Update to NSS_3_14_3_RTM

- cherry-pick from master to keep the nss-cbc-random-iv-off-by-by-default patch enabled - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output - Resolves: rhbz#896651 - PEM module trashes private keys if login fails, patch contributed by Nalin Dahyabhai
2013-02-17 20:02:37 -08:00 · 2013-02-17 20:02:37 -08:00 · a7508f6a97
parent 966b5e412f
commit a7508f6a97
1 changed files with 18 additions and 9 deletions
--- a/nss.spec
+++ b/nss.spec
@ -1,7 +1,7 @@
 %global nspr_version 4.9.5
-%global nss_util_version 3.14.2
+%global nss_util_version 3.14.3
 %global nss_softokn_fips_version 3.12.9
-%global nss_softokn_version 3.14.2
+%global nss_softokn_version 3.14.3
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools

 # Define if using a source archive like "nss-version.with.ckbi.version".
@ -10,8 +10,8 @@

 Summary:          Network Security Services
 Name:             nss
-Version:          3.14.2
-Release:          2%{?dist}
+Version:          3.14.3
+Release:          1%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@ -78,7 +78,8 @@ Patch39:          nss-ssl-enforce-no-pkcs11-bypass.path
 Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=835919
 Patch43:          no-softoken-freebl-tests.patch
-Patch44: allow-building-nss-against-older-sqlite.patch
+Patch44:          0001-sync-up-with-upstream-softokn-changes.patch
+Patch45:          Bug-896651-pem-dont-trash-keys-on-failed-login.patch

 %description
 Network Security Services (NSS) is a set of libraries designed to
@ -163,8 +164,8 @@ low level services.
 %patch39 -p1 -b .nobypass
 %patch40 -p1 -b .noocsptest
 %patch43 -p0 -b .nosoftokentests
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=837799
-%patch44 -p0 -b .oldersqlite
+%patch44 -p1 -b .syncupwithupstream
+%patch45 -p0 -b .notrash

 %build

@ -205,7 +206,7 @@ export USE_SYSTEM_FREEBL=1
 NSS_USE_SYSTEM_SQLITE=1
 export NSS_USE_SYSTEM_SQLITE

-%ifarch x86_64 ppc64 ia64 s390x sparc64
+%ifarch x86_64 ppc64 ia64 s390x sparc64 aarch64
 USE_64=1
 export USE_64
 %endif
@ -300,7 +301,7 @@ export FREEBL_NO_DEPEND
 BUILD_OPT=1
 export BUILD_OPT

-%ifarch x86_64 ppc64 ia64 s390x sparc64
+%ifarch x86_64 ppc64 ia64 s390x sparc64 aarch64
 USE_64=1
 export USE_64
 %endif
@ -610,6 +611,14 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h


 %changelog
+* Fri Feb 15 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-1
+- Update to NSS_3_14_3_RTM
+- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
+- Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack
+- Resolves: rhbz#896651 - PEM module trashes private keys if login fails
+- Resolves: rhbz#909775 - specfile support for AArch64
+- Resolves: rhbz#910584 - certutil -a does not produce ASCII output
+
 * Mon Feb 04 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.2-2
 - Allow building nss against older system sqlite