From 80c4a0174f314bc76c1938290f74d9d8455a199986a54ff91d922a6df6dd2f6e Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 3 Jul 2013 10:36:27 +0000 Subject: [PATCH 1/3] Accepting request 181778 from home:lnussel:branches:Base:System - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) OBS-URL: https://build.opensuse.org/request/show/181778 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=127 --- mozilla-nss.changes | 6 ++++++ mozilla-nss.spec | 6 +++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/mozilla-nss.changes b/mozilla-nss.changes index 213e754..5e960d6 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jun 28 09:27:24 UTC 2013 - lnussel@suse.de + +- require libnssckbi instead of mozilla-nss-certs so p11-kit can + conflict with the latter (fate#314991) + ------------------------------------------------------------------- Tue Jun 11 04:58:56 UTC 2013 - wr@rosenauer.org diff --git a/mozilla-nss.spec b/mozilla-nss.spec index 997c3aa..8b9490b 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -59,7 +59,11 @@ Patch8: nss-sqlitename.patch PreReq: mozilla-nspr >= %nspr_ver PreReq: libfreebl3 >= %{nss_softokn_fips_version} PreReq: libsoftokn3 >= %{nss_softokn_fips_version} -Requires: mozilla-nss-certs +%if %{_lib} == lib64 +Requires: libnssckbi.so()(64bit) +%else +Requires: libnssckbi.so() +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build %define nssdbdir %{_sysconfdir}/pki/nssdb %ifnarch %sparc From 1256cc68192e32524b4f4c284ebc1a5163097ac4cf76da3e0c7e2e0772138ec8 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 3 Jul 2013 12:00:07 +0000 Subject: [PATCH 2/3] - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=128 --- mozilla-nss.changes | 14 ++++++++++++++ mozilla-nss.spec | 6 +++--- nss-3.15.1.tar.gz | 3 +++ nss-3.15.tar.gz | 3 --- 4 files changed, 20 insertions(+), 6 deletions(-) create mode 100644 nss-3.15.1.tar.gz delete mode 100644 nss-3.15.tar.gz diff --git a/mozilla-nss.changes b/mozilla-nss.changes index 5e960d6..bb502d2 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Jul 3 11:55:58 UTC 2013 - wr@rosenauer.org + +- update to 3.15.1 + * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites + (RFC 5246 and RFC 5289) are supported, allowing TLS to be used + without MD5 and SHA-1. + Note the following limitations: + The hash function used in the signature for TLS 1.2 client + authentication must be the hash function of the TLS 1.2 PRF, + which is always SHA-256 in NSS 3.15.1. + AES GCM cipher suites are not yet supported. + * some bugfixes and improvements + ------------------------------------------------------------------- Fri Jun 28 09:27:24 UTC 2013 - lnussel@suse.de diff --git a/mozilla-nss.spec b/mozilla-nss.spec index 8b9490b..37a03bd 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -25,7 +25,7 @@ BuildRequires: mozilla-nspr-devel BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.15 +Version: 3.15.1 Release: 0 # bug437293 %ifarch ppc64 @@ -36,8 +36,8 @@ Summary: Network Security Services License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ -# hg clone https://hg.mozilla.org/projects/nss; hg up NSS_3_15_RTM -Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_RTM/src/nss-%{version}.tar.gz +# hg clone https://hg.mozilla.org/projects/nss; hg up NSS_3_15_1_RTM +Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/nss-%{version}.tar.gz Source1: nss.pc.in Source3: nss-config.in Source4: %{name}-rpmlintrc diff --git a/nss-3.15.1.tar.gz b/nss-3.15.1.tar.gz new file mode 100644 index 0000000..a04de36 --- /dev/null +++ b/nss-3.15.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f994106a33d1f3210f4151bbb3419a1c28fd1cb545caa7dc9afdebd6da626284 +size 6286561 diff --git a/nss-3.15.tar.gz b/nss-3.15.tar.gz deleted file mode 100644 index 9bf3cf2..0000000 --- a/nss-3.15.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c139f331ddcff4d5485590ee1b4489d3731aa520d4f5d942e2e40bba1e23a3cd -size 6276213 From 997d66ac8eedd13b77d7f7bdd95200a1d1b6bdef07702143ab96e8dfe6d1351d Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 3 Jul 2013 12:27:52 +0000 Subject: [PATCH 3/3] rebase patch OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=129 --- nss-disable-ocsp-test.patch | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/nss-disable-ocsp-test.patch b/nss-disable-ocsp-test.patch index 84d3a02..ac4bb05 100644 --- a/nss-disable-ocsp-test.patch +++ b/nss-disable-ocsp-test.patch @@ -1,14 +1,16 @@ -Index: security/nss/tests/chains/scenarios/scenarios -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/tests/chains/scenarios/scenarios,v -retrieving revision 1.10 -diff -u -r1.10 scenarios ---- security/nss/tests/chains/scenarios/scenarios 7 Jan 2013 03:56:15 -0000 1.10 -+++ nss/tests/chains/scenarios/scenarios 28 Jan 2013 18:11:16 -0000 -@@ -50,6 +50,5 @@ +diff --git a/tests/chains/scenarios/scenarios b/tests/chains/scenarios/scenarios +--- a/tests/chains/scenarios/scenarios ++++ b/tests/chains/scenarios/scenarios +@@ -45,12 +45,11 @@ mapping.cfg + mapping2.cfg + aia.cfg + bridgewithaia.cfg + bridgewithhalfaia.cfg + bridgewithpolicyextensionandmapping.cfg realcerts.cfg dsa.cfg revoc.cfg -ocsp.cfg crldp.cfg trustanchors.cfg + nameconstraints.cfg