Cherry-pick merge branch 'master' into f19

.gitignore

@@ -8,4 +8,4 @@ TestCA.ca.cert
 TestUser50.cert
 TestUser51.cert
 /nss-pem-20140125.tar.bz2
-/nss-3.17.2.tar.gz
+/nss-3.17.3.tar.gz

nss.spec

@@ -1,6 +1,6 @@
 %global nspr_version 4.10.7
-%global nss_util_version 3.17.2
-%global nss_softokn_version 3.17.2
+%global nss_util_version 3.17.3
+%global nss_softokn_version 3.17.3
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 %global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
 
@@ -18,7 +18,7 @@
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.17.2
+Version:          3.17.3
 Release:          1%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
@@ -93,6 +93,8 @@ Patch49:          nss-skip-bltest-and-fipstest.patch
 # headers are older. Such is the case when starting an update with API changes or even private export changes.
 # Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
 Patch50:          iquote.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
+Patch51:          tls12.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -182,6 +184,9 @@ low level services.
 %patch47 -p0 -b .templates
 %patch49 -p0 -b .skipthem
 %patch50 -p0 -b .iquote
+pushd nss
+%patch51 -p1 -b .994599
+popd
 
 #########################################################
 # Higher-level libraries and test tools need access to
@@ -765,6 +770,11 @@ fi
 
 
 %changelog
+* Sat Dec 06 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-1
+- Update to nss-3.17.3
+- Resolves: Bug 1171012 - nss-3.17.3 is available
+- Resolves: Bug 994599 - Enable TLS 1.2 by default
+
 * Mon Oct 13 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.2-1
 - Update to nss-3.17.2
 

sources

@@ -8,4 +8,4 @@ f998b70c1be25e8bb9f5fdb5d50eb6f2  TestCA.ca.cert
 1b7b6808cd77d5df29bf5bb9e5fac967  TestUser50.cert
 ab0b56dd505a995425c03e5266f7c8d6  TestUser51.cert
 b8a94e863c852e1f8b75e930e76f8640  nss-pem-20140125.tar.bz2
-d3edb6f6c3688b2fde67ec9c9a8c1214  nss-3.17.2.tar.gz
+fba7489e1b26f2a0bfe5527430fd61e1  nss-3.17.3.tar.gz

tls12.patch

@@ -0,0 +1,36 @@
+# HG changeset patch
+# User Martin Thomson <martin.thomson@gmail.com>
+# Date 1413479112 25200
+#      Thu Oct 16 10:05:12 2014 -0700
+# Node ID f7e1c2c652f4c2522a0a5ec232ecebae1983053d
+# Parent  24852c6f89ea7ed2b8f231320d9a0a03bdd706d4
+Bug 1083900 - Updating default maximum version to 1.2
+
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -85,22 +85,22 @@ static sslOptions ssl_defaults = {
+     PR_FALSE    /* enableFallbackSCSV */
+ };
+ 
+ /*
+  * default range of enabled SSL/TLS protocols
+  */
+ static SSLVersionRange versions_defaults_stream = {
+     SSL_LIBRARY_VERSION_3_0,
+-    SSL_LIBRARY_VERSION_TLS_1_0
++    SSL_LIBRARY_VERSION_TLS_1_2
+ };
+ 
+ static SSLVersionRange versions_defaults_datagram = {
+     SSL_LIBRARY_VERSION_TLS_1_1,
+-    SSL_LIBRARY_VERSION_TLS_1_1
++    SSL_LIBRARY_VERSION_TLS_1_2
+ };
+ 
+ #define VERSIONS_DEFAULTS(variant) \
+     (variant == ssl_variant_stream ? &versions_defaults_stream : \
+                                      &versions_defaults_datagram)
+ 
+ sslSessionIDLookupFunc  ssl_sid_lookup;
+ sslSessionIDCacheFunc   ssl_sid_cache;