Chery-pick merge branch 'f23' into f22
This commit is contained in:
commit
9588d80ea9
|
@ -1,2 +0,0 @@
|
|||
Dummy source file that we by uploading it lets us verify that nss builds
|
||||
do not cause the 'fedpkg upload' or 'fedpg new-sources' commands to hang.
|
|
@ -1,16 +0,0 @@
|
|||
diff -up nss/lib/ssl/sslsock.c.nobypass nss/lib/ssl/sslsock.c
|
||||
--- nss/lib/ssl/sslsock.c.nobypass 2013-05-30 22:23:37.305583715 -0700
|
||||
+++ nss/lib/ssl/sslsock.c 2013-05-30 22:23:37.311583762 -0700
|
||||
@@ -553,8 +553,10 @@ static PRStatus SSL_BypassRegisterShutdo
|
||||
static PRStatus SSL_BypassSetup(void)
|
||||
{
|
||||
#ifdef NO_PKCS11_BYPASS
|
||||
- /* Guarantee binary compatibility */
|
||||
- return PR_SUCCESS;
|
||||
+ /* No need in our case to guarantee binary compatibility and
|
||||
+ * we can safely return failure as we have never supported it
|
||||
+ */
|
||||
+ return PR_FAILURE;
|
||||
#else
|
||||
return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown);
|
||||
#endif
|
12
nss.spec
12
nss.spec
|
@ -21,7 +21,7 @@ Name: nss
|
|||
Version: 3.20.0
|
||||
# for Rawhide, please always use release >= 2
|
||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||
Release: 1.1%{?dist}
|
||||
Release: 1.2%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
|
@ -96,8 +96,10 @@ Patch55: skip_stress_TLS_RC4_128_with_MD5.patch
|
|||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1009429
|
||||
# See https://hg.mozilla.org/projects/nss/raw-rev/dc7bb2f8cc50
|
||||
Patch56: ocsp_stapling_sslauth_sni_tests_client_side_fixes.patch
|
||||
# TODO: File a bug usptream
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1205688
|
||||
Patch57: rhbz1185708-enable-ecc-ciphers-by-default.patch
|
||||
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
||||
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
@ -190,6 +192,7 @@ popd
|
|||
pushd nss
|
||||
%patch57 -p1 -b .1185708
|
||||
popd
|
||||
%patch58 -p0 -b .1185708_3des
|
||||
|
||||
#########################################################
|
||||
# Higher-level libraries and test tools need access to
|
||||
|
@ -803,6 +806,11 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Oct 05 2015 Elio Maldonado <emaldona@redhat.com> - 3.20.0-1.2
|
||||
- Enable ECC cipher-suites by default [hrbz#1185708]
|
||||
- Split the enabling patch in two for easier maintenance
|
||||
- Remove unused patches
|
||||
|
||||
* Thu Sep 17 2015 Elio Maldonado <emaldona@redhat.com> - 3.20.0-1.1
|
||||
- Enable ECC cipher-suites by default [rhbz#1185708]
|
||||
- Fix patches that disable ssl2 and export cipher suites support [rhbz#1263005]
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
diff -up ./nss/lib/ssl/ssl3con.c.1185708_3des ./nss/lib/ssl/ssl3con.c
|
||||
--- ./nss/lib/ssl/ssl3con.c.1185708_3des 2015-09-29 16:24:18.717593591 -0700
|
||||
+++ ./nss/lib/ssl/ssl3con.c 2015-09-29 16:25:22.672879926 -0700
|
||||
@@ -101,8 +101,8 @@ static ssl3CipherSuiteCfg cipherSuites[s
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
#endif /* NSS_DISABLE_ECC */
|
|
@ -1,7 +1,7 @@
|
|||
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
||||
--- a/lib/ssl/ssl3con.c
|
||||
+++ b/lib/ssl/ssl3con.c
|
||||
@@ -85,29 +85,29 @@ static SECStatus ssl3_AESGCMBypass(ssl3K
|
||||
@@ -85,27 +85,27 @@ static SECStatus ssl3_AESGCMBypass(ssl3K
|
||||
*
|
||||
* Important: See bug 946147 before enabling, reordering, or adding any cipher
|
||||
* suites to this list.
|
||||
|
@ -23,16 +23,14 @@ diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|||
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
|
Loading…
Reference in New Issue