diff --git a/manpages-fixes.patch b/manpages-fixes.patch deleted file mode 100644 index dd419b9..0000000 --- a/manpages-fixes.patch +++ /dev/null @@ -1,209 +0,0 @@ -diff --git a/doc/certutil.xml b/doc/certutil.xml ---- a/doc/certutil.xml -+++ b/doc/certutil.xml -@@ -634,16 +634,37 @@ of the attribute codes: - - - - --extSKID - Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280. - - - -+ --extNC -+ Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280. -+ -+ -+ -+ --keyAttrFlags attrflags -+ -+PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable} -+ -+ -+ -+ --keyFlagsOn opflags -+ --keyFlagsOff opflags -+ -+PKCS #11 key Operation Flags. -+Comma separated list of one or more of the following: -+{token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable} -+ -+ -+ -+ - --source-dir certdir - Identify the certificate database directory to upgrade. - - - - --source-prefix certdir - Give the prefix of the certificate and key databases to upgrade. - -@@ -795,17 +816,17 @@ JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0C - XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk - 0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB - AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B - AQUFAAOBgQA6chkzkACN281d1jKMrc+RHG2UMaQyxiteaLVZO+Ro1nnRUvseDf09 - XKYFwPMJjWCihVku6bw/ihZfuMHhxK22Nue6inNQ6eDu7WmrqL8z3iUrQwxs+WiF - ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qxKaIHU5q49zijfg== - -----END CERTIFICATE----- - --For a humam-readable display -+For a human-readable display - $ certutil -L -d sql:$HOME/nssdb -n my-ca-cert - Certificate: - Data: - Version: 3 (0x2) - Serial Number: 3650 (0xe42) - Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption - Issuer: "CN=Example CA" - Validity: -diff --git a/doc/cmsutil.xml b/doc/cmsutil.xml ---- a/doc/cmsutil.xml -+++ b/doc/cmsutil.xml -@@ -84,19 +84,26 @@ The options and arguments for the cmsuti - - -S - Sign a message. - - - - - Arguments -- Option arguments modify an action and are lowercase. -+ Option arguments modify an action. - - -+ -b -+ -+ Decode a batch of files named in infile. -+ -+ -+ -+ - -c content - - Use this detached content (decode only). - - - - - -d dbdir -@@ -108,37 +115,58 @@ The options and arguments for the cmsuti - - -e envfile - - Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only). - - - - -+ -f pwfile -+ -+ Use password file to set password on all PKCS#11 tokens. -+ -+ -+ -+ - -G - - Include a signing time attribute (sign only). - - -- -+ -+ -+ -H hash -+ -+ Use specified hash algorithm (default:SHA1). -+ -+ -+ - - -h num - - Generate email headers with info about CMS message (decode only). - - - - - -i infile - - Use infile as a source of data (default is stdin). - - - - -+ -k -+ -+ Keep decoded encryption certs in permanent cert db. -+ -+ -+ -+ - -N nickname - - Specify nickname of certificate to sign with (sign only). - - - - - -n -@@ -188,16 +216,23 @@ For certificates-only message, list of c - - -u certusage - - Set type of cert usage (default is certUsageEmailSigner). - - - - -+ -v -+ -+ Print debugging information. -+ -+ -+ -+ - -Y ekprefnick - - Specify an encryption key preference by nickname. - - - - - -diff --git a/doc/crlutil.xml b/doc/crlutil.xml ---- a/doc/crlutil.xml -+++ b/doc/crlutil.xml -@@ -261,16 +261,30 @@ Specify type of CRL. possible types are: - -u url - - - Specify the url. - - - - -+ -+ -w pwd-string -+ -+ Provide db password in command line. -+ -+ -+ -+ -+ -Z algorithm -+ -+ Specify the hash algorithm to use for signing the CRL. -+ -+ -+ - - - - - CRL Generation script syntax - CRL generation script file has the following syntax: - - * Line with comments should have # as a first symbol of a line diff --git a/nss-ssl-cbc-random-iv-off-by-default.patch b/nss-ssl-cbc-random-iv-off-by-default.patch deleted file mode 100644 index fd0988e..0000000 --- a/nss-ssl-cbc-random-iv-off-by-default.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff -up nss/lib/ssl/sslsock.c.cbcrandomivoff nss/lib/ssl/sslsock.c ---- nss/lib/ssl/sslsock.c.cbcrandomivoff 2013-05-30 22:20:52.181292812 -0700 -+++ nss/lib/ssl/sslsock.c 2013-05-30 22:20:52.194292913 -0700 -@@ -152,7 +152,7 @@ static sslOptions ssl_defaults = { - 3, /* enableRenegotiation (default: transitional) */ - PR_FALSE, /* requireSafeNegotiation */ - PR_FALSE, /* enableFalseStart */ -- PR_TRUE, /* cbcRandomIV */ -+ PR_FALSE, /* cbcRandomIV */ /* defaults to off for compatibility */ - PR_FALSE /* enableOCSPStapling */ - }; - -@@ -2906,9 +2906,9 @@ ssl_SetDefaultsFromEnvironment(void) - PR_TRUE)); - } - ev = getenv("NSS_SSL_CBC_RANDOM_IV"); -- if (ev && ev[0] == '0') { -- ssl_defaults.cbcRandomIV = PR_FALSE; -- SSL_TRACE(("SSL: cbcRandomIV set to 0")); -+ if (ev && ev[0] == '1') { -+ ssl_defaults.cbcRandomIV = PR_TRUE; -+ SSL_TRACE(("SSL: cbcRandomIV set to 1")); - } - } - #endif /* NSS_HAVE_GETENV */