- update to 3.15
* Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=124
This commit is contained in:
parent
ddbab3a3b8
commit
506ad33ba3
216
bug-834091.patch
216
bug-834091.patch
@ -1,216 +0,0 @@
|
||||
Index: security/nss/lib/pkcs7/p7decode.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pkcs7/p7decode.c,v
|
||||
retrieving revision 1.31
|
||||
diff -u -8 -p -r1.31 p7decode.c
|
||||
--- security/nss/lib/pkcs7/p7decode.c 12 Dec 2012 19:25:36 -0000 1.31
|
||||
+++ security/nss/lib/pkcs7/p7decode.c 25 Jan 2013 23:22:54 -0000
|
||||
@@ -1276,17 +1276,18 @@ SEC_PKCS7ContentIsSigned(SEC_PKCS7Conten
|
||||
* there should be NO authenticatedAttributes (signerinfo->authAttr should
|
||||
* be NULL).
|
||||
*/
|
||||
static PRBool
|
||||
sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo,
|
||||
SECCertUsage certusage,
|
||||
const SECItem *detached_digest,
|
||||
HASH_HashType digest_type,
|
||||
- PRBool keepcerts)
|
||||
+ PRBool keepcerts,
|
||||
+ PRTime atTime)
|
||||
{
|
||||
SECAlgorithmID **digestalgs, *bulkid;
|
||||
const SECItem *digest;
|
||||
SECItem **digests;
|
||||
SECItem **rawcerts;
|
||||
CERTSignedCrl **crls;
|
||||
SEC_PKCS7SignerInfo **signerinfos, *signerinfo;
|
||||
CERTCertificate *cert, **certs;
|
||||
@@ -1294,17 +1295,18 @@ sec_pkcs7_verify_signature(SEC_PKCS7Cont
|
||||
CERTCertDBHandle *certdb, *defaultdb;
|
||||
SECOidTag encTag,digestTag;
|
||||
HASH_HashType found_type;
|
||||
int i, certcount;
|
||||
SECKEYPublicKey *publickey;
|
||||
SECItem *content_type;
|
||||
PK11SymKey *sigkey;
|
||||
SECItem *encoded_stime;
|
||||
- int64 stime;
|
||||
+ PRTime stime;
|
||||
+ PRTime verificationTime;
|
||||
SECStatus rv;
|
||||
|
||||
/*
|
||||
* Everything needed in order to "goto done" safely.
|
||||
*/
|
||||
goodsig = PR_FALSE;
|
||||
certcount = 0;
|
||||
cert = NULL;
|
||||
@@ -1431,18 +1433,20 @@ sec_pkcs7_verify_signature(SEC_PKCS7Cont
|
||||
/*
|
||||
* XXX This uses the signing time, if available. Additionally, we
|
||||
* might want to, if there is no signing time, get the message time
|
||||
* from the mail header itself, and use that. That would require
|
||||
* a change to our interface though, and for S/MIME callers to pass
|
||||
* in a time (and for non-S/MIME callers to pass in nothing, or
|
||||
* maybe make them pass in the current time, always?).
|
||||
*/
|
||||
+ verificationTime = atTime ? atTime
|
||||
+ : (encoded_stime ? stime : PR_Now());
|
||||
if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage,
|
||||
- encoded_stime != NULL ? stime : PR_Now(),
|
||||
+ verificationTime,
|
||||
cinfo->pwfn_arg, NULL) != SECSuccess)
|
||||
{
|
||||
/*
|
||||
* XXX Give the user an option to check the signature anyway?
|
||||
* If we want to do this, need to give a way to leave and display
|
||||
* some dialog and get the answer and come back through (or do
|
||||
* the rest of what we do below elsewhere, maybe by putting it
|
||||
* in a function that we call below and could call from a dialog
|
||||
@@ -1752,17 +1756,17 @@ done:
|
||||
* into our local database.
|
||||
*/
|
||||
PRBool
|
||||
SEC_PKCS7VerifySignature(SEC_PKCS7ContentInfo *cinfo,
|
||||
SECCertUsage certusage,
|
||||
PRBool keepcerts)
|
||||
{
|
||||
return sec_pkcs7_verify_signature (cinfo, certusage,
|
||||
- NULL, HASH_AlgNULL, keepcerts);
|
||||
+ NULL, HASH_AlgNULL, keepcerts, 0);
|
||||
}
|
||||
|
||||
/*
|
||||
* SEC_PKCS7VerifyDetachedSignature
|
||||
* Look at a PKCS7 contentInfo and check if the signature matches
|
||||
* a passed-in digest (calculated, supposedly, from detached contents).
