- update to 3.15.5

* required for Firefox 28
  * export FREEBL_LOWHASH to get the correct default headers
    (bnc#865539)
  New functionality
  * Added support for the TLS application layer protocol negotiation
    (ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and
    SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both)
    should be used for application layer protocol negotiation.
  * Added the TLS padding extension. The extension type value is 35655,
    which may change when an official extension type value is assigned
    by IANA. NSS automatically adds the padding extension to ClientHello
    when necessary.
  * Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting
    the tail of a CERTCertList.
  Notable Changes
  * bmo#950129: Improve the OCSP fetching policy when verifying OCSP
    responses
  * bmo#949060: Validate the iov input argument (an array of PRIOVec
    structures) of ssl_WriteV (called via PR_Writev). Applications should
    still take care when converting struct iov to PRIOVec because the
    iov_len members of the two structures have different types
    (size_t vs. int). size_t is unsigned and may be larger than int.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=153
This commit is contained in:
Wolfgang Rosenauer 2014-02-25 12:02:07 +00:00 committed by Git OBS Bridge
parent d377e44364
commit ceb833b465
5 changed files with 36 additions and 17 deletions

View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Tue Feb 25 11:31:18 UTC 2014 - wr@rosenauer.org
- update to 3.15.5
* required for Firefox 28
* export FREEBL_LOWHASH to get the correct default headers
(bnc#865539)
New functionality
* Added support for the TLS application layer protocol negotiation
(ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and
SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both)
should be used for application layer protocol negotiation.
* Added the TLS padding extension. The extension type value is 35655,
which may change when an official extension type value is assigned
by IANA. NSS automatically adds the padding extension to ClientHello
when necessary.
* Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting
the tail of a CERTCertList.
Notable Changes
* bmo#950129: Improve the OCSP fetching policy when verifying OCSP
responses
* bmo#949060: Validate the iov input argument (an array of PRIOVec
structures) of ssl_WriteV (called via PR_Writev). Applications should
still take care when converting struct iov to PRIOVec because the
iov_len members of the two structures have different types
(size_t vs. int). size_t is unsigned and may be larger than int.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 20 10:55:30 UTC 2014 - aj@ajaissle.de Thu Feb 20 10:55:30 UTC 2014 - aj@ajaissle.de

View File

@ -25,7 +25,7 @@ BuildRequires: mozilla-nspr-devel >= 4.9
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRequires: sqlite-devel BuildRequires: sqlite-devel
BuildRequires: zlib-devel BuildRequires: zlib-devel
Version: 3.15.4 Version: 3.15.5
Release: 0 Release: 0
# bug437293 # bug437293
%ifarch ppc64 %ifarch ppc64
@ -36,8 +36,8 @@ Summary: Network Security Services
License: MPL-2.0 License: MPL-2.0
Group: System/Libraries Group: System/Libraries
Url: http://www.mozilla.org/projects/security/pki/nss/ Url: http://www.mozilla.org/projects/security/pki/nss/
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_4_RTM/src/nss-%{version}.tar.gz Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_5_RTM/src/nss-%{version}.tar.gz
# hg clone https://hg.mozilla.org/projects/nss nss-3.15.4/nss ; cd nss-3.15.4/nss ; hg up NSS_3_15_4_RTM # hg clone https://hg.mozilla.org/projects/nss nss-3.15.5/nss ; cd nss-3.15.5/nss ; hg up NSS_3_15_5_RTM
#Source: nss-%{version}.tar.gz #Source: nss-%{version}.tar.gz
Source1: nss.pc.in Source1: nss.pc.in
Source3: nss-config.in Source3: nss-config.in
@ -185,6 +185,7 @@ TIME="\"$(date -d "${modified}" "+%%R")\""
find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} + find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
export FREEBL_NO_DEPEND=1 export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export NSPR_INCLUDE_DIR=`nspr-config --includedir` export NSPR_INCLUDE_DIR=`nspr-config --includedir`
export NSPR_LIB_DIR=`nspr-config --libdir` export NSPR_LIB_DIR=`nspr-config --libdir`
export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:14d69a0735c5af6b3cc12591f7ebf272203e889f09104182148091d0af682d7c
size 6366271

3
nss-3.15.5.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1442c85624b7de74c7745132a65aa0de47d280c4f01f293d111bc0b6d8271f43
size 6367893

View File

@ -1,12 +1,8 @@
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
index e6b2387..87fbe1d 100644
--- a/lib/ssl/sslsock.c --- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c
@@ -144,17 +144,17 @@ static sslOptions ssl_defaults = { @@ -74,7 +74,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* fdx */
PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
PR_TRUE, /* detectRollBack */
PR_FALSE, /* noStepDown */
PR_FALSE, /* bypassPKCS11 */
PR_FALSE, /* noLocks */ PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */ PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */ PR_FALSE, /* enableDeflate */
@ -15,8 +11,3 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */ PR_FALSE, /* enableFalseStart */
PR_TRUE, /* cbcRandomIV */ PR_TRUE, /* cbcRandomIV */
PR_FALSE /* enableOCSPStapling */
};
/*
* default range of enabled SSL/TLS protocols