From e4dd1babb08337404032029084f624707095b416 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Thu, 1 Nov 2012 11:36:35 -0700 Subject: [PATCH] Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources --- .gitignore | 1 - nss-ssl-cbc-random-iv-off-by-default.patch | 28 +++++++++++----------- nss.spec | 12 ++++++---- 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/.gitignore b/.gitignore index 52bee26..84ffe22 100644 --- a/.gitignore +++ b/.gitignore @@ -5,5 +5,4 @@ blank-cert9.db blank-key4.db PayPalEE.cert /nss-pem-20120811.tar.bz2 -/nss-3.13.6-stripped.tar.bz2 /nss-3.14-stripped.tar.bz2 diff --git a/nss-ssl-cbc-random-iv-off-by-default.patch b/nss-ssl-cbc-random-iv-off-by-default.patch index 28dfa48..04ecf64 100644 --- a/nss-ssl-cbc-random-iv-off-by-default.patch +++ b/nss-ssl-cbc-random-iv-off-by-default.patch @@ -1,25 +1,25 @@ -diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c ---- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible 2012-01-05 13:54:36.430389994 -0800 -+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-01-05 13:55:25.810750394 -0800 -@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = { +diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.770682 ./mozilla/security/nss/lib/ssl/sslsock.c +--- ./mozilla/security/nss/lib/ssl/sslsock.c.770682 2012-11-01 11:10:54.107504267 -0700 ++++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-11-01 11:07:36.758464814 -0700 +@@ -153,7 +153,7 @@ static sslOptions ssl_defaults = { 3, /* enableRenegotiation (default: transitional) */ PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* enableFalseStart */ -- PR_TRUE /* cbcRandomIV */ -+ PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */ +- PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */ ++ PR_TRUE /* cbcRandomIV */ }; - sslSessionIDLookupFunc ssl_sid_lookup; -@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void) + /* +@@ -2833,9 +2833,9 @@ ssl_SetDefaultsFromEnvironment(void) PR_TRUE)); } ev = getenv("NSS_SSL_CBC_RANDOM_IV"); -- if (ev && ev[0] == '0') { -- ssl_defaults.cbcRandomIV = PR_FALSE; -- SSL_TRACE(("SSL: cbcRandomIV set to 0")); -+ if (ev && ev[0] == '1') { -+ ssl_defaults.cbcRandomIV = PR_TRUE; -+ SSL_TRACE(("SSL: cbcRandomIV set to 1")); +- if (ev && ev[0] == '1') { +- ssl_defaults.cbcRandomIV = PR_TRUE; +- SSL_TRACE(("SSL: cbcRandomIV set to 1")); ++ if (ev && ev[0] == '0') { ++ ssl_defaults.cbcRandomIV = PR_FALSE; ++ SSL_TRACE(("SSL: cbcRandomIV set to 0")); } } #endif /* NSS_HAVE_GETENV */ diff --git a/nss.spec b/nss.spec index 754aed0..08ab5a0 100644 --- a/nss.spec +++ b/nss.spec @@ -145,8 +145,8 @@ low level services. %patch18 -p0 -b .646045 # link pem against buildroot's freebl, esential wen mixing and matching %patch25 -p0 -b .systemfreebl -# activate only if requested for this branch -%patch29 -p0 -b .770682 +# activate for stable and beta branches +#%patch29 -p0 -b .770682 %patch40 -p1 -b .noocsptest %build @@ -581,10 +581,12 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog * Thu Nov 01 2012 Elio Maldonado - 3.14-6 -- Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default -- Bug 872124 - nss 3.14 breaks fedpkg new-sources +- Fix a previous unwanted merge from f18 +- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while +- Keeping the patch disabled while we are still in rawhide and +- State in comment that patch is needed for both stable and beta branches +- Update .gitignore to download only the new sources -* Wed Oct 31 2012 Elio Maldonado - 3.14-2 - Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14