|
||||
* The verification checks that the signing cert is valid and trusted
|
||||
* for the purpose specified by "certusage".
|
||||
@@ -1774,19 +1778,44 @@ PRBool
|
||||
SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
|
||||
SECCertUsage certusage,
|
||||
const SECItem *detached_digest,
|
||||
HASH_HashType digest_type,
|
||||
PRBool keepcerts)
|
||||
{
|
||||
return sec_pkcs7_verify_signature (cinfo, certusage,
|
||||
detached_digest, digest_type,
|
||||
- keepcerts);
|
||||
+ keepcerts, 0);
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * SEC_PKCS7VerifyDetachedSignatureAtTime
|
||||
+ * Look at a PKCS7 contentInfo and check if the signature matches
|
||||
+ * a passed-in digest (calculated, supposedly, from detached contents).
|
||||
+ * The verification checks that the signing cert is valid and trusted
|
||||
+ * for the purpose specified by "certusage" at time "atTime"
|
||||
+ * if "atTime" is non-zero, or at the current time (as returned by
|
||||
+ * PR_Now) otherwise.
|
||||
+ */
|
||||
+PRBool
|
||||
+SEC_PKCS7VerifyDetachedSignatureAtTime(SEC_PKCS7ContentInfo *cinfo,
|
||||
+ SECCertUsage certusage,
|
||||
+ const SECItem *detached_digest,
|
||||
+ HASH_HashType digest_type,
|
||||
+ PRBool keepcerts,
|
||||
+ PRTime atTime)
|
||||
+{
|
||||
+ if (!atTime) {
|
||||
+ atTime = PR_Now();
|
||||
+ }
|
||||
+
|
||||
+ return sec_pkcs7_verify_signature (cinfo, certusage,
|
||||
+ detached_digest, digest_type,
|
||||
+ keepcerts, atTime);
|
||||
+}
|
||||
|
||||
/*
|
||||
* Return the asked-for portion of the name of the signer of a PKCS7
|
||||
* signed object.
|
||||
*
|
||||
* Returns a pointer to allocated memory, which must be freed.
|
||||
* A NULL return value is an error.
|
||||
*/
|
||||
@@ -1839,17 +1868,17 @@ sec_pkcs7_get_signer_cert_info(SEC_PKCS7
|
||||
*/
|
||||
if (signercert == NULL) {
|
||||
/*
|
||||
* The cert usage does not matter in this case, because we do not
|
||||
* actually care about the verification itself, but we have to pick
|
||||
* some valid usage to pass in.
|
||||
*/
|
||||
(void) sec_pkcs7_verify_signature (cinfo, certUsageEmailSigner,
|
||||
- NULL, HASH_AlgNULL, PR_FALSE);
|
||||
+ NULL, HASH_AlgNULL, PR_FALSE, 0);
|
||||
signercert = signerinfos[0]->cert;
|
||||
if (signercert == NULL)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
switch (selector) {
|
||||
case sec_common_name:
|
||||
container = CERT_GetCommonName (&signercert->subject);
|
||||
Index: security/nss/lib/pkcs7/secpkcs7.h
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pkcs7/secpkcs7.h,v
|
||||
retrieving revision 1.10
|
||||
diff -u -8 -p -r1.10 secpkcs7.h
|
||||
--- security/nss/lib/pkcs7/secpkcs7.h 27 Nov 2012 22:48:08 -0000 1.10
|
||||
+++ security/nss/lib/pkcs7/secpkcs7.h 25 Jan 2013 23:22:54 -0000
|
||||
@@ -128,16 +128,33 @@ extern PRBool SEC_PKCS7VerifySignature(S
|
||||
* into our local database.
|
||||
*/
|
||||
extern PRBool SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
|
||||
SECCertUsage certusage,
|
||||
const SECItem *detached_digest,
|
||||
HASH_HashType digest_type,
|
||||
PRBool keepcerts);
|
||||
|
||||
+
|
||||
+/*
|
||||
+ * SEC_PKCS7VerifyDetachedSignatureAtTime
|
||||
+ * Look at a PKCS7 contentInfo and check if the signature matches
|
||||
+ * a passed-in digest (calculated, supposedly, from detached contents).
