Update to NSS_3_14_3_RTM

- cherry-pick from master to keep the nss-cbc-random-iv-off-by-by-default patch enabled
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails,
  patch contributed by Nalin Dahyabhai
This commit is contained in:
Elio Maldonado 2013-02-17 20:02:37 -08:00
parent 966b5e412f
commit a7508f6a97

View File

@ -1,7 +1,7 @@
%global nspr_version 4.9.5
%global nss_util_version 3.14.2
%global nss_util_version 3.14.3
%global nss_softokn_fips_version 3.12.9
%global nss_softokn_version 3.14.2
%global nss_softokn_version 3.14.3
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
# Define if using a source archive like "nss-version.with.ckbi.version".
@ -10,8 +10,8 @@
Summary: Network Security Services
Name: nss
Version: 3.14.2
Release: 2%{?dist}
Version: 3.14.3
Release: 1%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@ -78,7 +78,8 @@ Patch39: nss-ssl-enforce-no-pkcs11-bypass.path
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=835919
Patch43: no-softoken-freebl-tests.patch
Patch44: allow-building-nss-against-older-sqlite.patch
Patch44: 0001-sync-up-with-upstream-softokn-changes.patch
Patch45: Bug-896651-pem-dont-trash-keys-on-failed-login.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@ -163,8 +164,8 @@ low level services.
%patch39 -p1 -b .nobypass
%patch40 -p1 -b .noocsptest
%patch43 -p0 -b .nosoftokentests
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=837799
%patch44 -p0 -b .oldersqlite
%patch44 -p1 -b .syncupwithupstream
%patch45 -p0 -b .notrash
%build
@ -205,7 +206,7 @@ export USE_SYSTEM_FREEBL=1
NSS_USE_SYSTEM_SQLITE=1
export NSS_USE_SYSTEM_SQLITE
%ifarch x86_64 ppc64 ia64 s390x sparc64
%ifarch x86_64 ppc64 ia64 s390x sparc64 aarch64
USE_64=1
export USE_64
%endif
@ -300,7 +301,7 @@ export FREEBL_NO_DEPEND
BUILD_OPT=1
export BUILD_OPT
%ifarch x86_64 ppc64 ia64 s390x sparc64
%ifarch x86_64 ppc64 ia64 s390x sparc64 aarch64
USE_64=1
export USE_64
%endif
@ -610,6 +611,14 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
* Fri Feb 15 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-1
- Update to NSS_3_14_3_RTM
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output
* Mon Feb 04 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.2-2
- Allow building nss against older system sqlite