Accepting request 139298 from mozilla:Factory

OBS-URL: https://build.opensuse.org/request/show/139298
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=72

mozilla-nss.changes

@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Thu Oct 25 12:02:22 UTC 2012 - wr@rosenauer.org
+
+- update to 3.14 RTM
+  * Support for TLS 1.1 (RFC 4346)
+  * Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)
+  * Support for AES-CTR, AES-CTS, and AES-GCM
+  * Support for Keying Material Exporters for TLS (RFC 5705)
+  * Support for certificate signatures using the MD5 hash algorithm
+    is now disabled by default
+  * The NSS license has changed to MPL 2.0. Previous releases were
+    released under a MPL 1.1/GPL 2.0/LGPL  2.1 tri-license. For more
+    information about MPL 2.0, please see
+    http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional
+    explanation on GPL/LGPL compatibility, see security/nss/COPYING
+    in the source code.
+  * Export and DES cipher suites are disabled by default. Non-ECC
+    AES and Triple DES cipher suites are enabled by default
+- disabled OCSP testcases since they need external network
+  (nss-disable-ocsp-test.patch)
+
 -------------------------------------------------------------------
 Wed Aug 15 13:57:42 UTC 2012 - wr@rosenauer.org
 

mozilla-nss.spec

@@ -25,7 +25,7 @@ BuildRequires:  mozilla-nspr-devel
 BuildRequires:  pkg-config
 BuildRequires:  sqlite3-devel
 BuildRequires:  zlib-devel
-Version:        3.13.6
+Version:        3.14
 Release:        0
 # bug437293
 %ifarch ppc64
@@ -33,7 +33,7 @@ Obsoletes:      mozilla-nss-64bit
 %endif
 #
 Summary:        Network Security Services
-License:        MPL-1.1 or GPL-2.0+ or LGPL-2.1+
+License:        MPL-2.0
 Group:          System/Libraries
 Url:            http://www.mozilla.org/projects/security/pki/nss/
 # cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -r <RTM_TAG> NSS
@@ -53,6 +53,7 @@ Patch3:         char.patch
 Patch4:         nss-no-rpath.patch
 Patch5:         renegotiate-transitional.patch
 Patch6:         malloc.patch
+Patch7:         nss-disable-ocsp-test.patch
 %define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
 PreReq:         mozilla-nspr >= %nspr_ver
 PreReq:         libfreebl3 >= %{nss_softokn_fips_version}
@@ -166,6 +167,7 @@ cd mozilla
 %if %suse_version > 1110
 %patch6
 %endif
+%patch7
 # additional CA certificates
 #cd security/nss/lib/ckfw/builtins
 #cat %{SOURCE2} >> certdata.txt

nss-3.13.6.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1737a01d1bf5bdeda5d03cdcc7b7e12559cbdfc11a8e52196b6452b643939c69
-size 4646121

nss-3.14.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:573fe07884f64fe4be3899c6fcd32134b3fcf6258cd8a206143e9a7dfb72a500
+size 4772462

nss-disable-ocsp-test.patch

@@ -0,0 +1,16 @@
+Index: security/nss/tests/chains/scenarios/scenarios
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/tests/chains/scenarios/scenarios,v
+retrieving revision 1.9
+diff -u -p -6 -r1.9 scenarios
+--- security/nss/tests/chains/scenarios/scenarios	9 Nov 2009 14:18:58 -0000	1.9
++++ security/nss/tests/chains/scenarios/scenarios	25 Oct 2012 13:40:00 -0000
+@@ -46,8 +46,7 @@ aia.cfg
+ bridgewithaia.cfg
+ bridgewithhalfaia.cfg
+ bridgewithpolicyextensionandmapping.cfg
+ realcerts.cfg
+ dsa.cfg
+ revoc.cfg
+-ocsp.cfg
+ crldp.cfg

nss-no-rpath.patch

@@ -1,13 +1,16 @@
 Index: security/nss/cmd/platlibs.mk
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/cmd/platlibs.mk,v
-retrieving revision 1.64
-diff -u -r1.64 platlibs.mk
---- security/nss/cmd/platlibs.mk	17 Jun 2009 23:01:48 -0000	1.64
-+++ security/nss/cmd/platlibs.mk	31 Jul 2009 08:04:09 -0000
-@@ -53,9 +53,9 @@
+retrieving revision 1.71
+diff -u -p -6 -r1.71 platlibs.mk
+--- security/nss/cmd/platlibs.mk	17 Jul 2012 15:22:42 -0000	1.71
++++ security/nss/cmd/platlibs.mk	25 Oct 2012 12:07:35 -0000
+@@ -15,15 +15,15 @@ else
+ EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib:/usr/lib/mps/secv1:/usr/lib/mps'
+ endif
+ endif
+ 
  ifeq ($(OS_ARCH), Linux)
- ifeq ($(BUILD_SUN_PKG), 1)
  ifeq ($(USE_64), 1)
 -EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib'
 +#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib'
@@ -15,5 +18,8 @@ diff -u -r1.64 platlibs.mk
 -EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib'
 +#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib'
  endif
- else
- ifeq ($(USE_64), 1)
+ endif
+ 
+ endif # BUILD_SUN_PKG
+ 
+ ifdef NSS_DISABLE_DBM

renegotiate-transitional.patch

@@ -1,11 +1,11 @@
 Index: security/nss/lib/ssl/sslsock.c
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
-retrieving revision 1.75
-diff -u -p -6 -r1.75 sslsock.c
---- security/nss/lib/ssl/sslsock.c	22 Oct 2011 16:45:40 -0000	1.75
-+++ security/nss/lib/ssl/sslsock.c	24 Oct 2011 12:52:25 -0000
-@@ -178,13 +178,13 @@ static sslOptions ssl_defaults = {
+retrieving revision 1.96
+diff -u -p -6 -r1.96 sslsock.c
+--- security/nss/lib/ssl/sslsock.c	24 Sep 2012 23:57:42 -0000	1.96
++++ security/nss/lib/ssl/sslsock.c	25 Oct 2012 12:08:56 -0000
+@@ -147,13 +147,13 @@ static sslOptions ssl_defaults = {
      PR_TRUE,	/* detectRollBack     */
      PR_FALSE,   /* noStepDown         */
      PR_FALSE,   /* bypassPKCS11       */
@@ -13,10 +13,10 @@ diff -u -p -6 -r1.75 sslsock.c
      PR_FALSE,   /* enableSessionTickets */
      PR_FALSE,   /* enableDeflate      */
 -    2,          /* enableRenegotiation (default: requires extension) */
-+    3,          /* enableRenegotiation (default: transitional) */
++    3,          /* enableRenegotiation (default: requires extension) */
      PR_FALSE,   /* requireSafeNegotiation */
      PR_FALSE,   /* enableFalseStart   */
      PR_TRUE     /* cbcRandomIV        */
  };
  
- sslSessionIDLookupFunc  ssl_sid_lookup;
+ /*