|
||||
+ * The verification checks that the signing cert is valid and trusted
|
||||
+ * for the purpose specified by "certusage" at time "atTime"
|
||||
+ * if "atTime" is non-zero, or at the current time (as returned by
|
||||
+ * PR_Now) otherwise.
|
||||
+ */
|
||||
+extern PRBool SEC_PKCS7VerifyDetachedSignatureAtTime(SEC_PKCS7ContentInfo *cinfo,
|
||||
+ SECCertUsage certusage,
|
||||
+ const SECItem *detached_digest,
|
||||
+ HASH_HashType digest_type,
|
||||
+ PRBool keepcerts,
|
||||
+ PRTime atTime);
|
||||
+
|
||||
/*
|
||||
* SEC_PKCS7GetSignerCommonName, SEC_PKCS7GetSignerEmailAddress
|
||||
* The passed-in contentInfo is espected to be Signed, and these
|
||||
* functions return the specified portion of the full signer name.
|
||||
*
|
||||
* Returns a pointer to allocated memory, which must be freed.
|
||||
* A NULL return value is an error.
|
||||
*/
|
||||
Index: security/nss/lib/smime/smime.def
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/smime/smime.def,v
|
||||
retrieving revision 1.39
|
||||
diff -u -8 -p -r1.39 smime.def
|
||||
--- security/nss/lib/smime/smime.def 25 Apr 2012 14:50:09 -0000 1.39
|
||||
+++ security/nss/lib/smime/smime.def 25 Jan 2013 23:22:54 -0000
|
||||
@@ -262,8 +262,14 @@ NSS_Get_NSS_PointerToCMSGenericWrapperDa
|
||||
;+ *;
|
||||
;+};
|
||||
;+NSS_3.13 { # NSS 3.13 release
|
||||
;+ global:
|
||||
NSSSMIME_GetVersion;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
+;+NSS_3.14.3 { # NSS 3.14.3 release
|
||||
+;+ global:
|
||||
+SEC_PKCS7VerifyDetachedSignatureAtTime;
|
||||
+;+ local:
|
||||
+;+ *;
|
||||
+;+};
|
@ -4,7 +4,7 @@ RCS file: /cvsroot/mozilla/security/nss/cmd/modutil/install-ds.c,v
|
||||
retrieving revision 1.2
|
||||
diff -u -p -6 -r1.2 install-ds.c
|
||||
--- security/nss/cmd/modutil/install-ds.c 25 Apr 2004 15:02:47 -0000 1.2
|
||||
+++ security/nss/cmd/modutil/install-ds.c 5 Feb 2007 06:57:38 -0000
|
||||
+++ nss/cmd/modutil/install-ds.c 5 Feb 2007 06:57:38 -0000
|
||||
@@ -249,13 +249,13 @@ Pk11Install_File_Generate(Pk11Install_Fi
|
||||
if(!subval || (subval->type != STRING_VALUE)){
|
||||
errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS],
|
||||
|
@ -4,7 +4,7 @@ RCS file: /cvsroot/mozilla/security/nss/tests/ssl/ssl.sh,v
|
||||
retrieving revision 1.100
|
||||
diff -u -r1.100 ssl.sh
|
||||
--- security/nss/tests/ssl/ssl.sh 26 Mar 2009 23:14:34 -0000 1.100
|
||||
+++ security/nss/tests/ssl/ssl.sh 6 Jun 2009 06:21:07 -0000
|
||||
+++ nss/tests/ssl/ssl.sh 6 Jun 2009 06:21:07 -0000
|
||||
@@ -974,6 +974,7 @@
|
||||
|
||||
################################# main #################################
|
||||
|
@ -1,3 +1,73 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 11 04:58:56 UTC 2013 - wr@rosenauer.org
|
||||
|
||||
- update to 3.15
|
||||
* Packaging
|
||||
+ removed obsolete patches
|
||||
* nss-disable-expired-testcerts.patch
|
||||
* bug-834091.patch
|
||||
* New Functionality
|
||||
+ Support for OCSP Stapling (RFC 6066, Certificate Status
|
||||
Request) has been added for both client and server sockets.
|
||||
TLS client applications may enable this via a call to
|
||||
SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
|
||||
+ Added function SECITEM_ReallocItemV2. It replaces function
|
||||
SECITEM_ReallocItem, which is now declared as obsolete.
|
||||
+ Support for single-operation (eg: not multi-part) symmetric
|
||||
key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
|
||||
+ certutil has been updated to support creating name constraints
|
||||
extensions.
