rpms/nss
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disable application of the nss-ssl-cbc-random-iv-off-by-default.patch

Browse Source 
- Resolves: rhbz#1020420 - Turn on the fix for BEAST by default [CVE-2011-3389]
This commit is contained in:
Elio Maldonado 2013-10-18 11:58:26 -07:00
parent bf043713d1
commit 1bb4981176
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nss.spec
View File

@ -20,7 +20,7 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.15.2 Version: 3.15.2
Release: 1%{?dist} Release: 2%{?dist}
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -93,7 +93,7 @@ Patch18: nss-646045.patch
# Needed only when freebl on tree has new APIS # Needed only when freebl on tree has new APIS
Patch25: nsspem-use-system-freebl.patch Patch25: nsspem-use-system-freebl.patch
# This patch is currently meant for stable branches # This patch is currently meant for stable branches
Patch29: nss-ssl-cbc-random-iv-off-by-default.patch # Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
# Prevent users from trying to enable ssl pkcs11 bypass # Prevent users from trying to enable ssl pkcs11 bypass
# Patch39: nss-ssl-enforce-no-pkcs11-bypass.path # Patch39: nss-ssl-enforce-no-pkcs11-bypass.path
# TODO: Remove this patch when the ocsp test are fixed # TODO: Remove this patch when the ocsp test are fixed
@ -105,7 +105,7 @@ Patch45: Bug-896651-pem-dont-trash-keys-on-failed-login.patch
Patch46: disable-ocsp-stapling-tests.patch Patch46: disable-ocsp-stapling-tests.patch
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator # Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
Patch47: utilwrap-include-templates.patch Patch47: utilwrap-include-templates.patch
# TODO submit this patch upstream # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=902171
Patch48: nss-versus-softoken-tests.patch Patch48: nss-versus-softoken-tests.patch
# TODO remove when we switch to building nss without softoken # TODO remove when we switch to building nss without softoken
Patch49: nss-skip-bltest-and-fipstest.patch Patch49: nss-skip-bltest-and-fipstest.patch
@ -193,8 +193,8 @@ low level services.
%patch18 -p0 -b .646045 %patch18 -p0 -b .646045
# link pem against buildroot's freebl, essential when mixing and matching # link pem against buildroot's freebl, essential when mixing and matching
%patch25 -p0 -b .systemfreebl %patch25 -p0 -b .systemfreebl
# activate for stable and beta branches # activate for stable and beta branches, disabled for f20
%patch29 -p0 -b .cbcrandomivoff # %%patch29 -p0 -b .cbcrandomivoff
# %%patch39 -p0 -b .nobypass # %%patch39 -p0 -b .nobypass
%patch40 -p0 -b .noocsptest %patch40 -p0 -b .noocsptest
%patch44 -p1 -b .syncupwithupstream %patch44 -p1 -b .syncupwithupstream
@ -755,6 +755,10 @@ fi
%changelog %changelog
* Fri Oct 18 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-2
- Disable the nss-ssl-cbc-random-iv-off-by-default.patch
- Resolves: rhbz#1020420 - Turn on the fix for BEAST by default [CVE-2011-3389]
* Thu Sep 26 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-1 * Thu Sep 26 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-1
- Update to NSS_3_15_2_RTM - Update to NSS_3_15_2_RTM
- Update iquote.patch on account of modified prototype on cert.h installed by nss-devel - Update iquote.patch on account of modified prototype on cert.h installed by nss-devel