- Back out strict SHA-1 signature control because firefox
Addon system is still using sha-1 signatures
This commit is contained in:
Bob Relyea
parent
a4039ab8d2
commit
0d67947dcf
|
|
@ -0,0 +1,22 @@
|
|||
diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c
|
||||
--- a/lib/pk11wrap/pk11pars.c
|
||||
+++ b/lib/pk11wrap/pk11pars.c
|
||||
@@ -325,17 +325,17 @@ static const oidValDef hashOptList[] = {
|
||||
/* Hashes */
|
||||
{ CIPHER_NAME("MD2"), SEC_OID_MD2,
|
||||
NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||
{ CIPHER_NAME("MD4"), SEC_OID_MD4,
|
||||
NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||
{ CIPHER_NAME("MD5"), SEC_OID_MD5,
|
||||
NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||
{ CIPHER_NAME("SHA1"), SEC_OID_SHA1,
|
||||
- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||
+ NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
|
||||
{ CIPHER_NAME("SHA224"), SEC_OID_SHA224,
|
||||
NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||
{ CIPHER_NAME("SHA256"), SEC_OID_SHA256,
|
||||
NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||
{ CIPHER_NAME("SHA384"), SEC_OID_SHA384,
|
||||
NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||
{ CIPHER_NAME("SHA512"), SEC_OID_SHA512,
|
||||
NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }
|
||||
7
nss.spec
7
nss.spec
|
|
@ -44,7 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
|||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: %{nss_version}
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Requires: nspr >= %{nspr_version}
|
||||
|
|
@ -116,6 +116,7 @@ Patch20: nss-gcm-param-default-pkcs11v2.patch
|
|||
Patch30: nss-fedora-btrf-sql-hack.patch
|
||||
# can drop this patch once crypto-policies has been updated
|
||||
Patch31: nss-3.53.1-revert_rhel8_unsafe_policy_change.patch
|
||||
Patch33: nss-fedora-relax-sha1.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
|
@ -906,6 +907,10 @@ update-crypto-policies &> /dev/null || :
|
|||
|
||||
|
||||
%changelog
|
||||
* Tue Dec 15 2020 Bob Relyea <rrelyea@redhat.com> - 3.59.0-3
|
||||
- Back out strict SHA-1 signature control because firefox
|
||||
Addon system is still using sha-1 signatures
|
||||
|
||||
* Fri Dec 11 2020 Bob Relyea <rrelyea@redhat.com> - 3.59.0-2
|
||||
- Work around btrfs/sqlite bug
|
||||
- Disable new policy entries until crypto-polices has been updated
|
||||
|
|
|
|||
Loading…
Reference in New Issue