|
||||
* New Functions
|
||||
in ssl.h
|
||||
SSL_PeerStapledOCSPResponse - Returns the server's stapled
|
||||
OCSP response, when used with a TLS client socket that
|
||||
negotiated the status_request extension.
|
||||
SSL_SetStapledOCSPResponses - Set's a stapled OCSP response
|
||||
for a TLS server socket to return when clients send the
|
||||
status_request extension.
|
||||
in ocsp.h
|
||||
CERT_PostOCSPRequest - Primarily intended for testing, permits
|
||||
the sending and receiving of raw OCSP request/responses.
|
||||
in secpkcs7.h
|
||||
SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7
|
||||
signature at a specific time other than the present time.
|
||||
in xconst.h
|
||||
CERT_EncodeNameConstraintsExtension - Matching function for
|
||||
CERT_DecodeNameConstraintsExtension, added in NSS 3.10.
|
||||
in secitem.h
|
||||
SECITEM_AllocArray
|
||||
SECITEM_DupArray
|
||||
SECITEM_FreeArray
|
||||
SECITEM_ZfreeArray - Utility functions to handle the
|
||||
allocation and deallocation of SECItemArrays
|
||||
SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is
|
||||
now obsolete. SECITEM_ReallocItemV2 better matches caller
|
||||
expectations, in that it updates item->len on allocation.
|
||||
For more details of the issues with SECITEM_ReallocItem,
|
||||
see Bug 298649 and Bug 298938.
|
||||
in pk11pub.h
|
||||
PK11_Decrypt - Performs decryption as a single PKCS#11
|
||||
operation (eg: not multi-part). This is necessary for AES-GCM.
|
||||
PK11_Encrypt - Performs encryption as a single PKCS#11
|
||||
operation (eg: not multi-part). This is necessary for AES-GCM.
|
||||
* New Types
|
||||
in secitem.h
|
||||
SECItemArray - Represents a variable-length array of SECItems.
|
||||
* New Macros
|
||||
in ssl.h
|
||||
SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure
|
||||
TLS client sockets to request the certificate_status extension
|
||||
(eg: OCSP stapling) when set to PR_TRUE
|
||||
* Notable changes
|
||||
+ SECITEM_ReallocItem is now deprecated. Please consider using
|
||||
SECITEM_ReallocItemV2 in all future code.
|
||||
+ The list of root CA certificates in the nssckbi module has
|
||||
been updated.
|
||||
+ The default implementation of SSL_AuthCertificate has been
|
||||
updated to add certificate status responses stapled by the TLS
|
||||
server to the OCSP cache.
|
||||
* a lot of bugfixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 16 10:27:04 UTC 2013 - idonmez@suse.com
|
||||
|
||||
|
@ -25,7 +25,7 @@ BuildRequires: mozilla-nspr-devel
|
||||
BuildRequires: pkg-config
|
||||
BuildRequires: sqlite-devel
|
||||
BuildRequires: zlib-devel
|
||||
Version: 3.14.3
|
||||
Version: 3.15
|
||||
Release: 0
|
||||
# bug437293
|
||||
%ifarch ppc64
|
||||
@ -36,8 +36,8 @@ Summary: Network Security Services
|
||||
License: MPL-2.0
|
||||
Group: System/Libraries
|
||||
Url: http://www.mozilla.org/projects/security/pki/nss/
|
||||
# cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -r <RTM_TAG> NSS
|
||||
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_14_3_RTM/src/nss-%{version}.tar.gz
|
||||
# hg clone https://hg.mozilla.org/projects/nss; hg up NSS_3_15_RTM
|
||||
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_RTM/src/nss-%{version}.tar.gz
|
||||
Source1: nss.pc.in
|
||||
Source3: nss-config.in
|
||||
Source4: %{name}-rpmlintrc
|
||||
@ -55,8 +55,6 @@ Patch5: renegotiate-transitional.patch
|
||||
Patch6: malloc.patch
|
||||
Patch7: nss-disable-ocsp-test.patch
|
||||
Patch8: nss-sqlitename.patch
|
||||
Patch9: nss-disable-expired-testcerts.patch
|
||||
Patch10: bug-834091.patch
|
||||
%define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
|
||||
PreReq: mozilla-nspr >= %nspr_ver
|
||||
PreReq: libfreebl3 >= %{nss_softokn_fips_version}
|
||||
@ -161,19 +159,16 @@ Mozilla project.
