableDeflate */
@ -15,8 +11,3 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */ PR_FALSE, /* enableFalseStart */
PR_TRUE, /* cbcRandomIV */ PR_TRUE, /* cbcRandomIV */
PR_FALSE /* enableOCSPStapling */
};
/*
* default range of enabled SSL/TLS protocols