Accepting request 201263 from mozilla:Factory

Contains a security relevant bugfix and should be considered for 13.1

- update to 3.15.2 (bnc#842979)
  * Support for AES-GCM ciphersuites that use the SHA-256 PRF
  * MD2, MD4, and MD5 signatures are no longer accepted for OCSP
    or CRLs
  * Add PK11_CipherFinal macro
  * sizeof() used incorrectly
  * nssutil_ReadSecmodDB() leaks memory
  * Allow SSL_HandshakeNegotiatedExtension to be called before
    the handshake is finished.
  * Deprecate the SSL cipher policy code
  * Avoid uninitialized data read in the event of a decryption
    failure. (CVE-2013-1739)

OBS-URL: https://build.opensuse.org/request/show/201263
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=84
This commit is contained in:
Stephan Kulow 2013-09-29 15:50:27 +00:00 committed by Git OBS Bridge
commit 7b55833f6c
4 changed files with 21 additions and 5 deletions

View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Sat Sep 28 04:20:41 UTC 2013 - crrodriguez@opensuse.org
- update to 3.15.2 (bnc#842979)
* Support for AES-GCM ciphersuites that use the SHA-256 PRF
* MD2, MD4, and MD5 signatures are no longer accepted for OCSP
or CRLs
* Add PK11_CipherFinal macro
* sizeof() used incorrectly
* nssutil_ReadSecmodDB() leaks memory
* Allow SSL_HandshakeNegotiatedExtension to be called before
the handshake is finished.
* Deprecate the SSL cipher policy code
* Avoid uninitialized data read in the event of a decryption
failure. (CVE-2013-1739)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jul 5 08:08:57 UTC 2013 - lnussel@suse.de Fri Jul 5 08:08:57 UTC 2013 - lnussel@suse.de

View File

@ -25,7 +25,7 @@ BuildRequires: mozilla-nspr-devel
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRequires: sqlite-devel BuildRequires: sqlite-devel
BuildRequires: zlib-devel BuildRequires: zlib-devel
Version: 3.15.1 Version: 3.15.2
Release: 0 Release: 0
# bug437293 # bug437293
%ifarch ppc64 %ifarch ppc64
@ -37,7 +37,7 @@ License: MPL-2.0
Group: System/Libraries Group: System/Libraries
Url: http://www.mozilla.org/projects/security/pki/nss/ Url: http://www.mozilla.org/projects/security/pki/nss/
# hg clone https://hg.mozilla.org/projects/nss; hg up NSS_3_15_1_RTM # hg clone https://hg.mozilla.org/projects/nss; hg up NSS_3_15_1_RTM
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/nss-%{version}.tar.gz Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_2_RTM/src/nss-%{version}.tar.gz
Source1: nss.pc.in Source1: nss.pc.in
Source3: nss-config.in Source3: nss-config.in
Source4: %{name}-rpmlintrc Source4: %{name}-rpmlintrc

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f994106a33d1f3210f4151bbb3419a1c28fd1cb545caa7dc9afdebd6da626284
size 6286561

3
nss-3.15.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7b2c80d18c49581edbdb509cbf7afd61d8c53658f2a38ff20e224c1909faeddc
size 6288669