|
||||
|
||||
%prep
|
||||
%setup -n nss-%{version} -q
|
||||
cd mozilla
|
||||
%patch1
|
||||
%patch2
|
||||
%patch3
|
||||
%patch4
|
||||
%patch5
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%if %suse_version > 1110
|
||||
%patch6
|
||||
%patch6 -p1
|
||||
%endif
|
||||
%patch7
|
||||
%patch8
|
||||
%patch9
|
||||
%patch10
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
# additional CA certificates
|
||||
#cd security/nss/lib/ckfw/builtins
|
||||
#cat %{SOURCE2} >> certdata.txt
|
||||
@ -185,7 +180,6 @@ DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
|
||||
TIME="\"$(date -d "${modified}" "+%%R")\""
|
||||
find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
|
||||
|
||||
cd mozilla/security/nss
|
||||
export FREEBL_NO_DEPEND=1
|
||||
export NSPR_INCLUDE_DIR=`nspr-config --includedir`
|
||||
export NSPR_LIB_DIR=`nspr-config --libdir`
|
||||
@ -221,7 +215,7 @@ mkdir -p $RPM_BUILD_ROOT%{_bindir}
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_lib}
|
||||
mkdir -p $RPM_BUILD_ROOT%{nssdbdir}
|
||||
pushd mozilla/dist/Linux*
|
||||
pushd ../dist/Linux*
|
||||
# copy headers
|
||||
cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3
|
||||
# copy dynamic libs
|
||||
@ -278,9 +272,9 @@ s:%%NSPR_VERSION%%:%{nspr_ver}:g" \
|
||||
%{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc
|
||||
# prepare nss-config file
|
||||
popd
|
||||
NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
|
||||
NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'`
|
||||
NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'`
|
||||
NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
|
||||
NSS_VMINOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'`
|
||||
NSS_VPATCH=`cat lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'`
|
||||
cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
|
||||
-e "s,@prefix@,%{_prefix},g" \
|
||||
-e "s,@exec_prefix@,%{_prefix},g" \
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d9d366be94d33395597ebf82363fcdedfa693a6d627cf7f6bec025f609d54cc0
|
||||
size 6189790
|
3
nss-3.15.tar.gz
Normal file
3
nss-3.15.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:8bc424aa4d7cf2b9e0930132f00c36e0c15fb9c3c352d352629914d8b165747b
|
||||
size 6629252
|
@ -1,30 +0,0 @@
|
||||
Index: security/nss/tests/chains/scenarios/realcerts.cfg
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/tests/chains/scenarios/realcerts.cfg,v
|
||||
retrieving revision 1.4
|
||||
diff -u -r1.4 realcerts.cfg
|
||||
--- security/nss/tests/chains/scenarios/realcerts.cfg 20 Mar 2012 14:47:29 -0000 1.4
|
||||
+++ security/nss/tests/chains/scenarios/realcerts.cfg 3 Apr 2013 07:39:49 -0000
|
||||
@@ -14,15 +14,15 @@
|
||||
import PayPalEE:x:
|
||||
import BrAirWaysBadSig:x:
|
||||
|
||||
-verify TestUser50:x
|
||||
- result pass
|
||||
+#verify TestUser50:x
|
||||
+# result pass
|
||||
|
||||
-verify TestUser51:x
|
||||
- result pass
|
||||
+#verify TestUser51:x
|
||||
+# result pass
|
||||
|
||||
-verify PayPalEE:x
|
||||
- policy OID.2.16.840.1.113733.1.7.23.6
|
||||
- result pass
|
||||
+#verify PayPalEE:x
|
||||
+# policy OID.2.16.840.1.113733.1.7.23.6
|
||||
+# result pass
|
||||
|
||||
verify BrAirWaysBadSig:x
|
||||
result fail
|
@ -4,7 +4,7 @@ RCS file: /cvsroot/mozilla/security/nss/tests/chains/scenarios/scenarios,v
|
||||
retrieving revision 1.10
|
||||
diff -u -r1.10 scenarios
|
||||
--- security/nss/tests/chains/scenarios/scenarios 7 Jan 2013 03:56:15 -0000 1.10
|
||||
+++ security/nss/tests/chains/scenarios/scenarios 28 Jan 2013 18:11:16 -0000
|
||||
