Cherry-pick merge branch 'master' into f19
This commit is contained in:
commit
05f0cc9e6b
|
@ -8,4 +8,4 @@ TestCA.ca.cert
|
|||
TestUser50.cert
|
||||
TestUser51.cert
|
||||
/nss-pem-20140125.tar.bz2
|
||||
/nss-3.17.2.tar.gz
|
||||
/nss-3.17.3.tar.gz
|
||||
|
|
16
nss.spec
16
nss.spec
|
@ -1,6 +1,6 @@
|
|||
%global nspr_version 4.10.7
|
||||
%global nss_util_version 3.17.2
|
||||
%global nss_softokn_version 3.17.2
|
||||
%global nss_util_version 3.17.3
|
||||
%global nss_softokn_version 3.17.3
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
|
||||
|
||||
|
@ -18,7 +18,7 @@
|
|||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.17.2
|
||||
Version: 3.17.3
|
||||
Release: 1%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
|
@ -93,6 +93,8 @@ Patch49: nss-skip-bltest-and-fipstest.patch
|
|||
# headers are older. Such is the case when starting an update with API changes or even private export changes.
|
||||
# Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
|
||||
Patch50: iquote.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
|
||||
Patch51: tls12.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
@ -182,6 +184,9 @@ low level services.
|
|||
%patch47 -p0 -b .templates
|
||||
%patch49 -p0 -b .skipthem
|
||||
%patch50 -p0 -b .iquote
|
||||
pushd nss
|
||||
%patch51 -p1 -b .994599
|
||||
popd
|
||||
|
||||
#########################################################
|
||||
# Higher-level libraries and test tools need access to
|
||||
|
@ -765,6 +770,11 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Sat Dec 06 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-1
|
||||
- Update to nss-3.17.3
|
||||
- Resolves: Bug 1171012 - nss-3.17.3 is available
|
||||
- Resolves: Bug 994599 - Enable TLS 1.2 by default
|
||||
|
||||
* Mon Oct 13 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.2-1
|
||||
- Update to nss-3.17.2
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -8,4 +8,4 @@ f998b70c1be25e8bb9f5fdb5d50eb6f2 TestCA.ca.cert
|
|||
1b7b6808cd77d5df29bf5bb9e5fac967 TestUser50.cert
|
||||
ab0b56dd505a995425c03e5266f7c8d6 TestUser51.cert
|
||||
b8a94e863c852e1f8b75e930e76f8640 nss-pem-20140125.tar.bz2
|
||||
d3edb6f6c3688b2fde67ec9c9a8c1214 nss-3.17.2.tar.gz
|
||||
fba7489e1b26f2a0bfe5527430fd61e1 nss-3.17.3.tar.gz
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
# HG changeset patch
|
||||
# User Martin Thomson <martin.thomson@gmail.com>
|
||||
# Date 1413479112 25200
|
||||
# Thu Oct 16 10:05:12 2014 -0700
|
||||
# Node ID f7e1c2c652f4c2522a0a5ec232ecebae1983053d
|
||||
# Parent 24852c6f89ea7ed2b8f231320d9a0a03bdd706d4
|
||||
Bug 1083900 - Updating default maximum version to 1.2
|
||||
|
||||
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
||||
--- a/lib/ssl/sslsock.c
|
||||
+++ b/lib/ssl/sslsock.c
|
||||
@@ -85,22 +85,22 @@ static sslOptions ssl_defaults = {
|
||||
PR_FALSE /* enableFallbackSCSV */
|
||||
};
|
||||
|
||||
/*
|
||||
* default range of enabled SSL/TLS protocols
|
||||
*/
|
||||
static SSLVersionRange versions_defaults_stream = {
|
||||
SSL_LIBRARY_VERSION_3_0,
|
||||
- SSL_LIBRARY_VERSION_TLS_1_0
|
||||
+ SSL_LIBRARY_VERSION_TLS_1_2
|
||||
};
|
||||
|
||||
static SSLVersionRange versions_defaults_datagram = {
|
||||
SSL_LIBRARY_VERSION_TLS_1_1,
|
||||
- SSL_LIBRARY_VERSION_TLS_1_1
|
||||
+ SSL_LIBRARY_VERSION_TLS_1_2
|
||||
};
|
||||
|
||||
#define VERSIONS_DEFAULTS(variant) \
|
||||
(variant == ssl_variant_stream ? &versions_defaults_stream : \
|
||||
&versions_defaults_datagram)
|
||||
|
||||
sslSessionIDLookupFunc ssl_sid_lookup;
|
||||
sslSessionIDCacheFunc ssl_sid_cache;
|
Loading…
Reference in New Issue