Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default
- Update the patch to account for the new sources - Resolves Bug 872124 - nss 3.14 breaks fedpkg new-sources
This commit is contained in:
parent
c061043780
commit
304de980b9
|
@ -1,25 +1,25 @@
|
|||
diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c
|
||||
--- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible 2012-01-05 13:54:36.430389994 -0800
|
||||
+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-01-05 13:55:25.810750394 -0800
|
||||
@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = {
|
||||
diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.770682 ./mozilla/security/nss/lib/ssl/sslsock.c
|
||||
--- ./mozilla/security/nss/lib/ssl/sslsock.c.770682 2012-11-01 11:10:54.107504267 -0700
|
||||
+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-11-01 11:07:36.758464814 -0700
|
||||
@@ -153,7 +153,7 @@ static sslOptions ssl_defaults = {
|
||||
3, /* enableRenegotiation (default: transitional) */
|
||||
PR_FALSE, /* requireSafeNegotiation */
|
||||
PR_FALSE, /* enableFalseStart */
|
||||
- PR_TRUE /* cbcRandomIV */
|
||||
+ PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */
|
||||
- PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */
|
||||
+ PR_TRUE /* cbcRandomIV */
|
||||
};
|
||||
|
||||
sslSessionIDLookupFunc ssl_sid_lookup;
|
||||
@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void)
|
||||
/*
|
||||
@@ -2833,9 +2833,9 @@ ssl_SetDefaultsFromEnvironment(void)
|
||||
PR_TRUE));
|
||||
}
|
||||
ev = getenv("NSS_SSL_CBC_RANDOM_IV");
|
||||
- if (ev && ev[0] == '0') {
|
||||
- ssl_defaults.cbcRandomIV = PR_FALSE;
|
||||
- SSL_TRACE(("SSL: cbcRandomIV set to 0"));
|
||||
+ if (ev && ev[0] == '1') {
|
||||
+ ssl_defaults.cbcRandomIV = PR_TRUE;
|
||||
+ SSL_TRACE(("SSL: cbcRandomIV set to 1"));
|
||||
- if (ev && ev[0] == '1') {
|
||||
- ssl_defaults.cbcRandomIV = PR_TRUE;
|
||||
- SSL_TRACE(("SSL: cbcRandomIV set to 1"));
|
||||
+ if (ev && ev[0] == '0') {
|
||||
+ ssl_defaults.cbcRandomIV = PR_FALSE;
|
||||
+ SSL_TRACE(("SSL: cbcRandomIV set to 0"));
|
||||
}
|
||||
}
|
||||
#endif /* NSS_HAVE_GETENV */
|
||||
|
|
5
nss.spec
5
nss.spec
|
@ -146,7 +146,7 @@ low level services.
|
|||
# link pem against buildroot's freebl, esential wen mixing and matching
|
||||
%patch25 -p0 -b .systemfreebl
|
||||
# activate for stable and beta branches
|
||||
%patch29 -p0 -b .770682
|
||||
#%patch29 -p0 -b .770682
|
||||
%patch40 -p1 -b .noocsptest
|
||||
|
||||
%build
|
||||
|
@ -582,7 +582,8 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
|||
%changelog
|
||||
* Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-6
|
||||
- Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default
|
||||
- Bug 872124 - nss 3.14 breaks fedpkg new-sources
|
||||
- Update the patch to account for the new sources
|
||||
- Resolves Bug 872124 - nss 3.14 breaks fedpkg new-sources
|
||||
|
||||
* Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-2
|
||||
- Fix the spec file so sechash.h gets installed
|
||||
|
|
Loading…
Reference in New Issue