- update to 3.15.5
* required for Firefox 28 * export FREEBL_LOWHASH to get the correct default headers (bnc#865539) New functionality * Added support for the TLS application layer protocol negotiation (ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both) should be used for application layer protocol negotiation. * Added the TLS padding extension. The extension type value is 35655, which may change when an official extension type value is assigned by IANA. NSS automatically adds the padding extension to ClientHello when necessary. * Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting the tail of a CERTCertList. Notable Changes * bmo#950129: Improve the OCSP fetching policy when verifying OCSP responses * bmo#949060: Validate the iov input argument (an array of PRIOVec structures) of ssl_WriteV (called via PR_Writev). Applications should still take care when converting struct iov to PRIOVec because the iov_len members of the two structures have different types (size_t vs. int). size_t is unsigned and may be larger than int. OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=153
This commit is contained in:
parent
d377e44364
commit
ceb833b465
@ -1,3 +1,30 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 25 11:31:18 UTC 2014 - wr@rosenauer.org
|
||||||
|
|
||||||
|
- update to 3.15.5
|
||||||
|
* required for Firefox 28
|
||||||
|
* export FREEBL_LOWHASH to get the correct default headers
|
||||||
|
(bnc#865539)
|
||||||
|
New functionality
|
||||||
|
* Added support for the TLS application layer protocol negotiation
|
||||||
|
(ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and
|
||||||
|
SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both)
|
||||||
|
should be used for application layer protocol negotiation.
|
||||||
|
* Added the TLS padding extension. The extension type value is 35655,
|
||||||
|
which may change when an official extension type value is assigned
|
||||||
|
by IANA. NSS automatically adds the padding extension to ClientHello
|
||||||
|
when necessary.
|
||||||
|
* Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting
|
||||||
|
the tail of a CERTCertList.
|
||||||
|
Notable Changes
|
||||||
|
* bmo#950129: Improve the OCSP fetching policy when verifying OCSP
|
||||||
|
responses
|
||||||
|
* bmo#949060: Validate the iov input argument (an array of PRIOVec
|
||||||
|
structures) of ssl_WriteV (called via PR_Writev). Applications should
|
||||||
|
still take care when converting struct iov to PRIOVec because the
|
||||||
|
iov_len members of the two structures have different types
|
||||||
|
(size_t vs. int). size_t is unsigned and may be larger than int.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 20 10:55:30 UTC 2014 - aj@ajaissle.de
|
Thu Feb 20 10:55:30 UTC 2014 - aj@ajaissle.de
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ BuildRequires: mozilla-nspr-devel >= 4.9
|
|||||||
BuildRequires: pkg-config
|
BuildRequires: pkg-config
|
||||||
BuildRequires: sqlite-devel
|
BuildRequires: sqlite-devel
|
||||||
BuildRequires: zlib-devel
|
BuildRequires: zlib-devel
|
||||||
Version: 3.15.4
|
Version: 3.15.5
|
||||||
Release: 0
|
Release: 0
|
||||||
# bug437293
|
# bug437293
|
||||||
%ifarch ppc64
|
%ifarch ppc64
|
||||||
@ -36,8 +36,8 @@ Summary: Network Security Services
|
|||||||
License: MPL-2.0
|
License: MPL-2.0
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
Url: http://www.mozilla.org/projects/security/pki/nss/
|
Url: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_4_RTM/src/nss-%{version}.tar.gz
|
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_5_RTM/src/nss-%{version}.tar.gz
|
||||||
# hg clone https://hg.mozilla.org/projects/nss nss-3.15.4/nss ; cd nss-3.15.4/nss ; hg up NSS_3_15_4_RTM
|
# hg clone https://hg.mozilla.org/projects/nss nss-3.15.5/nss ; cd nss-3.15.5/nss ; hg up NSS_3_15_5_RTM
|
||||||
#Source: nss-%{version}.tar.gz
|
#Source: nss-%{version}.tar.gz
|
||||||
Source1: nss.pc.in
|
Source1: nss.pc.in
|
||||||
Source3: nss-config.in
|
Source3: nss-config.in
|
||||||
@ -185,6 +185,7 @@ TIME="\"$(date -d "${modified}" "+%%R")\""
|
|||||||
find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
|
find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
|
||||||
|
|
||||||
export FREEBL_NO_DEPEND=1
|
export FREEBL_NO_DEPEND=1
|
||||||
|
export FREEBL_LOWHASH=1
|
||||||
export NSPR_INCLUDE_DIR=`nspr-config --includedir`
|
export NSPR_INCLUDE_DIR=`nspr-config --includedir`
|
||||||
export NSPR_LIB_DIR=`nspr-config --libdir`
|
export NSPR_LIB_DIR=`nspr-config --libdir`
|
||||||
export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
|
export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:14d69a0735c5af6b3cc12591f7ebf272203e889f09104182148091d0af682d7c
|
|
||||||
size 6366271
|
|
3
nss-3.15.5.tar.gz
Normal file
3
nss-3.15.5.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:1442c85624b7de74c7745132a65aa0de47d280c4f01f293d111bc0b6d8271f43
|
||||||
|
size 6367893
|
@ -1,12 +1,8 @@
|
|||||||
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
||||||
|
index e6b2387..87fbe1d 100644
|
||||||
--- a/lib/ssl/sslsock.c
|
--- a/lib/ssl/sslsock.c
|
||||||
+++ b/lib/ssl/sslsock.c
|
+++ b/lib/ssl/sslsock.c
|
||||||
@@ -144,17 +144,17 @@ static sslOptions ssl_defaults = {
|
@@ -74,7 +74,7 @@ static sslOptions ssl_defaults = {
|
||||||
PR_FALSE, /* fdx */
|
|
||||||
PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
|
|
||||||
PR_TRUE, /* detectRollBack */
|
|
||||||
PR_FALSE, /* noStepDown */
|
|
||||||
PR_FALSE, /* bypassPKCS11 */
|
|
||||||
PR_FALSE, /* noLocks */
|
PR_FALSE, /* noLocks */
|
||||||
PR_FALSE, /* enableSessionTickets */
|
PR_FALSE, /* enableSessionTickets */
|
||||||
PR_FALSE, /* enableDeflate */
|
PR_FALSE, /* enableDeflate */
|
||||||
@ -15,8 +11,3 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
|||||||
PR_FALSE, /* requireSafeNegotiation */
|
PR_FALSE, /* requireSafeNegotiation */
|
||||||
PR_FALSE, /* enableFalseStart */
|
PR_FALSE, /* enableFalseStart */
|
||||||
PR_TRUE, /* cbcRandomIV */
|
PR_TRUE, /* cbcRandomIV */
|
||||||
PR_FALSE /* enableOCSPStapling */
|
|
||||||
};
|
|
||||||
|
|
||||||
/*
|
|
||||||
* default range of enabled SSL/TLS protocols
|
|
||||||
|
Loading…
Reference in New Issue
Block a user