From ceb833b465e3650ce98b3c780eef18f82f7b91623ad7a49e5039a9b24f7ed078 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 25 Feb 2014 12:02:07 +0000 Subject: [PATCH] - update to 3.15.5 * required for Firefox 28 * export FREEBL_LOWHASH to get the correct default headers (bnc#865539) New functionality * Added support for the TLS application layer protocol negotiation (ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both) should be used for application layer protocol negotiation. * Added the TLS padding extension. The extension type value is 35655, which may change when an official extension type value is assigned by IANA. NSS automatically adds the padding extension to ClientHello when necessary. * Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting the tail of a CERTCertList. Notable Changes * bmo#950129: Improve the OCSP fetching policy when verifying OCSP responses * bmo#949060: Validate the iov input argument (an array of PRIOVec structures) of ssl_WriteV (called via PR_Writev). Applications should still take care when converting struct iov to PRIOVec because the iov_len members of the two structures have different types (size_t vs. int). size_t is unsigned and may be larger than int. OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=153 --- mozilla-nss.changes | 27 +++++++++++++++++++++++++++ mozilla-nss.spec | 7 ++++--- nss-3.15.4.tar.gz | 3 --- nss-3.15.5.tar.gz | 3 +++ renegotiate-transitional.patch | 13 ++----------- 5 files changed, 36 insertions(+), 17 deletions(-) delete mode 100644 nss-3.15.4.tar.gz create mode 100644 nss-3.15.5.tar.gz diff --git a/mozilla-nss.changes b/mozilla-nss.changes index 17cb039..523163a 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Tue Feb 25 11:31:18 UTC 2014 - wr@rosenauer.org + +- update to 3.15.5 + * required for Firefox 28 + * export FREEBL_LOWHASH to get the correct default headers + (bnc#865539) + New functionality + * Added support for the TLS application layer protocol negotiation + (ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and + SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both) + should be used for application layer protocol negotiation. + * Added the TLS padding extension. The extension type value is 35655, + which may change when an official extension type value is assigned + by IANA. NSS automatically adds the padding extension to ClientHello + when necessary. + * Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting + the tail of a CERTCertList. + Notable Changes + * bmo#950129: Improve the OCSP fetching policy when verifying OCSP + responses + * bmo#949060: Validate the iov input argument (an array of PRIOVec + structures) of ssl_WriteV (called via PR_Writev). Applications should + still take care when converting struct iov to PRIOVec because the + iov_len members of the two structures have different types + (size_t vs. int). size_t is unsigned and may be larger than int. + ------------------------------------------------------------------- Thu Feb 20 10:55:30 UTC 2014 - aj@ajaissle.de diff --git a/mozilla-nss.spec b/mozilla-nss.spec index c7db34e..a93cbf6 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -25,7 +25,7 @@ BuildRequires: mozilla-nspr-devel >= 4.9 BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.15.4 +Version: 3.15.5 Release: 0 # bug437293 %ifarch ppc64 @@ -36,8 +36,8 @@ Summary: Network Security Services License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ -Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_4_RTM/src/nss-%{version}.tar.gz -# hg clone https://hg.mozilla.org/projects/nss nss-3.15.4/nss ; cd nss-3.15.4/nss ; hg up NSS_3_15_4_RTM +Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_5_RTM/src/nss-%{version}.tar.gz +# hg clone https://hg.mozilla.org/projects/nss nss-3.15.5/nss ; cd nss-3.15.5/nss ; hg up NSS_3_15_5_RTM #Source: nss-%{version}.tar.gz Source1: nss.pc.in Source3: nss-config.in @@ -185,6 +185,7 @@ TIME="\"$(date -d "${modified}" "+%%R")\"" find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} + export FREEBL_NO_DEPEND=1 +export FREEBL_LOWHASH=1 export NSPR_INCLUDE_DIR=`nspr-config --includedir` export NSPR_LIB_DIR=`nspr-config --libdir` export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" diff --git a/nss-3.15.4.tar.gz b/nss-3.15.4.tar.gz deleted file mode 100644 index 529e6fa..0000000 --- a/nss-3.15.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:14d69a0735c5af6b3cc12591f7ebf272203e889f09104182148091d0af682d7c -size 6366271 diff --git a/nss-3.15.5.tar.gz b/nss-3.15.5.tar.gz new file mode 100644 index 0000000..046e241 --- /dev/null +++ b/nss-3.15.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1442c85624b7de74c7745132a65aa0de47d280c4f01f293d111bc0b6d8271f43 +size 6367893 diff --git a/renegotiate-transitional.patch b/renegotiate-transitional.patch index 625429d..c15477c 100644 --- a/renegotiate-transitional.patch +++ b/renegotiate-transitional.patch @@ -1,12 +1,8 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c +index e6b2387..87fbe1d 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c -@@ -144,17 +144,17 @@ static sslOptions ssl_defaults = { - PR_FALSE, /* fdx */ - PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */ - PR_TRUE, /* detectRollBack */ - PR_FALSE, /* noStepDown */ - PR_FALSE, /* bypassPKCS11 */ +@@ -74,7 +74,7 @@ static sslOptions ssl_defaults = { PR_FALSE, /* noLocks */ PR_FALSE, /* enableSessionTickets */ PR_FALSE, /* enableDeflate */ @@ -15,8 +11,3 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* enableFalseStart */ PR_TRUE, /* cbcRandomIV */ - PR_FALSE /* enableOCSPStapling */ - }; - - /* - * default range of enabled SSL/TLS protocols