+++ nss/tests/chains/scenarios/scenarios 28 Jan 2013 18:11:16 -0000
|
||||
@@ -50,6 +50,5 @@
|
||||
realcerts.cfg
|
||||
dsa.cfg
|
||||
|
@ -4,7 +4,7 @@ RCS file: /cvsroot/mozilla/security/nss/cmd/platlibs.mk,v
|
||||
retrieving revision 1.71
|
||||
diff -u -p -6 -r1.71 platlibs.mk
|
||||
--- security/nss/cmd/platlibs.mk 17 Jul 2012 15:22:42 -0000 1.71
|
||||
+++ security/nss/cmd/platlibs.mk 25 Oct 2012 12:07:35 -0000
|
||||
+++ nss/cmd/platlibs.mk 25 Oct 2012 12:07:35 -0000
|
||||
@@ -15,15 +15,15 @@ else
|
||||
EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib:/usr/lib/mps/secv1:/usr/lib/mps'
|
||||
endif
|
||||
|
@ -4,7 +4,7 @@ RCS file: /cvsroot/mozilla/security/nss/lib/sqlite/manifest.mn,v
|
||||
retrieving revision 1.5
|
||||
diff -u -r1.5 manifest.mn
|
||||
--- security/nss/lib/sqlite/manifest.mn 25 Apr 2012 14:50:11 -0000 1.5
|
||||
+++ security/nss/lib/sqlite/manifest.mn 28 Jan 2013 20:48:22 -0000
|
||||
+++ nss/lib/sqlite/manifest.mn 28 Jan 2013 20:48:22 -0000
|
||||
@@ -6,9 +6,10 @@
|
||||
|
||||
MODULE = nss
|
||||
|
@ -1,11 +1,9 @@
|
||||
Index: security/nss/lib/ssl/sslsock.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
|
||||
retrieving revision 1.96
|
||||
diff -u -p -6 -r1.96 sslsock.c
|
||||
--- security/nss/lib/ssl/sslsock.c 24 Sep 2012 23:57:42 -0000 1.96
|
||||
+++ security/nss/lib/ssl/sslsock.c 25 Oct 2012 12:08:56 -0000
|
||||
@@ -147,13 +147,13 @@ static sslOptions ssl_defaults = {
|
||||
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
||||
--- a/lib/ssl/sslsock.c
|
||||
+++ b/lib/ssl/sslsock.c
|
||||
@@ -144,17 +144,17 @@ static sslOptions ssl_defaults = {
|
||||
PR_FALSE, /* fdx */
|
||||
PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
|
||||
PR_TRUE, /* detectRollBack */
|
||||
PR_FALSE, /* noStepDown */
|
||||
PR_FALSE, /* bypassPKCS11 */
|
||||
@ -16,7 +14,9 @@ diff -u -p -6 -r1.96 sslsock.c
|
||||
+ 3, /* enableRenegotiation (default: requires extension) */
|
||||
PR_FALSE, /* requireSafeNegotiation */
|
||||
PR_FALSE, /* enableFalseStart */
|
||||
PR_TRUE /* cbcRandomIV */
|
||||
PR_TRUE, /* cbcRandomIV */
|
||||
PR_FALSE /* enableOCSPStapling */
|
||||
};
|
||||
|
||||
/*
|
||||
* default range of enabled SSL/TLS protocols
|
||||
|
@ -1,16 +1,22 @@
|
||||
Index: security/nss/Makefile
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/Makefile,v
|
||||
retrieving revision 1.36
|
||||
diff -u -p -r1.36 Makefile
|
||||
--- security/nss/Makefile 2 Dec 2008 23:24:39 -0000 1.36
|
||||
+++ security/nss/Makefile 23 Nov 2009 16:19:04 -0000
|
||||
@@ -78,7 +78,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
diff --git a/Makefile b/Makefile
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -39,17 +39,17 @@ include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
#######################################################################
|
||||
|
||||
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
#######################################################################
|
||||
|
||||
-nss_build_all: build_coreconf build_nspr build_dbm all
|
||||
+nss_build_all: build_coreconf build_dbm all
|
||||
-nss_build_all: build_nspr all
|
||||
+nss_build_all: all
|
||||
|
||||
nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber
|
||||
nss_clean_all: clobber_nspr clobber
|
||||
|
||||
NSPR_CONFIG_STATUS = $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/config.status
|
||||
NSPR_CONFIGURE = $(CORE_DEPTH)/../nspr/configure
|
||||
|
||||
#
|
||||
# Translate coreconf build options to NSPR configure options.
|
||||
|
Loading…
Reference in New Issue
Block a user