From 535c4fae518257015d54fd752b38fce9b3245ce8 Mon Sep 17 00:00:00 2001 From: Bob Relyea Date: Tue, 23 Feb 2021 14:19:08 -0800 Subject: [PATCH] Rebase to nss 3.62.0 --- .gitignore | 1 + nss-turn-off-expired-ocsp-cert.patch | 19 ------------------- nss.spec | 8 +++++--- sources | 2 +- 4 files changed, 7 insertions(+), 23 deletions(-) delete mode 100644 nss-turn-off-expired-ocsp-cert.patch diff --git a/.gitignore b/.gitignore index 21717ea..ac162b5 100644 --- a/.gitignore +++ b/.gitignore @@ -58,3 +58,4 @@ TestUser51.cert /nspr-4.29.tar.gz /nss-3.59.tar.gz /nss-3.60.1.tar.gz +/nss-3.62.tar.gz diff --git a/nss-turn-off-expired-ocsp-cert.patch b/nss-turn-off-expired-ocsp-cert.patch deleted file mode 100644 index dfbbb50..0000000 --- a/nss-turn-off-expired-ocsp-cert.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff --git a/tests/chains/scenarios/nameconstraints.cfg b/tests/chains/scenarios/nameconstraints.cfg ---- a/tests/chains/scenarios/nameconstraints.cfg -+++ b/tests/chains/scenarios/nameconstraints.cfg -@@ -159,12 +159,12 @@ verify NameConstraints.dcissblocked:x - verify NameConstraints.dcissallowed:x - result pass - - # Subject: "O = IPA.LOCAL 201901211552, CN = OCSP Subsystem" - # - # This tests that a non server certificate (i.e. id-kp-serverAuth - # not present in EKU) does *NOT* have CN treated as dnsName for - # purposes of Name Constraints validation --verify NameConstraints.ocsp1:x -- usage 10 -- result pass -+#verify NameConstraints.ocsp1:x -+# usage 10 -+# result pass - diff --git a/nss.spec b/nss.spec index 920f527..ccc49ec 100644 --- a/nss.spec +++ b/nss.spec @@ -3,7 +3,7 @@ # - reset %%{nspr_release} to 1, when updating %%{nspr_version} # - increment %%{nspr_version}, when updating the NSS part only %global nspr_release 12 -%global nss_version 3.60.1 +%global nss_version 3.62.0 # only need to update this as we added new # algorithms under nss policy control %global crypto_policies_version 20210118 @@ -56,7 +56,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM", Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 5%{?dist} +Release: 1%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Requires: nspr >= %{nspr_version} @@ -122,7 +122,6 @@ Patch2: nss-539183.patch # but it doesn't hurt to keep it. Patch4: iquote.patch Patch12: nss-signtool-format.patch -Patch13: nss-turn-off-expired-ocsp-cert.patch %if 0%{?fedora} < 34 %if 0%{?rhel} < 9 Patch20: nss-gcm-param-default-pkcs11v2.patch @@ -1053,6 +1052,9 @@ update-crypto-policies &> /dev/null || : %changelog +* Tue Feb 23 2021 Bob Relyea - 3.62.0-1 +- Update to 3.62 + * Mon Feb 01 2021 Kalev Lember - 3.60.1-5 - Rebuild to fix broken nspr dependencies diff --git a/sources b/sources index d49f4c8..e9d5d6a 100644 --- a/sources +++ b/sources @@ -4,4 +4,4 @@ SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60b SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310 SHA512 (nspr-4.29.tar.gz) = ba5ac275fe0beb69d7a7674c9ee9e4429bd5761daed285edd975ccc829af30d062bf4a0f5e44361e3bd191f21b1905f96ab146d53b55324020f13ecb3c05609b -SHA512 (nss-3.60.1.tar.gz) = ba398ddad6f90f3562a041b7fd5fc7b72eb20961cc5c1f4890c3b0d95d438404b26ae6feb54cb8c650707134479a915e1f522f0e9257bc2ede053dd0811156d5 +SHA512 (nss-3.62.tar.gz) = 7044008ea8e5d6f658da96e202a896e24a1ffa29d7ca862f32ed37cfa09adf8c2d5fbc371e3af6bc5151b2d1216c38207976b41888d5ad8efd4dc3049cb5831d